{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,31]],"date-time":"2026-01-31T02:35:41Z","timestamp":1769826941922,"version":"3.49.0"},"publisher-location":"Cham","reference-count":16,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031976223","type":"print"},{"value":"9783031976230","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-97623-0_19","type":"book-chapter","created":{"date-parts":[[2025,7,10]],"date-time":"2025-07-10T09:27:12Z","timestamp":1752139632000},"page":"316-322","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Poster: Building Confidence in\u00a0Hardware-Based Ransomware Detection Through Hardware Performance Counter Event Correlation"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-8983-522X","authenticated-orcid":false,"given":"Ryan","family":"Binder","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0004-4470-3960","authenticated-orcid":false,"given":"Joshua","family":"Byun","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7235-548X","authenticated-orcid":false,"given":"Dane","family":"Brown","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9709-5090","authenticated-orcid":false,"suffix":"III","given":"T. Owens","family":"Walker","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0674-154X","authenticated-orcid":false,"given":"Jennie E.","family":"Hill","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,7,10]]},"reference":[{"key":"19_CR1","unstructured":"Cybercrime to cost the world \\$9.5 trillion in USD annually in 2024. https:\/\/www.esentire.com\/web-native-pages\/cybercrime-to-cost-the-world-9-5-trillion-usd-annually-in-2024. Accessed 1 May 2025"},{"key":"19_CR2","unstructured":"Alam, M., Sinha, S., Bhattacharya, S., Dutta, S., Mukhopadhyay, D., Chattopadhyay, A.: Rapper: ransomware prevention via performance counters. arXiv preprint arXiv:2004.01712 (2020)"},{"issue":"3","key":"19_CR3","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3608484","volume":"4","author":"PM Anand","year":"2023","unstructured":"Anand, P.M., Charan, P.S., Shukla, S.K.: Hiper-early detection of a ransomware attack using hardware performance counters. Digital Threats Res. Pract. 4(3), 1\u201324 (2023)","journal-title":"Digital Threats Res. Pract."},{"key":"19_CR4","doi-asserted-by":"crossref","unstructured":"Das, S., Werner, J., Antonakakis, M., Polychronakis, M., Monrose, F.: SoK: the challenges, pitfalls, and perils of using hardware performance counters for security. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 20\u201338. IEEE (2019)","DOI":"10.1109\/SP.2019.00021"},{"key":"19_CR5","doi-asserted-by":"crossref","unstructured":"Dinakarrao, S.M.P., et al.: Adversarial attack on microarchitectural events based malware detectors. In: Proceedings of the 56th Annual Design Automation Conference 2019, pp.\u00a01\u20136 (2019)","DOI":"10.1145\/3316781.3317762"},{"issue":"7","key":"19_CR6","doi-asserted-by":"publisher","first-page":"2066","DOI":"10.1109\/TCAD.2021.3102007","volume":"41","author":"R Elnaggar","year":"2021","unstructured":"Elnaggar, R., Servadei, L., Mathur, S., Wille, R., Ecker, W., Chakrabarty, K.: Accurate and robust malware detection: running XGBoost on runtime data from performance counters. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 41(7), 2066\u20132079 (2021)","journal-title":"IEEE Trans. Comput. Aided Des. Integr. Circuits Syst."},{"issue":"5\u20136","key":"19_CR7","first-page":"335","volume":"60","author":"D Gruss","year":"2018","unstructured":"Gruss, D.: Software-based microarchitectural attacks. IT Inf. Technol. 60(5\u20136), 335\u2013341 (2018)","journal-title":"IT Inf. Technol."},{"key":"19_CR8","doi-asserted-by":"crossref","unstructured":"Hill, J.E., Walker, T.O., Blanco, J.A., Ives, R.W., Rakvic, R., Jacob, B.: Ransomware classification using hardware performance counters on a non-virtualized system. IEEE Access (2024)","DOI":"10.1109\/ACCESS.2024.3395491"},{"key":"19_CR9","unstructured":"Mushtaq, M., Benoit, P., Farooq, U.: Challenges of using performance counters in security against side-channel leakage. In: 5th International Conference on Cyber-Technologies and Cyber-Systems (CYBER 2020) (2020)"},{"key":"19_CR10","doi-asserted-by":"crossref","unstructured":"Olani, G., Wu, C.F., Chang, Y.H., Shih, W.K.: DeepWare: imaging performance counters with deep learning to detect ransomware. IEEE Trans. Comput. (2022)","DOI":"10.1109\/TC.2022.3173149"},{"key":"19_CR11","unstructured":"Pundir, N., Tehranipoor, M., Rahman, F.: RanStop: a hardware-assisted runtime crypto-ransomware detection technique. arXiv preprint arXiv:2011.12248 (2020)"},{"key":"19_CR12","doi-asserted-by":"crossref","unstructured":"Sayadi, H., He, Z., Makrani, H.M., Homayoun, H.: Intelligent malware detection based on hardware performance counters: a comprehensive survey. In: 2024 25th International Symposium on Quality Electronic Design (ISQED), pp. 1\u201310. IEEE (2024)","DOI":"10.1109\/ISQED60706.2024.10528369"},{"key":"19_CR13","doi-asserted-by":"crossref","unstructured":"Startzel, C., Brown, D., Owens Walker\u00a0III, T., Hill, J.E.: Identifying ransomware functions through microarchitectural side-channel analysis. In: International Conference on Science of Cyber Security, pp. 19\u201336. Springer (2024)","DOI":"10.1007\/978-981-96-2417-1_2"},{"issue":"1","key":"19_CR14","doi-asserted-by":"publisher","first-page":"172","DOI":"10.3390\/app12010172","volume":"12","author":"U Urooj","year":"2021","unstructured":"Urooj, U., Al-rimy, B., Zainal, A., Ghaleb, F.A., Rassam, M.A.: Ransomware detection using the dynamic analysis and machine learning: a survey and research directions. Appl. Sci. 12(1), 172 (2021)","journal-title":"Appl. Sci."},{"key":"19_CR15","doi-asserted-by":"crossref","unstructured":"Weaver, V.M., McKee, S.A.: Can hardware performance counters be trusted? In: 2008 IEEE International Symposium on Workload Characterization, pp. 141\u2013150. IEEE (2008)","DOI":"10.1109\/IISWC.2008.4636099"},{"issue":"3","key":"19_CR16","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1109\/MDAT.2021.3063338","volume":"38","author":"B Zhou","year":"2021","unstructured":"Zhou, B., Gupta, A., Jahanshahi, R., Egele, M., Joshi, A.: A cautionary tale about detecting malware using hardware performance counters and machine learning. IEEE Des. Test 38(3), 39\u201350 (2021)","journal-title":"IEEE Des. Test"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-97623-0_19","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,7]],"date-time":"2025-09-07T01:44:13Z","timestamp":1757209453000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-97623-0_19"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031976223","9783031976230"],"references-count":16,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-97623-0_19","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"10 July 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DIMVA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Graz","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Austria","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 July 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 July 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dimva2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/dimva.org\/dimva2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}