{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,30]],"date-time":"2025-08-30T06:10:19Z","timestamp":1756534219455,"version":"3.44.0"},"reference-count":60,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"National Key Research and Development Program of China","award":["2022YFB3103202"],"award-info":[{"award-number":["2022YFB3103202"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2025]]},"DOI":"10.1109\/tifs.2025.3599311","type":"journal-article","created":{"date-parts":[[2025,8,15]],"date-time":"2025-08-15T18:19:47Z","timestamp":1755281987000},"page":"8962-8977","source":"Crossref","is-referenced-by-count":0,"title":["HyperMD: A Multi-Modal Malware Detection Method Using Performance Counters and Process Memory on Xen Platform"],"prefix":"10.1109","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-7087-5416","authenticated-orcid":false,"given":"Xiangyi","family":"Wang","sequence":"first","affiliation":[{"name":"College of Cryptology and Cyber Science, Nankai University, Tianjin, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5970-0824","authenticated-orcid":false,"given":"Jian","family":"Zhang","sequence":"additional","affiliation":[{"name":"College of Cryptology and Cyber Science, Nankai University, Tianjin, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-9004-1876","authenticated-orcid":false,"given":"Lingkai","family":"Xing","sequence":"additional","affiliation":[{"name":"College of Cryptology and Cyber Science, Nankai University, Tianjin, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ming","family":"Yang","sequence":"additional","affiliation":[{"name":"College of Cryptology and Cyber Science, Nankai University, Tianjin, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zheng","family":"Meng","sequence":"additional","affiliation":[{"name":"College of Cryptology and Cyber Science, Nankai University, Tianjin, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-8667-7515","authenticated-orcid":false,"given":"Lexin","family":"Jia","sequence":"additional","affiliation":[{"name":"College of Cryptology and Cyber Science, Nankai University, Tianjin, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"volume-title":"ISO\/IEC 27032:2023-Information Security, Cybersecurity, and Privacy Protection-Guidelines for Cybersecurity","key":"ref1"},{"volume-title":"Ransomware-Defense-Report-2023","key":"ref2"},{"volume-title":"Malware Statistics & Trends Report","year":"2024","key":"ref3"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2016.2609907"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2021.3075694"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2023.110850"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2024.111991"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2024.3422990"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2024.103864"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2022.3152360"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2019.2923577"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/TCAD.2022.3149745"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2019.2924549"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-97-5101-3_13"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/3329786"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2023.119952"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1016\/j.neunet.2021.09.019"},{"key":"ref18","article-title":"Mdmv: A malware detection method based on memory and visualization on kvm","volume-title":"Proc. MobiQuitous","author":"Wang","year":"2024"},{"article-title":"Xen 2002","year":"2003","author":"Barham","key":"ref19"},{"volume-title":"The Definitive Guide to the Xen Hypervisor","year":"2013","author":"Chisnall","key":"ref20"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2018.08.010"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/1179542.1179558"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2024.3353250"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/3530810"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2022.3144697"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2024.3409083"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102613"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00021"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/3196494.3196515"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2022.3226302"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-22390-7_22"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-80126-7_35"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/2508148.2485970"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/ReCoSoC48741.2019.9034972"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/ICCD56317.2022.00042"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-29737-3_26"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2024.103908"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2022.119133"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664252"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2017.06.002"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1007\/s11036-019-01503-4"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2020.3048791"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2020.107138"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2022.3160357"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2021.108394"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/TETCI.2024.3436866"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2022.3231632"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/ETS48528.2020.9131596"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2024.112539"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/TITS.2022.3208891"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2023.121617"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1162\/neco.1997.9.8.1735"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2024.3369322"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.90"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/TCAD.2021.3102007"},{"volume-title":"VirusTotal","year":"2024","key":"ref56"},{"volume-title":"Tencent PC Manager","year":"2024","key":"ref57"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1049\/iet-net.2017.0207"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v34i01.5474"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.102166"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/10206\/10810755\/11126179.pdf?arnumber=11126179","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,30]],"date-time":"2025-08-30T05:39:50Z","timestamp":1756532390000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11126179\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":60,"URL":"https:\/\/doi.org\/10.1109\/tifs.2025.3599311","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"type":"print","value":"1556-6013"},{"type":"electronic","value":"1556-6021"}],"subject":[],"published":{"date-parts":[[2025]]}}}