{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,9]],"date-time":"2024-09-09T14:04:48Z","timestamp":1725890688918},"publisher-location":"Berlin, Heidelberg","reference-count":34,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642372995"},{"type":"electronic","value":"9783642373008"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-37300-8_9","type":"book-chapter","created":{"date-parts":[[2013,3,13]],"date-time":"2013-03-13T04:53:59Z","timestamp":1363150439000},"page":"144-163","source":"Crossref","is-referenced-by-count":6,"title":["System-Level Support for Intrusion Recovery"],"prefix":"10.1007","author":[{"given":"Andrei","family":"Bacs","sequence":"first","affiliation":[]},{"given":"Remco","family":"Vermeulen","sequence":"additional","affiliation":[]},{"given":"Asia","family":"Slowinska","sequence":"additional","affiliation":[]},{"given":"Herbert","family":"Bos","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"9_CR1","unstructured":"Basrai, M., Chen, P.M.: Cooperative Revirt: Adapting message logging for intrusion analysis. Technical Report CSE-TR-504-04, University of Michigan (2004)"},{"key":"9_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1007\/978-3-540-70542-0_8","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"L. Cavallaro","year":"2008","unstructured":"Cavallaro, L., Saxena, P., Sekar, R.: On the Limits of Information Flow Techniques for Malware Analysis and Containment. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol.\u00a05137, pp. 143\u2013163. Springer, Heidelberg (2008)"},{"key":"9_CR3","unstructured":"Chen, H., Hsu, F., Li, J., Ristenpart, T., Su, Z.: Back to the future: A framework for automatic malware removal and system repair. In: Proc. of CCS (2006)"},{"key":"9_CR4","unstructured":"Chow, J., Garfinkel, T., Chen, P.M.: Decoupling dynamic program analysis from execution in virtual environments. In: USENIX ATC (June 2008)"},{"key":"9_CR5","unstructured":"Cornell, B., Dinda, P.A., Bustamante, F.E.: Wayback: A user-level versioning file system for Linux. In: Proceedings of USENIX 2004 (Freenix Track) (2004)"},{"key":"9_CR6","unstructured":"Crandall, J., Chong, F.: Minos: Control data attack prevention orthogonal to memory model. In: 37th International Symposium on Microarchitecture (2004)"},{"key":"9_CR7","doi-asserted-by":"crossref","unstructured":"Dolan-Gavitt, B., Leek, T., Zhivich, M., Giffin, J., Lee, W.: Virtuoso: Narrowing the semantic gap in virtual machine introspection. In: S&P (2011)","DOI":"10.1109\/SP.2011.11"},{"key":"9_CR8","doi-asserted-by":"crossref","unstructured":"Dunlap, G.W., King, S.T., Cinar, S., Basrai, M.A., Chen, P.M.: ReVirt: Enabling Intrusion Analysis through Virtual-Machine Logging and Replay. In: Proc. of the Symposium on Operating Systems Design and Implementation, OSDI (2002)","DOI":"10.1145\/1060289.1060309"},{"key":"9_CR9","unstructured":"F-Secure: Email-Worm:W32\/Zhelatin.CQ, \n \n http:\/\/www.f-secure.com\/v-descs\/email-worm_w32_zhelatin_cq.shtml"},{"key":"9_CR10","unstructured":"Folkerts, A., Portokalidis, G., Bos, H.: Multi-tier Intrusion detection by means of replayable virtual machines. Technical Report IR-CS-47, VU University (2008)"},{"key":"9_CR11","doi-asserted-by":"publisher","first-page":"163","DOI":"10.1145\/1095809.1095826","volume":"39","author":"A. Goel","year":"2005","unstructured":"Goel, A., Po, K., Farhadi, K., Li, Z., de Lara, E.: The taser intrusion recovery system. SIGOPS Oper. Syst. Rev.\u00a039, 163\u2013176 (2005)","journal-title":"SIGOPS Oper. Syst. Rev."},{"key":"9_CR12","unstructured":"Jones, S.T., Arpaci-Dusseau, A.C., Arpaci-Dusseau, R.H.: Antfarm: tracking processes in a virtual machine environment. In: Proceedings of the Annual Conference on USENIX 2006 Annual Technical Conference (2006)"},{"key":"9_CR13","unstructured":"Kang, M.G., McCamant, S., Poosankam, P., Song, D.: DTA++: Dynamic taint analysis with targeted control-flow propagation. In: Proceedings of the 18th Annual Network and Distributed System Security Symposium, NDSS 2011 (2011)"},{"key":"9_CR14","unstructured":"Kim, T., Wang, X., Zeldovich, N., Frans Kaashoek, M.: Intrusion recovery using selective re-execution. In: Proc. of OSDI 2010, Vancouver, Canada (2010)"},{"issue":"1","key":"9_CR15","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1145\/1047915.1047918","volume":"23","author":"S.T. King","year":"2005","unstructured":"King, S.T., Chen, P.M.: Backtracking intrusions. ACM Trans. Comput. Syst.\u00a023(1), 51\u201376 (2005)","journal-title":"ACM Trans. Comput. Syst."},{"key":"9_CR16","unstructured":"Microsoft Malware Protection Center: Backdoor:Win32\/Hupigon, \n \n http:\/\/www.microsoft.com\/security\/portal\/Threat\/Encyclopedia\/Entry.aspx?name=Backdoor%3AWin32%2FHupigon"},{"key":"9_CR17","unstructured":"Microsoft Malware Protection Center: Trojan:Win32\/Alureon.FE, \n \n http:\/\/www.microsoft.com\/security\/portal\/Threat\/Encyclopedia\/Entry.aspx?name=Trojan:Win32\/Alureon.FE"},{"key":"9_CR18","unstructured":"Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Proc. of the 12th Annual Network and Distributed System Security Symposium, NDSS (2005)"},{"key":"9_CR19","doi-asserted-by":"crossref","unstructured":"Oliveira, D.A.S., Crandall, J.R., Wassermann, G., Felix, S., Zhendong, W., Frederic, S., Chong, T.: ExecRecorder: VM-based full-system replay for attack analysis and system recovery. In: ASID 2006 (2006)","DOI":"10.1145\/1181309.1181320"},{"key":"9_CR20","unstructured":"Paleari, R., Martignoni, L., Passerini, E., Davidson, D., Fredrikson, M., Giffin, J., Jha, S.: Automatic generation of remediation procedures for malware infections. In: Proceedings of the 19th USENIX Conference on Security (2010)"},{"key":"9_CR21","doi-asserted-by":"crossref","unstructured":"Pfoh, J., Schneider, C., Eckert, C.: Exploiting the x86 architecture to derive virtual machine state information. In: Proc. of SECURWARE 2010 (2010)","DOI":"10.1109\/SECURWARE.2010.35"},{"key":"9_CR22","unstructured":"Porras, P., Sa\u00efdi, H., Yegneswaran, V.: A foray into conficker\u2019s logic and rendezvous points. In: Proc. of LEET 2009 (2009)"},{"key":"9_CR23","doi-asserted-by":"crossref","unstructured":"Portokalidis, G., Slowinska, A., Bos, H.: Argos: an emulator for fingerprinting zero-day attacks. In: ACM SIGOPS EuroSys 2006 (2006)","DOI":"10.1145\/1217935.1217938"},{"key":"9_CR24","doi-asserted-by":"crossref","unstructured":"Portokalidis, G., Homburg, P., Anagnostakis, K., Bos, H.: Paranoid Android: Versatile Protection for Smartphones. In: Proc. of ACSAC (2010)","DOI":"10.1145\/1920261.1920313"},{"key":"9_CR25","unstructured":"The Linux-NTFS Project, \n \n http:\/\/www.linux-ntfs.org"},{"key":"9_CR26","doi-asserted-by":"crossref","unstructured":"Slowinska, A., Bos, H.: Pointless tainting? evaluating the practicality of pointer tainting. In: Proceedings of ACM SIGOPS EUROSYS (March-April 2009)","DOI":"10.1145\/1519065.1519073"},{"key":"9_CR27","doi-asserted-by":"crossref","unstructured":"Stone-Gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C., Vigna, G.: Your botnet is my botnet: analysis of a botnet takeover. In: Proc. of CCS 2009, New York, NY, pp. 635\u2013647 (2009)","DOI":"10.1145\/1653662.1653738"},{"key":"9_CR28","unstructured":"Sun, W., Liang, Z., Sekar, R., Venkatakrishnan, V.N.: One-way isolation: An effective approach for realizing safe execution environments. In: Proc. of NDSS (2005)"},{"key":"9_CR29","unstructured":"Symantec: W32.sality, \n \n http:\/\/www.symantec.com\/security_response\/writeup.jsp?docid=2006-011714-3948-99"},{"key":"9_CR30","doi-asserted-by":"crossref","unstructured":"Verbowski, C., Kiciman, E., Kumar, A., Daniels, B., Lu, S., Lee, J., Wang, Y.M., Roussev, R.: Flight Data Recorder: Monitoring persistent-state interactions to improve systems management. In: 7th USENIX OSDI (2006)","DOI":"10.1145\/1140103.1140321"},{"key":"9_CR31","unstructured":"VMWare. Vmware workstation 6.5 beta release notes (August 2008), \n \n http:\/\/www.vmware.com\/products\/beta\/ws\/releasenotes_ws65_beta.html"},{"key":"9_CR32","doi-asserted-by":"crossref","unstructured":"Yin, H., Song, D., Egele, M., Kruegel, C., Kirda, E.: Panorama: capturing system-wide information flow for malware detection and analysis. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007 (2007)","DOI":"10.1145\/1315245.1315261"},{"key":"9_CR33","doi-asserted-by":"crossref","unstructured":"Zhang, S., Jia, X., Liu, P., Jing, J.: Cross-layer comprehensive intrusion harm analysis for production workload server systems. In: Proc. of ACSAC 2010 (2010)","DOI":"10.1145\/1920261.1920306"},{"key":"9_CR34","unstructured":"Zhu, N., Chiueh, T.: Design, implementation, and evaluation of repairable file service. In: The International Conference on Dependable Systems and Networks (2003)"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-37300-8_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,11]],"date-time":"2019-05-11T14:49:50Z","timestamp":1557586190000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-37300-8_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642372995","9783642373008"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-37300-8_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2013]]}}}