{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T18:52:31Z","timestamp":1771699951153,"version":"3.50.1"},"reference-count":31,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012,10]]},"DOI":"10.1109\/crisis.2012.6378949","type":"proceedings-article","created":{"date-parts":[[2012,12,18]],"date-time":"2012-12-18T16:54:22Z","timestamp":1355849662000},"page":"1-8","source":"Crossref","is-referenced-by-count":5,"title":["Evasion-resistant malware signature based on profiling kernel data structure objects"],"prefix":"10.1109","author":[{"given":"Ahmed F.","family":"Shosha","sequence":"first","affiliation":[]},{"given":"Chen-Ching","family":"Liu","sequence":"additional","affiliation":[]},{"given":"Pavel","family":"Gladyshev","sequence":"additional","affiliation":[]},{"given":"Marcus","family":"Matten","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"19","first-page":"14","article-title":"Detours: Binary Interception of Win32 Functions","volume":"3","author":"hunt","year":"0","journal-title":"3rd Conference on USENIX Windows NT Symposium"},{"key":"17","first-page":"351","article-title":"Effective and Efficient Malware Detection at the End Host","author":"kolbitsch","year":"0","journal-title":"18th Conference on USENIX Security Symposium 2009"},{"key":"18","article-title":"HookFinder: Identifying and Understanding Malware Hooking Behaviors","author":"yin","year":"0","journal-title":"Distributed System Security Symposium 2008"},{"key":"15","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.9"},{"key":"16","article-title":"Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software","author":"newsome","year":"0","journal-title":"Network and Distributed System Security Symposium 2005"},{"key":"13","doi-asserted-by":"crossref","first-page":"32","DOI":"10.1109\/MSP.2007.45","article-title":"Toward Automated Dynamic Malware Analysis Using CWSandbox","volume":"5","author":"w","year":"2007","journal-title":"IEEE Security and Privacy"},{"key":"14","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455779"},{"key":"11","year":"2012","journal-title":"System-Defined Data Structures"},{"key":"12","first-page":"41","article-title":"QEMU, A Fast and Portable Dynamic Translator","author":"bellard","year":"2005","journal-title":"USENIX"},{"key":"21","first-page":"352","author":"hoglund","year":"2005","journal-title":"Rootkits Subverting the Windows Kernel"},{"key":"20","doi-asserted-by":"publisher","DOI":"10.1016\/j.scico.2007.01.015"},{"key":"22","year":"0"},{"key":"23","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.17"},{"key":"24","first-page":"304","article-title":"Toward Revealing Kernel Malware Behavior in Virtual Execution Environments","author":"xuan","year":"0","journal-title":"12th International Symposium on Recent Advances in Intrusion Detection 2009"},{"key":"25","author":"preda","year":"2010","journal-title":"Code Obfuscation and Malware Detection by Abstract Interpretation"},{"key":"26","first-page":"116","article-title":"Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis","author":"yin","year":"0","journal-title":"14th ACM Conference on Computer and Communications Security 2007"},{"key":"27","article-title":"K-Tracer: A System for Extracting Kernel Malware Behavior","author":"lanzi","year":"0","journal-title":"16th Annual Network and Distributed System Security Symposium 2009"},{"key":"28","doi-asserted-by":"publisher","DOI":"10.1145\/1519065.1519072"},{"key":"29","doi-asserted-by":"publisher","DOI":"10.1145\/1966913.1966940"},{"key":"3","article-title":"Impeding Malware Analysis Using Conditional Code Obfuscation","author":"sharif","year":"0","journal-title":"Network and Distributed System Security Symposium 2008"},{"key":"2","doi-asserted-by":"publisher","DOI":"10.1109\/BWCCA.2010.85"},{"key":"10","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2008.134"},{"key":"1","first-page":"98","article-title":"A Study of the Packer Problem and Its Solutions","author":"guo","year":"0","journal-title":"11th International Symposium on Recent Advances in Intrusion Detection 2008"},{"key":"30","article-title":"KLIMAX: Profiling Memory Write Patterns to Detect Keystroke-Harvesting Malware","author":"ortolani","year":"0","journal-title":"International Symposium on Recent Advances in Intrusion Detection (RAID)"},{"key":"7","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2000.870435"},{"key":"6","doi-asserted-by":"publisher","DOI":"10.1145\/2089125.2089126"},{"key":"5","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653730"},{"key":"31","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2010.38"},{"key":"4","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2008.126"},{"key":"9","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2008.54"},{"key":"8","doi-asserted-by":"publisher","DOI":"10.1145\/1127345.1127348"}],"event":{"name":"2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS)","location":"Cork, Ireland","start":{"date-parts":[[2012,10,10]]},"end":{"date-parts":[[2012,10,12]]}},"container-title":["2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx5\/6362373\/6378933\/06378949.pdf?arnumber=6378949","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,6,21]],"date-time":"2017-06-21T00:23:31Z","timestamp":1498004611000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/6378949\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012,10]]},"references-count":31,"URL":"https:\/\/doi.org\/10.1109\/crisis.2012.6378949","relation":{},"subject":[],"published":{"date-parts":[[2012,10]]}}}