{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,28]],"date-time":"2025-09-28T20:48:29Z","timestamp":1759092509778,"version":"3.33.0"},"publisher-location":"Berlin, Heidelberg","reference-count":32,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540743194"},{"type":"electronic","value":"9783540743200"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/978-3-540-74320-0_16","type":"book-chapter","created":{"date-parts":[[2007,8,16]],"date-time":"2007-08-16T13:47:48Z","timestamp":1187272068000},"page":"296-316","source":"Crossref","is-referenced-by-count":9,"title":["SpyShield: Preserving Privacy from Spy Add-Ons"],"prefix":"10.1007","author":[{"given":"Zhuowei","family":"Li","sequence":"first","affiliation":[]},{"given":"XiaoFeng","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Jong Youl","family":"Choi","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"16_CR1","unstructured":"Browser extensions, http:\/\/msdn.microsoft.com\/workshop\/browser\/ext\/extensions.asp"},{"key":"16_CR2","unstructured":"The home of spybot search & destroy, http:\/\/www.safer-networking.org\/"},{"key":"16_CR3","unstructured":"Mozillazine: Extension development, http:\/\/kb.mozillazine.org\/Dev_:_Extensions"},{"key":"16_CR4","unstructured":"State of Spyware Q2 2006: Consumer Report, http:\/\/www.webroot.com\/resources\/stateofspyware\/excerpt.html"},{"key":"16_CR5","unstructured":"Wireshark, http:\/\/www.wireshark.org\/"},{"key":"16_CR6","unstructured":"DCOM technical overview (1996), http:\/\/msdn2.microsoft.com\/en-us\/library\/ms809340.aspx"},{"key":"16_CR7","unstructured":"XPCOM Part 1: An introduction to XPCOM (1996), http:\/\/www-128.ibm.com\/developerworks\/webservices\/library\/co-xpcom.html"},{"key":"16_CR8","unstructured":"Microsoft Next-Generation Secure Computing Base - Technical FAQ (July 2003), http:\/\/www.microsoft.com\/technet\/archive\/security\/news\/ngscb.mspx?mfr=true"},{"key":"16_CR9","unstructured":"Ucmore toolbar, the search accelerator (2007), http:\/\/www.ucmore.com\/"},{"key":"16_CR10","unstructured":"Snort developed by sourcefire (January 2006), http:\/\/www.snort.org\/"},{"key":"16_CR11","doi-asserted-by":"crossref","unstructured":"Bell, D.E., LaPadula, L.J.: Secure computer systems: Unified exposition and multics interpretation. MTR-2997, available as NTIS AD-A023 588, MITRE Corporation (1976)","DOI":"10.21236\/ADA023588"},{"key":"16_CR12","doi-asserted-by":"publisher","first-page":"110","DOI":"10.1145\/1030083.1030100","volume-title":"Proceedings of the 11th ACM conference on Computer and communications security","author":"K. Borders","year":"2004","unstructured":"Borders, K., Prakash, A.: Web tap: detecting covert web traffic. In: Proceedings of the 11th ACM conference on Computer and communications security, pp. 110\u2013120. ACM Press, New York (2004)"},{"key":"16_CR13","first-page":"78","volume-title":"IEEE S&P","author":"K. Borders","year":"2006","unstructured":"Borders, K., Zhao, X., Prakash, A.: Siren: Catching evasive malware (short paper). In: IEEE S&P, pp. 78\u201385. IEEE Computer Society Press, Los Alamitos (2006)"},{"key":"16_CR14","unstructured":"Brumley, D., Song, D.X.: Privtrans: Automatically partitioning programs for privilege separation. In: USENIX Security Symposium, pp. 57\u201372 (2004)"},{"key":"16_CR15","unstructured":"Egele, M., Kruegel, C., Kirda, E., Yin, H., Song, D.: Dynamic Spyware Analysis. In: Usenix Annual Technical Conference, USA (June 2007)"},{"key":"16_CR16","unstructured":"Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: NDSS (2003)"},{"key":"16_CR17","unstructured":"Jackson, C., Boneh, D., Mitchell, J.C.: Stronger password authentication using virtual machines. Stanford University (submission, 2006)"},{"key":"16_CR18","doi-asserted-by":"crossref","unstructured":"Khatiwala, T., Swaminathan, R., Venkatakrishnan, V.: Data sandboxing: A technique for enforcing confidentiality policies. In: ACSAC (December 2006)","DOI":"10.1109\/ACSAC.2006.22"},{"key":"16_CR19","unstructured":"Kirda, E., Kruegel, C., Banks, G., Vigna, G., Kemmerer, R.: Behavior-based spyware detection. In: Proceedings of 15th USENIX Security Symposium (August 2006)"},{"key":"16_CR20","unstructured":"Mani, V.: Cross Process Subclassing (2003), http:\/\/www.codeproject.com\/dll\/subhook.asp"},{"key":"16_CR21","unstructured":"McCune, J.M., Perrig, A., Reiter, M.K.: Bump in the ether: A framework for securing sensitive user input. In: Proceedings of the USENIX Annual Technical Conference, June 2006, pp. 185\u2013198 (2006)"},{"key":"16_CR22","unstructured":"Newsome, J., Song, D.X.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: NDSS (2005)"},{"issue":"23-24","key":"16_CR23","doi-asserted-by":"publisher","first-page":"2435","DOI":"10.1016\/S1389-1286(99)00112-7","volume":"31","author":"V. Paxson","year":"1999","unstructured":"Paxson, V.: Bro: a system for detecting network intruders in real-time. Computer Networks\u00a031(23-24), 2435\u20132463 (1999)","journal-title":"Computer Networks"},{"key":"16_CR24","doi-asserted-by":"crossref","unstructured":"Rubin, S., Jha, S., Miller, B.P.: Automatic generation and analysis of nids attacks. In: ACSAC, pp. 28\u201338 (2004)","DOI":"10.1109\/CSAC.2004.9"},{"issue":"7","key":"16_CR25","doi-asserted-by":"publisher","first-page":"388","DOI":"10.1145\/361011.361067","volume":"17","author":"J.H. Saltzer","year":"1974","unstructured":"Saltzer, J.H.: Protection and the control of information sharing in miltics. Communications of the ACM\u00a017(7), 388\u2013402 (1974)","journal-title":"Communications of the ACM"},{"key":"16_CR26","volume-title":"Undocumented Windows 2000 Secret: a programmers cookbook","author":"S.B. Schreiber","year":"2001","unstructured":"Schreiber, S.B.: Undocumented Windows 2000 Secret: a programmers cookbook, May 2001. Addison-Wesley, Reading (2001)"},{"key":"16_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"294","DOI":"10.1007\/3-540-39200-9_18","volume-title":"Advances in Cryptology \u2013 EUROCRPYT 2003","author":"L. Ahn von","year":"2003","unstructured":"von Ahn, L., Blum, M., Hopper, N.J., Langford, J.: CAPTCHA: Using Hard AI Problems for Security. In: Biham, E. (ed.) Advances in Cryptology \u2013 EUROCRPYT 2003. LNCS, vol.\u00a02656, pp. 294\u2013311. Springer, Heidelberg (2003)"},{"key":"16_CR28","series-title":"Lecture Notes in Computer Science","volume-title":"Advances in Computer Systems Architecture","author":"H. Wang","year":"2006","unstructured":"Wang, H., Jha, S., Ganapathy, V.: NetSpy: Automatic Generation of Spyware Signatures for NIDS. In: Jesshope, C., Egan, C. (eds.) ACSAC 2006. LNCS, vol.\u00a04186, Springer, Heidelberg (2006)"},{"key":"16_CR29","unstructured":"Wang, Y.-M., Roussev, R., Verbowski, C., Johnson, A., Wu, M.-W., Huang, Y., Kuo, S.-Y.: Gatekeeper: Monitoring Auto-Start Extensibility Points (ASEPs) for Spyware Management. In: USENIX LISA 2004 (2004)"},{"key":"16_CR30","unstructured":"Wang, Y.-M., Vo, B., Roussev, R., Verbowski, C., Johnson, A.: Strider ghostbuster: Why it\u2019s a bad idea for stealth software to hide files. Technical Report MSR-TR-2004-71, Microsoft Research (2004)"},{"key":"16_CR31","unstructured":"Willliams, S., Kindel, C.: The component object model: A technical overview (October 1994), http:\/\/msdn2.microsoft.com\/en-us\/library\/ms809980.aspx"},{"key":"16_CR32","doi-asserted-by":"crossref","unstructured":"Xu, W., Bhatkar, S., Sekar, R.: Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks. In: Proceedings of the 15th USENIX Security Symposium, Vancouver, BC, Canada (August 2006)","DOI":"10.1109\/SP.2006.12"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-74320-0_16.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,20]],"date-time":"2025-01-20T11:49:43Z","timestamp":1737373783000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-74320-0_16"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["9783540743194","9783540743200"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-74320-0_16","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[]}}