{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,21]],"date-time":"2026-03-21T17:56:24Z","timestamp":1774115784103,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":36,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642236433","type":"print"},{"value":"9783642236440","type":"electronic"}],"license":[{"start":{"date-parts":[[2011,1,1]],"date-time":"2011-01-01T00:00:00Z","timestamp":1293840000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011]]},"DOI":"10.1007\/978-3-642-23644-0_18","type":"book-chapter","created":{"date-parts":[[2012,2,11]],"date-time":"2012-02-11T00:06:20Z","timestamp":1328918780000},"page":"338-357","source":"Crossref","is-referenced-by-count":128,"title":["Detecting Environment-Sensitive Malware"],"prefix":"10.1007","author":[{"given":"Martina","family":"Lindorfer","sequence":"first","affiliation":[]},{"given":"Clemens","family":"Kolbitsch","sequence":"additional","affiliation":[]},{"given":"Paolo","family":"Milani Comparetti","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"18_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"178","DOI":"10.1007\/978-3-540-74320-0_10","volume-title":"Recent Advances in Intrusion Detection","author":"M. Bailey","year":"2007","unstructured":"Bailey, M., Oberheide, J., Andersen, J., Mao, Z.M., Jahanian, F., Nazario, J.: Automated Classification and Analysis of Internet Malware. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol.\u00a04637, pp. 178\u2013197. Springer, Heidelberg (2007)"},{"key":"18_CR2","unstructured":"Balzarotti, D., Cova, M., Karlberger, C., Kruegel, C., Kirda, E., Vigna, G.: Efficient Detection of Split Personalities in Malware. In: Proceedings of the 17th Annual Network and Distributed System Security Symposium, NDSS (2010)"},{"key":"18_CR3","unstructured":"Bayer, U., Comparetti, P., Hlauschek, C., Kruegel, C., Kirda, E.: Scalable, Behavior-Based Malware Clustering. In: Proceedings of the 16th Annual Network and Distributed System Security Symposium, NDSS (2009)"},{"key":"18_CR4","unstructured":"Bayer, U., Habibi, I., Balzarotti, D., Kirda, E., Kruegel, C.: A View on Current Malware Behaviors. In: 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats, LEET (2009)"},{"key":"18_CR5","doi-asserted-by":"crossref","unstructured":"Bayer, U., Kirda, E., Kruegel, C.: Improving the Efficiency of Dynamic Malware Analysis. In: Proceedings of the ACM Symposium on Applied Computing, SAC (2010)","DOI":"10.1145\/1774088.1774484"},{"key":"18_CR6","unstructured":"Bayer, U., Kruegel, C., Kirda, E.: TTAnalyze: A Tool for Analyzing Malware. In: Proceedings of the 15th European Institute for Computer Antivirus Research (EICAR) Annual Conference (2006)"},{"key":"18_CR7","unstructured":"Bellard, F.: QEMU, a Fast and Portable Dynamic Translator. In: USENIX Annual Technical Conference (2005)"},{"key":"18_CR8","unstructured":"Chen, X., Andersen, J., Mao, Z.M., Bailey, M., Nazario, J.: Towards an Understanding of Anti-Virtualization and Anti-Debugging Behavior in Modern Malware. In: Proceedings of the 38th Annual IEEE International Conference on Dependable Systems and Networks, DSN (2008)"},{"key":"18_CR9","doi-asserted-by":"crossref","unstructured":"Dinaburg, A., Royal, P., Sharif, M., Lee, W.: Ether: Malware Analysis via Hardware Virtualization Extensions. In: Proceedings of the ACM Conference on Computer and Communications Security, CCS (2008)","DOI":"10.1145\/1455770.1455779"},{"key":"18_CR10","unstructured":"Ferrie, P.: Attacks on Virtual Machine Emulators. Tech. rep., Symantec Research White Paper (2006)"},{"key":"18_CR11","unstructured":"Ferrie, P.: Attacks on More Virtual Machines (2007)"},{"key":"18_CR12","unstructured":"Garfinkel, T., Adams, K., Warfield, A., Franklin, J.: Compatibility is Not Transparency: VMM Detection Myths and Realities. In: Proceedings of the 11th Workshop on Hot Topics in Operating Systems, HotOS-XI (2007)"},{"key":"18_CR13","volume-title":"Rootkits: Subverting the Windows kernel","author":"G. Hoglund","year":"2005","unstructured":"Hoglund, G., Butler, J.: Rootkits: Subverting the Windows kernel. Addison-Wesley Professional, Reading (2005)"},{"key":"18_CR14","doi-asserted-by":"crossref","unstructured":"Jaccard, P.: The Distribution of Flora in the Alpine Zone. The New Phytologist\u00a011(2) (1912)","DOI":"10.1111\/j.1469-8137.1912.tb05611.x"},{"key":"18_CR15","doi-asserted-by":"crossref","unstructured":"Johnson, N.M., Caballero, J., Chen, K.Z., McCamant, S., Poosankam, P., Reynaud, D., Song, D.: Differential Slicing: Identifying Causal Execution Differences for Security Applications. In: IEEE Symposium on Security and Privacy (2011)","DOI":"10.1109\/SP.2011.41"},{"key":"18_CR16","unstructured":"Kamluk, V.: A black hat loses control (2009), \n                    \n                      http:\/\/www.securelist.com\/en\/weblog?weblogid=208187881"},{"key":"18_CR17","doi-asserted-by":"crossref","unstructured":"Kang, M.G., Poosankam, P., Yin, H.: Renovo: A Hidden Code Extractor for Packed Executables. In: ACM Workshop on Recurring Malcode, WORM (2007)","DOI":"10.1145\/1314389.1314399"},{"key":"18_CR18","doi-asserted-by":"crossref","unstructured":"Kang, M.G., Yin, H., Hanna, S., McCamant, S., Song, D.: Emulating Emulation-Resistant Malware. In: Proceedings of the 2nd Workshop on Virtual Machine Security, VMSec (2009)","DOI":"10.1145\/1655148.1655151"},{"key":"18_CR19","unstructured":"Kleissner, P.: Antivirus Tracker (2009), \n                    \n                      http:\/\/avtracker.info\/"},{"key":"18_CR20","doi-asserted-by":"crossref","unstructured":"Lau, B., Svajcer, V.: Measuring virtual machine detection in malware using DSD tracer. Journal in Computer Virology\u00a06(3) (2010)","DOI":"10.1007\/s11416-008-0096-y"},{"key":"18_CR21","doi-asserted-by":"crossref","unstructured":"Martignoni, L., Christodorescu, M., Jha, S.: OmniUnpack: Fast, Generic, and Safe Unpacking of Malware. In: Proceedings of the Annual Computer Security Applications Conference, ACSAC (2007)","DOI":"10.1109\/ACSAC.2007.15"},{"key":"18_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"178","DOI":"10.1007\/978-3-642-10772-6_14","volume-title":"Information Systems Security","author":"L. Martignoni","year":"2009","unstructured":"Martignoni, L., Paleari, R., Bruschi, D.: A Framework for Behavior-Based Malware Analysis in the Cloud. In: Prakash, A., Sen Gupta, I. (eds.) ICISS 2009. LNCS, vol.\u00a05905, pp. 178\u2013192. Springer, Heidelberg (2009)"},{"key":"18_CR23","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Exploring Multiple Execution Paths for Malware Analysis. In: IEEE Symposium on Security and Privacy (2007)","DOI":"10.1109\/SP.2007.17"},{"key":"18_CR24","unstructured":"Paleari, R., Martignoni, L., Passerini, E., Davidson, D., Fredrikson, M., Giffin, J., Jha, S.: Automatic Generation of Remediation Procedures for Malware Infections. In: Proceedings of the 19th USENIX Conference on Security (2010)"},{"key":"18_CR25","doi-asserted-by":"crossref","unstructured":"Paleari, R., Martignoni, L., Roglia, G.F., Bruschi, D.: A fistful of red-pills: How to automatically generate procedures to detect CPU emulators. In: Proceedings of the 3rd USENIX Workshop on Offensive Technologies, WOOT (2009)","DOI":"10.1145\/1572272.1572303"},{"key":"18_CR26","doi-asserted-by":"crossref","unstructured":"Pek, G., Bencsath, B., Buttyan, L.: nEther: In-guest Detection of Out-of-the-guest Malware Analyzers. In: ACM European Workshop on System Security, EUROSEC (2011)","DOI":"10.1145\/1972551.1972554"},{"key":"18_CR27","unstructured":"Perdisci, R., Lee, W., Feamster, N.: Behavioral Clustering of HTTP-Based Malware and Signature Generation Using Malicious Network Traces. In: USENIX Conference on Networked Systems Design and Implementation, NSDI (2010)"},{"key":"18_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-75496-1_1","volume-title":"Information Security","author":"T. Raffetseder","year":"2007","unstructured":"Raffetseder, T., Kruegel, C., Kirda, E.: Detecting System Emulators. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds.) ISC 2007. LNCS, vol.\u00a04779, pp. 1\u201318. Springer, Heidelberg (2007)"},{"key":"18_CR29","unstructured":"Rutkowska, J.: Red Pill.. or how to detect VMM using (almost) one CPU instruction (2004), \n                    \n                      http:\/\/invisiblethings.org\/papers\/redpill.html"},{"key":"18_CR30","doi-asserted-by":"crossref","unstructured":"Stone-Gross, B., Moser, A., Kruegel, C., Almaroth, K., Kirda, E.: FIRE: FInding Rogue nEtworks. In: Proceedings of the Annual Computer Security Applications Conference, ACSAC (2009)","DOI":"10.1109\/ACSAC.2009.29"},{"key":"18_CR31","unstructured":"Tan, C.K.: Defeating Kernel Native API Hookers by Direct Service Dispatch Table Restoration. Tech. rep., SIG2 G-TEC Lab (2004)"},{"key":"18_CR32","unstructured":"The Honeynet Project: Know Your Enemy: Fast-Flux Service Networks (2007), \n                    \n                      http:\/\/www.honeynet.org\/papers\/ff"},{"key":"18_CR33","unstructured":"Trinius, P., Willems, C., Holz, T., Rieck, K.: A Malware Instruction Set for Behavior-Based Analysis. Tech. Rep. 07\u20132009, University of Mannheim (2009)"},{"key":"18_CR34","doi-asserted-by":"crossref","unstructured":"Vasudevan, A., Yerraballi, R.: Cobra: Fine-grained Malware Analysis using Stealth Localized-executions. In: IEEE Symposium on Security and Privacy (2006)","DOI":"10.1109\/SP.2006.9"},{"key":"18_CR35","doi-asserted-by":"crossref","unstructured":"Willems, C., Holz, T., Freiling, F.: Toward Automated Dynamic Malware Analysis Using CWSandbox. IEEE Security and Privacy\u00a05(2) (2007)","DOI":"10.1109\/MSP.2007.45"},{"key":"18_CR36","doi-asserted-by":"crossref","unstructured":"Yoshioka, K., Hosobuchi, Y., Orii, T., Matsumoto, T.: Your Sandbox is Blinded: Impact of Decoy Injection to Public Malware Analysis Systems. Journal of Information Processing\u00a019 (2011)","DOI":"10.2197\/ipsjjip.19.153"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-23644-0_18","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,4,27]],"date-time":"2019-04-27T12:21:49Z","timestamp":1556367709000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-23644-0_18"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011]]},"ISBN":["9783642236433","9783642236440"],"references-count":36,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-23644-0_18","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2011]]}}}