{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T06:09:25Z","timestamp":1725516565641},"publisher-location":"Berlin, Heidelberg","reference-count":33,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540699712"},{"type":"electronic","value":"9783540705000"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/978-3-540-70500-0_27","type":"book-chapter","created":{"date-parts":[[2008,8,12]],"date-time":"2008-08-12T12:07:43Z","timestamp":1218542863000},"page":"361-375","source":"Crossref","is-referenced-by-count":7,"title":["Implicit Detection of Hidden Processes with a Feather-Weight Hardware-Assisted Virtual Machine Monitor"],"prefix":"10.1007","author":[{"given":"Yan","family":"Wen","sequence":"first","affiliation":[]},{"given":"Jinjing","family":"Zhao","sequence":"additional","affiliation":[]},{"given":"Huaimin","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Jiannong","family":"Cao","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"27_CR1","unstructured":"Zombie PCs: Silent, Growing Threat. PC World (July 2004), \n                  \n                    http:\/\/www.pcworld.com\/news\/article\/0,aid,116841,00.asp"},{"key":"27_CR2","unstructured":"Microsoft: Windows Malicious Software Removal Tool, \n                  \n                    http:\/\/www.microsoft.com\/security\/malwareremove\/"},{"key":"27_CR3","unstructured":"Naraine, R.: Microsoft: Stealth Rootkits Are Bombarding XP SP2 Boxes (December 2005), \n                  \n                    http:\/\/www.eweek.com\/article2\/0,1895,1896605,00.asp"},{"key":"27_CR4","unstructured":"Wang, Y.-M., Beck, D., Vo, B., Roussev, R., Verbowski, C.: Detecting Stealth Software with Strider GhostBuster. In: Proceedings of 35th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN 2005), pp. 368\u2013377 (2005)"},{"key":"27_CR5","unstructured":"Silberman, P., C.H.A.O.S. : FUTo: Bypassing Blacklight and IceSword (2007), \n                  \n                    https:\/\/www.rootkit.com\/newsread.php?newsid=433"},{"key":"27_CR6","unstructured":"Effective file hiding : Bypassing Raw File System I\/O Rootkit Detector, \n                  \n                    http:\/\/www.rootkit.com\/newsread.php?newsid=690"},{"key":"27_CR7","unstructured":"Bypassing Klister 0.4 with No Hooks or Running a Controlled Thread Scheduler, \n                  \n                    http:\/\/hi-tech.nsys.by\/33\/"},{"key":"27_CR8","doi-asserted-by":"crossref","unstructured":"Jung, J., Paxson, V., Berger, A.W., Balakrishnan, H.: Fast Portscan Detection Using Sequential Hypothesis Testing. In: IEEE Symposium on Security and Privacy (2004)","DOI":"10.1109\/SECPRI.2004.1301325"},{"key":"27_CR9","unstructured":"Goldberg, R.P.: Architectural Principles for Virtual Computer Systems, Ph.D. Thesis. Harvard University, Cambridge, MA (1972)"},{"key":"27_CR10","doi-asserted-by":"crossref","first-page":"48","DOI":"10.1109\/MC.2005.163","volume":"38","author":"R. Uhlig","year":"2005","unstructured":"Uhlig, R., Neiger, G., Rodgers, D., Santoni, A.L., Martins, F.C.M., Anderson, A.V., Bennett, S.M., K\u00e4gi, A., Leung, F.H., Smith, L.: Intel Virtualization Technology. IEEE Computer\u00a038, 48\u201356 (2005)","journal-title":"IEEE Computer"},{"key":"27_CR11","unstructured":"AMD: AMD64 Vrtualization Codenamed pacifica Technology: Secure Virtual Machine Architecture Reference Manual (May 2005)"},{"key":"27_CR12","doi-asserted-by":"crossref","unstructured":"Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauery, R., Pratt, I., Warfield, A.: Xen and the Art of Virtualization. In: Proceedings of the 19th ACM Symposium on Operating Systems Principles (SOSP 2003), pp. 164\u2013177 (2003)","DOI":"10.1145\/945445.945462"},{"key":"27_CR13","unstructured":"Garfinkel, T., Rosenblum, M.: A Virtual Machine Introspection Based Architecture for Intrusion Detection. In: Proceedings of Network and Distributed System Security Symposium (NDSS 2003) (2003)"},{"key":"27_CR14","doi-asserted-by":"crossref","unstructured":"Wen, Y., Zhao, J., Wang, H.: Implicit Detection of Hidden Processes with a Local-Booted Virtual Machine. In: Proceedings of 2th International Conference on Information Security and Assurance (ISA 2008), pp. 150\u2013155 (2008)","DOI":"10.1109\/ISA.2008.22"},{"key":"27_CR15","unstructured":"Aphex: AFX Windows Rootkit (2003), \n                  \n                    http:\/\/www.iamaphex.cjb.net"},{"key":"27_CR16","unstructured":"Hacker Defender, \n                  \n                    http:\/\/hxdef.org\/"},{"key":"27_CR17","unstructured":"fuzen_op: FU Rootkit, \n                  \n                    http:\/\/www.rootkit.com\/project.php?id=12"},{"key":"27_CR18","unstructured":"PE386: phide_ex -untimate process hiding example, \n                  \n                    http:\/\/forum.sysinternals.com\/printer_friendly_posts.asp?TID=8527"},{"key":"27_CR19","unstructured":"Anti Rootkit Group, \n                  \n                    http:\/\/www.antirootkit.com\/blog\/"},{"key":"27_CR20","unstructured":"F-Secure Blacklight, \n                  \n                    http:\/\/www.f-secure.com\/blacklight\/"},{"key":"27_CR21","unstructured":"DarkSpy, \n                  \n                    http:\/\/www.fyyre.net\/~cardmagic\/index_en.html"},{"key":"27_CR22","unstructured":"Icesword, \n                  \n                    http:\/\/pjf.blogcn.com\/index.shtml"},{"key":"27_CR23","unstructured":"RootKit Unhooker, \n                  \n                    http:\/\/www.antirootkit.com\/software\/RootKit-Unhooker.htm"},{"key":"27_CR24","unstructured":"UnHackMe, \n                  \n                    http:\/\/www.greatis.com\/unhackme\/"},{"key":"27_CR25","unstructured":"Gmer, \n                  \n                    http:\/\/www.gmer.net\/index.php"},{"key":"27_CR26","unstructured":"Kernel Hidden Process\/Module Checker, \n                  \n                    http:\/\/www.security.org.sg\/code\/kproccheck.html"},{"key":"27_CR27","unstructured":"Process Hunter, \n                  \n                    http:\/\/ms-rem.dot-link.net\/"},{"key":"27_CR28","unstructured":"TaskInfo, \n                  \n                    http:\/\/www.iarsn.com\/taskinfo.html"},{"key":"27_CR29","doi-asserted-by":"crossref","unstructured":"Adams, K., Agesen, O.: A Comparison of Software and Hardware Techniques for x86 Virtualization. In: Proceedings of The 12th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2006), pp. 2\u201313 (2006)","DOI":"10.1145\/1168857.1168860"},{"key":"27_CR30","unstructured":"Petroni, N.L., Fraser, T., Molina, J., Arbaugh, W.A.: Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor. In: Proceedings of the 13th USENIX Security Symposium, pp. 179\u2013194 (2004)"},{"key":"27_CR31","doi-asserted-by":"crossref","unstructured":"Joshi, A., King, S.T., Dunlap, G.W., Chen, P.M.: Detecting Past and Present Intrusions through Vulnerability-Specific Predicates. In: Proceedings of the 20th ACM Symposium on Operating Systems Principles (SOSP 2005), Brighton, United Kingdom, pp. 91\u2013104 (2005)","DOI":"10.1145\/1095810.1095820"},{"key":"27_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"156","DOI":"10.1007\/978-3-540-76788-6_13","volume-title":"Information Security and Cryptology - ICISC 2007","author":"Y. Wen","year":"2007","unstructured":"Wen, Y., Wang, H.: A Secure Virtual Execution Environment for Untrusted Code. In: Nam, K.-H., Rhee, G. (eds.) ICISC 2007. LNCS, vol.\u00a04817, pp. 156\u2013167. Springer, Heidelberg (2007)"},{"key":"27_CR33","doi-asserted-by":"crossref","unstructured":"Dunlap, G.W., King, S.T., Cinar, S., Basrai, M.A., Chen, P.M.: ReVirt: Enabling Intrusion Analysis through Virtual-Machine Logging and Replay. In: Proceedings of the 5th Symposium on Operating Systems Design and Implementation (OSDI 2002), pp. 211\u2013224 (2002)","DOI":"10.1145\/1060289.1060309"}],"container-title":["Lecture Notes in Computer Science","Information Security and Privacy"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-70500-0_27.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,5,3]],"date-time":"2021-05-03T00:18:45Z","timestamp":1620001125000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-70500-0_27"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["9783540699712","9783540705000"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-70500-0_27","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[]}}