{"id":"https://openalex.org/W2291312831","doi":"https://doi.org/10.1109/malware.2015.7413687","title":"Covert remote syscall communication at kernel level: A SPOOKY backdoor","display_name":"Covert remote syscall communication at kernel level: A SPOOKY backdoor","publication_year":2015,"publication_date":"2015-10-01","ids":{"openalex":"https://openalex.org/W2291312831","doi":"https://doi.org/10.1109/malware.2015.7413687","mag":"2291312831"},"language":"en","primary_location":{"id":"doi:10.1109/malware.2015.7413687","is_oa":false,"landing_page_url":"https://doi.org/10.1109/malware.2015.7413687","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 10th International Conference on Malicious and Unwanted Software (MALWARE)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5087945190","display_name":"F. Kerber","orcid":"https://orcid.org/0000-0002-4553-5186"},"institutions":[{"id":"https://openalex.org/I887968799","display_name":"RWTH Aachen University","ror":"https://ror.org/04xfq0f34","country_code":"DE","type":"education","lineage":["https://openalex.org/I887968799"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Florian Kerber","raw_affiliation_strings":["RWTH Aachen University, Research Group IT Security, Aachen, Germany"],"affiliations":[{"raw_affiliation_string":"RWTH Aachen University, Research Group IT Security, Aachen, Germany","institution_ids":["https://openalex.org/I887968799"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038158947","display_name":"Dominik Teubert","orcid":null},"institutions":[{"id":"https://openalex.org/I887968799","display_name":"RWTH Aachen University","ror":"https://ror.org/04xfq0f34","country_code":"DE","type":"education","lineage":["https://openalex.org/I887968799"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Dominik Teubert","raw_affiliation_strings":["RWTH Aachen University, Research Group IT Security, Aachen, Germany"],"affiliations":[{"raw_affiliation_string":"RWTH Aachen University, Research Group IT Security, Aachen, Germany","institution_ids":["https://openalex.org/I887968799"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5001580305","display_name":"Ulrike Meyer","orcid":"https://orcid.org/0000-0002-2569-1042"},"institutions":[{"id":"https://openalex.org/I887968799","display_name":"RWTH Aachen University","ror":"https://ror.org/04xfq0f34","country_code":"DE","type":"education","lineage":["https://openalex.org/I887968799"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Ulrike Meyer","raw_affiliation_strings":["RWTH Aachen University, Research Group IT Security, Aachen, Germany"],"affiliations":[{"raw_affiliation_string":"RWTH Aachen University, Research Group IT Security, Aachen, Germany","institution_ids":["https://openalex.org/I887968799"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5087945190"],"corresponding_institution_ids":["https://openalex.org/I887968799"],"apc_list":null,"apc_paid":null,"fwci":0.2894,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.59393487,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"74","last_page":"81"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/backdoor","display_name":"Backdoor","score":0.9795652627944946},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7675231695175171},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6405282616615295},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.6250859498977661},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5133664011955261},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.507014274597168},{"id":"https://openalex.org/keywords/rootkit","display_name":"Rootkit","score":0.48200979828834534},{"id":"https://openalex.org/keywords/host","display_name":"Host (biology)","score":0.4479387402534485},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.43044403195381165},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.25330376625061035},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.2112855315208435}],"concepts":[{"id":"https://openalex.org/C2781045450","wikidata":"https://www.wikidata.org/wiki/Q254569","display_name":"Backdoor","level":2,"score":0.9795652627944946},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7675231695175171},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6405282616615295},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.6250859498977661},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5133664011955261},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.507014274597168},{"id":"https://openalex.org/C10144332","wikidata":"https://www.wikidata.org/wiki/Q14645","display_name":"Rootkit","level":3,"score":0.48200979828834534},{"id":"https://openalex.org/C126831891","wikidata":"https://www.wikidata.org/wiki/Q221673","display_name":"Host (biology)","level":2,"score":0.4479387402534485},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.43044403195381165},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.25330376625061035},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.2112855315208435},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/malware.2015.7413687","is_oa":false,"landing_page_url":"https://doi.org/10.1109/malware.2015.7413687","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 10th International Conference on Malicious and Unwanted Software (MALWARE)","raw_type":"proceedings-article"},{"id":"pmh:oai:publications.rwth-aachen.de:713833","is_oa":false,"landing_page_url":"https://publications.rwth-aachen.de/search?p=id:%22RWTH-2018-01311%22","pdf_url":null,"source":{"id":"https://openalex.org/S4306401033","display_name":"RWTH Publications (RWTH Aachen)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I887968799","host_organization_name":"RWTH Aachen University","host_organization_lineage":["https://openalex.org/I887968799"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"[Piscataway, NJ] : IEEE (2015). doi:10.1109/MALWARE.2015.7413687","raw_type":"info:eu-repo/semantics/conferenceObject"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.7900000214576721}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":10,"referenced_works":["https://openalex.org/W1537246865","https://openalex.org/W1811605617","https://openalex.org/W1968549720","https://openalex.org/W1975582382","https://openalex.org/W2014051288","https://openalex.org/W2036068512","https://openalex.org/W2102001185","https://openalex.org/W2117882778","https://openalex.org/W4399596798","https://openalex.org/W6868982834"],"related_works":["https://openalex.org/W2929621094","https://openalex.org/W1996006176","https://openalex.org/W4285325964","https://openalex.org/W1994712384","https://openalex.org/W4240186231","https://openalex.org/W2166844173","https://openalex.org/W3170525725","https://openalex.org/W3089468277","https://openalex.org/W4310805820","https://openalex.org/W2119580333"],"abstract_inverted_index":{"Malware":[0],"today":[1],"often":[2,28],"uses":[3],"very":[4],"sophisticated":[5],"methods":[6],"to":[7,51,134,145],"avoid":[8],"being":[9,102],"detected":[10],"on":[11,97],"the":[12,18,39,45,53,66,79,91,98,115,123,147],"victim":[13,46,80,99],"machine":[14],"itself.":[15],"However,":[16],"hiding":[17],"actual":[19],"communication":[20,149],"between":[21],"an":[22],"attacker":[23],"and":[24,41,68,74,119,143,150],"his":[25],"malware":[26,31],"is":[27],"neglected":[29],"by":[30,104],"authors.":[32],"As":[33],"a":[34,60,83],"consequence,":[35],"intermediate":[36],"hosts":[37],"inspecting":[38],"incoming":[40,73],"outgoing":[42,75],"traffic":[43,77],"of":[44,70,78,94],"host":[47],"may":[48],"be":[49],"able":[50],"detect":[52],"infection.":[54],"In":[55,129],"this":[56],"paper,":[57],"we":[58,131],"describe":[59],"proof-of-concept":[61,112],"server":[62,100],"backdoor":[63,89,113],"which":[64],"hides":[65],"in-":[67],"exfiltration":[69],"data":[71],"in":[72],"benign":[76],"server.":[81],"Using":[82],"low-traffic":[84],"system":[85],"call":[86],"proxy,":[87],"our":[88,111],"allows":[90],"remote":[92],"execution":[93],"arbitrary":[95],"programs":[96],"without":[101],"detectable":[103],"network":[105,125],"intrusion":[106,126],"detection":[107,127],"systems.":[108],"We":[109],"implement":[110],"using":[114],"HTTP":[116],"protocol's":[117],"Cookie-header":[118],"evaluate":[120],"it":[121],"against":[122],"SNORT":[124],"system.":[128],"addition,":[130],"show":[132],"how":[133],"use":[135],"other":[136],"widespread":[137],"services":[138],"such":[139],"as":[140],"SSH,":[141],"IPsec,":[142],"OpenVPN":[144],"conceal":[146],"attacker's":[148],"briefly":[151],"discuss":[152],"countermeasures.":[153]},"counts_by_year":[{"year":2018,"cited_by_count":1}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}