{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,24]],"date-time":"2026-01-24T08:35:12Z","timestamp":1769243712997,"version":"3.49.0"},"reference-count":53,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2019,12,14]],"date-time":"2019-12-14T00:00:00Z","timestamp":1576281600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2019,12,14]],"date-time":"2019-12-14T00:00:00Z","timestamp":1576281600000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cluster Comput"],"published-print":{"date-parts":[[2020,12]]},"DOI":"10.1007\/s10586-019-03027-8","type":"journal-article","created":{"date-parts":[[2019,12,14]],"date-time":"2019-12-14T14:03:41Z","timestamp":1576332221000},"page":"2565-2578","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":9,"title":["DeMETER in clouds: detection of malicious external thread execution in runtime with machine learning in PaaS clouds"],"prefix":"10.1007","volume":"23","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9756-603X","authenticated-orcid":false,"given":"Mehmet Tahir","family":"Sand\u0131kkaya","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yusuf","family":"Yaslan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Cemile Diler","family":"\u00d6zdemir","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2019,12,14]]},"reference":[{"key":"3027_CR1","unstructured":"App Engine - Platform as a Service \u2014 Google Cloud Platform (n.d.). https:\/\/cloud.google.com\/appengine\/"},{"key":"3027_CR2","unstructured":"Heroku | Cloud Application Platform (n.d.). https:\/\/www.heroku.com\/"},{"key":"3027_CR3","unstructured":"Apache Stratos (n.d.). https:\/\/stratos.apache.org\/"},{"key":"3027_CR4","unstructured":"AWS Elastic Beanstalk - Application Management - Platform as a Service (n.d.). https:\/\/aws.amazon.com\/elasticbeanstalk\/"},{"key":"3027_CR5","doi-asserted-by":"crossref","unstructured":"Sand\u0131kkaya, M.T., \u00d6devci, B., Ovatman, T.: Practical Runtime Security Mechanisms for an aPaaS Cloud. In: IEEE Global Communications Conference (Globecom 2014), pp. 53\u201358. IEEE Communications Society (2014)","DOI":"10.1109\/GLOCOMW.2014.7063385"},{"key":"3027_CR6","doi-asserted-by":"crossref","unstructured":"Madnick, S.E., Donovan, J.J.: Application and analysis of the virtual machine approach to information system security and isolation. In: Proceedings of the Workshop on Virtual Computer Systems, pp. 210\u2013224. ACM, New York, NY, USA (1973)","DOI":"10.1145\/800122.803961"},{"key":"3027_CR7","doi-asserted-by":"crossref","unstructured":"He, S., Guo, L., Guo, Y., Wu, C., Ghanem, M., Han, R.: Elastic application container: a lightweight approach for cloud resource provisioning. In: IEEE 26th International Conference on Advanced Information Networking and Applications (AINA), pp. 15\u201322 (2012)","DOI":"10.1109\/AINA.2012.74"},{"key":"3027_CR8","first-page":"345","volume":"16","author":"MT Sand\u0131kkaya","year":"2015","unstructured":"Sand\u0131kkaya, M.T., Harmanc\u0131, A.E.: A security paradigm for PaaS clouds. Proc. Rom. Acad. Ser. A 16, 345\u2013356 (2015)","journal-title":"Proc. Rom. Acad. Ser. A"},{"key":"3027_CR9","unstructured":"Lipp, M., Schwarz, M., Gruss, D., Prescher, T., Haas, W., Fogh, A., Horn, J., Mangard, S., Kocher, P., Genkin, D., Yarom, Y., Hamburg, M.: Meltdown: reading Kernel memory from user space. In: 27th USENIX Security Symposium (USENIX Security 18) (2018)"},{"key":"3027_CR10","doi-asserted-by":"crossref","unstructured":"Kocher, P., Horn, J., Fogh, A., , Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher, T., Schwarz, M., Yarom, Y.: Spectre attacks: exploiting speculative execution. In: 40th IEEE Symposium on Security and Privacy (S&P\u201919) (2019)","DOI":"10.1109\/SP.2019.00002"},{"key":"3027_CR11","unstructured":"Gosling, J., Joy, B., Steele, G., Bracha, G., Buckley, A.: The Java$$^{\\textregistered }$$ Language Specification Java SE 8 Edition. Tech. rep., Oracle Corporation, Redwood City, CA, USA (2010). http:\/\/docs.oracle.com\/javase\/specs\/jls\/se8\/jls8.pdf"},{"key":"3027_CR12","unstructured":"Lindholm, T., Yellin, F., Bracha, G., Buckley, A.: The Java$$^{{\\textregistered }}$$ Virtual Machine Specification Java SE 8 Edition. Tech. rep., Oracle Corporation, Redwood City, CA, USA (2010). http:\/\/docs.oracle.com\/javase\/specs\/jvms\/se8\/jvms8.pdf"},{"key":"3027_CR13","volume-title":"Thinking Security: Stopping Next Year\u2019s Hackers","author":"SM Bellovin","year":"2015","unstructured":"Bellovin, S.M.: Thinking Security: Stopping Next Year\u2019s Hackers. Addison-Wesley Professional, Boston (2015)"},{"key":"3027_CR14","first-page":"101","volume-title":"Automatic Generation of String Signatures for Malware Detection","author":"K Griffin","year":"2009","unstructured":"Griffin, K., Schneider, S., Hu, X., Chiueh, Tc: Automatic Generation of String Signatures for Malware Detection, pp. 101\u2013120. Springer, Berlin (2009)"},{"issue":"1","key":"3027_CR15","doi-asserted-by":"publisher","first-page":"42","DOI":"10.1016\/j.jnca.2012.05.003","volume":"36","author":"C Modi","year":"2013","unstructured":"Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., Rajarajan, M.: A survey of intrusion detection techniques in Cloud. J. Netw. Comput. Appl. 36(1), 42\u201357 (2013)","journal-title":"J. Netw. Comput. Appl."},{"key":"3027_CR16","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1016\/j.eswa.2016.01.002","volume":"52","author":"Y Fan","year":"2016","unstructured":"Fan, Y., Ye, Y., Chen, L.: Malicious sequential pattern mining for automatic malware detection. Expert Syst. Appl. 52, 16\u201325 (2016)","journal-title":"Expert Syst. Appl."},{"issue":"1","key":"3027_CR17","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/2190-8532-1-1","volume":"1","author":"A Shabtai","year":"2012","unstructured":"Shabtai, A., Moskovitch, R., Feher, C., Dolev, S., Elovici, Y.: Detecting unknown malicious code by applying classification techniques on OpCode patterns. Secur. Inf. 1(1), 1\u201322 (2012)","journal-title":"Secur. Inf."},{"key":"3027_CR18","doi-asserted-by":"crossref","unstructured":"Uppal, D., Sinha, R., Mehra, V., Jain, V.: Malware detection and classification based on extraction of API sequences. In: 2014 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 2337\u20132342 (2014)","DOI":"10.1109\/ICACCI.2014.6968547"},{"issue":"1","key":"3027_CR19","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.asoc.2009.06.019","volume":"10","author":"SX Wu","year":"2010","unstructured":"Wu, S.X., Banzhaf, W.: The use of computational intelligence in intrusion detection systems: a review. Appl. Soft Comput. 10(1), 1\u201335 (2010)","journal-title":"Appl. Soft Comput."},{"issue":"10","key":"3027_CR20","doi-asserted-by":"publisher","first-page":"11994","DOI":"10.1016\/j.eswa.2009.05.029","volume":"36","author":"CF Tsai","year":"2009","unstructured":"Tsai, C.F., Hsu, Y.F., Lin, C.Y., Lin, W.Y.: Intrusion detection by machine learning: a review. Expert Syst. Appl. 36(10), 11994\u201312000 (2009)","journal-title":"Expert Syst. Appl."},{"issue":"4","key":"3027_CR21","doi-asserted-by":"publisher","first-page":"639","DOI":"10.3233\/JCS-2010-0410","volume":"19","author":"K Rieck","year":"2011","unstructured":"Rieck, K., Trinius, P., Willems, C., Holz, T.: Automatic analysis of malware behavior using machine learning. J. Comput. Secur. 19(4), 639\u2013668 (2011)","journal-title":"J. Comput. Secur."},{"key":"3027_CR22","doi-asserted-by":"crossref","unstructured":"Win, T.Y., Tianfield, H., Mair, Q.: Detection of malware and Kernel-level rootkits in cloud computing environments. In: IEEE 2nd International Conference on Cyber Security and Cloud Computing (CSCloud), pp. 295\u2013300 (2015)","DOI":"10.1109\/CSCloud.2015.54"},{"key":"3027_CR23","doi-asserted-by":"crossref","unstructured":"\u00d6zdemir, C.D., Sand\u0131kkaya, M.T., Yaslan, Y.: Classifying malicious thread behavior in PaaS Web services. In: Proceedings of the 8th International Conference on Cloud Computing and Services Science, vol. 1, CLOSER, pp. 418\u2013425. INSTICC, SciTePress (2018)","DOI":"10.5220\/0006688204180425"},{"key":"3027_CR24","doi-asserted-by":"crossref","unstructured":"Bazrafshan, Z., Hashemi, H., Fard, S.M.H., Hamzeh, A.: A survey on heuristic malware detection techniques. In: $$5^{{\\rm th}}$$ Conference on Information and Knowledge Technology (IKT), pp. 113\u2013120. IEEE (2013)","DOI":"10.1109\/IKT.2013.6620049"},{"key":"3027_CR25","first-page":"91","volume":"37","author":"A Pekta\u015f","year":"2017","unstructured":"Pekta\u015f, A., Acarman, T.: Classification of malware families based on runtime behaviors. J. Inf. Secur. Appl. 37, 91\u2013100 (2017)","journal-title":"J. Inf. Secur. Appl."},{"key":"3027_CR26","doi-asserted-by":"crossref","unstructured":"Pirscoveanu, R.S., Hansen, S.S., Larsen, T.M.T., Stevanovic, M., Pedersen, J.M., Czech, A.: Analysis of malware behavior: type classification using machine learning. In: International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), pp. 1\u20137. IEEE (2015)","DOI":"10.1109\/CyberSA.2015.7166115"},{"key":"3027_CR27","doi-asserted-by":"crossref","unstructured":"Uppal, D., Sinha, R., Mehra, V., Jain, V.: Malware detection and classification based on extraction of api sequences. In: ICACCI, 2014 International Conference on Advances in Computing, Communications and Informatics, pp. 2337\u20132342. IEEE (2014)","DOI":"10.1109\/ICACCI.2014.6968547"},{"issue":"1","key":"3027_CR28","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/2190-8532-1-1","volume":"1","author":"A Shabtai","year":"2012","unstructured":"Shabtai, A., Moskovitch, R., Feher, C., Dolev, S., Elovici, Y.: Detecting unknown malicious code by applying classification techniques on opcode patterns. Secur. Inform. 1(1), 1 (2012)","journal-title":"Secur. Inform."},{"key":"3027_CR29","unstructured":"O\u2019Sullivan, B.: The history of threads (1996). http:\/\/www.faqs.org\/faqs\/os-research\/part1\/section-10.html"},{"key":"3027_CR30","doi-asserted-by":"crossref","unstructured":"Corbat\u00f3, F.J., Vyssotsky, V.A.: Introduction and Overview of the Multics System. In: Proceedings of the AFIPS \u201965 November 30\u2013December 1, 1965, Fall Joint Computer Conference, Part I, pp. 185\u2013196. ACM, New York, NY, USA (1965)","DOI":"10.1145\/1463891.1463912"},{"key":"3027_CR31","unstructured":"Demichiel, L., Keith, M.: JSR 220: Enterprise JavaBeans 3.0 (2007). https:\/\/jcp.org\/en\/jsr\/detail?id=220"},{"key":"3027_CR32","unstructured":"OSGi Core Release 6 Specification (2014). https:\/\/osgi.org\/download\/r6\/osgi.core-6.0.0.pdf"},{"key":"3027_CR33","unstructured":"Palacz, K.: JSR 121: application isolation API specification (2006). https:\/\/jcp.org\/en\/jsr\/detail?id=121"},{"key":"3027_CR34","unstructured":"Mordani, R.: JSR 154: Java Servlet 2.4 Specification (2007). https:\/\/jcp.org\/en\/jsr\/detail?id=154"},{"issue":"1","key":"3027_CR35","doi-asserted-by":"publisher","first-page":"96","DOI":"10.1016\/j.cose.2011.10.006","volume":"31","author":"L Rodero-Merino","year":"2012","unstructured":"Rodero-Merino, L., Vaquero, L.M., Caron, E., Muresan, A., Desprez, F.: Building safe PaaS clouds: a survey on security in multitenant software platforms. Comput. Secur. 31(1), 96\u2013108 (2012)","journal-title":"Comput. Secur."},{"key":"3027_CR36","unstructured":"Gong, L.: Java SE Platform Security Architecture Specification v1.2. Tech. rep., Oracle Corporation, Redwood City, CA, USA (2002). http:\/\/docs.oracle.com\/javase\/8\/docs\/technotes\/guides\/security\/spec\/security-spec.doc.html"},{"key":"3027_CR37","doi-asserted-by":"crossref","unstructured":"Czajkowski, G., Dayn\u00e9s, L.: Multitasking without comprimise: a virtual machine evolution. In: Proceedings of the 16th ACM SIGPLAN Conference on Object-oriented Programming, Systems, Languages, and Applications (OOPSLA \u201901), pp. 125\u2013138. ACM, New York, NY, USA (2001)","DOI":"10.1145\/504282.504292"},{"key":"3027_CR38","doi-asserted-by":"crossref","unstructured":"Geoffray, N., Thomas, G., Muller, G., Parrend, P., Fr\u00e9not, S., Folliot, B.: I-JVM: a Java virtual machine for component isolation in OSGi. In: IEEE\/IFIP International Conference on Dependable Systems Networks (DSN \u201909), pp. 544\u2013553 (2009)","DOI":"10.1109\/DSN.2009.5270296"},{"issue":"4","key":"3027_CR39","doi-asserted-by":"publisher","first-page":"583","DOI":"10.1145\/1075382.1075383","volume":"27","author":"G Back","year":"2005","unstructured":"Back, G., Hsieh, W.C.: The KaffeOS Java runtime system. ACM Trans. Progr. Lang. Syst. 27(4), 583\u2013630 (2005)","journal-title":"ACM Trans. Progr. Lang. Syst."},{"key":"3027_CR40","unstructured":"Java Management Extensions (JMX) Specification, version 1.4. Santa Clara, CA, USA (2006). http:\/\/docs.oracle.com\/javase\/7\/docs\/technotes\/guides\/jmx\/JMX_1_4_specification.pdf"},{"key":"3027_CR41","first-page":"220","volume-title":"Aspect-Oriented Programming","author":"G Kiczales","year":"1997","unstructured":"Kiczales, G., Lamping, J., Mendhekar, A., Maeda, C., Lopes, C., Loingtier, J.M., Irwin, J.: Aspect-Oriented Programming, pp. 220\u2013242. Springer, Berlin (1997)"},{"key":"3027_CR42","doi-asserted-by":"crossref","unstructured":"Truica, C., Radulescu, F., Boicea, A., Bucur, I.: Performance evaluation for CRUD operations in asynchronously replicated document oriented database. In: 2015 20th International Conference on Control Systems and Computer Science, pp. 191\u2013196 (2015)","DOI":"10.1109\/CSCS.2015.32"},{"key":"3027_CR43","doi-asserted-by":"crossref","unstructured":"Cooper, B.F., Silberstein, A., Tam, E., Ramakrishnan, R., Sears, R.: Benchmarking cloud serving systems with ycsb. In: Proceedings of the 1st ACM Symposium on Cloud Computing, SoCC \u201910, pp. 143\u2013154. ACM, New York, NY, USA (2010)","DOI":"10.1145\/1807128.1807152"},{"key":"3027_CR44","unstructured":"Apache JMeter (n.d.). https:\/\/jmeter.apache.org\/"},{"key":"3027_CR45","unstructured":"McMillan, R.: Up to three percent of internet traffic is malicious, researcher says (2008). www.csoonline.com\/article\/2122506\/up-to-three-percent-of-internet-traffic-is-malicious--researcher-says.html"},{"key":"3027_CR46","unstructured":"OWASP Top 10 - 2010 The Ten Most Critical Web Application Security Risks. Tech. rep., The Open Web Application Security Project (2017). https:\/\/storage.googleapis.com\/google-code-archive-downloads\/v2\/code.google.com\/owasptop10\/OWASP%20Top%2010%20-%202010.pdf"},{"key":"3027_CR47","unstructured":"OWASP Top 10 - 2013 The Ten Most Critical Web Application Security Risks. Tech. rep., The Open Web Application Security Project (2017). https:\/\/storage.googleapis.com\/google-code-archive-downloads\/v2\/code.google.com\/owasptop10\/OWASP%20Top%2010%20-%202013.pdf"},{"key":"3027_CR48","unstructured":"OWASP Top 10 - 2017 The Ten Most Critical Web Application Security Risks. Tech. rep., The Open Web Application Security Project (2017). https:\/\/www.owasp.org\/images\/7\/72\/OWASP_Top_10-2017_%28en%29.pdf.pdf"},{"key":"3027_CR49","unstructured":"Trustwave: 2012 Global Threats and Trends. Tech. rep. (2012)"},{"key":"3027_CR50","unstructured":"Application Vulnerability Trends Report: 2014. Tech. Rep, Cenzic (2014)"},{"key":"3027_CR51","unstructured":"Web Application Threat Trend Report : Trends for 2017. Tech. rep., Penta Security Systems Inc. (2017)"},{"key":"3027_CR52","volume-title":"Introduction to Machine Learning","author":"E Alpayd\u0131n","year":"2014","unstructured":"Alpayd\u0131n, E.: Introduction to Machine Learning. MIT Press, Cambridge (2014)"},{"issue":"3","key":"3027_CR53","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1109\/MCAS.2006.1688199","volume":"6","author":"R Polikar","year":"2006","unstructured":"Polikar, R.: Ensemble based systems in decision making. IEEE Circ. Syst. Mag. 6(3), 21\u201345 (2006)","journal-title":"IEEE Circ. Syst. Mag."}],"container-title":["Cluster Computing"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10586-019-03027-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10586-019-03027-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10586-019-03027-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,12,13]],"date-time":"2020-12-13T00:28:13Z","timestamp":1607819293000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10586-019-03027-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,12,14]]},"references-count":53,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2020,12]]}},"alternative-id":["3027"],"URL":"https:\/\/doi.org\/10.1007\/s10586-019-03027-8","relation":{},"ISSN":["1386-7857","1573-7543"],"issn-type":[{"value":"1386-7857","type":"print"},{"value":"1573-7543","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,12,14]]},"assertion":[{"value":"27 December 2018","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"3 December 2019","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"8 December 2019","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"14 December 2019","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}