{"id":"https://openalex.org/W1979228063","doi":"https://doi.org/10.1080/15567280500541439","title":"Heuristic Security-Testing Methods","display_name":"Heuristic Security-Testing Methods","publication_year":2006,"publication_date":"2006-03-01","ids":{"openalex":"https://openalex.org/W1979228063","doi":"https://doi.org/10.1080/15567280500541439","mag":"1979228063"},"language":"en","primary_location":{"id":"doi:10.1080/15567280500541439","is_oa":false,"landing_page_url":"https://doi.org/10.1080/15567280500541439","pdf_url":null,"source":{"id":"https://openalex.org/S127916260","display_name":"Journal of Digital Forensic Practice","issn_l":"1556-7281","issn":["1556-7281","1556-7346"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320547","host_organization_name":"Taylor & Francis","host_organization_lineage":["https://openalex.org/P4310320547"],"host_organization_lineage_names":["Taylor & Francis"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Digital Forensic Practice","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5013812161","display_name":"J. E. Kerivan","orcid":null},"institutions":[{"id":"https://openalex.org/I4210118211","display_name":"Clean Plus (United States)","ror":"https://ror.org/01p8nr933","country_code":"US","type":"company","lineage":["https://openalex.org/I4210118211"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"John E. Kerivan","raw_affiliation_strings":["\n nGran, LLC, 9 Plain Road, Westford, Massachusetts, 01886, USA","nGran, LLC , 9 Plain Road, Westford, Massachusetts, 01886, USA"],"affiliations":[{"raw_affiliation_string":"\n nGran, LLC, 9 Plain Road, Westford, Massachusetts, 01886, USA","institution_ids":["https://openalex.org/I4210118211"]},{"raw_affiliation_string":"nGran, LLC , 9 Plain Road, Westford, Massachusetts, 01886, USA","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5013812161"],"corresponding_institution_ids":["https://openalex.org/I4210118211"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.16871795,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"1","issue":"1","first_page":"27","last_page":"36"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9818000197410583,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9818000197410583,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9699000120162964,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.909600019454956,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6104484796524048},{"id":"https://openalex.org/keywords/heuristic","display_name":"Heuristic","score":0.5046519041061401},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4526989758014679},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.18921807408332825}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6104484796524048},{"id":"https://openalex.org/C173801870","wikidata":"https://www.wikidata.org/wiki/Q201413","display_name":"Heuristic","level":2,"score":0.5046519041061401},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4526989758014679},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.18921807408332825}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1080/15567280500541439","is_oa":false,"landing_page_url":"https://doi.org/10.1080/15567280500541439","pdf_url":null,"source":{"id":"https://openalex.org/S127916260","display_name":"Journal of Digital Forensic Practice","issn_l":"1556-7281","issn":["1556-7281","1556-7346"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320547","host_organization_name":"Taylor & Francis","host_organization_lineage":["https://openalex.org/P4310320547"],"host_organization_lineage_names":["Taylor & Francis"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Digital Forensic Practice","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052","https://openalex.org/W2382290278","https://openalex.org/W4395014643"],"abstract_inverted_index":{"ABSTRACT":[0],"This":[1,54,254],"is":[2,95,291],"the":[3,11,28,72,98,102,113,117,138,151,156,180,188,207,229,235,242,264,275,284,326,346],"first":[4],"of":[5,13,20,60,76,92,104,120,163,182,190,233,266,277,288,308,343,372,381,397,486],"two":[6],"papers":[7],"that":[8,33,48,128,214,314],"deal":[9],"with":[10,159,297],"development":[12],"running":[14],"state":[15],"requirements":[16,211],"for":[17,112,124,206,212,223,250,321,345,366,386,470],"functional":[18],"testing":[19,91,110],"security":[21,43,82,93,164,243,260,332,420],"software":[22],"and":[23,41,46,74,122,141,169,187,209,218,241,246,270,272,305,318,472],"hardware":[24],"systems.":[25],"It":[26],"outlines":[27,56],"need":[29],"to":[30,70,172,292,338,444,467],"adopt":[31],"paradigms":[32],"reflect":[34],"typical":[35],"usage":[36,139,231],"patterns,":[37],"prevalent":[38,278],"infection":[39,67,126,144,238,280],"methods,":[40],"proper":[42],"tool":[44,244,301,354],"use":[45,181],"configurations":[47,248],"are":[49,221,312,335],"grounded":[50],"in":[51,87,101,200,283,325],"real-world":[52],"scenarios.":[53],"paper":[55,202,255],"a":[57,160,170,183,198,258,298,340],"practical":[58],"set":[59,162,342],"such":[61,197],"test":[62,176,333],"tools":[63],"based":[64,178],"on":[65,179],"attack":[66,105,125,134,143,237,279],"techniques":[68,145,281,334],"designed":[69],"evaluate":[71],"efficacy":[73],"utility":[75],"signature":[77,317],"as":[78,80,132,274],"well":[79],"knowledge-based":[81],"systems,":[83],"including":[84],"those":[85],"found":[86],"forensic":[88,174,295],"toolkits.":[89],"Signature-based":[90],"solutions":[94,177],"complicated":[96],"by":[97],"continuing":[99],"increase":[100],"number":[103],"signatures.":[106],"Likewise,":[107],"realistic":[108],"behavioral":[109,319],"methods":[111,127],"same":[114],"suffer":[115],"from":[116,263,437,489,498],"increasing":[118],"numbers":[119],"combinations":[121],"permutations":[123],"quickly":[129],"become":[130],"outdated":[131],"new":[133],"categories":[135],"emerge.":[136],"However,":[137],"patterns":[140,232],"base":[142],"have":[146],"remained":[147],"largely":[148],"stable":[149],"over":[150],"past":[152],"4":[153],"years.":[154],"Thus,":[155],"heuristics":[157,320],"associated":[158],"recognizable":[161],"principles":[165,344],"presents":[166],"an":[167,309],"opportunity":[168],"challenge":[171],"construct":[173],"analysis":[175,306],"security-pattern":[184],"database":[185,357],"(SPD)":[186],"concept":[189],"adaptive":[191,349],"event":[192,350],"logging.":[193],"The":[194,286,329],"author":[195],"proposes":[196],"mechanism":[199],"this":[201,289],"using":[203],"three":[204,327],"domains":[205,227],"SPD":[208],"trigger":[210],"ensuring":[213],"application,":[215],"security,":[216],"system,":[217],"network":[219],"logging":[220],"enabled":[222],"selected":[224],"events.":[225],"These":[226],"represent":[228],"normal":[230],"PCs,":[234],"basic":[236],"method":[239],"categories,":[240],"capabilities":[245],"their":[247],"necessary":[249],"optimum":[251],"computer":[252],"protection.":[253],"also":[256,336],"shows":[257],"heuristic":[259],"checklist":[261],"formed":[262],"decomposition":[265],"50":[267,433],"Trojans,":[268],"worms,":[269],"spyware":[271],"used":[273],"basis":[276],"currently":[282],"wild.":[285],"purpose":[287],"exercise":[290],"assist":[293],"digital":[294],"practitioners":[296],"decision":[299],"support":[300],"during":[302],"evidence":[303],"gathering":[304],"phases":[307],"investigation.":[310],"Recommendations":[311],"provided":[313],"show":[315],"effective":[316,331],"further":[322],"refining":[323],"sub-problems":[324],"domains.":[328],"most":[330],"shown":[337],"provide":[339],"common":[341],"SPD.":[347],"KEYWORDS:":[348],"loggingforensic":[351],"expert":[352],"systemforensic":[353],"integrationsecurity":[355],"pattern":[356],"Notes":[358],"1.":[359],"\"Electronic":[360],"Crime":[361],"Scene":[362],"Investigation:":[363],"A":[364,384],"Guide":[365,385,466],"First":[367],"Responders,\"":[368],"July":[369,410],"2001,":[370],"Institute":[371,396],"Justice":[373],"Web":[374,453],"site":[375,454],"at":[376,399,408,412,427,455],"http://www.ojp.usdoj.gov/nij/pubs-sum/187736.htm.":[377],"2.":[378],"\"Forensic":[379],"Examination":[380],"Digital":[382],"Evidence:":[383],"Law":[387],"Enforcement\",":[388],"NCJ":[389],"199408,":[390],"April":[391],"2004,":[392,411],"Special":[393],"Report,":[394],"National":[395,483],"Justice,":[398],"http://www.ncjrs.gov/txtfiles1/nij/199408.pdf.":[400],"3.":[401],"Jim":[402],"Lyle,":[403],"\"Computer":[404],"Forensics":[405],"Tool":[406],"Testing":[407],"NIST\",":[409],"http://www.cftt.nist.gov/documents/Amalfi-04.ppt.":[413],"4.":[414],"John":[415,430,492],"Kerivan,":[416,431,493],"Kenneth":[417],"Brothers,":[418],"\"Self-Defending":[419],"software\",":[421],"October,":[422],"2005,":[423],"Milcom":[424],"2005":[425],"paper,":[426],"http://www.ngran.com/pages/819506/index.htm.":[428,438,499],"5.":[429],"\"Top":[432],"Malware":[434],"Emulators,\"":[435],"Available":[436,488,497],"6.":[439],"\"PerfMon":[440],"Sample:":[441],"Demonstrates":[442],"How":[443],"Monitor":[445],"System":[446],"Performance":[447,449],"Using":[448],"Counters\",":[450],"Microsoft":[451],"MSDN":[452],"http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cssample/html/vcsamperfmonsamplecsharp.asp.":[456],"7.":[457],"See":[458],"http://www.spywareguide.com/product_show.php?id=470.":[459],"8.":[460],"Bruce":[461],"Nordman,":[462],"et":[463],"al.,":[464],"\"User":[465],"Power":[468],"Management":[469],"PCs":[471],"Monitors\",":[473],"January":[474],"1997,":[475],"Energy":[476],"Analysis":[477],"Program,":[478],"Ernest":[479],"Orlando":[480],"Lawrence":[481],"Berkeley":[482],"Laboratory,":[484],"University":[485],"California.":[487],"http://eetf.lbl.gov/EA/Reports/39466.":[490],"9.":[491],"\"SPD":[494],"Data":[495],"Dictionary,\"":[496]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}