{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,20]],"date-time":"2026-04-20T10:37:27Z","timestamp":1776681447697,"version":"3.51.2"},"publisher-location":"New York, NY, USA","reference-count":39,"publisher":"ACM","license":[{"start":{"date-parts":[[2014,12,8]],"date-time":"2014-12-08T00:00:00Z","timestamp":1417996800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2014,12,8]]},"DOI":"10.1145\/2664243.2664252","type":"proceedings-article","created":{"date-parts":[[2014,12,8]],"date-time":"2014-12-08T16:30:28Z","timestamp":1418056228000},"page":"386-395","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":138,"title":["Scalability, fidelity and stealth in the DRAKVUF dynamic malware analysis system"],"prefix":"10.1145","author":[{"given":"Tamas K.","family":"Lengyel","sequence":"first","affiliation":[{"name":"University of Connecticut"}]},{"given":"Steve","family":"Maresca","sequence":"additional","affiliation":[{"name":"Zentific, LLC"}]},{"given":"Bryan D.","family":"Payne","sequence":"additional","affiliation":[{"name":"Nebula, Inc."}]},{"given":"George D.","family":"Webster","sequence":"additional","affiliation":[{"name":"TU Munich"}]},{"given":"Sebastian","family":"Vogl","sequence":"additional","affiliation":[{"name":"TU Munich"}]},{"given":"Aggelos","family":"Kiayias","sequence":"additional","affiliation":[{"name":"University of Athens"}]}],"member":"320","published-online":{"date-parts":[[2014,12,8]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"NDSS","author":"Balzarotti D.","year":"2010","unstructured":"D. Balzarotti , M. Cova , C. Karlberger , E. Kirda , C. Kruegel , and G. Vigna . Efficient detection of split personalities in malware . In NDSS , 2010 . D. Balzarotti, M. Cova, C. Karlberger, E. Kirda, C. Kruegel, and G. Vigna. Efficient detection of split personalities in malware. In NDSS, 2010."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/1774088.1774484"},{"key":"e_1_3_2_1_3_1","volume-title":"ACM European Workshop on System Security (EuroSec)","volume":"2012","author":"Bencs\u00e1th B.","year":"2012","unstructured":"B. Bencs\u00e1th , G. P\u00e9k , L. Butty\u00e1n , and M. F\u00e9legyh\u00e1zi . Duqu: Analysis, detection, and lessons learned . In ACM European Workshop on System Security (EuroSec) , volume 2012 , 2012 . B. Bencs\u00e1th, G. P\u00e9k, L. Butty\u00e1n, and M. F\u00e9legyh\u00e1zi. Duqu: Analysis, detection, and lessons learned. In ACM European Workshop on System Security (EuroSec), volume 2012, 2012."},{"key":"e_1_3_2_1_4_1","volume-title":"Scientific but not academical overview of malware anti-debugging, anti-disassembly and anti-vm technologies","author":"Branco R. R.","year":"2012","unstructured":"R. R. Branco , G. N. Barbosa , and P. D. Neto . Scientific but not academical overview of malware anti-debugging, anti-disassembly and anti-vm technologies , 2012 . R. R. Branco, G. N. Barbosa, and P. D. Neto. Scientific but not academical overview of malware anti-debugging, anti-disassembly and anti-vm technologies, 2012."},{"key":"e_1_3_2_1_5_1","volume-title":"Blackhat 2013 workshop: Cuckoo sandbox - open source automated malware analysis. http:\/\/cuckoosandbox.org\/2013-07-27-blackhat-las-vegas-2013","author":"Bremer J.","year":"2013","unstructured":"J. Bremer . Blackhat 2013 workshop: Cuckoo sandbox - open source automated malware analysis. http:\/\/cuckoosandbox.org\/2013-07-27-blackhat-las-vegas-2013 .html, 2013 . J. Bremer. Blackhat 2013 workshop: Cuckoo sandbox - open source automated malware analysis. http:\/\/cuckoosandbox.org\/2013-07-27-blackhat-las-vegas-2013.html, 2013."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-41284-4_10"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33338-5_2"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2523649.2523675"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455779"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653730"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2089125.2089126"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/SRDS.2011.26"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-87403-4_6"},{"key":"e_1_3_2_1_14_1","volume-title":"Binarypig: Scalable static binary analysis over hadoop","author":"Hanif Z.","year":"2013","unstructured":"Z. Hanif , T. Calhoun , and J. Trost . Binarypig: Scalable static binary analysis over hadoop , 2013 . Z. Hanif, T. Calhoun, and J. Trost. Binarypig: Scalable static binary analysis over hadoop, 2013."},{"key":"e_1_3_2_1_15_1","volume-title":"February 3","author":"Harley D.","year":"2014","unstructured":"D. Harley . http:\/\/www.welivesecurity.com\/2012\/02\/02\/tdl4-reloaded-purple-haze-all-in-my-brain\/ , February 3 2014 . D. Harley. http:\/\/www.welivesecurity.com\/2012\/02\/02\/tdl4-reloaded-purple-haze-all-in-my-brain\/, February 3 2014."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315262"},{"key":"e_1_3_2_1_17_1","volume-title":"The art of bootkit development","author":"Kleissner P.","year":"2011","unstructured":"P. Kleissner . The art of bootkit development , 2011 . P. Kleissner. The art of bootkit development, 2011."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046740"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1519065.1519067"},{"key":"e_1_3_2_1_20_1","unstructured":"J. Leitch. Process hollowing. http:\/\/www.autosectools.com\/process-hollowing.pdf November 4 2013.  J. Leitch. Process hollowing. http:\/\/www.autosectools.com\/process-hollowing.pdf November 4 2013."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-38631-2_13"},{"key":"e_1_3_2_1_22_1","unstructured":"LibVMI. https:\/\/code.google.com\/p\/vmitools.  LibVMI. https:\/\/code.google.com\/p\/vmitools."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.17"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.21"},{"key":"e_1_3_2_1_25_1","volume-title":"DTIC Document","author":"Okolica J. S.","year":"2011","unstructured":"J. S. Okolica and G. L. Peterson . Extracting forensic artifacts from windows o\/s memory. Technical report , DTIC Document , 2011 . J. S. Okolica and G. L. Peterson. Extracting forensic artifacts from windows o\/s memory. Technical report, DTIC Document, 2011."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.10"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/1972551.1972554"},{"key":"e_1_3_2_1_28_1","unstructured":"Rekall. https:\/\/github.com\/google\/rekall.  Rekall. https:\/\/github.com\/google\/rekall."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.5555\/1894166.1894179"},{"key":"e_1_3_2_1_30_1","volume-title":"HP","author":"Roberts A.","year":"2013","unstructured":"A. Roberts , R. McClatchey , S. Liaquat , N. Edwards , and M. Wray . Introducing pathogen: A real-time virtual machine introspection framework. Technical report , HP , 2013 . A. Roberts, R. McClatchey, S. Liaquat, N. Edwards, and M. Wray. Introducing pathogen: A real-time virtual machine introspection framework. Technical report, HP, 2013."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2006.38"},{"key":"e_1_3_2_1_32_1","volume-title":"February 4","year":"2014","unstructured":"ShadowServer. The shadowserver foundation. https:\/\/shadowserver.org , February 4 2014 . ShadowServer. The shadowserver foundation. https:\/\/shadowserver.org, February 4 2014."},{"key":"e_1_3_2_1_33_1","unstructured":"VirusTotal. Free online virus malware and url scanner. http:\/\/virustotal.com February 4 2014.  VirusTotal. Free online virus malware and url scanner. http:\/\/virustotal.com February 4 2014."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-38631-2_15"},{"key":"e_1_3_2_1_35_1","unstructured":"Volatility. https:\/\/github.com\/volatilityfoundation\/volatility.  Volatility. https:\/\/github.com\/volatilityfoundation\/volatility."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/1095809.1095825"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2007.45"},{"key":"e_1_3_2_1_38_1","volume-title":"Ruhr-Universitat Bochum","author":"Willems C.","year":"2013","unstructured":"C. Willems , R. Hund , and T. Holz . Cxpinspector: Hypervisor-based, hardware-assisted system monitoring. Technical report , Ruhr-Universitat Bochum , 2013 . C. Willems, R. Hund, and T. Holz. Cxpinspector: Hypervisor-based, hardware-assisted system monitoring. Technical report, Ruhr-Universitat Bochum, 2013."},{"key":"e_1_3_2_1_39_1","unstructured":"J. Wyke. The zeroaccess rootkit. http:\/\/sophosnews.files.wordpress.com\/2012\/04\/zeroaccess2.pdf 2012.  J. Wyke. The zeroaccess rootkit. http:\/\/sophosnews.files.wordpress.com\/2012\/04\/zeroaccess2.pdf 2012."}],"event":{"name":"ACSAC '14: Annual Computer Security Applications Conference","location":"New Orleans Louisiana USA","acronym":"ACSAC '14","sponsor":["ACSA Applied Computing Security Assoc"]},"container-title":["Proceedings of the 30th Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2664243.2664252","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2664243.2664252","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T06:12:01Z","timestamp":1750227121000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2664243.2664252"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,12,8]]},"references-count":39,"alternative-id":["10.1145\/2664243.2664252","10.1145\/2664243"],"URL":"https:\/\/doi.org\/10.1145\/2664243.2664252","relation":{},"subject":[],"published":{"date-parts":[[2014,12,8]]},"assertion":[{"value":"2014-12-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}