{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,28]],"date-time":"2025-09-28T20:44:59Z","timestamp":1759092299384},"reference-count":73,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"9","license":[{"start":{"date-parts":[[2014,9,1]],"date-time":"2014-09-01T00:00:00Z","timestamp":1409529600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"}],"funder":[{"DOI":"10.13039\/501100008122","name":"ITRC","doi-asserted-by":"crossref","award":["12188\/500 (91\/8\/2)"],"award-info":[{"award-number":["12188\/500 (91\/8\/2)"]}],"id":[{"id":"10.13039\/501100008122","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2014,9]]},"DOI":"10.1109\/tifs.2014.2337256","type":"journal-article","created":{"date-parts":[[2014,8,5]],"date-time":"2014-08-05T18:39:24Z","timestamp":1407263964000},"page":"1465-1476","source":"Crossref","is-referenced-by-count":18,"title":["Back to Static Analysis for Kernel-Level Rootkit Detection"],"prefix":"10.1109","volume":"9","author":[{"given":"Seyyedeh Atefeh","family":"Musavi","sequence":"first","affiliation":[]},{"given":"Mehdi","family":"Kharrazi","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref73","year":"2014","journal-title":"Virustoal Free Online Virus Malware and URL Scanner"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1145\/191177.191183"},{"key":"ref71","year":"2014","journal-title":"Osiris Host Integrity Management Tool"},{"key":"ref70","author":"butler","year":"2013","journal-title":"The Cat-and-Mouse Game The Story of Malwarebytes Chameleon"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/1190216.1190270"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1002\/sec.524"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/1774088.1774303"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2009.5403024"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2011.08.020"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2001.924286"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/1963405.1963436"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046742"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-29615-4_13"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP.2013.6638293"},{"key":"ref60","year":"2014","journal-title":"How to Modify Executable Code in Memory"},{"key":"ref62","author":"llc","year":"2014","journal-title":"Virusshare Malware Repository"},{"key":"ref61","author":"kasslin","year":"2010","journal-title":"Evolution of Kernel-Mode Malware"},{"key":"ref63","author":"french","year":"2011","journal-title":"Fuzzy Hashing Techniques in Applied Malware Analysis"},{"key":"ref28","year":"0","journal-title":"GMER Rootkit Detector"},{"key":"ref64","year":"2014","journal-title":"IDA Overview"},{"key":"ref27","article-title":"Vice–catch the hookers","volume":"61","author":"butler","year":"2004","journal-title":"Proc Black Hat USA Conf"},{"key":"ref65","year":"2014","journal-title":"Static Feature Extractor Source Code"},{"key":"ref66","year":"2014","journal-title":"ZwMapViewOfSection Routine"},{"key":"ref29","first-page":"317","article-title":"n-grams-based file signatures for malware detection","volume":"2","author":"santos","year":"2009","journal-title":"Proc ICEIS"},{"key":"ref67","author":"factories","year":"1999","journal-title":"MS Windows NT Kernel Description"},{"key":"ref68","year":"2014","journal-title":"Pearson Correlation Coefficient"},{"key":"ref69","author":"rodionov","year":"2011","journal-title":"King of Spam Festi Botnet Analysis"},{"key":"ref2","year":"2012","journal-title":"Zegost—Analysis of the Chinese Backdoor"},{"key":"ref1","article-title":"Predicting the future of stealth attacks","author":"kapoor","year":"2011","journal-title":"Proc Virus Bulletin Conf"},{"key":"ref20","article-title":"Method and apparatus to detect kernel mode rootkit events through virtualization traps","author":"grobman","year":"2010"},{"key":"ref22","doi-asserted-by":"crossref","first-page":"219","DOI":"10.1007\/978-3-540-74320-0_12","article-title":"A forced sampled execution approach to kernel rootkit identification","author":"wilhelm","year":"2007","journal-title":"Recent Advances in Intrusion Detection"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455779"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.38"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/1519065.1519072"},{"key":"ref26","article-title":"System virginity verifier","author":"rutkowska","year":"2005","journal-title":"Proc Hack Box Security Conf"},{"key":"ref25","author":"rutkowska","year":"2014","journal-title":"Introducing Blue Pill"},{"key":"ref50","author":"davis","year":"2009","journal-title":"Hacking Exposed-Malware"},{"key":"ref51","author":"vieler","year":"2007","journal-title":"Professional Rootkits"},{"key":"ref59","year":"1999","journal-title":"How to Open a File from a Kernel Mode Device Driver and How to Read from or Write to the File"},{"key":"ref58","year":"2006","journal-title":"Why Writing Files from the Kernel Is Bad?"},{"key":"ref57","first-page":"9","article-title":"Things you should never do in the kernel","author":"kroah-hartman","year":"2005","journal-title":"Linux J"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-15512-3_6"},{"key":"ref55","year":"2014","journal-title":"OSR Online Forums"},{"key":"ref54","author":"orwick","year":"2010","journal-title":"Developing Drivers with the Windows Driver Foundation"},{"key":"ref53","author":"oney","year":"2010","journal-title":"Programming the Microsoft Windows Driver Model"},{"key":"ref52","author":"klein","year":"2011","journal-title":"A Bug Hunter’s Diary"},{"key":"ref10","author":"russinovich","year":"2011","journal-title":"Using Rootkits to Defeat Digital Rights Management"},{"key":"ref11","year":"2011","journal-title":"Returnil SSDT Hooks Listed as"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-14215-4_3"},{"key":"ref12","author":"rusakov","year":"2011","journal-title":"Legit_bootkit"},{"key":"ref13","author":"rodionov","year":"2012","journal-title":"Win32\/Gapz New Bootkit Technique"},{"key":"ref14","author":"rodionov","year":"0","journal-title":"Defeating Anti-Forensics in Contemporary Complex Threats"},{"key":"ref15","article-title":"SMM rootkits: A new breed of OS independent malware","author":"embleton","year":"2010","journal-title":"Proc 4th Int Conf Security Privacy Commun Netw"},{"key":"ref16","article-title":"Hardware virtualization-based rootkits","author":"zovi","year":"2006","journal-title":"Proc Black Hat USA Conf"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1142\/9789814273046_0014"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2004.19"},{"key":"ref19","year":"2011","journal-title":"Root Out Rootkits an Inside Look at McAfee Deep Defender"},{"key":"ref4","author":"op","year":"2008","journal-title":"The FU rootkit"},{"key":"ref3","article-title":"The commercial malware industry","author":"gutmann","year":"2007","journal-title":"Proc DEFCON Conf"},{"key":"ref6","year":"2005","journal-title":"W32 mytob ar"},{"key":"ref5","year":"2005","journal-title":"Cut‘n’Paste Rootkit-Bots"},{"key":"ref8","year":"0","journal-title":"Ghost Security Suite SSDT Hooks Multiple Local Vulnerabilities"},{"key":"ref7","article-title":"Hiden seek revisited—Full stealth is back","author":"kasslin","year":"2005","journal-title":"Proc 15th Virus Bulletin Int Conf"},{"key":"ref49","author":"blunden","year":"2012","journal-title":"The Rootkit Arsenal Escape and Evasion in the Dark Corners of the System"},{"key":"ref9","year":"0","journal-title":"Kaspersky Internet Security 6 SSDT Hooks Multiple Local Vulnerabilities"},{"key":"ref46","author":"schneier","year":"2007","journal-title":"DRM in Windows Vista"},{"key":"ref45","year":"2013","journal-title":"Direct Rendering Infrastructure Wiki-NVIDIA"},{"key":"ref48","author":"hoglund","year":"2005","journal-title":"Rootkits Subverting the Windows Kernel"},{"key":"ref47","year":"2010","journal-title":"Khobe 8 0 Earthquake for Windows Desktop Security Software"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.21"},{"key":"ref41","doi-asserted-by":"crossref","first-page":"67","DOI":"10.1007\/s11416-006-0012-2","article-title":"Dynamic analysis of malicious code","volume":"2","author":"ulrich","year":"2006","journal-title":"J Comput Virol"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/948148.948149"},{"key":"ref43","first-page":"275","article-title":"Binary obfuscation using signals","author":"popov","year":"2007","journal-title":"Proc Usenix Security Symp"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/10206\/6867417\/06850033.pdf?arnumber=6850033","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,1,12]],"date-time":"2022-01-12T16:31:06Z","timestamp":1642005066000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/6850033\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,9]]},"references-count":73,"journal-issue":{"issue":"9"},"URL":"https:\/\/doi.org\/10.1109\/tifs.2014.2337256","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"value":"1556-6013","type":"print"},{"value":"1556-6021","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014,9]]}}}