{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:10:12Z","timestamp":1750306212602,"version":"3.41.0"},"publisher-location":"Cham","reference-count":12,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319584683"},{"type":"electronic","value":"9783319584690"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-58469-0_3","type":"book-chapter","created":{"date-parts":[[2017,5,3]],"date-time":"2017-05-03T11:34:53Z","timestamp":1493811293000},"page":"32-45","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["Evasive Malware Detection Using Groups of Processes"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8664-8956","authenticated-orcid":false,"given":"Gheorghe","family":"H\u0103jm\u0103\u015fan","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2096-3771","authenticated-orcid":false,"given":"Alexandra","family":"Mondoc","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9008-1462","authenticated-orcid":false,"given":"Radu","family":"Portase","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6657-634X","authenticated-orcid":false,"given":"Octavian","family":"Cre\u0163","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,5,4]]},"reference":[{"key":"3_CR1","volume-title":"The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System","author":"B Blunden","year":"2009","unstructured":"Blunden, B.: The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System. Jones and Bartlett Publishers Inc., USA (2009)"},{"key":"3_CR2","doi-asserted-by":"crossref","unstructured":"Devesa, J., Santos, I., Cantero, X., Penya, Y.K., Bringas, P.G.: Automatic behaviour-based analysis and classification system for malware detection. In: ICEIS 2010 - Proceedings of the 12th International Conference on Enterprise Information Systems, AIDSS, Funchal, Madeira, Portugal, 8\u201312 June 2010, vol. 2, pp. 395\u2013399 (2010)","DOI":"10.5220\/0002895203950399"},{"issue":"5","key":"3_CR3","first-page":"29","volume":"7","author":"AAE Elhadi","year":"2013","unstructured":"Elhadi, A.A.E., Maarof, M.A., Barry, B.I.: Improving the detection of malware behaviour using simplified data dependent API call graph. Int. J. Secur. Appl. 7(5), 29\u201342 (2013)","journal-title":"Int. J. Secur. Appl."},{"key":"3_CR4","unstructured":"Ispoglou, K.K., Payer, M.: malWASH: washing malware to evade dynamic analysis. In: Proceedings of the 10th USENIX Conference on Offensive Technologies, WOOT 2016, pp. 106\u2013117. USENIX Association, Berkeley (2016)"},{"issue":"C","key":"3_CR5","doi-asserted-by":"publisher","first-page":"230","DOI":"10.1016\/j.cose.2016.01.007","volume":"58","author":"Y Ji","year":"2016","unstructured":"Ji, Y., He, Y., Jiang, X., Cao, J., Li, Q.: Combating the evasion mechanisms of social bots. Comput. Secur. 58(C), 230\u2013249 (2016)","journal-title":"Comput. Secur."},{"key":"3_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1007\/978-3-319-06320-1_7","volume-title":"Information Security Practice and Experience","author":"Y Ji","year":"2014","unstructured":"Ji, Y., He, Y., Zhu, D., Li, Q., Guo, D.: A mulitiprocess mechanism of evading behavior-based bot detection approaches. In: Huang, X., Zhou, J. (eds.) ISPEC 2014. LNCS, vol. 8434, pp. 75\u201389. Springer, Cham (2014). doi:10.1007\/978-3-319-06320-1_7"},{"key":"3_CR7","unstructured":"Kolbitsch, C., Comparetti, P.M., Kruegel, C., Kirda, E., Zhou, X., Wang, X.: Effective and efficient malware detection at the end host. In: Proceedings of the 18th Conference on USENIX Security Symposium, SSYM 2009, pp. 351\u2013366. USENIX Association, Berkeley (2009)"},{"issue":"1\u20132","key":"3_CR8","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s11416-011-0157-5","volume":"8","author":"W Ma","year":"2012","unstructured":"Ma, W., Duan, P., Liu, S., Gu, G., Liu, J.C.: Shadow attacks: automatically evading system-call-behavior based malware detection. J. Comput. Virol. 8(1\u20132), 1\u201313 (2012)","journal-title":"J. Comput. Virol."},{"key":"3_CR9","unstructured":"MSDN: file system minifilter drivers. http:\/\/msdn.microsoft.com\/en-us\/library\/windows\/hardware\/ff540402%28v=vs.85%29.aspx"},{"issue":"12","key":"3_CR10","doi-asserted-by":"publisher","first-page":"2591","DOI":"10.1109\/TIFS.2015.2469253","volume":"10","author":"S Naval","year":"2015","unstructured":"Naval, S., Laxmi, V., Rajarajan, M., Gaur, M.S., Conti, M.: Employing program semantics for malware detection. IEEE Trans. Inf. Forensics Secur. 10(12), 2591\u20132604 (2015)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"3_CR11","doi-asserted-by":"crossref","unstructured":"Ramilli, M., Bishop, M.: Multi-stage delivery of malware. In: 5th International Conference on Malicious and Unwanted Software (MALWARE), pp. 91\u201397, October 2010","DOI":"10.1109\/MALWARE.2010.5665788"},{"key":"3_CR12","doi-asserted-by":"crossref","unstructured":"Ramilli, M., Bishop, M., Sun, S.: Multiprocess malware. In: Proceedings of the 2011 6th International Conference on Malicious and Unwanted Software, MALWARE 2011, pp. 8\u201313. IEEE Computer Society, Washington, DC (2011)","DOI":"10.1109\/MALWARE.2011.6112320"}],"container-title":["IFIP Advances in Information and Communication Technology","ICT Systems Security and Privacy Protection"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-58469-0_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:54:19Z","timestamp":1750218859000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-58469-0_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319584683","9783319584690"],"references-count":12,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-58469-0_3","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"type":"print","value":"1868-4238"},{"type":"electronic","value":"1868-422X"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"4 May 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SEC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on ICT Systems Security and Privacy Protection","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Rome","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Italy","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 May 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"31 May 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"32","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"sec2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/ifipsec.org\/2017\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}