{"id":"https://openalex.org/W2806294538","doi":"https://doi.org/10.1007/978-3-319-93411-2_2","title":"MemScrimper: Time- and Space-Efficient Storage of Malware Sandbox Memory Dumps","display_name":"MemScrimper: Time- and Space-Efficient Storage of Malware Sandbox Memory Dumps","publication_year":2018,"publication_date":"2018-01-01","ids":{"openalex":"https://openalex.org/W2806294538","doi":"https://doi.org/10.1007/978-3-319-93411-2_2","mag":"2806294538"},"language":"en","primary_location":{"id":"doi:10.1007/978-3-319-93411-2_2","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-319-93411-2_2","pdf_url":"https://link.springer.com/content/pdf/10.1007%2F978-3-319-93411-2_2.pdf","source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},"type":"book-chapter","indexed_in":["crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007%2F978-3-319-93411-2_2.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5081084182","display_name":"Michael Brengel","orcid":null},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]},{"id":"https://openalex.org/I91712215","display_name":"Saarland University","ror":"https://ror.org/01jdpyv68","country_code":"DE","type":"education","lineage":["https://openalex.org/I91712215"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Michael Brengel","raw_affiliation_strings":["CISPA, Saarland University, Saarbr\u00fccken, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"CISPA, Saarland University, Saarbr\u00fccken, Germany","institution_ids":["https://openalex.org/I4210128801","https://openalex.org/I91712215"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5033589837","display_name":"Christian Rossow","orcid":"https://orcid.org/0000-0003-2470-8444"},"institutions":[{"id":"https://openalex.org/I91712215","display_name":"Saarland University","ror":"https://ror.org/01jdpyv68","country_code":"DE","type":"education","lineage":["https://openalex.org/I91712215"]},{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Christian Rossow","raw_affiliation_strings":["CISPA, Saarland University, Saarbr\u00fccken, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"CISPA, Saarland University, Saarbr\u00fccken, Germany","institution_ids":["https://openalex.org/I4210128801","https://openalex.org/I91712215"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5081084182"],"corresponding_institution_ids":["https://openalex.org/I4210128801","https://openalex.org/I91712215"],"apc_list":{"value":5000,"currency":"EUR","value_usd":5392},"apc_paid":{"value":5000,"currency":"EUR","value_usd":5392},"fwci":1.3021,"has_fulltext":true,"cited_by_count":7,"citation_normalized_percentile":{"value":0.82520861,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"24","last_page":"45"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11181","display_name":"Advanced Data Storage Technologies","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/sandbox","display_name":"Sandbox (software development)","score":0.9555507898330688},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7530437707901001},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7133091688156128},{"id":"https://openalex.org/keywords/compression","display_name":"Compression (physics)","score":0.4435516893863678},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.40504854917526245}],"concepts":[{"id":"https://openalex.org/C167981075","wikidata":"https://www.wikidata.org/wiki/Q2667186","display_name":"Sandbox (software development)","level":2,"score":0.9555507898330688},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7530437707901001},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7133091688156128},{"id":"https://openalex.org/C180016635","wikidata":"https://www.wikidata.org/wiki/Q2712821","display_name":"Compression (physics)","level":2,"score":0.4435516893863678},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.40504854917526245},{"id":"https://openalex.org/C159985019","wikidata":"https://www.wikidata.org/wiki/Q181790","display_name":"Composite material","level":1,"score":0.0},{"id":"https://openalex.org/C192562407","wikidata":"https://www.wikidata.org/wiki/Q228736","display_name":"Materials science","level":0,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1007/978-3-319-93411-2_2","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-319-93411-2_2","pdf_url":"https://link.springer.com/content/pdf/10.1007%2F978-3-319-93411-2_2.pdf","source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},{"id":"pmh:oai:figshare.com:article/24612723","is_oa":true,"landing_page_url":"https://figshare.com/articles/conference_contribution/MemScrimper_Time-_and_Space-Efficient_Storage_of_Malware_Sandbox_Memory_Dumps/24612723","pdf_url":null,"source":{"id":"https://openalex.org/S4377196282","display_name":"Figshare","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210132348","host_organization_name":"Figshare (United Kingdom)","host_organization_lineage":["https://openalex.org/I4210132348"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Text"},{"id":"doi:10.60882/cispa.24612723.v1","is_oa":true,"landing_page_url":"https://doi.org/10.60882/cispa.24612723.v1","pdf_url":null,"source":{"id":"https://openalex.org/S7407050916","display_name":"CISPA Helmholtz Center","issn_l":null,"issn":[],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.1007/978-3-319-93411-2_2","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-319-93411-2_2","pdf_url":"https://link.springer.com/content/pdf/10.1007%2F978-3-319-93411-2_2.pdf","source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/7","score":0.7400000095367432,"display_name":"Affordable and clean energy"}],"awards":[{"id":"https://openalex.org/G2629422661","display_name":null,"funder_award_id":"700326","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G8128106390","display_name":"Secure Information Sharing Sensor Delivery event Network","funder_award_id":"700176","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"}],"funders":[{"id":"https://openalex.org/F4320320300","display_name":"European Commission","ror":"https://ror.org/00k4n6c32"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2806294538.pdf","grobid_xml":"https://content.openalex.org/works/W2806294538.grobid-xml"},"referenced_works_count":20,"referenced_works":["https://openalex.org/W1537929875","https://openalex.org/W1559833478","https://openalex.org/W1674910155","https://openalex.org/W1910686388","https://openalex.org/W1956767865","https://openalex.org/W1969126835","https://openalex.org/W1985936489","https://openalex.org/W1987608073","https://openalex.org/W1998817683","https://openalex.org/W2018175892","https://openalex.org/W2048258768","https://openalex.org/W2115392339","https://openalex.org/W2120297918","https://openalex.org/W2130975798","https://openalex.org/W2146532238","https://openalex.org/W2147031008","https://openalex.org/W2176830056","https://openalex.org/W2281363974","https://openalex.org/W2517430515","https://openalex.org/W2751343396"],"related_works":["https://openalex.org/W2748952813","https://openalex.org/W2033352828","https://openalex.org/W2355810117","https://openalex.org/W3098313552","https://openalex.org/W2034129977","https://openalex.org/W3099773647","https://openalex.org/W1745773915","https://openalex.org/W2765820957","https://openalex.org/W2294212083","https://openalex.org/W4367595269"],"abstract_inverted_index":{"We":[0],"present":[1],"MemScrimper,":[2],"a":[3,29,79],"novel":[4],"methodology":[5],"to":[6,32,49,56,103,106,121,132],"compress":[7],"memory":[8,36,73,81,140,156],"dumps":[9,37,74,141,157],"of":[10,71,78,155],"malware":[11,40,64],"sandboxes.":[12],"MemScrimper":[13,96,148],"is":[14],"built":[15],"on":[16,138,145],"the":[17,24,43,59,63,69,76,85,152],"observation":[18],"that":[19],"sandboxes":[20],"always":[21],"start":[22],"at":[23],"same":[25,44,86],"system":[26],"state":[27],"(i.e.,":[28],"sandbox":[30,45,87],"snapshot)":[31],"analyze":[33],"malware.":[34],"Therefore,":[35],"taken":[38,83],"after":[39],"execution":[41],"inside":[42],"are":[46],"substantially":[47],"similar":[48,93],"each":[50],"other,":[51],"which":[52],"we":[53,67],"can":[54],"use":[55],"only":[57],"store":[58],"differences":[60],"introduced":[61],"by":[62,101,119],"itself.":[65],"Technically,":[66],"compare":[68],"pages":[70,77,94],"those":[72],"against":[75],"reference":[80],"dump":[82],"from":[84],"and":[88,113,116,123,158],"then":[89],"deduplicate":[90],"identical":[91],"or":[92],"accordingly.":[95],"increases":[97,151],"data":[98],"compression":[99,108,115],"ratios":[100],"up":[102,120],"$$3894.74\\%$$":[104],"compared":[105],"standard":[107],"utilities":[109],"such":[110],"as":[111],"7zip,":[112],"reduces":[114],"decompression":[117],"times":[118],"$$72.48\\%$$":[122],"$$41.44\\%$$":[124],",":[125],"respectively.":[126],"Furthermore,":[127],"MemScrimper\u2019s":[128],"internal":[129],"storage":[130],"allows":[131],"perform":[133],"analyses":[134],"(e.g.,":[135],"signature":[136],"matching)":[137],"compressed":[139],"more":[142,162],"efficient":[143],"than":[144],"uncompressed":[146],"dumps.":[147],"thus":[149],"significantly":[150],"retention":[153],"time":[154],"makes":[159],"longitudinal":[160],"analysis":[161],"viable,":[163],"while":[164],"also":[165],"improving":[166],"efficiency.":[167]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":1},{"year":2018,"cited_by_count":1}],"updated_date":"2026-05-04T08:30:34.212998","created_date":"2025-10-10T00:00:00"}