{"id":"https://openalex.org/W2774999725","doi":"https://doi.org/10.1109/milcom.2017.8170793","title":"A control flow graph-based signature for packer identification","display_name":"A control flow graph-based signature for packer identification","publication_year":2017,"publication_date":"2017-10-01","ids":{"openalex":"https://openalex.org/W2774999725","doi":"https://doi.org/10.1109/milcom.2017.8170793","mag":"2774999725"},"language":"en","primary_location":{"id":"doi:10.1109/milcom.2017.8170793","is_oa":false,"landing_page_url":"https://doi.org/10.1109/milcom.2017.8170793","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5046123556","display_name":"Moustafa Saleh","orcid":"https://orcid.org/0000-0003-1916-3275"},"institutions":[{"id":"https://openalex.org/I1290206253","display_name":"Microsoft (United States)","ror":"https://ror.org/00d0nc645","country_code":"US","type":"company","lineage":["https://openalex.org/I1290206253"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Moustafa Saleh","raw_affiliation_strings":["Threat Intelligence Center Microsoft, Redmond, Washington"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Threat Intelligence Center Microsoft, Redmond, Washington","institution_ids":["https://openalex.org/I1290206253"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5016680085","display_name":"E. Paul Ratazzi","orcid":"https://orcid.org/0000-0002-9817-6025"},"institutions":[{"id":"https://openalex.org/I1280414376","display_name":"United States Air Force Research Laboratory","ror":"https://ror.org/02e2egq70","country_code":"US","type":"facility","lineage":["https://openalex.org/I1280414376","https://openalex.org/I1330347796","https://openalex.org/I4210102105","https://openalex.org/I4389425425"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"E. Paul Ratazzi","raw_affiliation_strings":["Cyber Assurance Branch, Air Force Research Laboratory, Rome, New York"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Cyber Assurance Branch, Air Force Research Laboratory, Rome, New York","institution_ids":["https://openalex.org/I1280414376"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5019179799","display_name":"Shouhuai Xu","orcid":"https://orcid.org/0000-0001-8034-0942"},"institutions":[{"id":"https://openalex.org/I45438204","display_name":"The University of Texas at San Antonio","ror":"https://ror.org/01kd65564","country_code":"US","type":"education","lineage":["https://openalex.org/I45438204"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Shouhuai Xu","raw_affiliation_strings":["Department of Computer Science, University of Texas at San Antonio, San Antonio, Texas"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Texas at San Antonio, San Antonio, Texas","institution_ids":["https://openalex.org/I45438204"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.1868,"has_fulltext":false,"cited_by_count":8,"citation_normalized_percentile":{"value":0.4941313,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"683","last_page":"688"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9933000206947327,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.925482988357544},{"id":"https://openalex.org/keywords/cryptovirology","display_name":"Cryptovirology","score":0.8077410459518433},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7820969223976135},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6448165774345398},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.6424368619918823},{"id":"https://openalex.org/keywords/byte","display_name":"Byte","score":0.6143112778663635},{"id":"https://openalex.org/keywords/signature","display_name":"Signature (topology)","score":0.46400633454322815},{"id":"https://openalex.org/keywords/ransom","display_name":"Ransom","score":0.44541293382644653},{"id":"https://openalex.org/keywords/control-flow","display_name":"Control flow","score":0.4392387270927429},{"id":"https://openalex.org/keywords/shuffling","display_name":"Shuffling","score":0.42922937870025635},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.14842215180397034},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.1182229220867157}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.925482988357544},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.8077410459518433},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7820969223976135},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6448165774345398},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.6424368619918823},{"id":"https://openalex.org/C43364308","wikidata":"https://www.wikidata.org/wiki/Q8799","display_name":"Byte","level":2,"score":0.6143112778663635},{"id":"https://openalex.org/C2779696439","wikidata":"https://www.wikidata.org/wiki/Q7512811","display_name":"Signature (topology)","level":2,"score":0.46400633454322815},{"id":"https://openalex.org/C2781426709","wikidata":"https://www.wikidata.org/wiki/Q1414572","display_name":"Ransom","level":2,"score":0.44541293382644653},{"id":"https://openalex.org/C160191386","wikidata":"https://www.wikidata.org/wiki/Q868299","display_name":"Control flow","level":2,"score":0.4392387270927429},{"id":"https://openalex.org/C167927819","wikidata":"https://www.wikidata.org/wiki/Q1930567","display_name":"Shuffling","level":2,"score":0.42922937870025635},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.14842215180397034},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.1182229220867157},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C59822182","wikidata":"https://www.wikidata.org/wiki/Q441","display_name":"Botany","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/milcom.2017.8170793","is_oa":false,"landing_page_url":"https://doi.org/10.1109/milcom.2017.8170793","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.7900000214576721,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":12,"referenced_works":["https://openalex.org/W2045950984","https://openalex.org/W2065709228","https://openalex.org/W2077747890","https://openalex.org/W2143421017","https://openalex.org/W2149216329","https://openalex.org/W2150423842","https://openalex.org/W2151300580","https://openalex.org/W2152067881","https://openalex.org/W2155320991","https://openalex.org/W2313158754","https://openalex.org/W2320538877","https://openalex.org/W6682404691"],"related_works":["https://openalex.org/W2519510627","https://openalex.org/W2317284651","https://openalex.org/W2756362805","https://openalex.org/W4247997640","https://openalex.org/W2365166239","https://openalex.org/W4213239787","https://openalex.org/W4377131110","https://openalex.org/W2389019629","https://openalex.org/W2114337652","https://openalex.org/W4387723305"],"abstract_inverted_index":{"The":[0,42,126],"large":[1],"number":[2],"of":[3,14,30,38,44,74,100,137,148,158,211],"malicious":[4],"files":[5],"that":[6,25,58,81,140,165],"are":[7,105,141,153,181,190],"produced":[8],"daily":[9],"outpaces":[10],"the":[11,27,54,82,117,156,212,219],"current":[12],"capacity":[13],"malware":[15,40,45,57,95,138,145,149,159,177],"analysis":[16],"and":[17,97,151,198],"detection.":[18],"For":[19,186],"example,":[20,187],"Intel":[21],"Security":[22],"Labs":[23],"reported":[24],"during":[26],"second":[28],"quarter":[29],"2016,":[31],"their":[32],"system":[33],"found":[34],"more":[35,62,182],"than":[36,63],"40M":[37],"new":[39,94,121],"[1].":[41],"damage":[43],"attacks":[46],"is":[47,89,132,204,225],"also":[48,226],"increasingly":[49,90],"devastating,":[50],"as":[51,200],"witnessed":[52],"by":[53,114,169],"recent":[55],"Cryptowall":[56],"has":[59,77],"reportedly":[60],"generated":[61],"$325M":[64],"in":[65,129,176],"ransom":[66],"payments":[67],"to":[68,143,184,192],"its":[69],"perpetrators":[70],"[2].":[71],"In":[72],"terms":[73],"defense,":[75],"it":[76],"been":[78],"widely":[79],"accepted":[80],"traditional":[83],"approach":[84],"based":[85],"on":[86],"byte-string":[87],"signatures":[88,164,180,189,224],"ineffective,":[91],"especially":[92],"for":[93,108,134,206,221],"samples":[96],"sophisticated":[98],"variants":[99],"existing":[101],"ones.":[102],"New":[103],"techniques":[104],"therefore":[106],"needed":[107],"effective":[109],"defense":[110,122],"against":[111,124,195],"malware.":[112,125,214],"Motivated":[113],"this":[115,130],"problem,":[116],"paper":[118,131],"investigates":[119],"a":[120,201],"technique":[123,127],"presented":[128],"utilized":[133],"automatic":[135],"identification":[136],"packers":[139,150],"used":[142],"obfuscate":[144],"programs.":[146],"Signatures":[147],"obfuscators":[152],"extracted":[154],"from":[155],"CFGs":[157],"samples.":[160],"Unlike":[161],"conventional":[162],"byte":[163],"can":[166],"be":[167,193],"evaded":[168],"simply":[170],"modifying":[171],"one":[172],"or":[173],"multiple":[174],"bytes":[175],"samples,":[178],"these":[179],"difficult":[183],"evade.":[185],"CFG-based":[188,223],"shown":[191],"resilient":[194],"instruction":[196],"modifications":[197],"shuffling,":[199],"single":[202],"signature":[203],"sufficient":[205],"detecting":[207],"mildly":[208],"different":[209],"versions":[210],"same":[213],"Last":[215],"but":[216],"not":[217],"least,":[218],"process":[220],"extracting":[222],"made":[227],"automatic.":[228]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":2},{"year":2019,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}