{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,12]],"date-time":"2026-01-12T21:07:07Z","timestamp":1768252027133,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":75,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,9,28]],"date-time":"2020-09-28T00:00:00Z","timestamp":1601251200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Conselho Nacional de Desenvolvimento Cient\u00edfico e Tecnol\u00f3gico","award":["164745\/2017-3"],"award-info":[{"award-number":["164745\/2017-3"]}]},{"DOI":"10.13039\/501100013275","name":"Instituto Serrapilheira","doi-asserted-by":"publisher","award":["1709-16621"],"award-info":[{"award-number":["1709-16621"]}],"id":[{"id":"10.13039\/501100013275","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,9,28]]},"DOI":"10.1145\/3422575.3422775","type":"proceedings-article","created":{"date-parts":[[2021,3,22]],"date-time":"2021-03-22T01:43:40Z","timestamp":1616377420000},"page":"23-38","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":7,"title":["Near-Memory & In-Memory Detection of Fileless Malware"],"prefix":"10.1145","author":[{"given":"Marcus","family":"Botacin","sequence":"first","affiliation":[{"name":"Federal University of Paran\u00e1, Brazil"}]},{"given":"Andr\u00e9","family":"Gr\u00e9gio","sequence":"additional","affiliation":[{"name":"UFPR, Brazil"}]},{"given":"Marco Antonio Zanata","family":"Alves","sequence":"additional","affiliation":[{"name":"UFPR - Universidade Federal do Paran\u00e1, Brazil"}]}],"member":"320","published-online":{"date-parts":[[2021,3,21]]},"reference":[{"key":"e_1_3_2_1_1_1","article-title":"On Improving Antivirus Scanning Engines: Memory On-Access Scanner. https:\/\/thescipub.com\/abstract\/10.3844\/jcssp.2017.290.300","volume":"1","author":"Al-Saleh I.","year":"2017","journal-title":"Journal of Computer Sciences 13, Article"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.5555\/1224252.1224501"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.5555\/2971808.2972100"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPCC-CSS-ICESS.2015.166"},{"key":"e_1_3_2_1_5_1","unstructured":"apriorit. 2018. A Windows API hooking library. https:\/\/github.com\/apriorit\/mhook.  apriorit. 2018. A Windows API hooking library. https:\/\/github.com\/apriorit\/mhook."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2018.04.019"},{"key":"e_1_3_2_1_7_1","volume-title":"Information Security","author":"Beppler Tamy"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3152162"},{"key":"e_1_3_2_1_9_1","first-page":"1","article-title":"The self modifying code (SMC)-aware processor (SAP): a security look on architectural impact and support","volume":"1","author":"Botacin Marcus","year":"2020","journal-title":"Journal of Computer Virology and Hacking Techniques"},{"key":"e_1_3_2_1_10_1","unstructured":"Rodrigo\u00a0Rubira Branco Gabriel\u00a0Negreira Barbosa and Pedro\u00a0Drimel Neto. 2012. Scientific but Not Academical Overview of Malware Anti-Debugging Anti-Disassembly and Anti-VM Technologies. https:\/\/media.blackhat.com\/bh-us-12\/Briefings\/Branco\/BH_US_12_Branco_Scientific_Academic_WP.pdf.  Rodrigo\u00a0Rubira Branco Gabriel\u00a0Negreira Barbosa and Pedro\u00a0Drimel Neto. 2012. Scientific but Not Academical Overview of Malware Anti-Debugging Anti-Disassembly and Anti-VM Technologies. https:\/\/media.blackhat.com\/bh-us-12\/Briefings\/Branco\/BH_US_12_Branco_Scientific_Academic_WP.pdf."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1016850.1016863"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSEC.2018.2875369"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2013.6693090"},{"key":"e_1_3_2_1_14_1","unstructured":"Clamav. 2018. Clamav. https:\/\/www.clamav.net\/downloads#collapseCVD.  Clamav. 2018. Clamav. https:\/\/www.clamav.net\/downloads#collapseCVD."},{"key":"e_1_3_2_1_15_1","unstructured":"ClamSentinel. 2018. ClamSentinel. https:\/\/sourceforge.net\/projects\/clamsentinel\/.  ClamSentinel. 2018. ClamSentinel. https:\/\/sourceforge.net\/projects\/clamsentinel\/."},{"key":"e_1_3_2_1_16_1","unstructured":"ClamWin. 2018. Free Antivirus for Windows. http:\/\/www.clamwin.com\/.  ClamWin. 2018. Free Antivirus for Windows. http:\/\/www.clamwin.com\/."},{"key":"e_1_3_2_1_17_1","unstructured":"Fred Cohen. 1984. Computer Viruses - Theory and Experiments. http:\/\/web.eecs.umich.edu\/~aprakash\/eecs588\/handouts\/cohen-viruses.html.  Fred Cohen. 1984. Computer Viruses - Theory and Experiments. http:\/\/web.eecs.umich.edu\/~aprakash\/eecs588\/handouts\/cohen-viruses.html."},{"key":"e_1_3_2_1_18_1","unstructured":"Hybrid Memory\u00a0Cube Consortium. 2013. Hybrid Memory Cube Specification Rev. 2.0. http:\/\/www.hybridmemorycube.org.  Hybrid Memory\u00a0Cube Consortium. 2013. Hybrid Memory Cube Specification Rev. 2.0. http:\/\/www.hybridmemorycube.org."},{"key":"e_1_3_2_1_19_1","unstructured":"Cyberscoop. 2017. New malware works only in memory leaves no trace. https:\/\/www.cyberscoop.com\/kaspersky-fileless-malware-memory-attribution-detection\/.  Cyberscoop. 2017. New malware works only in memory leaves no trace. https:\/\/www.cyberscoop.com\/kaspersky-fileless-malware-memory-attribution-detection\/."},{"key":"e_1_3_2_1_20_1","unstructured":"DarkReading. 2016. Fileless Malware Takes 2016 By Storm. https:\/\/www.darkreading.com\/vulnerabilities---threats\/fileless-malware-takes-2016-by-storm\/d\/d-id\/1327796.  DarkReading. 2016. Fileless Malware Takes 2016 By Storm. https:\/\/www.darkreading.com\/vulnerabilities---threats\/fileless-malware-takes-2016-by-storm\/d\/d-id\/1327796."},{"key":"e_1_3_2_1_21_1","unstructured":"EMSISOFT. 2015. Why antivirus uses so much RAM \u2013 And why that is actually a good thing!https:\/\/blog.emsisoft.com\/2016\/04\/13\/why-antivirus-uses-so-much-ram-and-why-that-is-actually-a-good-thing\/.  EMSISOFT. 2015. Why antivirus uses so much RAM \u2013 And why that is actually a good thing!https:\/\/blog.emsisoft.com\/2016\/04\/13\/why-antivirus-uses-so-much-ram-and-why-that-is-actually-a-good-thing\/."},{"key":"e_1_3_2_1_22_1","unstructured":"ESET. 2018. Types of updates. http:\/\/support.eset.com\/kb309\/?viewlocale=en_US.  ESET. 2018. Types of updates. http:\/\/support.eset.com\/kb309\/?viewlocale=en_US."},{"key":"e_1_3_2_1_23_1","unstructured":"Facebook. 2018. OSQuery. https:\/\/osquery.io\/schema\/3.3.2.  Facebook. 2018. OSQuery. https:\/\/osquery.io\/schema\/3.3.2."},{"key":"e_1_3_2_1_24_1","unstructured":"glmcdona. 2017. Process-Dump. https:\/\/github.com\/glmcdona\/Process-Dump.  glmcdona. 2017. Process-Dump. https:\/\/github.com\/glmcdona\/Process-Dump."},{"key":"e_1_3_2_1_25_1","unstructured":"Google. 2017. Rekall. https:\/\/github.com\/google\/rekall.  Google. 2017. Rekall. https:\/\/github.com\/google\/rekall."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.5555\/1996289"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/1980022.1980300"},{"key":"e_1_3_2_1_28_1","unstructured":"Peter Gutmann. 2007. The Commercial Malware Industry. https:\/\/www.cs.auckland.ac.nz\/~pgut001\/pubs\/malware_biz.pdf.  Peter Gutmann. 2007. The Commercial Malware Industry. https:\/\/www.cs.auckland.ac.nz\/~pgut001\/pubs\/malware_biz.pdf."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1508128.1508171"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.5555\/1076346"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2012.2206028"},{"key":"e_1_3_2_1_32_1","unstructured":"Intel. 2011. Intel(R) Advanced Vector Extensions Programming Reference. Intel.  Intel. 2011. Intel(R) Advanced Vector Extensions Programming Reference. Intel."},{"key":"e_1_3_2_1_33_1","unstructured":"Intel. 2013. Intel 64 and IA-32 Architectures Software Developer\u2019s Manual. Intel.  Intel. 2013. Intel 64 and IA-32 Architectures Software Developer\u2019s Manual. Intel."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.5555\/1543376"},{"key":"e_1_3_2_1_35_1","unstructured":"Aamer Jaleel. 2012. Memory Characterization of Workloads Using Instrumentation-Driven Simulation. http:\/\/www.jaleels.org\/ajaleel\/publications\/SPECanalysis.pdf.  Aamer Jaleel. 2012. Memory Characterization of Workloads Using Instrumentation-Driven Simulation. http:\/\/www.jaleels.org\/ajaleel\/publications\/SPECanalysis.pdf."},{"key":"e_1_3_2_1_36_1","volume-title":"Access in May 11","year":"2015"},{"key":"e_1_3_2_1_37_1","unstructured":"Kaspersky. 2017. A Disembodied Threat. https:\/\/www.kaspersky.com\/blog\/bodiless-threat\/6128\/.  Kaspersky. 2017. A Disembodied Threat. https:\/\/www.kaspersky.com\/blog\/bodiless-threat\/6128\/."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/1460877.1460879"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/TVLSI.2008.2012011"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/1065010.1065034"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.5555\/1894166.1894187"},{"key":"e_1_3_2_1_42_1","unstructured":"Micron. 2018. Hybrid Memory Cube \u2013 HMC Gen2. https:\/\/www.micron.com\/~\/media\/documents\/products\/data-sheet\/hmc\/gen2\/hmc_gen2.pdf.  Micron. 2018. Hybrid Memory Cube \u2013 HMC Gen2. https:\/\/www.micron.com\/~\/media\/documents\/products\/data-sheet\/hmc\/gen2\/hmc_gen2.pdf."},{"key":"e_1_3_2_1_43_1","unstructured":"Microsoft. 2017. Enumerating All Processes. https:\/\/msdn.microsoft.com\/pt-br\/library\/windows\/desktop\/ms682623(v=vs.85).aspx.  Microsoft. 2017. Enumerating All Processes. https:\/\/msdn.microsoft.com\/pt-br\/library\/windows\/desktop\/ms682623(v=vs.85).aspx."},{"key":"e_1_3_2_1_44_1","unstructured":"Microsoft. 2017. OpenProcess function. https:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/ms684320(v=vs.85).aspx.  Microsoft. 2017. OpenProcess function. https:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/ms684320(v=vs.85).aspx."},{"key":"e_1_3_2_1_45_1","unstructured":"Microsoft. 2017. ReadProcessMemory function. https:\/\/msdn.microsoft.com\/pt-br\/library\/windows\/desktop\/ms680553(v=vs.85).aspx.  Microsoft. 2017. ReadProcessMemory function. https:\/\/msdn.microsoft.com\/pt-br\/library\/windows\/desktop\/ms680553(v=vs.85).aspx."},{"key":"e_1_3_2_1_46_1","unstructured":"Microsoft. 2018. Getting started with Windows drivers. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/gettingstarted\/.  Microsoft. 2018. Getting started with Windows drivers. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/gettingstarted\/."},{"key":"e_1_3_2_1_47_1","unstructured":"Microsoft. 2018. IsDebuggerPresent function. https:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/ms680345(v=vs.85).aspx.  Microsoft. 2018. IsDebuggerPresent function. https:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/ms680345(v=vs.85).aspx."},{"key":"e_1_3_2_1_48_1","unstructured":"Microsoft. 2018. Overview of memory dump file options for Windows. https:\/\/support.microsoft.com\/en-us\/help\/254649\/overview-of-memory-dump-file-options-for-windows.  Microsoft. 2018. Overview of memory dump file options for Windows. https:\/\/support.microsoft.com\/en-us\/help\/254649\/overview-of-memory-dump-file-options-for-windows."},{"key":"e_1_3_2_1_49_1","unstructured":"Microsoft. 2019. MD5 Class. https:\/\/docs.microsoft.com\/en-us\/dotnet\/api\/system.security.cryptography.md5?view=netframework-4.8.  Microsoft. 2019. MD5 Class. https:\/\/docs.microsoft.com\/en-us\/dotnet\/api\/system.security.cryptography.md5?view=netframework-4.8."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382202"},{"key":"e_1_3_2_1_51_1","volume-title":"Limits of Static Analysis for Malware Detection. In Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007","author":"Moser A.","year":"2007"},{"key":"e_1_3_2_1_52_1","unstructured":"Netmarketshare. 2018. Operating System Market Share. https:\/\/www.netmarketshare.com\/operating-system-market-share.aspx.  Netmarketshare. 2018. Operating System Market Share. https:\/\/www.netmarketshare.com\/operating-system-market-share.aspx."},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.98"},{"key":"e_1_3_2_1_54_1","volume-title":"NIM: An HMC-Based Machine for Neuron Computation","author":"Oliveira F.","year":"2017"},{"key":"e_1_3_2_1_55_1","volume-title":"A. Opdebeeck, T. Chiarella, B. Parvais, I. Debusschere, T.\u00a0Y. Hoffmann, B.\u00a0De Wachter, W. Dehaene, M. Stucchi, M. Rakowski, P. Soussan, R. Cartuyvels, E. Beyne, S. Biesemans, and B. Swinnen.","author":"Olmen Van","year":"2008"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2015.2439274"},{"key":"e_1_3_2_1_57_1","unstructured":"OSForensics. 2018. OSForensics. https:\/\/www.osforensics.com\/.  OSForensics. 2018. OSForensics. https:\/\/www.osforensics.com\/."},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/3061639.3062202"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2004.28"},{"key":"e_1_3_2_1_60_1","unstructured":"Matt Pietrek. 1994. Peering Inside the PE: A Tour of the Win32 Portable Executable File Format. https:\/\/msdn.microsoft.com\/en-us\/library\/ms809762.aspx.  Matt Pietrek. 1994. Peering Inside the PE: A Tour of the Win32 Portable Executable File Format. https:\/\/msdn.microsoft.com\/en-us\/library\/ms809762.aspx."},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1109\/2.928624"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.14"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.5555\/3130379.3130551"},{"key":"e_1_3_2_1_64_1","volume-title":"Top 10 Malware","author":"Security Cis","year":"2018"},{"key":"e_1_3_2_1_65_1","volume-title":"Top 10 Malware","author":"Security Cis","year":"2019"},{"key":"e_1_3_2_1_66_1","unstructured":"Offensive Security. 2017. Using Meterpreter Commands. https:\/\/www.offensive-security.com\/metasploit-unleashed\/meterpreter-basics\/.  Offensive Security. 2017. Using Meterpreter Commands. https:\/\/www.offensive-security.com\/metasploit-unleashed\/meterpreter-basics\/."},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/3297663.3310311"},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/2846100"},{"key":"e_1_3_2_1_69_1","volume-title":"CPU 2006","author":"SPEC.","year":"2006"},{"key":"e_1_3_2_1_70_1","volume-title":"An emerging threat Fileless malware: a survey and research challenges. Cybersecurity 3, 1 (14","author":"Sushil Kumar Sudhakar","year":"2020"},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1145\/2645791.2645857"},{"key":"e_1_3_2_1_72_1","unstructured":"TechRadar. 2018. Ransomware attacks see huge year-on-year rise. https:\/\/www.techradar.com\/news\/ransomware-attacks-see-huge-year-on-year-rise.  TechRadar. 2018. Ransomware attacks see huge year-on-year rise. https:\/\/www.techradar.com\/news\/ransomware-attacks-see-huge-year-on-year-rise."},{"key":"e_1_3_2_1_73_1","unstructured":"TrendMicro. 2017. A Look at JS_POWMET a Completely Fileless Malware. http:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/look-js_powmet-completely-fileless-malware\/.  TrendMicro. 2017. A Look at JS_POWMET a Completely Fileless Malware. http:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/look-js_powmet-completely-fileless-malware\/."},{"key":"e_1_3_2_1_74_1","unstructured":"Wired. 2017. Say Hello to the Super-Stealthy Malware That\u2019s Going Mainstream. https:\/\/www.wired.com\/2017\/02\/say-hello-super-stealthy-malware-thats-going-mainstream\/.  Wired. 2017. Say Hello to the Super-Stealthy Malware That\u2019s Going Mainstream. https:\/\/www.wired.com\/2017\/02\/say-hello-super-stealthy-malware-thats-going-mainstream\/."},{"key":"e_1_3_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3053002"}],"event":{"name":"MEMSYS 2020: The International Symposium on Memory Systems","location":"Washington DC USA","acronym":"MEMSYS 2020"},"container-title":["The International Symposium on Memory Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3422575.3422775","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3422575.3422775","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:01:55Z","timestamp":1750197715000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3422575.3422775"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,9,28]]},"references-count":75,"alternative-id":["10.1145\/3422575.3422775","10.1145\/3422575"],"URL":"https:\/\/doi.org\/10.1145\/3422575.3422775","relation":{},"subject":[],"published":{"date-parts":[[2020,9,28]]},"assertion":[{"value":"2021-03-21","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}