, Par exemple, notre système de collecte de traces n'est actuellement pas capable de prendre en compte l'activité réseaù a partir de la couche session du modèle OSI. Demanì ere similaire, notre programme d'abstraction n'est pas en mesure d'identifier des noms générés demanì ere aléatoire. Comme mentionné dans
, obtenir les profils comportementaux de codes malveillants pour la constitution de la base de détection. L'emploi d'un environnement dédié permet d'obtenir la couverture comportementale la pluscompì ete possible d'un programme. Pour cela, plusieurs outils ont déjàdéjàété proposés pour l'aidè a l'analyse dynamique de codes malveillants (voir annexe C)
, A défaut d'une telle architecture d'analyse multi-chemins, l'ajout d'une plateforme de collecte comme Nepenthes [5], Amun [71] ou encore HoneyClients [177] offrant des services fictifs vulnérables permettrait d'augmenter l'activité des codes malveillants observés. Des environnements complets d'analyse peuvent aussi convenir après conversion des rapports obtenus en profils compatibles avec notre approche, Parmi ces outils les principaux sont Anubis [11], CWSandbox [183] tous les cas, les profils obtenusàobtenusà partir de codes malveillants doiventêtredoiventêtre les plus discriminants possibles par rap- Va-t-en, chétif Insecte, excrément de la terre. C'est en ces mots que le Lion Parlait un jour au Moucheron. L'autre lui déclara la guerre
, lui dit-il, que ton titre de Roi Me fasse peur ni me soucie ?
, Je le m` enè a ma fantaisie A peine il achevait ces mots Que lui-même il sonna la charge, Fut le Trompette et le Héros. Dans l'abord il se met au large, Puis prend son temps
, il n'est griffe ni dent en la bête irritée
, Fait résonner sa queuè a l'entour de ses flancs, Bat l'air qui n'en peut mais, et sa fureur extrême Le fatigue, l'abat ; levoiì a sur les dents. L'Insecte du combat se retire avec gloire
, An Abstract Theory of Computer Viruses, Advances in Cryptology?CRYPTO'88, pp.354-374, 1990.
, Measuring similarity of malware behavior, 2009 IEEE 34th Conference on Local Computer Networks, pp.891-898, 2009.
DOI : 10.1109/LCN.2009.5355037
, A Method for Watermarking Java Programs via Opaque Predicates, The Fifth International Conference on Electronic Commerce Research (ICECR-5), 2002.
, The Nepenthes Platform: An Efficient Approach to Collect Malware, Recent Advances in Intrusion Detection, pp.165-184, 2006.
DOI : 10.1007/11856214_9
, The computation of ? to 29,360,000 decimal digits using Borweins' quartically convergent algorithm, Mathematics of Computation, vol.50, issue.181, pp.283-296, 1988.
, Automated Classification and Analysis of Internet Malware, Proceedings of the 10th international conference on Recent advances in intrusion detection, pp.178-197, 2007.
DOI : 10.1007/978-3-540-74320-0_10
, On the (Im)possibility of Obfuscating Programs, Advances in Cryptology?Crypto 2001, pp.1-18, 2001.
, Xen and the art of virtualization, Proceedings of the nineteenth ACM symposium on Operating systems principles, p.177, 2003.
, Scalable , Behavior-Based Malware Clustering, Network and Distributed System Security Symposium (NDSS), 2009.
, TTAnalyze: A tool for analyzing malware, 15th Annual Conference of the European Institute for Computer Antivirus Research (EICAR), 2006.
, Advanced Polymorphic Techniques, International Journal of Computer Science, vol.2, issue.3, pp.194-205, 2007.
, On the possibility of practically obfuscating programs towards a unified perspective of code protection, Journal in Computer Virology, vol.51, issue.8, pp.3-21, 2007.
DOI : 10.1007/s11416-006-0029-6
URL : https://hal.archives-ouvertes.fr/inria-00338074
, QEMU, a Fast and Portable Dynamic Translator, Proceedings of the 2005 USENIX Annual Technical Conference, 2005.
, Information distance, IEEE Transactions on Information Theory, vol.44, issue.4, pp.1407-1423, 1998.
DOI : 10.1109/18.681318
, Solving the Problems of Context Modeling, 1996.
, Architecture of a morphological malware detector, Journal in Computer Virology, vol.0, issue.4, pp.263-270, 2009.
DOI : 10.1007/s11416-008-0102-4
URL : https://hal.archives-ouvertes.fr/inria-00330022
, Code obfuscation techniques for metamorphic viruses, Journal in Computer Virology, vol.49, issue.1, pp.211-220, 2008.
DOI : 10.1007/s11416-008-0084-2
URL : https://hal.archives-ouvertes.fr/hal-00353061
, The changing face of malware, Network Security, vol.2008, issue.1, pp.17-20, 2008.
DOI : 10.1016/S1353-4858(08)70010-2
, Detecting Self-mutating Malware Using Control-Flow Graph Matching, Detection of Intrusions and Malware & Vulnerability Assessment, 2006.
DOI : 10.1007/11790754_8
, Code Normalization for Self-Mutating Malware, IEEE Security and Privacy Magazine, vol.5, issue.2, pp.46-54, 2007.
DOI : 10.1109/MSP.2007.31
, Extending joebox-a scriptable malware analysis system, 2008.
, Essays on Cellular Automata, 1970.
, A block-sorting lossless data compression algorithm, System Research Center of Digital Equipement Corporation, 1994.
, Towards realizing random oracles: Hash functions that hide all partial information, Advances in Cryptology-CRYPTO'97: 17th Annual International Cryptology Conference Proceedings, p.455, 1997.
DOI : 10.1007/BFb0052255
, Common pitfalls using the normalized compression distance: What to watch out for in a compressor, Communications in Information and Systems, vol.5, issue.4, pp.367-384, 2005.
, Worm epidemics in high-speed networks, Computer, vol.37, issue.6, pp.48-53, 2004.
DOI : 10.1109/MC.2004.36
, Shared Information and Program Plagiarism Detection. Information Theory, IEEE Transactions on, vol.50, issue.7, pp.1545-1551, 2004.
, Three models for the description of language. Information Theory, IRE Transactions ond, vol.2, issue.3, pp.113-124, 1956.
, On certain formal properties of grammars, Information and Control, vol.2, issue.2, pp.137-167, 1959.
DOI : 10.1016/S0019-9958(59)90362-6
, Using engine signature to detect metamorphic malware, Proceedings of the 4th ACM workshop on Recurring malcode , WORM '06, p.78, 2006.
DOI : 10.1145/1179542.1179558
, An Approach to the Obfuscation of Control-Flow of Sequential Computer Programs, Information Security, vol.2200, pp.144-155, 2001.
DOI : 10.1007/3-540-45439-X_10
, Static Analysis of Executables to Detect Malicious Patterns, Proceedings of the 12th conference on USENIX Security Symposium, 2003.
, Testing Malware Detectors, Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis, 2004.
, Semantics-Aware Malware Detection, 2005 IEEE Symposium on Security and Privacy (S&P'05), pp.32-46, 2005.
DOI : 10.1109/SP.2005.20
, Reverse Compilation Techniques, 1994.
, Decompilation of binary programs Software: Practice and Experience The CompLearn toolkit, Disponiblè a l'URL suivante, pp.811-829, 1995.
, Algorithmic Clustering of Music Based on String Compression, Computer Music Journal, vol.4, issue.4, pp.49-67, 2004.
DOI : 10.1109/TSA.2002.800560
, Clustering by Compression, IEEE Transactions on Information Theory, vol.51, issue.4, pp.1523-1545, 2005.
DOI : 10.1109/TIT.2005.844059
, Model Checking, 1999.
, Computer viruses, Computers & Security, vol.6, issue.1, 1986.
DOI : 10.1016/0167-4048(87)90122-2
, A Taxonomy of Obfuscating Transformations, 1997.
, Breaking abstractions and unstructuring data structures, Proceedings of the 1998 International Conference on Computer Languages (Cat. No.98CB36225), 1998.
DOI : 10.1109/ICCL.1998.674154
, Manufacturing cheap, resilient, and stealthy opaque constructs, Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages , POPL '98, pp.184-196, 1998.
DOI : 10.1145/268946.268962
, Watermarking, tamper-proofing, and obfuscation - tools for software protection, IEEE Transactions on Software Engineering, vol.28, issue.8, pp.735-746, 2002.
DOI : 10.1109/TSE.2002.1027797
, Disponiblè a l'URL suivante, Tree Automata Techniques and Applications, 2007.
, Temporal search, ACM SIGARCH Computer Architecture News, vol.34, issue.5, pp.25-36, 2006.
DOI : 10.1145/1168919.1168862
, Detecting (and creating !) a HVM rootkit (aka BluePill-like), Journal in Computer Virology, vol.7, issue.1, pp.1-27, 2009.
DOI : 10.1007/s11416-009-0130-8
, New directions in cryptography, IEEE Transactions on Information Theory, vol.22, issue.6, pp.644-654, 1976.
DOI : 10.1109/TIT.1976.1055638
, Ether, Proceedings of the 15th ACM conference on Computer and communications security, CCS '08, pp.51-62, 2008.
DOI : 10.1145/1455770.1455779
, Metamorphism in practice, 29A Magazine, vol.1, issue.6, 2002.
, Dynamic Spyware Analysis, USENIX Annual Technical Conference, pp.233-246, 2007.
, A survey on automated dynamic malware-analysis techniques and tools, ACM Computing Surveys, vol.44, issue.2, 2011.
DOI : 10.1145/2089125.2089126
, ROC Graphs: Notes and Practical Considerations for Researchers, Machine Learning, pp.1-38, 2004.
, Un combate con el Kernado, Virus bulletin, pp.8-9, 2002.
, Attacks on More Virtual Machine Emulators [60] P. Ferrie and T. Lee. W32.mydoom.a@mm Disponiblè a l'URL suivante : http://www.symantec.com/security_ response/writeup.jsp?, pp.2004-012612, 2004.
, How To Prove Yourself: Practical Solutions to Identification and Signature Problems, CRYPTO, pp.186-194, 1986.
DOI : 10.1007/3-540-47721-7_12
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.13.8796
, Techniques virales avancées, 2007.
, Evaluation methodology and theoretical model for antiviral behavioural detection strategies, Journal in Computer Virology, vol.34, issue.3, pp.23-37, 2007.
DOI : 10.1007/s11416-006-0026-9
, The VFLIB graph matching library, version 2, 2001.
, Synthesizing Near-Optimal Malware Specifications from Suspicious Behaviors, 2010 IEEE Symposium on Security and Privacy, pp.45-60, 2010.
DOI : 10.1109/SP.2010.11
, Dynamic Optimization of IA-32 Applications Under Dyna- moRIO
, Comparative analysis of various ransomware virii, Journal in Computer Virology, vol.6, issue.1, pp.77-90, 2010.
DOI : 10.1007/s11416-008-0092-2
, Software Engineering with OBJ: Algebraic Specification in Action, 2000.
DOI : 10.1007/978-1-4757-6541-0
, Survey of virtual machine research, Computer, vol.7, issue.6, pp.34-35, 1974.
DOI : 10.1109/MC.1974.6323581
, On the Impossibility of Obfuscation with Auxiliary Input, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05), pp.553-562, 2005.
DOI : 10.1109/SFCS.2005.60
, On Best-Possible Obfuscation. Theory of Cryptography, pp.194-213, 2007.
, Peerto-peer botnets: Overview and case study, Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets. USENIX Association, 2007.
, Van Wijngaarden grammars, metamorphism and K-ary malwares, 2010.
, A Study of the Packer Problem and Its Solutions, Recent Advances in Intrusion Detection, pp.98-115
DOI : 10.1007/978-3-540-87403-4_6
, Unsolved problems in number theory, 2004.
, Elements of Software Science, 1977.
, Virus: définitions, mécanismes et antidotes (Systèmes et réseaux Coll. Référence), 2002.
, Flow Analysis of Computer Programs, 1977.
, Precise flow-insensitive may-alias analysis is NP-hard, ACM Transactions on Programming Languages and Systems, vol.19, issue.1, pp.1-6, 1997.
DOI : 10.1145/239912.239913
, A method for the construction of minimum-redundancy codes, Proceedings of the IRE, pp.1098-1101, 1952.
, Behavioral detection of malware: from a survey towards an established taxonomy, Journal in Computer Virology, vol.3548, issue.3, pp.251-266, 2008.
DOI : 10.1007/s11416-008-0086-0
, Malware Behavioral Detection by Attribute-Automata Using Abstraction from Platform and Language, Recent Advances in Intrusion Detection, pp.81-100, 2009.
DOI : 10.1007/978-3-642-04342-0_5
, Functional polymorphic engines: formalisation, implementation and use cases, Journal in Computer Virology, vol.2, issue.2, pp.247-261, 2009.
DOI : 10.1007/s11416-008-0095-z
, Computability and Complexity from a Programming Perspective, 1997.
DOI : 10.1007/978-94-010-0413-8_4
, Renovo, Proceedings of the 2007 ACM workshop on Recurring malcode, WORM '07, pp.46-53, 2007.
DOI : 10.1145/1314389.1314399
, Reducibility Among Combinatorial Problems, 50 Years of Integer Programming, pp.219-241, 1958.
DOI : 10.1007/978-3-540-68279-0_8
, DarkParanoid-Who Me? Virus bulletin, pp.8-9, 1998.
, Detecting Malicious Code by Model Checking. Intrusion and Malware Detection and Vulnerability Assessment, pp.174-187, 2005.
DOI : 10.1007/11506881_11
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.131.7354
, Behavior-based spyware detection, Proceedings of the 15th USENIX Security Symposium, 2006.
, On notation for ordinal numbers, The Journal of Symbolic Logic, vol.28, issue.04, pp.150-155, 1938.
DOI : 10.1215/S0012-7094-36-00227-2
, Semantics of context-free grammars [98] R. Kohavi. A study of cross-validation and bootstrap for accuracy estimation and model selection, Theory of Computing Systems International joint Conference on artificial intelligence, pp.127-145, 1968.
, Effective and Efficient Malware Detection at the End Host, 18th Usenix Security Symposium, 2009.
, Three approaches to the definition of the concept " quantity of information, Problemy Peredachi Informatsii, vol.1, issue.1, pp.3-11, 1965.
, Pattern matching for clone and concept detection, Automated Software Engineering, vol.20, issue.No.6, pp.77-108, 1996.
DOI : 10.1007/BF00126960
, Selbstreproduktion bei Programmen Master's thesis, 1980.
, On self-reproducing computer programs, Journal in Computer Virology, vol.5, pp.9-87, 2009.
, Polymorphic Worm Detection Using Structural Information of Executables, Recent Advances in Intrusion Detection, pp.207-226, 2006.
DOI : 10.1007/11663812_11
, The Hungarian method for the assignment problem, Naval Research Logistics Quarterly, vol.3, issue.1-2, pp.83-97, 1955.
DOI : 10.1002/nav.3800020109
, Are metamorphic viruses really invincible ?, Virus Bulletin, pp.5-7, 2004.
, Undecidability of static analysis, ACM Letters on Programming Languages and Systems, vol.1, issue.4, p.337, 1992.
DOI : 10.1145/161494.161501
, Bochs: A portable pc emulator for unix/x, Linux Journal, issue.29es, p.7, 1996.
, Behavioral classification, European Institute for Computer Antivirus Research Conference (EICAR), 2006.
, The New Front Line: Estonia under Cyberassault, IEEE Security & Privacy Magazine, vol.5, issue.4, pp.76-79, 2007.
DOI : 10.1109/MSP.2007.98
, An information-based sequence distance and its application to whole mitochondrial genome phylogeny, Bioinformatics, vol.17, issue.2, p.149, 2001.
DOI : 10.1093/bioinformatics/17.2.149
, The Similarity Metric, IEEE Transactions on Information Theory, vol.50, issue.12, pp.3250-3264, 2004.
DOI : 10.1109/TIT.2004.838101
, An introduction to Kolmogorov complexity and its applications, 2008.
, Hunting for undetectable metamorphic viruses, Journal in Computer Virology, vol.5, issue.3, 2011.
DOI : 10.1007/s11416-010-0148-y
, Obfuscation of executable code to improve resistance to static disassembly, Proceedings of the 10th ACM conference on Computer and communication security , CCS '03, pp.290-299, 2003.
DOI : 10.1145/948109.948149
, Dictionnaire de la langue française: Supplément. Hachette, p.1886
, Java Control Flow Obfuscation Master's thesis, 1998.
, Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation, Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation, pp.190-200, 2005.
, Positive Results and Techniques for Obfuscationarboit, Advances in Cryptology-EUROCRYPT 2004, pp.20-39, 2004.
DOI : 10.1007/978-3-540-24676-3_2
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.103.4569
, DIOTA: Dynamic instrumentation , optimization and transformation of applications, Compendium of Workshops and Tutorials Held in conjunction with Intl. Conf. on Parallel Architectures and Compilation Techniques, 2002.
, OmniUnpack: Fast, Generic, and Safe Unpacking of Malware, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007), pp.431-441, 2007.
DOI : 10.1109/ACSAC.2007.15
, A Complexity Measure, IEEE Transactions on Software Engineering, vol.2, issue.4, pp.308-320, 1976.
DOI : 10.1109/TSE.1976.233837
, Inside the slammer worm, Intelligence Report IEEE Security & Privacy, vol.8, issue.14, pp.33-39, 2003.
, The Economics of Online Crime, Journal of Economic Perspectives, vol.23, issue.3, pp.3-20, 2009.
DOI : 10.1257/jep.23.3.3
, Exploring Multiple Execution Paths for Malware Analysis, 2007 IEEE Symposium on Security and Privacy (SP '07), pp.231-245, 2007.
DOI : 10.1109/SP.2007.17
, A Crawler-based Study of Spyware on the Web, Proceedings of the 2006 Network and Distributed System Security Symposium, pp.17-33, 2006.
, Measurement of data structure complexity, Journal of Systems and Software, vol.20, issue.3, pp.217-225, 1993.
, Valgrind, Electronic Notes in Theoretical Computer Science, vol.89, issue.2, pp.44-66, 2003.
DOI : 10.1016/S1571-0661(04)81042-9
URL : http://doi.org/10.1016/s1571-0661(04)81042-9
, Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software, Proceedings of the Network and Distributed System Security Symposium (NDSS 2005), 2005.
, Disponiblè a l'URL suivante, 2003.
, Software Obfuscation on a Theoretical Basis and Its Implementation, IEICE TRANSACTIONS on Fundamentals of Electronics Communications and Computer Sciences, vol.86, issue.1, pp.176-186, 2003.
, Control flow, data flow, and program complexity, IEEE COMPSAC, pp.146-152, 1980.
, Computational complexity, 2003.
, Recursive Unsolvability of a problem of Thue, The Journal of Symbolic Logic, vol.1, issue.01, pp.1-11, 1947.
DOI : 10.1090/S0002-9904-1944-08111-1
, Modelling metamorphism by abstract interpretation, Proceedings of the 17th international conference on Static analysis, pp.218-235, 2010.
, A Semantics-Based Approach to Malware Detection, ACM Transactions on Programming Languages and Systems (TOPLAS), vol.30, issue.5, p.25, 2008.
, Polymorphism and grammars Disponiblè a l'URL suivante : http://www.29a.net, 29A E-zine, pp.29-33, 1999.
, A Tutorial on Hidden Markov Models and Selected Applications in Speech Recognition, Proceedings of the IEEE, pp.257-286, 1989.
, The undecidability of aliasing, ACM Transactions on Programming Languages and Systems, vol.16, issue.5, pp.1467-1471, 1994.
DOI : 10.1145/186025.186041
, Classes of recursively enumerable sets and their decision problems . Transactions of the, pp.358-366, 1953.
, Learning and classification of malware behavior. Detection of Intrusions and Malware, and Vulnerability Assessment, pp.108-125, 2008.
, Environmental Key Generation Towards Clueless Agents, Mobile Agents and Security, pp.15-24, 1998.
DOI : 10.1007/3-540-68671-1_2
, On data banks and privacy homomorphisms, Foundations of secure computation (Workshop Georgia Institute of Technologie), pp.169-179, 1978.
, Theory of recursive functions and effective computability, 1987.
, PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06), pp.289-300, 2006.
DOI : 10.1109/ACSAC.2006.38
, Windows Sysinternals DisponiblèDisponiblè a l'URL suivante : http://download.sysinternals.com/Files, 2008.
, Disassembly of executable code revisited, Ninth Working Conference on Reverse Engineering, 2002. Proceedings., pp.45-54, 2002.
DOI : 10.1109/WCRE.2002.1173063
, PE-Miner: Mining Structural Information to Detect Malicious Executables in Realtime, Recent Advances in Intrusion Detection, pp.121-141, 2009.
DOI : 10.1007/978-3-642-04342-0_7
, A mathematical theory of communication, ACM SIGMO- BILE Mobile Computing and Communications Review, vol.5, issue.1, p.55, 2001.
, Static verification of worm and virus behavior in binary executables using model checking, IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, 2003., 2003.
DOI : 10.1109/SMCSIA.2003.1232440
, Existence of a Van Wijngaarden syntax for every recursively enumerable set, pp.115-118, 1967.
, The internet worm incident, 2nd European Software Engineering Conference, pp.446-468, 1989.
DOI : 10.1007/3-540-51635-2_54
, Reliable identification of bounded-length viruses is NP-complete, IEEE Transactions on Information Theory, vol.49, issue.1, pp.280-284, 2003.
DOI : 10.1109/TIT.2002.806137
, The Art of Computer Virus Research and Defense, 2005.
, Hunting for metamorphic, Virus Bulletin, 2001.
, Specification-Driven Dynamic Binary Translation, 2004.
, On computable numbers, with an application to the Entscheidungsproblem, Proceedings of the London Mathematical Society, p.230, 1937.
, The Generative Power of Two-Level Grammars, Proceedings of the 2nd Colloquim on Automata Languages and Programming, pp.9-16, 1974.
DOI : 10.1007/978-3-662-21545-6_1
, Sakthi: A retargetable dynamic framework for binary instrumentation, Hawaii International Conference in Computer Sciences, 2004.
, Stealth Breakpoints, 21st Annual Computer Security Applications Conference (ACSAC'05), p.10, 2005.
DOI : 10.1109/CSAC.2005.52
, Cobra: fine-grained malware analysis using stealth localized-executions, 2006 IEEE Symposium on Security and Privacy (S&P'06), 2006.
DOI : 10.1109/SP.2006.9
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.104.344
, Spike: engineering malware analysis tools using unobtrusive binary-instrumentation, Proceedings of the 29th Australian Computer Science Conference, pp.311-320, 2006.
, Cipher printing telegraph systems for secret wire and radio telegraphic communications, J. American Inst. Transactions of the American Institute of Electrical Engineers, vol.55, pp.109-115, 1926.
, The general and logical theory of automata, Cerebral Mechanisms in Behavior: The Hixon Symposium, pp.1-41, 1951.
, Theory of self-reproducing automata, 1966.
, Is ? normal ? The Math Intelligencer, pp.65-67, 1985.
, The Design Space of Metamorphic Malware, ICIW 2007 2nd International Conference on i-Warfare and Security, p.241, 2007.
, Normalizing Metamorphic Malware Using Term Rewriting, 2006 Sixth IEEE International Workshop on Source Code Analysis and Manipulation, pp.75-84, 2006.
DOI : 10.1109/SCAM.2006.20
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.387.4899
, Protection of Software-based Survivability Mechanisms, IEEE Computer Society, 2003.
, Software tamper resistance: Obstructing static analysis of programs, Tech. Rep. CS, 2000.
, Using HoneyClients to Detect New Attacks, RECON conference, 2005.
, Virtualbox: bits and bytes masquerading as machines, Linux Journal, issue.1661, 2008.
, Detection of metamorphic computer viruses using algebraic specification, Journal in Computer Virology, vol.1, issue.3, pp.149-161, 2006.
DOI : 10.1007/s11416-006-0023-z
, Detection of metamorphic and virtualization-based malware using algebraic specification, Journal in Computer Virology, vol.2, issue.3, pp.221-245, 2009.
DOI : 10.1007/s11416-008-0094-0
, Analyzing worms and network traffic using compression, Journal of Computer Security, vol.15, issue.3, pp.303-320, 2007.
DOI : 10.3233/JCS-2007-15301
URL : http://doi.org/10.3233/jcs-2007-15301
, Program Slicing Toward automated dynamic malware analysis using cwsandbox, Proceedings of the 5th international conference on Software engineering IEEE Symposium on Security and Privacy, pp.439-44907, 1981.
, Hunting for metamorphic engines, Journal in Computer Virology, vol.235, issue.5, pp.211-229, 2006.
DOI : 10.1007/s11416-006-0028-7
, General Method of Program Code Obfuscation, Proceedings of the International Conference on Software Engineering Research and Practice (SERP), pp.153-159, 2002.
, General Method of Program Code Obfuscation, 2002.
, HookFinder: Identifying and understanding malware hooking behaviors, Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08). Citeseer, 2008.
, Panorama, Proceedings of the 14th ACM conference on Computer and communications security , CCS '07, p.127, 2007.
DOI : 10.1145/1315245.1315261
, Code mutation techniques by means of formal grammars and automatons, Journal in Computer Virology, vol.5, issue.3, pp.199-207, 2009.
DOI : 10.1007/s11416-009-0121-9
, MetaAware: Identifying Metamorphic Malware, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007), pp.411-420, 2007.
DOI : 10.1109/ACSAC.2007.9
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.365.3496
, Theory of including degrees and its applications to uncertainty inferences, Soft Computing in Intelligent Systems and Information Processing. Proceedings of the 1996 Asian Fuzzy Systems Symposium, pp.496-501, 1996.
DOI : 10.1109/AFSS.1996.583677
, Obfuscate arrays by homomorphic functions, 2006 IEEE International Conference on Granular Computing, pp.770-773, 2006.
DOI : 10.1109/GRC.2006.1635914
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.302.4273
, A universal algorithm for sequential data compression, IEEE Transactions on Information Theory, vol.23, issue.3, pp.337-343, 1977.
DOI : 10.1109/TIT.1977.1055714
, Code red worm propagation modeling and analysis, Proceedings of the 9th ACM conference on Computer and communications security , CCS '02, pp.138-147, 2002.
DOI : 10.1145/586110.586130
, Some Further Theoretical Results about Computer Viruses, The Computer Journal, vol.47, issue.6, pp.627-633, 2004.
DOI : 10.1093/comjnl/47.6.627
URL : http://comjnl.oxfordjournals.org/cgi/content/short/47/6/627
, On the Time Complexity of Computer Viruses, IEEE Transactions on Information Theory, vol.51, issue.8, pp.2962-2966, 2005.
DOI : 10.1109/TIT.2005.851780