{"id":"https://openalex.org/W2890434219","doi":"https://doi.org/10.1145/3243734.3243771","title":"Towards Paving the Way for Large-Scale Windows Malware Analysis","display_name":"Towards Paving the Way for Large-Scale Windows Malware Analysis","publication_year":2018,"publication_date":"2018-10-15","ids":{"openalex":"https://openalex.org/W2890434219","doi":"https://doi.org/10.1145/3243734.3243771","mag":"2890434219"},"language":"en","primary_location":{"id":"doi:10.1145/3243734.3243771","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3243734.3243771","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5073257664","display_name":"Binlin Cheng","orcid":null},"institutions":[{"id":"https://openalex.org/I37461747","display_name":"Wuhan University","ror":"https://ror.org/033vjfk17","country_code":"CN","type":"education","lineage":["https://openalex.org/I37461747"]},{"id":"https://openalex.org/I4210121573","display_name":"Wuchang University of Technology","ror":"https://ror.org/02mqsna37","country_code":"CN","type":"education","lineage":["https://openalex.org/I4210121573"]},{"id":"https://openalex.org/I4210165606","display_name":"Hubei Normal University","ror":"https://ror.org/056y3dw16","country_code":"CN","type":"education","lineage":["https://openalex.org/I4210165606"]},{"id":"https://openalex.org/I75900474","display_name":"Hubei University","ror":"https://ror.org/03a60m280","country_code":"CN","type":"education","lineage":["https://openalex.org/I75900474"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Binlin Cheng","raw_affiliation_strings":["Wuhan University & Hubei Normal University, Wuhan , China","Wuhan University [China] (Wuchang, Wuhan, Hubei, China, 430072 - China)","Hubei University (Wuhan, 430068 - China)"],"affiliations":[{"raw_affiliation_string":"Wuhan University & Hubei Normal University, Wuhan , China","institution_ids":["https://openalex.org/I4210165606","https://openalex.org/I37461747"]},{"raw_affiliation_string":"Wuhan University [China] (Wuchang, Wuhan, Hubei, China, 430072 - China)","institution_ids":["https://openalex.org/I4210121573","https://openalex.org/I37461747"]},{"raw_affiliation_string":"Hubei University (Wuhan, 430068 - China)","institution_ids":["https://openalex.org/I75900474"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101420644","display_name":"Jiang Ming","orcid":"https://orcid.org/0000-0001-9682-0502"},"institutions":[{"id":"https://openalex.org/I189196454","display_name":"The University of Texas at Arlington","ror":"https://ror.org/019kgqr73","country_code":"US","type":"education","lineage":["https://openalex.org/I189196454"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jiang Ming","raw_affiliation_strings":["University of Texas at Arlington, Arlington, TX, USA","University of Texas at Arlington [Arlington] (701 S Nedderman Dr, Arlington, TX 76019 - United States)"],"affiliations":[{"raw_affiliation_string":"University of Texas at Arlington, Arlington, TX, USA","institution_ids":["https://openalex.org/I189196454"]},{"raw_affiliation_string":"University of Texas at Arlington [Arlington] (701 S Nedderman Dr, Arlington, TX 76019 - United States)","institution_ids":["https://openalex.org/I189196454"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035259205","display_name":"Jianmin Fu","orcid":"https://orcid.org/0000-0002-4111-2274"},"institutions":[{"id":"https://openalex.org/I37461747","display_name":"Wuhan University","ror":"https://ror.org/033vjfk17","country_code":"CN","type":"education","lineage":["https://openalex.org/I37461747"]},{"id":"https://openalex.org/I4210121573","display_name":"Wuchang University of Technology","ror":"https://ror.org/02mqsna37","country_code":"CN","type":"education","lineage":["https://openalex.org/I4210121573"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jianmin Fu","raw_affiliation_strings":["Wuhan University, Wuhan , China","Wuhan University [China] (Wuchang, Wuhan, Hubei, China, 430072 - China)"],"affiliations":[{"raw_affiliation_string":"Wuhan University, Wuhan , China","institution_ids":["https://openalex.org/I37461747"]},{"raw_affiliation_string":"Wuhan University [China] (Wuchang, Wuhan, Hubei, China, 430072 - China)","institution_ids":["https://openalex.org/I4210121573","https://openalex.org/I37461747"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5076621366","display_name":"Guojun Peng","orcid":"https://orcid.org/0000-0001-5731-8958"},"institutions":[{"id":"https://openalex.org/I37461747","display_name":"Wuhan University","ror":"https://ror.org/033vjfk17","country_code":"CN","type":"education","lineage":["https://openalex.org/I37461747"]},{"id":"https://openalex.org/I4210121573","display_name":"Wuchang University of Technology","ror":"https://ror.org/02mqsna37","country_code":"CN","type":"education","lineage":["https://openalex.org/I4210121573"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Guojun Peng","raw_affiliation_strings":["Wuhan University, Wuhan, China","Wuhan University [China] (Wuchang, Wuhan, Hubei, China, 430072 - China)"],"affiliations":[{"raw_affiliation_string":"Wuhan University, Wuhan, China","institution_ids":["https://openalex.org/I37461747"]},{"raw_affiliation_string":"Wuhan University [China] (Wuchang, Wuhan, Hubei, China, 430072 - China)","institution_ids":["https://openalex.org/I4210121573","https://openalex.org/I37461747"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100443178","display_name":"Ting Chen","orcid":"https://orcid.org/0000-0001-9165-8331"},"institutions":[{"id":"https://openalex.org/I150229711","display_name":"University of Electronic Science and Technology of China","ror":"https://ror.org/04qr3zq92","country_code":"CN","type":"education","lineage":["https://openalex.org/I150229711"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ting Chen","raw_affiliation_strings":["University of Electronic Science and Technology of China, Chengdu, China","UESTC - University of Electronic Science and Technology of China [Chengdu] (4 Jianshe North Rd 2nd Section, Chenghua, Chengdu, Sichuan, Chine, 610051 - China)"],"affiliations":[{"raw_affiliation_string":"University of Electronic Science and Technology of China, Chengdu, China","institution_ids":["https://openalex.org/I150229711"]},{"raw_affiliation_string":"UESTC - University of Electronic Science and Technology of China [Chengdu] (4 Jianshe North Rd 2nd Section, Chenghua, Chengdu, Sichuan, Chine, 610051 - China)","institution_ids":["https://openalex.org/I150229711"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100780268","display_name":"Xiaosong Zhang","orcid":"https://orcid.org/0000-0001-9886-1412"},"institutions":[{"id":"https://openalex.org/I150229711","display_name":"University of Electronic Science and Technology of China","ror":"https://ror.org/04qr3zq92","country_code":"CN","type":"education","lineage":["https://openalex.org/I150229711"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xiaosong Zhang","raw_affiliation_strings":["University of Electronic Science and Technology of China, Chengdu, China","UESTC - University of Electronic Science and Technology of China [Chengdu] (4 Jianshe North Rd 2nd Section, Chenghua, Chengdu, Sichuan, Chine, 610051 - China)"],"affiliations":[{"raw_affiliation_string":"University of Electronic Science and Technology of China, Chengdu, China","institution_ids":["https://openalex.org/I150229711"]},{"raw_affiliation_string":"UESTC - University of Electronic Science and Technology of China [Chengdu] (4 Jianshe North Rd 2nd Section, Chenghua, Chengdu, Sichuan, Chine, 610051 - China)","institution_ids":["https://openalex.org/I150229711"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5106028817","display_name":"Jean-Yves Marion","orcid":"https://orcid.org/0009-0002-8262-3887"},"institutions":[{"id":"https://openalex.org/I90183372","display_name":"Universit\u00e9 de Lorraine","ror":"https://ror.org/04vfs2w97","country_code":"FR","type":"education","lineage":["https://openalex.org/I90183372"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Jean-Yves Marion","raw_affiliation_strings":["Universit\u00e9 de Lorraine, Nancy, France"],"affiliations":[{"raw_affiliation_string":"Universit\u00e9 de Lorraine, Nancy, France","institution_ids":["https://openalex.org/I90183372"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5073257664"],"corresponding_institution_ids":["https://openalex.org/I37461747","https://openalex.org/I4210121573","https://openalex.org/I4210165606","https://openalex.org/I75900474"],"apc_list":null,"apc_paid":null,"fwci":3.9832,"has_fulltext":false,"cited_by_count":56,"citation_normalized_percentile":{"value":0.94780453,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"395","last_page":"411"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.996399998664856,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/unpacking","display_name":"Unpacking","score":0.983795702457428},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.9013566970825195},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8158972263336182},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.8000576496124268},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.6412255764007568},{"id":"https://openalex.org/keywords/cryptovirology","display_name":"Cryptovirology","score":0.5944567918777466},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.5430024266242981},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.5036010146141052},{"id":"https://openalex.org/keywords/payload","display_name":"Payload (computing)","score":0.4484736919403076},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.43772023916244507},{"id":"https://openalex.org/keywords/table","display_name":"Table (database)","score":0.4182928502559662},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.37780672311782837},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.36913472414016724},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.26004838943481445},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.18662241101264954}],"concepts":[{"id":"https://openalex.org/C2777256151","wikidata":"https://www.wikidata.org/wiki/Q7897273","display_name":"Unpacking","level":2,"score":0.983795702457428},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.9013566970825195},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8158972263336182},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.8000576496124268},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.6412255764007568},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.5944567918777466},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.5430024266242981},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.5036010146141052},{"id":"https://openalex.org/C134066672","wikidata":"https://www.wikidata.org/wiki/Q1424639","display_name":"Payload (computing)","level":3,"score":0.4484736919403076},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.43772023916244507},{"id":"https://openalex.org/C45235069","wikidata":"https://www.wikidata.org/wiki/Q278425","display_name":"Table (database)","level":2,"score":0.4182928502559662},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.37780672311782837},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.36913472414016724},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.26004838943481445},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.18662241101264954},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/3243734.3243771","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3243734.3243771","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:HAL:hal-02613431v1","is_oa":false,"landing_page_url":"https://hal.archives-ouvertes.fr/hal-02613431","pdf_url":null,"source":{"id":"https://openalex.org/S4306402512","display_name":"HAL (Le Centre pour la Communication Scientifique Directe)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1294671590","host_organization_name":"Centre National de la Recherche Scientifique","host_organization_lineage":["https://openalex.org/I1294671590"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"CCS '18: 2018 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"info:eu-repo/semantics/conferenceObject"},{"id":"pmh:oai:HAL:hal-03167513v1","is_oa":false,"landing_page_url":"https://hal.science/hal-03167513","pdf_url":null,"source":{"id":"https://openalex.org/S4306402512","display_name":"HAL (Le Centre pour la Communication Scientifique Directe)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1294671590","host_organization_name":"Centre National de la Recherche Scientifique","host_organization_lineage":["https://openalex.org/I1294671590"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"CCS '18: 2018 ACM SIGSAC Conference on Computer and Communications Security, Oct 2018, Toronto, Canada. pp.395-411, ⟨10.1145/3243734.3243771⟩","raw_type":"Conference papers"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320309536","display_name":"University of Texas System","ror":"https://ror.org/01gek1696"},{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320322186","display_name":"Natural Science Foundation of Hubei Province","ror":null},{"id":"https://openalex.org/F4320335777","display_name":"National Key Research and Development Program of China","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":64,"referenced_works":["https://openalex.org/W62185554","https://openalex.org/W108297441","https://openalex.org/W165688198","https://openalex.org/W172558989","https://openalex.org/W1497229971","https://openalex.org/W1504130524","https://openalex.org/W1508225132","https://openalex.org/W1529311848","https://openalex.org/W1538186256","https://openalex.org/W1540198462","https://openalex.org/W1548500763","https://openalex.org/W1564075167","https://openalex.org/W1575185166","https://openalex.org/W1604459715","https://openalex.org/W1765558482","https://openalex.org/W1831259860","https://openalex.org/W1892063863","https://openalex.org/W1910686388","https://openalex.org/W1981033991","https://openalex.org/W1984182242","https://openalex.org/W1984999133","https://openalex.org/W2001773409","https://openalex.org/W2010203757","https://openalex.org/W2010910232","https://openalex.org/W2012737144","https://openalex.org/W2046185165","https://openalex.org/W2052854541","https://openalex.org/W2068211976","https://openalex.org/W2095476337","https://openalex.org/W2096921767","https://openalex.org/W2098492867","https://openalex.org/W2100002952","https://openalex.org/W2107576540","https://openalex.org/W2111038628","https://openalex.org/W2126734536","https://openalex.org/W2128389850","https://openalex.org/W2134633067","https://openalex.org/W2140807364","https://openalex.org/W2143421017","https://openalex.org/W2150423842","https://openalex.org/W2151300580","https://openalex.org/W2159702664","https://openalex.org/W2159928814","https://openalex.org/W2171035369","https://openalex.org/W2246375780","https://openalex.org/W2401272485","https://openalex.org/W2409663758","https://openalex.org/W2433584005","https://openalex.org/W2505676064","https://openalex.org/W2518004374","https://openalex.org/W2566565745","https://openalex.org/W2596953812","https://openalex.org/W2601591992","https://openalex.org/W2602912125","https://openalex.org/W2620895032","https://openalex.org/W2620946705","https://openalex.org/W2752559890","https://openalex.org/W2762226429","https://openalex.org/W2766957939","https://openalex.org/W2783112941","https://openalex.org/W2794801050","https://openalex.org/W2900962383","https://openalex.org/W3109497260","https://openalex.org/W4239813889"],"related_works":["https://openalex.org/W4296272594","https://openalex.org/W2469507153","https://openalex.org/W4360993664","https://openalex.org/W2008790809","https://openalex.org/W2465235098","https://openalex.org/W2470029541","https://openalex.org/W2768892939","https://openalex.org/W2470502009","https://openalex.org/W2167003418","https://openalex.org/W2900526031"],"abstract_inverted_index":{"Binary":[0],"packing,":[1],"encoding":[2],"binary":[3,54,105],"code":[4,33,177],"prior":[5,66],"to":[6,23,60,97,135,209,218,308],"execution":[7],"and":[8,75,163,237,278],"decoding":[9],"them":[10],"at":[11,132],"run":[12],"time,":[13],"is":[14,92,155,188,230,285],"the":[15,31,45,48,65,71,86,103,115,199,219],"most":[16,28],"common":[17,137],"obfuscation":[18],"adopted":[19],"by":[20,34,158],"malware":[21,91,130,183,277,312],"authors":[22],"camouflage":[24],"malicious":[25],"code.":[26],"Especially,":[27],"packers":[29,112,131,159],"recover":[30],"original":[32,176,200],"going":[35],"through":[36,190],"a":[37,94,109,136,147,168,181,193,247,260],"set":[38],"of":[39,47,68,77,118,128,249,290,296],"\"written-then-executed\"":[40,226],"layers,":[41,228],"which":[42,144],"renders":[43],"determining":[44],"end":[46],"unpacking":[49,55,106,165,213,227],"increasingly":[50],"difficult.":[51],"Many":[52],"generic":[53],"approaches":[56],"have":[57,80,267],"been":[58,203],"proposed":[59],"extract":[61],"packed":[62,90,182,276],"binaries":[63],"without":[64],"knowledge":[67],"packers.":[69],"However,":[70],"high":[72],"runtime":[73,243],"overhead":[74],"lack":[76],"anti-analysis":[78],"resistance":[79],"severely":[81],"limited":[82],"their":[83],"adoptions.":[84],"Over":[85],"past":[87],"two":[88],"decades,":[89],"always":[93],"veritable":[95],"challenge":[96],"anti-malware":[98],"landscape.":[99],"This":[100,205],"paper":[101],"revisits":[102],"long-standing":[104],"problem":[107],"from":[108,224,232],"new":[110],"angle:":[111],"consistently":[113],"obfuscate":[114],"standard":[116],"use":[117],"API":[119,153,187,256],"calls.":[120],"Our":[121,300],"in-depth":[122],"study":[123,301],"on":[124],"an":[125,186,211],"enormous":[126],"variety":[127,248],"Windows":[129,280],"present":[133],"leads":[134],"property:":[138],"malware's":[139],"Import":[140],"Address":[141],"Table":[142],"(IAT),":[143],"acts":[145],"as":[146],"lookup":[148],"table":[149],"for":[150,160],"dynamically":[151],"linked":[152],"calls,":[154],"typically":[156],"erased":[157],"further":[161],"obfuscation;":[162],"then":[164],"routine,":[166],"like":[167],"custom":[169],"dynamic":[170],"loader,":[171],"will":[172],"reconstruct":[173],"IAT":[174],"before":[175],"resumes":[178],"execution.":[179],"During":[180],"execution,":[184],"if":[185],"invoked":[189],"looking":[191],"up":[192,310],"rebuilt":[194],"IAT,":[195],"it":[196,239],"indicates":[197],"that":[198,222,289,303],"payload":[201],"has":[202],"restored.":[204],"insight":[206],"motivates":[207],"us":[208],"design":[210,254],"efficient":[212],"approach,":[214],"called":[215],"BinUnpack.":[216],"Compared":[217],"previous":[220],"methods":[221],"suffer":[223],"multiple":[225,279],"BinUnpack":[229,304],"free":[231],"tedious":[233],"memory":[234],"access":[235],"monitoring,":[236],"therefore":[238],"introduces":[240],"very":[241],"small":[242],"overhead.":[244],"To":[245],"defeat":[246],"ever-evolving":[250],"evasion":[251],"tricks,":[252],"we":[253],"BinUnpack's":[255,269,282],"monitor":[257],"module":[258],"via":[259],"novel":[261],"kernel-level":[262],"DLL":[263],"hijacking":[264],"technique.":[265],"We":[266],"evaluated":[268],"efficacy":[270],"extensively":[271],"with":[272,293],"more":[273],"than":[274,288],"238K":[275],"utilities.":[281],"success":[283],"rate":[284],"significantly":[286],"better":[287],"existing":[291],"tools":[292],"several":[294],"orders":[295],"magnitude":[297],"performance":[298],"boost.":[299],"demonstrates":[302],"can":[305],"be":[306],"applied":[307],"speeding":[309],"large-scale":[311],"analysis.":[313]},"counts_by_year":[{"year":2025,"cited_by_count":7},{"year":2024,"cited_by_count":7},{"year":2023,"cited_by_count":11},{"year":2022,"cited_by_count":7},{"year":2021,"cited_by_count":11},{"year":2020,"cited_by_count":7},{"year":2019,"cited_by_count":6}],"updated_date":"2026-03-25T14:56:36.534964","created_date":"2018-09-27T00:00:00"}