{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T14:55:54Z","timestamp":1763477754860,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":37,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,5,8]],"date-time":"2023-05-08T00:00:00Z","timestamp":1683504000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,5,8]]},"DOI":"10.1145\/3578357.3589455","type":"proceedings-article","created":{"date-parts":[[2023,5,4]],"date-time":"2023-05-04T19:30:12Z","timestamp":1683228612000},"page":"8-14","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["Enviral: Fuzzing the Environment for Evasive Malware Analysis"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9414-1610","authenticated-orcid":false,"given":"Floris","family":"Gorter","sequence":"first","affiliation":[{"name":"Vrije Universiteit Amsterdam, Amsterdam, Netherlands"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8329-5929","authenticated-orcid":false,"given":"Cristiano","family":"Giuffrida","sequence":"additional","affiliation":[{"name":"Vrije Universiteit Amsterdam, Amsterdam, Netherlands"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0312-9913","authenticated-orcid":false,"given":"Erik","family":"Van Der Kouwe","sequence":"additional","affiliation":[{"name":"Vrije Universiteit Amsterdam, Amsterdam, Netherlands"}]}],"member":"320","published-online":{"date-parts":[[2023,5,8]]},"reference":[{"volume-title":"Retrieved January 31st 2023 from https:\/\/github.com\/LordNoteworthy\/al-khaser","unstructured":"[n.d.]. Al-Khaser. Retrieved January 31st 2023 from https:\/\/github.com\/LordNoteworthy\/al-khaser [n.d.]. Al-Khaser. Retrieved January 31st 2023 from https:\/\/github.com\/LordNoteworthy\/al-khaser","key":"e_1_3_2_1_1_1"},{"volume-title":"d.]. sems. Retrieved January 31st 2023 from https:\/\/github.com\/AlicanAkyol\/sems","unstructured":"[n. d.]. sems. Retrieved January 31st 2023 from https:\/\/github.com\/AlicanAkyol\/sems [n. d.]. sems. Retrieved January 31st 2023 from https:\/\/github.com\/AlicanAkyol\/sems","key":"e_1_3_2_1_2_1"},{"volume-title":"Retrieved January 31st 2023 from https:\/\/github.com\/hfiref0x\/VMDE","author":"VMDE.","unstructured":"[n.d.]. VMDE. Retrieved January 31st 2023 from https:\/\/github.com\/hfiref0x\/VMDE [n.d.]. VMDE. Retrieved January 31st 2023 from https:\/\/github.com\/hfiref0x\/VMDE","key":"e_1_3_2_1_3_1"},{"volume-title":"Internet Security Report - Q1","year":"2021","unstructured":"2021. Internet Security Report - Q1 2021 . Available Online : https:\/\/www.watchguard.com\/wgrd-resource-center\/security-report-q1-2021 (Accessed July 8th 2021). 2021. Internet Security Report - Q1 2021. Available Online: https:\/\/www.watchguard.com\/wgrd-resource-center\/security-report-q1-2021 (Accessed July 8th 2021).","key":"e_1_3_2_1_4_1"},{"key":"e_1_3_2_1_5_1","volume-title":"Efficient Detection of Split Personalities in Malware. In Symposium on Network and Distributed System Security (NDSS).","author":"Balzarotti Davide","year":"2010","unstructured":"Davide Balzarotti , Marco Cova , Christoph Karlberger , Christopher Kruegel , Engin Kirda , and Giovanni Vigna . 2010 . Efficient Detection of Split Personalities in Malware. In Symposium on Network and Distributed System Security (NDSS). Davide Balzarotti, Marco Cova, Christoph Karlberger, Christopher Kruegel, Engin Kirda, and Giovanni Vigna. 2010. Efficient Detection of Split Personalities in Malware. In Symposium on Network and Distributed System Security (NDSS)."},{"volume-title":"Botnet Detection","author":"Brumley David","unstructured":"David Brumley , Cody Hartwig , Zhenkai Liang , James Newsome , Dawn Song , and Heng Yin . 2008. Automatically Identifying Trigger-based Behavior in Malware . In Botnet Detection . Springer , 65--88. David Brumley, Cody Hartwig, Zhenkai Liang, James Newsome, Dawn Song, and Heng Yin. 2008. Automatically Identifying Trigger-based Behavior in Malware. In Botnet Detection. Springer, 65--88.","key":"e_1_3_2_1_6_1"},{"key":"e_1_3_2_1_7_1","volume-title":"In Proceedings of the IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN). IEEE, 177--186","author":"Chen Xu","year":"2008","unstructured":"Xu Chen , Jon Andersen , Z. Morley Mao , Michael Bailey , and Jose Nazario . 2008 . Towards an Understanding of Anti-virtualization and Anti-debugging Behavior in Modern Malware . In In Proceedings of the IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN). IEEE, 177--186 . Xu Chen, Jon Andersen, Z. Morley Mao, Michael Bailey, and Jose Nazario. 2008. Towards an Understanding of Anti-virtualization and Anti-debugging Behavior in Modern Malware. In In Proceedings of the IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN). IEEE, 177--186."},{"volume-title":"d.]. Detours. Retrieved January 31st 2023 from https:\/\/github.com\/microsoft\/Detours","author":"Microsoft Corporation","unstructured":"Microsoft Corporation . [n. d.]. Detours. Retrieved January 31st 2023 from https:\/\/github.com\/microsoft\/Detours Microsoft Corporation. [n. d.]. Detours. Retrieved January 31st 2023 from https:\/\/github.com\/microsoft\/Detours","key":"e_1_3_2_1_8_1"},{"key":"e_1_3_2_1_9_1","volume-title":"Proceedings of the ACM Conference on Computer and Communications Security (CCS). ACM, 51--62","author":"Dinaburg Artem","year":"2008","unstructured":"Artem Dinaburg , Paul Royal , Monirul Sharif , and Wenke Lee . 2008 . Ether: Malware Analysis via Hardware Virtualization Extensions . In Proceedings of the ACM Conference on Computer and Communications Security (CCS). ACM, 51--62 . Artem Dinaburg, Paul Royal, Monirul Sharif, and Wenke Lee. 2008. Ether: Malware Analysis via Hardware Virtualization Extensions. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). ACM, 51--62."},{"volume-title":"On the Dissection of Evasive Malware","author":"D'Elia Daniele Cono","unstructured":"Daniele Cono D'Elia , Emilio Coppa , Federico Palmaro , and Lorenzo Cavallaro . 2020. On the Dissection of Evasive Malware . In IEEE Transactions on Information Forensics and Security 15 (TIFS). IEEE , 2750--2765. Daniele Cono D'Elia, Emilio Coppa, Federico Palmaro, and Lorenzo Cavallaro. 2020. On the Dissection of Evasive Malware. In IEEE Transactions on Information Forensics and Security 15 (TIFS). IEEE, 2750--2765.","key":"e_1_3_2_1_10_1"},{"key":"e_1_3_2_1_11_1","volume-title":"ANTI-FUZZ: Impeding Fuzzing Audits of Binary Executables. In 28th USENIX Security Symposium. USENIX","author":"G\u00fcler Emre","year":"2019","unstructured":"Emre G\u00fcler , Cornelius Aschermann , Ali Abbasi , and Thorsten Holz . 2019 . ANTI-FUZZ: Impeding Fuzzing Audits of Binary Executables. In 28th USENIX Security Symposium. USENIX , 1931--1947. Emre G\u00fcler, Cornelius Aschermann, Ali Abbasi, and Thorsten Holz. 2019. ANTI-FUZZ: Impeding Fuzzing Audits of Binary Executables. In 28th USENIX Security Symposium. USENIX, 1931--1947."},{"key":"e_1_3_2_1_12_1","volume-title":"Fuzzification: Anti-Fuzzing Techniques. In 28th USENIX Security Symposium. USENIX","author":"Jung Jinho","year":"2019","unstructured":"Jinho Jung , Hong Hu , David Solodukhin , Daniel Pagan , Kyu Hyung Lee , and Taesoo Kim . 2019 . Fuzzification: Anti-Fuzzing Techniques. In 28th USENIX Security Symposium. USENIX , 1913--1930. Jinho Jung, Hong Hu, David Solodukhin, Daniel Pagan, Kyu Hyung Lee, and Taesoo Kim. 2019. Fuzzification: Anti-Fuzzing Techniques. In 28th USENIX Security Symposium. USENIX, 1913--1930."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_13_1","DOI":"10.1145\/1655148.1655151"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_14_1","DOI":"10.1145\/2810103.2813642"},{"key":"e_1_3_2_1_15_1","volume-title":"BareCloud: Bare-metal Analysis-based Evasive Malware Detection. In 23rd USENIX Security Symposium. USENIX, 287--301","author":"Kirat Dhilung","year":"2014","unstructured":"Dhilung Kirat , Giovanni Vigna , and Christopher Kruegel . 2014 . BareCloud: Bare-metal Analysis-based Evasive Malware Detection. In 23rd USENIX Security Symposium. USENIX, 287--301 . Dhilung Kirat, Giovanni Vigna, and Christopher Kruegel. 2014. BareCloud: Bare-metal Analysis-based Evasive Malware Detection. In 23rd USENIX Security Symposium. USENIX, 287--301."},{"volume-title":"d.]. CheckPointSW. Retrieved January 31st 2023 from https:\/\/evasions.checkpoint.com","author":"Ladutska Raman","unstructured":"Raman Ladutska . [n. d.]. CheckPointSW. Retrieved January 31st 2023 from https:\/\/evasions.checkpoint.com Raman Ladutska. [n. d.]. CheckPointSW. Retrieved January 31st 2023 from https:\/\/evasions.checkpoint.com","key":"e_1_3_2_1_16_1"},{"key":"e_1_3_2_1_17_1","volume-title":"Towards Transparent Introspection. In IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER). IEEE, 248--259","author":"Leach Kevin","year":"2016","unstructured":"Kevin Leach , Chad Spenksy , Westley Weimer , and Fengwei Zhang . 2016 . Towards Transparent Introspection. In IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER). IEEE, 248--259 . Kevin Leach, Chad Spenksy, Westley Weimer, and Fengwei Zhang. 2016. Towards Transparent Introspection. In IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER). IEEE, 248--259."},{"key":"e_1_3_2_1_18_1","volume-title":"Detecting Environment-Sensitive Malware. In International Workshop on Recent Advances in Intrusion Detection (RAID). Springer, 338--357","author":"Lindorfer Martina","year":"2011","unstructured":"Martina Lindorfer , Clemens Kolbitsch , and Paolo Milani Comparetti . 2011 . Detecting Environment-Sensitive Malware. In International Workshop on Recent Advances in Intrusion Detection (RAID). Springer, 338--357 . Martina Lindorfer, Clemens Kolbitsch, and Paolo Milani Comparetti. 2011. Detecting Environment-Sensitive Malware. In International Workshop on Recent Advances in Intrusion Detection (RAID). Springer, 338--357."},{"key":"e_1_3_2_1_19_1","volume-title":"Exploring Multiple Execution Paths for Malware Analysis. In IEEE Symposium on Security and Privacy (S&P). IEEE, 231--245","author":"Moser Andreas","year":"2007","unstructured":"Andreas Moser , Cristopher Kruegel , and Ergin Kirda . 2007 . Exploring Multiple Execution Paths for Malware Analysis. In IEEE Symposium on Security and Privacy (S&P). IEEE, 231--245 . Andreas Moser, Cristopher Kruegel, and Ergin Kirda. 2007. Exploring Multiple Execution Paths for Malware Analysis. In IEEE Symposium on Security and Privacy (S&P). IEEE, 231--245."},{"volume-title":"d.]. Paranoid Fish. Retrieved January 31st 2023 from https:\/\/github.com\/a0rtega\/pafish","author":"Ortega Alberto","unstructured":"Alberto Ortega . [n. d.]. Paranoid Fish. Retrieved January 31st 2023 from https:\/\/github.com\/a0rtega\/pafish Alberto Ortega. [n. d.]. Paranoid Fish. Retrieved January 31st 2023 from https:\/\/github.com\/a0rtega\/pafish","key":"e_1_3_2_1_20_1"},{"key":"e_1_3_2_1_21_1","volume-title":"X-Force: Force-Executing Binary Programs for Security Applications. In 23rd USENIX Security Symposium. USENIX, 829--844","author":"Peng Fei","year":"2014","unstructured":"Fei Peng , Zhui Deng , Xiangyu Zhang , Dongyan Xu , Zhiqiang Lin , and Zhendong Su . 2014 . X-Force: Force-Executing Binary Programs for Security Applications. In 23rd USENIX Security Symposium. USENIX, 829--844 . Fei Peng, Zhui Deng, Xiangyu Zhang, Dongyan Xu, Zhiqiang Lin, and Zhendong Su. 2014. X-Force: Force-Executing Binary Programs for Security Applications. In 23rd USENIX Security Symposium. USENIX, 829--844."},{"key":"e_1_3_2_1_22_1","volume-title":"Measuring and Defeating Anti-Instrumentation-Equipped Malware. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA). Springer, 73--96","author":"Polino Mario","year":"2017","unstructured":"Mario Polino , Andrea Continella , Sebastiano Mariani , Stefano D'Alessio , Lorenzo Fontana , Fabio Gritti , and Stefano Zanero . 2017 . Measuring and Defeating Anti-Instrumentation-Equipped Malware. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA). Springer, 73--96 . Mario Polino, Andrea Continella, Sebastiano Mariani, Stefano D'Alessio, Lorenzo Fontana, Fabio Gritti, and Stefano Zanero. 2017. Measuring and Defeating Anti-Instrumentation-Equipped Malware. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA). Springer, 73--96."},{"key":"e_1_3_2_1_23_1","volume-title":"Making Malory Behave Maliciously: Targeted Fuzzing of Android Execution Environments. In IEEE\/ACM 39th International Conference on Software Engineering (ICSE). IEEE, 300--311","author":"Rasthofer Siegfried","year":"2017","unstructured":"Siegfried Rasthofer , Steven Arzt , Stefan Triller , and Michael Pradel . 2017 . Making Malory Behave Maliciously: Targeted Fuzzing of Android Execution Environments. In IEEE\/ACM 39th International Conference on Software Engineering (ICSE). IEEE, 300--311 . Siegfried Rasthofer, Steven Arzt, Stefan Triller, and Michael Pradel. 2017. Making Malory Behave Maliciously: Targeted Fuzzing of Android Execution Environments. In IEEE\/ACM 39th International Conference on Software Engineering (ICSE). IEEE, 300--311."},{"volume-title":"d.]. Analysis Report Neshta virus.com. Retrieved January 31st 2023 from https:\/\/www.joesandbox.com\/analysis\/305163\/0\/html","author":"Sandbox Joe","unstructured":"Joe Sandbox . [n. d.]. Analysis Report Neshta virus.com. Retrieved January 31st 2023 from https:\/\/www.joesandbox.com\/analysis\/305163\/0\/html Joe Sandbox. [n. d.]. Analysis Report Neshta virus.com. Retrieved January 31st 2023 from https:\/\/www.joesandbox.com\/analysis\/305163\/0\/html","key":"e_1_3_2_1_24_1"},{"key":"e_1_3_2_1_25_1","volume-title":"Proceedings of the Symposium on Applied Computing (SAC). ACM, 1703--1710","author":"Shi Hao","year":"2017","unstructured":"Hao Shi and Jelena Mirkovic . 2017 . Hiding Debuggers from Malware with Apate . In Proceedings of the Symposium on Applied Computing (SAC). ACM, 1703--1710 . Hao Shi and Jelena Mirkovic. 2017. Hiding Debuggers from Malware with Apate. In Proceedings of the Symposium on Applied Computing (SAC). ACM, 1703--1710."},{"doi-asserted-by":"crossref","unstructured":"Hao Shi Jelena Mirkovic and Abdulla Alwabel. 2017. Handling Anti-Virtual Machine Techniques in Malicious Software. In ACM Transactions on Privacy and Security (TOPS). ACM 1--31.  Hao Shi Jelena Mirkovic and Abdulla Alwabel. 2017. Handling Anti-Virtual Machine Techniques in Malicious Software. In ACM Transactions on Privacy and Security (TOPS). ACM 1--31.","key":"e_1_3_2_1_26_1","DOI":"10.1145\/3139292"},{"key":"e_1_3_2_1_27_1","volume-title":"LO-PHI: Low-Observable Physical Host Instrumentation for Malware Analysis. In Symposium on Network and Distributed System Security (NDSS).","author":"Spensky Chad","year":"2016","unstructured":"Chad Spensky , Hongyi Hu , and Kevin Leach . 2016 . LO-PHI: Low-Observable Physical Host Instrumentation for Malware Analysis. In Symposium on Network and Distributed System Security (NDSS). Chad Spensky, Hongyi Hu, and Kevin Leach. 2016. LO-PHI: Low-Observable Physical Host Instrumentation for Malware Analysis. In Symposium on Network and Distributed System Security (NDSS)."},{"key":"e_1_3_2_1_28_1","volume-title":"Bringas","author":"Ugarte-Pedrero Xabier","year":"2016","unstructured":"Xabier Ugarte-Pedrero , Davide Balzarotti , Igor Santos , , and Pablo G . Bringas . 2016 . RAMBO : Run-time packer Analysis with Multiple Branch Observation. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA). Springer , 186--206. Xabier Ugarte-Pedrero, Davide Balzarotti, Igor Santos, , and Pablo G. Bringas. 2016. RAMBO: Run-time packer Analysis with Multiple Branch Observation. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA). Springer, 186--206."},{"volume-title":"d.]. VirusTotal API v3 Overview. Retrieved January 31st 2023 from https:\/\/developers.virustotal.com\/v3.0\/reference#files","unstructured":"VirusTotal. [n. d.]. VirusTotal API v3 Overview. Retrieved January 31st 2023 from https:\/\/developers.virustotal.com\/v3.0\/reference#files VirusTotal. [n. d.]. VirusTotal API v3 Overview. Retrieved January 31st 2023 from https:\/\/developers.virustotal.com\/v3.0\/reference#files","key":"e_1_3_2_1_29_1"},{"volume-title":"Automated Hybrid Analysis of Android Malware Through Augmenting Fuzzing With Forced Execution","author":"Wang Xiaolei","unstructured":"Xiaolei Wang , YueXiang Yang , and Sencun Zhu . 2018. Automated Hybrid Analysis of Android Malware Through Augmenting Fuzzing With Forced Execution . In IEEE Transactions on Mobile Computing (TMC). IEEE , 2768--2782. Xiaolei Wang, YueXiang Yang, and Sencun Zhu. 2018. Automated Hybrid Analysis of Android Malware Through Augmenting Fuzzing With Forced Execution. In IEEE Transactions on Mobile Computing (TMC). IEEE, 2768--2782.","key":"e_1_3_2_1_30_1"},{"key":"e_1_3_2_1_31_1","volume-title":"International Workshop on Recent Advances in Intrusion Detection (RAID). Springer, 219--235","author":"Wilhelm Jeffrey","year":"2007","unstructured":"Jeffrey Wilhelm and Tzicker Chiueh . 2007 . A Forced Sampled Execution Approach to Kernel Rootkit Identification . In International Workshop on Recent Advances in Intrusion Detection (RAID). Springer, 219--235 . Jeffrey Wilhelm and Tzicker Chiueh. 2007. A Forced Sampled Execution Approach to Kernel Rootkit Identification. In International Workshop on Recent Advances in Intrusion Detection (RAID). Springer, 219--235."},{"key":"e_1_3_2_1_32_1","volume-title":"International Workshop on Recent Advances in Intrusion Detection (RAID). Springer, 22--45","author":"Xu Zhaoyan","year":"2014","unstructured":"Zhaoyan Xu , Jialong Zhang , Guofei Gu , , and Zhiqiang Lin . 2014 . GOLDENEYE: Efficiently and Effectively Unveiling Malware's Targeted Environment . In International Workshop on Recent Advances in Intrusion Detection (RAID). Springer, 22--45 . Zhaoyan Xu, Jialong Zhang, Guofei Gu, , and Zhiqiang Lin. 2014. GOLDENEYE: Efficiently and Effectively Unveiling Malware's Targeted Environment. In International Workshop on Recent Advances in Intrusion Detection (RAID). Springer, 22--45."},{"key":"e_1_3_2_1_33_1","volume-title":"AUTOVAC: Towards Automatically Extracting System Resource Constraints and Generating Vaccines for Malware Immunization","author":"Xu Zhaoyan","year":"2013","unstructured":"Zhaoyan Xu , Jialong Zhang , Guofei Gu , and Zhiqiang Lin . 2013 . AUTOVAC: Towards Automatically Extracting System Resource Constraints and Generating Vaccines for Malware Immunization . In IEEE 33rd International Conference on Distributed Computing Systems (ICDCS). IEEE , 112--123. Zhaoyan Xu, Jialong Zhang, Guofei Gu, and Zhiqiang Lin. 2013. AUTOVAC: Towards Automatically Extracting System Resource Constraints and Generating Vaccines for Malware Immunization. In IEEE 33rd International Conference on Distributed Computing Systems (ICDCS). IEEE, 112--123."},{"key":"e_1_3_2_1_34_1","volume-title":"Using Hardware Features for Increased Debugging Transparency. In IEEE Symposium on Security and Privacy (S&P). IEEE, 55--69","author":"Zhang Fengwei","year":"2015","unstructured":"Fengwei Zhang , Kevin Leach , Angelos Stavrou , Haining Wang , and Kun Sun . 2015 . Using Hardware Features for Increased Debugging Transparency. In IEEE Symposium on Security and Privacy (S&P). IEEE, 55--69 . Fengwei Zhang, Kevin Leach, Angelos Stavrou, Haining Wang, and Kun Sun. 2015. Using Hardware Features for Increased Debugging Transparency. In IEEE Symposium on Security and Privacy (S&P). IEEE, 55--69."},{"key":"e_1_3_2_1_35_1","volume-title":"43rd Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 1--12","author":"Zhang Fengwei","year":"2013","unstructured":"Fengwei Zhang , Kevin Leach , Kun Sun , and Angelos Stavrou . 2013 . SPECTRE: A Dependable Introspection Framework via System Management Mode . In 43rd Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 1--12 . Fengwei Zhang, Kevin Leach, Kun Sun, and Angelos Stavrou. 2013. SPECTRE: A Dependable Introspection Framework via System Management Mode. In 43rd Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 1--12."},{"key":"e_1_3_2_1_36_1","volume-title":"50th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 76--87","author":"Zhang Jialong","year":"2020","unstructured":"Jialong Zhang , Zhongshu Gu , Jiyong Jang , Dhilung Kirat , Marc Ph. Stoecklin , Xiaokui Shu , and Heqing Huang . 2020 . Scarecrow: Deactivating Evasive Malware via Its Own Evasive Logic . In 50th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 76--87 . Jialong Zhang, Zhongshu Gu, Jiyong Jang, Dhilung Kirat, Marc Ph. Stoecklin, Xiaokui Shu, and Heqing Huang. 2020. Scarecrow: Deactivating Evasive Malware via Its Own Evasive Logic. In 50th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 76--87."},{"key":"e_1_3_2_1_37_1","volume-title":"European Symposium on Research in Computer Security (ESORICS). Springer, 217--238","author":"Zhou Lei","year":"2019","unstructured":"Lei Zhou , Jidong Xiao , Kevin Leach , Westley Weimer , Fengwei Zhang , and Guojun Wang . 2019 . Nighthawk: Transparent System Introspection from Ring -3 . In European Symposium on Research in Computer Security (ESORICS). Springer, 217--238 . Lei Zhou, Jidong Xiao, Kevin Leach, Westley Weimer, Fengwei Zhang, and Guojun Wang. 2019. Nighthawk: Transparent System Introspection from Ring -3. In European Symposium on Research in Computer Security (ESORICS). Springer, 217--238."}],"event":{"sponsor":["SIGOPS ACM Special Interest Group on Operating Systems"],"acronym":"EUROSEC '23","name":"EUROSEC '23: 16th European Workshop on System Security","location":"Rome Italy"},"container-title":["Proceedings of the 16th European Workshop on System Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3578357.3589455","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:46:51Z","timestamp":1750178811000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3578357.3589455"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,5,8]]},"references-count":37,"alternative-id":["10.1145\/3578357.3589455","10.1145\/3578357"],"URL":"https:\/\/doi.org\/10.1145\/3578357.3589455","relation":{},"subject":[],"published":{"date-parts":[[2023,5,8]]},"assertion":[{"value":"2023-05-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}