{"id":"https://openalex.org/W3118507196","doi":"https://doi.org/10.1109/tii.2020.3048791","title":"VMShield: Memory Introspection-Based Malware Detection to Secure Cloud-Based Services Against Stealthy Attacks","display_name":"VMShield: Memory Introspection-Based Malware Detection to Secure Cloud-Based Services Against Stealthy Attacks","publication_year":2021,"publication_date":"2021-01-01","ids":{"openalex":"https://openalex.org/W3118507196","doi":"https://doi.org/10.1109/tii.2020.3048791","mag":"3118507196"},"language":"en","primary_location":{"id":"doi:10.1109/tii.2020.3048791","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tii.2020.3048791","pdf_url":null,"source":{"id":"https://openalex.org/S184777250","display_name":"IEEE Transactions on Industrial Informatics","issn_l":"1551-3203","issn":["1551-3203","1941-0050"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Industrial Informatics","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5071738342","display_name":"Preeti Mishra","orcid":"https://orcid.org/0000-0002-3809-0887"},"institutions":[{"id":"https://openalex.org/I60054993","display_name":"Graphic Era University","ror":"https://ror.org/03wqgqd89","country_code":"IN","type":"education","lineage":["https://openalex.org/I60054993"]}],"countries":["IN"],"is_corresponding":true,"raw_author_name":"Preeti Mishra","raw_affiliation_strings":["Department of CSE, Graphic Era Deemed to be University, Dehradun, Uttarakhand, India"],"raw_orcid":"https://orcid.org/0000-0002-3809-0887","affiliations":[{"raw_affiliation_string":"Department of CSE, Graphic Era Deemed to be University, Dehradun, Uttarakhand, India","institution_ids":["https://openalex.org/I60054993"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5076910903","display_name":"Palak Aggarwal","orcid":"https://orcid.org/0000-0002-5392-5934"},"institutions":[{"id":"https://openalex.org/I60054993","display_name":"Graphic Era University","ror":"https://ror.org/03wqgqd89","country_code":"IN","type":"education","lineage":["https://openalex.org/I60054993"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Palak Aggarwal","raw_affiliation_strings":["Department of CSE, Graphic Era Deemed to be University, Dehradun, Uttarakhand, India"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of CSE, Graphic Era Deemed to be University, Dehradun, Uttarakhand, India","institution_ids":["https://openalex.org/I60054993"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5018737268","display_name":"Ankit Vidyarthi","orcid":"https://orcid.org/0000-0002-8026-4246"},"institutions":[{"id":"https://openalex.org/I154970844","display_name":"Jaypee Institute of Information Technology","ror":"https://ror.org/05sttyy11","country_code":"IN","type":"education","lineage":["https://openalex.org/I154970844"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Ankit Vidyarthi","raw_affiliation_strings":["Department of CSE&IT, Jaypee Institute of Information Technology, Noida, Uttar Pradesh, India"],"raw_orcid":"https://orcid.org/0000-0002-8026-4246","affiliations":[{"raw_affiliation_string":"Department of CSE&IT, Jaypee Institute of Information Technology, Noida, Uttar Pradesh, India","institution_ids":["https://openalex.org/I154970844"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5070924615","display_name":"Pawan Singh","orcid":"https://orcid.org/0000-0002-1342-9493"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Pawan Singh","raw_affiliation_strings":["Department of CSE, Amity University Uttar Pradesh, Lucknow, Uttar Pradesh, India"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of CSE, Amity University Uttar Pradesh, Lucknow, Uttar Pradesh, India","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5086544678","display_name":"Baseem Khan","orcid":"https://orcid.org/0000-0002-0562-0933"},"institutions":[{"id":"https://openalex.org/I193649603","display_name":"Hawassa University","ror":"https://ror.org/04r15fz20","country_code":"ET","type":"education","lineage":["https://openalex.org/I193649603"]}],"countries":["ET"],"is_corresponding":false,"raw_author_name":"Baseem Khan","raw_affiliation_strings":["Department of Electrical and Computer Engineering, Hawassa University, Hawassa, Southern Nations, Ethiopia"],"raw_orcid":"https://orcid.org/0000-0002-0562-0933","affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, Hawassa University, Hawassa, Southern Nations, Ethiopia","institution_ids":["https://openalex.org/I193649603"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5078010800","display_name":"Hassan Haes Alhelou","orcid":null},"institutions":[{"id":"https://openalex.org/I100930933","display_name":"University College Dublin","ror":"https://ror.org/05m7pjf47","country_code":"IE","type":"education","lineage":["https://openalex.org/I100930933"]},{"id":"https://openalex.org/I108907416","display_name":"Latakia University","ror":"https://ror.org/04nqts970","country_code":"SY","type":"education","lineage":["https://openalex.org/I108907416"]}],"countries":["IE","SY"],"is_corresponding":false,"raw_author_name":"Hassan Haes Alhelou","raw_affiliation_strings":["Department of Electrical Power Engineering, Tishreen University, Lattakia, Syria","School of Electrical and Electronic Engineering, University College Dublin, Dublin, Ireland"],"raw_orcid":"https://orcid.org/0000-0002-7427-2848","affiliations":[{"raw_affiliation_string":"Department of Electrical Power Engineering, Tishreen University, Lattakia, Syria","institution_ids":["https://openalex.org/I108907416"]},{"raw_affiliation_string":"School of Electrical and Electronic Engineering, University College Dublin, Dublin, Ireland","institution_ids":["https://openalex.org/I100930933"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5035300094","display_name":"Pierluigi Siano","orcid":"https://orcid.org/0000-0002-0975-0241"},"institutions":[{"id":"https://openalex.org/I131729948","display_name":"University of Salerno","ror":"https://ror.org/0192m2k53","country_code":"IT","type":"education","lineage":["https://openalex.org/I131729948"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Pierluigi Siano","raw_affiliation_strings":["Department of Management & Innovation Systems, University of Salerno, Fisciano, Italy"],"raw_orcid":"https://orcid.org/0000-0002-0975-0241","affiliations":[{"raw_affiliation_string":"Department of Management & Innovation Systems, University of Salerno, Fisciano, Italy","institution_ids":["https://openalex.org/I131729948"]}]}],"institutions":[],"countries_distinct_count":5,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5071738342"],"corresponding_institution_ids":["https://openalex.org/I60054993"],"apc_list":null,"apc_paid":null,"fwci":6.5681,"has_fulltext":false,"cited_by_count":59,"citation_normalized_percentile":{"value":0.96791902,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":100},"biblio":{"volume":"17","issue":"10","first_page":"6754","last_page":"6764"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8288789987564087},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7801579833030701},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.7600561380386353},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5827394127845764},{"id":"https://openalex.org/keywords/hypervisor","display_name":"Hypervisor","score":0.5746631026268005},{"id":"https://openalex.org/keywords/virtual-machine","display_name":"Virtual machine","score":0.49563300609588623},{"id":"https://openalex.org/keywords/virtualization","display_name":"Virtualization","score":0.2772902548313141},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.14585551619529724}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8288789987564087},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7801579833030701},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.7600561380386353},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5827394127845764},{"id":"https://openalex.org/C112904061","wikidata":"https://www.wikidata.org/wiki/Q1077480","display_name":"Hypervisor","level":4,"score":0.5746631026268005},{"id":"https://openalex.org/C25344961","wikidata":"https://www.wikidata.org/wiki/Q192726","display_name":"Virtual machine","level":2,"score":0.49563300609588623},{"id":"https://openalex.org/C513985346","wikidata":"https://www.wikidata.org/wiki/Q270471","display_name":"Virtualization","level":3,"score":0.2772902548313141},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.14585551619529724}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tii.2020.3048791","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tii.2020.3048791","pdf_url":null,"source":{"id":"https://openalex.org/S184777250","display_name":"IEEE Transactions on Industrial Informatics","issn_l":"1551-3203","issn":["1551-3203","1941-0050"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Industrial Informatics","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6600000262260437,"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":21,"referenced_works":["https://openalex.org/W1531421324","https://openalex.org/W1641762327","https://openalex.org/W2087740020","https://openalex.org/W2129860818","https://openalex.org/W2176830056","https://openalex.org/W2481266035","https://openalex.org/W2580663612","https://openalex.org/W2620612601","https://openalex.org/W2808675934","https://openalex.org/W2912048809","https://openalex.org/W2914876238","https://openalex.org/W2953931649","https://openalex.org/W2963022916","https://openalex.org/W2968813395","https://openalex.org/W2972160586","https://openalex.org/W2972270478","https://openalex.org/W2982634382","https://openalex.org/W3044238138","https://openalex.org/W4407723147","https://openalex.org/W6637110787","https://openalex.org/W6685576885"],"related_works":["https://openalex.org/W2976854232","https://openalex.org/W2743348030","https://openalex.org/W2622620488","https://openalex.org/W2075174112","https://openalex.org/W2145292010","https://openalex.org/W572531444","https://openalex.org/W2921575628","https://openalex.org/W3179371161","https://openalex.org/W3035751361","https://openalex.org/W1549854681"],"abstract_inverted_index":{"With":[0],"the":[1,5,19,25,35,42,94,99,108,112,120,142,156,171,184,192,214],"rapid":[2],"evolution":[3],"of":[4,37,102,117,148,182,186,198,208,218],"industrial":[6,15],"Internet,":[7],"cloud":[8,75,86,205],"service":[9,39,77],"has":[10,18,210],"emerged":[11],"as":[12,50],"a":[13,46,74,123,226],"next-generation":[14],"standard":[16],"that":[17,223],"potential":[20],"to":[21,82,97,110,135,169,235],"revolutionize":[22],"and":[23,129,151,176,203,216,231],"transform":[24],"enterprise":[26],"industry.":[27],"In":[28,57],"recent":[29],"years,":[30],"numerous":[31],"enterprises":[32],"have":[33],"acknowledged":[34],"benefits":[36],"cloud-based":[38],"models.":[40],"However,":[41],"security":[43,65,113],"issues":[44],"are":[45],"major":[47],"concern,":[48],"such":[49],"stealthy":[51,137],"malware":[52,84,109,187],"attacks":[53],"against":[54],"virtual":[55,71,90],"domains.":[56],"this":[58],"article,":[59],"we":[60],"propose":[61],"an":[62,189],"introspection":[63,92,118],"based":[64,76],"approach,":[66],"called":[67],"VMShield":[68,88,140,224],"for":[69,107,213],"securing":[70],"domains":[72],"in":[73,85],"platform,":[78],"which":[79,133],"is":[80,167],"designed":[81],"detect":[83,136],"infrastructure.":[87],"performs":[89],"memory":[91],"from":[93],"hypervisor":[95],"(trusted-domain)":[96],"collect":[98],"run-time":[100],"behavior":[101],"processes,":[103,178],"making":[104,179],"it":[105,180],"impossible":[106],"evade":[111],"tool.":[114],"The":[115,139,196,220],"use":[116],"makes":[119],"proposed":[121,237],"approach":[122,150],"better":[124],"choice":[125],"over":[126,191],"traditional":[127],"static":[128],"dynamic":[130],"state-of-the-art":[131],"techniques":[132],"fail":[134],"attacks.":[138],"extracts":[141],"system":[143],"call":[144],"features":[145,154],"using":[146,155],"Bag":[147],"n-gram":[149],"selects":[152],"important":[153],"meta-heuristic":[157],"algorithm,":[158],"binary":[159],"particle":[160],"swarm":[161],"optimization.":[162],"Random":[163],"Forest":[164],"(RF)":[165],"classifier":[166],"used":[168,212],"classify":[170],"monitored":[172],"programs":[173],"into":[174],"benign":[175],"malign":[177],"capable":[181],"detecting":[183],"variants":[185],"thus,":[188],"advantage":[190],"typical":[193],"signature-matching":[194],"approach.":[195],"University":[197],"New":[199],"Mexico":[200],"(UNM)":[201],"Dataset":[202,206],"Bare":[204],"(University":[207],"California)":[209],"been":[211],"demonstration":[215],"validation":[217],"VMShield.":[219],"results":[221],"prove":[222],"achieves":[225],"higher":[227],"attack":[228],"detection":[229],"rate":[230],"reduced":[232],"storage":[233],"compared":[234],"previously":[236],"techniques.":[238]},"counts_by_year":[{"year":2026,"cited_by_count":4},{"year":2025,"cited_by_count":14},{"year":2024,"cited_by_count":12},{"year":2023,"cited_by_count":10},{"year":2022,"cited_by_count":11},{"year":2021,"cited_by_count":8}],"updated_date":"2026-05-21T09:19:25.381259","created_date":"2025-10-10T00:00:00"}