{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:15:23Z","timestamp":1750306523704,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":25,"publisher":"ACM","license":[{"start":{"date-parts":[[2014,12,8]],"date-time":"2014-12-08T00:00:00Z","timestamp":1417996800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000144","name":"Division of Computer and Network Systems","doi-asserted-by":"publisher","award":["CNS-1330553"],"award-info":[{"award-number":["CNS-1330553"]}],"id":[{"id":"10.13039\/100000144","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2014,12,8]]},"DOI":"10.1145\/2664243.2664271","type":"proceedings-article","created":{"date-parts":[[2014,12,8]],"date-time":"2014-12-08T16:30:28Z","timestamp":1418056228000},"page":"186-195","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":8,"title":["SEER"],"prefix":"10.1145","author":[{"given":"Jason","family":"Gionta","sequence":"first","affiliation":[{"name":"NC State University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ahmed","family":"Azab","sequence":"additional","affiliation":[{"name":"Samsung Electronics Co., Ltd."}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"William","family":"Enck","sequence":"additional","affiliation":[{"name":"NC State University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Peng","family":"Ning","sequence":"additional","affiliation":[{"name":"NC State University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xiaolan","family":"Zhang","sequence":"additional","affiliation":[{"name":"Google Inc."}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2014,12,8]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.5555\/1247360.1247401"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382234"},{"key":"e_1_3_2_1_3_1","volume-title":"Black Hat Windows Security","author":"Butler Jamie","year":"2004","unstructured":"Jamie Butler . Dkom (direct kernel object manipulation) . Black Hat Windows Security , 2004 . Jamie Butler. Dkom (direct kernel object manipulation). Black Hat Windows Security, 2004."},{"key":"e_1_3_2_1_4_1","unstructured":"Agentless security. Trend Micro. http:\/\/www.trendmicro.com\/cloud-content\/us\/pdfs\/business\/sb_vmware-agentless-security.pdf.  Agentless security. Trend Micro. http:\/\/www.trendmicro.com\/cloud-content\/us\/pdfs\/business\/sb_vmware-agentless-security.pdf."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2007.06.008"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.11"},{"key":"e_1_3_2_1_7_1","volume-title":"Proceedings of the 7th Workshop on Cyber Security Experimentation and Test. USENIX","author":"Gionta Jason","year":"2014","unstructured":"Jason Gionta , Ahmed Azab , William Enck , Peng Ning , and Xiaolan Zhang . Dacsa : A decoupled architecture for cloud security analysis . In Proceedings of the 7th Workshop on Cyber Security Experimentation and Test. USENIX , 2014 . Jason Gionta, Ahmed Azab, William Enck, Peng Ning, and Xiaolan Zhang. Dacsa: A decoupled architecture for cloud security analysis. In Proceedings of the 7th Workshop on Cyber Security Experimentation and Test. USENIX, 2014."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1831407.1831429"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315262"},{"key":"e_1_3_2_1_10_1","unstructured":"Tomasz Kojm. Clamav 2004. http:\/\/www.clamav.net.  Tomasz Kojm. Clamav 2004. http:\/\/www.clamav.net."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2006.06.015"},{"key":"e_1_3_2_1_12_1","volume-title":"Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code","author":"Ligh Michael","year":"2010","unstructured":"Michael Ligh , Steven Adair , Blake Hartstein , and Matthew Richard . Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code . John Wiley & Sons , 2010 . Michael Ligh, Steven Adair, Blake Hartstein, and Matthew Richard. Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code. John Wiley & Sons, 2010."},{"key":"e_1_3_2_1_13_1","unstructured":"Malc0de. Malc0de 2007. http:\/\/malc0de.com.  Malc0de. Malc0de 2007. http:\/\/malc0de.com."},{"key":"e_1_3_2_1_14_1","volume-title":"Offensive-security","author":"About","year":"2012","unstructured":"About the metasploit meterpreter . Offensive-security , 2012 . http:\/\/www.offensive-security.com\/metasploit-unleashed\/About_Meterpreter. About the metasploit meterpreter. Offensive-security, 2012. http:\/\/www.offensive-security.com\/metasploit-unleashed\/About_Meterpreter."},{"key":"e_1_3_2_1_15_1","volume-title":"FireEye","author":"Moran Ned","year":"2013","unstructured":"Ned Moran , Sai Omkar Vashisht , Mike Scott , and Thoufique Haq . Operation ephemeral hydra: Ie zero-day linked to deputydog uses diskless method . FireEye , Nov 2013 . Ned Moran, Sai Omkar Vashisht, Mike Scott, and Thoufique Haq. Operation ephemeral hydra: Ie zero-day linked to deputydog uses diskless method. FireEye, Nov 2013."},{"volume-title":"NSS Labs","year":"2010","key":"e_1_3_2_1_16_1","unstructured":"NSSLabs. Endpoint protection products 2010 group test summary . NSS Labs , 2010 . NSSLabs. Endpoint protection products 2010 group test summary. NSS Labs, 2010."},{"key":"e_1_3_2_1_17_1","first-page":"91","volume-title":"USENIX Security Symposium","author":"Oberheide Jon","year":"2008","unstructured":"Jon Oberheide , Evan Cooke , and Farnam Jahanian . Cloudav : N-version antivirus in the network cloud . In USENIX Security Symposium , pages 91 -- 106 , 2008 . Jon Oberheide, Evan Cooke, and Farnam Jahanian. Cloudav: N-version antivirus in the network cloud. In USENIX Security Symposium, pages 91--106, 2008."},{"key":"e_1_3_2_1_18_1","volume-title":"PC Mag","author":"Rashid Fahmida Y.","year":"2013","unstructured":"Fahmida Y. Rashid . Watering hole attacks scoop up everyone, not just developers at facebook, twitter . PC Mag , March 2013 . Fahmida Y. Rashid. Watering hole attacks scoop up everyone, not just developers at facebook, twitter. PC Mag, March 2013."},{"key":"e_1_3_2_1_19_1","volume-title":"Sans Institutue","author":"Sans","year":"2001","unstructured":"Sans institute infosec reading room: What is code red worm . Sans Institutue , 2001 . Sans institute infosec reading room: What is code red worm. Sans Institutue, 2001."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1519065.1519079"},{"key":"e_1_3_2_1_21_1","unstructured":"Standard Performance Evaluation Corporation. Specweb2009.  Standard Performance Evaluation Corporation. Specweb2009."},{"key":"e_1_3_2_1_22_1","volume-title":"The rsync algorithm","author":"Tridgell Andrew","year":"1996","unstructured":"Andrew Tridgell and Paul Mackerras . The rsync algorithm , 1996 . Andrew Tridgell and Paul Mackerras. The rsync algorithm, 1996."},{"volume-title":"Vmware vshield endpoint","year":"2010","key":"e_1_3_2_1_23_1","unstructured":"VMWare. Vmware vshield endpoint , 2010 . http:\/\/www.vmware.com\/files\/pdf\/vmware-vshield-endpoint-ds-en.pdf. VMWare. Vmware vshield endpoint, 2010. http:\/\/www.vmware.com\/files\/pdf\/vmware-vshield-endpoint-ds-en.pdf."},{"key":"e_1_3_2_1_24_1","unstructured":"The volatility framework: volatile memory artifact extraction utility framework. Volatile Systems.  The volatility framework: volatile memory artifact extraction utility framework. Volatile Systems."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1655008.1655021"}],"event":{"name":"ACSAC '14: Annual Computer Security Applications Conference","sponsor":["ACSA Applied Computing Security Assoc"],"location":"New Orleans Louisiana USA","acronym":"ACSAC '14"},"container-title":["Proceedings of the 30th Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2664243.2664271","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2664243.2664271","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T06:12:01Z","timestamp":1750227121000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2664243.2664271"}},"subtitle":["practical memory virus scanning as a service"],"short-title":[],"issued":{"date-parts":[[2014,12,8]]},"references-count":25,"alternative-id":["10.1145\/2664243.2664271","10.1145\/2664243"],"URL":"https:\/\/doi.org\/10.1145\/2664243.2664271","relation":{},"subject":[],"published":{"date-parts":[[2014,12,8]]},"assertion":[{"value":"2014-12-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}