{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,28]],"date-time":"2025-09-28T20:34:19Z","timestamp":1759091659207,"version":"3.37.3"},"reference-count":59,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/100000082","name":"Division of Graduate Education","doi-asserted-by":"publisher","award":["DGE-0903659"],"award-info":[{"award-number":["DGE-0903659"]}],"id":[{"id":"10.13039\/100000082","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2019]]},"DOI":"10.1109\/tdsc.2018.2805904","type":"journal-article","created":{"date-parts":[[2018,2,14]],"date-time":"2018-02-14T19:16:55Z","timestamp":1518635815000},"page":"1-1","source":"Crossref","is-referenced-by-count":4,"title":["High-Performance Memory Snapshotting for Real-Time, Consistent, Hypervisor-Based Monitors"],"prefix":"10.1109","author":[{"given":"Peter","family":"Klemperer","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hye Yoon","family":"Jeon","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bryan D.","family":"Payne","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"James C.","family":"Hoe","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/EURMIC.2004.1333416"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1145\/1244002.1244070"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455779"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/1655148.1655150"},{"key":"ref31","first-page":"2:1","article-title":"Xenprobes, a lightweight user-space probing framework for xen virtual machine","author":"quynh","year":"0","journal-title":"Proc USENIX Annu Techn Conf Annu Techn Conf"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/2365864.2151043"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/1346256.1346278"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/HOTOS.2001.990073"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.24"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/1254810.1254820"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653720"},{"key":"ref27","first-page":"1","article-title":"Decoupling dynamic program analysis from execution in virtual environments","author":"chow","year":"2008","journal-title":"Proc Annu Tech Conf Annu Tech Conf"},{"key":"ref29","first-page":"209","article-title":"Building trustworthy intrusion detection through VM introspection","author":"baiardi","year":"2007","journal-title":"Proc IEEE 3rd Int Symp Inf Assurance Secur"},{"key":"ref2","first-page":"13","article-title":"Copilot - A coprocessor-based kernel runtime integrity monitor","author":"petroni","year":"2004","journal-title":"Proc 13th Conf USENIX Secur Symp - Vol 13"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.10"},{"key":"ref20","article-title":"Virtual machine introspection in a hybrid honeypot architecture","author":"lengyel","year":"0","journal-title":"5th Workshop on Cyber Security Experimentation and Test"},{"key":"ref22","first-page":"279","article-title":"lmbench: Portable tools for performance analysis","author":"staelin","year":"1996","journal-title":"Proc USENIX Annu Tech Conf"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23076"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.2003.1209211"},{"year":"2013","key":"ref23","article-title":"Auto-weka : Sample datasets"},{"article-title":"Using honeypots to capture and analyze malicious activities on the internet","year":"2009","author":"vomel","key":"ref26"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/SRDS.2009.17"},{"key":"ref50","first-page":"96","article-title":"Scalable cloud security via asynchronous virtual machine introspection","author":"rajasekaran","year":"2016","journal-title":"Proc 8th USENIX Conf Hot Top Cloud Comput"},{"key":"ref51","first-page":"511","article-title":"Ki-mon: A hardware-assisted event-triggered monitoring platform for mutable kernel object","author":"lee","year":"2013","journal-title":"Proc 22nd USENIX Secur Symp"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866313"},{"key":"ref58","article-title":"Hypervisor introspection: A technique for evading passive virtual machine monitoring","author":"wang","year":"0","journal-title":"9th USENIX Workshop on Offensive Technologies"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1145\/2970276.2970299"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1145\/3037697.3037721"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/HPCA.2014.6835951"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/2508148.2485956"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382202"},{"key":"ref52","first-page":"158","author":"wang","year":"2010","journal-title":"HyperCheck A Hardware-Assisted Integrity Monitor"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653729"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.11"},{"key":"ref40","first-page":"163","article-title":"Traps and pitfalls: Practical problems in system call interposition based security tools","author":"garfinkel","year":"2003","journal-title":"Proc Symp Network and Distributed System Security"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/SRDS.2010.39"},{"article-title":"The volatility framework v2.3","year":"2016","author":"auty","key":"ref13"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/1346256.1346269"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/2731186.2731196"},{"article-title":"Whitepaper: Hunting For Metamorphic","year":"2003","author":"sz\u00f6r","key":"ref16"},{"article-title":"VProbes Programming Reference","year":"2011","author":"stiller","key":"ref17"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664252"},{"year":"2015","key":"ref19","article-title":"Rekall"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/2151024.2151051"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/1952682.1952703"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315262"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653730"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-14215-4_3"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-87403-4_1"},{"key":"ref49","article-title":"Scalable cloud security via asynchronous virtual machine introspection","author":"rajasekaran","year":"0","journal-title":"USENIX Workshop on Hot Topics in Cloud Computing"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.40"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1145\/1950365.1950398"},{"key":"ref45","first-page":"243","article-title":"Hypervisor support for identifying covertly executing binaries","author":"litty","year":"2008","journal-title":"Proc 17th Conf Security Symp"},{"key":"ref48","first-page":"161","article-title":"Remus: High availability via asynchronous virtual machine replication","author":"cully","year":"2008","journal-title":"Proc 5th USENIX Symp Netw Syst Des Implementation"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.40"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2007.45"},{"key":"ref41","article-title":"Ttanalyze: A tool for analyzing malware","author":"bayer","year":"2006","journal-title":"15th Ann Conf of European Inst for Computer Antivirus Research (EICAR)"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/HASE.2011.41"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/SRDS.2011.26"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8858\/4358699\/08291512.pdf?arnumber=8291512","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,4,27]],"date-time":"2022-04-27T16:44:24Z","timestamp":1651077864000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8291512\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"references-count":59,"URL":"https:\/\/doi.org\/10.1109\/tdsc.2018.2805904","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"type":"print","value":"1545-5971"},{"type":"electronic","value":"1941-0018"},{"type":"electronic","value":"2160-9209"}],"subject":[],"published":{"date-parts":[[2019]]}}}