{"id":"https://openalex.org/W2025475662","doi":"https://doi.org/10.1145/1368310.1368334","title":"A practical mimicry attack against powerful system-call monitors","display_name":"A practical mimicry attack against powerful system-call monitors","publication_year":2008,"publication_date":"2008-03-18","ids":{"openalex":"https://openalex.org/W2025475662","doi":"https://doi.org/10.1145/1368310.1368334","mag":"2025475662"},"language":"en","primary_location":{"id":"doi:10.1145/1368310.1368334","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1368310.1368334","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2008 ACM symposium on Information, computer and communications security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5075978337","display_name":"Chetan Parampalli","orcid":null},"institutions":[{"id":"https://openalex.org/I59553526","display_name":"Stony Brook University","ror":"https://ror.org/05qghxh33","country_code":"US","type":"education","lineage":["https://openalex.org/I59553526"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Chetan Parampalli","raw_affiliation_strings":["Stony Brook University, Stony Brook, NY"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Stony Brook University, Stony Brook, NY","institution_ids":["https://openalex.org/I59553526"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102886132","display_name":"R. Sekar","orcid":"https://orcid.org/0009-0008-9135-3296"},"institutions":[{"id":"https://openalex.org/I59553526","display_name":"Stony Brook University","ror":"https://ror.org/05qghxh33","country_code":"US","type":"education","lineage":["https://openalex.org/I59553526"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"R. Sekar","raw_affiliation_strings":["Stony Brook University, Stony Brook, NY"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Stony Brook University, Stony Brook, NY","institution_ids":["https://openalex.org/I59553526"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101626826","display_name":"Rob Johnson","orcid":"https://orcid.org/0000-0002-0784-7410"},"institutions":[{"id":"https://openalex.org/I59553526","display_name":"Stony Brook University","ror":"https://ror.org/05qghxh33","country_code":"US","type":"education","lineage":["https://openalex.org/I59553526"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Rob Johnson","raw_affiliation_strings":["Stony Brook University, Stony Brook, NY"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Stony Brook University, Stony Brook, NY","institution_ids":["https://openalex.org/I59553526"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":11.4413,"has_fulltext":false,"cited_by_count":81,"citation_normalized_percentile":{"value":0.98572927,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"156","last_page":"167"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/mimicry","display_name":"Mimicry","score":0.9174280166625977},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.669628381729126},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.49715402722358704},{"id":"https://openalex.org/keywords/biology","display_name":"Biology","score":0.08188986778259277},{"id":"https://openalex.org/keywords/ecology","display_name":"Ecology","score":0.07907497882843018}],"concepts":[{"id":"https://openalex.org/C7863114","wikidata":"https://www.wikidata.org/wiki/Q192627","display_name":"Mimicry","level":2,"score":0.9174280166625977},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.669628381729126},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.49715402722358704},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.08188986778259277},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.07907497882843018}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/1368310.1368334","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1368310.1368334","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2008 ACM symposium on Information, computer and communications security","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.148.5578","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.148.5578","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://seclab.cs.sunysb.edu/seclab1/pubs/asiaccs08.pdf","raw_type":"text"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.77.3569","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.77.3569","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://seclab.cs.sunysb.edu/seclab/pubs/papers/mimicry.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.7599999904632568,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G5308434208","display_name":null,"funder_award_id":"N000140110967","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"},{"id":"https://openalex.org/G7596958789","display_name":null,"funder_award_id":"CCR-0208877","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320337345","display_name":"Office of Naval Research","ror":"https://ror.org/00rk2pe57"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":45,"referenced_works":["https://openalex.org/W1112477","https://openalex.org/W34732858","https://openalex.org/W123548525","https://openalex.org/W329252750","https://openalex.org/W1499992849","https://openalex.org/W1516211918","https://openalex.org/W1533753084","https://openalex.org/W1535713556","https://openalex.org/W1542723081","https://openalex.org/W1586807939","https://openalex.org/W1593678010","https://openalex.org/W1606518565","https://openalex.org/W1825457006","https://openalex.org/W1832277845","https://openalex.org/W1903577715","https://openalex.org/W1941427975","https://openalex.org/W1947347140","https://openalex.org/W2040234252","https://openalex.org/W2103378897","https://openalex.org/W2106649514","https://openalex.org/W2109219878","https://openalex.org/W2116065364","https://openalex.org/W2118528519","https://openalex.org/W2123886726","https://openalex.org/W2135143063","https://openalex.org/W2137569638","https://openalex.org/W2140611647","https://openalex.org/W2143776233","https://openalex.org/W2146211060","https://openalex.org/W2160892968","https://openalex.org/W2167332015","https://openalex.org/W2170973665","https://openalex.org/W2350778671","https://openalex.org/W2886481750","https://openalex.org/W2914982603","https://openalex.org/W3004355593","https://openalex.org/W3158541704","https://openalex.org/W4234020632","https://openalex.org/W4285719527","https://openalex.org/W4299301436","https://openalex.org/W4353004773","https://openalex.org/W6600040955","https://openalex.org/W6632050797","https://openalex.org/W6635038715","https://openalex.org/W6681652963"],"related_works":["https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2566749067","https://openalex.org/W2159218316","https://openalex.org/W2332959588","https://openalex.org/W2379994817","https://openalex.org/W1980659691","https://openalex.org/W2373086291","https://openalex.org/W3196321079","https://openalex.org/W3158429762"],"abstract_inverted_index":{"System-call":[0],"monitoring":[1,23],"has":[2],"become":[3],"the":[4,34,141,200,213],"basis":[5],"for":[6,65,84],"many":[7],"hostbased":[8],"intrusion":[9],"detection":[10],"as":[11,13,116,118,207,209],"well":[12,208],"policy":[14],"enforcement":[15],"techniques.":[16],"Mimicry":[17,37],"attacks":[18,38,68,87,121,148,154,174],"attempt":[19],"to":[20,50,72,139,158,166,169,219,235],"evade":[21,51,182],"system-call":[22],"IDS":[24,74,177,229],"by":[25],"executing":[26],"innocuous-looking":[27],"sequences":[28],"of":[29,43,45,143,186,199,202,215,224],"system":[30,46,204],"calls":[31,47],"that":[32,93,163],"accomplish":[33,140],"attacker\u2019s":[35],"goals.":[36],"may":[39],"execute":[40],"a":[41,55,100,127,131,183],"sequence":[42,56],"dozens":[44],"in":[48],"order":[49],"detection.":[52],"Finding":[53],"such":[54],"is":[57],"difficult,":[58],"so":[59],"researchers":[60],"have":[61,196],"focused":[62],"on":[63],"tools":[64],"automating":[66],"mimicry":[67,86,120,153],"and":[69,91,103,155,221,227,232],"extending":[70],"them":[71],"gray-box":[73,228],"1.":[75],"In":[76],"this":[77,98],"paper,":[78],"we":[79,109,191],"describe":[80],"an":[81,123],"alternative":[82],"approach":[83],"building":[85],"using":[88,130],"only":[89],"skills":[90],"technologies":[92],"hackers":[94],"possess":[95],"today,":[96],"making":[97],"attack":[99,134],"more":[101],"immediate":[102],"realistic":[104],"threat.":[105],"These":[106],"attacks,":[107,113,161],"which":[108,190],"call":[110,192,205],"persistent":[111,132,236],"interposition":[112,133,147,173,237],"are":[114,137,149,156,164,175,230],"not":[115,176],"powerful":[117],"traditional":[119],"\u2014":[122,135,179],"adversary":[124],"cannot":[125],"obtain":[126],"root":[128],"shell":[129],"but":[136],"sufficient":[138],"goals":[142],"today\u2019s":[144,225],"cyber-criminals.":[145],"Persistent":[146,172],"stealthier":[150],"than":[151],"standard":[152],"amenable":[157],"covert":[159],"information-harvesting":[160],"features":[162],"likely":[165],"be":[167],"attractive":[168],"profitmotivated":[170],"criminals.":[171],"specific":[178],"they":[180],"can":[181],"large":[184],"class":[185],"systemcall-monitoring":[187],"intrusion-detection":[188],"systems,":[189],"I/O-data-oblivious.":[193],"I/O-data-oblivious":[194,231],"monitors":[195],"perfect":[197],"knowledge":[198],"values":[201],"all":[203],"arguments":[206,218],"their":[210],"relationships,":[211],"with":[212],"exception":[214],"data":[216],"buffer":[217],"read":[220],"write.":[222],"Many":[223],"black-box":[226],"hence":[233],"vulnerable":[234],"attacks.":[238]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":5},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":5},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":6},{"year":2017,"cited_by_count":8},{"year":2016,"cited_by_count":1},{"year":2015,"cited_by_count":3},{"year":2014,"cited_by_count":7},{"year":2013,"cited_by_count":1},{"year":2012,"cited_by_count":5}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}