{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T18:10:09Z","timestamp":1773511809397,"version":"3.50.1"},"reference-count":72,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2024,3,16]],"date-time":"2024-03-16T00:00:00Z","timestamp":1710547200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,3,16]],"date-time":"2024-03-16T00:00:00Z","timestamp":1710547200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2024,6]]},"DOI":"10.1007\/s10207-024-00836-w","type":"journal-article","created":{"date-parts":[[2024,3,16]],"date-time":"2024-03-16T02:02:11Z","timestamp":1710554531000},"page":"2099-2121","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":10,"title":["A new approach for detecting process injection attacks using memory analysis"],"prefix":"10.1007","volume":"23","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3740-9518","authenticated-orcid":false,"given":"Mohammed","family":"Nasereddin","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5836-1111","authenticated-orcid":false,"given":"Raad","family":"Al-Qassas","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,3,16]]},"reference":[{"key":"836_CR1","doi-asserted-by":"publisher","unstructured":"Afreen, A., Aslam, M., Ahmed, S.: Analysis of fileless malware and its evasive behavior. In: 2020 International Conference on Cyber Warfare and Security (ICCWS), Islamabad, Pakistan, 2020, pp. 1\u20138 (2020). https:\/\/doi.org\/10.1109\/ICCWS48432.2020.9292376.","DOI":"10.1109\/ICCWS48432.2020.9292376."},{"key":"836_CR2","unstructured":"Angelystor Process Injection Techniques used by Malware. Accessed July 10, 2022, (2020, June 24). from Medium: https:\/\/medium.com\/csg-govtech\/process-injection-techniques-used-by-malware-1a34c078612c"},{"key":"836_CR3","doi-asserted-by":"publisher","first-page":"6249","DOI":"10.1109\/ACCESS.2019.2963724","volume":"8","author":"\u00d6A Aslan","year":"2020","unstructured":"Aslan, \u00d6.A., Samet, R.: A comprehensive review on malware detection approaches. IEEE Access 8, 6249\u20136271 (2020). https:\/\/doi.org\/10.1109\/ACCESS.2019.2963724","journal-title":"IEEE Access"},{"issue":"2","key":"836_CR4","doi-asserted-by":"publisher","first-page":"1071","DOI":"10.32604\/iasc.2022.022569","volume":"32","author":"A Attaallah","year":"2022","unstructured":"Attaallah, A., Alsuhabi, H., Shukla, S., Kumar, R., Gupta, B.K., Khan, R.A.: Analyzing the big data security through a unified decision-making approach. Intell. Autom. Soft Comput. 32(2), 1071\u20131088 (2022)","journal-title":"Intell. Autom. Soft Comput."},{"issue":"3","key":"836_CR5","doi-asserted-by":"publisher","first-page":"1763","DOI":"10.32604\/iasc.2022.023460","volume":"32","author":"AH Almulihi","year":"2022","unstructured":"Almulihi, A.H., Alassery, F., Khan, A.I., Shukla, S., Gupta, B.K., Kumar, R.: Analyzing the implications of healthcare data breaches through computational technique. Intell. Autom. Soft Comput. 32(3), 1763\u20131779 (2022)","journal-title":"Intell. Autom. Soft Comput."},{"key":"836_CR6","unstructured":"AV-TEST. Malware Statistics & Trends Report | AV-TEST. Accessed May 13, 2023, (2023)from AV-TEST: https:\/\/www.av-test.org\/en\/statistics\/malware\/"},{"key":"836_CR7","unstructured":"AVTEST. The IT Security Status at a Glance: The AV-TEST Security Report 2016\/2017. Accessed November 02, 2022, (2017, July 05) from Tech. Rep.: https:\/\/www.av-test.org\/fileadmin\/pdf\/security_report\/AV-TEST_Security_Report_2015-2016.pdf"},{"key":"836_CR8","unstructured":"Balaoura, S.: Process injection techniques and detection using the Volatility Framework. Master\u2019s thesis, University of Piraeus, Piraeus, Greece (2018)"},{"key":"836_CR9","unstructured":"Blaam, M.: Great explanation of Process Hollowing (a Technique often used in Malware). Accessed November 2, 2022, from GitHub: https:\/\/github.com\/m0n0ph1\/Process-Hollowing (2021, August 21)"},{"key":"836_CR10","doi-asserted-by":"publisher","first-page":"S3","DOI":"10.1016\/j.diin.2019.04.008","volume":"29","author":"F Block","year":"2019","unstructured":"Block, F., Dewald, A.: Windows memory forensics: detecting (un) intentionally hidden injected code by examining page table entries. Digit. Investig. 29, S3\u2013S12 (2019). https:\/\/doi.org\/10.1016\/j.diin.2019.04.008","journal-title":"Digit. Investig."},{"key":"836_CR11","unstructured":"Bridge, K., Abram, N., Kennedy, J., Batchelor, D., Coulter, D., Krell, J., LeBLanc, M.: PE Format. MS Docs. Accessed November 25, 2022 (2021a, November 8)"},{"key":"836_CR12","unstructured":"Bridge, K., Sharkey, K., Coulter, D., Jacobs, M., Satran, M.: About event tracing. MS Docs. Accessed December 20, 2022 (2021b, January 7)"},{"key":"836_CR13","unstructured":"Bridge, K., Sharkey, K., Coulter, D., Batchelor, D., Satran, M.: Thread handles and identifiers. MS Docs. Accessed November 8, 2022 (2021c, January 7)"},{"key":"836_CR14","unstructured":"Chang, T.: Detecting Malware with DLL Injection And PE Infection. Master\u2019s thesis, National Sun Yat-sen University, Taiwan (2016)"},{"issue":"3","key":"836_CR15","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1504\/IJSN.2021.117871","volume":"16","author":"C Chen","year":"2021","unstructured":"Chen, C., Lai, G., Cai, Z., Chang, T., Lee, B.: Detecting pe-infection based malware. Int. J. Secur. Netw. 16(3), 191\u2013199 (2021). https:\/\/doi.org\/10.1504\/IJSN.2021.117871","journal-title":"Int. J. Secur. Netw."},{"key":"836_CR16","unstructured":"Cooper, S.: Fileless malware attacks explained (with examples). Accessed May 18, 2022, (2021, May 14). from Comparitech: https:\/\/www.comparitech.com\/blog\/information-security\/fileless-malware-attacks\/"},{"key":"836_CR17","unstructured":"Cruz, M., de la Pena Perona, M., Rivera, B., Ang, K.: Washington, DC: U.S. Patent and Trademark Office Patent No. 8,572,739 (2013)"},{"key":"836_CR18","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1016\/j.diin.2018.09.006","volume":"27","author":"Y Dai","year":"2018","unstructured":"Dai, Y., Li, H., Qian, Y., Lu, X.: A malware classification method based on memory dump grayscale image. Digit. Investig. 27, 30\u201337 (2018). https:\/\/doi.org\/10.1016\/j.diin.2018.09.006","journal-title":"Digit. Investig."},{"key":"836_CR19","first-page":"273","volume-title":"Proceeding of the International Conference on Advanced Science, Engineering and Information Technology","author":"S Das","year":"2011","unstructured":"Das, S., Mathew, M., Vijayaraghavan, P.: An Approach for optimal feature subset selection using a new term weighting Scheme and mutual information. In: Proceeding of the International Conference on Advanced Science, Engineering and Information Technology, pp. 273\u2013278. Academia, Putrajaya, Malaysia (2011)"},{"key":"836_CR20","doi-asserted-by":"publisher","first-page":"5691","DOI":"10.1109\/ICC.2015.7249229","volume-title":"2015 IEEE International Conference on Communications (ICC)","author":"Y Duan","year":"2015","unstructured":"Duan, Y., Fu, X., Luo, B., Wang, Z., Shi, J., Du, X.: Detective: Automatically identify and analyze malware processes in forensic scenarios via DLLs. In: 2015 IEEE International Conference on Communications (ICC), pp. 5691\u20135696. London, UK, IEEE (2015)"},{"key":"836_CR21","volume-title":"Leveraging the PE Rich Header for Static Malware Detection and Linking","author":"M Dubyk","year":"2019","unstructured":"Dubyk, M.: Leveraging the PE Rich Header for Static Malware Detection and Linking. SANS Institute, Bethesda, Maryland, United States (2019)"},{"key":"836_CR22","unstructured":"Fewer, S.: ReflectiveDLLInjection. Accessed October 26, 2022, (2013, September 5). from GitHub: https:\/\/github.com\/stephenfewer\/ReflectiveDLLInjection"},{"key":"836_CR23","unstructured":"Firch, J.: 2021 Cyber security statistics: the ultimate list of stats, data & trends. Accessed September 10, 2021, (2021). from Purplesec: https:\/\/purplesec.us\/resources\/cyber-security-statistics\/"},{"key":"836_CR24","unstructured":"GitHub, & OpenAI. Your AI pair programmer. Accessed October 22, 2022, (2021). from GitHub Copilot: https:\/\/copilot.github.com\/"},{"key":"836_CR25","unstructured":"Github-milkdevil. injectAllTheThings. Accessed October 29, 2022, (2017, July 21). from GitHub: https:\/\/github.com\/milkdevil\/injectAllTheThings"},{"key":"836_CR26","unstructured":"Gorelik, M., Moshailov, R.: Fileless Malware: Attack Trend Exposed. Morphisec Ltd. (2017)"},{"key":"836_CR27","unstructured":"Gorelik, M.: Machine learning can\u2019t protect you from fileless attacks. Accessed August 27, 2022, (2020, May 13). from SecurityBoulevard: https:\/\/securityboulevard.com\/2020\/05\/machine-learning-cant-protect-you-from-fileless-attacks\/"},{"key":"836_CR28","unstructured":"Hasherezade. Process Doppelganging meets Process Hollowing in Osiris dropper. Accessed September 20, 2022, (2018, September 25). from Malwarebytes Labs: https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/08\/process-doppelganging-meets-process-hollowing_osiris\/"},{"key":"836_CR29","unstructured":"Hosseini, A.: Ten process injection techniques: A technical survey of common and trending process injection techniques. Accessed September 3, 2022, (2017). from Elastic: https:\/\/www.elastic.co\/blog\/ten-process-injection-techniques-technical-survey-common-and-trending-process"},{"issue":"4","key":"836_CR30","first-page":"393","volume":"10","author":"D Javaheri","year":"2020","unstructured":"Javaheri, D., Hosseinzadeh, M.: A Solution for Early Detection and Negation of Code and DLL Injection Attacks of Malwares. J. Adv. Def. Sci. Technol. 10(4), 393\u2013406 (2020)","journal-title":"J. Adv. Def. Sci. Technol."},{"issue":"5","key":"836_CR31","doi-asserted-by":"publisher","first-page":"37","DOI":"10.47277\/IJCNCS\/8(5)1","volume":"8","author":"D Javeed","year":"2020","unstructured":"Javeed, D., Khan, M., Ahmad, I., Iqbal, T., Badamasi, U., Ndubuisi, C., Umar, A.: An efficient approach of threat hunting using memory forensics. Int. J. Comput. Netw. Commun. Secur. 8(5), 37\u201345 (2020)","journal-title":"Int. J. Comput. Netw. Commun. Secur."},{"key":"836_CR32","unstructured":"Khasaia, L.: InjectProc - Process Injection Techniques. (2019, February 10). Accessed October 25, 2022, from GitHub: https:\/\/github.com\/secrary\/InjectProc"},{"key":"836_CR33","unstructured":"KSLGroup. Threadmap Volatility Plugin. Accessed November 02, 2022, (2021, August 23) from GitHub: https:\/\/github.com\/kslgroup\/threadmap"},{"key":"836_CR34","doi-asserted-by":"publisher","first-page":"332","DOI":"10.1109\/ISECS.2010.80","volume-title":"2010 Third International Symposium on Electronic Commerce and Security","author":"Y Li","year":"2010","unstructured":"Li, Y., Li, W., Jiang, C.: A survey of virtual machine system: Current technology and future trends. In: 2010 Third International Symposium on Electronic Commerce and Security, pp. 332\u2013336. Nanchang, China, IEEE (2010)"},{"key":"836_CR35","unstructured":"Liang, H., Rugerio, D., Chen, L., Xu, S.: What is a DLL. MS Docs. Accessed February 11, 2023 (2022, January 23)"},{"issue":"2","key":"836_CR36","doi-asserted-by":"publisher","first-page":"431","DOI":"10.13089\/JKIISC.2019.29.2.431","volume":"29","author":"S Lim","year":"2019","unstructured":"Lim, S., Im, E.: Proposal of process hollowing attack detection using process virtual memory data similarity. J. Korea Inst. Inf. Secur. Cryptol. 29(2), 431\u2013438 (2019). https:\/\/doi.org\/10.13089\/JKIISC.2019.29.2.431","journal-title":"J. Korea Inst. Inf. Secur. Cryptol."},{"key":"836_CR37","unstructured":"Liu, W., Steven, G.: A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Accessed October 2, 2022, (2021). from Process Hacker: https:\/\/processhacker.sourceforge.io\/"},{"key":"836_CR38","unstructured":"Microsoft Developer. Download a Windows 10 virtual machine. Accessed September 22, 2022, (2021). from Microsoft Developer: https:\/\/developer.microsoft.com\/en-us\/windows\/downloads\/virtual-machines\/"},{"key":"836_CR39","unstructured":"Mikben Batchelor, D., Sharkey, K., Coulter, D., Kennedy, J., Satran, M.: Memory Protection Constants. MS Docs. Accessed October 11, 2022 (2021, March 22)"},{"key":"836_CR40","unstructured":"Mikben, Sharkey, K., Satran, M.: About Memory Management. MS Docs. Accessed November 8, 2022 (2021, January 7)"},{"issue":"6","key":"836_CR41","doi-asserted-by":"publisher","first-page":"857","DOI":"10.18517\/ijaseit.6.6.1382","volume":"6","author":"M Mohd Yusof","year":"2016","unstructured":"Mohd Yusof, M., Mokhtar, M.: A review of predictive analytic applications of bayesian network. Int. J. Adv. Sci. Eng. Inf. Technol. 6(6), 857\u2013867 (2016). https:\/\/doi.org\/10.18517\/ijaseit.6.6.1382","journal-title":"Int. J. Adv. Sci. Eng. Inf. Technol."},{"key":"836_CR42","unstructured":"Monnappa, K.: Detecting deceptive process hollowing techniques using hollowfind volatility plugin. Accessed August 25, 2022, (2016a, September 22). from Cysinfo: https:\/\/cysinfo.com\/detecting-deceptive-hollowing-techniques\/"},{"key":"836_CR43","unstructured":"Monnappa, K.: Hollowfind Volatility Plugin. Accessed August 25, 2022, (2016b, September 24). from GitHub: https:\/\/github.com\/monnappa22\/HollowFind"},{"key":"836_CR44","unstructured":"Monnappa, K.: Psinfo Volatility Plugin. Accessed August 25, 2022, (2016c, September 24). from GitHub: https:\/\/github.com\/monnappa22\/Psinfo"},{"key":"836_CR45","first-page":"187","volume-title":"IFIP International Conference on Digital Forensics","author":"R Mosli","year":"2017","unstructured":"Mosli, R., Li, R., Yuan, B., Pan, Y.: A behavior-based approach for malware detection. In: IFIP International Conference on Digital Forensics, pp. 187\u2013201. Springer, Cham, Orlando, FL, USA (2017)"},{"key":"836_CR46","first-page":"1","volume-title":"2016 IEEE Symposium on Technologies for Homeland Security (HST)","author":"R Mosli","year":"2016","unstructured":"Mosli, R., Li, R., Yuan, B., Pan, Y.: Automated malware detection using artifacts in forensic memory images. In: 2016 IEEE Symposium on Technologies for Homeland Security (HST), pp. 1\u20136. IEEE, Waltham, MA, USA (2016)"},{"key":"836_CR47","doi-asserted-by":"crossref","unstructured":"Otsuki, Y., Kawakoya, Y., Iwamura, M., Miyoshi, J., Faires, J., Lillard, T.: Toward the analysis of distributed code injection in post-mortem forensics. In: 14th International Workshop on Security, IWSEC 2019. 11689, pp. 391\u2013409. Tokyo, Japan: Springer, Cham (2019)","DOI":"10.1007\/978-3-030-26834-3_23"},{"key":"836_CR48","unstructured":"Pingios, A., Beek, C., Becwar, R.: Process injection, technique T1055 - enterprise. Accessed November 8, 2022, (2017, May 31). from MITRE ATT &CK: https:\/\/attack.mitre.org\/techniques\/T1055\/"},{"key":"836_CR49","doi-asserted-by":"publisher","first-page":"1145","DOI":"10.1109\/Trustcom\/BigDataSE\/ICESS.2017.365","volume-title":"2017 IEEE Trustcom\/BigDataSE\/ICESS","author":"C Rathnayaka","year":"2017","unstructured":"Rathnayaka, C., Jamdagni, A.: An efficient approach for advanced malware analysis using memory forensic technique. In: 2017 IEEE Trustcom\/BigDataSE\/ICESS, pp. 1145\u20131150. IEEE, Sydney, NSW, Australia (2017)"},{"key":"836_CR50","unstructured":"Red Teaming Experiments. Code & Process Injection. Accessed November 5, 2022, (2021). from ired.team: https:\/\/www.ired.team\/offensive-security\/code-injection-process-injection"},{"issue":"1","key":"836_CR51","doi-asserted-by":"publisher","first-page":"33","DOI":"10.18576\/isl\/090105","volume":"9","author":"K Sahu","year":"2020","unstructured":"Sahu, K., Srivastava, R.K.: Needs and importance of reliability prediction: an industrial perspective. Inf. Sci. Lett. 9(1), 33\u201337 (2020)","journal-title":"Inf. Sci. Lett."},{"issue":"1","key":"836_CR52","doi-asserted-by":"publisher","first-page":"543","DOI":"10.37418\/amsj.10.1.54","volume":"10","author":"K Sahu","year":"2021","unstructured":"Sahu, K., Srivastava, R.K.: Predicting software bugs of newly and large datasets through a unified neuro-fuzzy approach: reliability perspective. Adv. Math. Sci. J. 10(1), 543\u2013555 (2021)","journal-title":"Adv. Math. Sci. J."},{"issue":"3","key":"836_CR53","doi-asserted-by":"publisher","first-page":"371","DOI":"10.1007\/s41060-023-00426-4","volume":"16","author":"K Sahu","year":"2023","unstructured":"Sahu, K., Srivastava, R.K., Kumar, S., Saxena, M., Gupta, B.K., Verma, R.P.: Integrated hesitant fuzzy-based decision-making framework for evaluating sustainable and renewable energy. Int. J. Data Sci. Anal. 16(3), 371\u2013390 (2023)","journal-title":"Int. J. Data Sci. Anal."},{"issue":"2","key":"836_CR54","doi-asserted-by":"publisher","first-page":"1471","DOI":"10.32604\/cmc.2021.014868","volume":"67","author":"K Sahu","year":"2021","unstructured":"Sahu, K., Alzahrani, F.A., Srivastava, R.K., Kumar, R.: Evaluating the impact of prediction techniques: software reliability perspective. Comput. Mater. Continua 67(2), 1471\u20131488 (2021)","journal-title":"Comput. Mater. Continua"},{"issue":"11","key":"836_CR55","doi-asserted-by":"publisher","first-page":"1770","DOI":"10.3390\/sym12111770","volume":"12","author":"K Sahu","year":"2020","unstructured":"Sahu, K., Alzahrani, F.A., Srivastava, R.K., Kumar, R.: Hesitant fuzzy sets based symmetrical model of decision-making for estimating the durability of web application. Symmetry 12(11), 1770 (2020)","journal-title":"Symmetry"},{"key":"836_CR56","first-page":"19","volume":"17","author":"K Sahu","year":"2018","unstructured":"Sahu, K., Srivastava, R.K.: Soft computing approach for prediction of software reliability. Neural Netw. 17, 19 (2018)","journal-title":"Neural Netw."},{"key":"836_CR57","first-page":"1","volume-title":"2019 IEEE 10th International Conference on Awareness Science and Technology (iCAST)","author":"M Salman","year":"2019","unstructured":"Salman, M., Husna, D., Viani, N.: Static Analysis Method on Portable Executable Files for REMNUX based Malware Identification. In: 2019 IEEE 10th International Conference on Awareness Science and Technology (iCAST), pp. 1\u20136. IEEE, Morioka, Japan (2019)"},{"issue":"2","key":"836_CR58","doi-asserted-by":"publisher","first-page":"2301","DOI":"10.32604\/cmc.2021.014510","volume":"67","author":"R Sihwail","year":"2021","unstructured":"Sihwail, R., Omar, K., Ariffin, K.: An effective memory analysis for malware detection and classification. CMC-Comput. Mater. Continua 67(2), 2301\u20132320 (2021). https:\/\/doi.org\/10.32604\/cmc.2021.014510","journal-title":"CMC-Comput. Mater. Continua"},{"issue":"4\u20132","key":"836_CR59","doi-asserted-by":"publisher","first-page":"1662","DOI":"10.18517\/ijaseit.8.4-2.6827","volume":"8","author":"R Sihwail","year":"2018","unstructured":"Sihwail, R., Omar, K., Ariffin, K.: A survey on malware analysis techniques: static, dynamic, hybrid and memory analysis. Int. J. Adv. Sci. Eng. Inf. Technol. 8(4\u20132), 1662\u20131671 (2018). https:\/\/doi.org\/10.18517\/ijaseit.8.4-2.6827","journal-title":"Int. J. Adv. Sci. Eng. Inf. Technol."},{"key":"836_CR60","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1109\/ICOS.2017.8280279","volume-title":"2017 IEEE Conference on Open Systems (ICOS)","author":"A Srivastava","year":"2017","unstructured":"Srivastava, A., Jones, J.: Detecting code injection by cross-validating stack and VAD information in windows physical memory. In: 2017 IEEE Conference on Open Systems (ICOS), pp. 83\u201389. IEEE, Miri, Malaysia (2017)"},{"key":"836_CR61","doi-asserted-by":"publisher","first-page":"180","DOI":"10.1109\/SPW.2018.00033","volume-title":"2018 IEEE Security and Privacy Workshops (SPW)","author":"K Subedi","year":"2018","unstructured":"Subedi, K., Budhathoki, D., Dasgupta, D.: Forensic analysis of ransomware families using static and dynamic analysis. In: 2018 IEEE Security and Privacy Workshops (SPW), pp. 180\u2013185. IEEE, San Francisco, CA, USA (2018)"},{"key":"836_CR62","unstructured":"Teller, T., Hayon, A.: Enhancing automated malware analysis machines with memory analysis. London, England and Wales: BlackHat, InformaTech. Retrieved from https:\/\/www.blackhat.com\/docs\/us-14\/materials\/arsenal\/us-14-Teller-Automated-Memory-Analysis-WP.pdf (2014)"},{"key":"836_CR63","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4842-3870-7","volume-title":"Cybersecurity Incident Response: How to Contain, Eradicate, and Recover from Incidents","author":"E Thompson","year":"2018","unstructured":"Thompson, E.: Cybersecurity Incident Response: How to Contain, Eradicate, and Recover from Incidents, 1st edn. Apress, New York, USA (2018)","edition":"1"},{"key":"836_CR64","unstructured":"VMware Docs. VMware Workstation 15.5.1 Pro Release Notes. Accessed September 22, 2022, (2019, November 12). from VMware Docs: https:\/\/docs.vmware.com\/en\/VMware-Workstation-Pro\/15.5\/rn\/VMware-Workstation-1551-Pro-Release-Notes.html"},{"key":"836_CR65","unstructured":"Volatility Foundation. The Volatility Foundation - Open-Source Memory Forensics. Accessed March 29, 2023, (2020). from VolatilityFoundation: https:\/\/www.volatilityfoundation.org\/"},{"key":"836_CR66","unstructured":"Webb, M.: Evaluating tool based automated malware analysis through persistence mechanism detection. Doctoral dissertation, Kansas State University, Manhattan, USA (2018)"},{"key":"836_CR67","doi-asserted-by":"publisher","unstructured":"White, A., Schatz, B., Foo, E.: Integrity verification of user space code. Digit. Investig. 10, S59\u2013S68 (2013). https:\/\/doi.org\/10.1016\/j.diin.2013.06.007","DOI":"10.1016\/j.diin.2013.06.007"},{"key":"836_CR68","unstructured":"Xiao, C., Zheng, C.: New IoT\/Linux Malware Targets DVRs, Forms Botnet. Accessed September 19, 2022, (2017, April 6). from Paloaltonetworks: https:\/\/unit42.paloaltonetworks.com\/unit42-new-iotlinux-malware-targets-dvrs-forms-botnet\/"},{"key":"836_CR69","doi-asserted-by":"publisher","first-page":"141","DOI":"10.1007\/978-981-13-1501-5_12","volume-title":"Emerging Technologies in Data Mining and Information Security","author":"A Yadav","year":"2019","unstructured":"Yadav, A., Garg, M.: Docker containers versus virtual machine-based virtualization. In: Emerging Technologies in Data Mining and Information Security, pp. 141\u2013150. Springer, Singapore (2019)"},{"key":"836_CR70","volume-title":"Windows Internals, Part 1: System architecture, processes, threads, memory management","author":"P Yosifovich","year":"2017","unstructured":"Yosifovich, P., Solomon, D., Ionescu, A.: Windows Internals, Part 1: System architecture, processes, threads, memory management, 7th edn. Microsoft Press, Redmond (2017)","edition":"7"},{"issue":"4","key":"836_CR71","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1109\/2.53","volume":"21","author":"L Zadeh","year":"1988","unstructured":"Zadeh, L.: Fuzzy logic. Computer 21(4), 83\u201393 (1988). https:\/\/doi.org\/10.1109\/2.53","journal-title":"Computer"},{"key":"836_CR72","doi-asserted-by":"publisher","first-page":"2247","DOI":"10.1109\/IAEAC.2017.8054419","volume-title":"2017 IEEE 2nd Advanced Information Technology, Electronic and Automation Control Conference (IAEAC)","author":"S Zhang","year":"2017","unstructured":"Zhang, S., Hu, Y., Bian, G.: Research on string similarity algorithm based on Levenshtein Distance. In: 2017 IEEE 2nd Advanced Information Technology, Electronic and Automation Control Conference (IAEAC), pp. 2247\u20132251. IEEE, Chongqing, China (2017)"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-024-00836-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-024-00836-w\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-024-00836-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,5,26]],"date-time":"2024-05-26T22:12:24Z","timestamp":1716761544000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-024-00836-w"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,3,16]]},"references-count":72,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2024,6]]}},"alternative-id":["836"],"URL":"https:\/\/doi.org\/10.1007\/s10207-024-00836-w","relation":{"has-preprint":[{"id-type":"doi","id":"10.21203\/rs.3.rs-3252716\/v1","asserted-by":"object"}]},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,3,16]]},"assertion":[{"value":"16 March 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors assert that there is no potential conflicts of interest. The authors have no relevant financial or non-financial interests to disclose.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}]}}