Par exemple, notre système de collecte de traces n'est actuellement pas capable de prendre en compte l'activité réseaù a partir de la couche session du modèle OSI. Demanì ere similaire, notre programme d'abstraction n'est pas en mesure d'identifier des noms générés demanì ere aléatoire. Comme mentionné dans ,
obtenir les profils comportementaux de codes malveillants pour la constitution de la base de détection. L'emploi d'un environnement dédié permet d'obtenir la couverture comportementale la pluscompì ete possible d'un programme. Pour cela, plusieurs outils ont déjàdéjàété proposés pour l'aidè a l'analyse dynamique de codes malveillants (voir annexe C) ,
A défaut d'une telle architecture d'analyse multi-chemins, l'ajout d'une plateforme de collecte comme Nepenthes [5], Amun [71] ou encore HoneyClients [177] offrant des services fictifs vulnérables permettrait d'augmenter l'activité des codes malveillants observés. Des environnements complets d'analyse peuvent aussi convenir après conversion des rapports obtenus en profils compatibles avec notre approche, Parmi ces outils les principaux sont Anubis [11], CWSandbox [183] tous les cas, les profils obtenusàobtenusà partir de codes malveillants doiventêtredoiventêtre les plus discriminants possibles par rap- Va-t-en, chétif Insecte, excrément de la terre. C'est en ces mots que le Lion Parlait un jour au Moucheron. L'autre lui déclara la guerre ,
lui dit-il, que ton titre de Roi Me fasse peur ni me soucie ? ,
Je le m` enè a ma fantaisie A peine il achevait ces mots Que lui-même il sonna la charge, Fut le Trompette et le Héros. Dans l'abord il se met au large, Puis prend son temps ,
il n'est griffe ni dent en la bête irritée ,
Fait résonner sa queuè a l'entour de ses flancs, Bat l'air qui n'en peut mais, et sa fureur extrême Le fatigue, l'abat ; levoiì a sur les dents. L'Insecte du combat se retire avec gloire ,
An Abstract Theory of Computer Viruses, Advances in Cryptology?CRYPTO'88, pp.354-374, 1990. ,
Measuring similarity of malware behavior, 2009 IEEE 34th Conference on Local Computer Networks, pp.891-898, 2009. ,
DOI : 10.1109/LCN.2009.5355037
A Method for Watermarking Java Programs via Opaque Predicates, The Fifth International Conference on Electronic Commerce Research (ICECR-5), 2002. ,
The Nepenthes Platform: An Efficient Approach to Collect Malware, Recent Advances in Intrusion Detection, pp.165-184, 2006. ,
DOI : 10.1007/11856214_9
The computation of ? to 29,360,000 decimal digits using Borweins' quartically convergent algorithm, Mathematics of Computation, vol.50, issue.181, pp.283-296, 1988. ,
Automated Classification and Analysis of Internet Malware, Proceedings of the 10th international conference on Recent advances in intrusion detection, pp.178-197, 2007. ,
DOI : 10.1007/978-3-540-74320-0_10
On the (Im)possibility of Obfuscating Programs, Advances in Cryptology?Crypto 2001, pp.1-18, 2001. ,
Xen and the art of virtualization, Proceedings of the nineteenth ACM symposium on Operating systems principles, p.177, 2003. ,
Scalable , Behavior-Based Malware Clustering, Network and Distributed System Security Symposium (NDSS), 2009. ,
TTAnalyze: A tool for analyzing malware, 15th Annual Conference of the European Institute for Computer Antivirus Research (EICAR), 2006. ,
Advanced Polymorphic Techniques, International Journal of Computer Science, vol.2, issue.3, pp.194-205, 2007. ,
On the possibility of practically obfuscating programs towards a unified perspective of code protection, Journal in Computer Virology, vol.51, issue.8, pp.3-21, 2007. ,
DOI : 10.1007/s11416-006-0029-6
URL : https://hal.archives-ouvertes.fr/inria-00338074
QEMU, a Fast and Portable Dynamic Translator, Proceedings of the 2005 USENIX Annual Technical Conference, 2005. ,
Information distance, IEEE Transactions on Information Theory, vol.44, issue.4, pp.1407-1423, 1998. ,
DOI : 10.1109/18.681318
Solving the Problems of Context Modeling, 1996. ,
Architecture of a morphological malware detector, Journal in Computer Virology, vol.0, issue.4, pp.263-270, 2009. ,
DOI : 10.1007/s11416-008-0102-4
URL : https://hal.archives-ouvertes.fr/inria-00330022
Code obfuscation techniques for metamorphic viruses, Journal in Computer Virology, vol.49, issue.1, pp.211-220, 2008. ,
DOI : 10.1007/s11416-008-0084-2
URL : https://hal.archives-ouvertes.fr/hal-00353061
The changing face of malware, Network Security, vol.2008, issue.1, pp.17-20, 2008. ,
DOI : 10.1016/S1353-4858(08)70010-2
Detecting Self-mutating Malware Using Control-Flow Graph Matching, Detection of Intrusions and Malware & Vulnerability Assessment, 2006. ,
DOI : 10.1007/11790754_8
Code Normalization for Self-Mutating Malware, IEEE Security and Privacy Magazine, vol.5, issue.2, pp.46-54, 2007. ,
DOI : 10.1109/MSP.2007.31
Extending joebox-a scriptable malware analysis system, 2008. ,
Essays on Cellular Automata, 1970. ,
A block-sorting lossless data compression algorithm, System Research Center of Digital Equipement Corporation, 1994. ,
Towards realizing random oracles: Hash functions that hide all partial information, Advances in Cryptology-CRYPTO'97: 17th Annual International Cryptology Conference Proceedings, p.455, 1997. ,
DOI : 10.1007/BFb0052255
Common pitfalls using the normalized compression distance: What to watch out for in a compressor, Communications in Information and Systems, vol.5, issue.4, pp.367-384, 2005. ,
Worm epidemics in high-speed networks, Computer, vol.37, issue.6, pp.48-53, 2004. ,
DOI : 10.1109/MC.2004.36
Shared Information and Program Plagiarism Detection. Information Theory, IEEE Transactions on, vol.50, issue.7, pp.1545-1551, 2004. ,
Three models for the description of language. Information Theory, IRE Transactions ond, vol.2, issue.3, pp.113-124, 1956. ,
On certain formal properties of grammars, Information and Control, vol.2, issue.2, pp.137-167, 1959. ,
DOI : 10.1016/S0019-9958(59)90362-6
Using engine signature to detect metamorphic malware, Proceedings of the 4th ACM workshop on Recurring malcode , WORM '06, p.78, 2006. ,
DOI : 10.1145/1179542.1179558
An Approach to the Obfuscation of Control-Flow of Sequential Computer Programs, Information Security, vol.2200, pp.144-155, 2001. ,
DOI : 10.1007/3-540-45439-X_10
Static Analysis of Executables to Detect Malicious Patterns, Proceedings of the 12th conference on USENIX Security Symposium, 2003. ,
Testing Malware Detectors, Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis, 2004. ,
Semantics-Aware Malware Detection, 2005 IEEE Symposium on Security and Privacy (S&P'05), pp.32-46, 2005. ,
DOI : 10.1109/SP.2005.20
Reverse Compilation Techniques, 1994. ,
Decompilation of binary programs Software: Practice and Experience The CompLearn toolkit, Disponiblè a l'URL suivante, pp.811-829, 1995. ,
Algorithmic Clustering of Music Based on String Compression, Computer Music Journal, vol.4, issue.4, pp.49-67, 2004. ,
DOI : 10.1109/TSA.2002.800560
Clustering by Compression, IEEE Transactions on Information Theory, vol.51, issue.4, pp.1523-1545, 2005. ,
DOI : 10.1109/TIT.2005.844059
Model Checking, 1999. ,
Computer viruses, Computers & Security, vol.6, issue.1, 1986. ,
DOI : 10.1016/0167-4048(87)90122-2
A Taxonomy of Obfuscating Transformations, 1997. ,
Breaking abstractions and unstructuring data structures, Proceedings of the 1998 International Conference on Computer Languages (Cat. No.98CB36225), 1998. ,
DOI : 10.1109/ICCL.1998.674154
Manufacturing cheap, resilient, and stealthy opaque constructs, Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages , POPL '98, pp.184-196, 1998. ,
DOI : 10.1145/268946.268962
Watermarking, tamper-proofing, and obfuscation - tools for software protection, IEEE Transactions on Software Engineering, vol.28, issue.8, pp.735-746, 2002. ,
DOI : 10.1109/TSE.2002.1027797
Disponiblè a l'URL suivante, Tree Automata Techniques and Applications, 2007. ,
Temporal search, ACM SIGARCH Computer Architecture News, vol.34, issue.5, pp.25-36, 2006. ,
DOI : 10.1145/1168919.1168862
Detecting (and creating !) a HVM rootkit (aka BluePill-like), Journal in Computer Virology, vol.7, issue.1, pp.1-27, 2009. ,
DOI : 10.1007/s11416-009-0130-8
New directions in cryptography, IEEE Transactions on Information Theory, vol.22, issue.6, pp.644-654, 1976. ,
DOI : 10.1109/TIT.1976.1055638
Ether, Proceedings of the 15th ACM conference on Computer and communications security, CCS '08, pp.51-62, 2008. ,
DOI : 10.1145/1455770.1455779
Metamorphism in practice, 29A Magazine, vol.1, issue.6, 2002. ,
Dynamic Spyware Analysis, USENIX Annual Technical Conference, pp.233-246, 2007. ,
A survey on automated dynamic malware-analysis techniques and tools, ACM Computing Surveys, vol.44, issue.2, 2011. ,
DOI : 10.1145/2089125.2089126
ROC Graphs: Notes and Practical Considerations for Researchers, Machine Learning, pp.1-38, 2004. ,
Un combate con el Kernado, Virus bulletin, pp.8-9, 2002. ,
Attacks on More Virtual Machine Emulators [60] P. Ferrie and T. Lee. W32.mydoom.a@mm Disponiblè a l'URL suivante : http://www.symantec.com/security_ response/writeup.jsp?, pp.2004-012612, 2004. ,
How To Prove Yourself: Practical Solutions to Identification and Signature Problems, CRYPTO, pp.186-194, 1986. ,
DOI : 10.1007/3-540-47721-7_12
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.13.8796
Techniques virales avancées, 2007. ,
Evaluation methodology and theoretical model for antiviral behavioural detection strategies, Journal in Computer Virology, vol.34, issue.3, pp.23-37, 2007. ,
DOI : 10.1007/s11416-006-0026-9
The VFLIB graph matching library, version 2, 2001. ,
Synthesizing Near-Optimal Malware Specifications from Suspicious Behaviors, 2010 IEEE Symposium on Security and Privacy, pp.45-60, 2010. ,
DOI : 10.1109/SP.2010.11
Dynamic Optimization of IA-32 Applications Under Dyna- moRIO ,
Comparative analysis of various ransomware virii, Journal in Computer Virology, vol.6, issue.1, pp.77-90, 2010. ,
DOI : 10.1007/s11416-008-0092-2
Software Engineering with OBJ: Algebraic Specification in Action, 2000. ,
DOI : 10.1007/978-1-4757-6541-0
Survey of virtual machine research, Computer, vol.7, issue.6, pp.34-35, 1974. ,
DOI : 10.1109/MC.1974.6323581
On the Impossibility of Obfuscation with Auxiliary Input, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05), pp.553-562, 2005. ,
DOI : 10.1109/SFCS.2005.60
On Best-Possible Obfuscation. Theory of Cryptography, pp.194-213, 2007. ,
Peerto-peer botnets: Overview and case study, Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets. USENIX Association, 2007. ,
Van Wijngaarden grammars, metamorphism and K-ary malwares, 2010. ,
A Study of the Packer Problem and Its Solutions, Recent Advances in Intrusion Detection, pp.98-115 ,
DOI : 10.1007/978-3-540-87403-4_6
Unsolved problems in number theory, 2004. ,
Elements of Software Science, 1977. ,
Virus: définitions, mécanismes et antidotes (Systèmes et réseaux Coll. Référence), 2002. ,
Flow Analysis of Computer Programs, 1977. ,
Precise flow-insensitive may-alias analysis is NP-hard, ACM Transactions on Programming Languages and Systems, vol.19, issue.1, pp.1-6, 1997. ,
DOI : 10.1145/239912.239913
A method for the construction of minimum-redundancy codes, Proceedings of the IRE, pp.1098-1101, 1952. ,
Behavioral detection of malware: from a survey towards an established taxonomy, Journal in Computer Virology, vol.3548, issue.3, pp.251-266, 2008. ,
DOI : 10.1007/s11416-008-0086-0
Malware Behavioral Detection by Attribute-Automata Using Abstraction from Platform and Language, Recent Advances in Intrusion Detection, pp.81-100, 2009. ,
DOI : 10.1007/978-3-642-04342-0_5
Functional polymorphic engines: formalisation, implementation and use cases, Journal in Computer Virology, vol.2, issue.2, pp.247-261, 2009. ,
DOI : 10.1007/s11416-008-0095-z
Computability and Complexity from a Programming Perspective, 1997. ,
DOI : 10.1007/978-94-010-0413-8_4
Renovo, Proceedings of the 2007 ACM workshop on Recurring malcode, WORM '07, pp.46-53, 2007. ,
DOI : 10.1145/1314389.1314399
Reducibility Among Combinatorial Problems, 50 Years of Integer Programming, pp.219-241, 1958. ,
DOI : 10.1007/978-3-540-68279-0_8
DarkParanoid-Who Me? Virus bulletin, pp.8-9, 1998. ,
Detecting Malicious Code by Model Checking. Intrusion and Malware Detection and Vulnerability Assessment, pp.174-187, 2005. ,
DOI : 10.1007/11506881_11
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.131.7354
Behavior-based spyware detection, Proceedings of the 15th USENIX Security Symposium, 2006. ,
On notation for ordinal numbers, The Journal of Symbolic Logic, vol.28, issue.04, pp.150-155, 1938. ,
DOI : 10.1215/S0012-7094-36-00227-2
Semantics of context-free grammars [98] R. Kohavi. A study of cross-validation and bootstrap for accuracy estimation and model selection, Theory of Computing Systems International joint Conference on artificial intelligence, pp.127-145, 1968. ,
Effective and Efficient Malware Detection at the End Host, 18th Usenix Security Symposium, 2009. ,
Three approaches to the definition of the concept " quantity of information, Problemy Peredachi Informatsii, vol.1, issue.1, pp.3-11, 1965. ,
Pattern matching for clone and concept detection, Automated Software Engineering, vol.20, issue.No.6, pp.77-108, 1996. ,
DOI : 10.1007/BF00126960
Selbstreproduktion bei Programmen Master's thesis, 1980. ,
On self-reproducing computer programs, Journal in Computer Virology, vol.5, pp.9-87, 2009. ,
Polymorphic Worm Detection Using Structural Information of Executables, Recent Advances in Intrusion Detection, pp.207-226, 2006. ,
DOI : 10.1007/11663812_11
The Hungarian method for the assignment problem, Naval Research Logistics Quarterly, vol.3, issue.1-2, pp.83-97, 1955. ,
DOI : 10.1002/nav.3800020109
Are metamorphic viruses really invincible ?, Virus Bulletin, pp.5-7, 2004. ,
Undecidability of static analysis, ACM Letters on Programming Languages and Systems, vol.1, issue.4, p.337, 1992. ,
DOI : 10.1145/161494.161501
Bochs: A portable pc emulator for unix/x, Linux Journal, issue.29es, p.7, 1996. ,
Behavioral classification, European Institute for Computer Antivirus Research Conference (EICAR), 2006. ,
The New Front Line: Estonia under Cyberassault, IEEE Security & Privacy Magazine, vol.5, issue.4, pp.76-79, 2007. ,
DOI : 10.1109/MSP.2007.98
An information-based sequence distance and its application to whole mitochondrial genome phylogeny, Bioinformatics, vol.17, issue.2, p.149, 2001. ,
DOI : 10.1093/bioinformatics/17.2.149
The Similarity Metric, IEEE Transactions on Information Theory, vol.50, issue.12, pp.3250-3264, 2004. ,
DOI : 10.1109/TIT.2004.838101
An introduction to Kolmogorov complexity and its applications, 2008. ,
Hunting for undetectable metamorphic viruses, Journal in Computer Virology, vol.5, issue.3, 2011. ,
DOI : 10.1007/s11416-010-0148-y
Obfuscation of executable code to improve resistance to static disassembly, Proceedings of the 10th ACM conference on Computer and communication security , CCS '03, pp.290-299, 2003. ,
DOI : 10.1145/948109.948149
Dictionnaire de la langue française: Supplément. Hachette, p.1886 ,
Java Control Flow Obfuscation Master's thesis, 1998. ,
Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation, Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation, pp.190-200, 2005. ,
Positive Results and Techniques for Obfuscationarboit, Advances in Cryptology-EUROCRYPT 2004, pp.20-39, 2004. ,
DOI : 10.1007/978-3-540-24676-3_2
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.103.4569
DIOTA: Dynamic instrumentation , optimization and transformation of applications, Compendium of Workshops and Tutorials Held in conjunction with Intl. Conf. on Parallel Architectures and Compilation Techniques, 2002. ,
OmniUnpack: Fast, Generic, and Safe Unpacking of Malware, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007), pp.431-441, 2007. ,
DOI : 10.1109/ACSAC.2007.15
A Complexity Measure, IEEE Transactions on Software Engineering, vol.2, issue.4, pp.308-320, 1976. ,
DOI : 10.1109/TSE.1976.233837
Inside the slammer worm, Intelligence Report IEEE Security & Privacy, vol.8, issue.14, pp.33-39, 2003. ,
The Economics of Online Crime, Journal of Economic Perspectives, vol.23, issue.3, pp.3-20, 2009. ,
DOI : 10.1257/jep.23.3.3
Exploring Multiple Execution Paths for Malware Analysis, 2007 IEEE Symposium on Security and Privacy (SP '07), pp.231-245, 2007. ,
DOI : 10.1109/SP.2007.17
A Crawler-based Study of Spyware on the Web, Proceedings of the 2006 Network and Distributed System Security Symposium, pp.17-33, 2006. ,
Measurement of data structure complexity, Journal of Systems and Software, vol.20, issue.3, pp.217-225, 1993. ,
Valgrind, Electronic Notes in Theoretical Computer Science, vol.89, issue.2, pp.44-66, 2003. ,
DOI : 10.1016/S1571-0661(04)81042-9
URL : http://doi.org/10.1016/s1571-0661(04)81042-9
Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software, Proceedings of the Network and Distributed System Security Symposium (NDSS 2005), 2005. ,
Disponiblè a l'URL suivante, 2003. ,
Software Obfuscation on a Theoretical Basis and Its Implementation, IEICE TRANSACTIONS on Fundamentals of Electronics Communications and Computer Sciences, vol.86, issue.1, pp.176-186, 2003. ,
Control flow, data flow, and program complexity, IEEE COMPSAC, pp.146-152, 1980. ,
Computational complexity, 2003. ,
Recursive Unsolvability of a problem of Thue, The Journal of Symbolic Logic, vol.1, issue.01, pp.1-11, 1947. ,
DOI : 10.1090/S0002-9904-1944-08111-1
Modelling metamorphism by abstract interpretation, Proceedings of the 17th international conference on Static analysis, pp.218-235, 2010. ,
A Semantics-Based Approach to Malware Detection, ACM Transactions on Programming Languages and Systems (TOPLAS), vol.30, issue.5, p.25, 2008. ,
Polymorphism and grammars Disponiblè a l'URL suivante : http://www.29a.net, 29A E-zine, pp.29-33, 1999. ,
A Tutorial on Hidden Markov Models and Selected Applications in Speech Recognition, Proceedings of the IEEE, pp.257-286, 1989. ,
The undecidability of aliasing, ACM Transactions on Programming Languages and Systems, vol.16, issue.5, pp.1467-1471, 1994. ,
DOI : 10.1145/186025.186041
Classes of recursively enumerable sets and their decision problems . Transactions of the, pp.358-366, 1953. ,
Learning and classification of malware behavior. Detection of Intrusions and Malware, and Vulnerability Assessment, pp.108-125, 2008. ,
Environmental Key Generation Towards Clueless Agents, Mobile Agents and Security, pp.15-24, 1998. ,
DOI : 10.1007/3-540-68671-1_2
On data banks and privacy homomorphisms, Foundations of secure computation (Workshop Georgia Institute of Technologie), pp.169-179, 1978. ,
Theory of recursive functions and effective computability, 1987. ,
PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06), pp.289-300, 2006. ,
DOI : 10.1109/ACSAC.2006.38
Windows Sysinternals DisponiblèDisponiblè a l'URL suivante : http://download.sysinternals.com/Files, 2008. ,
Disassembly of executable code revisited, Ninth Working Conference on Reverse Engineering, 2002. Proceedings., pp.45-54, 2002. ,
DOI : 10.1109/WCRE.2002.1173063
PE-Miner: Mining Structural Information to Detect Malicious Executables in Realtime, Recent Advances in Intrusion Detection, pp.121-141, 2009. ,
DOI : 10.1007/978-3-642-04342-0_7
A mathematical theory of communication, ACM SIGMO- BILE Mobile Computing and Communications Review, vol.5, issue.1, p.55, 2001. ,
Static verification of worm and virus behavior in binary executables using model checking, IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, 2003., 2003. ,
DOI : 10.1109/SMCSIA.2003.1232440
Existence of a Van Wijngaarden syntax for every recursively enumerable set, pp.115-118, 1967. ,
The internet worm incident, 2nd European Software Engineering Conference, pp.446-468, 1989. ,
DOI : 10.1007/3-540-51635-2_54
Reliable identification of bounded-length viruses is NP-complete, IEEE Transactions on Information Theory, vol.49, issue.1, pp.280-284, 2003. ,
DOI : 10.1109/TIT.2002.806137
The Art of Computer Virus Research and Defense, 2005. ,
Hunting for metamorphic, Virus Bulletin, 2001. ,
Specification-Driven Dynamic Binary Translation, 2004. ,
On computable numbers, with an application to the Entscheidungsproblem, Proceedings of the London Mathematical Society, p.230, 1937. ,
The Generative Power of Two-Level Grammars, Proceedings of the 2nd Colloquim on Automata Languages and Programming, pp.9-16, 1974. ,
DOI : 10.1007/978-3-662-21545-6_1
Sakthi: A retargetable dynamic framework for binary instrumentation, Hawaii International Conference in Computer Sciences, 2004. ,
Stealth Breakpoints, 21st Annual Computer Security Applications Conference (ACSAC'05), p.10, 2005. ,
DOI : 10.1109/CSAC.2005.52
Cobra: fine-grained malware analysis using stealth localized-executions, 2006 IEEE Symposium on Security and Privacy (S&P'06), 2006. ,
DOI : 10.1109/SP.2006.9
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.104.344
Spike: engineering malware analysis tools using unobtrusive binary-instrumentation, Proceedings of the 29th Australian Computer Science Conference, pp.311-320, 2006. ,
Cipher printing telegraph systems for secret wire and radio telegraphic communications, J. American Inst. Transactions of the American Institute of Electrical Engineers, vol.55, pp.109-115, 1926. ,
The general and logical theory of automata, Cerebral Mechanisms in Behavior: The Hixon Symposium, pp.1-41, 1951. ,
Theory of self-reproducing automata, 1966. ,
Is ? normal ? The Math Intelligencer, pp.65-67, 1985. ,
The Design Space of Metamorphic Malware, ICIW 2007 2nd International Conference on i-Warfare and Security, p.241, 2007. ,
Normalizing Metamorphic Malware Using Term Rewriting, 2006 Sixth IEEE International Workshop on Source Code Analysis and Manipulation, pp.75-84, 2006. ,
DOI : 10.1109/SCAM.2006.20
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.387.4899
Protection of Software-based Survivability Mechanisms, IEEE Computer Society, 2003. ,
Software tamper resistance: Obstructing static analysis of programs, Tech. Rep. CS, 2000. ,
Using HoneyClients to Detect New Attacks, RECON conference, 2005. ,
Virtualbox: bits and bytes masquerading as machines, Linux Journal, issue.1661, 2008. ,
Detection of metamorphic computer viruses using algebraic specification, Journal in Computer Virology, vol.1, issue.3, pp.149-161, 2006. ,
DOI : 10.1007/s11416-006-0023-z
Detection of metamorphic and virtualization-based malware using algebraic specification, Journal in Computer Virology, vol.2, issue.3, pp.221-245, 2009. ,
DOI : 10.1007/s11416-008-0094-0
Analyzing worms and network traffic using compression, Journal of Computer Security, vol.15, issue.3, pp.303-320, 2007. ,
DOI : 10.3233/JCS-2007-15301
URL : http://doi.org/10.3233/jcs-2007-15301
Program Slicing Toward automated dynamic malware analysis using cwsandbox, Proceedings of the 5th international conference on Software engineering IEEE Symposium on Security and Privacy, pp.439-44907, 1981. ,
Hunting for metamorphic engines, Journal in Computer Virology, vol.235, issue.5, pp.211-229, 2006. ,
DOI : 10.1007/s11416-006-0028-7
General Method of Program Code Obfuscation, Proceedings of the International Conference on Software Engineering Research and Practice (SERP), pp.153-159, 2002. ,
General Method of Program Code Obfuscation, 2002. ,
HookFinder: Identifying and understanding malware hooking behaviors, Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08). Citeseer, 2008. ,
Panorama, Proceedings of the 14th ACM conference on Computer and communications security , CCS '07, p.127, 2007. ,
DOI : 10.1145/1315245.1315261
Code mutation techniques by means of formal grammars and automatons, Journal in Computer Virology, vol.5, issue.3, pp.199-207, 2009. ,
DOI : 10.1007/s11416-009-0121-9
MetaAware: Identifying Metamorphic Malware, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007), pp.411-420, 2007. ,
DOI : 10.1109/ACSAC.2007.9
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.365.3496
Theory of including degrees and its applications to uncertainty inferences, Soft Computing in Intelligent Systems and Information Processing. Proceedings of the 1996 Asian Fuzzy Systems Symposium, pp.496-501, 1996. ,
DOI : 10.1109/AFSS.1996.583677
Obfuscate arrays by homomorphic functions, 2006 IEEE International Conference on Granular Computing, pp.770-773, 2006. ,
DOI : 10.1109/GRC.2006.1635914
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.302.4273
A universal algorithm for sequential data compression, IEEE Transactions on Information Theory, vol.23, issue.3, pp.337-343, 1977. ,
DOI : 10.1109/TIT.1977.1055714
Code red worm propagation modeling and analysis, Proceedings of the 9th ACM conference on Computer and communications security , CCS '02, pp.138-147, 2002. ,
DOI : 10.1145/586110.586130
Some Further Theoretical Results about Computer Viruses, The Computer Journal, vol.47, issue.6, pp.627-633, 2004. ,
DOI : 10.1093/comjnl/47.6.627
URL : http://comjnl.oxfordjournals.org/cgi/content/short/47/6/627
On the Time Complexity of Computer Viruses, IEEE Transactions on Information Theory, vol.51, issue.8, pp.2962-2966, 2005. ,
DOI : 10.1109/TIT.2005.851780