{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,9]],"date-time":"2026-07-09T02:39:19Z","timestamp":1783564759489,"version":"3.55.0"},"publisher-location":"New York, NY, USA","reference-count":48,"publisher":"ACM","license":[{"start":{"date-parts":[[2008,10,27]],"date-time":"2008-10-27T00:00:00Z","timestamp":1225065600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2008,10,27]]},"DOI":"10.1145\/1455770.1455779","type":"proceedings-article","created":{"date-parts":[[2008,11,6]],"date-time":"2008-11-06T13:49:50Z","timestamp":1225979390000},"page":"51-62","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":454,"title":["Ether"],"prefix":"10.1145","author":[{"given":"Artem","family":"Dinaburg","sequence":"first","affiliation":[{"name":"Georgia Institute of Technology, Damballa, Atlanta, GA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Paul","family":"Royal","sequence":"additional","affiliation":[{"name":"Damballa, Georgia Institute of Technology, Atlanta, GA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Monirul","family":"Sharif","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Damballa, Atlanta, GA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Wenke","family":"Lee","sequence":"additional","affiliation":[{"name":"Damballa, Georgia Institute of Technology, Atlanta, GA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2008,10,27]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Anubis: Analyzing Unknown Binaries. http:\/\/anubis.seclab.tuwien.ac.at.  Anubis: Analyzing Unknown Binaries. http:\/\/anubis.seclab.tuwien.ac.at."},{"key":"e_1_3_2_1_2_1","unstructured":"Armadillo. http:\/\/www.siliconrealms.com.  Armadillo. http:\/\/www.siliconrealms.com."},{"key":"e_1_3_2_1_3_1","unstructured":"BitBlaze Binary Analysis Platform. http:\/\/bitblaze.cs.berkeley.edu.  BitBlaze Binary Analysis Platform. http:\/\/bitblaze.cs.berkeley.edu."},{"key":"e_1_3_2_1_4_1","unstructured":"DYNINST API. http:\/\/www.dyninst.org.  DYNINST API. http:\/\/www.dyninst.org."},{"key":"e_1_3_2_1_5_1","unstructured":"FileMon for Windows. http:\/\/technet.microsoft.com\/en-us\/sysinternals\/bb896642.aspx.  FileMon for Windows. http:\/\/technet.microsoft.com\/en-us\/sysinternals\/bb896642.aspx."},{"key":"e_1_3_2_1_6_1","unstructured":"Intel Virtualization Technology. http:\/\/www.intel.com\/technology\/virtualization.  Intel Virtualization Technology. http:\/\/www.intel.com\/technology\/virtualization."},{"key":"e_1_3_2_1_7_1","unstructured":"PEiD. http:\/\/www.peid.info.  PEiD. http:\/\/www.peid.info."},{"key":"e_1_3_2_1_8_1","unstructured":"PEiDSO. http:\/\/handlers.sans.org\/jclausing\/userdb.txt.  PEiDSO. http:\/\/handlers.sans.org\/jclausing\/userdb.txt."},{"key":"e_1_3_2_1_9_1","unstructured":"RegMon for Windows. http:\/\/technet.microsoft.com\/en-us\/sysinternals\/bb896652.aspx.  RegMon for Windows. http:\/\/technet.microsoft.com\/en-us\/sysinternals\/bb896652.aspx."},{"key":"e_1_3_2_1_10_1","unstructured":"Themida. http:\/\/www.oreans.com\/themida.php.  Themida. http:\/\/www.oreans.com\/themida.php."},{"key":"e_1_3_2_1_11_1","unstructured":"VirtualPC. http:\/\/www.microsoft.com\/windows\/products\/winfamily\/virtualpc\/.  VirtualPC. http:\/\/www.microsoft.com\/windows\/products\/winfamily\/virtualpc\/."},{"key":"e_1_3_2_1_12_1","unstructured":"VMWare. http:\/\/www.vmware.com.  VMWare. http:\/\/www.vmware.com."},{"key":"e_1_3_2_1_13_1","volume-title":"http:\/\/www.norman.com\/documents\/wp_sandbox.pdf","author":"Whitepaper Norman Sandbox","year":"2003","unstructured":"Norman Sandbox Whitepaper . http:\/\/www.norman.com\/documents\/wp_sandbox.pdf , 2003 . Norman Sandbox Whitepaper. http:\/\/www.norman.com\/documents\/wp_sandbox.pdf, 2003."},{"key":"e_1_3_2_1_14_1","volume-title":"Volume 2: System Programming","author":"Manual Architecture Programmer's","year":"2007","unstructured":"AMD64 Architecture Programmer's Manual , Volume 2: System Programming , 2007 . AMD64 Architecture Programmer's Manual, Volume 2: System Programming, 2007."},{"key":"e_1_3_2_1_15_1","unstructured":"TEMU\n  : The BitBlaze Dynamic Analysis Component. http:\/\/bitblaze.cs.berkeley.edu\/temu.html 2007.  TEMU: The BitBlaze Dynamic Analysis Component. http:\/\/bitblaze.cs.berkeley.edu\/temu.html 2007."},{"key":"e_1_3_2_1_16_1","unstructured":"P. Bacher T. Holz M. Kotter and G. Wicherski. Know your enemy: Tracking botnets. http:\/\/www.honeynet.org\/papers\/bots 2005.  P. Bacher T. Holz M. Kotter and G. Wicherski. Know your enemy: Tracking botnets. http:\/\/www.honeynet.org\/papers\/bots 2005."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.5555\/1776434.1776449"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945462"},{"key":"e_1_3_2_1_19_1","first-page":"180","volume-title":"EICAR","author":"Bayer U.","year":"2006","unstructured":"U. Bayer , C. Kruegel , and E. Kirda . TTanalyze: A Tool for Analyzing Malware . In EICAR , pages 180 -- 192 , 2006 . U. Bayer, C. Kruegel, and E. Kirda. TTanalyze: A Tool for Analyzing Malware. In EICAR, pages 180--192, 2006."},{"key":"e_1_3_2_1_20_1","first-page":"41","volume-title":"ATEC","author":"Bellard F.","year":"2005","unstructured":"F. Bellard . QEMU , a Fast and Portable Dynamic Translator . In ATEC , pages 41 -- 41 , 2005 . F. Bellard. QEMU, a Fast and Portable Dynamic Translator. In ATEC, pages 41--41, 2005."},{"key":"e_1_3_2_1_21_1","volume-title":"Computer Security: Art and Science","author":"Bishop M.","year":"2003","unstructured":"M. Bishop . Computer Security: Art and Science . Addison-Wesley Professional , 2003 . M. Bishop. Computer Security: Art and Science. Addison-Wesley Professional, 2003."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.37"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315286"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2005.20"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1287624.1287628"},{"key":"e_1_3_2_1_26_1","volume-title":"Symantec Advanced Threat Research","author":"Ferrie P.","year":"2006","unstructured":"P. Ferrie . Attacks on Virtual Machine Emulators . Symantec Advanced Threat Research , 2006 . P. Ferrie. Attacks on Virtual Machine Emulators. Symantec Advanced Threat Research, 2006."},{"key":"e_1_3_2_1_27_1","unstructured":"P. Ferrie. Attacks on More Virtual Machines. http:\/\/pferrie.tripod.com\/papers\/attacks2.pdf 2007.  P. Ferrie. Attacks on More Virtual Machines. http:\/\/pferrie.tripod.com\/papers\/attacks2.pdf 2007."},{"key":"e_1_3_2_1_28_1","volume-title":"NDSS","author":"Garfinkel T.","year":"2003","unstructured":"T. Garfinkel and M. Rosenblum . A Virtual Machine Introspection Based Architecture for Intrusion Detection . In NDSS , 2003 . T. Garfinkel and M. Rosenblum. A Virtual Machine Introspection Based Architecture for Intrusion Detection. In NDSS, 2003."},{"key":"e_1_3_2_1_29_1","first-page":"135","volume-title":"WINSYM","author":"Hunt G.","year":"1999","unstructured":"G. Hunt and D. Brubacher . Detours: Binary Interception of Win32 Functions . In WINSYM , pages 135 -- 143 , 1999 . G. Hunt and D. Brubacher. Detours: Binary Interception of Win32 Functions. In WINSYM, pages 135--143, 1999."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315262"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1007\/11663812_1"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1314389.1314399"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2004.19"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.15"},{"key":"e_1_3_2_1_35_1","unstructured":"F. Perigaud. New Pill? http:\/\/cert.lexsi.com\/weblog\/index.php\/2008\/03\/21\/223-new-pill 2008.  F. Perigaud. New Pill? http:\/\/cert.lexsi.com\/weblog\/index.php\/2008\/03\/21\/223-new-pill 2008."},{"key":"e_1_3_2_1_36_1","volume-title":"Virtual Honeypots: From Botnet Tracking to Intrusion Detection","author":"Provos N.","year":"2007","unstructured":"N. Provos and T. Holz . Virtual Honeypots: From Botnet Tracking to Intrusion Detection . Addison-Wesley Professional , Reading , 2007 . N. Provos and T. Holz. Virtual Honeypots: From Botnet Tracking to Intrusion Detection. Addison-Wesley Professional, Reading, 2007."},{"key":"e_1_3_2_1_37_1","volume-title":"http:\/\/www.matasano.com\/log\/930\/side-channel-detection-attacks-against-unauthorized-hypervisors\/","author":"Ptacek T.","year":"2007","unstructured":"T. Ptacek . Side-Channel Detection Attacks Against Unauthorized Hypervisors. http:\/\/www.matasano.com\/log\/930\/side-channel-detection-attacks-against-unauthorized-hypervisors\/ , 2007 . T. Ptacek. Side-Channel Detection Attacks Against Unauthorized Hypervisors. http:\/\/www.matasano.com\/log\/930\/side-channel-detection-attacks-against-unauthorized-hypervisors\/, 2007."},{"key":"e_1_3_2_1_38_1","volume-title":"Black Hat USA","author":"Quist D.","year":"2007","unstructured":"D. Quist and Valsmith. Covert Debugging : Circumventing Software Armoring . In Black Hat USA , 2007 . D. Quist and Valsmith. Covert Debugging: Circumventing Software Armoring. In Black Hat USA, 2007."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.5555\/2396231.2396233"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2006.38"},{"key":"e_1_3_2_1_41_1","volume-title":"Introduction to the Theory of Computation","author":"Sipser M.","year":"1996","unstructured":"M. Sipser . Introduction to the Theory of Computation . International Thomson Publishing , 1996 . M. Sipser. Introduction to the Theory of Computation. International Thomson Publishing, 1996."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.5555\/1050957"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2005.52"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.9"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1007\/11734727_15"},{"key":"e_1_3_2_1_46_1","volume-title":"NDSS","author":"Wang Y.-M.","year":"2006","unstructured":"Y.-M. Wang , D. Beck , X. Jiang , R. Roussev , C. Verbowski , S. Chen , and S. T. King . Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities . In NDSS , 2006 . Y.-M. Wang, D. Beck, X. Jiang, R. Roussev, C. Verbowski, S. Chen, and S. T. King. Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities. In NDSS, 2006."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2007.45"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315261"}],"event":{"name":"CCS08: 15th ACM Conference on Computer and Communications Security 2008","location":"Alexandria Virginia USA","acronym":"CCS08","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control","ACM Association for Computing Machinery"]},"container-title":["Proceedings of the 15th ACM conference on Computer and communications security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1455770.1455779","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1455770.1455779","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T22:54:14Z","timestamp":1750287254000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1455770.1455779"}},"subtitle":["malware analysis via hardware virtualization extensions"],"short-title":[],"issued":{"date-parts":[[2008,10,27]]},"references-count":48,"alternative-id":["10.1145\/1455770.1455779","10.1145\/1455770"],"URL":"https:\/\/doi.org\/10.1145\/1455770.1455779","relation":{},"subject":[],"published":{"date-parts":[[2008,10,27]]},"assertion":[{"value":"2008-10-27","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}