{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,4]],"date-time":"2026-03-04T16:41:13Z","timestamp":1772642473637,"version":"3.50.1"},"publisher-location":"Cham","reference-count":22,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030372279","type":"print"},{"value":"9783030372286","type":"electronic"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-37228-6_7","type":"book-chapter","created":{"date-parts":[[2019,12,16]],"date-time":"2019-12-16T10:00:05Z","timestamp":1576490405000},"page":"126-146","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":14,"title":["USB-Watch: A Dynamic Hardware-Assisted USB Threat Detection Framework"],"prefix":"10.1007","author":[{"given":"Kyle","family":"Denney","sequence":"first","affiliation":[]},{"given":"Enes","family":"Erdin","sequence":"additional","affiliation":[]},{"given":"Leonardo","family":"Babun","sequence":"additional","affiliation":[]},{"given":"Michael","family":"Vai","sequence":"additional","affiliation":[]},{"given":"Selcuk","family":"Uluagac","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,12,13]]},"reference":[{"key":"7_CR1","unstructured":"Cunningham, A.: How USB became the undefeated king of connectors, October 2017. \nhttps:\/\/www.wired.co.uk\/article\/usb-history"},{"key":"7_CR2","unstructured":"Nohl, K., Lell, J.: BadUSB-on accessories that turn evil, Black Hat USA (2014)"},{"key":"7_CR3","unstructured":"IBM bans USB drives - but will it work? May 2018. \nhttps:\/\/nakedsecurity.sophos.com\/2018\/05\/11\/ibm-bans-usb-drives-but-will-it-work\/"},{"key":"7_CR4","unstructured":"Otachi, E.: 8 of the best antivirus with USB scanner for 2018, February 2018. \nhttps:\/\/windowsreport.com\/antivirus-usb-scanner\/"},{"key":"7_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"278","DOI":"10.1007\/978-3-319-95729-6_18","volume-title":"Data and Applications Security and Privacy XXXII","author":"S Neuner","year":"2018","unstructured":"Neuner, S., Voyiatzis, A.G., Fotopoulos, S., Mulliner, C., Weippl, E.R.: USBlock: blocking USB-based keypress injection attacks. In: Kerschbaum, F., Paraboschi, S. (eds.) DBSec 2018. LNCS, vol. 10980, pp. 278\u2013295. Springer, Cham (2018). \nhttps:\/\/doi.org\/10.1007\/978-3-319-95729-6_18"},{"key":"7_CR6","doi-asserted-by":"publisher","unstructured":"Tian, D.J., Bates, A., Butler, K.: Defending against malicious USB firmware with goodUSB. In: Proceedings of the 31st Annual Computer Security Applications Conference, Series ACSAC 2015, New York, NY, USA, pp. 261\u2013270. ACM (2015). \nhttps:\/\/doi.org\/10.1145\/2818000.2818040","DOI":"10.1145\/2818000.2818040"},{"key":"7_CR7","unstructured":"Daley, B.L.: USBeSafe: applying one class SVM for effective USB event anomaly detection. Northeastern University, College of Computer and Information Systems Boston United States, Technical report (2016)"},{"key":"7_CR8","first-page":"14283","volume":"7","author":"S Sikka","year":"2017","unstructured":"Sikka, S., Srivastva, U., Sharma, R.: A review of detection of USB malware. Int. J. Eng. Sci. 7, 14283 (2017)","journal-title":"Int. J. Eng. Sci."},{"key":"7_CR9","unstructured":"Admin: Tutorial about USB hid report descriptors, January 2018. \nhttps:\/\/eleccelerator.com\/tutorial-about-usb-hid-report-descriptors\/"},{"key":"7_CR10","unstructured":"Looks like a flash drive. Types like a keyboard. \nhttps:\/\/www.hak5.org\/gear\/usb-rubber-ducky"},{"key":"7_CR11","unstructured":"Smith: Say hello to BadUSB 2.0: A USB man-in-the-middle attack proof of concept, June 2016. \nhttps:\/\/www.csoonline.com\/article\/3087484\/security\/say-hello-to-badusb-20-usb-man-in-the-middle-attack-proof-of-concept.html"},{"key":"7_CR12","unstructured":"RedTeam: USB drop attacks: the danger of \u201clost and found\u201d thumb drives\u201d, October 2017. \nhttps:\/\/www.redteamsecure.com\/usb-drop-attacks-the-danger-of-lost-and-found-thumb-drives\/"},{"key":"7_CR13","unstructured":"Bursztein, E.: Does dropping USB drives really work? Blackhat. Technical report (2016)"},{"key":"7_CR14","unstructured":"Mamiit, A.: How bad is BadUSB? security experts say there is no quick fix, vol. 18, p. 2014, November 2014"},{"key":"7_CR15","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: IEEE Twenty-Third Annual Computer Security Applications Conference ACSAC 2007, pp. 421\u2013430 (2007)","DOI":"10.1109\/ACSAC.2007.21"},{"key":"7_CR16","unstructured":"Tian, D.J., Scaife, N., Bates, A., Butler, K., Traynor, P.: Making USB great again with USBFILTER. In: 25th USENIX Security Symposium (USENIX Security 16), pp. 415\u2013430 (2016)"},{"key":"7_CR17","unstructured":"Robertson, J., Riley, M.: The big hack: How China used a tiny chip to infiltrate U.S. companies. \nhttps:\/\/www.bloomberg.com\/news\/features\/2018-10-04\/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies"},{"key":"7_CR18","series-title":"Advances in Information Security","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1007\/978-3-319-97643-3_2","volume-title":"Versatile Cybersecurity","author":"MS Raval","year":"2018","unstructured":"Raval, M.S., Gandhi, R., Chaudhary, S.: Insider threat detection: machine learning way. In: Conti, M., Somani, G., Poovendran, R. (eds.) Versatile Cybersecurity. AIS, vol. 72, pp. 19\u201353. Springer, Cham (2018). \nhttps:\/\/doi.org\/10.1007\/978-3-319-97643-3_2"},{"issue":"2","key":"7_CR19","doi-asserted-by":"publisher","first-page":"114","DOI":"10.1007\/s41635-017-0013-2","volume":"1","author":"J Lopez","year":"2017","unstructured":"Lopez, J., Babun, L., Aksu, H., Uluagac, A.S.: A survey on function and system call hooking approaches. J. Hardware Syst. Secur. 1(2), 114\u2013136 (2017)","journal-title":"J. Hardware Syst. Secur."},{"key":"7_CR20","unstructured":"https:\/\/www.kernel.org\/doc\/Documentation\/usb\/usbmon.txt"},{"key":"7_CR21","unstructured":"9.6. random - generate pseudo-random numbers. \nhttps:\/\/docs.python.org\/2\/library\/random.html"},{"key":"7_CR22","unstructured":"Maxion, R.A., Roberts, R.R.: Proper use of ROC curves in Intrusion\/Anomaly Detection. University of Newcastle upon Tyne, Computing Science (2004)"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Security and Privacy in Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-37228-6_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,12,16]],"date-time":"2019-12-16T10:05:20Z","timestamp":1576490720000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-37228-6_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030372279","9783030372286"],"references-count":22,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-37228-6_7","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"value":"1867-8211","type":"print"},{"value":"1867-822X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"13 December 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SecureComm","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Security and Privacy in Communication Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Orlando, VA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 October 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 October 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"securecomm2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/securecomm.org","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"149","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"38","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"18","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"26% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3,5","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}