{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,10,23]],"date-time":"2024-10-23T09:50:57Z","timestamp":1729677057440,"version":"3.28.0"},"reference-count":47,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017,10]]},"DOI":"10.1109\/cns.2017.8228671","type":"proceedings-article","created":{"date-parts":[[2017,12,22]],"date-time":"2017-12-22T00:55:49Z","timestamp":1513904149000},"page":"586-594","source":"Crossref","is-referenced-by-count":0,"title":["Black penguin: On the feasibility of detecting intrusion with homogeneous memory"],"prefix":"10.1109","author":[{"given":"Ning","family":"Zhang","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ruide","family":"Zhang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Qiben","family":"Yan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Wenjing","family":"Lou","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Y. Thomas","family":"Hou","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Danfeng","family":"Yao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/2508148.2485970"},{"key":"ref38","first-page":"351","article-title":"Effective and efficient malware detection at the end host","author":"kolbitsch","year":"2009","journal-title":"USENIX securitvy symposium"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/586110.586145"},{"journal-title":"The Security Architecture of the Chromium Browser","year":"2008","author":"barth","key":"ref32"},{"journal-title":"Firefox 50 0 1 - asm js jit-spray remote code execution","year":"0","key":"ref31"},{"journal-title":"cve-2015&#x2013;2419","year":"0","key":"ref30"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-36084-0_15"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1007\/s10994-009-5143-5"},{"key":"ref35","first-page":"11","article-title":"Au-tomating mimicry attacks using static binary analysis","author":"kruegel","year":"2005","journal-title":"Proceedings of the 14th Conference on USENIX Security Symposium-Volume 14"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/1368310.1368334"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315262"},{"key":"ref40","article-title":"Dns-based detection of scanning worms in an enterprise network","author":"whyte","year":"2005","journal-title":"NDSS"},{"key":"ref11","doi-asserted-by":"crossref","first-page":"341","DOI":"10.1145\/2382196.2382234","article-title":"Black-sheep: detecting compromised hosts in homogeneous crowds","author":"bianchi","year":"2012","journal-title":"Proceedings of the 2012 ACM Conference on Computer and Communications Security"},{"key":"ref12","first-page":"169","article-title":"Nozzle: A defense against heap-spraying code injection attacks","author":"ratanaworabhan","year":"2009","journal-title":"USENIX Security Symposium"},{"key":"ref13","article-title":"Zozzle: Fast and precise in-browser javascript malware detection","author":"curtsinger","year":"2011","journal-title":"USENIX Security Symposium"},{"journal-title":"The moz top 500","year":"0","key":"ref14"},{"journal-title":"Firefox exploit","year":"0","key":"ref15"},{"journal-title":"Internet Explorer IFRAME Src&name Parameter BoF Remote Compromise","year":"0","key":"ref16"},{"key":"ref17","article-title":"Pax: The guaranteed end of arbitrary code execution","author":"spengler","year":"2003","journal-title":"G-Con2 Mexico City"},{"journal-title":"Data Execution Prevention (DEP)","year":"0","key":"ref18"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/DISCEX.2000.821514"},{"journal-title":"Minidump files","year":"0","key":"ref28"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.1996.502675"},{"journal-title":"Procdump","year":"0","key":"ref27"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2010.5544306"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/356674.356676"},{"journal-title":"Too much freedom is dangerous understanding ie11 cve-2015&#x2013;2419 exploitation","year":"0","key":"ref29"},{"journal-title":"Security Engineering A Guide to Building Dependable Distributed Systems","year":"2010","author":"anderson","key":"ref5"},{"journal-title":"Symantec Anti'Virus","year":"0","key":"ref8"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664271"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2013.05.010"},{"journal-title":"Mcafee anti-virus","year":"0","key":"ref9"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-41284-4_8"},{"key":"ref46","first-page":"255","article-title":"Dscrete: Automatic rendering of forensic information from memory images via application logic reuse","year":"2014","journal-title":"USENIX Security Symposium"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/276698.276876"},{"key":"ref45","first-page":"255","article-title":"Dscrete: automatic rendering of forensic information from memory images via application logic reuse","author":"saltaformaggio","year":"2014","journal-title":"Proceedings of the 23rd USENIX conference on Security Symposium USENIX Association"},{"key":"ref22","article-title":"Preventing privilege escalation","volume":"3","author":"provos","year":"2003","journal-title":"Usenix Security"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2011.50"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.25"},{"key":"ref42","article-title":"Siggraph: Brute force scanning of kernel data structure instances using graph-based signatures","author":"lin","year":"2011","journal-title":"NDSS"},{"journal-title":"Firefox browser","year":"0","key":"ref24"},{"key":"ref41","first-page":"139","article-title":"Botminer: Clustering analysis of network traffic for protocol-and structure-independent botnet detection","author":"gu","year":"2008","journal-title":"Proceedings of the 17th Conference on Security Symposium Ser SS'08"},{"journal-title":"Firefox svg animation remote code execution","year":"0","key":"ref23"},{"key":"ref44","article-title":"Dimsum: Discovering semantic data of interest from un-mappable memory with confidence","author":"lin","year":"2012","journal-title":"Proceedings of ISOC Symposium on Network and Distributed System Security Sein"},{"journal-title":"Vmmap","year":"0","key":"ref26"},{"key":"ref43","first-page":"23","article-title":"Linux physical memory analysis","author":"movall","year":"2005","journal-title":"USENIX Annual Technical Conference Freenix track"},{"journal-title":"Internet Explorer","year":"0","key":"ref25"}],"event":{"name":"2017 IEEE Conference on Communications and Network Security (CNS)","start":{"date-parts":[[2017,10,9]]},"location":"Las Vegas, NV","end":{"date-parts":[[2017,10,11]]}},"container-title":["2017 IEEE Conference on Communications and Network Security (CNS)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8170165\/8228604\/08228671.pdf?arnumber=8228671","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,11]],"date-time":"2022-08-11T01:02:17Z","timestamp":1660179737000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/8228671\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,10]]},"references-count":47,"URL":"https:\/\/doi.org\/10.1109\/cns.2017.8228671","relation":{},"subject":[],"published":{"date-parts":[[2017,10]]}}}