{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T17:13:10Z","timestamp":1768410790999,"version":"3.49.0"},"publisher-location":"Cham","reference-count":49,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319934105","type":"print"},{"value":"9783319934112","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-93411-2_12","type":"book-chapter","created":{"date-parts":[[2018,6,7]],"date-time":"2018-06-07T07:49:28Z","timestamp":1528357768000},"page":"256-278","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["Hidden in Plain Sight: Filesystem View Separation for Data Integrity and Deception"],"prefix":"10.1007","author":[{"given":"Teryl","family":"Taylor","sequence":"first","affiliation":[]},{"given":"Frederico","family":"Araujo","sequence":"additional","affiliation":[]},{"given":"Anne","family":"Kohlbrenner","sequence":"additional","affiliation":[]},{"given":"Marc Ph.","family":"Stoecklin","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,6,8]]},"reference":[{"key":"12_CR1","unstructured":"Thinkst Canary: Canarytokens (2017). \n https:\/\/goo.gl\/UcwrPB\n \n . Accessed 22 Aug 2017"},{"key":"12_CR2","doi-asserted-by":"publisher","first-page":"58","DOI":"10.1016\/j.websem.2007.03.002","volume":"5","author":"D Artz","year":"2007","unstructured":"Artz, D., Gil, Y.: A survey of trust in computer science and the semantic web. Web Semant. 5, 58\u201371 (2007)","journal-title":"Web Semant."},{"key":"12_CR3","unstructured":"Baumgartner, K.: The \u2018penquin\u2019 turla (2014). \n https:\/\/goo.gl\/6wAiSo\n \n . Accessed 24 Sept 2017"},{"key":"12_CR4","unstructured":"Bell, D., LaPadula, L.: Secure computer systems: mathematical foundations. Technical report. MITRE Corporation (1973)"},{"key":"12_CR5","unstructured":"Blaze, B.: Notes on Linux\/Xor.DDoS (2015). \n https:\/\/goo.gl\/RkzNkT\n \n . Accessed 24 Sept 2017"},{"key":"12_CR6","unstructured":"Bonicontro, G.T.: Linux.Zariche: a Vala Virus (2014). \n https:\/\/goo.gl\/6mTCJP\n \n . Accessed 24 Sept 2017"},{"key":"12_CR7","doi-asserted-by":"publisher","first-page":"22","DOI":"10.1109\/MSP.2009.109","volume":"7","author":"B Bowen","year":"2009","unstructured":"Bowen, B., Salem, M.B., Hershkop, S., Keromytis, A., Stolfo, S.: Designing host and network sensors to mitigate the insider threat. IEEE Secur. Priv. 7, 22\u201329 (2009)","journal-title":"IEEE Secur. Priv."},{"key":"12_CR8","series-title":"Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1007\/978-3-642-05284-2_4","volume-title":"Security and Privacy in Communication Networks","author":"BM Bowen","year":"2009","unstructured":"Bowen, B.M., Hershkop, S., Keromytis, A.D., Stolfo, S.J.: Baiting inside attackers using decoy documents. In: Chen, Y., Dimitriou, T.D., Zhou, J. (eds.) SecureComm 2009. LNICST, vol. 19, pp. 51\u201370. Springer, Heidelberg (2009). \n https:\/\/doi.org\/10.1007\/978-3-642-05284-2_4"},{"key":"12_CR9","unstructured":"Brown, N.: Overlay filesystem (2017). \n https:\/\/goo.gl\/Fsge3b\n \n . Accessed 24 Sept 2017"},{"key":"12_CR10","unstructured":"Carbone, R.: Malware memory analysis of the Jynx2 Linux rootkit. Technical report, Defence Research and Development Canada (2014)"},{"key":"12_CR11","unstructured":"Chang, Z., Sison, G., Jocson, J.: Erebus resurfaces as Linux ransomware (2017). \n https:\/\/goo.gl\/5pJ3yQ\n \n . Accessed 12 Jul 2017"},{"key":"12_CR12","doi-asserted-by":"crossref","unstructured":"Continella, A., Guagnelli, A., Zingaro, G., Pasquale, G.D., Barenghi, A., Zanero, S., Maggi, F.: ShieldFS: a self-healing, ransomware-aware filesystem. In: Proceedings of the Annual Computer Security Applications Conference (2016)","DOI":"10.1145\/2991079.2991110"},{"key":"12_CR13","unstructured":"Crowe, J.: 2017 ransomware trends and forecasts (2017). \n https:\/\/goo.gl\/S6BRjx\n \n . Accessed 10 Aug 2017"},{"key":"12_CR14","unstructured":"FFSB: Flexible filesystem benchmark (2017). \n https:\/\/goo.gl\/Qp56Au\n \n . Accessed 20 Sept 2017"},{"key":"12_CR15","unstructured":"Gammons, B.: 4 surprising backup failure statistics that justify additional protection (2017). \n https:\/\/goo.gl\/H3xrPT\n \n . Accessed 10 Aug 2017"},{"key":"12_CR16","unstructured":"Goodin, D.: Web host agrees to pay $1m after it\u2019s hit by Linux-targeting ransomware (2017). \n https:\/\/goo.gl\/TwYyzN\n \n . Accessed 22 Aug 2017"},{"key":"12_CR17","unstructured":"Granville, K.: 9 recent cyberattacks against big businesses (2015). \n https:\/\/goo.gl\/LPSWh5\n \n . Accessed 22 Aug 2017"},{"key":"12_CR18","unstructured":"Information Security Newspaper: FakeFile Trojan opens backdoors on Linux computers, except openSUSE (2016). \n https:\/\/goo.gl\/rYfESR\n \n . Accessed 24 Sept 2017"},{"key":"12_CR19","unstructured":"Kharaz, A., Arshad, S., Mulliner, C., Robertson, W., Kirda, E.: UNVEIL: a large-scale, automated approach to detecting ransomware. In: Proceedings of the USENIX Security Symposium (2016)"},{"key":"12_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"98","DOI":"10.1007\/978-3-319-66332-6_5","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"A Kharraz","year":"2017","unstructured":"Kharraz, A., Kirda, E.: Redemption: real-time protection against ransomware at end-hosts. In: Dacier, M., Bailey, M., Polychronakis, M., Antonakakis, M. (eds.) RAID 2017. LNSC, vol. 10453, pp. 98\u2013119. Springer, Cham (2017). \n https:\/\/doi.org\/10.1007\/978-3-319-66332-6_5"},{"key":"12_CR21","doi-asserted-by":"crossref","unstructured":"Kolodenker, E., Koch, W., Stringhini, G., Egele, M.: PayBreak: defense against cryptographic ransomware. In: Proceedings of the ACM Symposium on Information, Computer and Communications Security (2017)","DOI":"10.1145\/3052973.3053035"},{"key":"12_CR22","unstructured":"Linux Programmer\u2019s Manual: mount_namespaces - overview of Linux mount namespaces (2017). \n https:\/\/goo.gl\/ghK9QQ\n \n . Accessed 20 Sept 2017"},{"key":"12_CR23","unstructured":"Linux Programmer\u2019s Manual: namespaces: overview of Linux namespaces (2017). \n https:\/\/goo.gl\/djnDWn\n \n . Accessed 20 Sept 2017"},{"key":"12_CR24","doi-asserted-by":"crossref","unstructured":"McCune, J.M., Jaeger, T., Berger, S., Caceres, R., Sailer, R.: Shamon: a system for distributed mandatory access control. In: Proceedings of the Annual Computer Security Applications Conference (2006)","DOI":"10.1109\/ACSAC.2006.47"},{"key":"12_CR25","unstructured":"Merc\u00eas, F.: Pok\u00e9mon-themed Umbreon Linux rootkit hits x86, ARM systems (2016). \n https:\/\/goo.gl\/te9PBF\n \n . Accessed 24 Sept 2017"},{"key":"12_CR26","unstructured":"Moore, H.N.: Why didn\u2019t equifax protect your data? Because corporations have all the power (2017). \n https:\/\/goo.gl\/PWQvVa\n \n . Accessed 21 Sept 2017"},{"key":"12_CR27","unstructured":"Paganini, P.: Linux.Ekoms.1 the Linux Trojan that takes screenshots (2016). \n https:\/\/goo.gl\/NuRC8G\n \n . Accessed 24 Sept 2017"},{"key":"12_CR28","unstructured":"Poimboeuf, J.: kpatch - dynamic kernel patching (2017). \n https:\/\/goo.gl\/p1VzMu\n \n . Accessed 24 Sept 2017"},{"key":"12_CR29","unstructured":"Rutkowska, J., Wojtczuk, R.: Qubes OS architecture v0.3 (2010)"},{"key":"12_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1007\/978-3-642-22424-9_3","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"M Ben Salem","year":"2011","unstructured":"Ben Salem, M., Stolfo, S.J.: Decoy document deployment for effective masquerade attack detection. In: Holz, T., Bos, H. (eds.) DIMVA 2011. LNCS, vol. 6739, pp. 35\u201354. Springer, Heidelberg (2011). \n https:\/\/doi.org\/10.1007\/978-3-642-22424-9_3"},{"key":"12_CR31","unstructured":"Sandboxie Holdings: Sandboxie (2018). \n https:\/\/goo.gl\/8EBR7J\n \n . Accessed 27 Apr 2018"},{"issue":"9","key":"12_CR32","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1109\/35.312842","volume":"32","author":"RS Sandhu","year":"1994","unstructured":"Sandhu, R.S., Samarati, P.: Access control: principle and practice. IEEE Commun. Mag. 32(9), 40\u201348 (1994)","journal-title":"IEEE Commun. Mag."},{"key":"12_CR33","unstructured":"Sandro, A.: Backdoor.Linux.Tsunami.gen or Tsunami is a Linux backdoor that allows remote access to infected machines (2016). \n https:\/\/goo.gl\/vzcTNw\n \n . Accessed 24 Sept 2017"},{"key":"12_CR34","doi-asserted-by":"crossref","unstructured":"Scaife, N., Carter, H., Traynor, P., Butler, K.R.: Cryptolock (and drop it): stopping ransomware attacks on user data. In: Proceedings of the IEEE Conference on Distributed Computing Systems (2016)","DOI":"10.1109\/ICDCS.2016.46"},{"key":"12_CR35","unstructured":"Sophos: Troj\/Fkit-A (2017). \n https:\/\/goo.gl\/5Va1Ld\n \n . Accessed 24 Sept 2017"},{"key":"12_CR36","unstructured":"t0n1: ELF prepender in python (2015). \n https:\/\/goo.gl\/LDepMX\n \n . Accessed 24 Sept 2017"},{"key":"12_CR37","unstructured":"Tarasov, V., Bhanage, S., Zadok, E., Seltzer, M.: Benchmarking file system benchmarking: it *is* rocket science. In: Proceedings of the USENIX Conference on Hot Topics in Operating Systems (2011)"},{"key":"12_CR38","unstructured":"The MITRE Corporation: The ATT&CK matrix for enterprise (2017). \n https:\/\/goo.gl\/EHrkZ5\n \n . Accessed 24 Sept 2017"},{"key":"12_CR39","unstructured":"The New Yort Times: Cyberattack hits ukraine then spreads internationally (2017). \n https:\/\/goo.gl\/Av7Hxb\n \n . Accessed 24 Sept 2017"},{"key":"12_CR40","unstructured":"TMZ: Linux.Liora ELF prepender (2015). \n https:\/\/goo.gl\/snRnev\n \n . Accessed 24 Sept 2017"},{"key":"12_CR41","unstructured":"Trend Micro Solutions: Erebus Linux ransomware: impact to servers and countermeasures (2017). \n https:\/\/goo.gl\/o2k84s\n \n . Accessed 24 Sept 2017"},{"key":"12_CR42","unstructured":"VirusTotal: TrojanDownloader detection results (2017). \n https:\/\/goo.gl\/pBNR4M\n \n . Accessed 24 Sept 2017"},{"key":"12_CR43","doi-asserted-by":"crossref","unstructured":"Voris, J., Jermyn, J., Boggs, N., Stolfo, S.: Fox in the trap: thwarting masqueraders via automated decoy document deployment. In: Proceedings of the European Workshop on System Security (2015)","DOI":"10.1145\/2751323.2751326"},{"key":"12_CR44","unstructured":"Welivesecurity: KillDisk now targeting Linux: demands $250K ransom, but can\u2019t decrypt (2017). \n https:\/\/goo.gl\/paiyvm\n \n . Accessed 24 Sept 2017"},{"issue":"1","key":"12_CR45","first-page":"103","volume":"2","author":"B Whitham","year":"2013","unstructured":"Whitham, B.: Automating the generation of fake documents to detect network intruders. Int. J. Cyber-Secur. Digit. Forensics 2(1), 103\u2013118 (2013)","journal-title":"Int. J. Cyber-Secur. Digit. Forensics"},{"key":"12_CR46","unstructured":"Whitham, B.: Canary files: generating fake files to detect critical data loss from complex computer networks. In: Proceedings of the International Conference on Cyber Security, Cyber Peacefare and Digital Forensic (2013)"},{"key":"12_CR47","unstructured":"Whitham, B.: Design requirements for generating deceptive content to protect document repositories. In: Proceedings of the Australian Information Warfare Conference (2014)"},{"key":"12_CR48","unstructured":"Wired: The biggest cybersecurity disasters of 2017 so far (2017). \n https:\/\/goo.gl\/GoLpLR\n \n . Accessed 24 Sept 2017"},{"key":"12_CR49","unstructured":"Yuill, J., Zappe, M., Denning, D., Feer, F.: Honeyfiles: deceptive files for intrusion detection. In: Proceedings of the Annual IEEE SMC Information Assurance Workshop (2004)"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-93411-2_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,3,3]],"date-time":"2020-03-03T03:19:05Z","timestamp":1583205545000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-93411-2_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319934105","9783319934112"],"references-count":49,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-93411-2_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"8 June 2018","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DIMVA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Saclay","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28 June 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 June 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dimva2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.dimva2018.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}