{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,4,23]],"date-time":"2025-04-23T12:05:09Z","timestamp":1745409909594},"publisher-location":"Cham","reference-count":30,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319263618"},{"type":"electronic","value":"9783319263625"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-26362-5_8","type":"book-chapter","created":{"date-parts":[[2015,10,26]],"date-time":"2015-10-26T14:10:45Z","timestamp":1445868645000},"page":"155-176","source":"Crossref","is-referenced-by-count":5,"title":["Probabilistic Inference on Integrity for Access Behavior Based Malware Detection"],"prefix":"10.1007","author":[{"given":"Weixuan","family":"Mao","sequence":"first","affiliation":[]},{"given":"Zhongmin","family":"Cai","sequence":"additional","affiliation":[]},{"given":"Don","family":"Towsley","sequence":"additional","affiliation":[]},{"given":"Xiaohong","family":"Guan","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,12,12]]},"reference":[{"key":"8_CR1","unstructured":"Anderson, R.: Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley & Sons (2008)"},{"key":"8_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1007\/3-540-36084-0_3","volume-title":"Recent Advances in Intrusion Detection","author":"F Apap","year":"2002","unstructured":"Apap, F., Honig, A., Hershkop, S., Eskin, E., Stolfo, S.J.: Detecting malicious software by monitoring anomalous windows registry accesses. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, p. 36. Springer, Heidelberg (2002)"},{"key":"8_CR3","unstructured":"Bellovin, S.M.: Security and usability: windows vista, July 2007. https:\/\/www.cs.columbia.edu\/ smb\/blog\/2007-07\/2007-07-13.html"},{"key":"8_CR4","unstructured":"Biba, K.J.: Integrity considerations for secure computer systems. ESD-TR 76\u2013372, MITRE Corp. (1977)"},{"key":"8_CR5","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1023\/A:1010933404324","volume":"45","author":"L Breiman","year":"2001","unstructured":"Breiman, L.: Random forests. Mach. Learn. 45, 5\u201332 (2001)","journal-title":"Mach. Learn."},{"key":"8_CR6","doi-asserted-by":"crossref","unstructured":"Canali, D., Lanzi, A., Balzarotti, D., Kruegel, C., Christodorescu, M., Kirda, E.: A quantitative study of accuracy in system call-based malware detection. In: Proceedings of the 2012 International Symposium on Software Testing and Analysis, pp. 122\u2013132. ACM (2012)","DOI":"10.1145\/2338965.2336768"},{"key":"8_CR7","doi-asserted-by":"crossref","unstructured":"Fraser, T.: Lomac: low water-mark integrity protection for cots environments. In: IEEE Symposium on Security and Privacy (S&P), pp. 230\u2013245 (2000)","DOI":"10.1109\/SECPRI.2000.848460"},{"key":"8_CR8","doi-asserted-by":"crossref","unstructured":"Fredrikson, M., Jha, S., Christodorescu, M., Sailer, R., Yan, X.: Synthesizing near-optimal malware specifications from suspicious behaviors. In: IEEE Symposium on Security and Privacy (S&P), pp. 45\u201360 (2010)","DOI":"10.1109\/SP.2010.11"},{"key":"8_CR9","doi-asserted-by":"crossref","unstructured":"Gelman, A., Carlin, J.B., Stern, H.S., Rubin, D.B.: Bayesian data analysis, vol. 2. Taylor & Francis (2014)","DOI":"10.1201\/b16018"},{"key":"8_CR10","doi-asserted-by":"crossref","unstructured":"Gu, Z., Pei, K., Wang, Q., Si, L., Zhang, X., Xu, D.: LEAPS: detecting camouflaged attacks with statistical learning guided by program analysis. In: 45th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE (2015)","DOI":"10.1109\/DSN.2015.34"},{"key":"8_CR11","unstructured":"How the integrity mechanism is implemented in Windows Vista (2014). http:\/\/msdn.microsoft.com\/en-us\/library\/bb625962.aspx ,"},{"key":"8_CR12","doi-asserted-by":"crossref","unstructured":"Hsu, F., Chen, H., Ristenpart, T., Li, J., Su, Z.: Back to the future: a framework for automatic malware removal and system repair. In: 22nd Annual Computer Security Applications Conference, ACSAC 2006, pp. 257\u2013268. IEEE (2006)","DOI":"10.1109\/ACSAC.2006.16"},{"key":"8_CR13","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1145\/1047915.1047918","volume":"23","author":"ST King","year":"2005","unstructured":"King, S.T., Chen, P.M.: Backtracking intrusions. ACM Trans. Comput. Syst. 23, 51\u201376 (2005)","journal-title":"ACM Trans. Comput. Syst."},{"key":"8_CR14","unstructured":"Koller, D., Friedman, N.: Probabilistic graphical models: principles and techniques. MIT press (2009)"},{"key":"8_CR15","unstructured":"Kruegel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Automating mimicry attacks using static binary analysis. In: Proceedings of the 14th conference on USENIX Security Symposium, vol. 14, pp. 11\u201311. USENIX Association (2005)"},{"key":"8_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"326","DOI":"10.1007\/978-3-540-39650-5_19","volume-title":"Computer Security \u2013 ESORICS 2003","author":"C Kruegel","year":"2003","unstructured":"Kruegel, C., Mutz, D., Valeur, F., Vigna, G.: On the detection of anomalous system call arguments. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 326\u2013343. Springer, Heidelberg (2003)"},{"key":"8_CR17","doi-asserted-by":"crossref","unstructured":"Lanzi, A., Balzarotti, D., Kruegel, C., Christodorescu, M., Kirda, E.: Accessminer: using system-centric models for malware protection. In: Proceedings of the 17th ACM conference on Computer and Communications Security (CCS), pp. 399\u2013412. ACM (2010)","DOI":"10.1145\/1866307.1866353"},{"key":"8_CR18","series-title":"Lecture Notes in Computer Science","first-page":"1","volume-title":"Computer Security - ESORICS 2014","author":"PK Manadhata","year":"2014","unstructured":"Manadhata, P.K., Yadav, S., Rao, P., Horne, W.: Detecting malicious domains via graph inference. In: Kuty\u0142owski, M., Vaidya, J. (eds.) ICAIS 2014, Part I. LNCS, vol. 8712, pp. 1\u201318. Springer, Heidelberg (2014)"},{"key":"8_CR19","unstructured":"Mandatory Integrity Control (2014). http:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/bb648648"},{"key":"8_CR20","doi-asserted-by":"crossref","unstructured":"Mao, W., Cai, Z., Guan, X., Towsley, D.: Centrality metrics of importance in access behaviors and malware detections. In: Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC 2014). ACM (2014)","DOI":"10.1145\/2664243.2664286"},{"issue":"3","key":"8_CR21","doi-asserted-by":"publisher","first-page":"24","DOI":"10.1145\/2043621.2043624","volume":"14","author":"Z Mao","year":"2011","unstructured":"Mao, Z., Li, N., Chen, H., Jiang, X.: Combining discretionary policy with mandatory information flow in operating systems. ACM Trans. Inf. Syst. Secur. (TISSEC) 14(3), 24 (2011)","journal-title":"ACM Trans. Inf. Syst. Secur. (TISSEC)"},{"key":"8_CR22","unstructured":"Mark Russinovich, B.C.: Process monitor (2014). http:\/\/technet.microsoft.com\/en-us\/sysinternals\/bb896645"},{"key":"8_CR23","doi-asserted-by":"crossref","unstructured":"Muthukumaran, D., Rueda, S., Talele, N., Vijayakumar, H., Teutsch, J., Jaeger, T., Edwards, N.: Transforming commodity security policies to enforce Clark-Wilson integrity. In: Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC 2012). ACM (2012)","DOI":"10.1145\/2420950.2420991"},{"key":"8_CR24","first-page":"2825","volume":"12","author":"F Pedregosa","year":"2011","unstructured":"Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., et al.: Scikit-learn: machine learning in python. J. Mach. Learn. Res. 12, 2825\u20132830 (2011)","journal-title":"J. Mach. Learn. Res."},{"key":"8_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"164","DOI":"10.1007\/978-3-540-70542-0_9","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"W Sun","year":"2008","unstructured":"Sun, W., Sekar, R., Liang, Z., Venkatakrishnan, V.N.: Expanding malware defense by securing software installations. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 164\u2013185. Springer, Heidelberg (2008)"},{"key":"8_CR26","doi-asserted-by":"crossref","unstructured":"Sun, W., Sekar, R., Poothia, G., Karandikar, T.: Practical proactive integrity preservation: a basis for malware defense. In: IEEE Symposium on Security and Privacy (S&P), pp. 248\u2013262 (2008)","DOI":"10.1109\/SP.2008.35"},{"key":"8_CR27","unstructured":"Symantec. Internet Security Threat Report, April 2015. https:\/\/www4.symantec.com\/mktginfo\/whitepaper\/ISTR\/21347932_GA-internet-security-threat-report-volume-20-2015-social_v2.pdf"},{"key":"8_CR28","doi-asserted-by":"crossref","unstructured":"Sze, W.-K., Sekar, R.: A portable user-level approach for system-wide integrity protection. In: Proceedings of the 29th Annual Computer Security Applications Conference (ACSAC 2013), pp. 219\u2013228. ACM (2013)","DOI":"10.1145\/2523649.2523655"},{"key":"8_CR29","doi-asserted-by":"crossref","unstructured":"Tamersoy, A., Roundy, K., Chau, D.H.: Guilt by association: large scale malware detection by mining file-relation graphs. In: Proceedings of the 20th ACM SIGKDD international conference on Knowledge Discovery and Data Mining, pp. 1524\u20131533. ACM (2014)","DOI":"10.1145\/2623330.2623342"},{"key":"8_CR30","unstructured":"VXHeaven (2010). http:\/\/vx.netlux.org\/"}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions, and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-26362-5_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,9,10]],"date-time":"2020-09-10T09:01:47Z","timestamp":1599728507000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-26362-5_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319263618","9783319263625"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-26362-5_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2015]]}}}