{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,5]],"date-time":"2026-02-05T22:23:40Z","timestamp":1770330220932,"version":"3.49.0"},"reference-count":35,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"2","license":[{"start":{"date-parts":[[2014,2,1]],"date-time":"2014-02-01T00:00:00Z","timestamp":1391212800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2014,2]]},"DOI":"10.1109\/tifs.2013.2291066","type":"journal-article","created":{"date-parts":[[2013,11,19]],"date-time":"2013-11-19T18:53:21Z","timestamp":1384887201000},"page":"196-207","source":"Crossref","is-referenced-by-count":27,"title":["Growing Grapes in Your Computer to Defend Against Malware"],"prefix":"10.1109","volume":"9","author":[{"given":"Zhiyong","family":"Shan","sequence":"first","affiliation":[]},{"given":"Xin","family":"Wang","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/1378600.1378626"},{"key":"ref32","first-page":"1","article-title":"Behavior-based spyware detection","author":"kirda","year":"2006","journal-title":"Proc USENIX Sec Symp"},{"key":"ref31","first-page":"1","article-title":"Usable mandatory integrity protection for operating systems","author":"li","year":"2007","journal-title":"Proc IEEE Symp Sec Privacy"},{"key":"ref30","first-page":"351","article-title":"Effective and efficient malware detection at the end host","author":"kolbitsch","year":"2009","journal-title":"Proc USENIX Sec Symp"},{"key":"ref35","year":"2013","journal-title":"PC Magazine Benchmarks"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/2046614.2046619"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/1165389.945467"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/ICHIS.2004.75"},{"key":"ref12","doi-asserted-by":"crossref","first-page":"151","DOI":"10.3233\/JCS-980109","article-title":"Intrusion detection using sequences of system calls","volume":"6","author":"hofmeyr","year":"1998","journal-title":"J Comput Sec"},{"key":"ref13","first-page":"1","article-title":"Data mining approaches for intrusion detection","volume":"7","author":"lee","year":"1998","journal-title":"Proc 8th Usenix Sec Symp"},{"key":"ref14","first-page":"326","article-title":"Static analyzer for vicious executables (SAVE)","author":"mukkamala","year":"2004","journal-title":"Proc 20th ACSAC"},{"key":"ref15","first-page":"1","article-title":"Learning classifiers for isuse and anomaly detection using a bag of system calls representation","author":"kang","year":"2005","journal-title":"Proc 6th IEEE Syst Man Cybern IAW"},{"key":"ref16","author":"larkin","year":"2009","journal-title":"Top Internet Security Suites Paying for Protection"},{"key":"ref17","first-page":"163","article-title":"The taser intrusion recovery system","author":"farhadi","year":"2005","journal-title":"Proc 20th ACM SOSP"},{"key":"ref18","first-page":"1024","article-title":"Design, implementation, and evaluation of repairable file service","author":"zhu","year":"2003","journal-title":"Proc 21st ICDE"},{"key":"ref19","year":"2013","journal-title":"Offensive Computing"},{"key":"ref4","author":"szor","year":"2005","journal-title":"The Art of Computer Virus Research and Defense"},{"key":"ref28","author":"sukwong","year":"2010","journal-title":"An empirical study of commercial antivirus software effectiveness"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.1996.502675"},{"key":"ref27","doi-asserted-by":"crossref","first-page":"88","DOI":"10.1007\/978-3-642-02918-9_6","article-title":"Defending browsers against drive-by downloads: Mitigating heap-spraying code injection attacks","author":"egele","year":"2009","journal-title":"Proc 6th Int Conf Detection Intrusions Malware Vulnerabil Assessment"},{"key":"ref6","year":"2013","journal-title":"Microsoft Security Bulletins"},{"key":"ref5","author":"howard","year":"2003","journal-title":"Fending Off Future Attacks by Reducing Attack Surface"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/1287624.1287628"},{"key":"ref8","first-page":"33","article-title":"Gatekeeper: Monitoring auto-start extensibility points (ASEPs) for spyware management","volume":"4","author":"wang","year":"2004","journal-title":"Proc 18th LISA Syst Admin Conf"},{"key":"ref7","year":"2012","journal-title":"Threats List"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866353"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.11"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/545186.545187"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/1998582.1998601"},{"key":"ref22","first-page":"116","article-title":"Panorama: Capturing system-wide information flow for malware detection and analysis","author":"yin","year":"2007","journal-title":"Proc 10th ACM Conf CCS"},{"key":"ref21","first-page":"318","article-title":"Gray-box extraction of execution graphs for anomaly detection","author":"gao","year":"2004","journal-title":"Proc 10th ACM CCS"},{"key":"ref24","first-page":"108","article-title":"Learning and classification of malware behavior","author":"holz","year":"2008","journal-title":"Proc 5th Conf DIMVA"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2001.924295"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2003.1199328"},{"key":"ref25","first-page":"1","article-title":"A layered architecture for detecting malicious behaviors","author":"martignoni","year":"2008","journal-title":"Proc Int l Symp Recent Advances in Intrusion Detection"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/10206\/6705647\/06663657.pdf?arnumber=6663657","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,1,12]],"date-time":"2022-01-12T16:31:34Z","timestamp":1642005094000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/6663657\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,2]]},"references-count":35,"journal-issue":{"issue":"2"},"URL":"https:\/\/doi.org\/10.1109\/tifs.2013.2291066","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"value":"1556-6013","type":"print"},{"value":"1556-6021","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014,2]]}}}