{"id":"https://openalex.org/W1963581527","doi":"https://doi.org/10.1145/2046707.2046751","title":"Process out-grafting","display_name":"Process out-grafting","publication_year":2011,"publication_date":"2011-10-17","ids":{"openalex":"https://openalex.org/W1963581527","doi":"https://doi.org/10.1145/2046707.2046751","mag":"1963581527"},"language":"en","primary_location":{"id":"doi:10.1145/2046707.2046751","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2046707.2046751","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 18th ACM conference on Computer and communications security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5005042550","display_name":"Deepa Srinivasan","orcid":"https://orcid.org/0009-0006-0674-4280"},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Deepa Srinivasan","raw_affiliation_strings":["North Carolina State University, Raleigh, NC, USA"],"affiliations":[{"raw_affiliation_string":"North Carolina State University, Raleigh, NC, USA","institution_ids":["https://openalex.org/I137902535"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100376397","display_name":"Zhi Wang","orcid":"https://orcid.org/0000-0002-5007-2876"},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zhi Wang","raw_affiliation_strings":["North Carolina State University, Raleigh, NC, USA"],"affiliations":[{"raw_affiliation_string":"North Carolina State University, Raleigh, NC, USA","institution_ids":["https://openalex.org/I137902535"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5109035300","display_name":"Xuxian Jiang","orcid":null},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xuxian Jiang","raw_affiliation_strings":["North Carolina State University, Raleigh, NC, USA"],"affiliations":[{"raw_affiliation_string":"North Carolina State University, Raleigh, NC, USA","institution_ids":["https://openalex.org/I137902535"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5108280598","display_name":"Dongyan Xu","orcid":null},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Dongyan Xu","raw_affiliation_strings":["Purdue University, West Lafayette, IN, USA"],"affiliations":[{"raw_affiliation_string":"Purdue University, West Lafayette, IN, USA","institution_ids":["https://openalex.org/I219193219"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5005042550"],"corresponding_institution_ids":["https://openalex.org/I137902535"],"apc_list":null,"apc_paid":null,"fwci":12.8273,"has_fulltext":false,"cited_by_count":88,"citation_normalized_percentile":{"value":0.987277,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"363","last_page":"374"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9912999868392944,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8112853169441223},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.794230580329895},{"id":"https://openalex.org/keywords/virtualization","display_name":"Virtualization","score":0.6102761030197144},{"id":"https://openalex.org/keywords/virtual-machine","display_name":"Virtual machine","score":0.561987042427063},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.5531389713287354},{"id":"https://openalex.org/keywords/semantic-gap","display_name":"Semantic gap","score":0.5443688035011292},{"id":"https://openalex.org/keywords/hardware-virtualization","display_name":"Hardware virtualization","score":0.5258467793464661},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5177533030509949},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.5176142454147339},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.4770975708961487},{"id":"https://openalex.org/keywords/temporal-isolation-among-virtual-machines","display_name":"Temporal isolation among virtual machines","score":0.4714523255825043},{"id":"https://openalex.org/keywords/virtual-machining","display_name":"Virtual machining","score":0.4683748185634613},{"id":"https://openalex.org/keywords/isolation","display_name":"Isolation (microbiology)","score":0.4418456256389618},{"id":"https://openalex.org/keywords/hypervisor","display_name":"Hypervisor","score":0.2768411636352539},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.147833913564682}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8112853169441223},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.794230580329895},{"id":"https://openalex.org/C513985346","wikidata":"https://www.wikidata.org/wiki/Q270471","display_name":"Virtualization","level":3,"score":0.6102761030197144},{"id":"https://openalex.org/C25344961","wikidata":"https://www.wikidata.org/wiki/Q192726","display_name":"Virtual machine","level":2,"score":0.561987042427063},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.5531389713287354},{"id":"https://openalex.org/C86034646","wikidata":"https://www.wikidata.org/wiki/Q474311","display_name":"Semantic gap","level":4,"score":0.5443688035011292},{"id":"https://openalex.org/C68793194","wikidata":"https://www.wikidata.org/wiki/Q1616095","display_name":"Hardware virtualization","level":5,"score":0.5258467793464661},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5177533030509949},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.5176142454147339},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.4770975708961487},{"id":"https://openalex.org/C142355369","wikidata":"https://www.wikidata.org/wiki/Q7698919","display_name":"Temporal isolation among virtual machines","level":4,"score":0.4714523255825043},{"id":"https://openalex.org/C2778352213","wikidata":"https://www.wikidata.org/wiki/Q21137581","display_name":"Virtual machining","level":4,"score":0.4683748185634613},{"id":"https://openalex.org/C2775941552","wikidata":"https://www.wikidata.org/wiki/Q25212305","display_name":"Isolation (microbiology)","level":2,"score":0.4418456256389618},{"id":"https://openalex.org/C112904061","wikidata":"https://www.wikidata.org/wiki/Q1077480","display_name":"Hypervisor","level":4,"score":0.2768411636352539},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.147833913564682},{"id":"https://openalex.org/C1667742","wikidata":"https://www.wikidata.org/wiki/Q10927554","display_name":"Image retrieval","level":3,"score":0.0},{"id":"https://openalex.org/C115961682","wikidata":"https://www.wikidata.org/wiki/Q860623","display_name":"Image (mathematics)","level":2,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C89423630","wikidata":"https://www.wikidata.org/wiki/Q7193","display_name":"Microbiology","level":1,"score":0.0},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2046707.2046751","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2046707.2046751","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 18th ACM conference on Computer and communications security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":36,"referenced_works":["https://openalex.org/W3483648","https://openalex.org/W24839522","https://openalex.org/W1503224444","https://openalex.org/W1508225132","https://openalex.org/W1516211918","https://openalex.org/W1606518565","https://openalex.org/W1641762327","https://openalex.org/W1829003931","https://openalex.org/W1993694077","https://openalex.org/W1997021720","https://openalex.org/W2011724792","https://openalex.org/W2053291274","https://openalex.org/W2092423386","https://openalex.org/W2096921767","https://openalex.org/W2105105799","https://openalex.org/W2112731379","https://openalex.org/W2117648703","https://openalex.org/W2126734536","https://openalex.org/W2133592286","https://openalex.org/W2136310957","https://openalex.org/W2138525936","https://openalex.org/W2138580357","https://openalex.org/W2140807364","https://openalex.org/W2144006591","https://openalex.org/W2151006143","https://openalex.org/W2155750598","https://openalex.org/W2157801087","https://openalex.org/W2159265516","https://openalex.org/W2168760272","https://openalex.org/W2169685348","https://openalex.org/W2293069947","https://openalex.org/W2403154275","https://openalex.org/W2914040074","https://openalex.org/W2914982603","https://openalex.org/W4232895233","https://openalex.org/W4245671428"],"related_works":["https://openalex.org/W2093034791","https://openalex.org/W2120735849","https://openalex.org/W4200209786","https://openalex.org/W1798999466","https://openalex.org/W1559726057","https://openalex.org/W3043539875","https://openalex.org/W1902822905","https://openalex.org/W1160228429","https://openalex.org/W2040752365","https://openalex.org/W2620946771"],"abstract_inverted_index":{"Recent":[0],"rapid":[1],"malware":[2],"growth":[3],"has":[4],"exposed":[5],"the":[6,15,36,40,45,49,53,61,109,117,133,138,144,147,152,155],"limitations":[7],"of":[8,17,55,146,154,172],"traditional":[9],"in-host":[10],"malware-defense":[11],"systems":[12,25],"and":[13,30,84,120,164,190],"motivated":[14],"development":[16],"secure":[18],"virtualization-based":[19],"out-of-VM":[20,41,88,110],"solutions.":[21],"By":[22],"running":[23],"vulnerable":[24,50],"as":[26],"virtual":[27],"machines":[28],"(VMs)":[29],"moving":[31],"security":[32,111],"software":[33,47],"from":[34,48,101],"inside":[35,102],"VMs":[37],"to":[38,60,80,105,137,167],"outside,":[39],"solutions":[42],"securely":[43],"isolate":[44],"anti-malware":[46],"system.":[51],"However,":[52],"presence":[54],"semantic":[56,118],"gap":[57,119],"also":[58],"leads":[59],"compatibility":[62,85],"problem":[63],"in":[64,87],"not":[65],"supporting":[66],"existing":[67,122,173],"defense":[68],"software.":[69],"In":[70],"this":[71],"paper,":[72],"we":[73,140],"present":[74],"process":[75,100,124,149],"out-grafting,":[76],"an":[77],"architectural":[78],"approach":[79],"address":[81],"both":[82],"isolation":[83,153],"challenges":[86],"approaches":[89],"for":[90],"fine-grained":[91],"process-level":[92],"execution":[93,145],"monitoring.":[94],"Specifically,":[95],"by":[96,131],"relocating":[97],"a":[98,103,161,170,193],"suspect":[99],"VM":[104],"run":[106],"side-by-side":[107],"with":[108,183,192],"tool,":[112],"our":[113],"technique":[114],"effectively":[115],"removes":[116],"supports":[121],"user-mode":[123],"monitoring":[125,156],"tools":[126,174],"without":[127,150,175],"any":[128,176],"modification.":[129,177],"Moreover,":[130],"forwarding":[132],"system":[134],"calls":[135],"back":[136],"VM,":[139],"can":[141],"smoothly":[142],"continue":[143],"out-grafted":[148],"weakening":[151],"tool.":[157],"We":[158],"have":[159],"developed":[160],"KVM-based":[162],"prototype":[163],"used":[165],"it":[166,187],"natively":[168],"support":[169],"number":[171],"The":[178],"evaluation":[179],"results":[180],"including":[181],"measurement":[182],"benchmark":[184],"programs":[185],"show":[186],"is":[188],"effective":[189],"practical":[191],"small":[194],"performance":[195],"overhead.":[196]},"counts_by_year":[{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":5},{"year":2020,"cited_by_count":4},{"year":2019,"cited_by_count":3},{"year":2018,"cited_by_count":6},{"year":2017,"cited_by_count":15},{"year":2016,"cited_by_count":6},{"year":2015,"cited_by_count":11},{"year":2014,"cited_by_count":11},{"year":2013,"cited_by_count":14},{"year":2012,"cited_by_count":5}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}