{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T18:45:09Z","timestamp":1773513909303,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":31,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642155116","type":"print"},{"value":"9783642155123","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-3-642-15512-3_10","type":"book-chapter","created":{"date-parts":[[2010,8,31]],"date-time":"2010-08-31T12:27:39Z","timestamp":1283257659000},"page":"178-197","source":"Crossref","is-referenced-by-count":22,"title":["Kernel Malware Analysis with Un-tampered and Temporal Views of Dynamic Kernel Memory"],"prefix":"10.1007","author":[{"given":"Junghwan","family":"Rhee","sequence":"first","affiliation":[]},{"given":"Ryan","family":"Riley","sequence":"additional","affiliation":[]},{"given":"Dongyan","family":"Xu","sequence":"additional","affiliation":[]},{"given":"Xuxian","family":"Jiang","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"10_CR1","doi-asserted-by":"crossref","unstructured":"Baliga, A., Ganapathy, V., Iftode, L.: Automatic Inference and Enforcement of Kernel Data Structure Invariants. In: Proceedings of the 24th Annual Computer Security Applications Conference (ACSAC 2008), pp. 77\u201386 (2008)","DOI":"10.1109\/ACSAC.2008.29"},{"key":"10_CR2","unstructured":"Bellard, F.: QEMU: A Fast and Portable Dynamic Translator. In: Proceedings of the USENIX Annual Technical Conference, FREENIX Track, pp. 41\u201346 (2005)"},{"key":"10_CR3","doi-asserted-by":"crossref","unstructured":"Boehm, H.J., Weiser, M.: Garbage Collection in an Uncooperative Environment. Software, Practice and Experience (1988)","DOI":"10.1002\/spe.4380180902"},{"key":"10_CR4","unstructured":"Butler, J.: DKOM (Direct Kernel Object Manipulation), \n \n http:\/\/www.blackhat.com\/presentations\/win-usa-04\/bh-win-04-butler.pdf"},{"key":"10_CR5","doi-asserted-by":"crossref","unstructured":"Carbone, M., Cui, W., Lu, L., Lee, W., Peinado, M., Jiang, X.: Mapping Kernel Objects to Enable Systematic Integrity Checking. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009 (2009)","DOI":"10.1145\/1653662.1653729"},{"key":"10_CR6","unstructured":"Chow, J., Garfinkel, T., Chen, P.M.: Decoupling Dynamic Program Analysis from Execution in Virtual Environments. In: Proceedings of 2008 USENIX Annual Technical Conference, USENIX 2008 (2008)"},{"key":"10_CR7","unstructured":"Cozzie, A., Stratton, F., Xue, H., King, S.T.: Digging For Data Structures. In: Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation (2008)"},{"key":"10_CR8","unstructured":"Free Software Foundation: The GNU Compiler Collection, \n \n http:\/\/gcc.gnu.org\/"},{"key":"10_CR9","unstructured":"Garfinkel, T., Rosenblum, M.: A Virtual Machine Introspection Based Architecture for Intrusion Detection. In: Proceedings of the 10th Annual Network and Distributed Systems Security Symposium, NDSS 2003 (2003)"},{"key":"10_CR10","unstructured":"Hoglund, G.: Kernel Object Hooking Rootkits (KOH Rootkits), \n \n http:\/\/www.rootkit.com\/newsread.php?newsid=501"},{"key":"10_CR11","unstructured":"Hund, R., Holz, T., Freiling, F.C.: Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms. In: Proceedings for the 18th USENIX Security Symposium (2009)"},{"key":"10_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"107","DOI":"10.1007\/978-3-642-02918-9_7","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"Z. Lin","year":"2009","unstructured":"Lin, Z., Riley, R.D., Xu, D.: Polymorphing Software by Randomizing Data Structure Layout. In: Flegel, U., Bruschi, D. (eds.) DIMVA 2009. LNCS, vol.\u00a05587, pp. 107\u2013126. Springer, Heidelberg (2009)"},{"key":"10_CR13","unstructured":"MITRE Corp.: Common Vulnerabilities and Exposures, \n \n http:\/\/cve.mitre.org\/"},{"key":"10_CR14","unstructured":"Parallels: Parallels, \n \n http:\/\/www.parallels.com\/"},{"key":"10_CR15","unstructured":"Petroni, N.L., Fraser, T., Molina, J., Arbaugh, W.A.: Copilot - A Coprocessor-based Kernel Runtime Integrity Monitor. In: Proceedings for the 13th USENIX Security Symposium (August 2004)"},{"key":"10_CR16","doi-asserted-by":"crossref","unstructured":"Petroni, N.L., Hicks, M.: Automated Detection of Persistent Kernel Control-Flow Attacks. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007 (2007)","DOI":"10.1145\/1315245.1315260"},{"issue":"4","key":"10_CR17","doi-asserted-by":"publisher","first-page":"197","DOI":"10.1016\/j.diin.2006.10.001","volume":"3","author":"N.L. Petroni","year":"2006","unstructured":"Petroni, N.L., Walters, A., Fraser, T., Arbaugh, W.A.: FATKit: A Framework for the Extraction and Analysis of Digital Forensic Data from Volatile System Memory. Digital Investigation Journal\u00a03(4), 197\u2013210 (2006)","journal-title":"Digital Investigation Journal"},{"key":"10_CR18","unstructured":"Petroni, Jr. N.L., Fraser, T., Walters, A., Arbaugh, W.A.: An Architecture for Specification-Based Detection of Semantic Integrity Violations in Kernel Dynamic Data. In: Proceedings of the 15th Conference on USENIX Security Symposium, USENIX-SS 2006 (2006)"},{"key":"10_CR19","volume-title":"Proceedings of the 34th Annual Symposium on Principles of Programming Languages","author":"M. Polishchuk","year":"2007","unstructured":"Polishchuk, M., Liblit, B., Schulze, C.W.: Dynamic Heap Type Inference for Program Understanding and Debugging. In: Proceedings of the 34th Annual Symposium on Principles of Programming Languages. ACM, New York (2007)"},{"key":"10_CR20","doi-asserted-by":"crossref","unstructured":"Rhee, J., Riley, R., Xu, D., Jiang, X.: Defeating Dynamic Data Kernel Rootkit Attacks via VMM-Based Guest-Transparent Monitoring. In: International Conference on Availability, Reliability and Security, ARES 2009 (2009)","DOI":"10.1109\/ARES.2009.116"},{"key":"10_CR21","unstructured":"Rhee, J., Xu, D.: LiveDM: Temporal Mapping of Dynamic Kernel Memory for Dynamic Kernel Malware Analysis and Debugging. Tech. Rep. 2010-02, CERIAS (2010)"},{"key":"10_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-87403-4_1","volume-title":"Recent Advances in Intrusion Detection","author":"R. Riley","year":"2008","unstructured":"Riley, R., Jiang, X., Xu, D.: Guest-Transparent Prevention of Kernel Rootkits with VMM-based Memory Shadowing. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol.\u00a05230, pp. 1\u201320. Springer, Heidelberg (2008)"},{"key":"10_CR23","doi-asserted-by":"crossref","unstructured":"Riley, R., Jiang, X., Xu, D.: Multi-Aspect Profiling of Kernel Rootkit Behavior. In: Proceedings of the 4th European Conference on Computer Systems (Eurosys 2009) (April 2009)","DOI":"10.1145\/1519065.1519072"},{"key":"10_CR24","volume-title":"Proceedings of 21st Symposium on Operating Systems Principles (SOSP 2007)","author":"A. Seshadri","year":"2007","unstructured":"Seshadri, A., Luk, M., Qu, N., Perrig, A.: SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes. In: Proceedings of 21st Symposium on Operating Systems Principles (SOSP 2007). ACM, New York (2007)"},{"key":"10_CR25","doi-asserted-by":"publisher","first-page":"552","DOI":"10.1145\/1315245.1315313","volume-title":"Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS 2007)","author":"H. Shacham","year":"2007","unstructured":"Shacham, H.: The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86). In: Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS 2007), pp. 552\u2013561. ACM, New York (2007)"},{"key":"10_CR26","unstructured":"Sun Microsystems, Inc: VirtualBox, \n \n http:\/\/www.virtualbox.org\/"},{"key":"10_CR27","unstructured":"The Month of Kernel Bugs archive, \n \n http:\/\/projects.info-pull.com\/mokb\/"},{"key":"10_CR28","unstructured":"US-CERT: Vulnerability Notes Database, \n \n http:\/\/www.kb.cert.org\/vuls\/"},{"key":"10_CR29","unstructured":"VMware, Inc.: VMware Virtual Machine Technology, \n \n http:\/\/www.vmware.com\/"},{"key":"10_CR30","doi-asserted-by":"crossref","unstructured":"Wei, J., Payne, B.D., Giffin, J., Pu, C.: Soft-Timer Driven Transient Kernel Control Flow Attacks and Defense. In: Proceedings of the 24th Annual Computer Security Applications Conference, ACSAC 2008 (December 2008)","DOI":"10.1109\/ACSAC.2008.40"},{"key":"10_CR31","doi-asserted-by":"crossref","unstructured":"Xuan, C., Copeland, J.A., Beyah, R.A.: Toward Revealing Kernel Malware Behavior in Virtual Execution Environments. In: Proceedings of 12th International Symposium on Recent Advances in Intrusion Detection (RAID 2009), pp. 304\u2013325 (2009)","DOI":"10.1007\/978-3-642-04342-0_16"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-15512-3_10.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,30]],"date-time":"2021-04-30T12:56:03Z","timestamp":1619787363000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-15512-3_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9783642155116","9783642155123"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-15512-3_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2010]]}}}