{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2023,5,14]],"date-time":"2023-05-14T14:11:14Z","timestamp":1684073474188},"reference-count":42,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2007,10,25]],"date-time":"2007-10-25T00:00:00Z","timestamp":1193270400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["J Comput Virol"],"published-print":{"date-parts":[[2008,5]]},"DOI":"10.1007\/s11416-007-0069-6","type":"journal-article","created":{"date-parts":[[2007,10,24]],"date-time":"2007-10-24T12:56:16Z","timestamp":1193230576000},"page":"137-157","source":"Crossref","is-referenced-by-count":4,"title":["Rootkit modeling and experiments under Linux"],"prefix":"10.1007","volume":"4","author":[{"given":"\u00c9ric","family":"Lacombe","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Fr\u00e9d\u00e9ric","family":"Raynal","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Vincent","family":"Nicomette","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2007,10,25]]},"reference":[{"key":"69_CR1","doi-asserted-by":"crossref","unstructured":"King, S.T., et\u00a0al.: Subvirt: Implementing malware with virtual machines. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy (2006)","DOI":"10.1109\/SP.2006.38"},{"key":"69_CR2","unstructured":"Rutkowska, J.: Stealth malware taxonomy (2006)"},{"key":"69_CR3","unstructured":"truff. Infecting loadable kernel modules. Phrack 61 (2003)"},{"key":"69_CR4","unstructured":"Microsoft Corporation.: Digital signatures for kernel modules on systems running windows\u0103vista. Technical report, Microsoft Corporation (2006)"},{"key":"69_CR5","unstructured":"Kruegel, C., Robertson, W., Vigna, G.: Detecting kernel-level rootkits through binary analysis (2004)"},{"key":"69_CR6","unstructured":"sd and devik. Linux on-the-fly kernel patching without l km. Phrack 58 (2001)"},{"key":"69_CR7","unstructured":"c0de. Reverse symbol lookup in linux kernel. Phrack 61 (2003)"},{"key":"69_CR8","unstructured":"Dornseif, M., et\u00a0al.: Firewire\u2014all your memory are belong to us. In: CanSecWest\/core05 (2005)"},{"key":"69_CR9","unstructured":"Boileau, A.: Hit by a bus: physical access attacks with firewire. In: Ruxcon 2006 (2006)"},{"key":"69_CR10","unstructured":"Rutkowska, J.: Beyond the cpu: defeating hardware based ram acquisition tools (part i: Amd case). In: Black Hat DC 2007 (2007)"},{"key":"69_CR11","unstructured":"Cesare, S.: Syscall redirection without modifying the syscall table (1999)"},{"key":"69_CR12","unstructured":"kad. Handling interrupt descriptor table for fun and profit. Phrack 59 (2002)"},{"key":"69_CR13","unstructured":"buffer. Hijacking linux page fault handler. Phrack 61 (2003)"},{"key":"69_CR14","unstructured":"stealth. Kernel rootkit experience. Phrack 61 (2003)"},{"key":"69_CR15","unstructured":"Cesare, S.: Kernel function hijacking (1999)"},{"key":"69_CR16","unstructured":"Rutkowski, J.K.: Execution path analysis: finding kernel based rootkits. Phrack 59 (2002)"},{"key":"69_CR17","unstructured":"Lawless, T.: On intrusion resiliency (2002)"},{"key":"69_CR18","unstructured":"Sparks, S., Butler, J.: Raising the bar for windows rootkit detection. Phrack 63 (2005)"},{"key":"69_CR19","unstructured":"Soeder, D., Permeh, R.: Eeye bootroot: a basis for bootstrap-based windows kernel code (2005)"},{"key":"69_CR20","unstructured":"Kumar, N., Kumar, V.: Boot kit (2006)"},{"key":"69_CR21","unstructured":"Rutkowska, J.: Subverting vista kernel for fun and profit. In: Black Hat in Las Vegas 2006 (2006)"},{"key":"69_CR22","volume-title":"Computer Viruses: from Theory to Applications. IRIS International Series","author":"\u00c9. Filiol","year":"2005","unstructured":"Filiol \u00c9. (2005). Computer Viruses: from Theory to Applications. IRIS International Series. Springer, France"},{"key":"69_CR23","unstructured":"Maximiliano Caceres. Syscall proxying\u2014simulating remote execution (2002)"},{"key":"69_CR24","unstructured":"grugq. Remote exec. Phrack 62 (2004)"},{"key":"69_CR25","unstructured":"Pluf and Ripe. Advanced antiforensics: self. Phrack, 63 (2005)"},{"key":"69_CR26","unstructured":"Dralet, S., Gaspard, F.: Corruption de la M\u00e9moire lors de l\u2019Exploitation. In: Symposium sur la S\u00e9curit\u00e9 des Technologies de l\u2019Information et des Communications 2006, pp. 362\u2013399. \u00c9cole Sup\u00e9rieure et d\u2019Application des Transmissions (2006)"},{"key":"69_CR27","doi-asserted-by":"crossref","unstructured":"Raynal, F., Berthier, Y., Biondi, P., Kaminsky, D.: Honeypot forensics: analyzing system and files. IEEE Secur. Priv. J., aovt (2004)","DOI":"10.1109\/MSP.2004.47"},{"key":"69_CR28","volume-title":"Techniques virales avancTes. Collection IRIS","author":"\u00c9. Filiol","year":"2007","unstructured":"Filiol \u00c9. (2007). Techniques virales avancTes. Collection IRIS. Springer, France"},{"key":"69_CR29","unstructured":"Filiol, E.: Strong cryptography armoured computer viruses forbidding code analysis: the bradley virus. In: 14th EICAR Conference, StJuliens\/Valletta - Malta (2005)"},{"key":"69_CR30","doi-asserted-by":"crossref","first-page":"15","DOI":"10.1007\/3-540-68671-1_2","volume":"1419","author":"J. Riordan","year":"1998","unstructured":"Riordan J. and Schneier B. (1998). Environmental key generation towards clueless agents. Lect. Notes Comput. Sci. 1419: 15\u201324","journal-title":"Lect. Notes Comput. Sci."},{"key":"69_CR31","doi-asserted-by":"crossref","unstructured":"Girling, C.G.: Covert channels in lan\u2019s. IEEE Trans. Softw. Eng. f\u00e9vrier (1987)","DOI":"10.1109\/TSE.1987.233153"},{"key":"69_CR32","doi-asserted-by":"crossref","unstructured":"Wolf, M.: Covert channels in lan protocols. In: LANSEC \u201989: Proceedings on the Workshop for European Institute for System Security on Local Area Network Security, pp. 91\u2013101, London, UK, 1989. Springer, Heidelberg","DOI":"10.1007\/3-540-51754-5_33"},{"key":"69_CR33","doi-asserted-by":"crossref","unstructured":"Rowland, C.H.: Covert channels in the tcp\/ip protocol suite. First Monday, mars (1996)","DOI":"10.5210\/fm.v2i5.528"},{"key":"69_CR34","doi-asserted-by":"crossref","unstructured":"Raynal, F.: Les canaux cachTs. Techniques de l\u2019ingTnieur, dTcembre (2003)","DOI":"10.51257\/a-v1-h5860"},{"key":"69_CR35","doi-asserted-by":"crossref","unstructured":"Filiol, E., Josse, S.: A statistical model for viral detection undecidability. In: Broucek, V. (ed.) J. Comput. Virol., EICAR 2007 Special Issue, 3(2) (2007)","DOI":"10.1007\/s11416-007-0041-5"},{"key":"69_CR36","unstructured":"The Honeynet Project Staff. Know your enemy: Sebek\u2014a kernel based data capture tool (2003)"},{"key":"69_CR37","unstructured":"bioforge. Hacking the linux kernel network stack. Phrack 61 (2003)"},{"key":"69_CR38","unstructured":"Filiol, E.: Formal model proposal for (malware) program stealth. In: Proceedings of the 17th Virus Bulletin Conference (2007)"},{"key":"69_CR39","doi-asserted-by":"crossref","unstructured":"Cachin, C.: An information-theoretic model for steganography. In: Proceedings of the International Workshop on Information Hiding (1998)","DOI":"10.1007\/3-540-49380-8_21"},{"key":"69_CR40","unstructured":"7a69ezine Staff. Linux per-process syscall hooking (2006)"},{"key":"69_CR41","unstructured":"Intel. IA-32 Intel Architecture Software Developer\u2019s Manual Volume 2: Instruction Set Reference (2003)"},{"key":"69_CR42","unstructured":"Pragmatic and THC.: (nearly) Complete Linux Loadable Kernel Modules. The definitive guide for hackers, virus coders and system administrators (1999). http:\/\/newdata.box.sk\/raven\/skm.html"}],"container-title":["Journal in Computer Virology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-007-0069-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s11416-007-0069-6\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-007-0069-6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,5,14]],"date-time":"2023-05-14T13:53:33Z","timestamp":1684072413000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s11416-007-0069-6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2007,10,25]]},"references-count":42,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2008,5]]}},"alternative-id":["69"],"URL":"https:\/\/doi.org\/10.1007\/s11416-007-0069-6","relation":{},"ISSN":["1772-9890","1772-9904"],"issn-type":[{"value":"1772-9890","type":"print"},{"value":"1772-9904","type":"electronic"}],"subject":[],"published":{"date-parts":[[2007,10,25]]}}}