{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,5]],"date-time":"2026-06-05T04:48:50Z","timestamp":1780634930215,"version":"3.54.1"},"reference-count":65,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2020,1,14]],"date-time":"2020-01-14T00:00:00Z","timestamp":1578960000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2020,1,14]],"date-time":"2020-01-14T00:00:00Z","timestamp":1578960000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecur"],"published-print":{"date-parts":[[2020,12]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>With the evolution of cybersecurity countermeasures, the threat landscape has also evolved, especially in malware from traditional file-based malware to sophisticated and multifarious fileless malware. Fileless malware does not use traditional executables to carry-out its activities. So, it does not use the file system, thereby evading signature-based detection system. The fileless malware attack is catastrophic for any enterprise because of its persistence, and power to evade any anti-virus solutions. The malware leverages the power of operating systems, trusted tools to accomplish its malicious intent. To analyze such malware, security professionals use forensic tools to trace the attacker, whereas the attacker might use anti-forensics tools to erase their traces. This survey makes a comprehensive analysis of fileless malware and their detection techniques that are available in the literature. We present a process model to handle fileless malware attacks in the incident response process. In the end, the specific research gaps present in the proposed process model are identified, and associated challenges are highlighted.<\/jats:p>","DOI":"10.1186\/s42400-019-0043-x","type":"journal-article","created":{"date-parts":[[2020,1,14]],"date-time":"2020-01-14T03:02:46Z","timestamp":1578970966000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":137,"title":["An emerging threat Fileless malware: a survey and research challenges"],"prefix":"10.1186","volume":"3","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7590-1995","authenticated-orcid":false,"family":"Sudhakar","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Sushil","family":"Kumar","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2020,1,14]]},"reference":[{"key":"43_CR1","unstructured":"About the Metasploit Meterpreter (2019). https:\/\/www.offensive-security.com\/metasploit-unleashed\/about-meterpreter\/"},{"key":"43_CR2","first-page":"01190","volume":"1811","author":"A Afianian","year":"2018","unstructured":"Afianian A, Niksefat S, Sadeghiyan B, Baptiste D (2018) Malware dynamic analysis evasion techniques: A survey. arXiv preprint arXiv 1811:01190","journal-title":"arXiv preprint arXiv"},{"key":"43_CR3","doi-asserted-by":"publisher","first-page":"1253","DOI":"10.1109\/PASSAT\/SocialCom.2011.68","volume-title":"2011 IEEE Third International Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third International Conference on Social Computing","author":"A Aljaedi","year":"2011","unstructured":"Aljaedi A, Lindskog D, Zavarsky P, Ruhl R, Almari F (2011) Comparative analysis of volatile memory forensics: Live response vs. memory imaging. In: 2011 IEEE Third International Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third International Conference on Social Computing, pp 1253\u20131258. https:\/\/doi.org\/10.1109\/PASSAT\/SocialCom.2011.68"},{"key":"43_CR4","doi-asserted-by":"publisher","DOI":"10.17487\/rfc2577","volume-title":"FTP security considerations","author":"M Allman","year":"1999","unstructured":"Allman, M., Ostermann, S.: FTP security considerations (1999). https:\/\/tools.ietf.org\/html\/rfc2577"},{"key":"43_CR5","doi-asserted-by":"publisher","unstructured":"Almulhem, A.: Network forensics: Notions and challenges. In: 2009 IEEE International Symposium on Signal Processing and Information Technology (ISSPIT), pp. 463\u2013466 (2009). doi:https:\/\/doi.org\/10.1109\/ISSPIT.2009.5407485. IEEE","DOI":"10.1109\/ISSPIT.2009.5407485"},{"key":"43_CR6","doi-asserted-by":"publisher","unstructured":"Bhasin V, Kumar S, Saxena P, Katti C (2018) Security architectures in wireless sensor network. Int J Inf Technol:1\u201312. https:\/\/doi.org\/10.1007\/s41870-018-0103-6","DOI":"10.1007\/s41870-018-0103-6"},{"key":"43_CR7","first-page":"2","volume-title":"Proceedings of the 1st reversing and offensive-oriented trends symposium","author":"A Bulazel","year":"2017","unstructured":"Bulazel A, Yener B (2017) A survey on automated dynamic malware analysis evasion and counter-evasion: pc, mobile, and web. In: Proceedings of the 1st reversing and offensive-oriented trends symposium, p 2 ACM"},{"key":"43_CR8","volume-title":"Physical memory forensics","author":"M Burdach","year":"2006","unstructured":"Burdach M (2006) Physical memory forensics. USA, Black Hat"},{"key":"43_CR9","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1016\/j.diin.2016.12.004","volume":"20","author":"A Case","year":"2017","unstructured":"Case A, Richard GG III (2017) Memory forensics: the path forward. Digit Investig 20:23\u201333","journal-title":"Digit Investig"},{"key":"43_CR10","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1016\/j.diin.2017.02.005","volume":"20","author":"M Cohen","year":"2017","unstructured":"Cohen M (2017) Scanning memory with Yara. Digit Investig 20:34\u201343. https:\/\/doi.org\/10.1016\/j.diin.2017.02.005","journal-title":"Digit Investig"},{"key":"43_CR11","volume-title":"CERT advisory CA-2001-19: \"code red\" worm exploiting buffer overflow in IIS indexing service DLL","author":"R Danyliw","year":"2001","unstructured":"Danyliw R, Householder A (2001) CERT advisory CA-2001-19: \"code red\" worm exploiting buffer overflow in IIS indexing service DLL"},{"key":"43_CR12","unstructured":"Demystifying Fileless Threats (2019). https:\/\/www.mcafee.com\/enterprise\/en-in\/lp\/endpoint\/fileless-attacks.htm"},{"key":"43_CR13","first-page":"29","volume-title":"W32. stuxnet dossier. White paper, Symantec Corp., Security Response","author":"N Falliere","year":"2011","unstructured":"Falliere, N., Murchu, L.O., Chien, E.: W32. stuxnet dossier. White paper, Symantec Corp., Security Response 5(6), 29 (2011)"},{"issue":"1","key":"43_CR14","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1080\/00396338.2011.555586","volume":"53","author":"JP Farwell","year":"2011","unstructured":"Farwell JP, Rohozinski R (2011) Stuxnet and the future of cyber war. Survival 53(1):23\u201340. https:\/\/doi.org\/10.1080\/00396338.2011.555586","journal-title":"Survival"},{"key":"43_CR15","unstructured":"Fileless Malware - A Behavioural Analysis Of Kovter Persistence (2016). https:\/\/airbus-cyber-security.com\/fileless-malware-behavioural-analysis-kovter-persistence\/"},{"key":"43_CR16","volume-title":"A unique `bodiless' bot attacks news site visitors","author":"S Golovanov","year":"2012","unstructured":"Golovanov, S.: A unique `bodiless' bot attacks news site visitors (2012). https:\/\/securelist.com\/a-unique-bodiless-bot-attacks-news-site-visitors-3\/32383\/"},{"key":"43_CR17","volume-title":"Fileless Malware: Attack Trend Exposed","author":"M Gorelik","year":"2017","unstructured":"Gorelik, M., Moshailov, R.: Fileless Malware: Attack Trend Exposed (2017). http:\/\/blog.morphisec.com\/fileless-malware-attack-trend-exposed Accessed 2018-05-02"},{"key":"43_CR18","volume-title":"Abusing windows management instrumentation (WMI) to build a persistent, asynchronous, and fileless backdoor","author":"M Graeber","year":"2015","unstructured":"Graeber M (2015) Abusing windows management instrumentation (WMI) to build a persistent, asynchronous, and fileless backdoor. Black Hat, Las Vegas"},{"key":"43_CR19","doi-asserted-by":"crossref","first-page":"38","DOI":"10.1145\/1527017.1527023","volume-title":"Proceedings of the 8th symposium on identity and trust on the internet","author":"H Khurana","year":"2009","unstructured":"Khurana H, Basney J, Bakht M, Freemon M, Welch V, Butler R (2009) Palantir: a framework for collaborative incident response and investigation. In: Proceedings of the 8th symposium on identity and trust on the internet, pp 38\u201351 ACM"},{"issue":"4","key":"43_CR20","doi-asserted-by":"publisher","first-page":"5916","DOI":"10.1109\/JIOT.2018.2872474","volume":"6","author":"S Kumar","year":"2019","unstructured":"Kumar S, Dohare U, Kumar K, Prasad Dora D, Naseer Qureshi K, Kharel R (2019a) Cybersecurity measures for geocasting in vehicular cyber physical system environments. IEEE Internet Things J 6(4):5916\u20135926. https:\/\/doi.org\/10.1109\/JIOT.2018.2872474","journal-title":"IEEE Internet Things J"},{"key":"43_CR21","doi-asserted-by":"publisher","first-page":"113311","DOI":"10.1109\/ACCESS.2019.2934632","volume":"7","author":"S Kumar","year":"2019","unstructured":"Kumar S, Singh K, Kumar S, Kaiwartya O, Cao Y, Zhou H (2019b) Delimitated anti jammer scheme for internet of vehicle: Machine learning based security approach. IEEE Access 7:113311\u2013113323","journal-title":"IEEE Access"},{"key":"43_CR22","unstructured":"Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts) (2019). https:\/\/github.com\/LOLBAS-Project\/LOLBAS"},{"issue":"4","key":"43_CR23","doi-asserted-by":"publisher","first-page":"7","DOI":"10.1016\/S1353-4858(17)30037-5","volume":"2017","author":"S Mansfield-Devine","year":"2017","unstructured":"Mansfield-Devine S (2017) Fileless attacks: compromising targets without malware. Netw Secur 2017(4):7\u201311","journal-title":"Netw Secur"},{"key":"43_CR24","first-page":"20","volume-title":"The malware arms race. Computer Fraud & Security 2018","author":"S Mansfield-Devine","year":"2018","unstructured":"Mansfield-Devine, S.: The malware arms race. Computer Fraud & Security 2018(2), 15{20 (2018)"},{"key":"43_CR25","first-page":"9","volume-title":"Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks","author":"S Mitropoulos","year":"2005","unstructured":"Mitropoulos S, Dimitrios Patsos CD (2005) Network forensics towards a classification of traceback mechanisms. In: Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, pp 9\u201316"},{"key":"43_CR26","unstructured":"MS SQL Slammer\/Sapphire Worm (2003). https:\/\/www.giac.org\/paper\/gsec\/3091\/ms-sql-slammer-sapphire-worm\/105136"},{"issue":"2","key":"43_CR27","doi-asserted-by":"publisher","first-page":"59","DOI":"10.1016\/J.DIIN.2007.06.001","volume":"4","author":"BJ Nikkel","year":"2007","unstructured":"Nikkel BJ (2007) An introduction to investigating IPv6 networks. Digit Investig 4(2):59\u201367. https:\/\/doi.org\/10.1016\/J.DIIN.2007.06.001","journal-title":"Digit Investig"},{"key":"43_CR28","unstructured":"O\u2019Murchu L, Gutierrez FP. The evolution of the fileless click-fraud malware poweliks. Symantec Corp. (2015)"},{"key":"43_CR29","unstructured":"Patten, D.: The evolution to fileless malware (2017). http:\/\/www.infosecwriters.com\/Papers\/DPatten Fileless.pdf"},{"key":"43_CR30","unstructured":"Pavkovi\u0107 N, Perkov L Social engineering toolkit\u2014a systematic approach to social engineering. In: 2011 proceedings of the 34th international convention MIPRO 2011 may 23 (pp. 1485-1489). IEEE"},{"key":"43_CR31","unstructured":"Phase Bot - A Fileless Rootkit (Part 1) (2014). https:\/\/www.malwaretech.com\/2014\/12\/phase-bot-fileless-rootki.html"},{"key":"43_CR32","unstructured":"Phase Bot - A Fileless Rootkit (Part 2) (2014). https:\/\/www.malwaretech.com\/2014\/12\/phase-bot-fileless-rootkit-part-2.html"},{"issue":"1\u20132","key":"43_CR33","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1016\/j.diin.2010.02.003.1112.6098","volume":"7","author":"ES Pilli","year":"2010","unstructured":"Pilli ES, Joshi RC, Niyogi R (2010) Network forensic frameworks: survey and research challenges. Digit Investig 7(1\u20132):14\u201327. https:\/\/doi.org\/10.1016\/j.diin.2010.02.003.1112.6098","journal-title":"Digit Investig"},{"key":"43_CR34","volume-title":"Virus Bulletin Conference","author":"SM Pontiroli","year":"2015","unstructured":"Pontiroli SM, Martinez FR (2015) The tao of .net and powershell malware analysis. In: Virus Bulletin Conference"},{"key":"43_CR35","unstructured":"Process Hollowing (2019). https:\/\/attack.mitre.org\/techniques\/T1093\/"},{"issue":"5","key":"43_CR36","doi-asserted-by":"publisher","first-page":"8421","DOI":"10.1109\/JIOT.2019.2917763","volume":"6","author":"R Rani","year":"2019","unstructured":"Rani R, Kumar S, Dohare U (2019) Trust evaluation for light weight security in sensor enabled internet of things: game theory oriented approach. IEEE Internet Things J 6(5):8421\u20138432. https:\/\/doi.org\/10.1109\/JIOT.2019.2917763","journal-title":"IEEE Internet Things J"},{"key":"43_CR37","unstructured":"Ren, W.: On A Network Forensics Model For Information Security. ISTA, 229\u2013234 (2004)"},{"key":"43_CR38","volume-title":"Non-malware attacks and Ransomware take center stage in 2016","author":"CBT Report","year":"2016","unstructured":"Carbon Black Threat Report: Non-malware attacks and Ransomware take center stage in 2016 (2016). https:\/\/www.carbonblack.com\/2016\/12\/15\/carbon-black-threat-report-non-malware-attacks-ransomware-takecenter-stage-2016\/"},{"key":"43_CR39","unstructured":"Rhodes KA (2001) Code red, code red II, and SirCam attacks highlight need for proactive measures. GAO Testimony Before the Subcommittee on Government Efficiency"},{"key":"43_CR40","unstructured":"Rivera BS, Inocencio RU (2015) Doing more with less: a study of fileless infection attacks. VB 2015"},{"issue":"2","key":"43_CR41","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1007\/s11416-007-0070-0","volume":"4","author":"N Ruff","year":"2008","unstructured":"Ruff N (2008) Windows memory forensics. J Comput Virol 4(2):83\u2013100","journal-title":"J Comput Virol"},{"key":"43_CR42","volume-title":"What is Fileless malware?","author":"I Series","year":"2019","unstructured":"Informational Series: What is Fileless malware? (2019). https:\/\/www.carbonblack.com\/resources\/definitions\/what-is-fileless-malware\/"},{"key":"43_CR43","volume-title":"SANS Institute Information Security Reading Room","author":"D Shackleford","year":"2016","unstructured":"Shackleford D (2016) Active breach detection: the next-generation security technology? SANS institute information security Reading room. In: SANS Institute Information Security Reading Room"},{"key":"43_CR44","volume-title":"Lurk banker Trojan: exclusively for Russia","author":"A Shulmin","year":"2016","unstructured":"Shulmin, A., Prokhorenko, M.: Lurk banker Trojan: exclusively for Russia (2016). https:\/\/securelist.com\/lurk-banker-trojan-exclusively-for-russia\/75040\/"},{"key":"43_CR45","volume-title":"The art of stealing banking information - form grabbing on fire","author":"AK Sood","year":"2011","unstructured":"Sood, A.K., Enbody, R.J., Bansal, R.: The art of stealing banking information - form grabbing on fire (2011). https:\/\/www.virusbulletin.com\/virusbulletin\/2011\/11\/art-stealing-banking-information-form-grabbing-fire"},{"key":"43_CR46","unstructured":"SQL Slammer (2019). https:\/\/en.wikipedia.org\/wiki\/SQL Slammer"},{"key":"43_CR47","unstructured":"Stop Fileless Attacksat Pre-execution (2017). https:\/\/explore.bitdefender.com\/solution-briefs\/stop-fileless-attacks-pre-execution"},{"key":"43_CR48","doi-asserted-by":"publisher","first-page":"529","DOI":"10.1007\/978-981-10-7871-2_51","volume-title":"Progress in computing, analytics and networking","author":"P Sudhakar","year":"2018","unstructured":"Sudhakar P, S.K. (2018) An approach to improve load balancing in distributed storage systems for NoSQL databases: MongoDB. In: Pattnaik PK, Rautaray SS, Das H, Nayak J (eds) Progress in computing, analytics and networking. Springer, Singapore, pp 529\u2013538"},{"issue":"2","key":"43_CR49","doi-asserted-by":"publisher","first-page":"1584","DOI":"10.1109\/JIOT.2018.2846624","volume":"6","author":"Q Tan","year":"2018","unstructured":"Tan Q, Gao Y, Shi J, Wang X, Fang B, Tian Z (2018) Toward a comprehensive insight into the eclipse attacks of tor hidden services. IEEE Internet Things J 6(2):1584\u20131593","journal-title":"IEEE Internet Things J"},{"key":"43_CR50","volume-title":"Threat spotlight: the truth about fileless malware [blog post]","author":"CTG Team","year":"2017","unstructured":"Team CTG (2017) Threat spotlight: the truth about fileless malware [blog post]"},{"key":"43_CR51","doi-asserted-by":"publisher","first-page":"35355","DOI":"10.1109\/ACCESS.2018.2846590","volume":"6","author":"Z Tian","year":"2018","unstructured":"Tian Z, Cui Y, An L, Su S, Yin X, Yin L, Cui X (2018) A real-time correlation of host-level events in cyber range service for smart campus. IEEE Access 6:35355\u201335364","journal-title":"IEEE Access"},{"issue":"6","key":"43_CR52","doi-asserted-by":"publisher","first-page":"5971","DOI":"10.1109\/TVT.2019.2910217","volume":"68","author":"Z Tian","year":"2019","unstructured":"Tian Z, Gao X, Su S, Qiu J, Du X, Guizani M (2019b) Evaluating reputation management schemes of internet of vehicles based on evolutionary game theory. IEEE Trans Veh Technol 68(6):5971\u20135980. https:\/\/doi.org\/10.1109\/TVT.2019.2910217","journal-title":"IEEE Trans Veh Technol"},{"key":"43_CR53","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1016\/j.ins.2019.04.011","volume":"491","author":"Z Tian","year":"2019","unstructured":"Tian Z, Li M, Qiu M, Sun Y, Su S (2019d) Block-def: a secure digital evidence framework using blockchain. Inf Sci 491:151\u2013165","journal-title":"Inf Sci"},{"key":"43_CR54","doi-asserted-by":"crossref","unstructured":"Tian Z, Luo C, Qiu J, Du X, Guizani M (2019e) A distributed deep learning system for web attack detection on edge devices. IEEE Transactions on Industrial Informatics","DOI":"10.1109\/TII.2019.2938778"},{"issue":"7","key":"43_CR55","doi-asserted-by":"publisher","first-page":"4285","DOI":"10.1109\/TII.2019.2907754","volume":"15","author":"Z Tian","year":"2019","unstructured":"Tian Z, Shi W, Wang Y, Zhu C, Du X, Su S, Sun Y, Guizani N (2019a) Real-time lateral movement detection based on evidence reasoning network for edge computing environment. IEEE Trans Ind Inform 15(7):4285\u20134294. https:\/\/doi.org\/10.1109\/TII.2019.2907754","journal-title":"IEEE Trans Ind Inform"},{"key":"43_CR56","doi-asserted-by":"publisher","first-page":"212","DOI":"10.1016\/j.future.2018.12.054","volume":"95","author":"Z Tian","year":"2019","unstructured":"Tian Z, Su S, Shi W, Du X, Guizani M, Yu X (2019c) A data-driven method for future internet route decision modeling. Futur Gener Comput Syst 95:212\u2013220","journal-title":"Futur Gener Comput Syst"},{"key":"43_CR57","doi-asserted-by":"publisher","first-page":"1689","DOI":"10.1017\/CBO9781107415324.004","volume-title":"The Art of Memory Forensics","author":"DR Tobergte","year":"2013","unstructured":"Tobergte DR, Curtis S (2013) The Art of Memory Forensics, vol 53, pp 1689\u20131699. https:\/\/doi.org\/10.1017\/CBO9781107415324.004 arXiv:1011.1669v3"},{"key":"43_CR58","doi-asserted-by":"crossref","unstructured":"Vacca, J.R.: Network Forensics. In: Computer and Information Security Handbook, 2nd edi edn., pp.649\u2013660. Morgan Kaufmann Publishers is an imprint of Elsevier, United States (2013)","DOI":"10.1016\/B978-0-12-394397-2.00036-2"},{"key":"43_CR59","volume-title":"Threat alert: \u201cPowerWare,\u201d new Ransomware written in PowerShell, targets organizations via Microsoft word","author":"R Valdez","year":"2016","unstructured":"Valdez, R., Sconzo, M.: Threat alert: \u201cPowerWare,\u201d new Ransomware written in PowerShell, targets organizations via Microsoft word (2016). https:\/\/www.carbonblack.com\/2016\/03\/25\/threat-alert-powerwarenew-ransomware-written-in-powershell-targets-organizations-via-microsoft-word\/"},{"key":"43_CR60","doi-asserted-by":"publisher","first-page":"24","DOI":"10.1109\/WISTDCS.2008.11","volume":"2008","author":"D Watson","year":"2008","unstructured":"Watson D, Riden J (2008) The honeynet project: data collection tools, infrastructure, archives and analysis. Proceedings - WOMBAT Workshop on Information Security Threats Data Collection and Sharing, WISTDCS 2008:24\u201330. https:\/\/doi.org\/10.1109\/WISTDCS.2008.11","journal-title":"Proceedings - WOMBAT Workshop on Information Security Threats Data Collection and Sharing, WISTDCS"},{"key":"43_CR61","volume-title":"Living off the land and fileless attack techniques","author":"C Wueest","year":"2017","unstructured":"Wueest, C., Anand, H.: Living off the land and fileless attack techniques (2017). https:\/\/www.symantec.com\/content\/dam\/symantec\/docs\/security-center\/white-papers\/istr-living-off-the-land-and-fileless-attack-techniques-en.pdf"},{"key":"43_CR62","volume-title":"Understanding Fileless malware infections - the full guide","author":"A Zaharia","year":"2016","unstructured":"Zaharia, A.: Understanding Fileless malware infections - the full guide (2016). https:\/\/heimdalsecurity.com\/blog\/fileless-malware-infections-guide\/"},{"key":"43_CR63","volume-title":"The history of Fileless malware-looking beyond the buzzword","author":"L Zeltser","year":"2017","unstructured":"Zeltser L (2017) The history of Fileless malware-looking beyond the buzzword"},{"key":"43_CR64","volume-title":"What is Fileless malware (or a non-malware attack)? Definition and best practices for Fileless malware protection","author":"E Zhang","year":"2018","unstructured":"Zhang, E.: What is Fileless malware (or a non-malware attack)? Definition and best practices for Fileless malware protection (2018). https:\/\/digitalguardian.com\/blog\/what-fileless-malware-or-non-malware-attack-definition-and-best-practices-fileless-malware"},{"key":"43_CR65","first-page":"138","volume-title":"Proceedings of the 9th ACM conference on computer and communications security","author":"CC Zou","year":"2002","unstructured":"Zou CC, Gong W, Towsley D (2002) Code red worm propagation modeling and analysis. In: Proceedings of the 9th ACM conference on computer and communications security, vol 147, p 138 ACM"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-019-0043-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1186\/s42400-019-0043-x\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-019-0043-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,1,13]],"date-time":"2021-01-13T00:12:03Z","timestamp":1610496723000},"score":1,"resource":{"primary":{"URL":"https:\/\/cybersecurity.springeropen.com\/articles\/10.1186\/s42400-019-0043-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,1,14]]},"references-count":65,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2020,12]]}},"alternative-id":["43"],"URL":"https:\/\/doi.org\/10.1186\/s42400-019-0043-x","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,1,14]]},"assertion":[{"value":"29 July 2019","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"23 December 2019","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"14 January 2020","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"The authors declare that they have no competing interests.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"1"}}