{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T12:18:56Z","timestamp":1763468336522},"publisher-location":"Cham","reference-count":31,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319457185"},{"type":"electronic","value":"9783319457192"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-319-45719-2_3","type":"book-chapter","created":{"date-parts":[[2016,9,6]],"date-time":"2016-09-06T02:11:24Z","timestamp":1473127884000},"page":"49-70","source":"Crossref","is-referenced-by-count":4,"title":["Automatic Uncovering of Tap Points from Kernel Executions"],"prefix":"10.1007","author":[{"given":"Junyuan","family":"Zeng","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yangchun","family":"Fu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhiqiang","family":"Lin","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2016,9,7]]},"reference":[{"key":"3_CR1","unstructured":"Linux test project. https:\/\/github.com\/linux-test-project"},{"key":"3_CR2","unstructured":"QEMU: an open source processor emulator. http:\/\/www.qemu.org\/"},{"key":"3_CR3","doi-asserted-by":"crossref","unstructured":"Balakrishnan, G., Reps, T. Analyzing memory accesses in $$\\times $$ 86 executables. In: CC, March 2004","DOI":"10.1007\/978-3-540-24723-4_2"},{"issue":"1","key":"3_CR4","doi-asserted-by":"crossref","first-page":"10:1","DOI":"10.1145\/2775111","volume":"48","author":"E Bauman","year":"2015","unstructured":"Bauman, E., Ayoade, G., Lin, Z.: A survey on hypervisor based monitoring: approaches, applications, and evolutions. ACM Comput. Surv. 48(1), 10:1\u201310:33 (2015)","journal-title":"ACM Comput. Surv."},{"key":"3_CR5","doi-asserted-by":"crossref","unstructured":"Bianchi, A., Shoshitaishvili, Y., Kruegel, C., Vigna, G.: Blacksheep: detecting compromised hosts in homogeneous crowds. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS 2012), Raleigh, North Carolina, USA, pp. 341\u2013352 (2012)","DOI":"10.1145\/2382196.2382234"},{"key":"3_CR6","volume-title":"Understanding The Linux Kernel","author":"D Bovet","year":"2005","unstructured":"Bovet, D., Cesati, M.: Understanding The Linux Kernel. Oreilly & Associates Inc., Sebastopol (2005)"},{"issue":"4","key":"3_CR7","doi-asserted-by":"crossref","first-page":"65:1","DOI":"10.1145\/2896499","volume":"48","author":"J Caballero","year":"2016","unstructured":"Caballero, J., Lin, Z.: Type inference on executables. ACM Comput. Surv. 48(4), 65:1\u201365:35 (2016)","journal-title":"ACM Comput. Surv."},{"key":"3_CR8","doi-asserted-by":"crossref","unstructured":"Carbone, M., Cui, W., Lu, L., Lee, W., Peinado, M., Jiang, X.: Mapping kernel objects to enable systematic integrity checking. In: The 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, IL, USA, pp. 555\u2013565 (2009)","DOI":"10.1145\/1653662.1653729"},{"key":"3_CR9","unstructured":"Cozzie, A., Stratton, F., Xue, H., King, S.T.: Digging for data structures. In: Proceeding of 8th Symposium on Operating System Design and Implementation (OSDI 2008), San Diego, CA, pp. 231\u2013244, December 2008"},{"key":"3_CR10","doi-asserted-by":"crossref","unstructured":"Dolan-Gavitt, B., Leek, T., Hodosh, J., Lee, W.: Tappan zee (north) bridge: mining memory accesses for introspection. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS) (2013)","DOI":"10.1145\/2508859.2516697"},{"key":"3_CR11","doi-asserted-by":"crossref","unstructured":"Dolan-Gavitt, B., Leek, T., Zhivich, M., Giffin, J., Lee, W.: Virtuoso: narrowing the semantic gap in virtual machine introspection. In: Proceedings of the 32nd IEEE Symposium on Security and Privacy, Oakland, CA, USA, pp. 297\u2013312 (2011)","DOI":"10.1109\/SP.2011.11"},{"key":"3_CR12","doi-asserted-by":"crossref","unstructured":"Dolan-Gavitt, B., Srivastava, A., Traynor, P., Giffin, J.: Robust signatures for kernel data structures. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, Illinois, USA, pp. 566\u2013577. ACM (2009)","DOI":"10.1145\/1653662.1653730"},{"key":"3_CR13","doi-asserted-by":"crossref","unstructured":"Fu, Y., Lin, Z.: Space traveling across VM: automatically bridging the semantic gap in virtual machine introspection via online kernel data redirection. In: Proceedings of 33rd IEEE Symposium on Security and Privacy, May 2012","DOI":"10.1109\/SP.2012.40"},{"key":"3_CR14","doi-asserted-by":"crossref","unstructured":"Fu, Y., Lin, Z., Brumley, D.: Automatically deriving pointer reference expressions from executions for memory dump analysis. In: Proceedings of the 2015 ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE 2015), Bergamo, Italy, September 2015","DOI":"10.1145\/2786805.2786810"},{"key":"3_CR15","unstructured":"Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Proceedings Network and Distributed Systems Security Symposium (NDSS 2003), February 2003"},{"key":"3_CR16","doi-asserted-by":"crossref","unstructured":"Gu, Y., Lin, Z.: Derandomizing kernel address space layout for introspection and forensics. In: Proceedings of the 6th ACM Conference on Data and Application Security and Privacy. ACM, New Orelans (2016)","DOI":"10.1145\/2857705.2857707"},{"key":"3_CR17","doi-asserted-by":"crossref","unstructured":"Jiang, X., Wang, X., Xu, D.: Stealthy malware detection through VMM-based out-of-the-box semantic view reconstruction. In: Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS 2007), Alexandria, Virginia, USA, pp. 128\u2013138. ACM (2007)","DOI":"10.1145\/1315245.1315262"},{"key":"3_CR18","doi-asserted-by":"crossref","unstructured":"Jones, S.T., Arpaci-Dusseau, A.C., Arpaci-Dusseau, R.H.: VMM-based hidden process detection and identification using lycosid. In: Proceedings of the Fourth ACM SIGPLAN\/SIGOPS International Conference on Virtual Execution Environments (VEE 2008), Seattle, WA, USA, pp. 91\u2013100. ACM (2008)","DOI":"10.1145\/1346256.1346269"},{"key":"3_CR19","unstructured":"Lanzi, A., Sharif, M.I., Lee, W.: K-tracer: a system for extracting kernel malware behavior. In: Proceedings of the 2009 Network and Distributed System Security Symposium, San Diego, California, USA (2009)"},{"key":"3_CR20","unstructured":"Lee, J., Avgerinos, T., Brumley, D., TIE: principled reverse engineering of types in binary programs. In: NDSS, February 2011"},{"key":"3_CR21","unstructured":"Lin, Z., Rhee, J., Zhang, X., Xu, D., Jiang, X. SigGraph: Brute force scanning of kernel data structure instances using graph-based signatures. In: Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS 2011), San Diego, CA, February 2011"},{"key":"3_CR22","unstructured":"Lin, Z., Zhang, X., Xu, D.: Automatic reverse engineering of data structures from binary execution. In: Proceedings of the 17th Annual Network and Distributed System Security Symposium (NDSS 2010), San Diego, CA, February 2010"},{"key":"3_CR23","doi-asserted-by":"crossref","unstructured":"Ramalingam, G., Field, J., Tip, F.: Aggregate structure identification and its application to program analysis. In: POPL, January 1999","DOI":"10.1145\/292540.292553"},{"key":"3_CR24","unstructured":"Reps, T., Balakrishnan, G.: Improved memory-access analysis for $$\\times $$ 86 executables. In: CC, March 2008"},{"key":"3_CR25","doi-asserted-by":"crossref","unstructured":"Riley, R., Jiang, X., Xu, D.: Multi-aspect profiling of kernel rootkit behavior. In: Proceedings of the 4th ACM European conference on Computer systems (EuroSys 2009), Nuremberg, Germany, pp. 47\u201360 (2009)","DOI":"10.1145\/1519065.1519072"},{"key":"3_CR26","unstructured":"Slowinska, A., Stancescu, T., Bos, H.: Howard: a dynamic excavator for reverse engineering data structures. In: Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS 2011), San Diego, CA, February 2011"},{"key":"3_CR27","doi-asserted-by":"crossref","unstructured":"Sumner, W.N., Zheng, Y., Weeratunge, D., Zhang, X.: Precise calling context encoding. In: Proceedings of the 32nd ACM\/IEEE International Conference on Software Engineering, (ICSE 2010), Cape Town, South Africa, vol. 1, pp. 525\u2013534. ACM (2010)","DOI":"10.1145\/1806799.1806875"},{"key":"3_CR28","doi-asserted-by":"crossref","unstructured":"Wang, Z., Jiang, X., Cui, W., Ning, P.: Countering kernel rootkits with lightweight hook protection. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, Illinois, USA, pp. 545\u2013554 (2009)","DOI":"10.1145\/1653662.1653728"},{"key":"3_CR29","doi-asserted-by":"crossref","unstructured":"Zeng, J., Fu, Y., Lin, Z. Pemu: a pin highly compatible out-of-VM dynamic binary instrumentation framework. In: The 11th ACM SIGPLAN\/SIGOPS International Conference on Virtual Execution Environment (VEE 2015), Istanbul, Turkey, March 2015","DOI":"10.1145\/2817817.2731201"},{"key":"3_CR30","doi-asserted-by":"crossref","unstructured":"Zeng, J., Lin, Z.: Towards automatic inference of kernel object semantics from binarycode. In: Proceedings of the 18th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2015), Kyoto, Japan, November 2015","DOI":"10.1007\/978-3-319-26362-5_25"},{"key":"3_CR31","unstructured":"Zhang, M., Prakash, A., Li, X., Liang, Z., Yin, H.: Identifying and analysing pointer misuses for sophisticated memory-corruption exploit diagnosis. In: NDSS, February 2012"}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions, and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-45719-2_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,9,13]],"date-time":"2019-09-13T06:24:54Z","timestamp":1568355894000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-45719-2_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783319457185","9783319457192"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-45719-2_3","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2016]]}}}