{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T18:05:46Z","timestamp":1768413946526,"version":"3.49.0"},"publisher-location":"Berlin, Heidelberg","reference-count":32,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642155116","type":"print"},{"value":"9783642155123","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-3-642-15512-3_7","type":"book-chapter","created":{"date-parts":[[2010,8,31]],"date-time":"2010-08-31T08:27:39Z","timestamp":1283243259000},"page":"118-137","source":"Crossref","is-referenced-by-count":13,"title":["BotSwindler: Tamper Resistant Injection of Believable Decoys in VM-Based Hosts for Crimeware Detection"],"prefix":"10.1007","author":[{"given":"Brian M.","family":"Bowen","sequence":"first","affiliation":[]},{"given":"Pratap","family":"Prabhu","sequence":"additional","affiliation":[]},{"given":"Vasileios P.","family":"Kemerlis","sequence":"additional","affiliation":[]},{"given":"Stelios","family":"Sidiroglou","sequence":"additional","affiliation":[]},{"given":"Angelos D.","family":"Keromytis","sequence":"additional","affiliation":[]},{"given":"Salvatore J.","family":"Stolfo","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"7_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-04444-1_1","volume-title":"Computer Security \u2013 ESORICS 2009","author":"T. Holz","year":"2009","unstructured":"Holz, T., Engelberth, M., Freiling, F.: Learning More About the Underground Economy: A Case-Study of Keyloggers and Dropzones. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol.\u00a05789, pp. 1\u201318. Springer, Heidelberg (2009)"},{"key":"7_CR2","unstructured":"Stahlberg, M.: The Trojan Money Spinner. In: 17th Virus Bulletin International Conference (VB) (September 2007), \n                    \n                      http:\/\/www.f-secure.com\/weblog\/archives\/VB2007_TheTrojanMoneySpinner.pdf"},{"key":"7_CR3","unstructured":"Researcher Uncovers Massive, Sophisticated Trojan Targeting Top Businesses. Darkreading (July 2009), \n                    \n                      http:\/\/www.darkreading.com\/database_security\/security\/privacy\/showArticle.jhtml?articleID=218800077"},{"key":"7_CR4","unstructured":"Higgins, K.J.: Up To 9 Percent Of Machines In An Enterprise Are Bot-Infected. Darkreading (September 2009), \n                    \n                      http:\/\/www.darkreading.com\/insiderthreat\/security\/client\/showArticle.jhtml?articleID=220200118"},{"key":"7_CR5","doi-asserted-by":"publisher","first-page":"541","DOI":"10.1145\/1315245.1315312","volume-title":"14th ACM Conference on Computer and Communications Security (CCS)","author":"Y. Song","year":"2007","unstructured":"Song, Y., Locasto, M.E., Stavrou, A., Keromytis, A.D., Stolfo, S.J.: On the Infeasibility of Modeling Polymorphic Shellcode. In: 14th ACM Conference on Computer and Communications Security (CCS), pp. 541\u2013551. ACM, New York (2007)"},{"key":"7_CR6","unstructured":"Blog, T.S.S.: ZeuS Tracker, \n                    \n                      https:\/\/zeustracker.abuse.ch\/index.php"},{"key":"7_CR7","unstructured":"Messmer, E.: America\u2019s 10 most wanted botnets. Network World (July 2009), \n                    \n                      http:\/\/www.networkworld.com\/news\/2009\/072209-botnets.html"},{"key":"7_CR8","unstructured":"Measuring the in-the-wild effectiveness of Antivirus against Zeus. Technical report, Trusteer (September 2009), \n                    \n                      http:\/\/www.trusteer.com\/files\/Zeus_and_Antivirus.pdf"},{"key":"7_CR9","unstructured":"Ilett, D.: Trojan attacks Microsoft\u2019s anti-spyware (February 2005), \n                    \n                      http:\/\/news.cnet.com\/Trojan-attacks-Microsofts-anti-spyware\/2100-7349_3-5569429.html"},{"issue":"236","key":"7_CR10","doi-asserted-by":"publisher","first-page":"433","DOI":"10.1093\/mind\/LIX.236.433","volume":"59","author":"A.M. Turing","year":"1950","unstructured":"Turing, A.M.: Computing Machinery and Intelligence. Mind, New Series\u00a059(236), 433\u2013460 (1950)","journal-title":"Mind, New Series"},{"key":"7_CR11","first-page":"41","volume-title":"USENIX Annual Technical Conference","author":"F. Bellard","year":"2005","unstructured":"Bellard, F.: QEMU, a Fast and Portable Dynamic Translator. In: USENIX Annual Technical Conference, pp. 41\u201346. USENIX Association, Berkeley (April 2005)"},{"key":"7_CR12","volume-title":"11th Workshop on Hot Topics in Operating System (HotOS)","author":"T. Garfinkel","year":"2007","unstructured":"Garfinkel, T., Adams, K., Warfield, A., Franklin, J.: Compatibility is Not Transparency: VMM Detection Myths and Realities. In: 11th Workshop on Hot Topics in Operating System (HotOS). USENIX Association, Berkeley (May 2007)"},{"key":"7_CR13","unstructured":"Spitzner, L.: Honeytokens: The Other Honeypot (July 2003), \n                    \n                      http:\/\/www.securityfocus.com\/infocus\/1713"},{"key":"7_CR14","doi-asserted-by":"publisher","first-page":"78","DOI":"10.1109\/SP.2006.37","volume-title":"IEEE Symposium on Security and Privacy (S&P)","author":"K. Borders","year":"2006","unstructured":"Borders, K., Zhao, X., Prakash, A.: Siren: Catching Evasive Malware. In: IEEE Symposium on Security and Privacy (S&P), pp. 78\u201385. IEEE Computer Society, Washington (May 2006)"},{"key":"7_CR15","doi-asserted-by":"publisher","first-page":"502","DOI":"10.1109\/PCCC.2007.358933","volume-title":"Performance, Computing, and Communications Conference (IPCCC)","author":"M. Chandrasekaran","year":"2007","unstructured":"Chandrasekaran, M., Vidyaraman, S., Upadhyaya, S.: SpyCon: Emulating User Activities to Detect Evasive Spyware. In: Performance, Computing, and Communications Conference (IPCCC), pp. 502\u2013509. IEEE Computer Society, Los Alamitos (May 2007)"},{"key":"7_CR16","first-page":"32","volume-title":"IEEE Symposium on Security and Privacy (S&P)","author":"C. Willems","year":"2007","unstructured":"Willems, C., Holz, T., Freiling, F.: Toward Automated Dynamic Malware Analysis Using CWSandbox. In: IEEE Symposium on Security and Privacy (S&P), pp. 32\u201339. IEEE Computer Society, Washington (March 2007)"},{"key":"7_CR17","first-page":"233","volume-title":"USENIX Annual Technical Conference","author":"M. Egele","year":"2007","unstructured":"Egele, M., Kruegel, C., Kirda, E., Yin, H., Song, D.: Dynamic Spyware Analysis. In: USENIX Annual Technical Conference, pp. 233\u2013246. USENIX Association, Berkeley (June 2007)"},{"key":"7_CR18","doi-asserted-by":"publisher","first-page":"116","DOI":"10.1145\/1315245.1315261","volume-title":"14th ACM Conference on Computer and Communications Security (CCS)","author":"H. Yin","year":"2007","unstructured":"Yin, H., Song, D., Egele, M., Kruegel, C., Kirda, E.: Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis. In: 14th ACM Conference on Computer and Communications Security (CCS), pp. 116\u2013127. ACM, New York (2007)"},{"key":"7_CR19","volume-title":"10th Annual Network and Distributed System Security Symposium (NDSS)","author":"T. Garfinkel","year":"2003","unstructured":"Garfinkel, T., Rosenblum, M.: A Virtual Machine Introspection Based Architecture for Intrusion Detection. In: 10th Annual Network and Distributed System Security Symposium (NDSS). Internet Society, Reston (February 2003)"},{"key":"7_CR20","doi-asserted-by":"publisher","first-page":"133","DOI":"10.1109\/HOTOS.2001.990073","volume-title":"8th Workshop on Hot Topics in Operating System (HotOS)","author":"P.M. Chen","year":"2001","unstructured":"Chen, P.M., Noble, B.D.: When Virtual Is Better Than Real. In: 8th Workshop on Hot Topics in Operating System (HotOS), pp. 133\u2013138. IEEE Computer Society, Washington (May 2001)"},{"key":"7_CR21","first-page":"1","volume-title":"USENIX Annual Technical Conference","author":"S.T. Jones","year":"2006","unstructured":"Jones, S.T., Arpaci-Dusseau, A.C., Arpaci-Dusseau, R.H.: Antfarm: Tracking Processes in a Virtual Machine Environment. In: USENIX Annual Technical Conference, pp. 1\u201314. USENIX Association, Berkeley (March 2006)"},{"key":"7_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"198","DOI":"10.1007\/978-3-540-74320-0_11","volume-title":"Recent Advances in Intrusion Detection","author":"X. Jiang","year":"2007","unstructured":"Jiang, X., Wang, X.: \u201cOut-of-the-Box\u201d Monitoring of VM-Based High-Interaction Honeypots. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol.\u00a04637, pp. 198\u2013218. Springer, Heidelberg (2007)"},{"key":"7_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1007\/978-3-540-87403-4_3","volume-title":"Recent Advances in Intrusion Detection","author":"A. Srivastava","year":"2008","unstructured":"Srivastava, A., Giffin, J.: Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol.\u00a05230, pp. 39\u201358. Springer, Heidelberg (2008)"},{"key":"7_CR24","volume-title":"4th ACM Conference on Computer and Communications Security (CCS)","author":"F. Monrose","year":"1997","unstructured":"Monrose, F., Rubin, A.: Authentication via Keystroke Dynamics. In: 4th ACM Conference on Computer and Communications Security (CCS). ACM, New York (April 1997)"},{"issue":"3","key":"7_CR25","doi-asserted-by":"publisher","first-page":"165","DOI":"10.1109\/TDSC.2007.70207","volume":"4","author":"A.A.E. Ahmed","year":"2007","unstructured":"Ahmed, A.A.E., Traore, I.: A New Biometric Technology Based on Mouse Dynamics. IEEE Transactions on Dependable and Secure Computing (TDSC)\u00a04(3), 165\u2013179 (2007)","journal-title":"IEEE Transactions on Dependable and Secure Computing (TDSC)"},{"key":"7_CR26","unstructured":"The XFree86 Project: XVFB(1), \n                    \n                      http:\/\/www.xfree86.org\/4.0.1\/Xvfb.1.html"},{"key":"7_CR27","unstructured":"Symantec: Trends for July - December 2007. White paper (April 2008)"},{"key":"7_CR28","volume-title":"39th Annual International Conference on Dependable Systems and Networks (DSN)","author":"K.S. Killourhy","year":"2009","unstructured":"Killourhy, K.S., Maxion, R.A.: Comparing Anomaly Detectors for Keystroke Dynamics. In: 39th Annual International Conference on Dependable Systems and Networks (DSN). IEEE Computer Society Press, Los Alamitos (June-July 2009)"},{"issue":"1","key":"7_CR29","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1145\/1656274.1656278","volume":"11","author":"M. Hall","year":"2009","unstructured":"Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I.H.: The WEKA Data Mining Software: An Update. ACM SIGKDD Explorations Newsletter\u00a011(1), 10\u201318 (2009)","journal-title":"ACM SIGKDD Explorations Newsletter"},{"key":"7_CR30","first-page":"130","volume-title":"IEEE Symposium on Security and Privacy (S&P)","author":"W. Lee","year":"2001","unstructured":"Lee, W., Xiang, D.: Information-Theoretic Measures for Anomaly Detection. In: IEEE Symposium on Security and Privacy (S&P), pp. 130\u2013143. IEEE Computer Society, Washington (2001)"},{"key":"7_CR31","first-page":"161","volume-title":"USENIX Symposium on Networked Systems Design and Implementation (NSDI)","author":"B. Cully","year":"2008","unstructured":"Cully, B., Lefebvre, G., Meyer, D., Feeley, M., Hutchinson, N., Warfield, A.: Remus: High Availability via Asynchronous Virtual Machine Replication. In: USENIX Symposium on Networked Systems Design and Implementation (NSDI), pp. 161\u2013174. USENIX Association, Berkeley (April 2008)"},{"key":"7_CR32","first-page":"77","volume-title":"New Security Paradigms Workshop (NSPW)","author":"M. Bond","year":"2006","unstructured":"Bond, M., Danezis, G.: A Pact with the Devil. In: New Security Paradigms Workshop (NSPW), pp. 77\u201382. ACM, New York (September 2006)"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-15512-3_7.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,30]],"date-time":"2021-04-30T08:56:13Z","timestamp":1619772973000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-15512-3_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9783642155116","9783642155123"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-15512-3_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2010]]}}}