{"id":"https://openalex.org/W2902677827","doi":"https://doi.org/10.1145/3274808.3274812","title":"CRIMES","display_name":"CRIMES","publication_year":2018,"publication_date":"2018-11-26","ids":{"openalex":"https://openalex.org/W2902677827","doi":"https://doi.org/10.1145/3274808.3274812","mag":"2902677827"},"language":"en","primary_location":{"id":"doi:10.1145/3274808.3274812","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3274808.3274812","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3274808.3274812","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 19th International Middleware Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3274808.3274812","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5053527793","display_name":"Sundaresan Rajasekaran","orcid":null},"institutions":[{"id":"https://openalex.org/I193531525","display_name":"George Washington University","ror":"https://ror.org/00y4zzh67","country_code":"US","type":"education","lineage":["https://openalex.org/I193531525"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Sundaresan Rajasekaran","raw_affiliation_strings":["George Washington University"],"affiliations":[{"raw_affiliation_string":"George Washington University","institution_ids":["https://openalex.org/I193531525"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5002184129","display_name":"Harpreet Singh Chawla","orcid":"https://orcid.org/0000-0002-4866-2172"},"institutions":[{"id":"https://openalex.org/I193531525","display_name":"George Washington University","ror":"https://ror.org/00y4zzh67","country_code":"US","type":"education","lineage":["https://openalex.org/I193531525"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Harpreet Singh Chawla","raw_affiliation_strings":["George Washington University"],"affiliations":[{"raw_affiliation_string":"George Washington University","institution_ids":["https://openalex.org/I193531525"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100319345","display_name":"Zhen Ni","orcid":"https://orcid.org/0000-0002-4683-2203"},"institutions":[{"id":"https://openalex.org/I193531525","display_name":"George Washington University","ror":"https://ror.org/00y4zzh67","country_code":"US","type":"education","lineage":["https://openalex.org/I193531525"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zhen Ni","raw_affiliation_strings":["George Washington University"],"affiliations":[{"raw_affiliation_string":"George Washington University","institution_ids":["https://openalex.org/I193531525"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5062495228","display_name":"Neel Shah","orcid":null},"institutions":[{"id":"https://openalex.org/I193531525","display_name":"George Washington University","ror":"https://ror.org/00y4zzh67","country_code":"US","type":"education","lineage":["https://openalex.org/I193531525"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Neel Shah","raw_affiliation_strings":["George Washington University"],"affiliations":[{"raw_affiliation_string":"George Washington University","institution_ids":["https://openalex.org/I193531525"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5053730492","display_name":"Emery D. Berger","orcid":"https://orcid.org/0000-0002-3222-3271"},"institutions":[{"id":"https://openalex.org/I24603500","display_name":"University of Massachusetts Amherst","ror":"https://ror.org/0072zz521","country_code":"US","type":"education","lineage":["https://openalex.org/I24603500"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Emery Berger","raw_affiliation_strings":["University of Massachusetts Amherst"],"affiliations":[{"raw_affiliation_string":"University of Massachusetts Amherst","institution_ids":["https://openalex.org/I24603500"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5020963730","display_name":"Timothy Wood","orcid":"https://orcid.org/0000-0002-6728-4197"},"institutions":[{"id":"https://openalex.org/I193531525","display_name":"George Washington University","ror":"https://ror.org/00y4zzh67","country_code":"US","type":"education","lineage":["https://openalex.org/I193531525"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Timothy Wood","raw_affiliation_strings":["George Washington University"],"affiliations":[{"raw_affiliation_string":"George Washington University","institution_ids":["https://openalex.org/I193531525"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5053527793"],"corresponding_institution_ids":["https://openalex.org/I193531525"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":1,"citation_normalized_percentile":{"value":0.14161582,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"40","last_page":"52"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8491079807281494},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.7953223586082458},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7062723636627197},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6695621609687805},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.5587189793586731},{"id":"https://openalex.org/keywords/buffer-overflow","display_name":"Buffer overflow","score":0.48431769013404846},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.47669360041618347},{"id":"https://openalex.org/keywords/modular-design","display_name":"Modular design","score":0.4712396562099457},{"id":"https://openalex.org/keywords/virtual-machine","display_name":"Virtual machine","score":0.46307313442230225},{"id":"https://openalex.org/keywords/network-forensics","display_name":"Network forensics","score":0.4191707372665405},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.35095536708831787},{"id":"https://openalex.org/keywords/digital-forensics","display_name":"Digital forensics","score":0.28474944829940796},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.2569849193096161}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8491079807281494},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.7953223586082458},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7062723636627197},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6695621609687805},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.5587189793586731},{"id":"https://openalex.org/C40842320","wikidata":"https://www.wikidata.org/wiki/Q19423","display_name":"Buffer overflow","level":2,"score":0.48431769013404846},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.47669360041618347},{"id":"https://openalex.org/C101468663","wikidata":"https://www.wikidata.org/wiki/Q1620158","display_name":"Modular design","level":2,"score":0.4712396562099457},{"id":"https://openalex.org/C25344961","wikidata":"https://www.wikidata.org/wiki/Q192726","display_name":"Virtual machine","level":2,"score":0.46307313442230225},{"id":"https://openalex.org/C50747538","wikidata":"https://www.wikidata.org/wiki/Q7001032","display_name":"Network forensics","level":3,"score":0.4191707372665405},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.35095536708831787},{"id":"https://openalex.org/C84418412","wikidata":"https://www.wikidata.org/wiki/Q3246940","display_name":"Digital forensics","level":2,"score":0.28474944829940796},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.2569849193096161}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3274808.3274812","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3274808.3274812","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3274808.3274812","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 19th International Middleware Conference","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3274808.3274812","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3274808.3274812","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3274808.3274812","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 19th International Middleware Conference","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G3347103756","display_name":null,"funder_award_id":"CNS-1525888,CNS-1525992","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G6543924158","display_name":null,"funder_award_id":"CNS-1525888","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G6618364616","display_name":"TWC: Small: Collaborative: EVADE: Evidence-Assisted Detection and Elimination of Security Vulnerabilities","funder_award_id":"1525992","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2902677827.pdf","grobid_xml":"https://content.openalex.org/works/W2902677827.grobid-xml"},"referenced_works_count":40,"referenced_works":["https://openalex.org/W11234669","https://openalex.org/W35708471","https://openalex.org/W140819463","https://openalex.org/W1500546894","https://openalex.org/W1549813142","https://openalex.org/W1572904055","https://openalex.org/W1641762327","https://openalex.org/W1655226010","https://openalex.org/W1878544538","https://openalex.org/W1979469929","https://openalex.org/W1989492148","https://openalex.org/W1990827342","https://openalex.org/W1992913810","https://openalex.org/W1994759706","https://openalex.org/W2021805658","https://openalex.org/W2032591599","https://openalex.org/W2048672245","https://openalex.org/W2080046268","https://openalex.org/W2088364396","https://openalex.org/W2097015782","https://openalex.org/W2100673955","https://openalex.org/W2115743854","https://openalex.org/W2116358491","https://openalex.org/W2118810451","https://openalex.org/W2124910854","https://openalex.org/W2130826921","https://openalex.org/W2131726714","https://openalex.org/W2142892618","https://openalex.org/W2155851497","https://openalex.org/W2161857935","https://openalex.org/W2255006515","https://openalex.org/W2409978526","https://openalex.org/W2481266035","https://openalex.org/W2586250227","https://openalex.org/W2773534870","https://openalex.org/W4231945399","https://openalex.org/W4244704438","https://openalex.org/W4245532963","https://openalex.org/W4251201460","https://openalex.org/W4255622075"],"related_works":["https://openalex.org/W2479612266","https://openalex.org/W2097492617","https://openalex.org/W2180474751","https://openalex.org/W2753240997","https://openalex.org/W1764168690","https://openalex.org/W2537959205","https://openalex.org/W2740895074","https://openalex.org/W2772446090","https://openalex.org/W4284893819","https://openalex.org/W2249809453"],"abstract_inverted_index":{"Cloud":[0],"applications":[1,169],"are":[2],"appealing":[3],"targets":[4],"to":[5,39,44,49,74,122,131,148],"attackers,":[6],"yet":[7],"current":[8],"cloud":[9,34,51,63],"infrastructures":[10],"have":[11],"few":[12],"ways":[13],"of":[14,24,30,105,136],"helping":[15],"defend":[16],"their":[17],"customers":[18],"from":[19],"attacks.":[20],"However,":[21],"the":[22,28,50,103,134,171],"use":[23],"virtual":[25],"machines,":[26],"and":[27,89,126,164,170],"economy":[29],"scale":[31],"found":[32],"in":[33,78],"platforms,":[35],"provides":[36],"an":[37,56,107,115,137],"opportunity":[38],"offer":[40],"strong":[41,100],"security":[42,60],"guarantees":[43,101],"tenants":[45],"at":[46],"low":[47],"cost":[48],"provider.":[52],"We":[53],"present":[54],"CRIMES,":[55],"evidence":[57],"based,":[58],"modular":[59],"framework":[61],"for":[62,160],"platforms":[64],"that":[65,142],"uses":[66],"speculative":[67],"execution":[68],"coupled":[69],"with":[70],"memory":[71,149],"introspection":[72],"tools":[73,151],"detect":[75],"malicious":[76],"behavior":[77],"real":[79],"time.":[80],"By":[81],"buffering":[82],"VM":[83],"outputs":[84],"(i.e.,":[85],"outgoing":[86],"network":[87],"packets":[88],"disk":[90],"writes)":[91],"until":[92],"a":[93,123],"scan":[94],"has":[95],"been":[96],"completed,":[97],"CRIMES":[98,119,143],"gives":[99],"about":[102],"amount":[104],"damage":[106],"attack":[108,116],"can":[109],"do,":[110],"while":[111,155],"minimizing":[112],"overheads.":[113],"When":[114],"is":[117],"detected,":[118],"rolls":[120],"back":[121],"recent":[124],"checkpoint":[125],"performs":[127],"automated":[128],"forensic":[129,158],"analysis":[130,159],"help":[132],"pinpoint":[133],"source":[135],"attack.":[138],"Our":[139],"evaluation":[140],"demonstrates":[141],"incurs":[144],"less":[145],"overhead":[146],"compared":[147],"protection":[150],"such":[152],"as":[153],"AddressSanitizer,":[154],"offering":[156],"valuable":[157],"buffer":[161],"overflow":[162],"attacks":[163],"malware":[165],"detection":[166],"across":[167],"multiple":[168],"OS.":[172]},"counts_by_year":[{"year":2023,"cited_by_count":1}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2018-12-11T00:00:00"}