{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,29]],"date-time":"2025-09-29T08:20:20Z","timestamp":1759134020744,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":37,"publisher":"ACM","license":[{"start":{"date-parts":[[2012,10,16]],"date-time":"2012-10-16T00:00:00Z","timestamp":1350345600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2012,10,16]]},"DOI":"10.1145\/2382196.2382234","type":"proceedings-article","created":{"date-parts":[[2012,10,15]],"date-time":"2012-10-15T17:13:12Z","timestamp":1350321192000},"page":"341-352","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":19,"title":["Blacksheep"],"prefix":"10.1145","author":[{"given":"Antonio","family":"Bianchi","sequence":"first","affiliation":[{"name":"UC Santa Barbara, Santa Barbara, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yan","family":"Shoshitaishvili","sequence":"additional","affiliation":[{"name":"UC Santa Barbara, Santa Barbara, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christopher","family":"Kruegel","sequence":"additional","affiliation":[{"name":"UC Santa Barbara, Santa Barbara, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Giovanni","family":"Vigna","sequence":"additional","affiliation":[{"name":"UC Santa Barbara, Santa Barbara, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2012,10,16]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Gmer. http:\/\/www.gmer.net\/ May 2012.  Gmer. http:\/\/www.gmer.net\/ May 2012."},{"key":"e_1_3_2_1_2_1","unstructured":"Hbgary responder pro. http:\/\/www.hbgary.com\/responder-pro-2 May 2012.  Hbgary responder pro. http:\/\/www.hbgary.com\/responder-pro-2 May 2012."},{"key":"e_1_3_2_1_3_1","unstructured":"Qemu website. http:\/\/qemu.org May 2012.  Qemu website. http:\/\/qemu.org May 2012."},{"key":"e_1_3_2_1_4_1","unstructured":"Windows academic program. http:\/\/www.microsoft.com\/education\/facultyconnection\/articles\/articledetails.aspx?cid=2416 Apr. 2012.  Windows academic program. http:\/\/www.microsoft.com\/education\/facultyconnection\/articles\/articledetails.aspx?cid=2416 Apr. 2012."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2010.38"},{"key":"e_1_3_2_1_6_1","first-page":"7","author":"Blunden B.","year":"2009","journal-title":"The Rootkit Arsenal. Wordware Publishing"},{"volume-title":"Black Hat Federal Conference","year":"2006","author":"Burdach M.","key":"e_1_3_2_1_7_1"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653729"},{"key":"e_1_3_2_1_9_1","unstructured":"B. Cogswell and M. Russinovich. Rootkitrevealer. http:\/\/technet.microsoft.com\/en-us\/sysinternals\/bb897445 Nov. 2008.  B. Cogswell and M. Russinovich. Rootkitrevealer. http:\/\/technet.microsoft.com\/en-us\/sysinternals\/bb897445 Nov. 2008."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.scico.2007.01.015"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-30436-1_11"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.5555\/2051002.2051023"},{"volume-title":"TKK T- 110.5290 Seminar on Network Security","year":"2007","author":"Garcia G. L.","key":"e_1_3_2_1_13_1"},{"key":"e_1_3_2_1_14_1","unstructured":"K. Griffin S. Schneider X. Hu and T. cker Chiueh. Automatic generation of string signatures for malware detection.  K. Griffin S. Schneider X. Hu and T. cker Chiueh. Automatic generation of string signatures for malware detection."},{"volume-title":"Addison-Wesley","year":"2005","author":"Hoglund G.","key":"e_1_3_2_1_15_1"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-008-0086-0"},{"volume-title":"Virus Bulletin conference","year":"2011","author":"Kapoor A.","key":"e_1_3_2_1_17_1"},{"volume-title":"International Journal of Digital Evidence","year":"2006","author":"Kornblum J. D.","key":"e_1_3_2_1_18_1"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2006.12.002"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.18"},{"key":"e_1_3_2_1_21_1","unstructured":"M. H. Ligh. Volatility malware plugins. http:\/\/code.google.com\/p\/malwarecookbook.  M. H. Ligh. Volatility malware plugins. http:\/\/code.google.com\/p\/malwarecookbook."},{"volume-title":"the 17th Network and Distributed System Security Symposium","year":"2011","author":"Lin Z.","key":"e_1_3_2_1_22_1"},{"key":"e_1_3_2_1_23_1","unstructured":"McAfee. Mcafee deepsafe. http:\/\/www.mcafee.com\/us\/solutions\/mcafee-deepsafe.aspx 2011.  McAfee. Mcafee deepsafe. http:\/\/www.mcafee.com\/us\/solutions\/mcafee-deepsafe.aspx 2011."},{"key":"e_1_3_2_1_24_1","unstructured":"Microsoft. Kernel patch protection: Faq. http:\/\/msdn.microsoft.com\/en-us\/windows\/hardware\/gg487353 Sept. 2007.  Microsoft. Kernel patch protection: Faq. http:\/\/msdn.microsoft.com\/en-us\/windows\/hardware\/gg487353 Sept. 2007."},{"key":"e_1_3_2_1_25_1","first-page":"289","volume-title":"Proceedings of the USENIX Security Symposium","author":"Petroni N. L.","year":"2006"},{"key":"e_1_3_2_1_26_1","unstructured":"M. E. Russinovich and D. A. Solomon. Windows Internals. Microsoft 5th edition June 2009.  M. E. Russinovich and D. A. Solomon. Windows Internals. Microsoft 5th edition June 2009."},{"key":"e_1_3_2_1_27_1","unstructured":"J. Rutkowska. Rootkits vs. stealth by design malware. https:\/\/www.blackhat.com\/presentations\/bh-europe-06\/bh-eu-06-Rutkowska.pdf 2006.  J. Rutkowska. Rootkits vs. stealth by design malware. https:\/\/www.blackhat.com\/presentations\/bh-europe-06\/bh-eu-06-Rutkowska.pdf 2006."},{"volume-title":"Black Hat DC","year":"2007","author":"Rutkowska J.","key":"e_1_3_2_1_28_1"},{"volume-title":"Pool Allocations as an Information Source in Windows Memory Forensics","year":"2006","author":"Schuster A.","key":"e_1_3_2_1_29_1"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2006.06.010"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"crossref","unstructured":"A. Seshadri M. Luk N. Qu and A. Perrig. Secvisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity oses 2007.  A. Seshadri M. Luk N. Qu and A. Perrig. Secvisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity oses 2007.","DOI":"10.1145\/1294261.1294294"},{"key":"e_1_3_2_1_32_1","unstructured":"R. Treit. Some observations on rootkits. http:\/\/blogs.technet.com\/b\/mmpc\/archive\/2010\/01\/07\/some-observations-on-rootkits.aspx Jan. 2010.  R. Treit. Some observations on rootkits. http:\/\/blogs.technet.com\/b\/mmpc\/archive\/2010\/01\/07\/some-observations-on-rootkits.aspx Jan. 2010."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/586110.586145"},{"key":"e_1_3_2_1_34_1","unstructured":"A. Walters. The volatility framework: Volatile memory artifact extraction utility framework. https:\/\/www. volatilesystems.com\/default\/volatility.  A. Walters. The volatility framework: Volatile memory artifact extraction utility framework. https:\/\/www. volatilesystems.com\/default\/volatility."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653728"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-30143-1_13"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.5555\/1884848.1884850"}],"event":{"name":"CCS'12: the ACM Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Raleigh North Carolina USA","acronym":"CCS'12"},"container-title":["Proceedings of the 2012 ACM conference on Computer and communications security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2382196.2382234","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2382196.2382234","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T09:34:47Z","timestamp":1750239287000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2382196.2382234"}},"subtitle":["detecting compromised hosts in homogeneous crowds"],"short-title":[],"issued":{"date-parts":[[2012,10,16]]},"references-count":37,"alternative-id":["10.1145\/2382196.2382234","10.1145\/2382196"],"URL":"https:\/\/doi.org\/10.1145\/2382196.2382234","relation":{},"subject":[],"published":{"date-parts":[[2012,10,16]]},"assertion":[{"value":"2012-10-16","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}