{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,15]],"date-time":"2026-03-15T23:00:12Z","timestamp":1773615612278,"version":"3.50.1"},"reference-count":23,"publisher":"Allerton Press","issue":"7","license":[{"start":{"date-parts":[[2021,12,1]],"date-time":"2021-12-01T00:00:00Z","timestamp":1638316800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2021,12,1]],"date-time":"2021-12-01T00:00:00Z","timestamp":1638316800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Aut. Control Comp. Sci."],"published-print":{"date-parts":[[2021,12]]},"DOI":"10.3103\/s0146411621070233","type":"journal-article","created":{"date-parts":[[2022,2,1]],"date-time":"2022-02-01T09:15:43Z","timestamp":1643706943000},"page":"827-837","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["On the Detection of Exploitation of Vulnerabilities That Leads to the Execution of a Malicious Code"],"prefix":"10.3103","volume":"55","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1491-524X","authenticated-orcid":false,"given":"Y. V.","family":"Kosolapov","sequence":"first","affiliation":[]}],"member":"1627","published-online":{"date-parts":[[2022,2,1]]},"reference":[{"key":"7409_CR1","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1186\/s42400-019-0038-7","volume":"2","author":"A. Khraisat","year":"2019","unstructured":"Khraisat, A. and Gondal, I., Vamplew, P., and Kamruzzaman, J., Survey of intrusion detection systems: techniques, datasets and challenges, Cybersecurity, 2019, vol. 2, no. 1, p.\u00a020. \u00a0https:\/\/doi.org\/10.1186\/s42400-019-0038-7","journal-title":"Cybersecurity"},{"key":"7409_CR2","doi-asserted-by":"publisher","unstructured":"Forrest, S., Hofmeyr, S., and Somayaji, A., The evolution of system-call monitoring, in Ann. Computer Security Applications Conf. (ACSAC), Anaheim, Calif., 2008, IEEE, 2008, pp.\u00a0418\u2013430. \u00a0https:\/\/doi.org\/10.1109\/ACSAC.2008.54","DOI":"10.1109\/ACSAC.2008.54"},{"key":"7409_CR3","doi-asserted-by":"publisher","first-page":"363","DOI":"10.13052\/2245-1439.741","volume":"7","author":"H. Gupta","year":"2018","unstructured":"Gupta, H., Sharma, H., and Kaur, S., Malware characterization using windows API call sequences, J. Cyber Secur. Mobility, 2018, vol. 7, no. 4, pp. 363\u2013378. \u00a0https:\/\/doi.org\/10.13052\/2245-1439.741","journal-title":"J. Cyber Secur. Mobility"},{"key":"7409_CR4","first-page":"1","volume":"3","author":"R. Veeramani","year":"2012","unstructured":"Veeramani, R. and Rai, N., Windows API based malware detection and framework analysis, Int. J. Sci. Eng. Res., 2012, vol. 3, no. 3, pp. 1\u20136.","journal-title":"Int. J. Sci. Eng. Res."},{"key":"7409_CR5","unstructured":"Singh, A., Arora, R., and Pareek, H., Malware analysis using multiple API sequence mining control flow graph, 2017. arXiv:1707.02691 [cs.CR]"},{"key":"7409_CR6","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1007\/s10207-018-0415-3","volume":"18","author":"M.L. Bernardi","year":"2019","unstructured":"Bernardi, M.L., Cimitile, M., Distante, D., Martinelli, F., and Mercaldo, F., Dynamic malware detection and phylogeny analysis using process mining, Int. J. Inf. Secur., 2019, vol. 18, no. 3, pp. 257\u2013284. \u00a0https:\/\/doi.org\/10.1007\/s10207-018-0415-3","journal-title":"Int. J. Inf. Secur."},{"key":"7409_CR7","unstructured":"Viljanen, L., A survey of application level intrusion detection, Technical Report, Series of Publications C, Report C-2004-61, Helsinki, 2004."},{"key":"7409_CR8","unstructured":"Creech, G., Developing a high-accuracy cross platform Host-Based Intrusion Detection System capable of reliably detecting zero-day attacks, PhD Thesis, Canberra: Univ. of New South Wales, 2014."},{"key":"7409_CR9","doi-asserted-by":"publisher","unstructured":"Hu, H., Shinde, S., Adrian, S., Chua, Z.L., Saxena, P., and Liang, Z., Data-oriented programming: On the expressiveness of non-control data attacks, in IEEE 2016 Symp. on Security and Privacy (SP), San Jose, Calif., 2016, IEEE, 2016, pp. 969\u2013986. \u00a0https:\/\/doi.org\/10.1109\/SP.2016.62","DOI":"10.1109\/SP.2016.62"},{"key":"7409_CR10","doi-asserted-by":"publisher","unstructured":"Ispoglou, K.K., AlBassam, B., Jaeger, T., and Payer, M., Block oriented programming: Automating data-only attacks, Proc. 2018 ACM SIGSAC Conf. on Computer and Communications Security, Toronto, 2018, New York: Association for Computing Machinery, 2018, pp. 1868\u20131882. \u00a0https:\/\/doi.org\/10.1145\/3243734.3243739","DOI":"10.1145\/3243734.3243739"},{"key":"7409_CR11","doi-asserted-by":"publisher","unstructured":"Kosolapov, Y.V., On detecting code reuse attacks, Autom. Control Comput. Sci., 2020, vol. 54, pp. 573\u2013583.\u00a0https:\/\/doi.org\/10.3103\/S0146411620070111","DOI":"10.3103\/S0146411620070111"},{"key":"7409_CR12","doi-asserted-by":"publisher","unstructured":"Wagner, D. and Soto, P., Mimicry attacks on host-based intrusion detection systems, in Proc. 9th ACM Conf. on Computer and Communications Security, Washington, 2002, Atluri, V., Ed., New York: Association for Computing Machinery, 2002, pp. 255\u2013264. \u00a0https:\/\/doi.org\/10.1145\/586110.586145","DOI":"10.1145\/586110.586145"},{"key":"7409_CR13","doi-asserted-by":"publisher","unstructured":"Snow, K.F., Monrose, F., Davi, L., Dmitrienko, A., Liebchen, C., and Sadeghi, A.-R., Just-in-time code reuse: On the effectiveness of fine-grained address space layout randomization, in IEEE Symp. on Security and Privacy, Berkeley, Calif., 2013, IEEE, 2013, pp. 574\u2013588. \u00a0https:\/\/doi.org\/10.1109\/SP.2013.45","DOI":"10.1109\/SP.2013.45"},{"key":"7409_CR14","unstructured":"Stalmans, E. and El-Sherei, S., Macro-less code Exec in MSWord. https:\/\/sensepost.com\/blog\/2017\/macro-less-code-exec-in-msword\/. Cited December 12, 2019."},{"key":"7409_CR15","doi-asserted-by":"publisher","unstructured":"Borisov, P.D. and Kosolapov, Yu.V., On the automatic analysis of the practical resistance of obfuscating transformations, Autom. Control Comput. Sci., 2020, vol. 54, pp. 619\u2013629. \u00a0https:\/\/doi.org\/10.3103\/S0146411620070044","DOI":"10.3103\/S0146411620070044"},{"key":"7409_CR16","unstructured":"API Monito. http:\/\/www.rohitab.com\/apimonitor. Cited November 28, 2019."},{"key":"7409_CR17","unstructured":"ListDLLs. https:\/\/docs.microso.com\/en-us\/sysinternals\/downloads\/listdlls. Cited November 28, 2019."},{"key":"7409_CR18","unstructured":"Vervier, M., Orru, M., Wever, B.J., and Sesterhenn, E., Browser security whitepaper. https:\/\/browser-security.x41-dsec.de\/X41-Browser-Security-White-Paper.pdf. Cited December 5, 2019."},{"key":"7409_CR19","unstructured":"Gawlik, R. and Holz, T., SoK: Make JIT-spray great again, in 12th USENIX Workshop on Offensive Technologies (WOOT 18), Baltimore, 2018, Baltimore: USENIX Association, 2018."},{"key":"7409_CR20","unstructured":"Offensive security, Exploitdb\/exploits\/windows\/remote\/42484.html. Cited December 5, 2019. https:\/\/github.com\/ o.ensive-security\/exploitdb\/blob\/master\/exploits\/windows\/remote\/42484.html."},{"key":"7409_CR21","unstructured":"0vercl0k, CVE-2019-9810. https:\/\/github.com\/0vercl0k\/CVE-2019-9810. Cited December\u00a05, 2019."},{"key":"7409_CR22","unstructured":"Exploit database. https:\/\/www.exploit-db.com\/. Cited December 5, 2019."},{"key":"7409_CR23","unstructured":"CVE-2017-5375_ASM.JS_JIT-Spray. https:\/\/github.com\/rh0dev\/expdev\/tree\/master. Cited December 30, 2019."}],"updated-by":[{"DOI":"10.3103\/s0146411622070094","type":"erratum","label":"Erratum","source":"publisher","updated":{"date-parts":[[2023,2,19]],"date-time":"2023-02-19T00:00:00Z","timestamp":1676764800000}}],"container-title":["Automatic Control and Computer Sciences"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.3103\/S0146411621070233.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.3103\/S0146411621070233","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.3103\/S0146411621070233.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,15]],"date-time":"2026-03-15T22:02:15Z","timestamp":1773612135000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.3103\/S0146411621070233"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,12]]},"references-count":23,"journal-issue":{"issue":"7","published-print":{"date-parts":[[2021,12]]}},"alternative-id":["7409"],"URL":"https:\/\/doi.org\/10.3103\/s0146411621070233","relation":{},"ISSN":["0146-4116","1558-108X"],"issn-type":[{"value":"0146-4116","type":"print"},{"value":"1558-108X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,12]]},"assertion":[{"value":"9 March 2019","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"23 March 2020","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"25 March 2020","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"1 February 2022","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"19 February 2023","order":6,"name":"change_date","label":"Change Date","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"Erratum","order":7,"name":"change_type","label":"Change Type","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"An Erratum to this paper has been published:","order":8,"name":"change_details","label":"Change Details","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"https:\/\/doi.org\/10.3103\/S0146411622070094","URL":"https:\/\/doi.org\/10.3103\/S0146411622070094","order":9,"name":"change_details","label":"Change Details","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"The author declares that he has no conflicts of interest.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"CONFLICT OF INTEREST"}}]}}