{"id":"https://openalex.org/W2495657724","doi":"https://doi.org/10.1145/2948618.2948620","title":"Can Data-Only Exploits be Detected at Runtime Using Hardware Events?","display_name":"Can Data-Only Exploits be Detected at Runtime Using Hardware Events?","publication_year":2016,"publication_date":"2016-06-18","ids":{"openalex":"https://openalex.org/W2495657724","doi":"https://doi.org/10.1145/2948618.2948620","mag":"2495657724"},"language":"en","primary_location":{"id":"doi:10.1145/2948618.2948620","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2948618.2948620","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Hardware and Architectural Support for Security and Privacy 2016","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5016043656","display_name":"Gildo Torres","orcid":"https://orcid.org/0000-0001-5758-4842"},"institutions":[{"id":"https://openalex.org/I16944753","display_name":"Clarkson University","ror":"https://ror.org/03rwgpn18","country_code":"US","type":"education","lineage":["https://openalex.org/I16944753"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Gildo Torres","raw_affiliation_strings":["Clarkson University, Potsdam, New York"],"affiliations":[{"raw_affiliation_string":"Clarkson University, Potsdam, New York","institution_ids":["https://openalex.org/I16944753"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100322200","display_name":"Chen Liu","orcid":"https://orcid.org/0000-0003-1558-6836"},"institutions":[{"id":"https://openalex.org/I16944753","display_name":"Clarkson University","ror":"https://ror.org/03rwgpn18","country_code":"US","type":"education","lineage":["https://openalex.org/I16944753"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Chen Liu","raw_affiliation_strings":["Clarkson University, Potsdam, New York"],"affiliations":[{"raw_affiliation_string":"Clarkson University, Potsdam, New York","institution_ids":["https://openalex.org/I16944753"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5016043656"],"corresponding_institution_ids":["https://openalex.org/I16944753"],"apc_list":null,"apc_paid":null,"fwci":2.0174,"has_fulltext":false,"cited_by_count":25,"citation_normalized_percentile":{"value":0.87590806,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"7"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.8405917882919312},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8085790276527405},{"id":"https://openalex.org/keywords/support-vector-machine","display_name":"Support vector machine","score":0.7626131772994995},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.5967500805854797},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5135076642036438},{"id":"https://openalex.org/keywords/class","display_name":"Class (philosophy)","score":0.45638540387153625},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.41466158628463745},{"id":"https://openalex.org/keywords/scheme","display_name":"Scheme (mathematics)","score":0.41205573081970215},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.2552446722984314}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.8405917882919312},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8085790276527405},{"id":"https://openalex.org/C12267149","wikidata":"https://www.wikidata.org/wiki/Q282453","display_name":"Support vector machine","level":2,"score":0.7626131772994995},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.5967500805854797},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5135076642036438},{"id":"https://openalex.org/C2777212361","wikidata":"https://www.wikidata.org/wiki/Q5127848","display_name":"Class (philosophy)","level":2,"score":0.45638540387153625},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.41466158628463745},{"id":"https://openalex.org/C77618280","wikidata":"https://www.wikidata.org/wiki/Q1155772","display_name":"Scheme (mathematics)","level":2,"score":0.41205573081970215},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2552446722984314},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2948618.2948620","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2948618.2948620","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Hardware and Architectural Support for Security and Privacy 2016","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.5699999928474426,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":17,"referenced_works":["https://openalex.org/W1112477","https://openalex.org/W1459231281","https://openalex.org/W1545927878","https://openalex.org/W2000371177","https://openalex.org/W2010617523","https://openalex.org/W2017564972","https://openalex.org/W2071289869","https://openalex.org/W2113261561","https://openalex.org/W2122646361","https://openalex.org/W2138517425","https://openalex.org/W2153635508","https://openalex.org/W2159059513","https://openalex.org/W2165169256","https://openalex.org/W2166844173","https://openalex.org/W2914982603","https://openalex.org/W2950774332","https://openalex.org/W6628302897"],"related_works":["https://openalex.org/W17155033","https://openalex.org/W3207760230","https://openalex.org/W1496222301","https://openalex.org/W4312814274","https://openalex.org/W1590307681","https://openalex.org/W2536018345","https://openalex.org/W2906845177","https://openalex.org/W4200107511","https://openalex.org/W2891427086","https://openalex.org/W1968625315"],"abstract_inverted_index":{"In":[0],"this":[1],"study,":[2],"we":[3,39],"investigate":[4],"the":[5,32,69,77,84,104],"feasibility":[6],"of":[7,86,90,97],"using":[8,87],"an":[9],"anomaly-based":[10],"detection":[11,64,101],"scheme":[12],"that":[13,108],"utilizes":[14],"information":[15],"collected":[16],"from":[17],"hardware":[18,43,91],"performance":[19],"counters":[20],"at":[21],"runtime":[22],"to":[23,53,115,125],"detect":[24,116],"data-oriented":[25,109],"attacks":[26,110],"in":[27,100],"user":[28],"space":[29],"libraries.":[30],"Using":[31],"Heartbleed":[33],"vulnerability":[34],"as":[35,120],"a":[36,47,63],"test":[37],"case,":[38],"studied":[40,83],"twelve":[41],"different":[42],"events":[44,92,122],"and":[45,57,73,93],"used":[46],"Support":[48],"Vector":[49],"Machine":[50],"(SVM)":[51],"model":[52,72],"classify":[54],"between":[55],"regular":[56],"abnormal":[58],"behaviors.":[59],"Our":[60],"results":[61],"demonstrated":[62],"accuracy":[65],"over":[66,74],"92%":[67],"for":[68,76],"two-class":[70],"SVM":[71,79],"70%":[75],"one-class":[78],"model.":[80],"We":[81],"also":[82],"limitations":[85],"certain":[88,121],"type":[89],"discussed":[94],"possible":[95],"implications":[96],"their":[98],"use":[99],"schemes.":[102],"Overall,":[103],"experiments":[105],"conducted":[106],"suggest":[107],"can":[111],"be":[112],"more":[113],"difficult":[114],"than":[117],"control-data":[118],"exploits,":[119],"are":[123],"susceptible":[124],"interference":[126],"hence":[127],"less":[128],"reliable.":[129]},"counts_by_year":[{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":4},{"year":2021,"cited_by_count":4},{"year":2020,"cited_by_count":3},{"year":2019,"cited_by_count":3},{"year":2018,"cited_by_count":4},{"year":2017,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}