{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,3]],"date-time":"2025-05-03T18:44:22Z","timestamp":1746297862375,"version":"3.40.3"},"publisher-location":"Cham","reference-count":23,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030927073"},{"type":"electronic","value":"9783030927080"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-92708-0_22","type":"book-chapter","created":{"date-parts":[[2022,1,3]],"date-time":"2022-01-03T23:02:43Z","timestamp":1641250963000},"page":"340-352","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Tracing Software Exploitation"],"prefix":"10.1007","author":[{"given":"Ayman","family":"Youssef","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mohamed","family":"Abdelrazek","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chandan","family":"Karmakar","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zubair","family":"Baig","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,1,4]]},"reference":[{"key":"22_CR1","unstructured":"Mandiant-Threat-Intelligence-Research: Think fast: time between disclosure, patch release and vulnerability exploitation \u2014 intelligence for vulnerability management, Part Two|FireEye Inc. https:\/\/www.fireeye.com\/blog\/threat-research\/2020\/04\/time-between-disclosure-patch-release-and-vulnerability-exploitation.html. Accessed 13 Jan 2021"},{"key":"22_CR2","doi-asserted-by":"crossref","unstructured":"Gupta, S., Pratap, P., Saran, H.: Dynamic code instrumentation to detect and recover from instrumentation, pp. 65\u201371 (2006)","DOI":"10.1145\/1138912.1138926"},{"key":"22_CR3","doi-asserted-by":"publisher","unstructured":"Snow, K.Z., Monrose, F., Davi, L., Dmitrienko, A., Liebchen, C., Sadeghi, A.R.: Just-in-time code reuse: on the effectiveness of fine-grained address space layout randomization. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 574\u2013588 (2013). https:\/\/doi.org\/10.1109\/SP.2013.45","DOI":"10.1109\/SP.2013.45"},{"key":"22_CR4","unstructured":"Jia, X., Zhang, C., Su, P., Yang, Y., Huang, H., Feng, D.: Towards efficient heap overflow discovery. In: Proceedings of 26th USENIX Conference on Security Symposium, pp. 989\u20131006 (2017)"},{"key":"22_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-45719-2","volume-title":"Research in attacks, intrusions, and defenses","year":"2016","unstructured":"Monrose, F., Dacier, M., Blanc, G., Garcia-Alfaro, J. (eds.): RAID 2016. LNCS, vol. 9854. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-45719-2"},{"key":"22_CR6","unstructured":"Carlini, N., Wagner, D.: ROP is still dangerous: breaking modern defenses. In: Proceedings of the 23rd USENIX conference on Security Symposium, p. 256 (2014)"},{"key":"22_CR7","doi-asserted-by":"publisher","unstructured":"Haider, W., Creech, G., Xie, Y., Hu, J.: Windows based data sets for evaluation of robustness of Host based Intrusion Detection Systems (IDS) to zero-day and stealth attacks. Future Internet 8, 29 (2016). https:\/\/doi.org\/10.3390\/fi8030029","DOI":"10.3390\/fi8030029"},{"key":"22_CR8","doi-asserted-by":"publisher","first-page":"807","DOI":"10.1109\/TC.2013.13","volume":"63","author":"G Creech","year":"2014","unstructured":"Creech, G., Hu, J.: A semantic approach to host-based intrusion detection systems using contiguous and discontiguous system call patterns. IEEE Trans. Comput. 63, 807\u2013819 (2014). https:\/\/doi.org\/10.1109\/TC.2013.13","journal-title":"IEEE Trans. Comput."},{"key":"22_CR9","unstructured":"1998 DARPA Intrusion Detection Evaluation Dataset|MIT Lincoln Laboratory. https:\/\/www.ll.mit.edu\/r-d\/datasets\/1998-darpa-intrusion-detection-evaluation-dataset. Accessed 1 Feb 2021"},{"key":"22_CR10","unstructured":"1999 DARPA Intrusion Detection Evaluation Dataset|MIT Lincoln Laboratory. https:\/\/www.ll.mit.edu\/r-d\/datasets\/1999-darpa-intrusion-detection-evaluation-dataset. Accessed 1 Feb 2021"},{"key":"22_CR11","unstructured":"(MIT), Massachusetts Institute of Technology: MIT Lincoln Laboratory: DARPA Intrusion Detection Evaluation. https:\/\/archive.ll.mit.edu\/ideval\/docs\/attackDB.html#secret. Accessed 1 Feb 2021"},{"key":"22_CR12","unstructured":"IDS 2018|Datasets|Research|Canadian Institute for Cybersecurity|UNB. https:\/\/www.unb.ca\/cic\/datasets\/ids-2018.html. Accessed 1 Feb 2021"},{"key":"22_CR13","doi-asserted-by":"publisher","unstructured":"Glasser, J., Lindauer, B.: Bridging the gap: a pragmatic approach to generating insider threat data. In: Proceedings of IEEE CS Security and Privacy Workshops, SPW 2013, pp. 98\u2013104 (2013). https:\/\/doi.org\/10.1109\/SPW.2013.37","DOI":"10.1109\/SPW.2013.37"},{"key":"22_CR14","doi-asserted-by":"publisher","unstructured":"Elsabagh, M., Barbara, D., Fleck, D., Stavrou, A.: Detecting ROP with statistical learning of program characteristics. In: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, pp. 219\u2013226. ACM, New York, NY, USA (2017). https:\/\/doi.org\/10.1145\/3029806.3029812","DOI":"10.1145\/3029806.3029812"},{"key":"22_CR15","unstructured":"Li, X., Hu, Z., Fu, Y., Chen, P., Zhu, M., Liu, P.: ROPNN: detection of ROP payloads using deep neural networks (2018)"},{"key":"22_CR16","unstructured":"Snort - Network Intrusion Detection & Prevention System, https:\/\/www.snort.org\/. Accessed 1 Feb 2021"},{"key":"22_CR17","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1049\/iet-ifs.2017.0460","volume":"12","author":"G Su\u00e1rez-Tangil","year":"2018","unstructured":"Su\u00e1rez-Tangil, G., Dash, S.K., Garc\u00eda-Teodoro, P., Camacho, J., Cavallaro, L.: Anomaly-based exploratory analysis and detection of exploits in android mediaserver. IET Inf. Secur. 12, 1 (2018). https:\/\/doi.org\/10.1049\/iet-ifs.2017.0460","journal-title":"IET Inf. Secur."},{"key":"22_CR18","unstructured":"Desktop Operating System Market Share Worldwide|StatCounter Global Stats. https:\/\/gs.statcounter.com\/os-market-share\/desktop\/worldwide. Accessed 5 Apr 2021"},{"key":"22_CR19","unstructured":"PassMark CPU Benchmarks - AMD vs Intel Market Share. https:\/\/www.cpubenchmark.net\/market_share.html. Accessed 5 Apr 2021"},{"key":"22_CR20","unstructured":"Project Zero: About Project Zero. https:\/\/googleprojectzero.blogspot.com\/p\/about-project-zero.html. Accessed 6 Apr 2021"},{"key":"22_CR21","doi-asserted-by":"publisher","unstructured":"Chen, Y., Lin, Z., Xing, X.: A systematic study of elastic objects in Kernel exploitation. In: Proceedings of ACM Conference on Computer and Communications Security, pp. 1165\u20131184 (2020). https:\/\/doi.org\/10.1145\/3372297.3423353","DOI":"10.1145\/3372297.3423353"},{"key":"22_CR22","unstructured":"Introducing Kernel Data Protection, a new platform security technology for preventing data corruption - Microsoft Security. https:\/\/www.microsoft.com\/security\/blog\/2020\/07\/08\/introducing-kernel-data-protection-a-new-platform-security-technology-for-preventing-data-corruption\/. Accessed 6 Apr 2021"},{"key":"22_CR23","unstructured":"Intel\u00ae 64 and IA-32 Architectures Software Developer Manuals. https:\/\/software.intel.com\/content\/www\/us\/en\/develop\/articles\/intel-sdm.html. Accessed 6 Apr 2021"}],"container-title":["Lecture Notes in Computer Science","Network and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-92708-0_22","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,4,29]],"date-time":"2022-04-29T16:07:48Z","timestamp":1651248468000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-92708-0_22"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030927073","9783030927080"],"references-count":23,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-92708-0_22","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"4 January 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"NSS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Network and System Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Tianjin","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 October 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 October 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"nss2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/nsclab.org\/nss2021\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"62","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"16","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"8","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"26% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4.2","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2.75","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}