| Toward automated dynamic malware analysis using cwsandbox C Willems, T Holz, F Freiling IEEE security & privacy 5 (2), 32-39, 2007 | 1227 | 2007 |
| Automatic analysis of malware behavior using machine learning K Rieck, P Trinius, C Willems, T Holz Journal of computer security 19 (4), 639-668, 2011 | 1051 | 2011 |
| Learning and classification of malware behavior K Rieck, T Holz, C Willems, P Düssel, P Laskov International Conference on Detection of Intrusions and Malware, and …, 2008 | 959 | 2008 |
| Practical timing side channel attacks against kernel space ASLR R Hund, C Willems, T Holz 2013 IEEE Symposium on Security and Privacy, 191-205, 2013 | 648 | 2013 |
| Automated identification of cryptographic primitives in binary programs F Gröbert, C Willems, T Holz International Workshop on Recent Advances in Intrusion Detection, 41-60, 2011 | 143 | 2011 |
| A malware instruction set for behavior-based analysis P Trinius, C Willems, T Holz, K Rieck None, 2009 | 108 | 2009 |
| Don't trust satellite phones: A security analysis of two satphone standards B Driessen, R Hund, C Willems, C Paar, T Holz 2012 IEEE Symposium on Security and Privacy, 128-142, 2012 | 72 | 2012 |
| Down to the bare metal: Using processor features for binary analysis C Willems, R Hund, A Fobian, D Felsch, T Holz, A Vasudevan Proceedings of the 28th Annual Computer Security Applications Conference …, 2012 | 65 | 2012 |
| Measurement and analysis of autonomous spreading malware in a university environment J Goebel, T Holz, C Willems International Conference on Detection of Intrusions and Malware, and …, 2007 | 52 | 2007 |
| Cxpinspector: Hypervisor-based, hardware-assisted system monitoring C Willems, R Hund, T Holz Ruhr-Universitat Bochum, Tech. Rep, 12, 2013 | 36 | 2013 |
| Reverse code engineering—state of the art and countermeasures C Willems, FC Freiling it-Information Technology 54 (2), 53-63, 2012 | 27 | 2012 |
| Detecting malicious documents with combined static and dynamic analysis M Engleberth, C Willems, T Holz Virus Bulletin, 2009 | 25 | 2009 |
| CWSandbox: Automatic behaviour analysis of malware C Willems, T Holz | 21 | 2006 |
| Using memory management to detect and extract illegitimate code for malware analysis C Willems, FC Freiling, T Holz Proceedings of the 28th Annual Computer Security Applications Conference …, 2012 | 20 | 2012 |
| The inmas approach M Engelberth, FC Freiling, J Göbel, C Gorecki, T Holz, R Hund, P Trinius, ... 1st European Workshop on Internet Early Warning and Network Intelligence, 2010 | 20 | 2010 |
| Countering innovative sandbox evasion techniques used by malware F Besler, C Willems, R Hund 29th Annual FIRST Conference, 2017 | 12 | 2017 |
| An experimental security analysis of two satphone standards B Driessen, R Hund, C Willems, C Paar, T Holz ACM Transactions on Information and System Security (TISSEC) 16 (3), 1-30, 2013 | 10 | 2013 |
| Cwsandbox C Willems, T Holz | 9 | 2007 |
| Analyse und Vergleich von BckR2D2-I und II A Dewald, FC Freiling, T Schreck, M Spreitzenbarth, J Stüttgen, S Vömel, ... SICHERHEIT 2012–Sicherheit, Schutz und Zuverlässigkeit, 47-58, 2012 | 7 | 2012 |
| Frühe Warnung durch Beobachten und Verfolgen von bösartiger Software im Deutschen Internet: Das Internet-Malware-Analyse-System (IAS) M Engelberth, F Freiling, J Göbel, C Gorecki, T Holz, P Trinius, C Willems Sichere Wege in der vernetzten Welt–Tagungsband zum 11, 353-367, 2009 | 5 | 2009 |
