{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,9]],"date-time":"2024-09-09T15:42:12Z","timestamp":1725896532352},"publisher-location":"Berlin, Heidelberg","reference-count":38,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642319082"},{"type":"electronic","value":"9783642319099"}],"license":[{"start":{"date-parts":[[2012,1,1]],"date-time":"2012-01-01T00:00:00Z","timestamp":1325376000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012]]},"DOI":"10.1007\/978-3-642-31909-9_12","type":"book-chapter","created":{"date-parts":[[2012,9,22]],"date-time":"2012-09-22T07:23:23Z","timestamp":1348298603000},"page":"209-226","source":"Crossref","is-referenced-by-count":3,"title":["Time-Traveling Forensic Analysis of VM-Based High-Interaction Honeypots"],"prefix":"10.1007","author":[{"given":"Deepa","family":"Srinivasan","sequence":"first","affiliation":[]},{"given":"Xuxian","family":"Jiang","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"12_CR1","unstructured":"The Amazing VM Record\/Replay Feature in VMware Workstation 6, http:\/\/blogs.vmware.com\/sherrod\/2007\/04\/the_amazing_vm_.html"},{"key":"12_CR2","unstructured":"Apache HTTP Server Benchmarking Tool, http:\/\/httpd.apache.org\/docs\/2.0\/programs\/ab.html"},{"key":"12_CR3","unstructured":"Linux\/Unix nbench, http:\/\/www.tux.org\/~mayer\/linux\/bmark.html"},{"key":"12_CR4","unstructured":"Sebek Project, http:\/\/projects.honeynet.org\/sebek\/"},{"key":"12_CR5","unstructured":"VirtualBox, http:\/\/www.virtualbox.org"},{"key":"12_CR6","unstructured":"VMware Inc., http:\/\/www.vmware.com"},{"key":"12_CR7","unstructured":"Balzarotti, D., Cova, M., Karlberger, C., Kruegel, C., Kirda, E., Vigna, G.: Efficient Detection of Split Personalities in Malware. In: Proceedings of the 17th Annual Network and Distributed System Security Symposium (2010)"},{"key":"12_CR8","unstructured":"Bellard, F.: QEMU, a Fast and Portable Dynamic Translator. In: Proceedings of the 2005 USENIX Annual Technical Conference (2005)"},{"key":"12_CR9","doi-asserted-by":"crossref","unstructured":"Bergheaud, P., Subhraveti, D., Vertes, M.: Fault Tolerance in Multiprocessor Systems Via Application Cloning. In: Proceedings of the 27th IEEE International Conference on Distributed Computing Systems (2007)","DOI":"10.1109\/ICDCS.2007.111"},{"key":"12_CR10","doi-asserted-by":"crossref","unstructured":"Bressoud, T.C., Schneider, F.B.: Hypervisor-based Fault Tolerance. In: Proceedings of the 15th ACM Symposium on Operating Systems Principles (1995)","DOI":"10.1145\/224056.224058"},{"key":"12_CR11","unstructured":"CERT\/CC: CERT Advisory CA-2002-27 Apache\/mod_ssl Worm, http:\/\/www.cert.org\/advisories\/CA-2002-27.html"},{"key":"12_CR12","unstructured":"Chen, X., Andersen, J., Mao, Z.M., Bailey, M.D., Nazario, J.: Towards an Understanding of Anti-Virtualization and Anti-Debugging Behavior in Modern Malware. In: Proceedings of the 38th Annual IEEE International Conference on Dependable Systems and Networks (2008)"},{"key":"12_CR13","unstructured":"Chow, J., Garfinkel, T., Chen, P.M.: Decoupling Dynamic Program Analysis from Execution in Virtual Environments. In: Proceedings of the USENIX 2008 Annual Technical Conference (2008)"},{"key":"12_CR14","doi-asserted-by":"crossref","unstructured":"Chow, J., Lucchetti, D., Garfinkel, T., Lefebvre, G., Gardner, R., Mason, J., Small, S., Chen, P.M.: Multi-stage Replay with Crosscut. In: Proceedings of the 6th ACM SIGPLAN\/SIGOPS International Conference on Virtual Execution Environments (2010)","DOI":"10.1145\/1735997.1736002"},{"key":"12_CR15","doi-asserted-by":"crossref","unstructured":"Dinaburg, A., Royal, P., Sharif, M.I., Lee, W.: Ether: Malware Analysis via Hardware Virtualization Extensions. In: Proceedings of the 15th ACM Conference on Computer and Communications Security (2008)","DOI":"10.1145\/1455770.1455779"},{"key":"12_CR16","doi-asserted-by":"crossref","unstructured":"Dunlap, G., King, S., Cinar, S., Basrai, M., Chen, P.: ReVirt: Enabling Intrusion Analysis through Virtual-machine Logging and Replay. ACM SIGOPS Operating Systems Review\u00a036 (2002)","DOI":"10.1145\/844128.844148"},{"key":"12_CR17","doi-asserted-by":"crossref","unstructured":"Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: A Virtual Machine-Based Platform for Trusted Computing. In: Proceedings of the 19th Symposium on Operating System Principles (2003)","DOI":"10.1145\/945461.945464"},{"key":"12_CR18","unstructured":"Garfinkel, T., Rosenblum, M.: A Virtual Machine Introspection Based Architecture for Intrusion Detection. In: Proceedings of the 10th Annual Network and Distributed Systems Security Symposium (2003)"},{"key":"12_CR19","doi-asserted-by":"crossref","unstructured":"Goel, A., Feng, W., Maier, D., Feng, W., Walpole, J.: Forensix: A Robust, High-performance Reconstruction System. In: Proceedings of the 25th IEEE International Conference on Distributed Computing Systems Workshops (2005)","DOI":"10.1109\/ICDCSW.2005.62"},{"key":"12_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"198","DOI":"10.1007\/978-3-540-74320-0_11","volume-title":"Recent Advances in Intrusion Detection","author":"X. Jiang","year":"2007","unstructured":"Jiang, X., Wang, X.: \u201cOut-of-the-Box\u201d Monitoring of VM-Based High-Interaction Honeypots. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol.\u00a04637, pp. 198\u2013218. Springer, Heidelberg (2007)"},{"key":"12_CR21","doi-asserted-by":"crossref","unstructured":"Jiang, X., Wang, X., Xu, D.: Stealthy Malware Detection Through VMM-Based \u201cOut-of-the-Box\u201d Semantic View Reconstruction. In: Proceedings of the 14th ACM Conference on Computer and Communications Security (2007)","DOI":"10.1145\/1315245.1315262"},{"key":"12_CR22","unstructured":"Jiang, X., Xu, D.: Collapsar: A VM-based Architecture for Network Attack Detention Center. In: Proceedings of the 13th USENIX Security Symposium (2004)"},{"key":"12_CR23","doi-asserted-by":"crossref","unstructured":"Kang, M.G., Yin, H., Hanna, S., McCamant, S., Song, D.: Emulating Emulation-Resistant Malware. In: Proceedings of the 2nd Workshop on Virtual Machine Security (2009)","DOI":"10.1145\/1655148.1655151"},{"key":"12_CR24","doi-asserted-by":"crossref","unstructured":"King, S.T., Chen, P.M.: Backtracking Intrusions. ACM SIGOPS Operating Systems Review\u00a037 (2003)","DOI":"10.1145\/1165389.945467"},{"key":"12_CR25","doi-asserted-by":"crossref","unstructured":"Klein, G., Elphinstone, K., Heiser, G., Andronick, J., Cock, D., Derrin, P., Elkaduwe, D., Engelhardt, K., Kolanski, R., Norrish, M., Sewell, T., Tuch, H., Winwood, S.: seL4: Formal Verification of an OS Kernel. In: Proceedings of the 22nd ACM Symposium on Operating Systems Principles (2009)","DOI":"10.1145\/1629575.1629596"},{"key":"12_CR26","unstructured":"LWN: A New Adore Root Kit, http:\/\/lwn.net\/Articles\/75990"},{"key":"12_CR27","doi-asserted-by":"crossref","unstructured":"Murray, D.G., Milos, G., Hand, S.: Improving Xen Security through Disaggregation. In: Proceedings of the 4th ACM SIGPLAN\/SIGOPS International Conference on Virtual Execution Environments (2008)","DOI":"10.1145\/1346256.1346278"},{"key":"12_CR28","unstructured":"Newsome, J., Song, D.: Dynamic Taint Analysis: Automatic Detection, Analysis, and Signature Generation of Exploit Attacks on Commodity Software. In: Proceedings of the 12th Annual Network and Distributed Systems Security Symposium (2005)"},{"key":"12_CR29","doi-asserted-by":"crossref","unstructured":"Northcutt, S., Novak, J.: Network Intrusion Detection: An Analyst\u2019s Handbook, 2nd edn. New Riders Publishing (2000)","DOI":"10.1201\/1079\/43253.27.7.20000101\/30304.4"},{"key":"12_CR30","doi-asserted-by":"crossref","unstructured":"de Oliveira, D.A.S., Crandall, J.R., Wassermann, G., Wu, S.F., Su, Z., Chong, F.T.: ExecRecorder: VM-based Full-system Replay for Attack Analysis and System Recovery. In: Proceedings of the 1st Workshop on Architectural and System Support for Improving Software Dependability (2006)","DOI":"10.1145\/1181309.1181320"},{"key":"12_CR31","unstructured":"Perriot, F., Szor, P.: An Analysis of the Slapper Worm Exploit, http:\/\/www.symantec.com\/avcenter\/reference\/analysis.slapper.worm.pdf"},{"key":"12_CR32","unstructured":"Phrack: Linux On-the-fly Kernel Patching without LKM, http:\/\/www.phrack.org\/issues.html?id=7&issue=58"},{"key":"12_CR33","doi-asserted-by":"crossref","unstructured":"Portokalidis, G., Slowinska, A., Bos, H.: Argos: An Emulator for Fingerprinting Zero-Day Attacks. In: Proceedings of the 1st ACM European Conference on Computer Systems (2006)","DOI":"10.1145\/1217935.1217938"},{"key":"12_CR34","doi-asserted-by":"crossref","unstructured":"Riley, R., Jiang, X., Xu, D.: Multi-aspect Profiling of Kernel Rootkit Behavior. In: Proceedings of the 4th ACM European Conference on Computer Systems (2009)","DOI":"10.1145\/1519065.1519072"},{"key":"12_CR35","unstructured":"Spitzner, L.: Honeypots: Tracking Hackers. Addison-Wesley Professional (2002)"},{"key":"12_CR36","doi-asserted-by":"crossref","unstructured":"Vrable, M., Ma, J., Chen, J., Moore, D., Vandekieft, E., Snoeren, A.C., Voelker, G.M., Savage, S.: Scalability, Fidelity, and Containment in the Potemkin Virtual Honeyfarm. ACM SIGOPS Operating Systems Review\u00a039 (2005)","DOI":"10.1145\/1095809.1095825"},{"key":"12_CR37","unstructured":"Wang, Y.M., Beck, D., Jiang, X., Roussev, R.: Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites that Exploit Browser Vulnerabilities. In: Proceedings of the 13th Annual Symposium on Network and Distributed System Security (2006)"},{"key":"12_CR38","doi-asserted-by":"crossref","unstructured":"Wang, Z., Jiang, X.: HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity. In: Proceedings of the 2010 IEEE Symposium on Security and Privacy (2010)","DOI":"10.1109\/SP.2010.30"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Security and Privacy in Communication Networks"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-31909-9_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,6,25]],"date-time":"2023-06-25T22:33:01Z","timestamp":1687732381000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-31909-9_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012]]},"ISBN":["9783642319082","9783642319099"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-31909-9_12","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"type":"print","value":"1867-8211"},{"type":"electronic","value":"1867-822X"}],"subject":[],"published":{"date-parts":[[2012]]}}}