{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T18:52:30Z","timestamp":1771699950426,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":24,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540874027","type":"print"},{"value":"9783540874034","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/978-3-540-87403-4_2","type":"book-chapter","created":{"date-parts":[[2008,9,17]],"date-time":"2008-09-17T11:42:05Z","timestamp":1221651725000},"page":"21-38","source":"Crossref","is-referenced-by-count":44,"title":["Countering Persistent Kernel Rootkits through Systematic Hook Discovery"],"prefix":"10.1007","author":[{"given":"Zhi","family":"Wang","sequence":"first","affiliation":[]},{"given":"Xuxian","family":"Jiang","sequence":"additional","affiliation":[]},{"given":"Weidong","family":"Cui","sequence":"additional","affiliation":[]},{"given":"Xinyuan","family":"Wang","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"2_CR1","unstructured":"The adore Rootkit, http:\/\/lwn.net\/Articles\/75990\/"},{"key":"2_CR2","unstructured":"The Hideme Rootkit, http:\/\/www.sophos.com\/security\/analyses\/viruses-and-spyware\/trojhidemea.html"},{"key":"2_CR3","unstructured":"The Strange Decline of Computer Worms, http:\/\/www.theregister.co.uk\/2005\/03\/17\/f-secure_websec\/print.html"},{"key":"2_CR4","unstructured":"VMware, http:\/\/www.vmware.com\/"},{"key":"2_CR5","doi-asserted-by":"crossref","unstructured":"Agrawal, H., Horgan, J.R.: Dynamic Program Slicing. In: Proceedings of ACM SIGPLAN 1990 Conference on Programming Language Design and Implementation (1990)","DOI":"10.1145\/93542.93576"},{"key":"2_CR6","unstructured":"Bellard, F.: QEMU, a Fast and Portable Dynamic Translator. In: Proc. of USENIX Annual Technical Conference 2005 (FREENIX Track) (July 2005)"},{"key":"2_CR7","unstructured":"Butler, J.: R2\u0302: The Exponential Growth of Rootkit Techniques, http:\/\/www.blackhat.com\/presentations\/bh-usa-06\/BH-US-06-Butler.pdf"},{"key":"2_CR8","unstructured":"Butler, J.: VICE 2.0, http:\/\/www.infosecinstitute.com\/blog\/README_VICE.txt"},{"key":"2_CR9","unstructured":"Chen, S., Xu, J., Sezer, E.C., Gauriar, P., Iyer, R.: Non-Control-Data Attacks Are Realistic Threats. In: Proc. USENIX Security Symposium (August 2005)"},{"key":"2_CR10","unstructured":"Grizzard, J.B.: Towards Self-Healing Systems: Re-Establishing Trust in Compromised Systems. Ph.D. thesis, Georgia Institute of Technology (May 2006)"},{"key":"2_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"198","DOI":"10.1007\/978-3-540-74320-0_11","volume-title":"Recent Advances in Intrusion Detection","author":"X. Jiang","year":"2007","unstructured":"Jiang, X., Wang, X.: \u201cOut-of-the-Box\u201d Monitoring of VM-Based High-Interaction Honeypots. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol.\u00a04637, pp. 198\u2013218. Springer, Heidelberg (2007)"},{"key":"2_CR12","unstructured":"Jiang, X., Wang, X., Xu, D.: \u201cOut-of-the-Box\u201d Semantic View Reconstruction. In: Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS 2007) (October 2007)"},{"key":"2_CR13","unstructured":"Petroni, N., Fraser, T., Walters, A., Arbaugh, W.: An Architecture for Specification-Based Detection of Semantic Integrity Violations in Kernel Dynamic Data. In: Proc. of the 15th USENIX Security Symposium (August 2006)"},{"key":"2_CR14","doi-asserted-by":"crossref","unstructured":"Petroni, N., Hicks, M.: Automated Detection of Persistent Kernel Control-Flow Attacks. In: Proc. of ACM CCS 2007 (October 2007)","DOI":"10.1145\/1315245.1315260"},{"key":"2_CR15","unstructured":"Petroni, N.L., Fraser, T., Molina, J., Arbaugh, W.A.: Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor. In: Proc. of the 13th USENIX Security Symposium (August 2004)"},{"key":"2_CR16","unstructured":"PJF. IceSword, http:\/\/www.antirootkit.com\/software\/IceSword.htm , http:\/\/pjf.blogcn.com\/"},{"key":"2_CR17","unstructured":"Rutkowska, J.: System Virginity Verifier, http:\/\/invisiblethings.org\/papers\/hitb05_virginity_verifier.ppt"},{"key":"2_CR18","unstructured":"Rutkowska, J.: Rootkits vs. Stealth by Design Malware, http:\/\/invisiblethings.org\/papers\/rutkowska_bheurope2006.ppt"},{"key":"2_CR19","unstructured":"sd.: Linux on-the-fly kernel patching without LKM. Phrack\u00a011(58), article 7 of 15 (2001)"},{"key":"2_CR20","doi-asserted-by":"crossref","unstructured":"Seshadri, A., Luk, M., Qu, N., Perrig, A.: SecVisor: A Tiny Hypervisor to Guarantee Lifetime Kernel Code Integrity for Commodity OSes. In: Proc. of the ACM SOSP 2007 (October 2007)","DOI":"10.1145\/1294261.1294294"},{"key":"2_CR21","doi-asserted-by":"crossref","unstructured":"Wang, Y., Beck, D., Vo, B., Roussev, R., Verbowski, C.: Detecting Stealth Software with Strider GhostBuster. In: Proc. of the 2005 International Conference on Dependable Systems and Networks (June 2005)","DOI":"10.1109\/DSN.2005.39"},{"key":"2_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"219","DOI":"10.1007\/978-3-540-74320-0_12","volume-title":"Recent Advances in Intrusion Detection","author":"J. Wilhelm","year":"2007","unstructured":"Wilhelm, J., Chiueh, T.-c.: A Forced Sampled Execution Approach to Kernel Rootkit Identification. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol.\u00a04637, pp. 219\u2013235. Springer, Heidelberg (2007)"},{"key":"2_CR23","unstructured":"Yin, H., Liang, Z., Song, D.: HookFinder: Identifying and Understanding Malware Hooking Behaviors. In: Proc. of ISOC NDSS 2008 (February 2008)"},{"key":"2_CR24","unstructured":"Zhang, X., Gupta, R., Zhang, Y.: Precise Dynamic Slicing Algorithms. In: Proc. of the IEEE\/ACM International Conference on Software Engineering (May 2003)"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-87403-4_2.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,24]],"date-time":"2020-11-24T02:37:27Z","timestamp":1606185447000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-87403-4_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["9783540874027","9783540874034"],"references-count":24,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-87403-4_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[]}}