{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,29]],"date-time":"2025-10-29T05:41:43Z","timestamp":1761716503722,"version":"3.41.0"},"publisher-location":"Cham","reference-count":43,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319611754"},{"type":"electronic","value":"9783319611761"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-61176-1_24","type":"book-chapter","created":{"date-parts":[[2017,6,21]],"date-time":"2017-06-21T01:54:25Z","timestamp":1498010065000},"page":"433-452","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Keylogger Detection Using a Decoy Keyboard"],"prefix":"10.1007","author":[{"given":"Seth","family":"Simms","sequence":"first","affiliation":[]},{"given":"Margot","family":"Maxwell","sequence":"additional","affiliation":[]},{"given":"Sara","family":"Johnson","sequence":"additional","affiliation":[]},{"given":"Julian","family":"Rrushi","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,6,22]]},"reference":[{"key":"24_CR1","doi-asserted-by":"crossref","unstructured":"Christodeorescu, M., Jha, S.: Static Analysis of Executables to Detect Malicious Patterns. Department of Computer Sciences, Wisconsin Univ-Madison (2006)","DOI":"10.21236\/ADA449067"},{"key":"24_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1007\/978-3-642-04342-0_6","volume-title":"Recent Advances in Intrusion Detection","author":"K Griffin","year":"2009","unstructured":"Griffin, K., Schneider, S., Hu, X., Chiueh, T.C.: Automatic generation of string signatures for malware detection. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) RAID 2009. LNCS, vol. 5758, pp. 101\u2013120. Springer, Heidelberg (2009). doi:10.1007\/978-3-642-04342-0_6"},{"key":"24_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"129","DOI":"10.1007\/11790754_8","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"D Bruschi","year":"2006","unstructured":"Bruschi, D., Martignoni, L., Monga, M.: Detecting self-mutating malware using control-flow graph matching. In: B\u00fcschkes, R., Laskov, P. (eds.) Detection of Intrusions and Malware, and Vulnerability Assessment. LNCS, vol. 4064, pp. 129\u2013143. Springer, Heidelberg (2006)"},{"key":"24_CR4","doi-asserted-by":"crossref","unstructured":"Feng, Y., Anand, S., Dillig, I., Aiken, A.: Apposcopy: semantics-based detection of android malware through static analysis. In: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, pp. 576\u2013587 (2014)","DOI":"10.1145\/2635868.2635869"},{"issue":"2","key":"24_CR5","doi-asserted-by":"publisher","first-page":"6","DOI":"10.1145\/2089125.2089126","volume":"44","author":"M Egele","year":"2012","unstructured":"Egele, M., Scholte, T., Kirda, E., Kruegel, C.: A survey on automated dynamic malware-analysis techniques and tools. ACM Comput. Surv. 44(2), 6 (2012)","journal-title":"ACM Comput. Surv."},{"key":"24_CR6","unstructured":"Hunt, G., Brubacher, D.: Detours: binary interception of Win32 functions. In: 3rd Usenix Windows NT Symposium (1999)"},{"key":"24_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"178","DOI":"10.1007\/978-3-540-74320-0_10","volume-title":"Recent Advances in Intrusion Detection","author":"M Bailey","year":"2007","unstructured":"Bailey, M., Oberheide, J., Andersen, J., Mao, Z.M., Jahanian, F., Nazario, J.: Automated classification and analysis of internet malware. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 178\u2013197. Springer, Heidelberg (2007). doi:10.1007\/978-3-540-74320-0_10"},{"issue":"4","key":"24_CR8","doi-asserted-by":"publisher","first-page":"639","DOI":"10.3233\/JCS-2010-0410","volume":"19","author":"K Rieck","year":"2011","unstructured":"Rieck, K., Trinius, P., Willems, C., Holz, T.: Automatic analysis of malware behavior using machine learning. J. Comput. Secur. 19(4), 639\u2013668 (2011)","journal-title":"J. Comput. Secur."},{"key":"24_CR9","unstructured":"Cohen, F.: The deception toolkit. Risks Digest, vol. 19 (1998)"},{"issue":"6","key":"24_CR10","doi-asserted-by":"publisher","first-page":"483","DOI":"10.1016\/S0167-4048(98)80071-0","volume":"17","author":"F Cohen","year":"1998","unstructured":"Cohen, F.: A note on the role of deception in information protection. Comput. Secur. 17(6), 483\u2013506 (1998)","journal-title":"Comput. Secur."},{"key":"24_CR11","volume-title":"The Cuckoo\u2019s Egg: Tracing a Spy through the Maze of Computer Espionage","author":"C Stoll","year":"1989","unstructured":"Stoll, C.: The Cuckoo\u2019s Egg: Tracing a Spy through the Maze of Computer Espionage. Doubleday, New York (1989)"},{"key":"24_CR12","unstructured":"Balas, E.: Know your enemy: Sebek. The Honeynet Project (2003)"},{"key":"24_CR13","unstructured":"Nazario, J.: PhoneyC: A Virtual Client Honeypot. LEET, vol. 9, pp. 911\u2013919 (2009)"},{"key":"24_CR14","unstructured":"Leder, F., Werner, T.: Know your enemy: Containing conficker. The Honeynet Project (2009)"},{"key":"24_CR15","doi-asserted-by":"crossref","unstructured":"Rowe, N.C., Duong, B.T., Custy, E.J.: Defending cyberspace with fake honeypots. J. Comput. 2(2) (2007)","DOI":"10.4304\/jcp.2.2.25-36"},{"key":"24_CR16","unstructured":"Anagnostakis, K.G., Sidiroglou, S., Akritidis, P., Xinidis, K., Markatos, E.P., Keromytis, A.D.: Detecting targeted attacks using shadow honeypots. In: Usenix Security (2005)"},{"key":"24_CR17","unstructured":"Spitzner, L.: Honeypots: catching the insider threat. In: 19th Annual Computer Security Applications Conference, pp. 170\u2013179 (2003)"},{"key":"24_CR18","doi-asserted-by":"crossref","unstructured":"Yuill, J., Zappe, M., Denning, D., Feer, F.: Honeyfiles: deceptive files for intrusion detection. In: Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, pp. 116\u2013122 (2004)","DOI":"10.1109\/IAW.2004.1437806"},{"key":"24_CR19","unstructured":"Whitham, B.: Canary files: generating fake files to detect critical data loss from complex computer networks. In: The Second International Conference on Cyber Security, Cyber Peacefare and Digital Forensic, pp. 170\u2013179 (2013)"},{"key":"24_CR20","unstructured":"Microsoft Device and Driver Technologies: HID drivers (2016). https:\/\/msdn.microsoft.com\/en-us\/windows\/hardware\/drivers\/hid\/index"},{"key":"24_CR21","volume-title":"The Art of Computer Virus Research and Defense","author":"P Szor","year":"2005","unstructured":"Szor, P.: The Art of Computer Virus Research and Defense. Pearson Education, Indianapolis (2005)"},{"key":"24_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1007\/978-3-540-73614-1_14","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"W-J Li","year":"2007","unstructured":"Li, W.-J., Stolfo, S., Stavrou, A., Androulaki, E., Keromytis, A.D.: A study of malcode-bearing documents. In: H\u00e4mmerli, B., Sommer, R. (eds.) DIMVA 2007. LNCS, vol. 4579, pp. 231\u2013250. Springer, Heidelberg (2007). doi:10.1007\/978-3-540-73614-1_14"},{"key":"24_CR23","unstructured":"Li, W.J., Wang, K., Stolfo, S.J., Herzog, B.: Fileprints: identifying file types by n-gram analysis. In: Information Assurance Workshop, Proceedings from the Sixth Annual IEEE SMC 2005, pp. 64\u201371 (2005)"},{"key":"24_CR24","doi-asserted-by":"crossref","unstructured":"Kruegel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Polymorphic worm detection using structural information of executables. In: International Workshop on Recent Advances in Intrusion Detection, pp. 207\u2013226 (2005)","DOI":"10.1007\/11663812_11"},{"key":"24_CR25","doi-asserted-by":"crossref","unstructured":"Kruegel, C., Robertson, W., Vigna, G.: Detecting kernel-level rootkits through binary analysis. In: 20th Annual Computer Security Applications Conference, pp. 91\u2013100 (2004)","DOI":"10.1109\/CSAC.2004.19"},{"key":"24_CR26","doi-asserted-by":"crossref","unstructured":"Kinder, J., Katzenbeisser, S., Schallhart, C., Veith, H.: Detecting malicious code by model checking. In: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 174\u2013187 (2005)","DOI":"10.1007\/11506881_11"},{"key":"24_CR27","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-aware malware detection. In: 2005 IEEE Symposium on Security and Privacy, pp. 32\u201346 (2005)","DOI":"10.1109\/SP.2005.20"},{"key":"24_CR28","unstructured":"Felt, A., Paul, N., Evans, D., Gurumurthi, S.: Disk level malware detection. In: Poster: 15th Usenix Security Symposium (2006)"},{"key":"24_CR29","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Jha, S., Kruegel, C.: Mining specifications of malicious behavior. In: Proceedings of the 1st India Software Engineering Conference, pp. 5\u201314 (2008)","DOI":"10.1145\/1342211.1342215"},{"key":"24_CR30","doi-asserted-by":"crossref","unstructured":"Canali, D., Lanzi, A., Balzarotti, D., Kruegel, C., Christodorescu, M., Kirda, E.: A quantitative study of accuracy in system call-based malware detection. In: Proceedings of the 2012 International Symposium on Software Testing and Analysis, pp. 122\u2013132 (2012)","DOI":"10.1145\/2338965.2336768"},{"key":"24_CR31","unstructured":"Kolbitsch, C., Comparetti, P.M., Kruegel, C., Kirda, E., Zhou, X.Y., Wang, X.: Effective and efficient malware detection at the end host. In: USENIX Security Symposium, pp. 351\u2013366 (2009)"},{"issue":"3","key":"24_CR32","doi-asserted-by":"publisher","first-page":"263","DOI":"10.1016\/S0020-7373(85)80036-5","volume":"23","author":"D Umphress","year":"1985","unstructured":"Umphress, D., Williams, G.: Identity verification through keyboard characteristics. Int. J. Man Mach. Stud. 23(3), 263\u2013273 (1985)","journal-title":"Int. J. Man Mach. Stud."},{"key":"24_CR33","unstructured":"Gaines, R.S., Lisowski, W., Press, S.J., Shapiro, N.: Authentication by keystroke timing: Some preliminary results. No. RAND-R-2526-NSF. RAND CORP (1980)"},{"key":"24_CR34","unstructured":"KeyTrac Keyboard Biometrics. http:\/\/www.keytrac.net"},{"issue":"1","key":"24_CR35","doi-asserted-by":"publisher","first-page":"116","DOI":"10.13176\/11.427","volume":"7","author":"SP Banerjee","year":"2012","unstructured":"Banerjee, S.P., Woodard, D.L.: Biometric authentication and identification using keystroke dynamics: a survey. J. Pattern Recogn. Res. 7(1), 116\u2013139 (2012)","journal-title":"J. Pattern Recogn. Res."},{"issue":"10","key":"24_CR36","doi-asserted-by":"publisher","first-page":"4611","DOI":"10.1109\/TIP.2014.2348802","volume":"23","author":"J Roth","year":"2014","unstructured":"Roth, J., Liu, X., Metaxas, D.: On continuous user authentication via typing behavior. IEEE Trans. Image Process. 23(10), 4611\u20134624 (2014)","journal-title":"IEEE Trans. Image Process."},{"key":"24_CR37","doi-asserted-by":"crossref","unstructured":"Feit, A.M., Weir, D., Oulasvirta, A.: How we type: movement strategies and performance in everyday typing. In: Proceedings of the 2016 Chi Conference on Human Factors in Computing Systems, pp. 4262\u20134273 (2016)","DOI":"10.1145\/2858036.2858233"},{"key":"24_CR38","unstructured":"Choi, Y.: Keystroke patterns as prosody in digital writings: a case study with deceptive reviews and essays. In: Empirical Methods on Natural Language Processing, p. 6 (2014)"},{"issue":"4","key":"24_CR39","doi-asserted-by":"publisher","first-page":"764","DOI":"10.1016\/j.jesp.2013.03.013","volume":"49","author":"C Leys","year":"2013","unstructured":"Leys, C., Ley, C., Klein, O., Bernard, P., Licata, L.: Detecting outliers: do not use standard deviation around the mean, use absolute deviation around the median. J. Exp. Soc. Psychol. 49(4), 764\u2013766 (2013)","journal-title":"J. Exp. Soc. Psychol."},{"key":"24_CR40","volume-title":"Windows Internals, Part 1 and 2","author":"ME Russinovich","year":"2012","unstructured":"Russinovich, M.E., Solomon, D.A., Ionescu, A.: Windows Internals, Part 1 and 2, 6th edn. Microsoft Press, Redmond (2012)","edition":"6"},{"issue":"C","key":"24_CR41","doi-asserted-by":"publisher","first-page":"59","DOI":"10.1016\/j.cose.2016.05.002","volume":"61","author":"J Rrushi","year":"2016","unstructured":"Rrushi, J.: NIC displays to thwart malware attacks mounted from within the OS. Comput. Secur. 61(C), 59\u201371 (2016)","journal-title":"Comput. Secur."},{"key":"24_CR42","unstructured":"Microsoft Hardware Dev Center: Device nodes and device stacks. https:\/\/msdn.microsoft.com\/en-us\/windows\/hardware\/drivers\/gettingstarted\/device-nodes-and-device-stacks"},{"key":"24_CR43","unstructured":"Newton, D.: Virtual Multiple HID Driver (multitouch, mouse, digitizer, keyboard, joystick). https:\/\/github.com\/djpnewton\/vmulti"}],"container-title":["Lecture Notes in Computer Science","Data and Applications Security and Privacy XXXI"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-61176-1_24","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T21:06:55Z","timestamp":1750367215000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-61176-1_24"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319611754","9783319611761"],"references-count":43,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-61176-1_24","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"22 June 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DBSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP Annual Conference on Data and Applications Security and Privacy","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Philadelphia","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 July 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 July 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"31","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dbsec2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/dbsec2017.ittc.ku.edu\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}