{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T22:51:51Z","timestamp":1777503111588,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":34,"publisher":"ACM","license":[{"start":{"date-parts":[[2015,10,16]],"date-time":"2015-10-16T00:00:00Z","timestamp":1444953600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2015,10,16]]},"DOI":"10.1145\/2808769.2808773","type":"proceedings-article","created":{"date-parts":[[2015,10,6]],"date-time":"2015-10-06T15:22:12Z","timestamp":1444144932000},"page":"35-44","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":64,"title":["Malicious Behavior Detection using Windows Audit Logs"],"prefix":"10.1145","author":[{"given":"Konstantin","family":"Berlin","sequence":"first","affiliation":[{"name":"Invincea Labs, LLC, Arlington, VA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"David","family":"Slater","sequence":"additional","affiliation":[{"name":"Invincea Labs, LLC, Arlington, VA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Joshua","family":"Saxe","sequence":"additional","affiliation":[{"name":"Invincea Labs, LLC, Arlington, VA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2015,10,16]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Anubis. https:\/\/anubis.iseclab.org\/.  Anubis. https:\/\/anubis.iseclab.org\/."},{"key":"e_1_3_2_1_2_1","unstructured":"Cuckoo Sandbox. http:\/\/www.cuckoosandbox.org.  Cuckoo Sandbox. http:\/\/www.cuckoosandbox.org."},{"key":"e_1_3_2_1_3_1","unstructured":"VirtualBox. https:\/\/www.virustotal.com.  VirtualBox. https:\/\/www.virustotal.com."},{"key":"e_1_3_2_1_4_1","unstructured":"VirusTotal. hhttps:\/\/www.virtualbox.org.  VirusTotal. hhttps:\/\/www.virtualbox.org."},{"key":"e_1_3_2_1_5_1","unstructured":"Description of security events in Windows Vista and in Windows Server 2008. https:\/\/support.microsoft.com\/en-us\/kb\/947226 January 2009.  Description of security events in Windows Vista and in Windows Server 2008. https:\/\/support.microsoft.com\/en-us\/kb\/947226 January 2009."},{"key":"e_1_3_2_1_6_1","unstructured":"Visual basic platform is becoming increasingly popular among malware writers. http:\/\/www.lavasoft.com\/mylavasoft\/securitycenter\/whitepapers\/visual-basic-platform-is-becoming-increasingly-popular-among-malware September 2012.  Visual basic platform is becoming increasingly popular among malware writers. http:\/\/www.lavasoft.com\/mylavasoft\/securitycenter\/whitepapers\/visual-basic-platform-is-becoming-increasingly-popular-among-malware September 2012."},{"key":"e_1_3_2_1_7_1","unstructured":"Does malware still detect virtual machines? http:\/\/www.symantec.com\/connect\/blogs\/does-malware-still-detect-virtual-machines August 2014.  Does malware still detect virtual machines? http:\/\/www.symantec.com\/connect\/blogs\/does-malware-still-detect-virtual-machines August 2014."},{"key":"e_1_3_2_1_8_1","unstructured":"File detection test of malicious software. http:\/\/www.av-comparatives.org\/wp-content\/uploads\/2015\/04\/avc_fdt_201503_en.pdf April 2015.  File detection test of malicious software. http:\/\/www.av-comparatives.org\/wp-content\/uploads\/2015\/04\/avc_fdt_201503_en.pdf April 2015."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-011-0152-x"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"crossref","first-page":"46","DOI":"10.1007\/978-3-319-11379-1_3","volume-title":"Research in Attacks, Intrusions and Defenses","author":"Bowers K. D.","year":"2014"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2393596.2393627"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.4304\/jcp.4.5.405-414"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2089125.2089126"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2619091"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2013.16"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.18637\/jss.v033.i01"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.4236\/jis.2014.52006"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-980109"},{"key":"e_1_3_2_1_19_1","volume-title":"Usenix Security","author":"Lee W.","year":"1998"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1502777.1502779"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.5555\/1076315"},{"key":"e_1_3_2_1_22_1","first-page":"112","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"Mohaisen A.","year":"2014"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-15087-1_9"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.21"},{"key":"e_1_3_2_1_25_1","unstructured":"J. Qian T. Hastie J. Friedman R. Tibshirani and N. Simon. Glmnet for MATLAB. http:\/\/www.stanford.edu\/~hastie\/glmnet_matlab 2013.  J. Qian T. Hastie J. Friedman R. Tibshirani and N. Simon. Glmnet for MATLAB. http:\/\/www.stanford.edu\/~hastie\/glmnet_matlab 2013."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-012-0160-5"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/317087.317089"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.5555\/2621980"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1519065.1519073"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1111\/j.2517-6161.1996.tb02080.x"},{"key":"e_1_3_2_1_31_1","unstructured":"G. Vigna. Antivirus isn't dead it just can't keep up. http:\/\/labs.lastline.com\/lastline-labs-av-isnt-dead-it-just-cant-keep-up May 2014.  G. Vigna. Antivirus isn't dead it just can't keep up. http:\/\/labs.lastline.com\/lastline-labs-av-isnt-dead-it-just-cant-keep-up May 2014."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.1999.766910"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2523649.2523670"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315261"}],"event":{"name":"CCS'15: The 22nd ACM Conference on Computer and Communications Security","location":"Denver Colorado USA","acronym":"CCS'15","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 8th ACM Workshop on Artificial Intelligence and Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2808769.2808773","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2808769.2808773","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T05:07:43Z","timestamp":1750223263000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2808769.2808773"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,10,16]]},"references-count":34,"alternative-id":["10.1145\/2808769.2808773","10.1145\/2808769"],"URL":"https:\/\/doi.org\/10.1145\/2808769.2808773","relation":{},"subject":[],"published":{"date-parts":[[2015,10,16]]},"assertion":[{"value":"2015-10-16","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}