{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,15]],"date-time":"2025-03-15T04:05:48Z","timestamp":1742011548706,"version":"3.38.0"},"publisher-location":"Berlin, Heidelberg","reference-count":31,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642252822"},{"type":"electronic","value":"9783642252839"}],"license":[{"start":{"date-parts":[[2011,1,1]],"date-time":"2011-01-01T00:00:00Z","timestamp":1293840000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011]]},"DOI":"10.1007\/978-3-642-25283-9_19","type":"book-chapter","created":{"date-parts":[[2011,11,17]],"date-time":"2011-11-17T16:31:18Z","timestamp":1321547478000},"page":"290-301","source":"Crossref","is-referenced-by-count":4,"title":["On Leveraging Stochastic Models for Remote Attestation"],"prefix":"10.1007","author":[{"given":"Tamleek","family":"Ali","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mohammad","family":"Nauman","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xinwen","family":"Zhang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"19_CR1","unstructured":"Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and Implementation of a TCG-based Integrity Measurement Architecture. In: SSYM 2004: Proceedings of the 13th Conference on USENIX Security Symposium (2004)"},{"key":"19_CR2","first-page":"552","volume-title":"Proceedings of the 14th ACM conference on Computer and Communications Security (CCS 2008)","author":"H. Shacham","year":"2007","unstructured":"Shacham, H.: The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86). In: Proceedings of the 14th ACM conference on Computer and Communications Security (CCS 2008), pp. 552\u2013561. ACM, New York (2007)"},{"key":"19_CR3","volume-title":"STC 2008: Proceedings of the 2008 ACM Workshop on Scalable Trusted Computing","author":"L. Gu","year":"2008","unstructured":"Gu, L., Ding, X., Deng, R., Xie, B., Mei, H.: Remote Attestation on Program Execution. In: STC 2008: Proceedings of the 2008 ACM Workshop on Scalable Trusted Computing. ACM, New York (2008)"},{"key":"19_CR4","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1145\/1314354.1314362","volume-title":"STC 2007: Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing","author":"P.A. Loscocco","year":"2007","unstructured":"Loscocco, P.A., Wilson, P.W., Pendergrass, J.A., McDonell, C.D.: Linux Kernel Integrity Measurement Using Contextual Inspection. In: STC 2007: Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing, pp. 21\u201329. ACM, New York (2007)"},{"key":"19_CR5","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1145\/1655108.1655117","volume-title":"Proceedings of the 2009 ACM Workshop on Scalable Trusted Computing","author":"L. Davi","year":"2009","unstructured":"Davi, L., Sadeghi, A., Winandy, M.: Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks. In: Proceedings of the 2009 ACM Workshop on Scalable Trusted Computing, pp. 49\u201354. ACM, New York (2009)"},{"key":"19_CR6","volume-title":"SACMAT 2008: Proceedings of the Thirteenth ACM Symposium on Access Control Models and Technologies","author":"M. Alam","year":"2008","unstructured":"Alam, M., Zhang, X., Nauman, M., Ali, T., Seifert, J.P.: Model-based Behavioral Attestation. In: SACMAT 2008: Proceedings of the Thirteenth ACM Symposium on Access Control Models and Technologies. ACM Press, New York (2008)"},{"key":"19_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-13869-0_1","volume-title":"Trust and Trustworthy Computing","author":"M. Nauman","year":"2010","unstructured":"Nauman, M., Khan, S., Zhang, X.: Beyond Kernel-level Integrity Measurement: Enabling Remote Attestation for the Android Platform. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol.\u00a06101, pp. 1\u201315. Springer, Heidelberg (2010)"},{"key":"19_CR8","doi-asserted-by":"crossref","unstructured":"Forrest, S., Hofmeyr, S., Somayaji, A., Longstaff, T.: A sense of self for unix processes. In: Proceedings of IEEE Symposium on Security and Privacy, 1996, pp. 120\u2013128 (1996)","DOI":"10.1109\/SECPRI.1996.502675"},{"key":"19_CR9","doi-asserted-by":"crossref","unstructured":"Mehdi, B., Ahmed, F., Khayyam, S., Farooq, M.: Towards a Theory of Generalizing System Call Representation For In-Execution Malware Detection. In: ICC 2010: Proceedings of the IEEE International Conference on Communications (2010)","DOI":"10.1109\/ICC.2010.5501969"},{"key":"19_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-74320-0_1","volume-title":"Recent Advances in Intrusion Detection","author":"D. Mutz","year":"2007","unstructured":"Mutz, D., Robertson, W., Vigna, G., Kemmerer, R.: Exploiting execution context for the detection of anomalous system calls. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol.\u00a04637, pp. 1\u201320. Springer, Heidelberg (2007)"},{"key":"19_CR11","unstructured":"University of New Mexico: Computer Immune Systems \u2013 Datasets, http:\/\/www.cs.unm.edu\/~immsec\/systemcalls.htm (accessed May, 2010)"},{"key":"19_CR12","volume-title":"Trusted Computing Platforms: TCPA Technology in Context","author":"S. Pearson","year":"2002","unstructured":"Pearson, S.: Trusted Computing Platforms: TCPA Technology in Context. Prentice Hall PTR, Upper Saddle River (2002)"},{"key":"19_CR13","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1145\/1133058.1133063","volume-title":"SACMAT 2006: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies","author":"T. Jaeger","year":"2006","unstructured":"Jaeger, T., Sailer, R., Shankar, U.: PRIMA: Policy-Reduced Integrity Measurement Architecture. In: SACMAT 2006: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies, pp. 19\u201328. ACM Press, New York (2006)"},{"key":"19_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1007\/978-3-642-00587-9_5","volume-title":"Trusted Computing","author":"M. Nauman","year":"2009","unstructured":"Nauman, M., Alam, M., Ali, T., Zhang, X.: Remote Attestation of Attribute Updates and Information Flows in a UCON System. In: Chen, L., Mitchell, C.J., Martin, A. (eds.) Trust 2009. LNCS, vol.\u00a05471, pp. 63\u201380. Springer, Heidelberg (2009)"},{"key":"19_CR15","unstructured":"Gu, L., Cheng, Y., Ding, X., Deng, R., Guo, Y., Shao, W.: Remote Attestation on Function Execution. In: Trust 2009: Proceedings of the 2009 International Conference on Trusted Systems (2009)"},{"key":"19_CR16","unstructured":"Axelsson, S.: Intrusion detection systems: A survey and taxonomy. Technical report, Department of Computer Engineering, Chalmers University (2000)"},{"key":"19_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"173","DOI":"10.1007\/978-3-540-45248-5_10","volume-title":"Recent Advances in Intrusion Detection","author":"C. Kr\u00fcgel","year":"2003","unstructured":"Kr\u00fcgel, C., T\u00f3th, T.: Using decision trees to improve signature-based intrusion detection. In: Vigna, G., Kr\u00fcgel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol.\u00a02820, pp. 173\u2013191. Springer, Heidelberg (2003)"},{"issue":"3","key":"19_CR18","doi-asserted-by":"publisher","first-page":"151","DOI":"10.3233\/JCS-980109","volume":"6","author":"S. Hofmeyr","year":"1998","unstructured":"Hofmeyr, S., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. Journal of Computer Security\u00a06(3), 151\u2013180 (1998)","journal-title":"Journal of Computer Security"},{"issue":"4","key":"19_CR19","doi-asserted-by":"publisher","first-page":"443","DOI":"10.1162\/106365600568257","volume":"8","author":"S. Hofmeyr","year":"2000","unstructured":"Hofmeyr, S., Forrest, S.: Architecture for an artificial immune system. Evolutionary Computation\u00a08(4), 443\u2013473 (2000)","journal-title":"Evolutionary Computation"},{"key":"19_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"157","DOI":"10.1007\/978-3-540-77535-5_12","volume-title":"Information Security Applications","author":"W. Wilson","year":"2008","unstructured":"Wilson, W., Feyereisl, J., Aickelin, U.: Detecting Motifs in System Call Sequences. In: Kim, S., Yung, M., Lee, H.-W. (eds.) WISA 2007. LNCS, vol.\u00a04867, pp. 157\u2013172. Springer, Heidelberg (2008)"},{"key":"19_CR21","unstructured":"TCG: TCG Specification Architecture Overview v1.2, pp 11\u201312. Technical report, Trusted Computing Group (April 2004)"},{"key":"19_CR22","unstructured":"Wright, C., Cowan, C., Morris, J., Smalley, S., Kroah-Hartman, G.: Linux security module framework. In: Ottawa Linux Symposium. Citeseer (2002)"},{"key":"19_CR23","unstructured":"Heavens, V.X.: Information and hosting for computer viruses, http:\/\/vx.netlux.org\/ (accessed June 02, 2010)"},{"key":"19_CR24","unstructured":"Bayes, T.: Learning Bayesian networks: The combination of knowledge and statistical data. Philosophical Transactions of Royal Society of London 53, 370\u2013418 (1763)"},{"issue":"3","key":"19_CR25","first-page":"197","volume":"20","author":"D. Heckerman","year":"1995","unstructured":"Heckerman, D., Geiger, D., Chickering, D.: Learning Bayesian networks: The combination of knowledge and statistical data. Machine Learning\u00a020(3), 197\u2013243 (1995)","journal-title":"Machine Learning"},{"key":"19_CR26","volume-title":"C4.5: programs for machine learning","author":"J. Quinlan","year":"1993","unstructured":"Quinlan, J.: C4.5: programs for machine learning. Morgan Kaufmann, San Francisco (1993)"},{"key":"19_CR27","volume-title":"Data Mining: Practical machine learning tools and techniques","author":"I. Witten","year":"2005","unstructured":"Witten, I., Frank, E.: Data Mining: Practical machine learning tools and techniques. Morgan Kaufmann Pub., San Francisco (2005)"},{"issue":"1","key":"19_CR28","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1145\/1656274.1656278","volume":"11","author":"M. Hall","year":"2009","unstructured":"Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I.: The WEKA data mining software: An update. ACM SIGKDD Explorations Newsletter\u00a011(1), 10\u201318 (2009)","journal-title":"ACM SIGKDD Explorations Newsletter"},{"key":"19_CR29","doi-asserted-by":"crossref","unstructured":"Lippmann, R., Fried, D., Graf, I., Haines, J., Kendall, K., McClung, D., Weber, D., Webster, S., Wyschogrod, D., Cunningham, R., et al.: Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation. In: Proceedings of DARPA Information Survivability Conference and Exposition, DISCEX 2000, vol. 2 (2000)","DOI":"10.1109\/DISCEX.2000.821506"},{"key":"19_CR30","first-page":"314","volume-title":"Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS 2009)","author":"M. Ali","year":"2009","unstructured":"Ali, M., Khan, H., Sajjad, A., Khayam, S.: On achieving good operating points on an ROC plane using stochastic anomaly score prediction. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS 2009), pp. 314\u2013323. ACM, New York (2009)"},{"key":"19_CR31","doi-asserted-by":"publisher","first-page":"315","DOI":"10.1145\/1352592.1352625","volume-title":"Proceedings of the 3rd ACM SIGOPS\/EuroSys European Conference on Computer Systems 2008","author":"J. McCune","year":"2008","unstructured":"McCune, J., Parno, B., Perrig, A., Reiter, M., Isozaki, H.: Flicker: An execution infrastructure for TCB minimization. In: Proceedings of the 3rd ACM SIGOPS\/EuroSys European Conference on Computer Systems 2008, pp. 315\u2013328. ACM, New York (2008)"}],"container-title":["Lecture Notes in Computer Science","Trusted Systems"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-25283-9_19","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,14]],"date-time":"2025-03-14T05:27:25Z","timestamp":1741930045000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-25283-9_19"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011]]},"ISBN":["9783642252822","9783642252839"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-25283-9_19","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2011]]}}}