{"id":"https://openalex.org/W2009853596","doi":"https://doi.org/10.1145/1920261.1920306","title":"Cross-layer comprehensive intrusion harm analysis for production workload server systems","display_name":"Cross-layer comprehensive intrusion harm analysis for production workload server systems","publication_year":2010,"publication_date":"2010-12-06","ids":{"openalex":"https://openalex.org/W2009853596","doi":"https://doi.org/10.1145/1920261.1920306","mag":"2009853596"},"language":"en","primary_location":{"id":"doi:10.1145/1920261.1920306","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1920261.1920306","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5027504758","display_name":"Shengzhi Zhang","orcid":"https://orcid.org/0000-0001-9432-9779"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Shengzhi Zhang","raw_affiliation_strings":["Pennsylvania State University, University Park","Pennsylvania State University, University Park#TAB#"],"affiliations":[{"raw_affiliation_string":"Pennsylvania State University, University Park","institution_ids":["https://openalex.org/I130769515"]},{"raw_affiliation_string":"Pennsylvania State University, University Park#TAB#","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5015456692","display_name":"Xiaoqi Jia","orcid":"https://orcid.org/0000-0002-8376-3235"},"institutions":[{"id":"https://openalex.org/I4391768012","display_name":"State Key Laboratory of Information Security","ror":"https://ror.org/012cr4033","country_code":null,"type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404","https://openalex.org/I4391768012"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xiaoqi Jia","raw_affiliation_strings":["State Key Laboratory of Information Security, China"],"affiliations":[{"raw_affiliation_string":"State Key Laboratory of Information Security, China","institution_ids":["https://openalex.org/I4391768012"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100346828","display_name":"Peng Liu","orcid":"https://orcid.org/0000-0002-5091-8464"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Peng Liu","raw_affiliation_strings":["Pennsylvania State University, University Park","Pennsylvania State University, University Park#TAB#"],"affiliations":[{"raw_affiliation_string":"Pennsylvania State University, University Park","institution_ids":["https://openalex.org/I130769515"]},{"raw_affiliation_string":"Pennsylvania State University, University Park#TAB#","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5033745290","display_name":"Jiwu Jing","orcid":"https://orcid.org/0000-0002-3409-6149"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jiwu Jing","raw_affiliation_strings":["University of Chinese, China"],"affiliations":[{"raw_affiliation_string":"University of Chinese, China","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5027504758"],"corresponding_institution_ids":["https://openalex.org/I130769515"],"apc_list":null,"apc_paid":null,"fwci":2.7063,"has_fulltext":false,"cited_by_count":9,"citation_normalized_percentile":{"value":0.90598348,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"297","last_page":"306"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9979000091552734,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9973000288009644,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8668678998947144},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.6541035175323486},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6178520321846008},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.6074992418289185},{"id":"https://openalex.org/keywords/workload","display_name":"Workload","score":0.5460997223854065},{"id":"https://openalex.org/keywords/virtual-machine","display_name":"Virtual machine","score":0.5325972437858582},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.5082032680511475},{"id":"https://openalex.org/keywords/taint-checking","display_name":"Taint checking","score":0.4961288869380951},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.42080599069595337},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.39473581314086914},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.27033743262290955},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.09075155854225159}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8668678998947144},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.6541035175323486},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6178520321846008},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.6074992418289185},{"id":"https://openalex.org/C2778476105","wikidata":"https://www.wikidata.org/wiki/Q628539","display_name":"Workload","level":2,"score":0.5460997223854065},{"id":"https://openalex.org/C25344961","wikidata":"https://www.wikidata.org/wiki/Q192726","display_name":"Virtual machine","level":2,"score":0.5325972437858582},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.5082032680511475},{"id":"https://openalex.org/C63116202","wikidata":"https://www.wikidata.org/wiki/Q7676227","display_name":"Taint checking","level":3,"score":0.4961288869380951},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.42080599069595337},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.39473581314086914},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.27033743262290955},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.09075155854225159},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/1920261.1920306","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1920261.1920306","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th Annual Computer Security Applications Conference","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1309080098","display_name":null,"funder_award_id":"W911NF-09-1-0525 (MURI)","funder_id":"https://openalex.org/F4320338281","funder_display_name":"Army Research Office"},{"id":"https://openalex.org/G2247082803","display_name":null,"funder_award_id":"FA9550-07-1-0527 (MURI)","funder_id":"https://openalex.org/F4320338279","funder_display_name":"Air Force Office of Scientific Research"},{"id":"https://openalex.org/G3155045214","display_name":null,"funder_award_id":"FA8750-08-C-0137","funder_id":"https://openalex.org/F4320338294","funder_display_name":"Air Force Research Laboratory"},{"id":"https://openalex.org/G7161877157","display_name":null,"funder_award_id":"CNS-0905131","funder_id":"https://openalex.org/F4320337388","funder_display_name":"Division of Computer and Network Systems"}],"funders":[{"id":"https://openalex.org/F4320316785","display_name":"VMware","ror":null},{"id":"https://openalex.org/F4320337388","display_name":"Division of Computer and Network Systems","ror":"https://ror.org/02rdzmk74"},{"id":"https://openalex.org/F4320338279","display_name":"Air Force Office of Scientific Research","ror":"https://ror.org/011e9bt93"},{"id":"https://openalex.org/F4320338281","display_name":"Army Research Office","ror":"https://ror.org/05epdh915"},{"id":"https://openalex.org/F4320338294","display_name":"Air Force Research Laboratory","ror":"https://ror.org/02e2egq70"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":23,"referenced_works":["https://openalex.org/W145355838","https://openalex.org/W146660932","https://openalex.org/W1522250664","https://openalex.org/W1549813142","https://openalex.org/W1557252148","https://openalex.org/W1596606311","https://openalex.org/W1813040609","https://openalex.org/W1972544179","https://openalex.org/W2006419855","https://openalex.org/W2037017056","https://openalex.org/W2095580802","https://openalex.org/W2100666033","https://openalex.org/W2103499520","https://openalex.org/W2112731379","https://openalex.org/W2114488210","https://openalex.org/W2133217855","https://openalex.org/W2142892618","https://openalex.org/W2143659423","https://openalex.org/W2151135920","https://openalex.org/W2165100126","https://openalex.org/W2295705535","https://openalex.org/W4245671428","https://openalex.org/W4254762831"],"related_works":["https://openalex.org/W2612791064","https://openalex.org/W2558538437","https://openalex.org/W2893967483","https://openalex.org/W2005010039","https://openalex.org/W2357605019","https://openalex.org/W2167514501","https://openalex.org/W2127761335","https://openalex.org/W4226168309","https://openalex.org/W2972987610","https://openalex.org/W4290692412"],"abstract_inverted_index":{"Analyzing":[0],"the":[1,27,36,51,56,60,65,85,108,122,136,142,156,166,171,189,192],"(harm":[2],"of)":[3],"intrusion":[4,21,129,185,196],"to":[5],"enterprise":[6,25],"servers":[7],"is":[8,32,68,81,111,132],"an":[9],"onerous":[10,52],"and":[11,148,191],"error-prone":[12],"work.":[13],"Though":[14],"dynamic":[15,162],"taint":[16,125,138,150,158,163],"tracking":[17,147],"enables":[18],"automatic":[19],"fine-grained":[20,137,157],"harm":[22,197],"analysis":[23,53,164],"for":[24,103,121],"servers,":[26],"significant":[28],"runtime":[29,177],"overhead":[30,178],"introduced":[31],"generally":[33],"intolerable":[34],"in":[35],"production":[37,61],"workload":[38],"environment.":[39],"Thus,":[40],"we":[41],"propose":[42],"PEDA":[43,131,160,174],"(Production":[44],"Environment":[45],"Damage":[46],"Analysis)":[47],"system,":[48],"which":[49],"decouples":[50],"work":[54],"from":[55],"online":[57,92],"execution":[58,67,93,110],"of":[59,124,134,173,194],"servers.":[62],"Once":[63],"compromised,":[64],"\"has-been-infected\"":[66],"analyzed":[69],"during":[70,165],"high":[71],"fidelity":[72],"replay":[73,80],"on":[74,84],"a":[75],"separate":[76],"instrumentation":[77,115],"platform.":[78],"The":[79,90,183],"implemented":[82],"based":[83],"heterogeneous":[86],"virtual":[87,98,116],"machine":[88],"migration.":[89],"servers'":[91],"runs":[94],"atop":[95,113],"fast":[96],"hardware-assisted":[97],"machines":[99,117],"(such":[100,118],"as":[101,119,179,181],"Xen":[102],"near":[104],"native":[105],"speed),":[106],"while":[107],"infected":[109],"replayed":[112,167],"binary":[114],"Qemu":[120],"implementation":[123],"analysis).":[126],"From":[127],"identified":[128],"symptoms,":[130],"capable":[133],"locating":[135],"seed":[139],"by":[140],"integrating":[141],"backward":[143],"system":[144,175],"call":[145],"dependency":[146],"one-step-forward":[149],"information":[151],"flow":[152],"auditing.":[153],"Started":[154],"with":[155,176],"seed,":[159],"applies":[161],"execution.":[168],"Evaluation":[169],"demonstrates":[170],"efficiency":[172],"low":[180],"5%.":[182],"real-life":[184],"studies":[186],"successfully":[187],"show":[188],"comprehensiveness":[190],"precision":[193],"PEDA's":[195],"analysis.":[198]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2017,"cited_by_count":1},{"year":2015,"cited_by_count":1},{"year":2013,"cited_by_count":2},{"year":2012,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}