{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,16]],"date-time":"2026-02-16T10:15:32Z","timestamp":1771236932132,"version":"3.50.1"},"publisher-location":"Cham","reference-count":31,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319113784","type":"print"},{"value":"9783319113791","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-319-11379-1_19","type":"book-chapter","created":{"date-parts":[[2014,8,19]],"date-time":"2014-08-19T23:14:54Z","timestamp":1408490094000},"page":"384-404","source":"Crossref","is-referenced-by-count":12,"title":["On Emulation-Based Network Intrusion Detection Systems"],"prefix":"10.1007","author":[{"given":"Ali","family":"Abbasi","sequence":"first","affiliation":[]},{"given":"Jos","family":"Wetzels","sequence":"additional","affiliation":[]},{"given":"Wouter","family":"Bokslag","sequence":"additional","affiliation":[]},{"given":"Emmanuele","family":"Zambon","sequence":"additional","affiliation":[]},{"given":"Sandro","family":"Etalle","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"19_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1007\/11790754_4","volume-title":"Detection of Intrusions and Malware & Vulnerability Assessment","author":"M. Polychronakis","year":"2006","unstructured":"Polychronakis, M., Anagnostakis, K.G., Markatos, E.P.: Network\u2013Level polymorphic shellcode detection using emulation. In: B\u00fcschkes, R., Laskov, P. (eds.) DIMVA 2006. LNCS, vol.\u00a04064, pp. 54\u201373. Springer, Heidelberg (2006)"},{"key":"19_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"68","DOI":"10.1007\/978-3-642-02918-9_5","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"M. Shimamura","year":"2009","unstructured":"Shimamura, M., Kono, K.: Yataglass: Network-level code emulation for analyzing memory-scanning attacks. In: Flegel, U., Bruschi, D. (eds.) DIMVA 2009. LNCS, vol.\u00a05587, pp. 68\u201387. Springer, Heidelberg (2009)"},{"key":"19_CR3","doi-asserted-by":"crossref","unstructured":"Polychronakis, M., Anagnostakis, K., Markatos, E.: Comprehensive shellcode detection using runtime heuristics. In: Proc. of the 26th Annual Computer Security Applications Conference (ACSAC 2010), pp. 287\u2013296. ACM (2010)","DOI":"10.1145\/1920261.1920305"},{"key":"19_CR4","unstructured":"Snow, K., Krishnan, S., Monrose, F., Provos, N.: SHELLOS: Enabling Fast Detection and Forensic Analysis of Code Injection Attacks. In: USENIX Security Symposium (2011)"},{"key":"19_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"88","DOI":"10.1007\/978-3-642-02918-9_6","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"M. Egele","year":"2009","unstructured":"Egele, M., Wurzinger, P., Kruegel, C., Kirda, E.: Defending browsers against drive-by downloads: Mitigating heap-spraying code injection attacks. In: Flegel, U., Bruschi, D. (eds.) DIMVA 2009. LNCS, vol.\u00a05587, pp. 88\u2013106. Springer, Heidelberg (2009)"},{"key":"19_CR6","doi-asserted-by":"crossref","unstructured":"Gu, B., Bai, X., Yang, Z., Champion, A., Xuan, D.: Malicious shellcode detection with virtual memory snapshots. In: Proc. of IEEE INFOCOM 2010, pp. 1\u20139. IEEE (2010)","DOI":"10.1109\/INFCOM.2010.5461950"},{"key":"19_CR7","doi-asserted-by":"crossref","unstructured":"Portokalidis, G., Slowinska, A., Bos, H.: Argos: An emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation. In: Proc. of ACM SIGOPS Operating Systems Review, vol.\u00a040(4), pp. 15\u201327. ACM (2006)","DOI":"10.1145\/1218063.1217938"},{"key":"19_CR8","doi-asserted-by":"crossref","unstructured":"Zhang, Q., Reeves, D., Ning, P., Iyer, S.: Analyzing network traffic to detect self-decrypting exploit code. In: Proc. of the 2nd ACM Symposium on Information, Computer and Communications Security (CCS 2007), pp. 4\u201312. ACM (2007)","DOI":"10.1145\/1229285.1229291"},{"key":"19_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1007\/978-3-540-74320-0_5","volume-title":"Recent Advances in Intrusion Detection","author":"M. Polychronakis","year":"2007","unstructured":"Polychronakis, M., Anagnostakis, K.G., Markatos, E.P.: Emulation-based detection of non-self-contained polymorphic shellcode. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol.\u00a04637, pp. 87\u2013106. Springer, Heidelberg (2007)"},{"key":"19_CR10","unstructured":"Honeynet Project, Dionaea, a low-interaction honeypot (2008), \n                    \n                      http:\/\/www.honeynet.org\/project\/Dionaea"},{"key":"19_CR11","unstructured":"Markatos, E., Anagnostakis, K.: Noah: A european network of affined honeypots for cyber-attack tracking and alerting. The Parliament Magazine 262 (2008)"},{"key":"19_CR12","unstructured":"Baecher, P., Koetter, M.: libemu (2009), \n                    \n                      http:\/\/libemu.carnivore.it\/"},{"key":"19_CR13","unstructured":"Branco, R., Barbosa, G., Neto, P.: Scientific but not academical overview of malware anti-debugging, anti-disassembly and anti-vm technologies. In: Black Hat Technical Security Conf., Las Vegas, Nevada (2012)"},{"key":"19_CR14","unstructured":"Sikorski, M., Honig, A.: Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. No Starch Press (2012)"},{"key":"19_CR15","unstructured":"Ferrie, P.: Attacks on more virtual machine emulators. Symantec Technology Exchange (2007)"},{"key":"19_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-75496-1_1","volume-title":"Information Security","author":"T. Raffetseder","year":"2007","unstructured":"Raffetseder, T., Kruegel, C., Kirda, E.: Detecting system emulators. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds.) ISC 2007. LNCS, vol.\u00a04779, pp. 1\u201318. Springer, Heidelberg (2007)"},{"key":"19_CR17","unstructured":"Bania, P.: Evading network-level emulation. arXiv preprint arXiv:0906.1963 (2009)"},{"key":"19_CR18","unstructured":"Skape, Using dual-mappings to evade automated unpackers (October 2008), \n                    \n                      http:\/\/www.uninformed.org\/?v=10&a=1&t=sumry"},{"key":"19_CR19","unstructured":"Linn, C., Rajagopalan, M., Baker, S., Collberg, C., Debray, S., Hartman, J.: Protecting against unexpected system calls. In: Proc. of the 14th USENIX Security Symposium, pp. 239\u2013254 (2005)"},{"key":"19_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"175","DOI":"10.1007\/978-3-540-87403-4_10","volume-title":"Recent Advances in Intrusion Detection","author":"S.P. Chung","year":"2008","unstructured":"Chung, S.P., Mok, A.K.: Swarm attacks against network-level emulation\/analysis. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol.\u00a05230, pp. 175\u2013190. Springer, Heidelberg (2008)"},{"key":"19_CR21","unstructured":"0vercl0k, RP++ ROP Sequences Finder (2013), \n                    \n                      https:\/\/github.com\/0vercl0k\/rp"},{"key":"19_CR22","unstructured":"kingcopes: Attacking the Windows 7\/8 Address Space Randomization (2013), \n                    \n                      http:\/\/kingcope.wordpress.com\/2013\/01\/24\/attacking-the-windows-78-address-space-randomization\/"},{"key":"19_CR23","doi-asserted-by":"crossref","unstructured":"Polychronakis, M., Keromytis, A.D.: Rop payload detection using speculative code execution. In: 2011 6th International Conference on Malicious and Unwanted Software (MALWARE), pp. 58\u201365. IEEE (2011)","DOI":"10.1109\/MALWARE.2011.6112327"},{"key":"19_CR24","unstructured":"Kharn: Exploring RDA (2006), \n                    \n                      http:\/\/www.awarenetwork.org\/etc\/alpha\/?x=3"},{"key":"19_CR25","unstructured":"Rivest, R., Shamir, A., Wagner, D.: Time-lock puzzles and timed-release crypto. Massachusetts Institute of Technology, Tech. Rep. (1996)"},{"key":"19_CR26","unstructured":"Nomenumbra: Countering behavior based malware analysis (2009), \n                    \n                      https:\/\/har2009.org\/program\/track\/Other\/57.en.html"},{"key":"19_CR27","unstructured":"Glynos, D.: Context-keyed Payload Encoding: Fighting the Next Generation of IDS. In: Proc. of Athens IT Security Conference, ATH.C0N 2010 (2010)"},{"issue":"1","key":"19_CR28","doi-asserted-by":"publisher","first-page":"79","DOI":"10.1007\/s11416-006-0011-3","volume":"2","author":"J. Aycock","year":"2006","unstructured":"Aycock, J., de Graaf, R., Jacobson Jr., M.: Anti-disassembly using cryptographic hash functions. Journal in Computer Virology\u00a02(1), 79\u201385 (2006)","journal-title":"Journal in Computer Virology"},{"key":"19_CR29","doi-asserted-by":"crossref","unstructured":"Davi, L., Sadeghi, A., Winandy, M.: ROPdefender: A detection tool to defend against return-oriented programming attacks. In: Proc. of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2011), pp. 40\u201351. ACM (2011)","DOI":"10.1145\/1966913.1966920"},{"key":"19_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"163","DOI":"10.1007\/978-3-642-10772-6_13","volume-title":"Information Systems Security","author":"P. Chen","year":"2009","unstructured":"Chen, P., Xiao, H., Shen, X., Yin, X., Mao, B., Xie, L.: DROP: Detecting return-oriented programming malicious code. In: Prakash, A., Sen Gupta, I. (eds.) ICISS 2009. LNCS, vol.\u00a05905, pp. 163\u2013177. Springer, Heidelberg (2009)"},{"key":"19_CR31","doi-asserted-by":"crossref","unstructured":"Onarlioglu, K., Bilge, L., Lanzi, A., Balzarotti, D., Kirda, E.: G-Free: Defeating return-oriented programming through gadget-less binaries. In: Proc.\u00a0of the 26th Annual Computer Security Applications Conference (ACSAC 2010), pp. 49\u201358. ACM (2010)","DOI":"10.1145\/1920261.1920269"}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-11379-1_19","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,27]],"date-time":"2019-05-27T12:54:07Z","timestamp":1558961647000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-11379-1_19"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783319113784","9783319113791"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-11379-1_19","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014]]}}}