{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,15]],"date-time":"2026-03-15T23:03:07Z","timestamp":1773615787888,"version":"3.50.1"},"reference-count":10,"publisher":"Allerton Press","issue":"7","license":[{"start":{"date-parts":[[2025,12,1]],"date-time":"2025-12-01T00:00:00Z","timestamp":1764547200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,12,1]],"date-time":"2025-12-01T00:00:00Z","timestamp":1764547200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Aut. Control Comp. Sci."],"published-print":{"date-parts":[[2025,12]]},"DOI":"10.3103\/s0146411625700257","type":"journal-article","created":{"date-parts":[[2026,2,19]],"date-time":"2026-02-19T19:14:54Z","timestamp":1771528494000},"page":"885-894","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["On the Study of One Way to Detect Anomalous Program Execution"],"prefix":"10.3103","volume":"59","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1491-524X","authenticated-orcid":false,"given":"Y. V.","family":"Kosolapov","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0007-4565-6950","authenticated-orcid":false,"given":"T. A.","family":"Pavlova","sequence":"additional","affiliation":[]}],"member":"1627","published-online":{"date-parts":[[2026,2,19]]},"reference":[{"key":"7885_CR1","doi-asserted-by":"publisher","first-page":"2894","DOI":"10.3390\/app13052894","volume":"13","author":"K. Lee","year":"2023","unstructured":"Lee, K., Lee, J., and Yim, K., Classification and analysis of malicious code detection techniques based on the APT attack, Appl. Sci., 2023, vol. 13, no. 5, p. 2894. https:\/\/doi.org\/10.3390\/app13052894","journal-title":"Appl. Sci."},{"key":"7885_CR2","doi-asserted-by":"publisher","first-page":"151","DOI":"10.3233\/jcs-980109","volume":"6","author":"S.A. Hofmeyr","year":"1998","unstructured":"Hofmeyr, S.A., Forrest, S., and Somayaji, A., Intrusion detection using sequences of system calls, J. Comput. Secur., 1998, vol. 6, no. 3, pp. 151\u2013180. https:\/\/doi.org\/10.3233\/jcs-980109","journal-title":"J. Comput. Secur."},{"key":"7885_CR3","doi-asserted-by":"publisher","unstructured":"Wagner, D. and Soto, P., Mimicry attacks on host-based intrusion detection systems, Proceedings of the 9th ACM Conference on Computer and Communications Security, Washington, DC, 2002, New York: Association for Computing Machinery, 2002, pp. 255\u2013264. https:\/\/doi.org\/10.1145\/586110.586145","DOI":"10.1145\/586110.586145"},{"key":"7885_CR4","doi-asserted-by":"publisher","first-page":"48","DOI":"10.14357\/08696527210405","volume":"31","author":"Yu.V. Kosolapov","year":"2021","unstructured":"Kosolapov, Yu.V., On one method for detecting exploitation of vulnerabilities and its parameters, Sistemy i Sredstva Informatiki, 2021, vol. 31, no. 4, pp. 48\u201360. https:\/\/doi.org\/10.14357\/08696527210405","journal-title":"Sistemy i Sredstva Informatiki"},{"key":"7885_CR5","doi-asserted-by":"publisher","first-page":"827","DOI":"10.3103\/s0146411621070233","volume":"55","author":"Yu.V. Kosolapov","year":"2021","unstructured":"Kosolapov, Yu.V., On the detection of exploitation of vulnerabilities that leads to the execution of a malicious code, Autom. Control Comput. Sci., 2021, vol. 55, no. 7, pp. 827\u2013837. https:\/\/doi.org\/10.3103\/s0146411621070233","journal-title":"Autom. Control Comput. Sci."},{"key":"7885_CR6","unstructured":"Batra, R., API monitor, 2013. http:\/\/www.rohitab.com\/apimonitor. Cited April 4, 2024."},{"key":"7885_CR7","doi-asserted-by":"publisher","first-page":"106","DOI":"10.22250\/18142400_2022_73_3_106","volume":"73","author":"A.D. Kechahmadze","year":"2022","unstructured":"Kechahmadze, A.D. and Kosolapov, Yu.V., Method for detecting exploits based on the profile of differences between function call addresses, Informatika i Sistemy Upravleniya, 2022, vol. 73, no. 3, pp. 106\u2013116. https:\/\/doi.org\/10.22250\/18142400_2022_73_3_106","journal-title":"Informatika i Sistemy Upravleniya"},{"key":"7885_CR8","unstructured":"Exploit protection reference, 2023. https:\/\/learn.microsoft.com\/en-us\/microsoft-365\/security\/defender-endpoint\/exploit-protection-reference?view=o365-worldwide. Cited April 21, 2024."},{"key":"7885_CR9","unstructured":"Sweigart, A., Pyautogui documentation, 2021. https:\/\/readthedocs.org\/projects\/pyautogui\/downloads\/pdf\/latest\/. Cited April 21, 2024."},{"key":"7885_CR10","first-page":"52110","volume":"60","author":"Y. Ding","year":"2017","unstructured":"Ding, Y., Wei, T., Xue, H., Zhang, Y., Zhang, C., and Han, X., Accurate and efficient exploit capture and classification, Sci. China: Inf. Sci., 2017, vol. 60, no. 5, p. 52110.","journal-title":"Sci. China: Inf. Sci."}],"container-title":["Automatic Control and Computer Sciences"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.3103\/S0146411625700257.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.3103\/S0146411625700257","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.3103\/S0146411625700257.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,15]],"date-time":"2026-03-15T22:04:35Z","timestamp":1773612275000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.3103\/S0146411625700257"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12]]},"references-count":10,"journal-issue":{"issue":"7","published-print":{"date-parts":[[2025,12]]}},"alternative-id":["7885"],"URL":"https:\/\/doi.org\/10.3103\/s0146411625700257","relation":{},"ISSN":["0146-4116","1558-108X"],"issn-type":[{"value":"0146-4116","type":"print"},{"value":"1558-108X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,12]]},"assertion":[{"value":"18 May 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"27 May 2024","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"29 May 2024","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"19 February 2026","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"The authors of this work declare that they have no conflicts of interest.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"CONFLICT OF INTEREST"}}]}}