{"id":"https://openalex.org/W2140747479","doi":"https://doi.org/10.1145/1866307.1866368","title":"Mimimorphism","display_name":"Mimimorphism","publication_year":2010,"publication_date":"2010-10-04","ids":{"openalex":"https://openalex.org/W2140747479","doi":"https://doi.org/10.1145/1866307.1866368","mag":"2140747479"},"language":"en","primary_location":{"id":"doi:10.1145/1866307.1866368","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1866307.1866368","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 17th ACM conference on Computer and communications security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5076718675","display_name":"Zhenyu Wu","orcid":"https://orcid.org/0000-0001-9617-7094"},"institutions":[{"id":"https://openalex.org/I16285277","display_name":"William & Mary","ror":"https://ror.org/03hsf0573","country_code":"US","type":"education","lineage":["https://openalex.org/I16285277"]},{"id":"https://openalex.org/I267592682","display_name":"Williams (United States)","ror":"https://ror.org/007zhvp17","country_code":"US","type":"company","lineage":["https://openalex.org/I267592682"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zhenyu Wu","raw_affiliation_strings":["The College of William and Mary, Williamsburg, VA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"The College of William and Mary, Williamsburg, VA, USA","institution_ids":["https://openalex.org/I16285277","https://openalex.org/I267592682"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5061929139","display_name":"Steven Gianvecchio","orcid":null},"institutions":[{"id":"https://openalex.org/I16285277","display_name":"William & Mary","ror":"https://ror.org/03hsf0573","country_code":"US","type":"education","lineage":["https://openalex.org/I16285277"]},{"id":"https://openalex.org/I267592682","display_name":"Williams (United States)","ror":"https://ror.org/007zhvp17","country_code":"US","type":"company","lineage":["https://openalex.org/I267592682"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Steven Gianvecchio","raw_affiliation_strings":["The College of William and Mary, Williamsburg, VA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"The College of William and Mary, Williamsburg, VA, USA","institution_ids":["https://openalex.org/I16285277","https://openalex.org/I267592682"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048083201","display_name":"Mengjun Xie","orcid":"https://orcid.org/0000-0001-5089-9614"},"institutions":[{"id":"https://openalex.org/I16285277","display_name":"William & Mary","ror":"https://ror.org/03hsf0573","country_code":"US","type":"education","lineage":["https://openalex.org/I16285277"]},{"id":"https://openalex.org/I267592682","display_name":"Williams (United States)","ror":"https://ror.org/007zhvp17","country_code":"US","type":"company","lineage":["https://openalex.org/I267592682"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mengjun Xie","raw_affiliation_strings":["The College of William and Mary, Williamsburg, VA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"The College of William and Mary, Williamsburg, VA, USA","institution_ids":["https://openalex.org/I16285277","https://openalex.org/I267592682"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100664241","display_name":"Haining Wang","orcid":"https://orcid.org/0000-0002-9665-7511"},"institutions":[{"id":"https://openalex.org/I16285277","display_name":"William & Mary","ror":"https://ror.org/03hsf0573","country_code":"US","type":"education","lineage":["https://openalex.org/I16285277"]},{"id":"https://openalex.org/I267592682","display_name":"Williams (United States)","ror":"https://ror.org/007zhvp17","country_code":"US","type":"company","lineage":["https://openalex.org/I267592682"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Haining Wang","raw_affiliation_strings":["The College of William and Mary, Williamsburg, VA, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"The College of William and Mary, Williamsburg, VA, USA","institution_ids":["https://openalex.org/I16285277","https://openalex.org/I267592682"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":2.7091,"has_fulltext":false,"cited_by_count":59,"citation_normalized_percentile":{"value":0.91111817,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"536","last_page":"546"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9962999820709229,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9962999820709229,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8569117784500122},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.7392487525939941},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.6422037482261658},{"id":"https://openalex.org/keywords/executable","display_name":"Executable","score":0.6207084655761719},{"id":"https://openalex.org/keywords/byte","display_name":"Byte","score":0.5827630758285522},{"id":"https://openalex.org/keywords/syntax","display_name":"Syntax","score":0.4707287549972534},{"id":"https://openalex.org/keywords/control-flow","display_name":"Control flow","score":0.43539106845855713},{"id":"https://openalex.org/keywords/binary-number","display_name":"Binary number","score":0.4142315685749054},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.3628578782081604},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.35964876413345337},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.3069673478603363},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.09958535432815552}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8569117784500122},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.7392487525939941},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.6422037482261658},{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.6207084655761719},{"id":"https://openalex.org/C43364308","wikidata":"https://www.wikidata.org/wiki/Q8799","display_name":"Byte","level":2,"score":0.5827630758285522},{"id":"https://openalex.org/C60048249","wikidata":"https://www.wikidata.org/wiki/Q37437","display_name":"Syntax","level":2,"score":0.4707287549972534},{"id":"https://openalex.org/C160191386","wikidata":"https://www.wikidata.org/wiki/Q868299","display_name":"Control flow","level":2,"score":0.43539106845855713},{"id":"https://openalex.org/C48372109","wikidata":"https://www.wikidata.org/wiki/Q3913","display_name":"Binary number","level":2,"score":0.4142315685749054},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.3628578782081604},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.35964876413345337},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.3069673478603363},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.09958535432815552},{"id":"https://openalex.org/C94375191","wikidata":"https://www.wikidata.org/wiki/Q11205","display_name":"Arithmetic","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/1866307.1866368","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1866307.1866368","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 17th ACM conference on Computer and communications security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320337345","display_name":"Office of Naval Research","ror":"https://ror.org/00rk2pe57"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":46,"referenced_works":["https://openalex.org/W13344852","https://openalex.org/W34732858","https://openalex.org/W88694106","https://openalex.org/W1533753084","https://openalex.org/W1552056088","https://openalex.org/W1564075167","https://openalex.org/W1580559113","https://openalex.org/W1589713274","https://openalex.org/W1594536929","https://openalex.org/W1595564425","https://openalex.org/W1597305440","https://openalex.org/W1903577715","https://openalex.org/W2025475662","https://openalex.org/W2032247543","https://openalex.org/W2033368661","https://openalex.org/W2033811087","https://openalex.org/W2059358903","https://openalex.org/W2084641398","https://openalex.org/W2095595785","https://openalex.org/W2100198871","https://openalex.org/W2104495462","https://openalex.org/W2116065364","https://openalex.org/W2119177527","https://openalex.org/W2126059122","https://openalex.org/W2131523719","https://openalex.org/W2132874238","https://openalex.org/W2135143063","https://openalex.org/W2137786570","https://openalex.org/W2145027384","https://openalex.org/W2146211060","https://openalex.org/W2150423842","https://openalex.org/W2157153057","https://openalex.org/W2158167094","https://openalex.org/W2162275200","https://openalex.org/W2743634147","https://openalex.org/W2886481750","https://openalex.org/W2912142077","https://openalex.org/W2913650672","https://openalex.org/W4285719527","https://openalex.org/W6633665954","https://openalex.org/W6635716266","https://openalex.org/W6671777941","https://openalex.org/W6675812784","https://openalex.org/W6679904650","https://openalex.org/W6681652963","https://openalex.org/W7066491068"],"related_works":["https://openalex.org/W2620652965","https://openalex.org/W2024170198","https://openalex.org/W4296272594","https://openalex.org/W2900526031","https://openalex.org/W2289039654","https://openalex.org/W2728713145","https://openalex.org/W2470502009","https://openalex.org/W2072617132","https://openalex.org/W4360993664","https://openalex.org/W1995118279"],"abstract_inverted_index":{"Binary":[0],"obfuscation":[1,17,48,74],"plays":[2],"an":[3],"essential":[4],"role":[5],"in":[6,52,107,155],"evading":[7,26,80,133],"malware":[8,87],"static":[9],"analysis":[10,35,139],"and":[11,22,33,83,112,128,137,161],"detection.":[12,29],"The":[13],"widely":[14],"used":[15],"code":[16],"techniques,":[18],"such":[19],"as":[20,163,165],"polymorphism":[21],"metamorphism,":[23],"focus":[24],"on":[25,123],"syntax":[27],"based":[28],"However,":[30],"statistic":[31],"test":[32],"semantic":[34,60,84,113,138],"techniques":[36,49],"have":[37],"been":[38],"developed":[39],"to":[40,93,104],"thwart":[41],"their":[42,53],"evasion":[43],"attempts.":[44],"More":[45],"recent":[46],"binary":[47,73,96],"are":[50,150],"divided":[51],"purposes":[54],"of":[55,79,109,119,132,157],"attacking":[56],"either":[57],"statistical":[58,82,110,134],"or":[59],"approach,":[61],"but":[62],"not":[63],"both.":[64],"In":[65],"this":[66],"paper,":[67],"we":[68],"introduce":[69],"mimimorphism,":[70],"a":[71,117],"novel":[72],"technique":[75],"with":[76],"the":[77,120,124,147],"potential":[78],"both":[81],"detections.":[85],"Mimimorphic":[86],"uses":[88],"instruction-syntax-aware":[89],"high-order":[90],"mimic":[91],"functions":[92],"transform":[94],"its":[95,130],"into":[97],"mimicry":[98,148],"executables":[99,149],"that":[100,146],"exhibit":[101],"high":[102],"similarity":[103],"benign":[105,153],"programs":[106,154],"terms":[108,156],"properties":[111],"characteristics.":[114],"We":[115],"implement":[116],"prototype":[118],"mimimorphic":[121],"engine":[122],"Intel":[125],"x86":[126],"platform,":[127],"evaluate":[129],"capability":[131],"anomaly":[135],"detection":[136,140],"techniques.":[141],"Our":[142],"experimental":[143],"results":[144],"demonstrate":[145],"indistinguishable":[151],"from":[152],"byte":[158],"frequency":[159],"distribution":[160],"entropy,":[162],"well":[164],"control":[166],"flow":[167],"fingerprint.":[168]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":4},{"year":2022,"cited_by_count":4},{"year":2021,"cited_by_count":3},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":4},{"year":2018,"cited_by_count":5},{"year":2017,"cited_by_count":4},{"year":2016,"cited_by_count":6},{"year":2015,"cited_by_count":2},{"year":2014,"cited_by_count":12},{"year":2013,"cited_by_count":5},{"year":2012,"cited_by_count":3}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2016-06-24T00:00:00"}