{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,27]],"date-time":"2026-02-27T03:46:23Z","timestamp":1772163983068,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":26,"publisher":"ACM","license":[{"start":{"date-parts":[[2013,6,23]],"date-time":"2013-06-23T00:00:00Z","timestamp":1371945600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000143","name":"Division of Computing and Communication Foundations","doi-asserted-by":"publisher","award":["CCF\/TC 1054844"],"award-info":[{"award-number":["CCF\/TC 1054844"]}],"id":[{"id":"10.13039\/100000143","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100007140","name":"Synopsys","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100007140","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100006112","name":"Microsoft Research","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100006112","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000181","name":"Air Force Office of Scientific Research","doi-asserted-by":"publisher","award":["FA 99500910389"],"award-info":[{"award-number":["FA 99500910389"]}],"id":[{"id":"10.13039\/100000181","id-type":"DOI","asserted-by":"publisher"}]},{"name":"WindRiver Corp"},{"DOI":"10.13039\/100000879","name":"Alfred P. Sloan Foundation","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100000879","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000185","name":"Defense Advanced Research Projects Agency","doi-asserted-by":"publisher","award":["FA 865011C7190, FA 87501020253"],"award-info":[{"award-number":["FA 865011C7190, FA 87501020253"]}],"id":[{"id":"10.13039\/100000185","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Xilinx"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2013,6,23]]},"DOI":"10.1145\/2485922.2485970","type":"proceedings-article","created":{"date-parts":[[2013,6,25]],"date-time":"2013-06-25T15:13:21Z","timestamp":1372173201000},"page":"559-570","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":147,"title":["On the feasibility of online malware detection with performance counters"],"prefix":"10.1145","author":[{"given":"John","family":"Demme","sequence":"first","affiliation":[{"name":"Columbia University, NY"}]},{"given":"Matthew","family":"Maycock","sequence":"additional","affiliation":[{"name":"Columbia University, NY"}]},{"given":"Jared","family":"Schmitz","sequence":"additional","affiliation":[{"name":"Columbia University, NY"}]},{"given":"Adrian","family":"Tang","sequence":"additional","affiliation":[{"name":"Columbia University, NY"}]},{"given":"Adam","family":"Waksman","sequence":"additional","affiliation":[{"name":"Columbia University, NY"}]},{"given":"Simha","family":"Sethumadhavan","sequence":"additional","affiliation":[{"name":"Columbia University, NY"}]},{"given":"Salvatore","family":"Stolfo","sequence":"additional","affiliation":[{"name":"Columbia University, NY"}]}],"member":"320","published-online":{"date-parts":[[2013,6,23]]},"reference":[{"key":"e_1_3_2_1_1_1","first-page":"55","volume-title":"The underground economy of fake antivirus software,\" in Economics of Information Security and Privacy III","author":"Stone-Gross B.","year":"2013","unstructured":"B. Stone-Gross , R. Abman , R. Kemmerer , C. Kruegel , D. Steigerwald , and G. Vigna , \" The underground economy of fake antivirus software,\" in Economics of Information Security and Privacy III (B. Schneier, ed.), pp. 55 -- 78 , Springer New York , 2013 . B. Stone-Gross, R. Abman, R. Kemmerer, C. Kruegel, D. Steigerwald, and G. Vigna, \"The underground economy of fake antivirus software,\" in Economics of Information Security and Privacy III (B. Schneier, ed.), pp. 55--78, Springer New York, 2013."},{"key":"e_1_3_2_1_2_1","volume-title":"Measuring Pay-per-Install: The commoditization of malware distribution,\" in Proc. of the 20th USENIX Security Symp","author":"Caballero J.","year":"2011","unstructured":"J. Caballero , C. Grier , C. Kreibich , and V. Paxson , \" Measuring Pay-per-Install: The commoditization of malware distribution,\" in Proc. of the 20th USENIX Security Symp ., 2011 . J. Caballero, C. Grier, C. Kreibich, and V. Paxson, \"Measuring Pay-per-Install: The commoditization of malware distribution,\" in Proc. of the 20th USENIX Security Symp., 2011."},{"key":"e_1_3_2_1_3_1","unstructured":"Trend Micro Corporation \"Russian underground.\"  Trend Micro Corporation \"Russian underground.\""},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.67"},{"key":"e_1_3_2_1_6_1","volume-title":"W32.Duqu: The Precursor to the Next Stuxnet,\" in Proc. of the 5th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET)","author":"Chien E.","year":"2012","unstructured":"E. Chien , L. O Murchu , and N. Falliere , \" W32.Duqu: The Precursor to the Next Stuxnet,\" in Proc. of the 5th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET) , 2012 . E. Chien, L. OMurchu, and N. Falliere, \"W32.Duqu: The Precursor to the Next Stuxnet,\" in Proc. of the 5th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), 2012."},{"key":"e_1_3_2_1_7_1","volume-title":"Reputation-based security: An analysis of real world effectiveness","author":"Ramzan Z.","year":"2009","unstructured":"Z. Ramzan , V. Seshadri , and C. Nachenberg , \" Reputation-based security: An analysis of real world effectiveness ,\" Sep 2009 . Z. Ramzan, V. Seshadri, and C. Nachenberg, \"Reputation-based security: An analysis of real world effectiveness,\" Sep 2009."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382284"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.15"},{"key":"e_1_3_2_1_10_1","first-page":"123","volume-title":"Hunting for metamorphic,\" in In Virus Bulletin Conference","author":"Sz\u00c3\u0171r P.","year":"2001","unstructured":"P. Sz\u00c3\u0171r and P. Ferrie , \" Hunting for metamorphic,\" in In Virus Bulletin Conference , pp. 123 -- 144 , 2001 . P. Sz\u00c3\u0171r and P. Ferrie, \"Hunting for metamorphic,\" in In Virus Bulletin Conference, pp. 123--144, 2001."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866353"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1287624.1287628"},{"key":"e_1_3_2_1_13_1","first-page":"120","volume-title":"A sense of self for unix processes,\" in Proc. of the 1996 IEEE Symp. on Security and Privacy","author":"Forrest S.","year":"1996","unstructured":"S. Forrest , S. A. Hofmeyr , A. Somayaji , and T. A. Longstaff , \" A sense of self for unix processes,\" in Proc. of the 1996 IEEE Symp. on Security and Privacy , pp. 120 -- 135 , 1996 . S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff, \"A sense of self for unix processes,\" in Proc. of the 1996 IEEE Symp. on Security and Privacy, pp. 120--135, 1996."},{"key":"e_1_3_2_1_14_1","first-page":"120","volume-title":"A data mining framework for building intrusion detection models,\" in In IEEE Symposium on Security and Privacy","author":"Lee W.","year":"1999","unstructured":"W. Lee , S. J. Stolfo , and K. W. Mok , \" A data mining framework for building intrusion detection models,\" in In IEEE Symposium on Security and Privacy , pp. 120 -- 132 , 1999 . W. Lee, S. J. Stolfo, and K. W. Mok, \"A data mining framework for building intrusion detection models,\" in In IEEE Symposium on Security and Privacy, pp. 120--132, 1999."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70542-0_6"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.5555\/1776434.1776449"},{"key":"e_1_3_2_1_17_1","volume-title":"Scalable, behavior-based malware clustering,\" in Network and Distributed System Security Symposium","author":"Bayer U.","year":"2009","unstructured":"U. Bayer , P. M. Comparetti , C. Hlauschek , C. Kr\u00fcgel , and E. Kirda , \" Scalable, behavior-based malware clustering,\" in Network and Distributed System Security Symposium , 2009 . U. Bayer, P. M. Comparetti, C. Hlauschek, C. Kr\u00fcgel, and E. Kirda, \"Scalable, behavior-based malware clustering,\" in Network and Distributed System Security Symposium, 2009."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046582.2046596"},{"key":"e_1_3_2_1_19_1","first-page":"1","volume-title":"Conf. on Dependable Systems and Networks (DSN)","author":"Xia Y.","year":"2012","unstructured":"Y. Xia , Y. Liu , H. Chen , and B. Zang , \" Cfimon: Detecting violation of control flow integrity using performance counters,\" in Proc. of the 2012 42nd Annual IEEE\/IFIP Intl . Conf. on Dependable Systems and Networks (DSN) , pp. 1 -- 12 , 2012 . Y. Xia, Y. Liu, H. Chen, and B. Zang, \"Cfimon: Detecting violation of control flow integrity using performance counters,\" in Proc. of the 2012 42nd Annual IEEE\/IFIP Intl. Conf. on Dependable Systems and Networks (DSN), pp. 1--12, 2012."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/MM.2003.1261391"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2006.30"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.16"},{"key":"e_1_3_2_1_23_1","unstructured":"F. Matias \"Linux rootkit implementation \" Dec 2011.  F. Matias \"Linux rootkit implementation \" Dec 2011."},{"key":"e_1_3_2_1_24_1","unstructured":"BlackHat Library \"Jynx rootkit2.0 \" Mar 2012.  BlackHat Library \"Jynx rootkit2.0 \" Mar 2012."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1978672.1978683"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.5555\/2337159.2337172"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046752"}],"event":{"name":"ISCA'13: The 40th Annual International Symposium on Computer Architecture","location":"Tel-Aviv Israel","acronym":"ISCA'13","sponsor":["IEEE CS","SIGARCH ACM Special Interest Group on Computer Architecture"]},"container-title":["Proceedings of the 40th Annual International Symposium on Computer Architecture"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2485922.2485970","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2485922.2485970","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:48:44Z","timestamp":1750222124000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2485922.2485970"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013,6,23]]},"references-count":26,"alternative-id":["10.1145\/2485922.2485970","10.1145\/2485922"],"URL":"https:\/\/doi.org\/10.1145\/2485922.2485970","relation":{"is-identical-to":[{"id-type":"doi","id":"10.1145\/2508148.2485970","asserted-by":"object"}]},"subject":[],"published":{"date-parts":[[2013,6,23]]},"assertion":[{"value":"2013-06-23","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}