FAQ

A) In my experiments, guideline XYZ does not apply?!

In certain cases, guidelines do not apply to particular fields of research. For example, if you do not give Internet access to malware samples during execution, it is not necessary to describe containment policies. Please carefully think, though, if other guidelines cannot be translated to your research. For example, while false positives / false negatives are well-defined for IDSs, malware clustering typically uses precision / recall in similar fashions.

B) Why don't you list guideline XYZ?

If you think this website misses an important guideline, please let us know via email or post on this website and we'll consider adding it.

C) How did you decide on the importance for guideline XYZ?

We assigned a three-level qualitative importance rating to each check, based on our experience with malware execution analysis. If you feel any rating is wrong, please open a discussion.

D) How can I cite these guidelines in my paper?

We prepared a .bibtex file that you can use to cite these guidelines.

E) I don't understand guidelines XYZ!

You can always refer to the original publication, which describes in more detail why and in which context each guideline is important.

F) Who is maintaing this website?

This website is maintained by Christian Rossow on behalf of the research groups that participated in the original publication.