| Toward automated dynamic malware analysis using cwsandbox C Willems, T Holz, F Freiling IEEE Security & Privacy 5 (2), 32-39, 2007 | 1209 | 2007 |
| Automatic analysis of malware behavior using machine learning K Rieck, P Trinius, C Willems, T Holz Journal of computer security 19 (4), 639-668, 2011 | 1001 | 2011 |
| Learning and classification of malware behavior K Rieck, T Holz, C Willems, P Düssel, P Laskov International Conference on Detection of Intrusions and Malware, and …, 2008 | 936 | 2008 |
| Practical timing side channel attacks against kernel space ASLR R Hund, C Willems, T Holz 2013 IEEE Symposium on Security and Privacy, 191-205, 2013 | 611 | 2013 |
| Automated identification of cryptographic primitives in binary programs F Gröbert, C Willems, T Holz Recent Advances in Intrusion Detection: 14th International Symposium, RAID …, 2011 | 147 | 2011 |
| A malware instruction set for behavior-based analysis P Trinius, C Willems, T Holz, K Rieck None, 2009 | 104 | 2009 |
| Don't trust satellite phones: A security analysis of two satphone standards B Driessen, R Hund, C Willems, C Paar, T Holz 2012 IEEE Symposium on Security and Privacy, 128-142, 2012 | 71 | 2012 |
| Down to the bare metal: Using processor features for binary analysis C Willems, R Hund, A Fobian, D Felsch, T Holz, A Vasudevan Proceedings of the 28th Annual Computer Security Applications Conference …, 2012 | 64 | 2012 |
| Measurement and analysis of autonomous spreading malware in a university environment J Goebel, T Holz, C Willems Detection of Intrusions and Malware, and Vulnerability Assessment: 4th …, 2007 | 52 | 2007 |
| Cxpinspector: Hypervisor-based, hardware-assisted system monitoring C Willems, R Hund, T Holz Ruhr-Universitat Bochum, Tech. Rep, 12, 2013 | 37 | 2013 |
| Reverse code engineering—state of the art and countermeasures C Willems, FC Freiling it-Information Technology 54 (2), 53-63, 2012 | 27 | 2012 |
| Detecting malicious documents with combined static and dynamic analysis M Engleberth, C Willems, T Holz Virus Bulletin, 2009 | 26 | 2009 |
| CWSandbox: Automatic behaviour analysis of malware C Willems, T Holz | 22 | 2006 |
| The inmas approach M Engelberth, FC Freiling, J Göbel, C Gorecki, T Holz, R Hund, P Trinius, ... 1st European Workshop on Internet Early Warning and Network Intelligence, 2010 | 21 | 2010 |
| Using memory management to detect and extract illegitimate code for malware analysis C Willems, FC Freiling, T Holz Proceedings of the 28th Annual Computer Security Applications Conference …, 2012 | 20 | 2012 |
| Countering innovative sandbox evasion techniques used by malware F Besler, C Willems, R Hund 29th Annual FIRST Conference, 2017 | 11 | 2017 |
| An experimental security analysis of two satphone standards B Driessen, R Hund, C Willems, C Paar, T Holz ACM Transactions on Information and System Security (TISSEC) 16 (3), 1-30, 2013 | 9 | 2013 |
| Cwsandbox C Willems, T Holz | 9 | 2007 |
| Analyse und Vergleich von BckR2D2-I und II A Dewald, FC Freiling, T Schreck, M Spreitzenbarth, J Stüttgen, S Vömel, ... | 7 | 2011 |
| Hypervisor-based, hardware-assisted system monitoring C Willems, R Hund, T Holz Virus Bulletin Conference, 2013 | 6 | 2013 |
