{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T18:52:29Z","timestamp":1771699949892,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":39,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540874027","type":"print"},{"value":"9783540874034","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/978-3-540-87403-4_5","type":"book-chapter","created":{"date-parts":[[2008,9,17]],"date-time":"2008-09-17T11:42:05Z","timestamp":1221651725000},"page":"78-97","source":"Crossref","is-referenced-by-count":56,"title":["A Layered Architecture for Detecting Malicious Behaviors"],"prefix":"10.1007","author":[{"given":"Lorenzo","family":"Martignoni","sequence":"first","affiliation":[]},{"given":"Elizabeth","family":"Stinson","sequence":"additional","affiliation":[]},{"given":"Matt","family":"Fredrikson","sequence":"additional","affiliation":[]},{"given":"Somesh","family":"Jha","sequence":"additional","affiliation":[]},{"given":"John C.","family":"Mitchell","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"5_CR1","unstructured":"Symantec Internet Security Threat Report, Trends for January-June 07, Volume XII (September 2007)"},{"key":"5_CR2","unstructured":"Keizer, G.: Bot Networks Behind Big Boos. In: Phishing Attacks. TechWeb (November 2004)"},{"key":"5_CR3","unstructured":"Parizo, E.: New bots, worm threaten AIM network. SearchSecurity (December 2005)"},{"key":"5_CR4","unstructured":"Naraine, R.: Money Bots: Hackers Cas. In on Hijacked PCs. eWeek (September 2006)"},{"key":"5_CR5","unstructured":"Overton, M.: Bots and Botnets: Risks, Issues, and Prevention. In: Virus Bulletin Conference (October 2005)"},{"key":"5_CR6","doi-asserted-by":"crossref","unstructured":"Ianelli, N., Hackworth, A.: Botnets as a Vehicle for Online Crime. CERT Coordination Center (December 2005)","DOI":"10.5769\/C2006003"},{"key":"5_CR7","unstructured":"Ilett, D.: Most spam generated by botnets, says expert. ZDNet UK (September 22, 2004)"},{"key":"5_CR8","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Jha, S.: Testing Malware Detectors. In: Proc. of the International Symposium on Software Testing and Analysis (July 2004)","DOI":"10.1145\/1007512.1007518"},{"key":"5_CR9","unstructured":"SRI Honeynet and BotHunter Malware Analysis Automatic Summary Analysis"},{"key":"5_CR10","unstructured":"Jevans, D.: The Latest Trends in Phishing, Crimeware and Cash-Out Schemes. Private correspondence"},{"key":"5_CR11","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Jha, S., Kruegel, C.: Mining specifications of malicious behavior. In: Proc. of the the 6th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (August 2007)","DOI":"10.1145\/1287624.1287628"},{"key":"5_CR12","unstructured":"NoAH Foundation: Containment Environment Design"},{"key":"5_CR13","unstructured":"Chen, P., Noble, B.: When Virtual is Better than Real. In: Proceedings of HotOS-VIII: 8th Workshop on Hot Topics in Operating Systems"},{"key":"5_CR14","unstructured":"Petritsch, H.: Understanding and Replaying Network Traffic in Windows XP for Dynamic Malware Analysis. Master\u2019s Thesis (February 2007)"},{"key":"5_CR15","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Jha, S., Seshia, S., Song, D., Bryant, R.: Semantics-Aware Malware Detection. In: IEEE Symposium on Security and Privacy (May 2005)","DOI":"10.1109\/SP.2005.20"},{"key":"5_CR16","doi-asserted-by":"crossref","unstructured":"Stinson, E., Mitchell, J.: Characterizing Bots\u2019 Remote Control Behavior. In: Proc. of the 4th DIMVA Conference (July 2007)","DOI":"10.1007\/978-3-540-73614-1_6"},{"key":"5_CR17","unstructured":"Newsome, J., Song, D.: Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. In: Network and Distributed Systems Symposium (February 2005)"},{"key":"5_CR18","doi-asserted-by":"crossref","unstructured":"Yin, H., Song, D., Egele, M., Kruegel, C., Kirda, E.: Panorama: capturing system-wide information flow for malware detection and analysis. In: Proc. of the 14th ACM conference on Computer and communications security (October 2007)","DOI":"10.1145\/1315245.1315261"},{"key":"5_CR19","unstructured":"Cui, W., Katz, R., Tan, W.: BINDER: An Extrusion-based Break-in Detector for Personal Computers. In: Proc. of the 21st Annual Computer Security Applications Conference (December 2005)"},{"key":"5_CR20","unstructured":"Kirda, E., Kruegel, C., Banks, G., Vigna, G., Kemmerer, R.: Behavior-based Spyware Detection. In: Proc. of the 15th USENIX Security Symposium (August 2006)"},{"key":"5_CR21","unstructured":"United States Patent Application 20070067843 M\u0308ethod and apparatus for removing harmful software: Williamson, Matthew; Gorelik, Vladimir (March 22, 2007)"},{"key":"5_CR22","unstructured":"Strider GhostBuster Rootkit Detection"},{"key":"5_CR23","unstructured":"Wang, Y., Beck, D., Vo, B., Roussev, R., Verbowski, C.: Detecting Stealth Software with Strider GhostBuster. Microsoft Technical Report MSR-TR-2005-25"},{"key":"5_CR24","unstructured":"Garfinkel, T.: Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools. In: Network and Distributed System Security (Feburary 2003)"},{"key":"5_CR25","unstructured":"Garfinkel, T., Rosenblum, M.: A Virtual Machine Introspection Based Architecture for Intrusion Detection. In: Network and Distributed Systems Symp. (Feburary 2003)"},{"key":"5_CR26","volume-title":"Problem-Solving Methods in Artificial Intelligence","author":"N. Nilsson","year":"1971","unstructured":"Nilsson, N.: Problem-Solving Methods in Artificial Intelligence. McGraw-Hill, New York (1971)"},{"key":"5_CR27","doi-asserted-by":"crossref","unstructured":"Bayer, U., Moser, A., Kruegel, C., Kirda, E.: Dynamic Analysis of Malicious Code. Journal in Computer Virology\u00a02(1) (August 2006)","DOI":"10.1007\/s11416-006-0012-2"},{"key":"5_CR28","doi-asserted-by":"crossref","unstructured":"Jiang, X., Xu, D., Wang, X.: Stealthy Malware Detection Through VMM-Based \u201dOut-of-the-Box\u201d Semantic View Reconstruction. In: Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS 2007), Alexandria, VA (November 2007)","DOI":"10.1145\/1315245.1315262"},{"key":"5_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"198","DOI":"10.1007\/978-3-540-74320-0_11","volume-title":"Recent Advances in Intrusion Detection","author":"X. Jiang","year":"2007","unstructured":"Jiang, X., Wang, X.: \u2019Out-of-the-box\u2019 Monitoring of VM-based High-Interaction Honeypots. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol.\u00a04637, pp. 198\u2013218. Springer, Heidelberg (2007)"},{"key":"5_CR30","unstructured":"Egele, M., Kruegel, C., Kirda, E., Yin, H., Son, D.: Dynamic Spyware Analysis. In: Proceedings of Usenix Annual Technical Conference, USA (June 2007)"},{"key":"5_CR31","volume-title":"Proceedings of IEEE Symposium on Security and Privacy","author":"A. Moser","year":"2007","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Exploring Multiple Execution Paths for Malware Analysis. In: Proceedings of IEEE Symposium on Security and Privacy, May 2007, IEEE Computer Society Press, USA (2007)"},{"key":"5_CR32","unstructured":"Brumley, D., Hartwig, C., Liang, Z., Newsome, J., Poosankam, P., Song, D., Yin, H.: In: Lee, W., et al. (eds.) Botnet Analysis (2007)"},{"key":"5_CR33","unstructured":"Norman Sandbox"},{"key":"5_CR34","unstructured":"Willems, C.: Automatic Behaviour Analysis of Malware. Master Thesis. University of Mannheim"},{"key":"5_CR35","unstructured":"Jones, S.: Implicit Operating System Awareness in a Virtual Machine Monitor. Ph.D. Thesis, University of Wisconsin - Madison (April 2007)"},{"key":"5_CR36","doi-asserted-by":"crossref","unstructured":"Jones, S., Arpaci-Dusseau, A., Arpaci-Dusseau, R.: VMM-based Hidden Process Detection and Identification using Lycosid. In: ACM International Conference on Virtual Execution Environments (March 2008)","DOI":"10.1145\/1346256.1346269"},{"key":"5_CR37","volume-title":"Proceedings of IEEE Symposium on Security and Privacy","author":"A. Vasudevan","year":"2006","unstructured":"Vasudevan, A., Yerraballi, R.: Cobra: Fine-grained Malware Analysis using Stealth Localized-executions. In: Proceedings of IEEE Symposium on Security and Privacy, May 2006, IEEE Computer Society Press, USA (2006)"},{"key":"5_CR38","unstructured":"Bellard, F.: QEMU Accelerator (KQEMU)"},{"key":"5_CR39","unstructured":"Bellard, F.: QEMU, a Fast and Portable Dynamic Translator"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-87403-4_5.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,24]],"date-time":"2020-11-24T02:37:29Z","timestamp":1606185449000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-87403-4_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["9783540874027","9783540874034"],"references-count":39,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-87403-4_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[]}}