{"id":"https://openalex.org/W2084359473","doi":"https://doi.org/10.1109/issa.2014.6950504","title":"Towards a sandbox for the deobfuscation and dissection of PHP malware","display_name":"Towards a sandbox for the deobfuscation and dissection of PHP malware","publication_year":2014,"publication_date":"2014-08-01","ids":{"openalex":"https://openalex.org/W2084359473","doi":"https://doi.org/10.1109/issa.2014.6950504","mag":"2084359473"},"language":"en","primary_location":{"id":"doi:10.1109/issa.2014.6950504","is_oa":false,"landing_page_url":"https://doi.org/10.1109/issa.2014.6950504","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2014 Information Security for South Africa","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5046400775","display_name":"Peter M. Wrench","orcid":null},"institutions":[{"id":"https://openalex.org/I203238179","display_name":"Rhodes University","ror":"https://ror.org/016sewp10","country_code":"ZA","type":"education","lineage":["https://openalex.org/I203238179"]}],"countries":["ZA"],"is_corresponding":false,"raw_author_name":"Peter M. Wrench","raw_affiliation_strings":["Department of Computer Science, Rhodes University, Grahamstown","Department of Computer Science, Rhodes University, P.O. Box 94, Grahamstown, 6140, South Africa"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Rhodes University, Grahamstown","institution_ids":["https://openalex.org/I203238179"]},{"raw_affiliation_string":"Department of Computer Science, Rhodes University, P.O. Box 94, Grahamstown, 6140, South Africa","institution_ids":["https://openalex.org/I203238179"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5054384302","display_name":"Barry Irwin","orcid":"https://orcid.org/0000-0002-2727-2124"},"institutions":[{"id":"https://openalex.org/I203238179","display_name":"Rhodes University","ror":"https://ror.org/016sewp10","country_code":"ZA","type":"education","lineage":["https://openalex.org/I203238179"]}],"countries":["ZA"],"is_corresponding":false,"raw_author_name":"Barry V. W. Irwin","raw_affiliation_strings":["Department of Computer Science, Rhodes University, Grahamstown","Department of Computer Science, Rhodes University, P.O. Box 94, Grahamstown, 6140, South Africa"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Rhodes University, Grahamstown","institution_ids":["https://openalex.org/I203238179"]},{"raw_affiliation_string":"Department of Computer Science, Rhodes University, P.O. Box 94, Grahamstown, 6140, South Africa","institution_ids":["https://openalex.org/I203238179"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.5897,"has_fulltext":false,"cited_by_count":7,"citation_normalized_percentile":{"value":0.68879502,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":"2001","issue":null,"first_page":"1","last_page":"8"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/sandbox","display_name":"Sandbox (software development)","score":0.9838982820510864},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.9274492859840393},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.7344599962234497},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7257230281829834},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.605373740196228},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5222002863883972},{"id":"https://openalex.org/keywords/reverse-engineering","display_name":"Reverse engineering","score":0.46359509229660034},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.4125574231147766},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.40073835849761963},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.28087231516838074},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.2253122627735138},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.19613569974899292}],"concepts":[{"id":"https://openalex.org/C167981075","wikidata":"https://www.wikidata.org/wiki/Q2667186","display_name":"Sandbox (software development)","level":2,"score":0.9838982820510864},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.9274492859840393},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.7344599962234497},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7257230281829834},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.605373740196228},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5222002863883972},{"id":"https://openalex.org/C207850805","wikidata":"https://www.wikidata.org/wiki/Q269608","display_name":"Reverse engineering","level":2,"score":0.46359509229660034},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.4125574231147766},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.40073835849761963},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.28087231516838074},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.2253122627735138},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.19613569974899292},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/issa.2014.6950504","is_oa":false,"landing_page_url":"https://doi.org/10.1109/issa.2014.6950504","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2014 Information Security for South Africa","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":44,"referenced_works":["https://openalex.org/W24839522","https://openalex.org/W65725112","https://openalex.org/W109909280","https://openalex.org/W165688198","https://openalex.org/W205305182","https://openalex.org/W263629230","https://openalex.org/W1500460345","https://openalex.org/W1510228738","https://openalex.org/W1531027799","https://openalex.org/W1535445971","https://openalex.org/W1539580676","https://openalex.org/W1540198462","https://openalex.org/W1562646198","https://openalex.org/W1567046609","https://openalex.org/W1755167160","https://openalex.org/W1966150547","https://openalex.org/W1981678030","https://openalex.org/W1983142587","https://openalex.org/W1994020507","https://openalex.org/W1996482980","https://openalex.org/W1999704547","https://openalex.org/W2004812514","https://openalex.org/W2047181172","https://openalex.org/W2049396953","https://openalex.org/W2099206289","https://openalex.org/W2099425933","https://openalex.org/W2111038628","https://openalex.org/W2118456496","https://openalex.org/W2118735733","https://openalex.org/W2123804192","https://openalex.org/W2131332603","https://openalex.org/W2131523719","https://openalex.org/W2132874238","https://openalex.org/W2148888468","https://openalex.org/W2149069618","https://openalex.org/W2165871256","https://openalex.org/W2166462894","https://openalex.org/W2167370023","https://openalex.org/W2242802512","https://openalex.org/W2624639028","https://openalex.org/W2998066361","https://openalex.org/W6633713445","https://openalex.org/W6671777941","https://openalex.org/W6679779913"],"related_works":["https://openalex.org/W2620652965","https://openalex.org/W2024170198","https://openalex.org/W4296272594","https://openalex.org/W2034129977","https://openalex.org/W2900526031","https://openalex.org/W1745773915","https://openalex.org/W2765820957","https://openalex.org/W2728713145","https://openalex.org/W2913519194","https://openalex.org/W2470502009"],"abstract_inverted_index":{"The":[0],"creation":[1],"and":[2,17,31,104,111],"proliferation":[3],"of":[4,20,29,43,107,114],"PHP-based":[5],"Remote":[6],"Access":[7],"Trojans":[8],"(or":[9],"web":[10,21],"shells)":[11],"used":[12],"in":[13],"both":[14],"the":[15,56,77],"compromise":[16],"post":[18],"exploitation":[19],"platforms":[22],"has":[23],"fuelled":[24],"research":[25],"into":[26],"automated":[27],"methods":[28],"dissecting":[30],"analysing":[32],"these":[33,87],"shells.":[34],"Current":[35],"malware":[36,64],"tools":[37],"disguise":[38],"themselves":[39],"by":[40],"making":[41],"use":[42],"obfuscation":[44],"techniques":[45],"designed":[46],"to":[47,51,65,98],"frustrate":[48],"any":[49],"efforts":[50],"dissect":[52],"or":[53],"reverse":[54],"engineer":[55],"code.":[57,116],"Advanced":[58],"code":[59],"engineering":[60],"can":[61],"even":[62],"cause":[63],"behave":[66],"differently":[67],"if":[68],"it":[69,72,81],"detects":[70],"that":[71,96],"is":[73,105],"not":[74],"running":[75],"on":[76],"system":[78],"for":[79],"which":[80],"was":[82],"originally":[83],"targeted.":[84],"To":[85],"combat":[86],"defensive":[88],"techniques,":[89],"this":[90],"paper":[91],"presents":[92],"a":[93,101],"sandbox-based":[94],"environment":[95],"aims":[97],"accurately":[99],"mimic":[100],"vulnerable":[102],"host":[103],"capable":[106],"semi-automatic":[108],"semantic":[109],"dissection":[110],"syntactic":[112],"deobfuscation":[113],"PHP":[115]},"counts_by_year":[{"year":2023,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":1},{"year":2016,"cited_by_count":1},{"year":2015,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}