{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T18:58:29Z","timestamp":1742929109593,"version":"3.40.3"},"publisher-location":"Berlin, Heidelberg","reference-count":20,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642236433"},{"type":"electronic","value":"9783642236440"}],"license":[{"start":{"date-parts":[[2011,1,1]],"date-time":"2011-01-01T00:00:00Z","timestamp":1293840000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011]]},"DOI":"10.1007\/978-3-642-23644-0_5","type":"book-chapter","created":{"date-parts":[[2012,2,11]],"date-time":"2012-02-11T05:06:20Z","timestamp":1328936780000},"page":"81-100","source":"Crossref","is-referenced-by-count":7,"title":["KLIMAX: Profiling Memory Write Patterns to Detect Keystroke-Harvesting Malware"],"prefix":"10.1007","author":[{"given":"Stefano","family":"Ortolani","sequence":"first","affiliation":[]},{"given":"Cristiano","family":"Giuffrida","sequence":"additional","affiliation":[]},{"given":"Bruno","family":"Crispo","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"5_CR1","doi-asserted-by":"crossref","unstructured":"Al-Hammadi, Y., Aickelin, U.: Detecting bots based on keylogging activities. In: Proceedings of the Third International Conference on Availability, Reliability and Security, pp. 896\u2013902 (2008)","DOI":"10.2139\/ssrn.2830397"},{"key":"5_CR2","first-page":"65","volume":"36","author":"B. Bowen","year":"2008","unstructured":"Bowen, B., Hartwig, C., Liang, Z., Newsome, J., Song, D., Yin, H.: Automatically identifying trigger-based behavior in malware. Advances In Information Security\u00a036, 65\u201388 (2008)","journal-title":"Advances In Information Security"},{"key":"5_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"118","DOI":"10.1007\/978-3-642-15512-3_7","volume-title":"Recent Advances in Intrusion Detection","author":"B. Bowen","year":"2010","unstructured":"Bowen, B., Prabhu, P., Kemerlis, V., Sidiroglou, S., Keromytis, A., Stolfo, S.: Botswindler: Tamper resistant injection of believable decoys in vm-based hosts for crimeware detection. In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol.\u00a06307, pp. 118\u2013137. Springer, Heidelberg (2010)"},{"key":"5_CR4","doi-asserted-by":"crossref","unstructured":"Han, J., Kwon, J., Lee, H.: Honeyid: Unveiling hidden spywares by generating bogus events. In: Proceedings of The IFIP TC11 23rd International Information Security Conference, pp. 669\u2013673 (2008)","DOI":"10.1007\/978-0-387-09699-5_43"},{"key":"5_CR5","unstructured":"Kirda, E., Kruegel, C., Banks, G., Vigna, G., Kemmerer, R.: Behavior-based spyware detection. In: Proceedings of the 15th USENIX Security Symposium (SSYM 2006), pp. 273\u2013288 (2006)"},{"key":"5_CR6","unstructured":"Kolbitsch, C., Comparetti, P.M., Kruegel, C., Kirda, E., Zhou, X., Wang, X.: Effective and efficient malware detection at the end host. In: Proceedings of the 18th USENIX Security Symposium (SSYM 2009), pp. 351\u2013366 (2009)"},{"key":"5_CR7","unstructured":"Kruegel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Automating mimicry attacks using static binary analysis. In: Proceedings of the 14th USENIX Security Symposium (SSYM 2005), p.11 (2005)"},{"key":"5_CR8","doi-asserted-by":"crossref","unstructured":"Lanzi, A., Balzarotti, D., Kruegel, C., Christodorescu, M., Kirda, E.: AccessMiner: Using system-centric models for malware protection. In: Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS 2010), pp. 399\u2013412 (2010)","DOI":"10.1145\/1866307.1866353"},{"key":"5_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"78","DOI":"10.1007\/978-3-540-87403-4_5","volume-title":"Recent Advances in Intrusion Detection","author":"L. Martignoni","year":"2008","unstructured":"Martignoni, L., Stinson, E., Fredrikson, M., Jha, S., Mitchell, J.C.: A layered architecture for detecting malicious behaviors. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol.\u00a05230, pp. 78\u201397. Springer, Heidelberg (2008)"},{"key":"5_CR10","unstructured":"Miller, M.: Memalyze: Dynamic analysis of memory access behavior in software. Uninformed Journal\u00a07 (2007), http:\/\/uninformed.org\/?v=7&a=1"},{"key":"5_CR11","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Exploring multiple execution paths for malware analysis. In: Proceeding of the 28th IEEE Symposium on Security and Privacy (SP 2007), pp. 231\u2013245 (May 2007)","DOI":"10.1109\/SP.2007.17"},{"key":"5_CR12","unstructured":"Open Security Foundation: DataLossDB (April 2011), http:\/\/datalossdb.org\/statistics?timeframe=last_month"},{"key":"5_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"198","DOI":"10.1007\/978-3-642-15512-3_11","volume-title":"Recent Advances in Intrusion Detection","author":"S. Ortolani","year":"2010","unstructured":"Ortolani, S., Giuffrida, C., Crispo, B.: Bait your hook: a novel detection technique for keyloggers. In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol.\u00a06307, pp. 198\u2013217. Springer, Heidelberg (2010)"},{"key":"5_CR14","unstructured":"Quist, D., Ames, C.: Temporal reverse engineering. Black Hat Briefings (2008)"},{"key":"5_CR15","unstructured":"R Development Core Team: R: A language and environment for statistical computing (2008), http:\/\/www.R-project.org\/"},{"key":"5_CR16","doi-asserted-by":"crossref","unstructured":"Rossow, C., Dietrich, C., Bos, H., Cavallaro, L., van Steen, M., Freiling, F., Pohlmann, N.: Sandnet: Network traffic analysis of malicious software. In: Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2011 (2011)","DOI":"10.1145\/1978672.1978682"},{"key":"5_CR17","unstructured":"Sharp, D.: Maine park users warned of credit card breach (April 2011), http:\/\/www.mercurynews.com\/california\/ci_17691495"},{"key":"5_CR18","doi-asserted-by":"crossref","unstructured":"Slowinska, A., Bos, H.: Pointless tainting?: evaluating the practicality of pointer tainting. In: Proceedings of the Fourth ACM European Conference on Computer Systems (EuroSys 2009), pp. 61\u201374 (2009)","DOI":"10.1145\/1519065.1519073"},{"key":"5_CR19","unstructured":"Sparks, S., Butler, J.: Shadow walker: Raising the bar for windows rootkit detection. Phrack Inc. 0x0b (2005)"},{"key":"5_CR20","doi-asserted-by":"crossref","unstructured":"Xu, J.Y., Sung, A., Chavez, P., Mukkamala, S.: Polymorphic malicious executable scanner by api sequence analysis. In: Proceedings of the Fourth International Conference on Hybrid Intelligent Systems (HIS 2004), pp. 378\u2013383 (2004)","DOI":"10.1109\/ICHIS.2004.75"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-23644-0_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,20]],"date-time":"2025-03-20T13:23:31Z","timestamp":1742477011000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-23644-0_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011]]},"ISBN":["9783642236433","9783642236440"],"references-count":20,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-23644-0_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2011]]}}}