{"id":"https://openalex.org/W2778550065","doi":"https://doi.org/10.1109/cns.2017.8228671","title":"Black penguin: On the feasibility of detecting intrusion with homogeneous memory","display_name":"Black penguin: On the feasibility of detecting intrusion with homogeneous memory","publication_year":2017,"publication_date":"2017-10-01","ids":{"openalex":"https://openalex.org/W2778550065","doi":"https://doi.org/10.1109/cns.2017.8228671","mag":"2778550065"},"language":"en","primary_location":{"id":"doi:10.1109/cns.2017.8228671","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cns.2017.8228671","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 IEEE Conference on Communications and Network Security (CNS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100404886","display_name":"Ning Zhang","orcid":"https://orcid.org/0000-0002-8781-4925"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Ning Zhang","raw_affiliation_strings":["Virginia Polytechnic Institute and State University, VA"],"affiliations":[{"raw_affiliation_string":"Virginia Polytechnic Institute and State University, VA","institution_ids":["https://openalex.org/I859038795"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001041637","display_name":"Ruide Zhang","orcid":"https://orcid.org/0000-0002-3639-6217"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ruide Zhang","raw_affiliation_strings":["Virginia Polytechnic Institute and State University, VA"],"affiliations":[{"raw_affiliation_string":"Virginia Polytechnic Institute and State University, VA","institution_ids":["https://openalex.org/I859038795"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5042277127","display_name":"Qiben Yan","orcid":"https://orcid.org/0000-0001-6272-7668"},"institutions":[{"id":"https://openalex.org/I114395901","display_name":"University of Nebraska\u2013Lincoln","ror":"https://ror.org/043mer456","country_code":"US","type":"education","lineage":["https://openalex.org/I114395901"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Qiben Yan","raw_affiliation_strings":["University of Nebraska-Lincoln, Lincoln, NE, USA"],"affiliations":[{"raw_affiliation_string":"University of Nebraska-Lincoln, Lincoln, NE, USA","institution_ids":["https://openalex.org/I114395901"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001879281","display_name":"Wenjing Lou","orcid":"https://orcid.org/0000-0002-2421-4623"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Wenjing Lou","raw_affiliation_strings":["Virginia Polytechnic Institute and State University, VA"],"affiliations":[{"raw_affiliation_string":"Virginia Polytechnic Institute and State University, VA","institution_ids":["https://openalex.org/I859038795"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059824798","display_name":"Y. Thomas Hou","orcid":"https://orcid.org/0000-0003-3716-5768"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Y. Thomas Hou","raw_affiliation_strings":["Virginia Polytechnic Institute and State University, VA"],"affiliations":[{"raw_affiliation_string":"Virginia Polytechnic Institute and State University, VA","institution_ids":["https://openalex.org/I859038795"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5034366344","display_name":"Danfeng Yao","orcid":"https://orcid.org/0000-0001-8969-2792"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Danfeng Yao","raw_affiliation_strings":["Virginia Polytechnic Institute and State University, VA"],"affiliations":[{"raw_affiliation_string":"Virginia Polytechnic Institute and State University, VA","institution_ids":["https://openalex.org/I859038795"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5100404886"],"corresponding_institution_ids":["https://openalex.org/I859038795"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.22660837,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"3","issue":null,"first_page":"586","last_page":"594"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8391401171684265},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.77446448802948},{"id":"https://openalex.org/keywords/workstation","display_name":"Workstation","score":0.703902006149292},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.47427043318748474},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.426611065864563},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.42539823055267334},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.4181663990020752},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.2863692045211792},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.19006690382957458}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8391401171684265},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.77446448802948},{"id":"https://openalex.org/C67953723","wikidata":"https://www.wikidata.org/wiki/Q192525","display_name":"Workstation","level":2,"score":0.703902006149292},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.47427043318748474},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.426611065864563},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.42539823055267334},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.4181663990020752},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.2863692045211792},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.19006690382957458}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/cns.2017.8228671","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cns.2017.8228671","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 IEEE Conference on Communications and Network Security (CNS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":42,"referenced_works":["https://openalex.org/W6385438","https://openalex.org/W58852127","https://openalex.org/W139772808","https://openalex.org/W1485086418","https://openalex.org/W1507388815","https://openalex.org/W1520941164","https://openalex.org/W1559498407","https://openalex.org/W1608434238","https://openalex.org/W1674910155","https://openalex.org/W1739467010","https://openalex.org/W1775772884","https://openalex.org/W1903577715","https://openalex.org/W1956767865","https://openalex.org/W1977593541","https://openalex.org/W1985987493","https://openalex.org/W2005886648","https://openalex.org/W2025475662","https://openalex.org/W2040431736","https://openalex.org/W2112731379","https://openalex.org/W2123301443","https://openalex.org/W2128217000","https://openalex.org/W2135143063","https://openalex.org/W2145079976","https://openalex.org/W2147717514","https://openalex.org/W2162101611","https://openalex.org/W2166844173","https://openalex.org/W2180474751","https://openalex.org/W2399247437","https://openalex.org/W2405765885","https://openalex.org/W3007346474","https://openalex.org/W3136767761","https://openalex.org/W4285719527","https://openalex.org/W6600256889","https://openalex.org/W6602413418","https://openalex.org/W6605725336","https://openalex.org/W6631038397","https://openalex.org/W6636244347","https://openalex.org/W6637217219","https://openalex.org/W6638021444","https://openalex.org/W6639770171","https://openalex.org/W6640826072","https://openalex.org/W6712290283"],"related_works":["https://openalex.org/W2770234245","https://openalex.org/W96612179","https://openalex.org/W4229499248","https://openalex.org/W2566006169","https://openalex.org/W2045348955","https://openalex.org/W2352028719","https://openalex.org/W2584886384","https://openalex.org/W2378667902","https://openalex.org/W2052769075","https://openalex.org/W1567818861"],"abstract_inverted_index":{"Growing":[0],"complexity":[1],"in":[2,44,49,136],"modern":[3],"software":[4],"is":[5,83,218],"making":[6],"signature-based":[7],"intrusion":[8,15,127,229],"detection":[9,16,128,140],"an":[10,81],"increasing":[11],"challenge.":[12],"Many":[13],"recent":[14],"systems":[17],"rely":[18],"on":[19,85,121,245],"accurate":[20],"recovery":[21],"of":[22,110,132,159,166,182,199,237,248],"application":[23,82,185,217],"semantics":[24],"from":[25,34,94,107],"memory.":[26],"In":[27,113],"this":[28,114,191],"paper,":[29],"we":[30,116,162,177,193,211,241],"approach":[31],"the":[32,41,71,77,95,108,111,157,179,183,203,213,216,228,235,238,246,249],"problem":[33],"a":[35,100,124,143],"different":[36,67,74,93,106,187],"angle.":[37],"We":[38],"observe":[39],"that":[40,146],"user":[42,188],"applications":[43,61],"corporate":[45,137],"network":[46],"often":[47],"run":[48],"identical":[50],"system":[51,129,141,251],"environments":[52],"due":[53],"to":[54,98,226],"standardized":[55],"IT":[56],"deployment":[57],"procedure.":[58],"The":[59,139],"same":[60,184],"share":[62],"similar":[63,97],"runtime":[64,89],"statistics":[65,135,198],"across":[66],"workstations":[68],"through":[69],"out":[70],"time,":[72],"despite":[73],"uses":[75],"by":[76,208],"end":[78],"users.":[79],"When":[80],"compromised":[84],"one":[86],"workstation,":[87],"its":[88],"profile":[90],"would":[91,103],"be":[92],"rest,":[96],"how":[99],"black":[101],"penguin":[102],"look":[104],"distinctly":[105],"rest":[109],"colony.":[112],"work,":[115],"present":[117],"our":[118],"preliminary":[119,232],"study":[120],"Black":[122,160],"Penguin,":[123,161],"compare-view":[125],"based":[126],"leveraging":[130],"homogeneity":[131],"application-level":[133],"memory":[134,148,197],"environment.":[138],"follows":[142],"three-step":[144],"process":[145],"includes":[147],"analysis,":[149],"unsupervised":[150],"learning":[151],"and":[152,171,195],"risk":[153],"mitigation.":[154],"To":[155,190],"explore":[156],"feasibility":[158,236],"conduct":[163],"two":[164],"types":[165],"experiments":[167],"using":[168],"Internet":[169],"Explorer":[170],"Firefox":[172],"as":[173,252,254],"target":[174],"applications.":[175],"First,":[176],"examine":[178,212],"statistical":[180],"differences":[181],"under":[186,219],"usage.":[189],"end,":[192],"collect":[194],"analyze":[196],"browser":[200,222],"when":[201,215],"visiting":[202],"top":[204],"500":[205],"websites":[206],"ranked":[207],"Moz.":[209],"Second,":[210],"difference":[214],"attack.":[220],"Several":[221],"attacks":[223],"are":[224],"used":[225],"generate":[227],"samples.":[230],"Our":[231],"evaluation":[233],"demonstrates":[234],"approach.":[239],"Lastly,":[240],"also":[242],"provide":[243],"discussions":[244],"limitations":[247],"proposed":[250],"well":[253],"future":[255],"directions.":[256]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}