{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2022,4,2]],"date-time":"2022-04-02T07:21:43Z","timestamp":1648884103049},"reference-count":7,"publisher":"World Scientific Pub Co Pte Lt","issue":"07","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Int. J. Soft. Eng. Knowl. Eng."],"published-print":{"date-parts":[[2012,11]]},"abstract":"<jats:p> One of the most powerful tools in the hacker's reverse engineering arsenal is the virtual machine. These systems provide a simple mechanism for executing code in an environment in which the program can be carefully monitored and controlled, allowing attackers to subvert copy protection and access trade secrets. One of the challenges for anti-reverse engineering tools is how to protect software within such an untrustworthy environment. From the perspective of a running program, detecting an emulated environment is not trivial: the attacker can emulate the result of different operations with arbitrarily high fidelity. This paper demonstrates a mechanism that is able to detect even carefully constructed virtual environments by focusing on the stochastic variation of system call timings. A statistical technique for detecting emulated environments is presented, which uses a model of normal system call behavior to successfully identify two commonly used virtual environments under realistic conditions. <\/jats:p>","DOI":"10.1142\/s0218194012500258","type":"journal-article","created":{"date-parts":[[2013,3,5]],"date-time":"2013-03-05T22:36:16Z","timestamp":1362522976000},"page":"927-944","source":"Crossref","is-referenced-by-count":1,"title":["DETECTING EMULATED ENVIRONMENTS"],"prefix":"10.1142","volume":"22","author":[{"given":"TAUHIDA","family":"PARVEEN","sequence":"first","affiliation":[{"name":"Department of Engineering Systems, Florida Institute of Technology, Melbourne, FL, USA"}]},{"given":"SCOTT","family":"TILLEY","sequence":"additional","affiliation":[{"name":"Department of Computer Sciences, Florida Institute of Technology Melbourne, FL, USA"}]},{"given":"WILLIAM","family":"ALLEN","sequence":"additional","affiliation":[{"name":"Department of Computer Sciences, Florida Institute of Technology Melbourne, FL, USA"}]},{"given":"GERALD","family":"MARIN","sequence":"additional","affiliation":[{"name":"Department of Computer Sciences, Florida Institute of Technology Melbourne, FL, USA"}]},{"given":"RICHARD","family":"FORD","sequence":"additional","affiliation":[{"name":"Department of Computer Sciences, Florida Institute of Technology Melbourne, FL, USA"}]}],"member":"219","published-online":{"date-parts":[[2013,3,5]]},"reference":[{"key":"rf2","volume-title":"Probability, Statistics and Queuing Theory with Computer Science Applications","author":"Arnold A.","year":"1990"},{"key":"rf6","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2002.1027797"},{"key":"rf7","doi-asserted-by":"publisher","DOI":"10.1109\/52.43044"},{"key":"rf11","volume-title":"Reversing: Secrets of Reverse Engineering","author":"Eilam E.","year":"2005"},{"key":"rf13","volume-title":"Botnet Detection: Countering the Largest Security Threat","author":"Franklin J.","year":"2008"},{"key":"rf17","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2005.174"},{"key":"rf21","doi-asserted-by":"publisher","DOI":"10.1002\/9780471743064"}],"container-title":["International Journal of Software Engineering and Knowledge Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.worldscientific.com\/doi\/pdf\/10.1142\/S0218194012500258","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,8,6]],"date-time":"2019-08-06T17:03:32Z","timestamp":1565111012000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.worldscientific.com\/doi\/abs\/10.1142\/S0218194012500258"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012,11]]},"references-count":7,"journal-issue":{"issue":"07","published-online":{"date-parts":[[2013,3,5]]},"published-print":{"date-parts":[[2012,11]]}},"alternative-id":["10.1142\/S0218194012500258"],"URL":"https:\/\/doi.org\/10.1142\/s0218194012500258","relation":{},"ISSN":["0218-1940","1793-6403"],"issn-type":[{"value":"0218-1940","type":"print"},{"value":"1793-6403","type":"electronic"}],"subject":[],"published":{"date-parts":[[2012,11]]}}}