{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,11]],"date-time":"2025-09-11T19:25:33Z","timestamp":1757618733167,"version":"3.44.0"},"publisher-location":"Cham","reference-count":40,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031976223"},{"type":"electronic","value":"9783031976230"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-97623-0_12","type":"book-chapter","created":{"date-parts":[[2025,7,10]],"date-time":"2025-07-10T09:27:21Z","timestamp":1752139641000},"page":"195-215","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Linux Hurt Itself in\u00a0Its Confusion! Exploiting Out-of-Memory Killer for\u00a0Confusion Attacks via\u00a0Heuristic Manipulation"],"prefix":"10.1007","author":[{"given":"Lorenzo","family":"Bossi","sequence":"first","affiliation":[]},{"given":"Daniele","family":"Mammone","sequence":"additional","affiliation":[]},{"given":"Michele","family":"Carminati","sequence":"additional","affiliation":[]},{"given":"Stefano","family":"Zanero","sequence":"additional","affiliation":[]},{"given":"Stefano","family":"Longari","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,7,10]]},"reference":[{"key":"12_CR1","unstructured":"Android low memory killer daemon. https:\/\/source.android.com\/docs\/core\/perf\/lmkd?hl=it"},{"key":"12_CR2","unstructured":"Baruwa. https:\/\/github.com\/baruwaproject\/baruwa2"},{"key":"12_CR3","unstructured":"Alinto: Mailcleaner community edition. https:\/\/github.com\/MailCleaner\/MailCleaner8"},{"key":"12_CR4","unstructured":"Backlinko. https:\/\/backlinko.com\/iphone-vs-android-statistics"},{"key":"12_CR5","unstructured":"Biswas, S., Sohel, M., Sajal, M., Afrin, T., Bhuiyan, T., Hassan, M.: A study on remote code execution vulnerability in web applications. In: International Conference on Cyber Security and Computer Science (ICONCS 2018), pp. 50\u201357 (2018)"},{"key":"12_CR6","doi-asserted-by":"crossref","unstructured":"Chen, W., Pi, A., Wang, S., Zhou, X.: OS-augmented oversubscription of opportunistic memory with a user-assisted OOM killer. In: Proceedings of the 20th International Middleware Conference, pp. 28\u201340 (2019)","DOI":"10.1145\/3361525.3361534"},{"key":"12_CR7","unstructured":"CVE-2014-7300. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2014-7300"},{"key":"12_CR8","unstructured":"CVE-2019-14891. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-14891"},{"key":"12_CR9","unstructured":"CVE-2019-6637. Available from MITRE, CVE-ID CVE-2019-6637. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2019-6637"},{"key":"12_CR10","unstructured":"CVE-2020-10781. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=2020-10781"},{"key":"12_CR11","unstructured":"CVE-2004-0807. https:\/\/access.redhat.com\/security\/cve\/CVE-2004-0807"},{"key":"12_CR12","doi-asserted-by":"crossref","unstructured":"Du, Z., et\u00a0al.: Medusa: unveil memory exhaustion DoS vulnerabilities in protocol implementations. In: Proceedings of the ACM on Web Conference 2024, pp. 1668\u20131679 (2024)","DOI":"10.1145\/3589334.3645476"},{"key":"12_CR13","unstructured":"Exim internet mailer. https:\/\/www.exim.org\/"},{"key":"12_CR14","unstructured":"Facebook: OOMD-meta incubator. https:\/\/github.com\/facebookincubator\/oomd"},{"key":"12_CR15","doi-asserted-by":"crossref","unstructured":"Fink, G.A., Griswold, R.L., Beech, Z.W.: Quantifying cyber-resilience against resource-exhaustion attacks. In: 2014 7th International Symposium on Resilient Control Systems (ISRCS), pp.\u00a01\u20138. IEEE (2014)","DOI":"10.1109\/ISRCS.2014.6900093"},{"key":"12_CR16","unstructured":"The Apache Software Foundation: Apache prefork model documentation. https:\/\/httpd.apache.org\/docs\/2.4\/mod\/prefork.html"},{"key":"12_CR17","unstructured":"Wikimedia Foundation. https:\/\/github.com\/wikimedia\/operations-puppet"},{"key":"12_CR18","unstructured":"cgroups - Linux man pages. https:\/\/man7.org\/linux\/man-pages\/man7\/cgroups.7.html"},{"key":"12_CR19","doi-asserted-by":"crossref","unstructured":"Groza, B., Minea, M.: Formal modelling and automatic detection of resource exhaustion attacks. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, pp. 326\u2013333 (2011)","DOI":"10.1145\/1966913.1966955"},{"key":"12_CR20","doi-asserted-by":"crossref","unstructured":"Hareesh, M., Yaswanth, K., Sreeja, M., Kalady, S.: Accurate fork bomb detection by process name. In: 2017 International Conference on Intelligent Computing, Instrumentation and Control Technologies (ICICICT), pp. 1504\u20131508. IEEE (2017)","DOI":"10.1109\/ICICICT1.2017.8342793"},{"key":"12_CR21","series-title":"Lecture Notes in Electrical Engineering","doi-asserted-by":"publisher","first-page":"633","DOI":"10.1007\/978-981-15-2317-5_53","volume-title":"InECCE2019","author":"MM Hassan","year":"2020","unstructured":"Hassan, M.M., Mustain, U., Khatun, S., Karim, M., Nishat, N., Rahman, M.: Quantitative assessment of remote code execution vulnerability in web apps. In: Kasruddin Nasir, A.N., et al. (eds.) InECCE2019. LNEE, vol. 632, pp. 633\u2013642. Springer, Singapore (2020). https:\/\/doi.org\/10.1007\/978-981-15-2317-5_53"},{"key":"12_CR22","unstructured":"Jarland\u00a0Donnell, R.A.: Scripts for updating mxroute directadmin servers. https:\/\/github.com\/mxroute\/da_server_updates"},{"issue":"201","key":"12_CR23","first-page":"5","volume":"2011","author":"T Kay","year":"2011","unstructured":"Kay, T.: Linux swap space. Linux J. 2011(201), 5 (2011)","journal-title":"Linux J."},{"key":"12_CR24","doi-asserted-by":"crossref","unstructured":"Kudrjavets, G., Kumar, A., Thomas, J., Rastogi, A.: What do you mean by memory? When engineers are lost in the maze of complexity. In: Proceedings of the 46th International Conference on Software Engineering: Software Engineering in Practice, pp. 405\u2013407 (2024)","DOI":"10.1145\/3639477.3639735"},{"key":"12_CR25","doi-asserted-by":"crossref","unstructured":"Kudrjavets, G., Thomas, J., Kumar, A., Nagappan, N., Rastogi, A.: When malloc() never returns NULL\u2014reliability as an illusion. In: 2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), pp. 31\u201336. IEEE (2022)","DOI":"10.1109\/ISSREW55968.2022.00035"},{"key":"12_CR26","doi-asserted-by":"crossref","unstructured":"Nakagawa, G., Oikawa, S.: Fork bomb attack mitigation by process resource quarantine. In: 2016 Fourth International Symposium on Computing and Networking (CANDAR), pp. 691\u2013695. IEEE (2016)","DOI":"10.1109\/CANDAR.2016.0124"},{"issue":"1","key":"12_CR27","doi-asserted-by":"publisher","first-page":"74","DOI":"10.1145\/130616.130623","volume":"1","author":"RH Netzer","year":"1992","unstructured":"Netzer, R.H., Miller, B.P.: What are race conditions? Some issues and formalizations. ACM Lett. Programm. Lang. Syst. (LOPLAS) 1(1), 74\u201388 (1992)","journal-title":"ACM Lett. Programm. Lang. Syst. (LOPLAS)"},{"key":"12_CR28","unstructured":"Owda, H., Shah, M.A., Musa, A.I., Tamimy, M.I.: A comparison of page replacement algorithms in Linux memory management. Memory 1, 2 (2014)"},{"key":"12_CR29","unstructured":"Patare, P., Govindan, V.: Efficient handling of low memory situations in Linux. Int. J. Eng. Res. Technol. 4 (2015)"},{"key":"12_CR30","unstructured":"Poettering, L.: The systemd system and service manager. https:\/\/github.com\/systemd\/systemd"},{"key":"12_CR31","unstructured":"Saggu, J.S.: Multi-user operating system. https:\/\/www.naukri.com\/code360\/library\/multi-user-operating-system"},{"key":"12_CR32","unstructured":"Samba: Windows interoperability suite of programs for Linux and Unix. https:\/\/www.samba.org\/"},{"key":"12_CR33","doi-asserted-by":"publisher","first-page":"125","DOI":"10.32622\/ijrat.74201911","volume":"7","author":"KD Shah","year":"2021","unstructured":"Shah, K.D., Patel, K.V.: Security against Fork Bomb attack in Linux based systems. Int. J. Res. Advent Technol. 7, 125\u2013128 (2021)","journal-title":"Int. J. Res. Advent Technol."},{"key":"12_CR34","unstructured":"StackScale: The 500 most powerful supercomputers use Linux (2024). https:\/\/www.stackscale.com\/blog\/most-powerful-supercomputers-linux\/"},{"key":"12_CR35","unstructured":"Systemd unit files documentation. https:\/\/www.freedesktop.org\/software\/systemd\/man\/latest\/systemd.service.html"},{"key":"12_CR36","unstructured":"Torvalds, L.: Badness score definition. https:\/\/github.com\/torvalds\/linux\/blob\/master\/mm\/oom_kill.c#L202"},{"key":"12_CR37","unstructured":"Torvalds, L.: threads-max default value setting. https:\/\/github.com\/torvalds\/linux\/blob\/master\/kernel\/fork.c#L997"},{"key":"12_CR38","unstructured":"Torwalds, L.: Linux OOM_score definition. https:\/\/github.com\/torvalds\/linux\/blob\/master\/fs\/proc\/base.c#L585"},{"key":"12_CR39","unstructured":"Vissol, C.: Systemd and cgroup. https:\/\/medium.com\/@charles.vissol\/systemd-and-cgroup-7eb80a08234d"},{"key":"12_CR40","doi-asserted-by":"crossref","unstructured":"Xiao, F., Yang, Z., Allen, J., Yang, G., Williams, G., Lee, W.: Understanding and mitigating remote code execution vulnerabilities in cross-platform ecosystem. In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, pp. 2975\u20132988 (2022)","DOI":"10.1145\/3548606.3559340"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-97623-0_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,7]],"date-time":"2025-09-07T01:56:20Z","timestamp":1757210180000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-97623-0_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031976223","9783031976230"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-97623-0_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"10 July 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DIMVA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Graz","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Austria","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 July 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 July 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dimva2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/dimva.org\/dimva2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}