{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,7,22]],"date-time":"2024-07-22T16:41:28Z","timestamp":1721666488254},"reference-count":33,"publisher":"Springer Science and Business Media LLC","issue":"8","license":[{"start":{"date-parts":[[2017,9,1]],"date-time":"2017-09-01T00:00:00Z","timestamp":1504224000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Supercomput"],"published-print":{"date-parts":[[2019,8]]},"DOI":"10.1007\/s11227-017-2131-6","type":"journal-article","created":{"date-parts":[[2017,9,1]],"date-time":"2017-09-01T01:10:01Z","timestamp":1504228201000},"page":"4575-4600","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["DADE: a fast data anomaly detection engine for kernel integrity monitoring"],"prefix":"10.1007","volume":"75","author":[{"given":"Hayoon","family":"Yi","sequence":"first","affiliation":[]},{"given":"Yeongpil","family":"Cho","sequence":"additional","affiliation":[]},{"given":"Yunheung","family":"Paek","sequence":"additional","affiliation":[]},{"given":"Kwangman","family":"Ko","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,9,1]]},"reference":[{"key":"2131_CR1","unstructured":"Arndale Development Board. \n                    http:\/\/www.arndaleboard.org\/wiki\/index.php\/Main_Page"},{"key":"2131_CR2","doi-asserted-by":"crossref","unstructured":"Baliga A, Ganapathy V, Iftode L (2008) Automatic inference and enforcement of kernel data structure invariants. In: Computer Security Applications Conference, 2008. ACSAC 2008. Annual. IEEE, pp 77\u201386","DOI":"10.1109\/ACSAC.2008.29"},{"key":"2131_CR3","doi-asserted-by":"crossref","unstructured":"Bickford J, Lagar-Cavilla HA, Varshavsky A, Ganapathy V, Iftode L (2011) Security versus energy tradeoffs in host-based mobile malware detection. In: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services. ACM, pp 225\u2013238","DOI":"10.1145\/1999995.2000017"},{"key":"2131_CR4","unstructured":"Bonwick J et al (1994) The slab allocator: an object-caching kernel memory allocator. In: USENIX Summer, vol 16. Boston, MA"},{"key":"2131_CR5","volume-title":"Understanding the linux kernel","author":"DP Bovet","year":"2002","unstructured":"Bovet DP, Cesati M (2002) Understanding the linux kernel, 2nd edn. OReilly and Associates, Sebastopol, CA","edition":"2"},{"key":"2131_CR6","unstructured":"bzip2. \n                    http:\/\/www.bzip.org\/"},{"key":"2131_CR7","doi-asserted-by":"crossref","unstructured":"Carbone M, Cui W, Lu L, Lee W, Peinado M, Jiang X (2009) Mapping kernel objects to enable systematic integrity checking. In: Proceedings of the 16th ACM Conference on Computer and Communications Security. ACM, pp 555\u2013565","DOI":"10.1145\/1653662.1653729"},{"key":"2131_CR8","unstructured":"Cui W, Peinado M, Xu Z, Chan E (2012) Tracking rootkit footprints with a practical memory analysis system. In: USENIX Security Symposium, pp 601\u2013615"},{"key":"2131_CR9","doi-asserted-by":"crossref","unstructured":"Dall C, Nieh J (2014) KVM\/ARM: the design and implementation of the linux ARM hypervisor. In: Proceedings of the 19th International Conference on Architectural Support for Programming Languages and Operating Systems. ACM, pp 333\u2013348","DOI":"10.1145\/2541940.2541946"},{"key":"2131_CR10","doi-asserted-by":"crossref","unstructured":"Dolan-Gavitt B, Srivastava A, Traynor P, Giffin J (2009) Robust signatures for kernel data structures. In: Proceedings of the 16th ACM Conference on Computer and Communications Security. ACM, pp 566\u2013577","DOI":"10.1145\/1653662.1653730"},{"key":"2131_CR11","doi-asserted-by":"crossref","unstructured":"Dolan-Gavitt B, Leek T, Zhivich M, Giffin J, Lee W (2011) Virtuoso: narrowing the semantic gap in virtual machine introspection. In: 2011 IEEE Symposium on Security and Privacy (SP). IEEE, pp 297\u2013312","DOI":"10.1109\/SP.2011.11"},{"issue":"1","key":"2131_CR12","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1016\/j.scico.2007.01.015","volume":"69","author":"MD Ernst","year":"2007","unstructured":"Ernst MD, Perkins JH, Guo PJ, McCamant S, Pacheco C, Tschantz MS, Xiao C (2007) The Daikon system for dynamic detection of likely invariants. Sci Comput Program 69(1):35\u201345","journal-title":"Sci Comput Program"},{"key":"2131_CR13","doi-asserted-by":"crossref","unstructured":"Fu Y, Lin Z (2012) Space traveling across VM: automatically bridging the semantic gap in virtual machine introspection via online kernel data redirection. In: 2012 IEEE Symposium on Security and Privacy (SP). IEEE, pp 586\u2013600","DOI":"10.1109\/SP.2012.40"},{"key":"2131_CR14","doi-asserted-by":"crossref","unstructured":"Fu Y, Lin Z (2013) Exterior: using a dual-VM based external shell for guest-OS introspection, configuration, and recovery. In: ACM SIGPLAN Notices, vol 48. ACM, pp 97\u2013110","DOI":"10.1145\/2517326.2451534"},{"key":"2131_CR15","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1016\/j.neucom.2012.11.050","volume":"122","author":"U Fiore","year":"2013","unstructured":"Fiore U, Palmieri F, Castiglione A, De Santis A (2013) Network anomaly detection with the restricted Boltzmann machine. Neurocomputing 122:13\u201323","journal-title":"Neurocomputing"},{"key":"2131_CR16","unstructured":"GCC, the GNU Compiler Collection. \n                    https:\/\/gcc.gnu.org\/"},{"key":"2131_CR17","doi-asserted-by":"crossref","unstructured":"Hofmann OS, Dunn AM, Kim S, Roy I, Witchel E (2011) Ensuring operating system kernel integrity with OSCK. In: ACM SIGPLAN Notices, vol 46. ACM, pp 279\u2013290","DOI":"10.1145\/1961296.1950398"},{"key":"2131_CR18","unstructured":"Kernel-based virtual machine. \n                    https:\/\/www.linux-kvm.org\/"},{"key":"2131_CR19","doi-asserted-by":"crossref","unstructured":"Kolosnjaji B, Zarras A, Webster G, Eckert C (2016) Deep learning for classification of malware system call sequences. In: Australasian Joint Conference on Artificial Intelligence. Springer, pp 137\u2013149","DOI":"10.1007\/978-3-319-50127-7_11"},{"key":"2131_CR20","unstructured":"Lee H, Moon H, Jang D, Kim K, Lee J, Paek Y, Kang BB (2013) KI-Mon: a hardware-assisted event-triggered monitoring platform for mutable kernel object. In: USENIX Security, pp 511\u2013526"},{"key":"2131_CR21","unstructured":"Lin Z, Rhee J, Zhang X, Xu D, Jiang X (2011) Siggraph: brute force scanning of kernel data structure instances using graph-based signatures. In: NDSS"},{"key":"2131_CR22","unstructured":"Mcafee labs threats report: May 2015. \n                    http:\/\/www.mcafee.com\/us\/resources\/reports\/rp-quarterly-threat-q1-2015.pdf"},{"key":"2131_CR23","unstructured":"McVoy LW, Staelin C et al (1996) lmbench: portable tools for performance analysis. In: USENIX Annual Technical Conference. San Diego, CA, pp 279\u2013294"},{"key":"2131_CR24","doi-asserted-by":"crossref","unstructured":"Moon H, Lee H, Lee J, Kim K, Paek Y, Kang BB (2012) Vigilare: toward snoop-based kernel integrity monitor. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security. ACM, pp 28\u201337","DOI":"10.1145\/2382196.2382202"},{"key":"2131_CR25","doi-asserted-by":"crossref","unstructured":"Palmieri F, Fiore U, Castiglione A (2014) A distributed approach to network anomaly detection based on independent component analysis. Concurr Comput Pract Exp 26(5):1113\u20131129","DOI":"10.1002\/cpe.3061"},{"key":"2131_CR26","doi-asserted-by":"crossref","unstructured":"Pascanu R, Stokes JW, Sanossian H, Marinescu M, Thomas A (2015) Malware classification with recurrent networks. In: 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). IEEE, pp 1916\u20131920","DOI":"10.1109\/ICASSP.2015.7178304"},{"key":"2131_CR27","unstructured":"Petroni Jr NL, Hicks M (2007) Automated detection of persistent kernel control-flow attacks. In: Proceedings of the 14th ACM Conference on Computer and Communications Security. ACM, pp 103\u2013115"},{"key":"2131_CR28","unstructured":"Petroni NL Jr, Fraser T, Molina J, Arbaugh WA (2004) Copilot\u2014a coprocessor-based kernel runtime integrity monitor. In: USENIX Security Symposium. San Diego, pp 179\u2013194"},{"key":"2131_CR29","unstructured":"Petroni\u00a0Jr NL, Fraser T, Walters A, Arbaugh WA (2006) An architecture for specification-based detection of semantic integrity violations in kernel dynamic data. In: USENIX Security"},{"key":"2131_CR30","unstructured":"ProFTPD. \n                    http:\/\/www.proftpd.org\/"},{"key":"2131_CR31","doi-asserted-by":"publisher","unstructured":"Rhee J, Riley R, Xu D, Jiang X (2010) Kernel malware analysis with un-tampered and temporal views of dynamic kernel memory. In: Jha S, Sommer R, Kreibich C (eds) Recent Advances in Intrusion Detection: 13th International Symposium, RAID 2010, Ottawa, Ontario, Canada, September 15\u201317, 2010. Proceedings. Springer, Berlin, Heidelberg, pp 178\u2013197. doi:\n                    10.1007\/978-3-642-15512-3_10","DOI":"10.1007\/978-3-642-15512-3_10"},{"key":"2131_CR32","unstructured":"The SPEC CPU 2006 benchmark suite. \n                    http:\/\/www.spec.org"},{"key":"2131_CR33","doi-asserted-by":"crossref","unstructured":"Wu R, Chen P, Liu P, Mao B (2014) System call redirection: a practical approach to meeting real-world virtual machine introspection needs. In: 2014 44th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, pp 574\u2013585","DOI":"10.1109\/DSN.2014.59"}],"container-title":["The Journal of Supercomputing"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s11227-017-2131-6\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11227-017-2131-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11227-017-2131-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,9,11]],"date-time":"2019-09-11T11:22:42Z","timestamp":1568200962000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s11227-017-2131-6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,9,1]]},"references-count":33,"journal-issue":{"issue":"8","published-print":{"date-parts":[[2019,8]]}},"alternative-id":["2131"],"URL":"https:\/\/doi.org\/10.1007\/s11227-017-2131-6","relation":{},"ISSN":["0920-8542","1573-0484"],"issn-type":[{"value":"0920-8542","type":"print"},{"value":"1573-0484","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,9,1]]},"assertion":[{"value":"1 September 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}