{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T18:52:30Z","timestamp":1771699950834,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":36,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642142147","type":"print"},{"value":"9783642142154","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-3-642-14215-4_3","type":"book-chapter","created":{"date-parts":[[2010,7,2]],"date-time":"2010-07-02T01:18:35Z","timestamp":1278033515000},"page":"41-60","source":"Crossref","is-referenced-by-count":13,"title":["dAnubis \u2013 Dynamic Device Driver Analysis Based on Virtual Machine Introspection"],"prefix":"10.1007","author":[{"given":"Matthias","family":"Neugschwandtner","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christian","family":"Platzer","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Paolo Milani","family":"Comparetti","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ulrich","family":"Bayer","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"3_CR1","unstructured":"Bayer, U., Habibi, I., Balzarotti, D., Kirda, E., Kruegel, C.: Insights into current malware behavior. In: 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats, LEET (2009)"},{"key":"3_CR2","doi-asserted-by":"crossref","unstructured":"Royal, P., Halpin, M., Dagon, D., Edmonds, R., Lee, W.: Polyunpack: Automating the hidden-code extraction of unpack-executing malware. In: 22nd Annual Computer Security Applications Conf., ACSAC (2006)","DOI":"10.1109\/ACSAC.2006.38"},{"key":"3_CR3","doi-asserted-by":"crossref","unstructured":"Kang, M.G., Poosankam, P., Yin, H.: Renovo: a hidden code extractor for packed executables. In: ACM Workshop on Recurring malcode, WORM (2007)","DOI":"10.1145\/1314389.1314399"},{"key":"3_CR4","unstructured":"Rolles, R.: Unpacking virtualization obfuscators. In: 3rd USENIX Workshop on Offensive Technologies, WOOT (2009)"},{"key":"3_CR5","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Limits of Static Analysis for Malware Detection. In: 23rd Annual Computer Security Applications Conference, ACSAC (2007)","DOI":"10.1109\/ACSAC.2007.21"},{"key":"3_CR6","unstructured":"Bayer, U.: Ttanalyze a tool for analyzing malware. Master\u2019s thesis, Vienna University of Technology (2005)"},{"key":"3_CR7","doi-asserted-by":"crossref","unstructured":"Willems, C., Holz, T., Freiling, F.: Toward Automated Dynamic Malware Analysis Using CWSandbox. IEEE Security and Privacy\u00a02(5) (2007)","DOI":"10.1109\/MSP.2007.45"},{"key":"3_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"178","DOI":"10.1007\/978-3-540-74320-0_10","volume-title":"Recent Advances in Intrusion Detection","author":"M. Bailey","year":"2007","unstructured":"Bailey, M., Oberheide, J., Andersen, J., Mao, Z., Jahanian, F., Nazario, J.: Automated Classification and Analysis of Internet Malware. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol.\u00a04637, pp. 178\u2013197. Springer, Heidelberg (2007)"},{"key":"3_CR9","unstructured":"Bayer, U., Milani Comparetti, P., Hlauschek, C., Kruegel, C., Kirda, E.: Scalable, Behavior-Based Malware Clustering. In: Network and Distributed System Security Symposium, NDSS (2009)"},{"key":"3_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"108","DOI":"10.1007\/978-3-540-70542-0_6","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"K. Rieck","year":"2008","unstructured":"Rieck, K., Holz, T., Willems, C., Duessel, P., Laskov, P.: Learning and classification of malware behavior. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol.\u00a05137, pp. 108\u2013125. Springer, Heidelberg (2008)"},{"key":"3_CR11","doi-asserted-by":"crossref","unstructured":"Jacob, G., Debar, H., Filiol, E.: Malware behavioral detection by attribute-automata using abstraction from platform and language. In: Recent Advances in Intrusion Detection, RAID (2009)","DOI":"10.1007\/978-3-642-04342-0_5"},{"key":"3_CR12","unstructured":"Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Network and Distributed Systems Security Symposium, NDSS (2003)"},{"key":"3_CR13","doi-asserted-by":"crossref","unstructured":"Sharif, M.I., Lee, W., Cui, W., Lanzi, A.: Secure in-vm monitoring using hardware virtualization. In: ACM conference on Computer and communications security, CCS (2009)","DOI":"10.1145\/1653662.1653720"},{"key":"3_CR14","doi-asserted-by":"publisher","first-page":"276","DOI":"10.1145\/1244002.1244070","volume-title":"SAC 2007: Proceedings of the 2007 ACM symposium on Applied computing","author":"N.A. Quynh","year":"2007","unstructured":"Quynh, N.A., Takefuji, Y.: Towards a tamper-resistant kernel rootkit detector. In: SAC 2007: Proceedings of the 2007 ACM symposium on Applied computing, pp. 276\u2013283. ACM, New York (2007)"},{"key":"3_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-87403-4_1","volume-title":"Recent Advances in Intrusion Detection","author":"R. Riley","year":"2008","unstructured":"Riley, R., Jiang, X., Xu, D.: Guest-transparent prevention of kernel rootkits with vmm-based memory shadowing. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol.\u00a05230, pp. 1\u201320. Springer, Heidelberg (2008)"},{"key":"3_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/978-3-540-87403-4_2","volume-title":"Recent Advances in Intrusion Detection","author":"Z. Wang","year":"2008","unstructured":"Wang, Z., Jiang, X., Cui, W., Wang, X.: Countering persistent kernel rootkits through systematic hook discovery. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol.\u00a05230, pp. 21\u201338. Springer, Heidelberg (2008)"},{"key":"3_CR17","unstructured":"Yin, H., Liang, Z., Song, D.: Hookfinder: Identifying and understanding malware hooking behaviors. In: Network and Distributed Systems Security Symposium, NDSS (2008)"},{"key":"3_CR18","unstructured":"Lanzi, A., Sharif, M., Lee, W.: K-tracer: A system for extracting kernel malware behavior. In: Proceedings of the 16th Annual Network and Distributed System Security Symposium (2009)"},{"key":"3_CR19","doi-asserted-by":"publisher","first-page":"47","DOI":"10.1145\/1519065.1519072","volume-title":"EuroSys 2009: Proceedings of the 4th ACM European conference on Computer systems","author":"R. Riley","year":"2009","unstructured":"Riley, R., Jiang, X., Xu, D.: Multi-aspect profiling of kernel rootkit behavior. In: EuroSys 2009: Proceedings of the 4th ACM European conference on Computer systems, pp. 47\u201360. ACM, New York (2009)"},{"issue":"1","key":"3_CR20","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1007\/s11416-006-0012-2","volume":"2","author":"U. Bayer","year":"2006","unstructured":"Bayer, U., Moser, A., Kruegel, C., Kirda, E.: Dynamic analysis of malicious code. Journal in Computer Virology\u00a02(1), 67\u201377 (2006)","journal-title":"Journal in Computer Virology"},{"key":"3_CR21","volume-title":"Rootkits: Subverting the Windows Kernel","author":"G. Hoglund","year":"2005","unstructured":"Hoglund, G., Butler, J.: Rootkits: Subverting the Windows Kernel. Addison-Wesley Professional, Reading (2005)"},{"key":"3_CR22","doi-asserted-by":"crossref","unstructured":"Jiang, X., Wang, X., Xu, D.: Stealthy malware detection through vmm-based \u201cout-of-the-box\u201d semantic view reconstruction. In: Proceedings of the 14th ACM Conference on Computer and Communications Security (2007)","DOI":"10.1145\/1315245.1315262"},{"key":"3_CR23","unstructured":"Bellard, F.: Qemu, a fast and portable dynamic translator. In: Proceedings of the annual conference on USENIX Annual Technical Conference, p. 41. USENIX Association (2005)"},{"key":"3_CR24","unstructured":"Orwick, P., Smith, G.: Developing Drivers with the Microsoft Windows Driver Foundation. Microsoft Press, Redmond (2007)"},{"key":"3_CR25","unstructured":"Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Network and Distributed Systems Security Symposium, NDSS (2005)"},{"key":"3_CR26","unstructured":"Sharif, M.I., Lanzi, A., Giffin, J.T., Lee, W.: Impeding malware analysis using conditional code obfuscation. In: Network and Distributed System Security, NDSS (2008)"},{"key":"3_CR27","unstructured":"Russinovich, M.: Filemon (2010), http:\/\/technet.microsoft.com\/en-us\/sysinternals\/bb896645.aspx"},{"key":"3_CR28","unstructured":"Beck, D., Vo, B., Verbowski, C.: Detecting stealth software with strider ghostbuster. In: Proceedings of the 2005 International Conference on Dependable Systems and Networks, pp. 368\u2013377 (2005)"},{"key":"3_CR29","first-page":"91","volume-title":"VEE 2008: Proceedings of the fourth ACM SIGPLAN\/SIGOPS international conference on Virtual execution environments","author":"S.T. Jones","year":"2007","unstructured":"Jones, S.T., Arpaci-Dusseau, A.C., Arpaci-Dusseau, R.H.: Vmm-based hidden process detection and identification using lycosid. In: VEE 2008: Proceedings of the fourth ACM SIGPLAN\/SIGOPS international conference on Virtual execution environments, pp. 91\u2013100. ACM, New York (2007)"},{"key":"3_CR30","unstructured":"Jones, S.T., Arpaci-Dusseau, A.C., Arpaci-Dusseau, R.H.: Antfarm: tracking processes in a virtual machine environment. In: ATEC 2006: Proceedings of the annual conference on USENIX 2006 Annual Technical Conference (2006)"},{"key":"3_CR31","doi-asserted-by":"crossref","unstructured":"Xuan, C., Copeland, J., Beyah, R.: Toward revealing kernel malware behavior in virtual execution environments. In: Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection (2009)","DOI":"10.1007\/978-3-642-04342-0_16"},{"key":"3_CR32","unstructured":"Hund, R., Holz, T., Freiling, F.C.: Return-oriented rootkits: Bypassing kernel code integrity protection mechanisms. In: Proceedings of the 18th USENIX Security Symposium (2009)"},{"key":"3_CR33","unstructured":"Garfinkel, T., Adams, K., Warfield, A., Franklin, J.: Compatibility is not transparency: Vmm detection myths and realities. In: Proceedings of the 11th Workshop on Hot Topics in Operating Systems (2007)"},{"key":"3_CR34","doi-asserted-by":"crossref","unstructured":"Paleari, R., Martignoni, L., Roglia, G.F., Bruschi, D.: A fistful of red-pills: How to automatically generate procedures to detect CPU emulators. In: USENIX Workshop on Offensive Technologies, WOOT (2009)","DOI":"10.1145\/1572272.1572303"},{"key":"3_CR35","unstructured":"Balzarotti, D., Cova, M., Karlberger, C., Kruegel, C., Kirda, E., Vigna, G.: Efficient detection of split personalities in malware. In: Network and Distributed System Security, NDSS (2010)"},{"key":"3_CR36","unstructured":"Saxena, P., Sekar, R., Iyer, M.R., Puranik, V.: A practical technique for containment of untrusted plug-ins. Technical Report SECLAB08-01, Stony Brook University (2008)"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-14215-4_3.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,23]],"date-time":"2020-11-23T21:49:17Z","timestamp":1606168157000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-14215-4_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9783642142147","9783642142154"],"references-count":36,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-14215-4_3","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2010]]}}}