{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T14:15:19Z","timestamp":1740147319405,"version":"3.37.3"},"reference-count":56,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2019,1,2]],"date-time":"2019-01-02T00:00:00Z","timestamp":1546387200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["SOCA"],"published-print":{"date-parts":[[2019,3]]},"DOI":"10.1007\/s11761-018-0252-2","type":"journal-article","created":{"date-parts":[[2019,1,2]],"date-time":"2019-01-02T08:16:05Z","timestamp":1546416965000},"page":"17-29","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["Detecting indicators of deception in emulated monitoring systems"],"prefix":"10.1007","volume":"13","author":[{"given":"Kon","family":"Papazis","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5396-8897","authenticated-orcid":false,"given":"Naveen","family":"Chilamkurti","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2019,1,2]]},"reference":[{"key":"252_CR1","first-page":"56","volume":"5","author":"E Gandotra","year":"2014","unstructured":"Gandotra E (2014) Malware analysis and classification: a survey. J Inf Secur 5:56\u201364","journal-title":"J Inf Secur"},{"key":"252_CR2","volume-title":"Honeypots: tracking hackers","author":"L Spitzner","year":"2002","unstructured":"Spitzner L (2002) Honeypots: tracking hackers. Addison-Wesley Longman Publishing Co. Inc., Boston"},{"unstructured":"Omella AA (2006) Methods for virtual machine detection. http:\/\/www.s21sec.com\/descargas\/vmware-eng.pdf . Accessed May 2017","key":"252_CR3"},{"unstructured":"Marpaung JA, Sain M, Lee H-J (2012) Survey on malware evasion techniques: State of the art and challenges. In: 2012 14th international conference on advanced communication technology (ICACT). IEEE","key":"252_CR4"},{"doi-asserted-by":"crossref","unstructured":"Kolbitsch C, Kirda E, Kruegel C (2011) The power of procrastination: detection and mitigation of execution-stalling malicious code. In Proceedings of the 18th ACM conference on computer and communications security. ACM","key":"252_CR5","DOI":"10.1145\/2046707.2046740"},{"unstructured":"Minerva-labs (2018) minerva labs research report: 2017 year in review. https:\/\/l.minerva-labs.com\/hubfs\/Minerva%202017%20Yearly%20Report_FINAL.pdf . Accessed 25 Nov 2018","key":"252_CR6"},{"doi-asserted-by":"crossref","unstructured":"Uitto J, et al. (2017) A survey on anti-honeypot and anti-introspection methods. In: World conference on information systems and technologies. Springer","key":"252_CR7","DOI":"10.1007\/978-3-319-56538-5_13"},{"unstructured":"Keragala D (2016) Detecting malware and sandbox evasion techniques. SANS Institute InfoSec reading room. https:\/\/www.sans.org\/reading-room\/whitepapers\/forensics\/detecting-malware-sandbox-evasion-techniques-36667 . Accessed Dec 2018","key":"252_CR8"},{"unstructured":"Cohen F (1998) The deception toolkit. http:\/\/all.net\/dtk.html . Accessed May 2017","key":"252_CR9"},{"unstructured":"Symantec (2008) A guide to different kinds of honeypots. https:\/\/www.symantec.com\/connect\/articles\/guide-different-kinds-honeypots . Accessed May 2017","key":"252_CR10"},{"unstructured":"Akkaya D,. Thalgott F (2010). Honeypots in network security. http:\/\/www.divaportal.org\/smash\/get\/diva2:327476\/fulltext01 . Accessed May 2017","key":"252_CR11"},{"unstructured":"Gorzelak K, et al. (2011) Proactive detection of network security incidents. In: Belasovs A (ed) ENISA report. http:\/\/www.enisa.europa.eu . Accessed June 2017","key":"252_CR12"},{"unstructured":"Riden J (2008) Server honeypots vs client honeypots. https:\/\/www.honeynet.org\/node\/158 . Accessed June 2017","key":"252_CR13"},{"unstructured":"Campbell S, Jeronimo M (2006) An introduction to virtualization. Published in \u201cApplied Virtualization\u201d, Intel, pp 1\u201315","key":"252_CR14"},{"unstructured":"Goldberg RP (1972) Architectural principles for virtual computer systems. Ph.D thesis, Harvard University","key":"252_CR15"},{"unstructured":"Marshall D (2007) Understanding full virtualization, paravirtualization, and hardware assist. VMWare White Paper. https:\/\/www.vmware.com\/content\/dam\/digitalmarketing\/vmware\/en\/pdf\/techpaper\/VMware_paravirtualization.pdf . Accessed June 2017","key":"252_CR16"},{"doi-asserted-by":"crossref","unstructured":"Barham P, et al. (2003) Xen and the art of virtualization. In: ACM SIGOPS operating systems review. ACM","key":"252_CR17","DOI":"10.1145\/945445.945462"},{"key":"252_CR18","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1016\/j.protcy.2012.03.029","volume":"3","author":"F Rodr\u00edguez-Haro","year":"2012","unstructured":"Rodr\u00edguez-Haro F et al (2012) A summary of virtualization techniques. Proc Technol 3:267\u2013272","journal-title":"Proc Technol"},{"doi-asserted-by":"crossref","unstructured":"Morabito R, Kj\u00e4llman J, Komu M (2015) Hypervisors vs. lightweight virtualization: a performance comparison. In 2015 IEEE international conference on cloud engineering (IC2E). IEEE","key":"252_CR19","DOI":"10.1109\/IC2E.2015.74"},{"unstructured":"Sikorski M, Honig A (2012) Practical malware analysis: the hands-on guide to dissecting malicious software. No starch press, San Francisco","key":"252_CR20"},{"unstructured":"Sysman D, Evron G, Sher I (2015) Breaking honeypots for fun and profit. Talk at Blackhat, vol 8","key":"252_CR21"},{"unstructured":"Valli C (2003) Honeyd-A OS fingerprinting artifice. In: Proceedings of Australian computer, network and information forensics conference","key":"252_CR22"},{"doi-asserted-by":"crossref","unstructured":"Fu X, et al. (2006) On recognizing virtual honeypots and countermeasures. In: 2nd IEEE international symposium on dependable, autonomic and secure computing. IEEE","key":"252_CR23","DOI":"10.1109\/DASC.2006.36"},{"key":"252_CR24","volume-title":"Camouflaging virtual honeypots","author":"X Fu","year":"2005","unstructured":"Fu X et al (2005) Camouflaging virtual honeypots. Texas A&M University, College Station"},{"doi-asserted-by":"crossref","unstructured":"Mukkamala S, et al. (2007) Detection of virtual environments and low interaction honeypots. In: Information assurance and security workshop, 2007. IAW\u201907. IEEE SMC. IEEE","key":"252_CR25","DOI":"10.1109\/IAW.2007.381919"},{"unstructured":"Defibaugh-Chavez P, et al. (2006) Network based detection of virtual environments and low interaction honeypots. In Proceedings of the 2006 IEEE SMC, workshop on information assurance","key":"252_CR26"},{"issue":"1","key":"252_CR27","doi-asserted-by":"publisher","first-page":"76","DOI":"10.1109\/MSECP.2004.1264861","volume":"2","author":"N Krawetz","year":"2004","unstructured":"Krawetz N (2004) Anti-honeypot technology. IEEE Secur Priv 2(1):76\u201379","journal-title":"IEEE Secur Priv"},{"doi-asserted-by":"crossref","unstructured":"Zou CC, Cunningham R (2006) Honeypot-aware advanced botnet construction and maintenance. In: International conference on dependable systems and networks, 2006. DSN 2006. IEEE","key":"252_CR28","DOI":"10.1109\/DSN.2006.38"},{"issue":"1","key":"252_CR29","first-page":"30","volume":"4","author":"P Wang","year":"2010","unstructured":"Wang P et al (2010) Honeypot detection in advanced botnet attacks. Int J Inf Comput Secur 4(1):30\u201351","journal-title":"Int J Inf Comput Secur"},{"unstructured":"Dornseif M, Holz T, Klein CN (2004) Nosebreak-attacking honeynets. In Information assurance workshop, 2004. Proceedings from the fifth annual IEEE SMC. IEEE","key":"252_CR30"},{"unstructured":"Holz T, Raynal F (2005) Detecting honeypots and other suspicious environments. In Information assurance workshop, 2005. IAW\u201905. Proceedings from the sixth annual IEEE SMC. IEEE","key":"252_CR31"},{"doi-asserted-by":"crossref","unstructured":"Kapravelos A, et al. (2011) Escape from monkey island: evading high-interaction honeyclients. Detection of intrusions and malware, and vulnerability assessment, pp 124\u2013143","key":"252_CR32","DOI":"10.1007\/978-3-642-22424-9_8"},{"unstructured":"Innes S, Valli C (2006) Honeypots: how do you know when you are inside one? In: Australian digital forensics conference","key":"252_CR33"},{"key":"252_CR34","first-page":"48104","volume":"1001","author":"J Oberheide","year":"2006","unstructured":"Oberheide J, Karir M (2006) Honeyd detection via packet fragmentation. Ann Arbor 1001:48104","journal-title":"Ann Arbor"},{"issue":"7","key":"252_CR35","doi-asserted-by":"publisher","first-page":"412","DOI":"10.1145\/361011.361073","volume":"17","author":"GJ Popek","year":"1974","unstructured":"Popek GJ, Goldberg RP (1974) Formal requirements for virtualizable third generation architectures. Commun ACM 17(7):412\u2013421","journal-title":"Commun ACM"},{"doi-asserted-by":"crossref","unstructured":"J\u00e4mthagen C, Hell M, Smeets B (2011) A technique for remote detection of certain virtual machine monitors. In International conference on trusted systems. Springer","key":"252_CR36","DOI":"10.1007\/978-3-642-32298-3_9"},{"unstructured":"Wang G, et al. (2015) Hypervisor Introspection: a technique for evading passive virtual machine monitoring. In WOOT","key":"252_CR37"},{"unstructured":"Ho G, et al. (2014) Tick tock: building browser red pills from timing side channels. In Proceedings of the USENIX workshop on offensive technologies","key":"252_CR38"},{"unstructured":"Liston T, Skoudis E (2006) On the cutting edge: Thwarting virtual machine detection. http:\/\/handlers.sans.org\/tliston\/ThwartingVMDetection_Liston_Skoudis.pdf . Accessed July 2017","key":"252_CR39"},{"doi-asserted-by":"crossref","unstructured":"Miramirkhani N, et al. (2017) Spotless sandboxes: evading malware analysis systems using wear-and-tear artifacts. In IEEE symposium on security and privacy","key":"252_CR40","DOI":"10.1109\/SP.2017.42"},{"doi-asserted-by":"crossref","unstructured":"Bahram S, et al. (2010) Dksm: subverting virtual machine introspection for fun and profit. In: 2010 29th IEEE symposium on reliable distributed systems. IEEE","key":"252_CR41","DOI":"10.1109\/SRDS.2010.39"},{"doi-asserted-by":"crossref","unstructured":"Brengel M, Backes M, Rossow C (2016) Detecting hardware-assisted virtualization. In: Detection of intrusions and malware, and vulnerability assessment. Springer, pp 207\u2013227","key":"252_CR42","DOI":"10.1007\/978-3-319-40667-1_11"},{"unstructured":"Quist D, Smith V, Computing O (2006) Detecting the presence of virtual machines using the local data table. Offensive Computing 2006. http:\/\/www.offensivecomputing.net\/files\/active\/0\/vm.pdf . Accessed July 2017","key":"252_CR43"},{"issue":"3","key":"252_CR44","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1145\/1368506.1368518","volume":"42","author":"J Franklin","year":"2008","unstructured":"Franklin J et al (2008) Remote detection of virtual machine monitors with fuzzy benchmarking. ACM SIGOPS Oper Syst Rev 42(3):83\u201392","journal-title":"ACM SIGOPS Oper Syst Rev"},{"unstructured":"Paleari R, et al (2009). A fistful of red-pills: How to automatically generate procedures to detect CPU emulators. In: USENIX workshop on offensive technologies (WOOT)","key":"252_CR45"},{"unstructured":"Raffetseder T, Kruegel C, Kirda E (2007) Detecting system emulators. In: International conference on information security. Springer","key":"252_CR46"},{"doi-asserted-by":"crossref","unstructured":"Kedrowitsch A, et al. (2017) A first look: using linux containers for deceptive honeypots. In: Proceedings of the 2017 workshop on automated decision making for active cyber defense. ACM","key":"252_CR47","DOI":"10.1145\/3140368.3140371"},{"doi-asserted-by":"crossref","unstructured":"Yokoyama A, et al. (2016) SandPrint: fingerprinting malware sandboxes to provide intelligence for sandbox evasion. In International symposium on research in attacks, intrusions, and defenses. Springer","key":"252_CR48","DOI":"10.1007\/978-3-319-45719-2_8"},{"issue":"1","key":"252_CR49","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1007\/s11416-014-0224-9","volume":"11","author":"O Ferrand","year":"2015","unstructured":"Ferrand O (2015) How to detect the cuckoo sandbox and to strengthen it? J Comput Virol Hack Tech 11(1):51\u201358","journal-title":"J Comput Virol Hack Tech"},{"unstructured":"Alexander Chailytko SS (2016) Defeating sandbox evasion: how to increase the successful emulation rate in your virtual environment. https:\/\/blog.checkpoint.com\/wp-content\/uploads\/2016\/10\/DefeatingSandBoxEvasion-VB2016_CheckPoint.pdf . Accessed Sep 2018","key":"252_CR50"},{"issue":"4","key":"252_CR51","doi-asserted-by":"publisher","first-page":"141","DOI":"10.1007\/s11416-012-0165-0","volume":"8","author":"A Issa","year":"2012","unstructured":"Issa A (2012) Anti-virtual machines and emulations. J Comput Virol 8(4):141\u2013149","journal-title":"J Comput Virol"},{"unstructured":"Chen X, et al. (2008) Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware. In: IEEE international conference on dependable systems and networks with fTCS and DCC, 2008. DSN 2008. IEEE","key":"252_CR52"},{"doi-asserted-by":"crossref","unstructured":"Dahbul R, Lim C, Purnama J (2017) Enhancing honeypot deception capability through network service fingerprinting. In: Journal of physics: conference series. IOP Publishing","key":"252_CR53","DOI":"10.1088\/1742-6596\/801\/1\/012057"},{"unstructured":"Garfinkel T, Rosenblum M (2003) A Virtual Machine Introspection Based Architecture for Intrusion Detection. In: Proceedings of network and distributed systems security symposium","key":"252_CR54"},{"unstructured":"Garfinkel T, et al. (2007) Compatibility is not transparency: VMM detection myths and realities. In: Proceedings of the 11th workshop on hot topics in operating systems (HotOS-XI)","key":"252_CR55"},{"unstructured":"Ferrie P (2017) Attacks on more virtual machine emulators. Symantec technology exchange 2007. http:\/\/www.symantec.com\/avcenter\/reference\/Virtual_Machine_Threats.pdf . Accessed Dec 2017","key":"252_CR56"}],"container-title":["Service Oriented Computing and Applications"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11761-018-0252-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s11761-018-0252-2\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11761-018-0252-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,21]],"date-time":"2020-11-21T10:11:13Z","timestamp":1605953473000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s11761-018-0252-2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,1,2]]},"references-count":56,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2019,3]]}},"alternative-id":["252"],"URL":"https:\/\/doi.org\/10.1007\/s11761-018-0252-2","relation":{},"ISSN":["1863-2386","1863-2394"],"issn-type":[{"type":"print","value":"1863-2386"},{"type":"electronic","value":"1863-2394"}],"subject":[],"published":{"date-parts":[[2019,1,2]]},"assertion":[{"value":"23 August 2018","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"24 November 2018","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 December 2018","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"2 January 2019","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}