{"id":"https://openalex.org/W1994747466","doi":"https://doi.org/10.1109/crisis.2012.6378949","title":"Evasion-resistant malware signature based on profiling kernel data structure objects","display_name":"Evasion-resistant malware signature based on profiling kernel data structure objects","publication_year":2012,"publication_date":"2012-10-01","ids":{"openalex":"https://openalex.org/W1994747466","doi":"https://doi.org/10.1109/crisis.2012.6378949","mag":"1994747466"},"language":"en","primary_location":{"id":"doi:10.1109/crisis.2012.6378949","is_oa":false,"landing_page_url":"https://doi.org/10.1109/crisis.2012.6378949","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5088653270","display_name":"Ahmed F. Shosha","orcid":null},"institutions":[{"id":"https://openalex.org/I100930933","display_name":"University College Dublin","ror":"https://ror.org/05m7pjf47","country_code":"IE","type":"education","lineage":["https://openalex.org/I100930933"]}],"countries":["IE"],"is_corresponding":true,"raw_author_name":"Ahmed F. Shosha","raw_affiliation_strings":["School of Computer Science and Informatics, University College Dublin","School of Computer Science and Informatics, School of Electrical, Electronics and Communication Engineering., University College Dublin#TAB#"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Informatics, University College Dublin","institution_ids":["https://openalex.org/I100930933"]},{"raw_affiliation_string":"School of Computer Science and Informatics, School of Electrical, Electronics and Communication Engineering., University College Dublin#TAB#","institution_ids":["https://openalex.org/I100930933"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5002375301","display_name":"Chen\u2010Ching Liu","orcid":"https://orcid.org/0000-0002-8941-7958"},"institutions":[{"id":"https://openalex.org/I100930933","display_name":"University College Dublin","ror":"https://ror.org/05m7pjf47","country_code":"IE","type":"education","lineage":["https://openalex.org/I100930933"]}],"countries":["IE"],"is_corresponding":false,"raw_author_name":"Chen-Ching Liu","raw_affiliation_strings":["School of Computer Science and Informatics, University College Dublin","Avira Research Department, Avira Operations GmbH& Co. KG"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Informatics, University College Dublin","institution_ids":["https://openalex.org/I100930933"]},{"raw_affiliation_string":"Avira Research Department, Avira Operations GmbH& Co. KG","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052351535","display_name":"Pavel Gladyshev","orcid":"https://orcid.org/0000-0002-7449-4475"},"institutions":[{"id":"https://openalex.org/I100930933","display_name":"University College Dublin","ror":"https://ror.org/05m7pjf47","country_code":"IE","type":"education","lineage":["https://openalex.org/I100930933"]}],"countries":["IE"],"is_corresponding":false,"raw_author_name":"Pavel Gladyshev","raw_affiliation_strings":["School of Computer Science and Informatics, University College Dublin","School of Computer Science and Informatics, School of Electrical, Electronics and Communication Engineering., University College Dublin#TAB#"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Informatics, University College Dublin","institution_ids":["https://openalex.org/I100930933"]},{"raw_affiliation_string":"School of Computer Science and Informatics, School of Electrical, Electronics and Communication Engineering., University College Dublin#TAB#","institution_ids":["https://openalex.org/I100930933"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5028412301","display_name":"Marcus Matten","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Marcus Matten","raw_affiliation_strings":["Avira Research Department, Avira Operations GmbH& Co. KG"],"affiliations":[{"raw_affiliation_string":"Avira Research Department, Avira Operations GmbH& Co. KG","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5088653270"],"corresponding_institution_ids":["https://openalex.org/I100930933"],"apc_list":null,"apc_paid":null,"fwci":1.4864,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.84951671,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"8"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9976999759674072,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9975000023841858,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8998386859893799},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.864474356174469},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.8572565317153931},{"id":"https://openalex.org/keywords/signature","display_name":"Signature (topology)","score":0.6567320227622986},{"id":"https://openalex.org/keywords/cryptovirology","display_name":"Cryptovirology","score":0.6532880067825317},{"id":"https://openalex.org/keywords/evasion","display_name":"Evasion (ethics)","score":0.6046813726425171},{"id":"https://openalex.org/keywords/rootkit","display_name":"Rootkit","score":0.6009899377822876},{"id":"https://openalex.org/keywords/taint-checking","display_name":"Taint checking","score":0.5259994268417358},{"id":"https://openalex.org/keywords/reverse-engineering","display_name":"Reverse engineering","score":0.4622627794742584},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.4358445405960083},{"id":"https://openalex.org/keywords/syntax","display_name":"Syntax","score":0.4299502968788147},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.4284311830997467},{"id":"https://openalex.org/keywords/profiling","display_name":"Profiling (computer programming)","score":0.4112085700035095},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.385530561208725},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.27495843172073364},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.21663817763328552},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.2043580412864685}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8998386859893799},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.864474356174469},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.8572565317153931},{"id":"https://openalex.org/C2779696439","wikidata":"https://www.wikidata.org/wiki/Q7512811","display_name":"Signature (topology)","level":2,"score":0.6567320227622986},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.6532880067825317},{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.6046813726425171},{"id":"https://openalex.org/C10144332","wikidata":"https://www.wikidata.org/wiki/Q14645","display_name":"Rootkit","level":3,"score":0.6009899377822876},{"id":"https://openalex.org/C63116202","wikidata":"https://www.wikidata.org/wiki/Q7676227","display_name":"Taint checking","level":3,"score":0.5259994268417358},{"id":"https://openalex.org/C207850805","wikidata":"https://www.wikidata.org/wiki/Q269608","display_name":"Reverse engineering","level":2,"score":0.4622627794742584},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.4358445405960083},{"id":"https://openalex.org/C60048249","wikidata":"https://www.wikidata.org/wiki/Q37437","display_name":"Syntax","level":2,"score":0.4299502968788147},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.4284311830997467},{"id":"https://openalex.org/C187191949","wikidata":"https://www.wikidata.org/wiki/Q1138496","display_name":"Profiling (computer programming)","level":2,"score":0.4112085700035095},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.385530561208725},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.27495843172073364},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.21663817763328552},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.2043580412864685},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C203014093","wikidata":"https://www.wikidata.org/wiki/Q101929","display_name":"Immunology","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C8891405","wikidata":"https://www.wikidata.org/wiki/Q1059","display_name":"Immune system","level":2,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/crisis.2012.6378949","is_oa":false,"landing_page_url":"https://doi.org/10.1109/crisis.2012.6378949","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS)","raw_type":"proceedings-article"},{"id":"pmh:oai:ulir.ul.ie:10344/2899","is_oa":false,"landing_page_url":"http://hdl.handle.net/10344/2899","pdf_url":null,"source":{"id":"https://openalex.org/S4306401530","display_name":"University of Limerick Institutional Repository (University of Limerick)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I230495080","host_organization_name":"University of Limerick","host_organization_lineage":["https://openalex.org/I230495080"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":"","raw_type":"info:eu-repo/semantics/conferenceObject"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.716.2376","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.716.2376","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://digitalfire.ucd.ie/wp-content/uploads/2012/09/Evasion-Resistance-Signature.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.4300000071525574,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":41,"referenced_works":["https://openalex.org/W109909280","https://openalex.org/W143519483","https://openalex.org/W167488929","https://openalex.org/W1492832459","https://openalex.org/W1508225132","https://openalex.org/W1522250664","https://openalex.org/W1529311848","https://openalex.org/W1775664482","https://openalex.org/W1956767865","https://openalex.org/W1981984793","https://openalex.org/W1983119041","https://openalex.org/W1984350393","https://openalex.org/W1989086707","https://openalex.org/W2010910232","https://openalex.org/W2024170198","https://openalex.org/W2065566278","https://openalex.org/W2066220442","https://openalex.org/W2089560940","https://openalex.org/W2102970979","https://openalex.org/W2110908283","https://openalex.org/W2111038628","https://openalex.org/W2117030266","https://openalex.org/W2140678915","https://openalex.org/W2140807364","https://openalex.org/W2140908857","https://openalex.org/W2151135920","https://openalex.org/W2163292449","https://openalex.org/W2169685348","https://openalex.org/W2613827243","https://openalex.org/W4249175590","https://openalex.org/W6604490274","https://openalex.org/W6605901207","https://openalex.org/W6606761936","https://openalex.org/W6630448420","https://openalex.org/W6631155369","https://openalex.org/W6631540460","https://openalex.org/W6638042660","https://openalex.org/W6640826072","https://openalex.org/W6672825733","https://openalex.org/W6675416627","https://openalex.org/W6922295283"],"related_works":["https://openalex.org/W2150020069","https://openalex.org/W2913519194","https://openalex.org/W2900526031","https://openalex.org/W4362634109","https://openalex.org/W2055981842","https://openalex.org/W2793135307","https://openalex.org/W3134235726","https://openalex.org/W2906395579","https://openalex.org/W128871440","https://openalex.org/W2138040966"],"abstract_inverted_index":{"Malware":[0],"authors":[1],"attempt":[2],"in":[3,105,146,190,208],"an":[4,63,136,210],"endless":[5],"effort":[6],"to":[7,11,40,61,100,171,217],"find":[8],"new":[9],"methods":[10,102],"evade":[12],"the":[13,21,28,35,41,50,72,112,115,167,173,177,183,196],"malware":[14,65,160,197],"detection":[15],"engines.":[16],"A":[17],"popular":[18],"method":[19],"is":[20,69,97,125,150,186],"use":[22],"of":[23,30,43,114,129,176],"obfuscation":[24,101,204],"technologies":[25],"that":[26,45,141,162,182,194,213],"change":[27],"syntax":[29,87],"malicious":[31,85,107,220],"code":[32,51,86,90,108],"while":[33],"preserving":[34],"execution":[36,74,91,211],"semantics.":[37],"This":[38,67,148],"leads":[39],"evasion":[42],"signatures":[44,130],"are":[46],"built":[47],"based":[48,70],"on":[49,71],"syntax.":[52],"In":[53,156],"this":[54],"paper,":[55],"we":[56],"propose":[57],"a":[58,118,192],"novel":[59],"approach":[60,185],"develop":[62],"evasion-resistant":[64],"signature.":[66],"signature":[68,96,120,193],"malware's":[73],"profiles":[75,212],"extracted":[76],"from":[77],"kernel":[78],"data":[79],"structure":[80],"objects":[81],"and":[82,103,198,201],"neither":[83],"uses":[84],"specific":[88],"information":[89],"flow":[92],"information.":[93],"Thus,":[94],"proposed":[95,116,184],"more":[98],"resistant":[99],"resilient":[104],"detecting":[106],"variants.":[109],"To":[110],"evaluate":[111],"effectiveness":[113,128],"approach,":[117],"prototype":[119],"generation":[121],"tool":[122,140],"called":[123],"SigGENE":[124,133],"developed.":[126],"The":[127,179],"generated":[131],"by":[132],"evaluated":[134],"using":[135,152],"experimental":[137],"root":[138],"kit-simulation":[139],"employs":[142],"techniques":[143],"commonly":[144],"found":[145],"rootkits.":[147],"simulationtool":[149],"obfuscated":[151],"several":[153],"different":[154,164,203,219],"methods.":[155],"further":[157],"experiments,":[158],"real-world":[159,174],"samples":[161],"have":[163],"variants":[165,200],"with":[166],"same":[168],"behavior":[169],"used":[170,216],"verify":[172],"applicability":[175],"approach.":[178],"experiments":[180],"show":[181],"effective,":[187],"not":[188],"only":[189],"generating":[191],"detects":[195],"its":[199],"defeats":[202],"methods,":[205],"but":[206],"also,":[207],"producing":[209],"can":[214],"be":[215],"characterize":[218],"attacks.":[221]},"counts_by_year":[{"year":2021,"cited_by_count":1},{"year":2018,"cited_by_count":2},{"year":2016,"cited_by_count":1},{"year":2015,"cited_by_count":2},{"year":2014,"cited_by_count":3},{"year":2013,"cited_by_count":1}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}