{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,20]],"date-time":"2026-04-20T13:55:23Z","timestamp":1776693323327,"version":"3.51.2"},"reference-count":44,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Cloud Comput."],"published-print":{"date-parts":[[2018]]},"DOI":"10.1109\/tcc.2018.2829202","type":"journal-article","created":{"date-parts":[[2018,4,20]],"date-time":"2018-04-20T18:08:37Z","timestamp":1524247717000},"page":"1-1","source":"Crossref","is-referenced-by-count":46,"title":["VMGuard: A VMI-based Security Architecture for Intrusion Detection in Cloud Environment"],"prefix":"10.1109","author":[{"given":"Preeti","family":"Mishra","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Vijay","family":"Varadharajan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Emmanuel","family":"Pilli","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Udaya","family":"Tupakula","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23121"},{"key":"ref38","first-page":"287","article-title":"BareCloud: Bare-metal analysis-based evasive malware detection","author":"kirat","year":"2014","journal-title":"Proc 23rd USENIX Secur Symp"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1080\/19393555.2014.942017"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-980109"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.1996.502675"},{"key":"ref30","author":"lengyel","year":"2016","journal-title":"Stealthy Monitoring with Xen Altp2m"},{"key":"ref37","year":"1998","journal-title":"UNM Dataset"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1023\/A:1010933404324"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2011.05.007"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.1999.766910"},{"key":"ref10","first-page":"51","article-title":"Using text categorization techniques for intrusion detection","author":"liao","year":"2002","journal-title":"Proc 11th USENIX Secur Symp"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1007\/s10796-008-9131-2"},{"key":"ref11","first-page":"191","article-title":"A virtual machine introspection based architecture for intrusion detection","author":"garfinkel","year":"2003","journal-title":"Proc Symp Network and Distributed System Security"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.24"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/1346256.1346269"},{"key":"ref14","first-page":"1","article-title":"Antfarm: Tracking processes in a virtual machine environment","author":"jones","year":"2006","journal-title":"Proc USENIX Annu Tech Conf"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.10"},{"key":"ref16","first-page":"300","article-title":"Unobservable intrusion detection based on call traces in paravirtualized systems","author":"maiero","year":"2011","journal-title":"Proc Int Conf Security and Cryptography"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-980109"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2014.59"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-25141-2_7"},{"key":"ref28","first-page":"1","article-title":"Internet-scale file analysis","author":"hanif","year":"2015","journal-title":"Black Hat USA"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2016.10.015"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315262"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/1361684.1361686"},{"key":"ref6","first-page":"211","article-title":"Detecting anomalies in IaaS environments through virtual machine host system call analysis","author":"alarifi","year":"2012","journal-title":"Proc Internet Technol Secured Trans Conf"},{"key":"ref29","article-title":"Detecting memory leak using virtualization technology","volume":"16","author":"wang","year":"2013","journal-title":"Int Inf Inst Inf"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1007\/s11277-014-2136-x"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-38631-2_24"},{"key":"ref7","first-page":"118","article-title":"Learning classifiers for misuse and anomaly detection using a bag of system calls representation","author":"kang","year":"2005","journal-title":"Proc IEEE Int Conf Syst Man Cybern"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664252"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1002\/cpe.4133"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.2172\/1055635"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2015.2457918"},{"key":"ref22","year":"2014","journal-title":"Rekall - Memory Forensics Analysis framework"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/TCC.2016.2535320"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1016\/j.engappai.2007.07.001"},{"key":"ref24","first-page":"243","article-title":"Hypervisor support for identifying covertly executing binaries","author":"litty","year":"2008","journal-title":"Proc 17th Conf Security Symp"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/1655008.1655013"},{"key":"ref23","first-page":"1963","article-title":"A framework for evaluating trust of service providers in cloud marketplaces","author":"m\u00fchlh\u00e4user","year":"2013","journal-title":"Proc ACM Symp Appl Comput"},{"key":"ref44","first-page":"1","article-title":"Attacks on more virtual machine emulators","volume":"55","author":"ferrie","year":"2007","journal-title":"Symantec Technology Exchange"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.45"},{"key":"ref43","year":"2016","journal-title":"Libguestfs tools for accessing and modifying virtual machine disk images"},{"key":"ref25","first-page":"1","article-title":"K-Tracer: A system for extracting Kernel malware behavior","author":"lanzi","year":"2009","journal-title":"Proc 16th Annu Netw Distrib Syst Secur Symp"}],"container-title":["IEEE Transactions on Cloud Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6245519\/6562694\/08344510.pdf?arnumber=8344510","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,4,27]],"date-time":"2022-04-27T17:23:22Z","timestamp":1651080202000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/8344510\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"references-count":44,"URL":"https:\/\/doi.org\/10.1109\/tcc.2018.2829202","relation":{},"ISSN":["2168-7161"],"issn-type":[{"value":"2168-7161","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]}}}