{"id":"https://openalex.org/W2049629426","doi":"https://doi.org/10.1145/2046707.2046739","title":"Deobfuscation of virtualization-obfuscated software","display_name":"Deobfuscation of virtualization-obfuscated software","publication_year":2011,"publication_date":"2011-10-17","ids":{"openalex":"https://openalex.org/W2049629426","doi":"https://doi.org/10.1145/2046707.2046739","mag":"2049629426"},"language":"en","primary_location":{"id":"doi:10.1145/2046707.2046739","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2046707.2046739","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 18th ACM conference on Computer and communications security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5082389239","display_name":"Kevin Coogan","orcid":null},"institutions":[{"id":"https://openalex.org/I138006243","display_name":"University of Arizona","ror":"https://ror.org/03m2x1q45","country_code":"US","type":"education","lineage":["https://openalex.org/I138006243"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Kevin Coogan","raw_affiliation_strings":["University of Arizona, Tucson, AZ, USA"],"affiliations":[{"raw_affiliation_string":"University of Arizona, Tucson, AZ, USA","institution_ids":["https://openalex.org/I138006243"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5091797502","display_name":"Gen Lu","orcid":null},"institutions":[{"id":"https://openalex.org/I138006243","display_name":"University of Arizona","ror":"https://ror.org/03m2x1q45","country_code":"US","type":"education","lineage":["https://openalex.org/I138006243"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Gen Lu","raw_affiliation_strings":["University of Arizona, Tucson, AZ, USA"],"affiliations":[{"raw_affiliation_string":"University of Arizona, Tucson, AZ, USA","institution_ids":["https://openalex.org/I138006243"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5108542327","display_name":"Saumya Debray","orcid":null},"institutions":[{"id":"https://openalex.org/I138006243","display_name":"University of Arizona","ror":"https://ror.org/03m2x1q45","country_code":"US","type":"education","lineage":["https://openalex.org/I138006243"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Saumya Debray","raw_affiliation_strings":["University of Arizona, Tucson, AZ, USA"],"affiliations":[{"raw_affiliation_string":"University of Arizona, Tucson, AZ, USA","institution_ids":["https://openalex.org/I138006243"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5082389239"],"corresponding_institution_ids":["https://openalex.org/I138006243"],"apc_list":null,"apc_paid":null,"fwci":4.9888,"has_fulltext":false,"cited_by_count":120,"citation_normalized_percentile":{"value":0.95875886,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"275","last_page":"284"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9952999949455261,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9940000176429749,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8657267093658447},{"id":"https://openalex.org/keywords/reverse-engineering","display_name":"Reverse engineering","score":0.6200946569442749},{"id":"https://openalex.org/keywords/interpreter","display_name":"Interpreter","score":0.5799337029457092},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.5688502192497253},{"id":"https://openalex.org/keywords/static-program-analysis","display_name":"Static program analysis","score":0.5625348687171936},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.5591026544570923},{"id":"https://openalex.org/keywords/virtualization","display_name":"Virtualization","score":0.5514260530471802},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.5500055551528931},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.5388585925102234},{"id":"https://openalex.org/keywords/byte","display_name":"Byte","score":0.5306574106216431},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.5179599523544312},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.49750426411628723},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.48140907287597656},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.4808548092842102},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4281369745731354},{"id":"https://openalex.org/keywords/complement","display_name":"Complement (music)","score":0.4166761040687561},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.2927941083908081},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.28651320934295654},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.1857992708683014},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.14250344038009644}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8657267093658447},{"id":"https://openalex.org/C207850805","wikidata":"https://www.wikidata.org/wiki/Q269608","display_name":"Reverse engineering","level":2,"score":0.6200946569442749},{"id":"https://openalex.org/C122783720","wikidata":"https://www.wikidata.org/wiki/Q183065","display_name":"Interpreter","level":2,"score":0.5799337029457092},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.5688502192497253},{"id":"https://openalex.org/C137287247","wikidata":"https://www.wikidata.org/wiki/Q1329550","display_name":"Static program analysis","level":4,"score":0.5625348687171936},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.5591026544570923},{"id":"https://openalex.org/C513985346","wikidata":"https://www.wikidata.org/wiki/Q270471","display_name":"Virtualization","level":3,"score":0.5514260530471802},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.5500055551528931},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.5388585925102234},{"id":"https://openalex.org/C43364308","wikidata":"https://www.wikidata.org/wiki/Q8799","display_name":"Byte","level":2,"score":0.5306574106216431},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.5179599523544312},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.49750426411628723},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.48140907287597656},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.4808548092842102},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4281369745731354},{"id":"https://openalex.org/C112313634","wikidata":"https://www.wikidata.org/wiki/Q7886648","display_name":"Complement (music)","level":5,"score":0.4166761040687561},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.2927941083908081},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.28651320934295654},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.1857992708683014},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.14250344038009644},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C127716648","wikidata":"https://www.wikidata.org/wiki/Q104053","display_name":"Phenotype","level":3,"score":0.0},{"id":"https://openalex.org/C188082640","wikidata":"https://www.wikidata.org/wiki/Q1780899","display_name":"Complementation","level":4,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2046707.2046739","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2046707.2046739","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 18th ACM conference on Computer and communications security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":15,"referenced_works":["https://openalex.org/W116627068","https://openalex.org/W303139982","https://openalex.org/W1491178396","https://openalex.org/W1522250664","https://openalex.org/W1556604985","https://openalex.org/W1575308494","https://openalex.org/W1975857176","https://openalex.org/W2117030266","https://openalex.org/W2128389850","https://openalex.org/W2140807364","https://openalex.org/W2142368292","https://openalex.org/W2170793790","https://openalex.org/W2532550198","https://openalex.org/W6610773549","https://openalex.org/W6631155369"],"related_works":["https://openalex.org/W2913519194","https://openalex.org/W2007287520","https://openalex.org/W2132360941","https://openalex.org/W4362634109","https://openalex.org/W4388820743","https://openalex.org/W2793135307","https://openalex.org/W2532550198","https://openalex.org/W2166616871","https://openalex.org/W4210907385","https://openalex.org/W4312434251"],"abstract_inverted_index":{"When":[0],"new":[1],"malware":[2,38],"are":[3,42,51,162],"discovered,":[4],"it":[5],"is":[6,98],"important":[7],"for":[8,150],"researchers":[9,30],"to":[10,44,53,62,76,104,113,138],"analyze":[11],"and":[12,46,56,136],"understand":[13],"them":[14],"as":[15,17,29],"quickly":[16],"possible.":[18],"This":[19,86,107,130],"task":[20],"has":[21],"been":[22],"made":[23],"more":[24],"difficult":[25,43],"in":[26],"recent":[27],"years":[28],"have":[31],"seen":[32],"an":[33],"increasing":[34],"use":[35,74],"of":[36,81,95,126,146],"virtualization-obfuscated":[37],"code.":[39,129],"These":[40],"programs":[41,148],"comprehend":[45],"reverse":[47],"engineer,":[48],"since":[49],"they":[50],"resistant":[52],"both":[54],"static":[55],"dynamic":[57],"analysis":[58],"techniques.":[59],"Current":[60],"approaches":[61],"dealing":[63],"with":[64],"such":[65],"code":[66,71,84,161],"first":[67],"reverse-engineer":[68],"the":[69,79,82,93,96,114,123,127,144],"byte":[70,83],"interpreter,":[72],"then":[73],"this":[75],"work":[77],"out":[78],"logic":[80],"program.":[85],"outside-in":[87],"approach":[88,112,132],"produces":[89],"good":[90],"results":[91],"when":[92],"structure":[94],"interpreter":[97],"known,":[99],"but":[100],"cannot":[101],"be":[102],"applied":[103],"all":[105],"cases.":[106],"paper":[108],"proposes":[109],"a":[110,155],"different":[111],"problem":[115],"that":[116,121],"focuses":[117],"on":[118,158],"identifying":[119],"instructions":[120],"affect":[122],"observable":[124],"behavior":[125],"obfuscated":[128,147],"inside-out":[131],"requires":[133],"fewer":[134],"assumptions,":[135],"aims":[137],"complement":[139],"existing":[140],"techniques":[141],"by":[142],"broadening":[143],"domain":[145],"eligible":[149],"automated":[151],"analysis.":[152],"Results":[153],"from":[154],"prototype":[156],"tool":[157],"real-world":[159],"malicious":[160],"encouraging.":[163]},"counts_by_year":[{"year":2025,"cited_by_count":8},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":6},{"year":2021,"cited_by_count":11},{"year":2020,"cited_by_count":8},{"year":2019,"cited_by_count":12},{"year":2018,"cited_by_count":14},{"year":2017,"cited_by_count":12},{"year":2016,"cited_by_count":13},{"year":2015,"cited_by_count":12},{"year":2014,"cited_by_count":7},{"year":2013,"cited_by_count":3},{"year":2012,"cited_by_count":5}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}