{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,3]],"date-time":"2025-09-03T10:15:17Z","timestamp":1756894517557,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":20,"publisher":"ACM","license":[{"start":{"date-parts":[[2004,10,25]],"date-time":"2004-10-25T00:00:00Z","timestamp":1098662400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2004,10,25]]},"DOI":"10.1145\/1030083.1030126","type":"proceedings-article","created":{"date-parts":[[2005,1,30]],"date-time":"2005-01-30T17:55:16Z","timestamp":1107107716000},"page":"318-329","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":74,"title":["Gray-box extraction of execution graphs for anomaly detection"],"prefix":"10.1145","author":[{"given":"Debin","family":"Gao","sequence":"first","affiliation":[{"name":"Carnegie Mellon University, Pittsburgh, PA"}]},{"given":"Michael K.","family":"Reiter","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, Pittsburgh, PA"}]},{"given":"Dawn","family":"Song","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, Pittsburgh, PA"}]}],"member":"320","published-online":{"date-parts":[[2004,10,25]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/268946.268962"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2004.1301324"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.5555\/829515.830554"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.5555\/525080.884258"},{"key":"e_1_3_2_1_5_1","first-page":"103","volume-title":"Proceedings of the 13th USENIX Security Symposium","author":"Gao D.","year":"2004","unstructured":"D. Gao , M. K. Reiter and D. Song . On gray-box program tracking for anomaly detection . In Proceedings of the 13th USENIX Security Symposium , pages 103 -- 118 , August 2004 .]] D. Gao, M. K. Reiter and D. Song. On gray-box program tracking for anomaly detection. In Proceedings of the 13th USENIX Security Symposium, pages 103--118, August 2004.]]"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.5555\/647253.720282"},{"key":"e_1_3_2_1_7_1","volume-title":"Proceeding of Symposium on Network and Distributed System Security","author":"Giffin J.","year":"2004","unstructured":"J. Giffin , S. Jha and B. Miller . Efficient context-sensitive intrusion detection . In Proceeding of Symposium on Network and Distributed System Security , Febuary 2004 .]] J. Giffin, S. Jha and B. Miller. Efficient context-sensitive intrusion detection. In Proceeding of Symposium on Network and Distributed System Security, Febuary 2004.]]"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-39650-5_19"},{"key":"e_1_3_2_1_9_1","volume-title":"National Unviersity of Singpaore.","author":"Lu X.","year":"1999","unstructured":"X. Lu . A Linux executable editing library. Master's Thesis, Computer and Information Science , National Unviersity of Singpaore. 1999 .]] X. Lu. A Linux executable editing library. Master's Thesis, Computer and Information Science, National Unviersity of Singpaore. 1999.]]"},{"key":"e_1_3_2_1_10_1","volume-title":"USENIX Annual Technical Conference","author":"Prasad M.","year":"2003","unstructured":"M. Prasad and T. Chiueh . A binary rewriting defense against stack based buffer overflow attacks . In USENIX Annual Technical Conference , General Track , June 2003 .]] M. Prasad and T. Chiueh. A binary rewriting defense against stack based buffer overflow attacks. In USENIX Annual Technical Conference, General Track, June 2003.]]"},{"key":"e_1_3_2_1_11_1","volume-title":"Proceeding of the 12th USENIX Security Symposium","author":"Provos N.","year":"2003","unstructured":"N. Provos . Improving host security with system call policies . In Proceeding of the 12th USENIX Security Symposium , August 2003 .]] N. Provos. Improving host security with system call policies. In Proceeding of the 12th USENIX Security Symposium, August 2003.]]"},{"key":"e_1_3_2_1_12_1","volume-title":"Proceeding of the 12th USENIX Security Symposium","author":"Provos N.","year":"2003","unstructured":"N. Provos , M. Friedl and P. Honeyman . Preventing privilege escalation . In Proceeding of the 12th USENIX Security Symposium , August 2003 .]] N. Provos, M. Friedl and P. Honeyman. Preventing privilege escalation. In Proceeding of the 12th USENIX Security Symposium, August 2003.]]"},{"key":"e_1_3_2_1_13_1","volume-title":"Proceeding of the USENIX Windows NT workshop","author":"Romer T.","year":"1997","unstructured":"T. Romer , G. Voelker , D. Lee , A. Wolman , W. Wong , H. Levy , B. Bershad and B. Chen . Instrumentation and optimization of Win32\/Intel executables using etch . In Proceeding of the USENIX Windows NT workshop , August 1997 .]] T. Romer, G. Voelker, D. Lee, A. Wolman, W. Wong, H. Levy, B. Bershad and B. Chen. Instrumentation and optimization of Win32\/Intel executables using etch. In Proceeding of the USENIX Windows NT workshop, August 1997.]]"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.5555\/882506.885138"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.5555\/882495.884433"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.5555\/829514.830544"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.5555\/882495.884434"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/168619.168635"},{"key":"e_1_3_2_1_20_1","volume-title":"Proceedings of the 1999 European Institute for Computer Anti-Virus Research Conference","author":"Wespi A.","year":"1999","unstructured":"A. Wespi , M. Dacier and H. Debar . An intrusion-detection system based on the Teiresias pattern-discovery algorithm . In Proceedings of the 1999 European Institute for Computer Anti-Virus Research Conference , 1999 .]] A. Wespi, M. Dacier and H. Debar. An intrusion-detection system based on the Teiresias pattern-discovery algorithm. In Proceedings of the 1999 European Institute for Computer Anti-Virus Research Conference, 1999.]]"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.5555\/645838.670723"}],"event":{"name":"CCS04: 11th ACM Conference on Computer and Communications Security 2004","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control","ACM Association for Computing Machinery"],"location":"Washington DC USA","acronym":"CCS04"},"container-title":["Proceedings of the 11th ACM conference on Computer and communications security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1030083.1030126","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1030083.1030126","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T16:25:07Z","timestamp":1750263907000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1030083.1030126"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2004,10,25]]},"references-count":20,"alternative-id":["10.1145\/1030083.1030126","10.1145\/1030083"],"URL":"https:\/\/doi.org\/10.1145\/1030083.1030126","relation":{},"subject":[],"published":{"date-parts":[[2004,10,25]]},"assertion":[{"value":"2004-10-25","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}