{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,30]],"date-time":"2026-04-30T16:34:48Z","timestamp":1777566888256,"version":"3.51.4"},"publisher-location":"Cham","reference-count":53,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319261478","type":"print"},{"value":"9783319261485","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-26148-5_40","type":"book-chapter","created":{"date-parts":[[2015,10,14]],"date-time":"2015-10-14T05:50:57Z","timestamp":1444801857000},"page":"594-611","source":"Crossref","is-referenced-by-count":6,"title":["CloudIDEA: A Malware Defense Architecture for Cloud Data Centers"],"prefix":"10.1007","author":[{"given":"Andreas","family":"Fischer","sequence":"first","affiliation":[]},{"given":"Thomas","family":"Kittel","sequence":"additional","affiliation":[]},{"given":"Bojan","family":"Kolosnjaji","sequence":"additional","affiliation":[]},{"given":"Tamas K.","family":"Lengyel","sequence":"additional","affiliation":[]},{"given":"Waseem","family":"Mandarawi","sequence":"additional","affiliation":[]},{"given":"Hermann","family":"de Meer","sequence":"additional","affiliation":[]},{"given":"Tilo","family":"M\u00fcller","sequence":"additional","affiliation":[]},{"given":"Mykola","family":"Protsenko","sequence":"additional","affiliation":[]},{"given":"Hans P.","family":"Reiser","sequence":"additional","affiliation":[]},{"given":"Benjamin","family":"Taubmann","sequence":"additional","affiliation":[]},{"given":"Eva","family":"Weish\u00e4upl","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,10,28]]},"reference":[{"key":"40_CR1","doi-asserted-by":"crossref","unstructured":"Akoush, S., Sohan, R., Rice, A., Moore, A., Hopper, A.: Predicting the performance of virtual machine migration. In: IEEE Int. Symp. on Modeling, Analysis Simulation of Comp. and Telecomm. Systems (MASCOTS), pp. 37\u201346 (2010)","DOI":"10.1109\/MASCOTS.2010.13"},{"key":"40_CR2","unstructured":"Bitdefender: Xen: Emulate with no writes (2014). http:\/\/lists.xen.org\/archives\/html\/xen-devel\/2014-08\/msg00264.html"},{"key":"40_CR3","unstructured":"Butler, J.: DKOM (direct kernel object manipulation). Black Hat Windows Security (2004)"},{"key":"40_CR4","unstructured":"Butler, J., Silberman, P.: Raide: Rootkit analysis identification elimination. Black Hat USA 47 (2006)"},{"key":"40_CR5","unstructured":"Chen, P.M., Noble, B.D.: When virtual is better than real. In: Proc. of the 8th Workshop on Hot Topics in Operating Systems, pp. 133\u2013138. IEEE (2001)"},{"key":"40_CR6","unstructured":"Coker, G.: Xen security modules (xsm), March 24, 2015. http:\/\/mail.xen.org\/files\/summit_3\/coker-xsm-summit-090706.pdf"},{"key":"40_CR7","doi-asserted-by":"crossref","unstructured":"Deng, Z., Zhang, X., Xu, D.: SPIDER: stealthy binary program instrumentation and debugging via hardware virtualization. In: Proc. of the 29th Annual Computer Security Applications Conference, ACSAC 2013, pp. 289\u2013298. ACM (2013)","DOI":"10.1145\/2523649.2523675"},{"key":"40_CR8","doi-asserted-by":"crossref","unstructured":"Dinaburg, A., Royal, P., Sharif, M., Lee, W.: Ether: malware analysis via hardware virtualization extensions. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS 2008, pp. 51\u201362. ACM (2008)","DOI":"10.1145\/1455770.1455779"},{"key":"40_CR9","doi-asserted-by":"crossref","unstructured":"Dolan-Gavitt, B., Srivastava, A., Traynor, P., Giffin, J.: Robust signatures for kernel data structures. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 566\u2013577. ACM (2009)","DOI":"10.1145\/1653662.1653730"},{"key":"40_CR10","doi-asserted-by":"crossref","unstructured":"Dolgikh, A., Birnbaum, Z., Chen, Y., Skormin, V.: Behavioral modeling for suspicious process detection in cloud computing environments. In: IEEE 14th Int. Conf. on Mobile Data Management (MDM), vol. 2, pp. 177\u2013181, June 2013","DOI":"10.1109\/MDM.2013.90"},{"key":"40_CR11","unstructured":"Dontu, M., Sahita, R.: Zero-footprint guest memory introspection from xen, January 15, 2015. http:\/\/www.xenproject.org\/component\/allvideoshare\/video\/xpds14-introspection.html"},{"key":"40_CR12","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1016\/j.diin.2013.06.010","volume":"10","author":"J Dykstra","year":"2013","unstructured":"Dykstra, J., Sherman, A.T.: Design and implementation of FROST: Digital forensic tools for the OpenStack cloud computing platform. Digit. Investig. 10, 87\u201395 (2013)","journal-title":"Digit. Investig."},{"key":"40_CR13","unstructured":"Florio, E.: When malware meets rootkits. Virus Bulletin (2005)"},{"key":"40_CR14","unstructured":"Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Proc. Network and Distributed Systems Security Symposium, pp. 191\u2013206 (2003)"},{"key":"40_CR15","doi-asserted-by":"crossref","unstructured":"Gionta, J., Azab, A., Enck, W., Ning, P., Zhang, X.: Seer: practical memory virus scanning as a service. In: Proceedings of the 30th Annual Computer Security Applications Conference, pp. 186\u2013195. ACM (2014)","DOI":"10.1145\/2664243.2664271"},{"key":"40_CR16","doi-asserted-by":"crossref","unstructured":"Gonzalez, N., Miers, C., Redigolo, F., Carvalho, T., Simplicio, M., Naslund, M., Pourzandi, M.: A quantitative analysis of current security concerns and solutions for cloud computing. In: Proc. of the 2011 IEEE 3rd Int. Conf. on Cloud Computing Technology and Science, CLOUDCOM 2011, pp. 231\u2013238. IEEE CS (2011)","DOI":"10.1109\/CloudCom.2011.39"},{"key":"40_CR17","doi-asserted-by":"crossref","unstructured":"Harrison, K., Bordbar, B., Ali, S., Dalton, C., Norman, A.: A framework for detecting malware in cloud by identifying symptoms. In: IEEE 16th Int. Enterprise Distributed Object Computing Conference (EDOC), pp. 164\u2013172, September 2012","DOI":"10.1109\/EDOC.2012.27"},{"key":"40_CR18","unstructured":"Heller, K., Svore, K., Keromytis, A.D., Stolfo, S.: One class support vector machines for detecting anomalous windows registry accesses. In: Workshop on Data Mining for Computer Security (DMSEC), pp. 2\u20139 (2003)"},{"key":"40_CR19","doi-asserted-by":"crossref","first-page":"151","DOI":"10.3233\/JCS-980109","volume":"6","author":"SA Hofmeyr","year":"1998","unstructured":"Hofmeyr, S.A., Somayaji, A., Forrest, S.: Intrusion detection using sequences of system calls. Journal of Computer Security 6, 151\u2013180 (1998)","journal-title":"Journal of Computer Security"},{"key":"40_CR20","doi-asserted-by":"crossref","unstructured":"Ivaturi, K., Wolf, T.: Mapping of delay-sensitive virtual networks. In: Int. Conf. on Computing, Networking and Communications (ICNC), pp. 341\u2013347 (2014)","DOI":"10.1109\/ICCNC.2014.6785357"},{"key":"40_CR21","doi-asserted-by":"crossref","unstructured":"Jain, B., Baig, M.B., Zhang, D., Porter, D.E., Sion, R.: Sok: Introspections on trust and the semantic gap. In: Proc. of the 2014 IEEE Symp. on Security and Privacy, SP 2014, pp. 605\u2013620. IEEE CS (2014)","DOI":"10.1109\/SP.2014.45"},{"key":"40_CR22","doi-asserted-by":"crossref","unstructured":"Jansen, R., Brenner, P.: Energy efficient virtual machine allocation in the cloud. In: Int. Green Computing Conference and Workshops (IGCC), pp. 1\u20138, July 2011","DOI":"10.1109\/IGCC.2011.6008550"},{"key":"40_CR23","doi-asserted-by":"crossref","unstructured":"Jiang, X., Wang, X., Xu, D.: Stealthy malware detection through vmm-based \u201cout-of-the-box\u201d semantic view reconstruction. In: Proc. of the 14th ACM Conference on Computer and Communications Security, CCS 2007, pp. 128\u2013138. ACM (2007)","DOI":"10.1145\/1315245.1315262"},{"key":"40_CR24","unstructured":"Kirat, D., Vigna, G., Kruegel, C.: Barecloud: bare-metal analysis-based evasive malware detection. In: Proc. of the 23rd USENIX Conference on Security Symposium, SEC 2014, pp. 287\u2013301. USENIX Association, Berkeley (2014)"},{"key":"40_CR25","unstructured":"Kittel, T., Vogl, S., Lengyel, T.K., Pfoh, J., Eckert, C.: Code validation for modern os kernels. In: Workshop on Malware Memory Forensics (MMF), December 2014"},{"key":"40_CR26","doi-asserted-by":"crossref","unstructured":"Lengyel, T.K., Maresca, S., Payne, B.D., Webster, G.D., Vogl, S., Kiayias, A.: Scalability, fidelity and stealth in the drakvuf dynamic malware analysis system. In: Proc. of the 30th Annual Computer Security Applications Conference (2014)","DOI":"10.1145\/2664243.2664252"},{"key":"40_CR27","doi-asserted-by":"crossref","unstructured":"Lobo, D., Watters, P., Wu, X., Sun, L., et al.: Windows rootkits: attacks and countermeasures. In: 2010 Second Cybercrime and Trustworthy Computing Workshop, pp. 69\u201378. IEEE (2010)","DOI":"10.1109\/CTC.2010.9"},{"key":"40_CR28","doi-asserted-by":"crossref","unstructured":"Marnerides, A., Watson, M., Shirazi, N., Mauthe, A., Hutchison, D.: Malware analysis in cloud computing: network and system characteristics. In: 2013 IEEE Globecom Workshops (GC Wkshps), pp. 482\u2013487, December 2013","DOI":"10.1109\/GLOCOMW.2013.6825034"},{"issue":"2","key":"40_CR29","doi-asserted-by":"publisher","first-page":"71","DOI":"10.1016\/j.diin.2012.07.001","volume":"9","author":"B Martini","year":"2012","unstructured":"Martini, B., Choo, K.R.: An integrated conceptual digital forensic framework for cloud computing. Digital Investigation 9(2), 71\u201380 (2012)","journal-title":"Digital Investigation"},{"key":"40_CR30","doi-asserted-by":"crossref","unstructured":"Payne, B.D., Carbone, M., Sharif, M., Lee, W.: Lares: An architecture for secure active monitoring using virtualization. In: IEEE Symposium on Security and Privacy, SP 2008, pp. 233\u2013247. IEEE (2008)","DOI":"10.1109\/SP.2008.24"},{"key":"40_CR31","doi-asserted-by":"crossref","unstructured":"Perez-Botero, D., Szefer, J., Lee, R.B.: Characterizing hypervisor vulnerabilities in cloud computing servers. In: Proc. of the 2013 Int. Workshop on Security in Cloud Computing. Cloud Computing 2013, pp. 3\u201310. ACM (2013)","DOI":"10.1145\/2484402.2484406"},{"key":"40_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"206","DOI":"10.1007\/978-3-642-38631-2_16","volume-title":"Network and System Security","author":"J Pfoh","year":"2013","unstructured":"Pfoh, J., Schneider, C., Eckert, C.: Leveraging string kernels for malware detection. In: Lopez, J., Huang, X., Sandhu, R. (eds.) NSS 2013. LNCS, vol. 7873, pp. 206\u2013219. Springer, Heidelberg (2013)"},{"issue":"1","key":"40_CR33","first-page":"135","volume":"4","author":"R Poisel","year":"2013","unstructured":"Poisel, R., Malzer, E., Tjoa, S.: Evidence and cloud computing: The virtual machine introspection approach. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA) 4(1), 135\u2013152 (2013)","journal-title":"Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA)"},{"key":"40_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"178","DOI":"10.1007\/978-3-642-15512-3_10","volume-title":"Recent Advances in Intrusion Detection","author":"J Rhee","year":"2010","unstructured":"Rhee, J., Riley, R., Xu, D., Jiang, X.: Kernel malware analysis with un-tampered and temporal views of dynamic kernel memory. In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol. 6307, pp. 178\u2013197. Springer, Heidelberg (2010)"},{"issue":"4","key":"40_CR35","doi-asserted-by":"crossref","first-page":"639","DOI":"10.3233\/JCS-2010-0410","volume":"19","author":"K Rieck","year":"2011","unstructured":"Rieck, K., Trinius, P., Willems, C., Holz, T.: Automatic analysis of malware behavior using machine learning. Journal of Computer Security 19(4), 639\u2013668 (2011)","journal-title":"Journal of Computer Security"},{"key":"40_CR36","unstructured":"Salfner, F., Tr\u00f6ger, P., Richly, M.: Dependable Estimation of Downtime for Virtual Machine Live Migration. Int. J. on Advances in Systems and Measurements 5 (2012)"},{"key":"40_CR37","doi-asserted-by":"crossref","unstructured":"Schmidt, M., Baumgartner, L., Graubner, P., Bock, D., Freisleben, B.: Malware detection and kernel rootkit prevention in cloud computing environments. In: 2011 19th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP), pp. 603\u2013610, February 2011","DOI":"10.1109\/PDP.2011.45"},{"issue":"2","key":"40_CR38","doi-asserted-by":"publisher","first-page":"335","DOI":"10.1109\/JSYST.2012.2221998","volume":"7","author":"R Shea","year":"2013","unstructured":"Shea, R., Liu, J.: Performance of virtual machines under networked denial of service attacks: Experiments and analysis. IEEE Systems Journal 7(2), 335\u2013345 (2013)","journal-title":"IEEE Systems Journal"},{"key":"40_CR39","doi-asserted-by":"crossref","unstructured":"Somorovsky, J., Heiderich, M., Jensen, M., Schwenk, J., Gruschka, N., Lo Iacono, L.: All your clouds are belong to us: security analysis of cloud management interfaces. In: Proc. of the 3rd ACM Workshop on Cloud Computing Security, CCSW 2011, pp. 3\u201314. ACM, New York (2011)","DOI":"10.1145\/2046660.2046664"},{"key":"40_CR40","unstructured":"Studnia, I., Alata, E., Deswarte, Y., Kaaniche, M., Nicomette, V.: Survey of security problems in cloud computing virtual machines. Tech. rep., CNRS, LAAS, 7 Avenue du colonel Roche, F-31400 Toulouse, France (2012)"},{"key":"40_CR41","doi-asserted-by":"crossref","unstructured":"Szekeres, L., Payer, M., Wei, T., Song, D.: Sok: Eternal war in memory. In: IEEE Symp. on Security and Privacy, pp. 48\u201362. IEEE (2013)","DOI":"10.1109\/SP.2013.13"},{"key":"40_CR42","doi-asserted-by":"crossref","unstructured":"Tegeler, F., Fu, X., Vigna, G., Kruegel, C.: Botfinder: finding bots in network traffic without deep packet inspection. In: Proc. of the 8th Int. Conf. on Emerging Networking Experiments and Technologies, pp. 349\u2013360. ACM (2012)","DOI":"10.1145\/2413176.2413217"},{"key":"40_CR43","doi-asserted-by":"crossref","unstructured":"Vasudevan, A., Yerraballi, R.: Cobra: fine-grained malware analysis using stealth localized-executions. In: IEEE Symp. on Security and Privacy, pp. 15\u2013279 (2006)","DOI":"10.1109\/SP.2006.9"},{"key":"40_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"254","DOI":"10.1007\/978-3-642-10665-1_23","volume-title":"Cloud Computing","author":"W Voorsluys","year":"2009","unstructured":"Voorsluys, W., Broberg, J., Venugopal, S., Buyya, R.: Cost of virtual machine live migration in clouds: a performance evaluation. In: Jaatun, M.G., Zhao, G., Rong, C. (eds.) Cloud Computing. LNCS, vol. 5931, pp. 254\u2013265. Springer, Heidelberg (2009)"},{"key":"40_CR45","doi-asserted-by":"crossref","unstructured":"Warrender, C., Forrest, S., Pearlmutter, B.: Detecting intrusions using system calls: alternative data models. In: Proc. of the IEEE Symp. on Security and Privacy, pp. 133\u2013145. IEEE (1999)","DOI":"10.1109\/SECPRI.1999.766910"},{"key":"40_CR46","doi-asserted-by":"crossref","unstructured":"Willems, C., Hund, R., Fobian, A., Felsch, D., Holz, T., Vasudevan, A.: Down to the bare metal: using processor features for binary analysis. In: Proc. of the 28th Ann. Computer Security Applications Conf. (ACSAC), pp. 189\u2013198. ACM (2012)","DOI":"10.1145\/2420950.2420980"},{"key":"40_CR47","unstructured":"Willems, C., Hund, R., Holz, T.: Cxpinspector: Hypervisor-based, hardware-assisted system monitoring. Ruhr-Universitat Bochum, Tech. rep. (2013)"},{"key":"40_CR48","unstructured":"Wood, T., Cecchet, E., Ramakrishnan, K.K., Shenoy, P., van der Merwe, J., Venkataramani, A.: Disaster recovery as a cloud service: economic benefits & deployment challenges. In: Proc. of the 2nd USENIX Conf. on Hot Topics in Cloud Computing. HotCloud 2010, p. 8. USENIX Association (2010)"},{"key":"40_CR49","doi-asserted-by":"crossref","unstructured":"Xiao, H., Stibor, T.: A supervised topic transition model for detecting malicious system call sequences. In: Proceedings of the 2011 Workshop on Knowledge Discovery, Modeling and Simulation, pp. 23\u201330. ACM (2011)","DOI":"10.1145\/2023568.2023577"},{"key":"40_CR50","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-14215-4_1","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"H Yin","year":"2010","unstructured":"Yin, H., Poosankam, P., Hanna, S., Song, D.: Hookscout: proactive binary-centric hook detection. In: Kreibich, C., Jahnke, M. (eds.) DIMVA 2010. LNCS, vol. 6201, pp. 1\u201320. Springer, Heidelberg (2010)"},{"key":"40_CR51","doi-asserted-by":"crossref","unstructured":"Zafarullah, Anwar, F., Anwar, Z.: Digital forensics for eucalyptus. In: Proc. of the 2011 Frontiers of Information Technology, FIT 2011, pp. 110\u2013116. IEEE CS (2011)","DOI":"10.1109\/FIT.2011.28"},{"key":"40_CR52","doi-asserted-by":"crossref","unstructured":"Zhang, Y., Juels, A., Oprea, A., Reiter, M.: Homealone: co-residency detection in the cloud via side-channel analysis. In: IEEE Sympl. on Security and Privacy, pp. 313\u2013328, May 2011","DOI":"10.1109\/SP.2011.31"},{"key":"40_CR53","doi-asserted-by":"crossref","unstructured":"Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-vm side channels and their use to extract private keys. In: Proc. of the 2012 ACM Conf. on Computer and Communications Security, CCS 2012, pp. 305\u2013316. ACM (2012)","DOI":"10.1145\/2382196.2382230"}],"container-title":["Lecture Notes in Computer Science","On the Move to Meaningful Internet Systems: OTM 2015 Conferences"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-26148-5_40","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,31]],"date-time":"2025-05-31T01:09:45Z","timestamp":1748653785000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-26148-5_40"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319261478","9783319261485"],"references-count":53,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-26148-5_40","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015]]}}}