{"id":"https://openalex.org/W3216796243","doi":"https://doi.org/10.1145/3485471","title":"AutoProfile: Towards Automated Profile Generation for Memory Analysis","display_name":"AutoProfile: Towards Automated Profile Generation for Memory Analysis","publication_year":2021,"publication_date":"2021-11-23","ids":{"openalex":"https://openalex.org/W3216796243","doi":"https://doi.org/10.1145/3485471","mag":"3216796243"},"language":"en","primary_location":{"id":"doi:10.1145/3485471","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3485471","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3485471","source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"bronze","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3485471","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5058787341","display_name":"Fabio Pagani","orcid":"https://orcid.org/0000-0002-4357-9804"},"institutions":[{"id":"https://openalex.org/I1902872","display_name":"EURECOM","ror":"https://ror.org/00sse7z02","country_code":"FR","type":"education","lineage":["https://openalex.org/I1902872","https://openalex.org/I205703379"]},{"id":"https://openalex.org/I154570441","display_name":"University of California, Santa Barbara","ror":"https://ror.org/02t274463","country_code":"US","type":"education","lineage":["https://openalex.org/I154570441"]}],"countries":["FR","US"],"is_corresponding":true,"raw_author_name":"Fabio Pagani","raw_affiliation_strings":["UC Santa Barbara, USA","Eurecom [Sophia Antipolis] (Campus SophiaTech, 450 Route des Chappes, CS 50193 - 06904 Biot Sophia Antipolis cedex - France)"],"affiliations":[{"raw_affiliation_string":"UC Santa Barbara, USA","institution_ids":["https://openalex.org/I154570441"]},{"raw_affiliation_string":"Eurecom [Sophia Antipolis] (Campus SophiaTech, 450 Route des Chappes, CS 50193 - 06904 Biot Sophia Antipolis cedex - France)","institution_ids":["https://openalex.org/I1902872"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5002025561","display_name":"Davide Balzarotti","orcid":"https://orcid.org/0000-0001-5957-6213"},"institutions":[{"id":"https://openalex.org/I1902872","display_name":"EURECOM","ror":"https://ror.org/00sse7z02","country_code":"FR","type":"education","lineage":["https://openalex.org/I1902872","https://openalex.org/I205703379"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Davide Balzarotti","raw_affiliation_strings":["Eurecom, France","Eurecom [Sophia Antipolis] (Campus SophiaTech, 450 Route des Chappes, CS 50193 - 06904 Biot Sophia Antipolis cedex - France)"],"affiliations":[{"raw_affiliation_string":"Eurecom, France","institution_ids":["https://openalex.org/I1902872"]},{"raw_affiliation_string":"Eurecom [Sophia Antipolis] (Campus SophiaTech, 450 Route des Chappes, CS 50193 - 06904 Biot Sophia Antipolis cedex - France)","institution_ids":["https://openalex.org/I1902872"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5058787341"],"corresponding_institution_ids":["https://openalex.org/I154570441","https://openalex.org/I1902872"],"apc_list":null,"apc_paid":null,"fwci":3.0295,"has_fulltext":true,"cited_by_count":14,"citation_normalized_percentile":{"value":0.92592465,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":97},"biblio":{"volume":"25","issue":"1","first_page":"1","last_page":"26"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8339512348175049},{"id":"https://openalex.org/keywords/digital-forensics","display_name":"Digital forensics","score":0.7122014760971069},{"id":"https://openalex.org/keywords/rootkit","display_name":"Rootkit","score":0.5672599077224731},{"id":"https://openalex.org/keywords/plug-in","display_name":"Plug-in","score":0.5243188142776489},{"id":"https://openalex.org/keywords/virtual-memory","display_name":"Virtual memory","score":0.47547975182533264},{"id":"https://openalex.org/keywords/byte","display_name":"Byte","score":0.454546183347702},{"id":"https://openalex.org/keywords/kernel","display_name":"Kernel (algebra)","score":0.4530683159828186},{"id":"https://openalex.org/keywords/memory-protection","display_name":"Memory protection","score":0.43930262327194214},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.33881592750549316},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.32997047901153564},{"id":"https://openalex.org/keywords/memory-management","display_name":"Memory management","score":0.3123915195465088},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.10771423578262329},{"id":"https://openalex.org/keywords/semiconductor-memory","display_name":"Semiconductor memory","score":0.10135200619697571}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8339512348175049},{"id":"https://openalex.org/C84418412","wikidata":"https://www.wikidata.org/wiki/Q3246940","display_name":"Digital forensics","level":2,"score":0.7122014760971069},{"id":"https://openalex.org/C10144332","wikidata":"https://www.wikidata.org/wiki/Q14645","display_name":"Rootkit","level":3,"score":0.5672599077224731},{"id":"https://openalex.org/C4924752","wikidata":"https://www.wikidata.org/wiki/Q184148","display_name":"Plug-in","level":2,"score":0.5243188142776489},{"id":"https://openalex.org/C76399640","wikidata":"https://www.wikidata.org/wiki/Q189401","display_name":"Virtual memory","level":4,"score":0.47547975182533264},{"id":"https://openalex.org/C43364308","wikidata":"https://www.wikidata.org/wiki/Q8799","display_name":"Byte","level":2,"score":0.454546183347702},{"id":"https://openalex.org/C74193536","wikidata":"https://www.wikidata.org/wiki/Q574844","display_name":"Kernel (algebra)","level":2,"score":0.4530683159828186},{"id":"https://openalex.org/C18131444","wikidata":"https://www.wikidata.org/wiki/Q163585","display_name":"Memory protection","level":5,"score":0.43930262327194214},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.33881592750549316},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.32997047901153564},{"id":"https://openalex.org/C176649486","wikidata":"https://www.wikidata.org/wiki/Q2308807","display_name":"Memory management","level":3,"score":0.3123915195465088},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.10771423578262329},{"id":"https://openalex.org/C98986596","wikidata":"https://www.wikidata.org/wiki/Q1143031","display_name":"Semiconductor memory","level":2,"score":0.10135200619697571},{"id":"https://openalex.org/C114614502","wikidata":"https://www.wikidata.org/wiki/Q76592","display_name":"Combinatorics","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3485471","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3485471","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3485471","source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},{"id":"pmh:oai:HAL:hal-04611506v1","is_oa":false,"landing_page_url":"https://hal.science/hal-04611506","pdf_url":null,"source":{"id":"https://openalex.org/S4406922466","display_name":"SPIRE - Sciences Po Institutional REpository","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"ACM Transactions on Privacy and Security, 2021, 25 (1), pp.1-26. ⟨10.1145/3485471⟩","raw_type":"Journal articles"}],"best_oa_location":{"id":"doi:10.1145/3485471","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3485471","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3485471","source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.800000011920929}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3216796243.pdf","grobid_xml":"https://content.openalex.org/works/W3216796243.grobid-xml"},"referenced_works_count":38,"referenced_works":["https://openalex.org/W125046873","https://openalex.org/W1558430956","https://openalex.org/W1578878051","https://openalex.org/W1964999724","https://openalex.org/W1965310865","https://openalex.org/W1975177131","https://openalex.org/W1992114977","https://openalex.org/W2021806553","https://openalex.org/W2048134700","https://openalex.org/W2092064901","https://openalex.org/W2106445881","https://openalex.org/W2135162105","https://openalex.org/W2137725382","https://openalex.org/W2138580357","https://openalex.org/W2140908857","https://openalex.org/W2144981449","https://openalex.org/W2295441334","https://openalex.org/W2322769439","https://openalex.org/W2345585541","https://openalex.org/W2398729674","https://openalex.org/W2399247437","https://openalex.org/W2403740588","https://openalex.org/W2405765885","https://openalex.org/W2471431439","https://openalex.org/W2504609973","https://openalex.org/W2514974017","https://openalex.org/W2521856610","https://openalex.org/W2579276500","https://openalex.org/W2603029413","https://openalex.org/W2753332081","https://openalex.org/W2755330617","https://openalex.org/W2891621711","https://openalex.org/W2948723281","https://openalex.org/W2969967096","https://openalex.org/W2991598641","https://openalex.org/W3046265170","https://openalex.org/W4248234759","https://openalex.org/W4248947422"],"related_works":["https://openalex.org/W2055367414","https://openalex.org/W2052673929","https://openalex.org/W2138847","https://openalex.org/W261562921","https://openalex.org/W1584308544","https://openalex.org/W2379457214","https://openalex.org/W2373327185","https://openalex.org/W2351705013","https://openalex.org/W4243333834","https://openalex.org/W141798819"],"abstract_inverted_index":{"Despite":[0],"a":[1,41,59,67,107,148,164,194,208,211,226,247],"considerable":[2],"number":[3],"of":[4,23,43,70,176],"approaches":[5],"that":[6,46,117,168,197,223,230],"have":[7],"been":[8],"proposed":[9],"to":[10,94,103,147,153,157,162,182,205,239],"protect":[11],"computer":[12,33],"systems,":[13,136],"cyber-criminal":[14],"activities":[15],"are":[16,92,139,144,244],"on":[17,38,216],"the":[18,50,71,83,87,96,154,159,173],"rise":[19],"and":[20,26,99,125,152,179,201,229],"forensic":[21],"analysis":[22,203],"compromised":[24],"machines":[25],"seized":[27],"devices":[28],"is":[29,116,131,180,225],"becoming":[30],"essential":[31,245],"in":[32,86,189],"security.":[34],"This":[35,130],"article":[36,56,191],"focuses":[37],"memory":[39,64,89,108,177,212],"forensics,":[40],"branch":[42],"digital":[44],"forensics":[45,65,90,178,249],"extract":[47,104],"artifacts":[48],"from":[49,106,210],"volatile":[51],"memory.":[52],"In":[53],"particular,":[54],"this":[55,187,190,224],"looks":[57],"at":[58],"key":[60],"ingredient":[61],"required":[62],"by":[63,233],"frameworks:":[66],"precise":[68],"model":[69],"OS":[72],"kernel":[73,150],"under":[74,128],"analysis,":[75],"also":[76],"known":[77],"as":[78],"profile":[79,166,209],".":[80],"By":[81],"using":[82],"information":[84],"stored":[85],"profile,":[88],"tools":[91],"able":[93],"bridge":[95],"semantic":[97],"gap":[98],"interpret":[100],"raw":[101],"bytes":[102],"evidences":[105],"dump.":[109],"A":[110],"big":[111],"problem":[112],"with":[113],"profile-based":[114],"solutions":[115],"custom":[118],"profiles":[119,138,231],"must":[120],"be":[121,237],"created":[122],"for":[123,134,246],"each":[124],"every":[126],"system":[127],"analysis.":[129],"especially":[132],"problematic":[133],"Linux":[135],"because":[137],"not":[140],"generic":[141],":":[142],"they":[143],"strictly":[145],"tied":[146],"specific":[149],"version":[151],"configuration":[155],"used":[156,238],"build":[158],"kernel.":[160],"Failing":[161],"create":[163],"valid":[165],"means":[167],"an":[169],"analyst":[170],"cannot":[171],"unleash":[172],"true":[174],"power":[175],"limited":[181],"primitive":[183],"carving":[184],"strategies.":[185],"For":[186],"reason,":[188],"we":[192],"present":[193],"novel":[195],"approach":[196],"combines":[198],"source":[199],"code":[200],"binary":[202],"techniques":[204],"automatically":[206],"generate":[207],"dump,":[213],"without":[214],"relying":[215],"any":[217],"non-public":[218],"information.":[219],"Our":[220],"experiments":[221],"show":[222],"viable":[227],"solution":[228],"reconstructed":[232],"our":[234],"framework":[235],"can":[236],"run":[240],"many":[241],"plugins,":[242],"which":[243],"successful":[248],"investigation.":[250]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":4}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}