{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,3]],"date-time":"2025-10-03T22:28:40Z","timestamp":1759530520647},"reference-count":36,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2007,5,15]],"date-time":"2007-05-15T00:00:00Z","timestamp":1179187200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["J Comput Virol"],"published-print":{"date-parts":[[2007,5,30]]},"DOI":"10.1007\/s11416-007-0045-1","type":"journal-article","created":{"date-parts":[[2007,5,14]],"date-time":"2007-05-14T06:42:55Z","timestamp":1179124975000},"page":"113-123","source":"Crossref","is-referenced-by-count":7,"title":["Rootkit detection from outside the Matrix"],"prefix":"10.1007","volume":"3","author":[{"given":"S\u00e9bastien","family":"Josse","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2007,5,15]]},"reference":[{"key":"45_CR1","unstructured":"Arbaugh, W.A., Fraser, J.T., Molina, J., Petroni, N.L.: Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor. Available at: http:\/\/www.usenix.org\/events\/sec04\/tech\/full_papers\/petroni\/ petroni_html\/main.html, (2004)"},{"key":"45_CR2","unstructured":"Bayer, U., Kruegel, C., Kirda, E.: TTAnalyze: a tool for analyzing malware. In: proceedings of the 15th EICAR Conference, Hamburg, Germany, April 29 - May 3, 2006. In Journal in computer Virology, EICAR 2006 Special Issue, V. Broucek et\u00a0al. Editor (2006)"},{"key":"45_CR3","unstructured":"Bellard, F.: QEMU, a fast and portable dynamic translator. In: Proceedings of the 2005 USENIX Conference (2005)"},{"key":"45_CR4","unstructured":"BlackLight.: Available at: http:\/\/www.f-secure.com\/blacklight\/, (2006)"},{"key":"45_CR5","unstructured":"BootKit.: Available at: http:\/\/www.rootkit.com\/vault\/vipinkumar\/, (2007)"},{"key":"45_CR6","unstructured":"Butler, J.: RAIDE: rootkit analysis identification elimination. Available at: http:\/\/www.blackhat.com\/presentations\/bh-europe-06\/bh-eu-06-Silberman-Butler.pdf, (2006)"},{"key":"45_CR7","unstructured":"Butler, J., Hoglund, G.: Rootkits: subverting the Windows kernel. Addison Wesley, ISBN 0-321-29431-9 (2006)"},{"key":"45_CR8","unstructured":"Butler, J., Hoglund, G.: VICE - Catch the hookers! (Plus new rootkit techniques). Available at http:\/\/www.rootkit.com\/, (2006)"},{"key":"45_CR9","unstructured":"Cogswell, C., Russinovich, M.: RootkitRevealer. Available at: http:\/\/www.sysinternals.com\/, (2006)"},{"key":"45_CR10","unstructured":"Elias: Detect if your program is running inside a Virtual Machine. 14 Mars 2005. Retrieved from: http:\/\/lgwm.org (Elias homepage), (2005)"},{"key":"45_CR11","unstructured":"Ferrie, P.: Attacks on virtual machine emulator. In: proceedings of AVAR 2006 Conference, Auckland, New Zealand, December 3\u20135, (2006)"},{"key":"45_CR12","unstructured":"Filiol, E.: Introduction to computer viruses: from theory to applications. IRIS International Series, Springer, Heidelberg (2005)"},{"key":"45_CR13","doi-asserted-by":"crossref","unstructured":"Filiol, F.: Malware pattern scanning schemes secure against black-box analysis. In: proceedings of the 15th EICAR Conference, Hamburg, Germany, April 29 - May 3, 2006, and In: Broucek, V., Turner, P. (eds.) Eicar 2006 Special Issue, J. Comput. Virol. 2(1), pp. 35\u201350 (2006)","DOI":"10.1007\/s11416-006-0009-x"},{"key":"45_CR14","unstructured":"Filiol, E.: Techniques virales avanc\u00e9es, IRIS Series, Springer Verlag France, January 2007. An English translation is pending (due mid 2007)"},{"key":"45_CR15","unstructured":"Filiol, F., Josse, S.: A statistical model for undecidable viral detection. In: proceedings of the 16th EICAR Conference, Budapest, Hungary, May 5 - 8, 2007. In: Broucek, V. (ed.) Eicar 2007 Special Issue, J Comput Virol 3(2), (2007)"},{"key":"45_CR16","unstructured":"Fu.: Fu rootkit. Available at: https:\/\/www.rootkit.com\/vault\/fuzen_op\/, (2006)"},{"key":"45_CR17","unstructured":"GhostBuster.: the Strider GhostBuster Project. Avalaible at: http:\/\/research.microsoft.com\/rootkit\/, (2006)"},{"key":"45_CR18","doi-asserted-by":"crossref","unstructured":"Heasman, J.: Implementing and detecting an ACPI BIOS Rootkit, Black Hat Europe (2006)","DOI":"10.1016\/S1353-4858(06)70326-9"},{"key":"45_CR19","doi-asserted-by":"crossref","unstructured":"Heasman, J.: Implementing and detecting a PCI rootkit, Available at: http:\/\/www.ngssoftware.com\/, (2006)","DOI":"10.1016\/S1353-4858(06)70326-9"},{"key":"45_CR20","unstructured":"IceSword.: IceSword, Available at: http:\/\/xfocus.net\/tools\/ 200509\/1085.html, (2006)"},{"key":"45_CR21","unstructured":"IntelVT.: Intel Virtualization Technology, Available at: http:\/\/www.intel.com\/technology\/virtualization\/, (2007)"},{"key":"45_CR22","unstructured":"Josse, S.: Secure and advanced unpacking using computer emulation. In: proceedings of the AVAR Conference, Auckland, New Zealand, December 3\u20135, (2006)"},{"key":"45_CR23","unstructured":"KPP.: Kernel Patch Protection: Frequently asked questions, Available at: http:\/\/www.microsoft.com\/whdc\/driver\/kernel\/ 64bitpatch_FAQ.mspx, (2006)"},{"key":"45_CR24","unstructured":"KprocCheck.: SIG\u22272 KprocCheck, Available at: http:\/\/www. security.org.sg\/, (2006)"},{"key":"45_CR25","unstructured":"Permeh, R., Soeder, D.: eEye BootRoot: A Basis for Bootstrap-Based Windows Kernel Code, Available at: http:\/\/www.blackhat. com\/presentations\/bh-usa-05\/bh-us-05-soeder.pdf, (2006)"},{"key":"45_CR26","unstructured":"Russinovich, M.E., Solomon, D.A.: Inside Microsoft Windows 2000, 3rd edn. Microsoft Press, ISBN 0-7356-1021-5 (2000)"},{"key":"45_CR27","unstructured":"Russinovich, M.E., Solomon, D.A.: Microsoft windows internals, 4th edn: Microsoft Windows Server 2003, Windows XP, and Windows 2000, (2004)"},{"key":"45_CR28","unstructured":"Rutkowska, J.: Red Pill... or how to detect VMM using (almost) one CPU instruction. Retrieved from: http:\/\/www. invisiblethings.org\/papers\/,(2004)"},{"key":"45_CR29","unstructured":"Rutkowska, J.: Detecting Windows Server Compromises with Patchfinder 2. Retrieved from: http:\/\/www.invisiblethings. org\/papers\/, (2004)"},{"key":"45_CR30","unstructured":"Rutkowska, J.: System virginity verifier, defining the roadmap for malware detection on windows system. Hack in the box security conference, September 28th \u221229th 2005, Kuala Lumpur, Malaysia (2005)"},{"key":"45_CR31","unstructured":"Rutkowska, J.: Subverting VistaTM kernel for fun and profit. SyScan\u201906 July 21st, 2006, Singapore & Black Hat Briefings 2006 August 3rd, 2006, Las Vegas (2006)"},{"key":"45_CR32","unstructured":"Szor, P.: The art of computer virus research and defense, Addison-Wesley, ISBN 0-321-30454-3 (2005)"},{"key":"45_CR33","unstructured":"Zombie.: Zombie. VMWare has you. Retrieved from: http:\/\/vx. netlux.org\/, (2001)"},{"key":"45_CR34","unstructured":"Zeichick, A.: Coming soon to VMware, microsoft, and Xen: AMD virtualization technology solves virtualization challenges, Available at: http:\/\/www;devx.com\/amd\/Article\/30186\/, (2005)"},{"key":"45_CR35","doi-asserted-by":"crossref","unstructured":"Zhou, M., Zuo, Z.: Some further theoretical results about computer viruses, In: The computer journal, vol. 47, N o 6 (2004)","DOI":"10.1093\/comjnl\/47.6.627"},{"key":"45_CR36","unstructured":"Zovi, D.A.D.: Harware virtualization rootkits. Black Hat Federal 2006, Washington D.C., January 25th (2006)"}],"container-title":["Journal in Computer Virology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-007-0045-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s11416-007-0045-1\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-007-0045-1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,1]],"date-time":"2019-06-01T10:45:41Z","timestamp":1559385941000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s11416-007-0045-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2007,5,15]]},"references-count":36,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2007,5,30]]}},"alternative-id":["45"],"URL":"https:\/\/doi.org\/10.1007\/s11416-007-0045-1","relation":{},"ISSN":["1772-9890","1772-9904"],"issn-type":[{"value":"1772-9890","type":"print"},{"value":"1772-9904","type":"electronic"}],"subject":[],"published":{"date-parts":[[2007,5,15]]}}}