{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T19:44:11Z","timestamp":1768419851374,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":27,"publisher":"ACM","license":[{"start":{"date-parts":[[2011,10,17]],"date-time":"2011-10-17T00:00:00Z","timestamp":1318809600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2011,10,17]]},"DOI":"10.1145\/2046707.2046740","type":"proceedings-article","created":{"date-parts":[[2011,10,18]],"date-time":"2011-10-18T13:02:00Z","timestamp":1318942920000},"page":"285-296","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":59,"title":["The power of procrastination"],"prefix":"10.1145","author":[{"given":"Clemens","family":"Kolbitsch","sequence":"first","affiliation":[{"name":"Vienna University of Technology, Vienna, Austria"}]},{"given":"Engin","family":"Kirda","sequence":"additional","affiliation":[{"name":"Northeastern University, Boston, MA, USA"}]},{"given":"Christopher","family":"Kruegel","sequence":"additional","affiliation":[{"name":"UC Santa Barbara, Santa Barbara, CA, USA"}]}],"member":"320","published-online":{"date-parts":[[2011,10,17]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"http:\/\/www.opensc.ws\/snippets\/3558-detect-5-different-sandboxes.html","author":"Forum Posting","year":"2009","unstructured":"Forum Posting - Detection of Sandboxes. http:\/\/www.opensc.ws\/snippets\/3558-detect-5-different-sandboxes.html , 2009 . Forum Posting - Detection of Sandboxes. http:\/\/www.opensc.ws\/snippets\/3558-detect-5-different-sandboxes.html, 2009."},{"key":"e_1_3_2_1_2_1","unstructured":"http:\/\/anubis.iseclab.org 2010.  http:\/\/anubis.iseclab.org 2010."},{"key":"e_1_3_2_1_3_1","unstructured":"http:\/\/www.cwsandbox.org 2010.  http:\/\/www.cwsandbox.org 2010."},{"key":"e_1_3_2_1_4_1","unstructured":"http:\/\/www.norman.com\/enterprise\/all_products\/malware_analyzer\/norman_san%dbox_analyzer\/en 2010.  http:\/\/www.norman.com\/enterprise\/all_products\/malware_analyzer\/norman_san%dbox_analyzer\/en 2010."},{"key":"e_1_3_2_1_5_1","unstructured":"http:\/\/msdn.microsoft.com\/en-us\/library\/ms724408%28VS.8529.aspx 2010.  http:\/\/msdn.microsoft.com\/en-us\/library\/ms724408%28VS.8529.aspx 2010."},{"key":"e_1_3_2_1_6_1","volume-title":"Efficient Detection of Split Personalities in Malware. In Network and Distributed System Security Symposium (NDSS)","author":"Balzarotti D.","year":"2010","unstructured":"Balzarotti , D. , Cova , M. , Karlberger , C. , Kruegel , C. , Kirda , E. , and Vigna , G . Efficient Detection of Split Personalities in Malware. In Network and Distributed System Security Symposium (NDSS) ( 2010 ). Balzarotti, D., Cova, M., Karlberger, C., Kruegel, C., Kirda, E., and Vigna, G. Efficient Detection of Split Personalities in Malware. In Network and Distributed System Security Symposium (NDSS) (2010)."},{"key":"e_1_3_2_1_7_1","volume-title":"Workshop on Large-Scale Exploits and Emergent Threats (LEET)","author":"Bayer U.","year":"2009","unstructured":"Bayer , U. , Habibi , I. , Balzarotti , D. , Kirda , E. , and Kruegel , C . A View on Current Malware Behaviors . In Workshop on Large-Scale Exploits and Emergent Threats (LEET) ( 2009 ). Bayer, U., Habibi, I., Balzarotti, D., Kirda, E., and Kruegel, C. A View on Current Malware Behaviors. In Workshop on Large-Scale Exploits and Emergent Threats (LEET) (2009)."},{"key":"e_1_3_2_1_8_1","volume-title":"Behavior-Based Malware Clustering. In Network and Distributed System Security Symposium","author":"Bayer U.","year":"2009","unstructured":"Bayer , U. , Milani Comparetti , P. , Hlauschek , C. , Kruegel , C. , and Kirda , E . Scalable , Behavior-Based Malware Clustering. In Network and Distributed System Security Symposium ( 2009 ). Bayer, U., Milani Comparetti, P., Hlauschek, C., Kruegel, C., and Kirda, E. Scalable, Behavior-Based Malware Clustering. In Network and Distributed System Security Symposium (2009)."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1168857.1168862"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455779"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1858996.1859085"},{"key":"e_1_3_2_1_13_1","volume-title":"P. Attacks on Virtual Machines. In Proceedings of the Association of Anti-Virus Asia Researchers Conference","author":"Ferrie","year":"2007","unstructured":"Ferrie , P. Attacks on Virtual Machines. In Proceedings of the Association of Anti-Virus Asia Researchers Conference ( 2007 ). Ferrie, P. Attacks on Virtual Machines. In Proceedings of the Association of Anti-Virus Asia Researchers Conference (2007)."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.11"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1007\/11555827_19"},{"key":"e_1_3_2_1_16_1","volume-title":"Studying Spamming Botnets Using Botlab. In Usenix Symposium on Networked Systems Design and Implementation (NSDI)","author":"John J.","year":"2009","unstructured":"John , J. , Moshchuk , A. , Gribble , S. , and Krishnamurthy , A . Studying Spamming Botnets Using Botlab. In Usenix Symposium on Networked Systems Design and Implementation (NSDI) ( 2009 ). John, J., Moshchuk, A., Gribble, S., and Krishnamurthy, A. Studying Spamming Botnets Using Botlab. In Usenix Symposium on Networked Systems Design and Implementation (NSDI) (2009)."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1655148.1655151"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.10"},{"key":"e_1_3_2_1_19_1","volume-title":"Usenix Security Symposium","author":"Kolbitsch C.","year":"2009","unstructured":"Kolbitsch , C. , Milani Comparetti , P. , Kruegel , C. , Kirda , E. , Zhou , X. , and Wang , X . Effective and Efficient Malware Detection at the End Host . In Usenix Security Symposium ( 2009 ). Kolbitsch, C., Milani Comparetti, P., Kruegel, C., Kirda, E., Zhou, X., and Wang, X. Effective and Efficient Malware Detection at the End Host. In Usenix Security Symposium (2009)."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1572272.1572303"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.17"},{"key":"e_1_3_2_1_22_1","volume-title":"A Fistful of Red-Pills: How to Automatically Generate Procedures to Detect CPU Emulators. In usenix-woot","author":"Paleari R.","year":"2009","unstructured":"Paleari , R. , Martignoni , L. , Roglia , G. F. , and Bruschi , D . A Fistful of Red-Pills: How to Automatically Generate Procedures to Detect CPU Emulators. In usenix-woot ( 2009 ). Paleari, R., Martignoni, L., Roglia, G. F., and Bruschi, D. A Fistful of Red-Pills: How to Automatically Generate Procedures to Detect CPU Emulators. In usenix-woot (2009)."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.5555\/2396231.2396233"},{"key":"e_1_3_2_1_24_1","unstructured":"Rutkowska J. Red Pill... or how to detect VMM using (almost) one CPU instruction. http:\/\/www.invisiblethings.org\/papers\/redpill.html 2004.  Rutkowska J. Red Pill... or how to detect VMM using (almost) one CPU instruction. http:\/\/www.invisiblethings.org\/papers\/redpill.html 2004."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-89862-7_1"},{"key":"e_1_3_2_1_26_1","volume-title":"Identifying loops using DJ graphs","author":"Sreedhar V. C.","year":"1995","unstructured":"Sreedhar , V. C. , Gao , G. R. , and fong Lee , Y. Identifying loops using DJ graphs , 1995 . Sreedhar, V. C., Gao, G. R., and fong Lee, Y. Identifying loops using DJ graphs, 1995."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653738"},{"key":"e_1_3_2_1_28_1","volume-title":"Recent Advances in Intrusion Detection.","author":"Wilhelm J.","year":"2007","unstructured":"Wilhelm , J. , and Chiueh , T . -c. A Forced Sampled Execution Approach to Kernel Rootkit Identification . In Recent Advances in Intrusion Detection. 2007 . Wilhelm, J., and Chiueh, T.-c. A Forced Sampled Execution Approach to Kernel Rootkit Identification. In Recent Advances in Intrusion Detection. 2007."}],"event":{"name":"CCS'11: the ACM Conference on Computer and Communications Security","location":"Chicago Illinois USA","acronym":"CCS'11","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 18th ACM conference on Computer and communications security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2046707.2046740","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2046707.2046740","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T09:48:42Z","timestamp":1750240122000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2046707.2046740"}},"subtitle":["detection and mitigation of execution-stalling malicious code"],"short-title":[],"issued":{"date-parts":[[2011,10,17]]},"references-count":27,"alternative-id":["10.1145\/2046707.2046740","10.1145\/2046707"],"URL":"https:\/\/doi.org\/10.1145\/2046707.2046740","relation":{},"subject":[],"published":{"date-parts":[[2011,10,17]]},"assertion":[{"value":"2011-10-17","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}