{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,29]],"date-time":"2025-10-29T03:21:55Z","timestamp":1761708115460},"publisher-location":"Berlin, Heidelberg","reference-count":32,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540743194"},{"type":"electronic","value":"9783540743200"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/978-3-540-74320-0_12","type":"book-chapter","created":{"date-parts":[[2007,8,16]],"date-time":"2007-08-16T13:47:48Z","timestamp":1187272068000},"page":"219-235","source":"Crossref","is-referenced-by-count":44,"title":["A Forced Sampled Execution Approach to Kernel Rootkit Identification"],"prefix":"10.1007","author":[{"given":"Jeffrey","family":"Wilhelm","sequence":"first","affiliation":[]},{"given":"Tzi-cker","family":"Chiueh","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"12_CR1","volume-title":"Rootkits for Dummies","author":"N. Altholz","year":"2006","unstructured":"Altholz, N., Stevenson, L.: Rootkits for Dummies. John Wiley and Sons Ltd, Chichester (2006)"},{"key":"12_CR2","unstructured":"Avira: Avira rootkit detection, http:\/\/www.antirootkit.com\/software\/Avira-Rootkit-Detection.htm"},{"key":"12_CR3","unstructured":"Butler, J.: Vice - catch the hookers! In: Conference Proceedings of Black Hat 2004 (July 2004)"},{"key":"12_CR4","unstructured":"Butler, J., Sparks, S.: Raising the bar for windows rootkit detection. Phrack 63\u00a0(July 2005)"},{"key":"12_CR5","volume-title":"Proceedings of IEEE Symposium on Security and Privacy (Oakland)","author":"M. Christodorescu","year":"2005","unstructured":"Christodorescu, M., Jha, S., Seshia, S., Song, D., Bryant, R.: Semantics-Aware Malware Detection. In: Proceedings of IEEE Symposium on Security and Privacy (Oakland), IEEE Computer Society Press, Los Alamitos (2005)"},{"key":"12_CR6","unstructured":"Cogswell, B., Russinovich, M.: Rootkitrevealer v1.71 (November 2006), http:\/\/www.microsoft.com\/technet\/sysinternals\/utilities\/RootkitRevealer.mspx"},{"key":"12_CR7","unstructured":"Corporation, F.-S.: F-secure blacklight rootkit elimination technology, http:\/\/securityticker.blogspot.com\/2006\/05\/f-secure-backlight.html"},{"key":"12_CR8","unstructured":"Corporation, S.: Norton antivirus, http:\/\/www.symantec.com\/home_homeoffice\/products\/overview"},{"key":"12_CR9","unstructured":"Corporation, S.: Internet security threat report (September 2006), http:\/\/www.symantec.com\/enterprise\/threatreport\/index.jsp"},{"key":"12_CR10","unstructured":"Flake, H.: Automated reverse engineering. In: Proceedings of Black Hat 2004 (July 2004)"},{"key":"12_CR11","unstructured":"Fuzen: Fu rootkit, http:\/\/www.rootkit.com\/project.php"},{"key":"12_CR12","unstructured":"Hoglund, G., Butler, J.: The companion website of the rootkit book, http:\/\/www.rootkit.com"},{"key":"12_CR13","volume-title":"Rootkits: Subverting the Windows Kernel","author":"G. Hoglund","year":"2005","unstructured":"Hoglund, G., Butler, J.: Rootkits: Subverting the Windows Kernel. Addison-Wesley Professional, Reading (2005)"},{"key":"12_CR14","doi-asserted-by":"crossref","unstructured":"Karim, M., Walenstein, A., Lakhotia, A., Parida, L.: Malware phylogeny generation using permutations of code. European Research Journal of Computer Virology (2005)","DOI":"10.1007\/s11416-005-0002-9"},{"key":"12_CR15","unstructured":"Kirda, E., Kruegel, C., Banks, G., Vigna, G., Kemmerer, R.: Behavior-based spyware detection1. In: Proceedings of Usenix Security Symposium (2006)"},{"key":"12_CR16","series-title":"Lecture Notes in Computer Science","volume-title":"Advances in Computer Systems Architecture","author":"C. Kruegel","year":"2004","unstructured":"Kruegel, C., Robertson, W., Vigna, G.: Detecting kernel-level rootkits through binary analysis. In: Yew, P.-C., Xue, J. (eds.) ACSAC 2004. LNCS, vol.\u00a03189, Springer, Heidelberg (2004)"},{"key":"12_CR17","unstructured":"Labs, M.A.: Rootkit detective, http:\/\/vil.nai.com\/vil\/stinger\/"},{"key":"12_CR18","unstructured":"Livingston, B.: Icesword author speaks out on rootkits, http:\/\/itmanagement.earthweb.com\/columns\/executive_tech\/article.php\/3512621"},{"key":"12_CR19","unstructured":"Micro, T.: Rootkitbuster, http:\/\/www.trendmicro.com\/download\/rbuster.asp"},{"key":"12_CR20","volume-title":"Proceedings of 2007 IEEE Symposium on Security and Privacy","author":"A. Moser","year":"2007","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Exploring Multiple Execution Paths for Malware Analysis. In: Proceedings of 2007 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos (2007)"},{"key":"12_CR21","unstructured":"Petroni, N., Fraser, T., Molina, J., Arbaugh, W.: Copilot - a coprocessor-based kernel runtime integrity monitor. In: Proceedings of Usenix Security Symposium (August 2004)"},{"key":"12_CR22","unstructured":"Research, P.: Rootkit cleaner, http:\/\/research.pandasoftware.com\/blogs\/research\/archive\/2006\/12\/14\/Rootkit-cleaner.aspx"},{"key":"12_CR23","unstructured":"Rutkowska, J.: Red pill or how to detect vmm using (almost) one cpu instruction, http:\/\/www.invisiblethings.org\/papers\/redpill.html"},{"key":"12_CR24","unstructured":"Rutkowska, J.: Thoughts about cross-view based rootkit detection (June 2005), http:\/\/www.invisiblethings.org\/papers\/crossview_detection_thoughts.pdf"},{"key":"12_CR25","unstructured":"Rutkowska, J.: Rootkits detection on windows systems. In: Proceedings of ITUnderground Conference 2004 (October 2004)"},{"key":"12_CR26","unstructured":"Rutkowska, J.: System virginity verifier: Defining the roadmap for malware detection on windows systems (September 2005), http:\/\/www.invisiblethings.org\/papers\/hitb05_virginity_verifier.ppt"},{"key":"12_CR27","unstructured":"Sabin, T.: Comparing binaries with graph isomorphisms, http:\/\/www.bindview.com\/Services\/Razor\/Papers\/2004\/comparing_binaries.cfm"},{"key":"12_CR28","unstructured":"Sophos: Sophos anti-rootkit, http:\/\/www.sophos.com\/products\/free-tools\/sophos-anti-rootkit.html"},{"key":"12_CR29","doi-asserted-by":"crossref","unstructured":"Stamp, M., Wong, W.: Hunting for metamorphic engines. Journal in Computer Virology\u00a02(3) (December 2006)","DOI":"10.1007\/s11416-006-0028-7"},{"key":"12_CR30","unstructured":"Wang, Y., Beck, D., Roussev, R., Verbowski, C.: Detecting stealth software with strider ghostbuster. In: Proc. Int. Conf. on Dependable Systems and Networks (DSN-DCCS) (June 2005)"},{"key":"12_CR31","unstructured":"Wang, Y., Roussev, R., Verbowski, C., Johnson, A., Wu, M., Huang, Y., Kuo, S.: Gatekeeper: Monitoring auto-start extensibility points (aseps) for spyware management. In: Proceedings of Usenix Large Installation System Administration Conference (LISA) (2004)"},{"key":"12_CR32","unstructured":"Wikipedia: Naive bayes classifier, http:\/\/en.wikipedia.org\/wiki\/Naive_Bayes_classifier"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-74320-0_12.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,19]],"date-time":"2020-11-19T05:21:33Z","timestamp":1605763293000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-74320-0_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["9783540743194","9783540743200"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-74320-0_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[]}}