{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,23]],"date-time":"2025-10-23T20:36:02Z","timestamp":1761251762110,"version":"3.40.3"},"publisher-location":"Cham","reference-count":22,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319934105"},{"type":"electronic","value":"9783319934112"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-93411-2_2","type":"book-chapter","created":{"date-parts":[[2018,6,7]],"date-time":"2018-06-07T07:49:28Z","timestamp":1528357768000},"page":"24-45","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["MemScrimper: Time- and Space-Efficient Storage of Malware Sandbox Memory Dumps"],"prefix":"10.1007","author":[{"given":"Michael","family":"Brengel","sequence":"first","affiliation":[]},{"given":"Christian","family":"Rossow","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,6,8]]},"reference":[{"key":"2_CR1","unstructured":"YARA - The pattern matching swiss knife for malware researchers. \n                      https:\/\/virustotal.github.io\/yara\/\n                      \n                    . Accessed 27 Feb 2018"},{"key":"2_CR2","unstructured":"Malware Statistics & Trends Report \u2014 AV-TEST (2018). \n                      https:\/\/www.av-test.org\/en\/statistics\/malware\/\n                      \n                    . Accessed 27 Feb 2018"},{"key":"2_CR3","doi-asserted-by":"crossref","unstructured":"Aronovich, L., Asher, R., Bachmat, E., Bitner, H., Hirsch, M., Klein, S.T.: The design of a similarity based deduplication system. In: Proceedings of the Israeli Experimental Systems Conference (SYSTOR) (2009)","DOI":"10.1145\/1534530.1534539"},{"key":"2_CR4","unstructured":"Balzarotti, D., Cova, M., Karlberger, C., Christopher, K., Kirda, E., Vigna, G.: Efficient detection of split personalities in malware. In: Proceedings of the Annual Network and Distributed System Security Symposium (NDSS) (2010)"},{"key":"2_CR5","unstructured":"Bayer, U., Comparetti, P.M., Hlauschek, C., Kruegel, C., Kirda, E.: Scalable, behavior-based malware clustering. In: Proceedings of the Annual Network and Distributed System Security Symposium (NDSS) (2009)"},{"key":"2_CR6","doi-asserted-by":"crossref","unstructured":"Bayer, U., Kirda, E., Kruegel, C.: Improving the efficiency of dynamic malware analysis. In: Proceedings of the ACM Symposium on Applied Computing (SAC) (2010)","DOI":"10.1145\/1774088.1774484"},{"key":"2_CR7","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1016\/j.diin.2007.06.005","volume":"4","author":"Nicole Lang Beebe","year":"2007","unstructured":"Beebe, N.L., Clark, J.G.: Digital forensic text string searching: improving information retrieval effectiveness by thematically clustering search results. In: Proceedings of the Digital Forensic Research Conference (DFRWS) (2007)","journal-title":"Digital Investigation"},{"key":"2_CR8","doi-asserted-by":"crossref","unstructured":"Bhagwat, D., Eshghi, K., Long, D., Lillibridge, M.: Extreme binning: scalable, parallel deduplication for chunk-based file backup. In: Proceedings of the International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems (MASCOTS) (2009)","DOI":"10.1109\/MASCOT.2009.5366623"},{"key":"2_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"102","DOI":"10.1007\/978-3-642-37300-8_6","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"G Jacob","year":"2013","unstructured":"Jacob, G., Comparetti, P.M., Neugschwandtner, M., Kruegel, C., Vigna, G.: A static, packer-agnostic filter to detect similar malware samples. In: Flegel, U., Markatos, E., Robertson, W. (eds.) DIMVA 2012. LNCS, vol. 7591, pp. 102\u2013122. Springer, Heidelberg (2013). \n                      https:\/\/doi.org\/10.1007\/978-3-642-37300-8_6"},{"key":"2_CR10","doi-asserted-by":"crossref","unstructured":"Jang, J., Brumley, D., Venkataraman, S.: BitShred: feature hashing malware for scalable triage and semantic analysis. In: Proceedings of the Conference on Computer and Communications Security (CCS) (2011)","DOI":"10.1145\/2046707.2046742"},{"key":"2_CR11","doi-asserted-by":"crossref","unstructured":"Jayaram, K.R., Peng, C., Zhang, Z., Kim, M., Chen, H., Lei, H.: An empirical analysis of similarity in virtual machine images. In: Proceedings of the International Middleware Conference (MIDDLEWARE) (2011)","DOI":"10.1145\/2090181.2090187"},{"key":"2_CR12","unstructured":"Kirat, D., Vigna, G., Kruegel, C.: BareCloud: bare-metal analysis-based evasive malware detection. In: Proceedings of the USENIX Security Symposium (2014)"},{"key":"2_CR13","unstructured":"Kolbitsch, C., Comparetti, P.M., Kruegel, C., Kirda, E., Zhou, X., Wang, X.: Effective and efficient malware detection at the end host. In: Proceedings of the USENIX Security Symposium (2009)"},{"key":"2_CR14","doi-asserted-by":"crossref","unstructured":"Neugschwandtner, M., Comparetti, P.M., Jacob, G., Kruegel, C.: ForeCast - skimming off the malware cream. In: Proceedings of the Annual Computer Security Applications Conference (ACSAC) (2011)","DOI":"10.1145\/2076732.2076735"},{"key":"2_CR15","doi-asserted-by":"crossref","unstructured":"Park, E., Egger, B., Lee, J.: Fast and space-efficient virtual machine checkpointing. In: Proceedings of the International Conference on Virtual Execution Environments (VEE) (2011)","DOI":"10.1145\/1952682.1952694"},{"key":"2_CR16","unstructured":"Plank, J.S., Beck, M., Kingsley, G., Li, K.: Libckpt: transparent checkpointing under unix. In: Proceedings of the USENIX Technical Conference (TCON) (1995)"},{"issue":"2","key":"2_CR17","first-page":"125","volume":"29","author":"JS Plank","year":"1999","unstructured":"Plank, J.S., Chen, Y., Li, K., Beck, M., Kingsley, G.: Memory exclusion: optimizing the performance of checkpointing systems. Softw.: Pract. Exp. 29(2), 125\u2013142 (1999)","journal-title":"Softw.: Pract. Exp."},{"key":"2_CR18","unstructured":"Plohmann, D., Clau\u00df, M., Enders, S., Padilla, E.: Malpedia: a collaborative effort to inventorize the malware landscape. In: Proceedings of the Botconf (2017)"},{"key":"2_CR19","unstructured":"Saltaformaggio, B., Gu, Z., Zhang, X., Xu, D.: DSCRETE: automatic rendering of forensic information from memory images via application logic reuse. In: Proceedings of the USENIX Security Symposium (2017)"},{"key":"2_CR20","doi-asserted-by":"crossref","unstructured":"Meyer, D.T., Aggarwal, G., Cully, B., Lefebvre, G., Feeley, M.J., Hutchinson, N.C., Warfield, A.: Parallax: virtual disks for virtual machines. In: Proceedings of the European Conference on Computer Systems (EuroSys). Association for Computing Machinery (ACM) (2008)","DOI":"10.1145\/1352592.1352598"},{"key":"2_CR21","unstructured":"Xia, W., Jiang, H., Feng, D., Hua, Y.: SiLo: a similarity-locality based near-exact deduplication scheme with low RAM overhead and high throughput. In: Proceedings of the USENIX Annual Technical Conference (USENIX ATC) (2011)"},{"key":"2_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"165","DOI":"10.1007\/978-3-319-45719-2_8","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"A Yokoyama","year":"2016","unstructured":"Yokoyama, A., Ishii, K., Tanabe, R., Papa, Y., Yoshioka, K., Matsumoto, T., Kasama, T., Inoue, D., Brengel, M., Backes, M., Rossow, C.: SandPrint: fingerprinting malware sandboxes to provide intelligence for sandbox evasion. In: Monrose, F., Dacier, M., Blanc, G., Garcia-Alfaro, J. (eds.) RAID 2016. LNCS, vol. 9854, pp. 165\u2013187. Springer, Cham (2016). \n                      https:\/\/doi.org\/10.1007\/978-3-319-45719-2_8"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-93411-2_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,3,3]],"date-time":"2020-03-03T03:20:19Z","timestamp":1583205619000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-93411-2_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319934105","9783319934112"],"references-count":22,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-93411-2_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"8 June 2018","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DIMVA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Saclay","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28 June 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 June 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dimva2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.dimva2018.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}