{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,17]],"date-time":"2026-06-17T22:36:01Z","timestamp":1781735761827,"version":"3.54.5"},"reference-count":26,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"5","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2012,10]]},"DOI":"10.1109\/tifs.2012.2206028","type":"journal-article","created":{"date-parts":[[2012,6,27]],"date-time":"2012-06-27T14:28:56Z","timestamp":1340807336000},"page":"1439-1447","source":"Crossref","is-referenced-by-count":23,"title":["Antivirus Software Shield Against Antivirus Terminators"],"prefix":"10.1109","volume":"7","author":[{"given":"Fu-Hau","family":"Hsu","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Min-Hao","family":"Wu","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Chang-Kuo","family":"Tso","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Chi-Hsien","family":"Hsu","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Chieh-Wen","family":"Chen","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref10","year":"0","journal-title":"Active Registry Monitor"},{"key":"ref11","year":"0","journal-title":"Registry Cleaner"},{"key":"ref12","year":"0","journal-title":"Protected Process in Windows Vista"},{"key":"ref13","author":"ionescu","year":"0","journal-title":"Why Protected Processes Are A Bad Idea"},{"key":"ref14","article-title":"HookFinder: Identifying and understanding malware hooking behaviors","author":"yin","year":"2008","journal-title":"Proc 15th Ann Network and Distributed System Security Symp (NDSS'08)"},{"key":"ref15","article-title":"Anti-hook shield against software key-loggers","author":"aslam","year":"2004","journal-title":"Proc Nat Conf Emerging Technologies"},{"key":"ref16","author":"tan","year":"0","journal-title":"Defeating Kernel Native API Hookers by Direct Service Dispatch Table Restoration"},{"key":"ref17","article-title":"VICE-catch the hookers","author":"butler","year":"2004","journal-title":"Black Hat USA 2004"},{"key":"ref18","year":"0","journal-title":"IceSword"},{"key":"ref19","article-title":"System virginity verifier: Defining the roadmap for malware detection on windows systems","author":"rutkowska","year":"2005","journal-title":"Proc Hack in the Box Security Conf"},{"key":"ref4","author":"shevchenko","year":"2007","journal-title":"The evolution of self-defense technologies in malware"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/ITSIM.2008.4631981"},{"key":"ref6","article-title":"Anti anti-virus; disable anti virus services","author":"bagheri","year":"2010","journal-title":"Proc Int Malware Conference (MalCon)"},{"key":"ref5","article-title":"A new avenue of attack: Event-driven system vulnerabilities","author":"xenitellis","year":"2002","journal-title":"Proc Eur Conf Information Warfare and Security (ECIW 2002)"},{"key":"ref8","year":"0","journal-title":"RegistryProt"},{"key":"ref7","doi-asserted-by":"crossref","first-page":"659","DOI":"10.3233\/JCS-2005-13403","article-title":"A comparative evaluation of two algorithms for windows registry anomaly detection","volume":"13","author":"stolfo","year":"2005","journal-title":"J Comput Security"},{"key":"ref2","year":"0","journal-title":"How Many People Use Antivirus and\/or Antispyware Programs?"},{"key":"ref9","year":"0","journal-title":"Registry Protecto"},{"key":"ref1","author":"correa","year":"0","journal-title":"Internet Security Threats Will Affect U S Consumers' Holiday Shopping Online"},{"key":"ref20","year":"0","journal-title":"Windows Registry"},{"key":"ref22","year":"0","journal-title":"Forum KaFan CN"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/MS.1984.229466"},{"key":"ref24","article-title":"A guess to detect the downloader-like programs","author":"wu","year":"2010","journal-title":"Proc Ninth Int Symp Distributed Computing and Applications to Business Engineering and Science"},{"key":"ref23","year":"0","journal-title":"SafeGroup Malwares"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/PRDC.2009.48"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/CMC.2009.225"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx5\/10206\/6297499\/06226454.pdf?arnumber=6226454","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,30]],"date-time":"2019-06-30T09:24:58Z","timestamp":1561886698000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/6226454\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012,10]]},"references-count":26,"journal-issue":{"issue":"5"},"URL":"https:\/\/doi.org\/10.1109\/tifs.2012.2206028","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"value":"1556-6013","type":"print"},{"value":"1556-6021","type":"electronic"}],"subject":[],"published":{"date-parts":[[2012,10]]}}}