{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,21]],"date-time":"2026-03-21T17:56:23Z","timestamp":1774115783519,"version":"3.50.1"},"reference-count":30,"publisher":"IEEE","license":[{"start":{"date-parts":[[2008,6,1]],"date-time":"2008-06-01T00:00:00Z","timestamp":1212278400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2008,6,1]],"date-time":"2008-06-01T00:00:00Z","timestamp":1212278400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2008,6]]},"DOI":"10.1109\/dsn.2008.4630086","type":"proceedings-article","created":{"date-parts":[[2008,9,26]],"date-time":"2008-09-26T11:10:29Z","timestamp":1222427429000},"page":"177-186","source":"Crossref","is-referenced-by-count":71,"title":["Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware"],"prefix":"10.1109","author":[{"family":"Xu Chen","sequence":"first","affiliation":[{"name":"University of Michigan - Ann Arbor, USA"}]},{"given":"Jon","family":"Andersen","sequence":"additional","affiliation":[{"name":"University of Michigan - Ann Arbor, USA"}]},{"given":"Z. Morley","family":"Mao","sequence":"additional","affiliation":[{"name":"University of Michigan - Ann Arbor, USA"}]},{"given":"Michael","family":"Bailey","sequence":"additional","affiliation":[{"name":"University of Michigan - Ann Arbor, USA"}]},{"given":"Jose","family":"Nazario","sequence":"additional","affiliation":[{"name":"Arbor Networks, USA"}]}],"member":"263","reference":[{"key":"19","article-title":"establishing the genuinity of remote computer systems","author":"kennell","year":"2003","journal-title":"12th USENIX Security Symposium"},{"key":"17","year":"0"},{"key":"18","author":"kato","year":"0","journal-title":"Vmware backdoor i\/o port"},{"key":"15","first-page":"135","article-title":"detours: binary interception of win32 functions","author":"hunt","year":"1999","journal-title":"Proceedings of the 3rd USENIX Windows NT Symposium"},{"key":"16","doi-asserted-by":"publisher","DOI":"10.17487\/rfc1323"},{"key":"13","article-title":"compatibility is not transparency: vmm detection myths and realities","author":"garfinkel","year":"2007","journal-title":"Proceedings of the 11th Workshop on Hot Topics in Operating Systems (HotOS-XI)"},{"key":"14","doi-asserted-by":"publisher","DOI":"10.1109\/IAW.2005.1495930"},{"key":"11","article-title":"behavioral distance for intrusion detection","author":"gao","year":"2005","journal-title":"8th International Symposium on Recent Advance in Intrusion Detection (RAID 2005)"},{"key":"12","doi-asserted-by":"crossref","DOI":"10.1007\/11856214_2","article-title":"behavioral distance measurement using hidden markov models","author":"gao","year":"2006","journal-title":"9th International Symposium on Recent Advance in Intrusion Detection (RAID 2005)"},{"key":"21","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2005.18"},{"key":"20","doi-asserted-by":"publisher","DOI":"10.1145\/945465.945467"},{"key":"22","first-page":"255","article-title":"static disassembly of obfuscated binaries","author":"kru?gel","year":"2004","journal-title":"USENIX Security Symposium"},{"key":"23","author":"liston","year":"0","journal-title":"On the cutting edge Thwarting virtual machine detection"},{"key":"24","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.17"},{"key":"25","article-title":"rethinking antivirus: executable analysis in the network cloud","author":"oberheide","year":"2007","journal-title":"Proceedings of the 2nd USENIX Workshop on Hot Topics in Security (HOTSEC '07)"},{"key":"26","year":"0"},{"key":"27","article-title":"detecting system emulators","author":"raffetseder","year":"2007","journal-title":"Proceedings of 10th Information Security Conference (ISC) Lecture Notes in Computer Science Springer Verlag"},{"key":"28","article-title":"analysis of intel pentium's ability to support a secure virtual machine monitor","author":"robin","year":"2000","journal-title":"USENIX Security Symposium"},{"key":"29","year":"0"},{"key":"3","year":"0"},{"key":"2","year":"0","journal-title":"Detect if your program"},{"key":"10","doi-asserted-by":"publisher","DOI":"10.1145\/1368506.1368518"},{"key":"1","year":"0","journal-title":"Collaborative malware collection and sensing"},{"key":"30","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2006.38"},{"key":"7","year":"0"},{"key":"6","year":"0","journal-title":"Scoopy doo"},{"key":"5","year":"0","journal-title":"Red pill"},{"key":"4","year":"0","journal-title":"Honeypotting with VMware - basics"},{"key":"9","author":"corey","year":"2004","journal-title":"Advanced honeypot identification"},{"key":"8","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-540-74320-0_10","article-title":"automated classification and analysis of internet malware","author":"bailey","year":"2007","journal-title":"10th International Symposium on Recent Advances in Intrusion Detection (RAID 2007)"}],"event":{"name":"2008 IEEE International Conference on Dependable Systems & Networks With FTCS and DCC (DSN)","location":"Anchorage, AK, USA","start":{"date-parts":[[2008,6,24]]},"end":{"date-parts":[[2008,6,27]]}},"container-title":["2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx5\/4610267\/4630050\/04630086.pdf?arnumber=4630086","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,28]],"date-time":"2025-08-28T18:03:16Z","timestamp":1756404196000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/4630086\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008,6]]},"references-count":30,"URL":"https:\/\/doi.org\/10.1109\/dsn.2008.4630086","relation":{},"subject":[],"published":{"date-parts":[[2008,6]]}}}