{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,13]],"date-time":"2026-02-13T09:33:58Z","timestamp":1770975238243,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":18,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540229872","type":"print"},{"value":"9783540301080","type":"electronic"}],"license":[{"start":{"date-parts":[[2004,1,1]],"date-time":"2004-01-01T00:00:00Z","timestamp":1072915200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2004]]},"DOI":"10.1007\/978-3-540-30108-0_23","type":"book-chapter","created":{"date-parts":[[2010,9,16]],"date-time":"2010-09-16T18:15:03Z","timestamp":1284660903000},"page":"369-384","source":"Crossref","is-referenced-by-count":8,"title":["Re-establishing Trust in Compromised Systems: Recovering from Rootkits That Trojan the System Call Table"],"prefix":"10.1007","author":[{"given":"Julian B.","family":"Grizzard","sequence":"first","affiliation":[]},{"given":"John G.","family":"Levine","sequence":"additional","affiliation":[]},{"given":"Henry L.","family":"Owen","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"23_CR1","unstructured":"Levine, J., Culver, B., Owen, H.: A methodology for detecting new binary rootkit exploits. In: Proceedings IEEE SoutheastCon 2003, Ocho Rios, Jamaica (2003)"},{"key":"23_CR2","unstructured":"Georgia Tech honeynet research project (2004), http:\/\/users.ece.gatech.edu\/~owen\/Research\/HoneyNet\/HoneyNet_home.htm"},{"key":"23_CR3","doi-asserted-by":"publisher","first-page":"445","DOI":"10.1093\/comjnl\/41.7.444","volume":"41","author":"H. Thimbleby","year":"1998","unstructured":"Thimbleby, H., Anderson, S., Cairns, P.: A framework for modelling trojans and computer virus infection. The Computer Journal\u00a041, 445\u2013458 (1998)","journal-title":"The Computer Journal"},{"key":"23_CR4","doi-asserted-by":"publisher","first-page":"107","DOI":"10.1109\/IWIA.2004.1288042","volume-title":"Proceedings of Second IEEE International Information Assurance Workshop","author":"J. Levine","year":"2004","unstructured":"Levine, J., Grizzard, J., Owen, H.: A methodology to detect and characterize kernel level rootkit exploits involving redirection of the system call table. In: Proceedings of Second IEEE International Information Assurance Workshop, pp. 107\u2013125. IEEE, Los Alamitos (2004)"},{"key":"23_CR5","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1109\/SECON.2004.1287894","volume-title":"Proceedings of IEEE SoutheastCon","author":"J.G. Levine","year":"2004","unstructured":"Levine, J.G., Grizzard, J.B., Owen, H.L.: A methodology to characterize kernel level rootkit exploits that overwrite the system call table. In: Proceedings of IEEE SoutheastCon, pp. 25\u201331. IEEE, Los Alamitos (2004)"},{"key":"23_CR6","unstructured":"Trojan horse programs and rootkits. Technical Report 08\/03, National Infrastructure Security Co-Ordination Centre (2003)"},{"key":"23_CR7","doi-asserted-by":"crossref","unstructured":"Kim, G.H., Spafford, E.H.: The design and implementation of tripwire: A file system integrity checker. In: ACM Conference on Computer and Communications Security, pp. 18\u201329 (1994)","DOI":"10.1145\/191177.191183"},{"key":"23_CR8","unstructured":"The chkrootkit website (2004), http:\/\/www.chkrootkit.org\/"},{"key":"23_CR9","unstructured":"kern check.c (2003), http:\/\/la-samhna.de\/library\/kern_check.c"},{"key":"23_CR10","unstructured":"kad (pseudo): Handling interrupt descriptor table for fun and profit, issue 59, article 4 (2002), http:\/\/www.phrack.org"},{"key":"23_CR11","unstructured":"WWJH.NET (2003), http:\/\/wwjh.net"},{"key":"23_CR12","volume-title":"Understanding the Linux Kernel","author":"D. Bovet","year":"2003","unstructured":"Bovet, D., Cesati, M.: Understanding the Linux Kernel. O\u2019Reilly&Associates, Sebastopol (2003)"},{"key":"23_CR13","doi-asserted-by":"crossref","unstructured":"Levine, J.G., Grizzard, J.B., Owen, H.L.: Application of a methodology to characterize rootkits retrieved from honeynets. In: Proceedings of 5th IEEE Information Assurance Workshop, pp. 15\u201321 (2004)","DOI":"10.1109\/IAW.2004.1437792"},{"key":"23_CR14","unstructured":"Re-establishing trust tools (2003), http:\/\/users.ece.gatech.edu\/~owen\/Research\/trust_tools\/trust_tools.htm"},{"key":"23_CR15","unstructured":"sd (pseudo), devik (pseudo): Linux on-the-fly kernel patching without lkm, issue 58, article 7 (2001), http:\/\/www.phrack.org"},{"key":"23_CR16","doi-asserted-by":"publisher","first-page":"761","DOI":"10.1145\/358198.358210","volume":"27","author":"K. Thompson","year":"1984","unstructured":"Thompson, K.: Reflections on trusting trust. Commun. ACM\u00a027, 761\u2013763 (1984)","journal-title":"Commun. ACM"},{"key":"23_CR17","unstructured":"Labs, S.: Subverting the kernel (2004), http:\/\/la-samhna.de\/library\/rootkits\/basics.html"},{"key":"23_CR18","doi-asserted-by":"crossref","unstructured":"Grizzard, J.B., Levine, J.G., Owen, H.L.: Toward a trusted immutable kernel extension (TIKE) for self-healing systems: a virtual machine approach. In: Proceedings of 5th IEEE Information Assurance Workshop, pp. 444\u2013445 (2004)","DOI":"10.1109\/IAW.2004.1437855"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2004"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-30108-0_23","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,25]],"date-time":"2025-02-25T21:52:14Z","timestamp":1740520334000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-30108-0_23"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2004]]},"ISBN":["9783540229872","9783540301080"],"references-count":18,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-30108-0_23","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2004]]}}}