{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,28]],"date-time":"2026-03-28T17:00:13Z","timestamp":1774717213507,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":62,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540743194","type":"print"},{"value":"9783540743200","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/978-3-540-74320-0_11","type":"book-chapter","created":{"date-parts":[[2007,8,16]],"date-time":"2007-08-16T13:47:48Z","timestamp":1187272068000},"page":"198-218","source":"Crossref","is-referenced-by-count":62,"title":["\u201cOut-of-the-Box\u201d Monitoring of VM-Based High-Interaction Honeypots"],"prefix":"10.1007","author":[{"given":"Xuxian","family":"Jiang","sequence":"first","affiliation":[]},{"given":"Xinyuan","family":"Wang","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"11_CR1","unstructured":"Agobot, http:\/\/www.f-secure.com\/v-descs\/agobot.shtml"},{"key":"11_CR2","unstructured":"Ethereal: A Network Protocol Analyzer, http:\/\/www.ethereal.com"},{"key":"11_CR3","unstructured":"Linux\/unix nbench, http:\/\/www.tux.org\/mayer\/linux\/bmark.html"},{"key":"11_CR4","unstructured":"Sebek, http:\/\/www.honeynet.org\/tools\/sebek\/"},{"key":"11_CR5","unstructured":"Syscalltrack: http:\/\/syscalltrack.sourceforge.net\/"},{"key":"11_CR6","unstructured":"Tcpdump, http:\/\/www.tcpdump.org"},{"key":"11_CR7","unstructured":"The adore-ng Rootkit, http:\/\/stealth.openwall.net\/rootkits\/"},{"key":"11_CR8","unstructured":"http:\/\/httpd.apache.org"},{"key":"11_CR9","unstructured":"The Honeynet Project, http:\/\/www.honeynet.org"},{"key":"11_CR10","unstructured":"The Strange Decline of Computer Worms, http:\/\/www.theregister.co.uk\/2005\/03\/17\/f-secure_websec\/print.html"},{"key":"11_CR11","unstructured":"TRANGO, the Real-Time Embedded Hypervisor, http:\/\/www.trango-systems.com\/"},{"key":"11_CR12","unstructured":"Unixbench, http:\/\/www.tux.org\/pub\/tux\/benchmarks\/System\/unixbench"},{"key":"11_CR13","unstructured":"Uuencoding, http:\/\/en.wikipedia.org\/wiki\/Uuencode"},{"key":"11_CR14","unstructured":"VirtualBox, http:\/\/www.virtualbox.org\/"},{"key":"11_CR15","unstructured":"Virus Writers Get Stealthy, http:\/\/news.zdnet.co.uk\/internet\/security\/0,39020375,39191840,00.htm"},{"key":"11_CR16","unstructured":"VMware, http:\/\/www.vmware.com\/"},{"key":"11_CR17","unstructured":"CERT Advisory CA-2001-31 Buffer Overflow in CDE Subprocess Control Service (January 2002), http:\/\/www.cert.org\/advisories\/CA-2001-31.html"},{"key":"11_CR18","unstructured":"CERT Advisory CA-2002-17 Apache Web Server Chunk Handling Vulnerability (March 2003), http:\/\/www.cert.org\/advisories\/CA-2002-17.html"},{"key":"11_CR19","unstructured":"Linux Kernel Ptrace Privilege Escalation Vulnerability (March 2003), http:\/\/www.secunia.com\/advisories\/8337\/"},{"key":"11_CR20","unstructured":"Windows WMF Zero-Day Attack (December 2005), http:\/\/www.counterpane.com\/alert-cis-ra-0030-01.html"},{"key":"11_CR21","unstructured":"Windows PowerPoint Zero-Day Attack, http:\/\/www.eweek.com\/article2\/0,1895,1988874,00.asp"},{"key":"11_CR22","unstructured":"Windows Word Zero-Day Attack, http:\/\/www.eweek.com\/article2\/0,1895,1965042,00.asp"},{"key":"11_CR23","unstructured":"Anagnostakis, K.G., Sidiroglou, S., Akritidis, P., Xinidis, K., Markatos, E., Keromytis, A.D.: Detecting Targeted Attacks Using Shadow Honeypots. In: Proc. of the 14th USENIX Security Symposium (August 2005)"},{"key":"11_CR24","volume-title":"Proc. of the 1997 IEEE Symposium on Security and Privacy","author":"W.A. Arbaugh","year":"1997","unstructured":"Arbaugh, W.A., Farbert, D,J., Smith, J.M.: A Secure and Reliable Bootstrap Architecture. In: Proc. of the 1997 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos (1997)"},{"key":"11_CR25","doi-asserted-by":"crossref","unstructured":"Asrigo, K., Litty, L., Lie, D.: Using VMM-Based Sensors to Monitor Honeypots. In: Proc. of the 2nd VEE (June 2006)","DOI":"10.1145\/1134760.1134765"},{"key":"11_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/11856214_9","volume-title":"Recent Advances in Intrusion Detection","author":"P. Baecher","year":"2006","unstructured":"Baecher, P., Koetter, M., Holz, T., Dornseif, M., Freiling, F.: The Nepenthes Platform: An Efficient Approach to Collect Malware. In: Zamboni, D., Kruegel, C. (eds.) RAID 2006. LNCS, vol.\u00a04219, Springer, Heidelberg (2006)"},{"key":"11_CR27","doi-asserted-by":"crossref","unstructured":"Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Neugebauer, R., Ho, A., Pratt, I., Warfield, A.: Xen and the Art of Virtualization. In: Proc. of the 2003 SOSP (October 2003)","DOI":"10.1145\/945445.945462"},{"key":"11_CR28","unstructured":"Bayer, U., Kruegel, C., Kirda, E.: TTAnalyze: A Tool for Analyzing Malware. In: Proc. of the 15th European Institute for Computer Antivirus Research Annual Conference (April 2006)"},{"key":"11_CR29","unstructured":"Bellard, F.: QEMU, a Fast and Portable Dynamic Translator. In: Proc. of USENIX Annual Technical Conference 2005 (FREENIX Track) (July 2005)"},{"key":"11_CR30","unstructured":"Bryant, E., Early, J., Gopalakrishna, R., Roth, G., Spafford, E.H., Watson, K., Williams, P., Yost, S.: Poly2 Paradigm: A Secure Network Service Architecture. In: Proc. of the 19th ACSAC (December 2003)"},{"key":"11_CR31","unstructured":"Chen, P.M., Noble, B.D.: When Virtual is Better Than Real. HotOS VIII (2001)"},{"key":"11_CR32","unstructured":"Corey, J.: Local Honeypot Identification. Phrack 62, article 07 of 15 (July 2004)"},{"key":"11_CR33","series-title":"Lecture Notes in Computer Science","volume-title":"Recent Advances in Intrusion Detection","author":"D. Dagon","year":"2004","unstructured":"Dagon, D., Qin, X., Gu, G., Lee, W., Grizzard, J., Levine, J., Owen, H.: HoneyStat: Local Worm Detection Using Honeypots. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol.\u00a03224, Springer, Heidelberg (2004)"},{"key":"11_CR34","unstructured":"Dike, J.: User Mode Linux, http:\/\/user-mode-linux.sourceforge.net"},{"key":"11_CR35","volume-title":"Proc. of the 5th Annual IEEE Information Assurance Workshop","author":"M. Dornseif","year":"2004","unstructured":"Dornseif, M., Holz, T., Klein, C.: NoSEBrEaK - Attacking Honeynets. In: Proc. of the 5th Annual IEEE Information Assurance Workshop, Westpoint, June 2004, IEEE Computer Society Press, Los Alamitos (2004)"},{"key":"11_CR36","doi-asserted-by":"crossref","unstructured":"Dunlap, G.W., King, S.T., Cinar, S., Basrai, M.A., Chen, P.M.: ReVirt: Enabling Intrusion Analysis Through Virtual-Machine Logging and Replay. In: Proc. of the 2002 OSDI (December 2002)","DOI":"10.1145\/1060289.1060309"},{"key":"11_CR37","unstructured":"Franklin, J., Luk, M., McCune, J.M., Seshadri, A., Perrig, A., van Doorn, L.: Remote Detection of Virtual Machine Monitors with Fuzzy Benchmarking. Technical Report, CMU-CyLab-07-001 (January 2007)"},{"key":"11_CR38","unstructured":"Garfinkel, T., Rosenblum, M.: A Virtual Machine Introspection Based Architecture for Intrusion Detection. In: Proc. of the 2003 NDSS (February 2003)"},{"key":"11_CR39","unstructured":"Jiang, X., Xu, D.: Collapsar: A VM-Based Architecture for Network Attack Detention Center. In: Proc. of the 13th USENIX Security Symposium (August 2004)"},{"key":"11_CR40","unstructured":"Jones, S.T., Arpaci-Dusseau, A.C., Arpaci-Dusseau, R.H.: Antfarm: Tracking Processes in a Virtual Machine Environment. In: Proc. of the 2006 USENIX Annual Technical Conference (March 2006)"},{"key":"11_CR41","doi-asserted-by":"crossref","unstructured":"Joshi, A., King, S.T., Dunlap, G.W., Chen, P.M.: Detecting Past and Present Intrusions through Vulnerability-specific Predicates. In: Proc. of the 2005 Symposium on Operating Systems Principles (SOSP) (October 2005)","DOI":"10.1145\/1095810.1095820"},{"key":"11_CR42","volume-title":"Proc. of the 19th ACM Symposium on Operating Systems Principles","author":"S.T. King","year":"2003","unstructured":"King, S.T., Chen, P.M.: Backtracking Intrusions. In: Proc. of the 19th ACM Symposium on Operating Systems Principles, October 2003, ACM Press, New York (2003)"},{"key":"11_CR43","unstructured":"King, S.T., Dunlap, G.W., Chen, P.M.: Debugging Operating Systems with Time-Traveling Virtual Machines. In: Proc. of the 2005 Annual USENIX Technical Conference (2005)"},{"key":"11_CR44","volume-title":"Proc. of the 2006 IEEE Symposium on Security and Privacy","author":"S.T. King","year":"2006","unstructured":"King, S.T., Chen, P.M., Wang, Y.-M., Verbowski, C., Wang, H.J., Lorch, J.R.: SubVirt: Implementing Malware with Virtual Machines. In: Proc. of the 2006 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos (2006)"},{"key":"11_CR45","volume-title":"Proc. of the 2005 IEEE Symposium on Security and Privacy","author":"T. Kohno","year":"2005","unstructured":"Kohno, T., Broido, A., claffy, k.: Remote Physical Device Fingerprinting. In: Proc. of the 2005 IEEE Symposium on Security and Privacy, May 2005, IEEE Computer Society Press, Los Alamitos (2005)"},{"key":"11_CR46","volume-title":"Proc. of the 1st ACM\/USENIX International Conference on Virtual Execution Environments","author":"T. Koju","year":"2005","unstructured":"Koju, T., Takada, S., Doi, N.: An Efficient and Generic Reversible Debugger using the Virtual Machine based Approach. In: Proc. of the 1st ACM\/USENIX International Conference on Virtual Execution Environments, June 2005, ACM Press, New York (2005)"},{"key":"11_CR47","volume-title":"Proc. of the 1st ACM\/USENIX International Conference on Virtual Execution Environments","author":"K. Kourai","year":"2005","unstructured":"Kourai, K., Chiba, S.: HyperSpector: Virtual Distributed Monitoring Environments for Secure Intrusion Detection. In: Proc. of the 1st ACM\/USENIX International Conference on Virtual Execution Environments, June 2005, ACM Press, New York (2005)"},{"key":"11_CR48","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/11856214_10","volume-title":"Recent Advances in Intrusion Detection","author":"C. Leita","year":"2006","unstructured":"Leita, C., Dacier, M., Massicotte, F.: Automatic Handling of Protocol Dependencies and Reaction to 0-day Attacks with ScriptGen based Honeypots. In: Zamboni, D., Kruegel, C. (eds.) RAID 2006. LNCS, vol.\u00a04219, Springer, Heidelberg (2006)"},{"key":"11_CR49","unstructured":"Liston, T.: On the Cutting Edge: Thwarting Virtual Machine Detection (Invited Talk at NDSS 2007), http:\/\/handlers.sans.org\/tliston\/ThwartingVMDetection_Liston_Skoudis.pdf"},{"key":"11_CR50","unstructured":"Meushaw, R., Simard, D.: NetTop: Commercial Technology in High Assurance Applications. Tech Trend Notes: Preview of Tomorrow\u2019s Information Technologies (2000)"},{"key":"11_CR51","unstructured":"Perriot, F., Szor, P.: An Analysis of the Slapper Worm Exploit. Symantec White Paper, http:\/\/securityresponse.symantec.com\/avcenter\/reference\/analysis.slapper.worm.pdf"},{"key":"11_CR52","unstructured":"Provos, N.: A Virtual Honeypot Framework. In: Proc. of the 13th USENIX Security Symposium (August 2004)"},{"key":"11_CR53","unstructured":"Quynh, N.A.: Xebek: A Next Generation Honeypot Monitoring System (February 2006), http:\/\/www.eusecwest.com\/esw06\/esw06-nguyen.ppt"},{"key":"11_CR54","unstructured":"Rutkowska, J.: Subverting Vista Kernel For Fun And Profit. Blackhat (2006)"},{"key":"11_CR55","unstructured":"Sailer, R., Valdez, E., Jaeger, T., Perez, R., van Doorn, L., Griffin, J.L., Berger, S.: sHype: Secure Hypervisor Approach to Trusted Virtualized Systems. IBM Research Report RC23511 (February 2005)"},{"key":"11_CR56","unstructured":"sd: Linux on-the-fly kernel patching without LKM. Phrack, 11(58), article 7 of 15 (2001)"},{"key":"11_CR57","doi-asserted-by":"crossref","unstructured":"Seshadri, A., Luk, M., Shi, E., Perrig, A., van Doorn, L., Khosla, P.: Pioneer: Verifying Integrity and Guaranteeing Execution of Code on Legacy Platforms. In: Proc. of the 2005 SOSP (October 2005)","DOI":"10.1145\/1095810.1095812"},{"key":"11_CR58","volume-title":"Proc. of the 20th ACM Symposium on Operating Systems Principles","author":"M. Vrable","year":"2005","unstructured":"Vrable, M., Ma, J., Chen, J., Moore, D., Vandekieft, E., Snoeren, A.C., Voelker, G.M., Savage, S.: Scalability, Fidelity and Containment in the Potemkin Virtual Honeyfarm. In: Proc. of the 20th ACM Symposium on Operating Systems Principles, October 2005, ACM Press, New York (2005)"},{"key":"11_CR59","unstructured":"Wang, Y.-M., Beck, D., Jiang, X., Roussev, R., Verbowski, C., Chen, S., King, S.: Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities. In: Proc. of the 2006 NDSS (February 2006)"},{"key":"11_CR60","doi-asserted-by":"crossref","unstructured":"Whitaker, A., Cox, R.S., Gribble, S.D.: Using Time Travel to Diagnose Computer Problems. In: Proc. of the 11th SIGOPS European Workshop (September 2004)","DOI":"10.1145\/1133572.1133607"},{"key":"11_CR61","volume-title":"Proc. of the 12th ACM Symposium on Access Control Models and Technologies","author":"M. Xu","year":"2007","unstructured":"Xu, M., Jiang, X., Sandhu, R., Zhang, X.: Towards a VMM-based Usage Control Framework for OS Kernel Integrity Protection. In: Proc. of the 12th ACM Symposium on Access Control Models and Technologies, June 2007, ACM Press, New York (2007)"},{"key":"11_CR62","unstructured":"Zovi, D.D.: Hardware Virtualization Based Rootkits. Blackhat 2006 (August 2006)"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-74320-0_11.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,19]],"date-time":"2020-11-19T05:21:33Z","timestamp":1605763293000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-74320-0_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["9783540743194","9783540743200"],"references-count":62,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-74320-0_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[]}}