{"id":"https://openalex.org/W2164777238","doi":"https://doi.org/10.1109/icc.2009.5199134","title":"Lightweight Static Analysis to Detect Polymorphic Exploit Code with Static Analysis Resistant Technique","display_name":"Lightweight Static Analysis to Detect Polymorphic Exploit Code with Static Analysis Resistant Technique","publication_year":2009,"publication_date":"2009-06-01","ids":{"openalex":"https://openalex.org/W2164777238","doi":"https://doi.org/10.1109/icc.2009.5199134","mag":"2164777238"},"language":"en","primary_location":{"id":"doi:10.1109/icc.2009.5199134","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icc.2009.5199134","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2009 IEEE International Conference on Communications","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100444295","display_name":"Dongho Kim","orcid":"https://orcid.org/0000-0002-7861-4286"},"institutions":[{"id":"https://openalex.org/I142401562","display_name":"Electronics and Telecommunications Research Institute","ror":"https://ror.org/03ysstz10","country_code":"KR","type":"facility","lineage":["https://openalex.org/I142401562","https://openalex.org/I2801339556","https://openalex.org/I4210144908","https://openalex.org/I4387152098"]}],"countries":["KR"],"is_corresponding":true,"raw_author_name":"D. Kim","raw_affiliation_strings":["Information Security Research Division, Electronics and Telecommunications Research Institute, South Korea"],"affiliations":[{"raw_affiliation_string":"Information Security Research Division, Electronics and Telecommunications Research Institute, South Korea","institution_ids":["https://openalex.org/I142401562"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084175410","display_name":"I. Kim","orcid":null},"institutions":[{"id":"https://openalex.org/I142401562","display_name":"Electronics and Telecommunications Research Institute","ror":"https://ror.org/03ysstz10","country_code":"KR","type":"facility","lineage":["https://openalex.org/I142401562","https://openalex.org/I2801339556","https://openalex.org/I4210144908","https://openalex.org/I4387152098"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"I. Kim","raw_affiliation_strings":["Information Security Research Division, Electronics and Telecommunications Research Institute, South Korea"],"affiliations":[{"raw_affiliation_string":"Information Security Research Division, Electronics and Telecommunications Research Institute, South Korea","institution_ids":["https://openalex.org/I142401562"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101629118","display_name":"Jintae Oh","orcid":"https://orcid.org/0000-0002-4372-0943"},"institutions":[{"id":"https://openalex.org/I142401562","display_name":"Electronics and Telecommunications Research Institute","ror":"https://ror.org/03ysstz10","country_code":"KR","type":"facility","lineage":["https://openalex.org/I142401562","https://openalex.org/I2801339556","https://openalex.org/I4210144908","https://openalex.org/I4387152098"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"J. Oh","raw_affiliation_strings":["Information Security Research Division, Electronics and Telecommunications Research Institute, South Korea"],"affiliations":[{"raw_affiliation_string":"Information Security Research Division, Electronics and Telecommunications Research Institute, South Korea","institution_ids":["https://openalex.org/I142401562"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5055250606","display_name":"H. Cho","orcid":null},"institutions":[{"id":"https://openalex.org/I142401562","display_name":"Electronics and Telecommunications Research Institute","ror":"https://ror.org/03ysstz10","country_code":"KR","type":"facility","lineage":["https://openalex.org/I142401562","https://openalex.org/I2801339556","https://openalex.org/I4210144908","https://openalex.org/I4387152098"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"H. Cho","raw_affiliation_strings":["Information Security Research Division, Electronics and Telecommunications Research Institute, South Korea"],"affiliations":[{"raw_affiliation_string":"Information Security Research Division, Electronics and Telecommunications Research Institute, South Korea","institution_ids":["https://openalex.org/I142401562"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5100444295"],"corresponding_institution_ids":["https://openalex.org/I142401562"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.21995336,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"11","issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9944999814033508,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.970760703086853},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7990888953208923},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.6071426272392273},{"id":"https://openalex.org/keywords/emulation","display_name":"Emulation","score":0.5320841670036316},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.45804283022880554},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.44942498207092285},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.19553467631340027},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.17546036839485168},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.15938177704811096}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.970760703086853},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7990888953208923},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.6071426272392273},{"id":"https://openalex.org/C149810388","wikidata":"https://www.wikidata.org/wiki/Q5374873","display_name":"Emulation","level":2,"score":0.5320841670036316},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.45804283022880554},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.44942498207092285},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.19553467631340027},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.17546036839485168},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.15938177704811096},{"id":"https://openalex.org/C50522688","wikidata":"https://www.wikidata.org/wiki/Q189833","display_name":"Economic growth","level":1,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icc.2009.5199134","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icc.2009.5199134","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2009 IEEE International Conference on Communications","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":28,"referenced_works":["https://openalex.org/W88694106","https://openalex.org/W1485086418","https://openalex.org/W1525958661","https://openalex.org/W1571916075","https://openalex.org/W1580559113","https://openalex.org/W1587340728","https://openalex.org/W1591237315","https://openalex.org/W1594536929","https://openalex.org/W1597305440","https://openalex.org/W1671661096","https://openalex.org/W2010440413","https://openalex.org/W2034346354","https://openalex.org/W2035247360","https://openalex.org/W2116065364","https://openalex.org/W2137786570","https://openalex.org/W2146211060","https://openalex.org/W2153649523","https://openalex.org/W2157153057","https://openalex.org/W4285719527","https://openalex.org/W6603729080","https://openalex.org/W6631638595","https://openalex.org/W6634220021","https://openalex.org/W6635242490","https://openalex.org/W6635716266","https://openalex.org/W6637171010","https://openalex.org/W6653020296","https://openalex.org/W6681652963","https://openalex.org/W6683360394"],"related_works":["https://openalex.org/W4224216661","https://openalex.org/W3210347767","https://openalex.org/W2154523322","https://openalex.org/W2083200807","https://openalex.org/W3207760230","https://openalex.org/W1496222301","https://openalex.org/W98994209","https://openalex.org/W4387947354","https://openalex.org/W3037087970","https://openalex.org/W2132874238"],"abstract_inverted_index":{"The":[0,145],"general":[1],"method":[2,102,147,168,189],"in":[3,62,80,190],"which":[4],"attackers":[5],"obtain":[6],"the":[7,11,16,25,36,41,63,87,105,117,129,132,136,139,149,157,162,166,175,187,191],"control":[8],"authority":[9],"of":[10,40,65,108,113,121,152,164],"remote":[12,122],"host":[13,123],"is":[14,76,143],"through":[15],"exploit":[17,110,172],"code.":[18,111],"As":[19],"network":[20],"security":[21],"systems":[22],"have":[23,31,57],"mounted":[24],"desired":[26],"signatures":[27],"about":[28],"exploits,":[29],"they":[30],"reduced":[32],"damage":[33],"due":[34],"to":[35,44,82,91],"spreading":[37],"and":[38,55,127,182],"reoccurrence":[39],"exploits.":[42],"However,":[43],"avoid":[45],"signature-based":[46],"detection":[47],"techniques,":[48],"exploits":[49,85],"employing":[50],"techniques":[51,179],"such":[52],"as":[53,131,155],"polymorphism":[54,88],"metamorphism":[56],"become":[58],"more":[59,93,184],"prevalent.":[60],"Especially":[61],"case":[64],"polymorphism,":[66],"because":[67],"there":[68,75],"are":[69,180],"many":[70],"automation":[71],"engines":[72],"even":[73],"if":[74],"no":[77],"special":[78],"knowledge":[79],"order":[81],"make":[83],"various":[84],"easily,":[86],"researches":[89],"need":[90],"be":[92],"actively":[94],"studied.":[95],"We":[96],"present":[97],"a":[98,125],"new":[99],"static":[100,158,176],"analysis":[101,159,177],"for":[103,134],"detecting":[104],"decryption":[106,114,153],"routine":[107,154],"polymorphic":[109,171],"Most":[112],"routines":[115],"store":[116],"program":[118],"counter":[119],"value":[120,130],"on":[124],"stack":[126],"use":[128],"address":[133],"accessing":[135],"memory":[137],"that":[138,174],"encrypted":[140],"original":[141],"code":[142],"positioned.":[144],"proposed":[146,167],"traces":[148],"processing":[150,192],"steps":[151],"using":[156],"method.":[160],"In":[161],"results":[163],"experiment,":[165],"can":[169],"detect":[170],"codes":[173],"resistant":[178],"used,":[181],"shows":[183],"efficient":[185],"than":[186],"emulation-based":[188],"performance.":[193]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}