{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,28]],"date-time":"2025-03-28T10:09:53Z","timestamp":1743156593373,"version":"3.40.3"},"publisher-location":"Cham","reference-count":20,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319457437"},{"type":"electronic","value":"9783319457444"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-319-45744-4_10","type":"book-chapter","created":{"date-parts":[[2016,9,14]],"date-time":"2016-09-14T04:54:30Z","timestamp":1473828870000},"page":"199-216","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Membrane: A Posteriori Detection of Malicious Code Loading by Memory Paging Analysis"],"prefix":"10.1007","author":[{"given":"G\u00e1bor","family":"P\u00e9k","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zsombor","family":"L\u00e1z\u00e1r","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zolt\u00e1n","family":"V\u00e1rnagy","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"M\u00e1rk","family":"F\u00e9legyh\u00e1zi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Levente","family":"Butty\u00e1n","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2016,9,15]]},"reference":[{"key":"10_CR1","unstructured":"AlienVault. Batchwiper: Just another wiping malware. https:\/\/www.alienvault.com\/open-threat-exchange\/blog\/batchwiper-just-another-wiping-malware. Accessed 13 Nov 2014"},{"issue":"4","key":"10_CR2","doi-asserted-by":"publisher","first-page":"971","DOI":"10.3390\/fi4040971","volume":"4","author":"B Bencs\u00e1th","year":"2012","unstructured":"Bencs\u00e1th, B., P\u00e9k, G., Butty\u00e1n, L., Felegyhazi, M.: The cousins of stuxnet: duqu, flame, and gauss. Future Internet 4(4), 971\u20131003 (2012)","journal-title":"Future Internet"},{"key":"10_CR3","unstructured":"CERT.PL. More human than human - Flame\u2019s code injection techniques. http:\/\/www.cert.pl\/news\/5874\/langswitch_lang\/en. Accessed 13 Nov 2014"},{"key":"10_CR4","doi-asserted-by":"publisher","first-page":"62","DOI":"10.1016\/j.diin.2007.06.008","volume":"4","author":"S Hand","year":"2007","unstructured":"Hand, S., Lin, Z., Gu, G., Thuraisingham, B.: The vad tree: a process-eye view of physical memory. Digit. Invest. 4, 62\u201364 (2007)","journal-title":"Digit. Invest."},{"key":"10_CR5","unstructured":"Idika, N., Mathur, A.P.: A survey of malware detection techniques. Technical report, Purdue University (2007)"},{"key":"10_CR6","unstructured":"INetSim. http:\/\/www.inetsim.org\/. Accessed 10 Nov 2014"},{"key":"10_CR7","doi-asserted-by":"crossref","unstructured":"Jiang, X., Wang, X., Xu, D.: Stealthy malware detection through vmm-based \u201cout-of-the-box\u201d semantic view reconstruction. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007, pp. 128\u2013138. ACM, New York (2007)","DOI":"10.1145\/1315245.1315262"},{"issue":"1","key":"10_CR8","doi-asserted-by":"publisher","first-page":"24","DOI":"10.1016\/j.diin.2006.12.002","volume":"4","author":"JD Kornblum","year":"2007","unstructured":"Kornblum, J.D.: Using every part of the buffalo in windows memory analysis. Digit. Invest. 4(1), 24\u201329 (2007)","journal-title":"Digit. Invest."},{"key":"10_CR9","doi-asserted-by":"crossref","unstructured":"Kreibich, C., Weaver, N., Kanich, C., Cui, W., Paxson, V.: Gq: practical containment for measuring modern malware systems. In: Proceedings of the 2011 ACM SIGCOMM Internet Measurement Conference (IMC), pp. 397\u2013412. ACM (2011)","DOI":"10.1145\/2068816.2068854"},{"key":"10_CR10","doi-asserted-by":"crossref","unstructured":"Lengyel, T.K., Maresca, S., Payne, B.D., Webster, G.D., Vogl, S., Kiayias, A.: Scalability, fidelity and stealth in the DRAKVUF dynamic malware analysis system. In: Proceedings of the 30th Annual Computer Security Applications Conference, December 2014 (to appear)","DOI":"10.1145\/2664243.2664252"},{"key":"10_CR11","unstructured":"Mandiant. APT1: Exposing One of China\u2019s Cyber Espionage Units (2013). http:\/\/intelreport.mandiant.com\/"},{"key":"10_CR12","unstructured":"P\u00e9k, G.: New methods for detecting malware infections and new attacks against hardware virtualization. Ph.D. thesis, Budapest University of Technology and Economics (2015)"},{"key":"10_CR13","unstructured":"Petroni Jr., N.L., Fraser, T., Walters, A., Arbaugh, W.A.: An architecture for specification-based detection of semantic integrity violations in kernel dynamic data. In: Proceedings of the 15th Conference on USENIX Security Symposium, USENIX-SS 2006, vol. 15. USENIX Association, Berkeley (2006)"},{"key":"10_CR14","unstructured":"ReactOS. A free open source operating system based on the best design principles found in the Windows NT architecture. http:\/\/doxygen.reactos.org. Accessed 8 Nov 2014"},{"key":"10_CR15","doi-asserted-by":"crossref","unstructured":"Rossow, C., Dietrich, C.J., Grier, C., Kreibich, C., Paxson, V., Pohlmann, N., Bos, H., Van Steen, M.: Prudent practices for designing malware experiments: status quo and outlook. In: 2012 IEEE Symposium on Security and Privacy, pp. 65\u201379. IEEE (2012)","DOI":"10.1109\/SP.2012.14"},{"key":"10_CR16","unstructured":"Russinovich, M., Solomon, D.A., Ionescu, A.: Windows Internals, 6th ed. Microsoft Press (2012)"},{"key":"10_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"97","DOI":"10.1007\/978-3-642-15512-3_6","volume-title":"Recent Advances in Intrusion Detection","author":"A Srivastava","year":"2010","unstructured":"Srivastava, A., Giffin, J.: Automatic discovery of parasitic malware. In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol. 6307, pp. 97\u2013117. Springer, Heidelberg (2010)"},{"key":"10_CR18","unstructured":"Volatility. The Volatility Framework. https:\/\/code.google.com\/p\/volatility\/. Accessed 13 Nov 2014"},{"key":"10_CR19","doi-asserted-by":"publisher","first-page":"59","DOI":"10.1016\/j.diin.2013.06.007","volume":"10","author":"A White","year":"2013","unstructured":"White, A., Schatz, B., Foo, E.: Integrity verification of user space code. Digit. Invest. 10, 59\u2013S68 (2013)","journal-title":"Digit. Invest."},{"key":"10_CR20","unstructured":"Willems, C.: Internals of windows memory management (not only) for malware analysis. Technical report, Ruhr Universit\u00e4t Bochum (2011)"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2016"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-45744-4_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,9,15]],"date-time":"2021-09-15T02:55:56Z","timestamp":1631674556000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-45744-4_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783319457437","9783319457444"],"references-count":20,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-45744-4_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2016]]},"assertion":[{"value":"15 September 2016","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Heraklion","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Greece","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2016","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 September 2016","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30 September 2016","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2016","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}