|| Microsoft, HoneyMonkey. http://research.microsoft.com/en-us/um/redmond/projects/strider/honeymonkey|
 Yi-Min Wang, Doug Beck, Xuxian Jiang, and Roussi Roussev. “Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities.”
 honeynet.org. http://www.honeynet.org/
 Sebek. http://www.honeynet.org/project/sebek/
 Honeybot. http://www.atomicsoftwaresolutions.com/honeybot.php
 KFSensor. http://www.keyfocus.net/kfsensor/
 Xiaotong Zhuang, Tao Zhang, and Santosh Pande, “Using Branch Correlation to Identify Infeasible Paths for Anomaly Detection,” 39th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO-39), Orlando, Florida, USA, December, 2006.
 Nathan Tuck, Brad Calder, and George Varghese, “Hardware and Binary Modification Support for Code Pointer Protection From Buffer Overflow,” 37th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO-37), Doubletree Hotel, Portland, Oregon, December, 2004.
 Crispan Cowan, Calton Pu, Dave Maier, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, Qian Zhang, and Heather Hinton, “StackGuard: Automatic adaptive detection and prevention of bufferoverflow attacks,” in Proceedings of the 7th USENIX Security Symposium, San Antonio, Texas, January, 1998.
 Mike Frantzen and Mike Shuey, “StackGhost: Hardware facilitated stack protection,” in Proceedings of the 10th USENIX Security Symposium, Washington, D.C., August, 2001.
 Ruby B. Lee, David K. Karig, John P. McGregor, and Zhijie Shi, “Enlisting hardware architecture to thwart malicious code injection,” First International Conference on Security in Pervasive Computing, Boppard, Germany, March, 2003.
 John P. McGregor, David K. Karig, Zhijie Shi, and Ruby B. Lee, “A processor architecture defense against buffer overflow attacks,” in Proceedings of International Conference on Information Technology: Research and Education (ITRE 2003), Newark, New Jersey, USA, August, 2003.
 Fu-Hau Hsu, Fanglu Guo, Tzi-cker Chiueh, “Scalable Network-based Buffer Overﬂow Attack Detection,” in Proceedings of ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS 2006), San Jose, California, USA, December, 2006.
 Paruj Ratanaworabhan, Benjamin Livshits, and Benjamin Zorn, “NOZZLE: A Defense Against Heap-spraying Code Injection Attacks,” in Proceedings of 2009 USENIX Annual Technical Conference, San Diego, CA, USA, June, 2009.
 P. Akritidis, E. P. Markatos, M. Polychronakis, and K. Anagnostakis, “STRIDE: Polymorphic sled detection through instruction sequence analysis,” in Proceedings of the IFIP TC 11 20th International Information Security Conference, Chiba, Japan, May, 2005.
 Michalis Polychronakis, Kostas G. Anagnostakis, and Evangelos P. Markatos, “Emulation-based detection of non-self-contained polymorphic shellcode,” in Proceedings of the 10th International Symposium on Recent Advances in Intrusion Detection (RAID 2007), Menlo Park, California, USA, September, 2007.
 Thomas Toth and Christopher Kruegel, “Accurate buffer overﬂow detection via abstract payload execution,” in Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID 2002), Zurich, Switzerland, October, 2002.
 Neal Krawetz, “Anti-honeypot technology,” in Proceedings of the 25th IEEE Symposium on Security and Privacy (S&P 2004), Berkeley, California, USA, May, 2004.
 Abdallah Ghourabi, Tarek Abbes, and Adel Bouhoula, “Honeypot Router for routing protocols protection,” in Proceedings of the 4th International Conference on Risks and Security of Internet and Systems (CRiSIS 2009), Toulouse, France, October, 2009.
 Vasaka Visoottiviseth, Uttapol Jaralrungroj, Ekkachai Phoomrungraungsuk, and Pongpak Kultanon, “Distributed Honeypot Log Management and Visualization of Attacker Geographical Distribution,” in Proceedings of the 8th International Joint Conference on Computer Science and Software Engineering (JCSSE 2011), Nakhon Pathom, Thailand, May, 2011
 Li Hong-Xia, Wang Pu, Zhang Jian, and Yang Xiao-Qiong, “Exploration on the Connotation of Management Honeypot,” in Proceedings of the International Conference on E-Business and E-Government (ICEE 2010), Guangzhou, China, May, 2010.
 Li Hong-xia and Liu Huijun, “On the Incentives of Management Honeypot,” in Proceedings of the 4th International Conference on Biomedical Engineering and Informatics (BMEI 2011), Shanghai, China, October, 2011.
 W. Y. Chin, Evangelos P. Markatos, Spiros Antonatos, and Sotiris Ioannidis, “HoneyLab: Large-scale Honeypot Deployment and Resource Sharing,” in Proceedings of the Third International Conference on Network and System Security (NSS 2009), Gold Coast, Queensland, Australia, October, 2009
 Cliff C. Zou and Ryan Cunningham, “Honeypot-Aware Advanced Botnet Construction and Maintenance,” in Proceedings of the International Conference on Dependable Systems and Networks (DSN 2006), Philadelphia, Pennsylvania, USA, June, 2006.
 Ping Wang, Lei Wu, Ryan Cunningham and Cliff C. Zou, “Honeypot detection in advanced botnet attacks,” International Journal of Information and Computer Security, Volume 4, Issue:1, pages 30 – 51, February, 2010.
 OS Platform Statistics. http://www.w3schools.com/browsers/browsers_os.asp
 James Shewmaker. Analyzing DLL Injection. GSM Presentation, 2006.http://www.bluenotch.com/files/Shewmaker-DLL-Injection.pdf
 Windows Sockets 2.
 Winsock Functions.
 Process and Thread Functions.
 Dynamic-Link Library Functions.
 nologin.org, “Understanding Windows Shellcode.”
 Safe Group.pl MALWARES. http://malwares.safegroup.pl
 Wireshark. http://www.wireshark.org/about.html
 Anubis: Analyzing Unknown Binaries. http://anubis.iseclab.org
 McAfee Labs Threat Advisory.
 Honeynet Project, Know your enemy:GenII honeynets, 2005.
 Yong Tang and Shigang Chen, “Defending against internet worms: a signature-based approach,” in Proceedings of the 24th Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM 2005), Miami, FL, USA, March, 2005.
 Niels Provos, “A Virtual Honeypot Framework,” in Proceedings of the 13th USENIX Security Symposium, San Diego, CA, USA, August, 2004.
 Xuxian Jiang, Dongyan Xu. “Collapsar: a VM-based architecture for network attack detention center.” in Proceedings of the 13th USENIX Security Symposium, San Diego, CA, USA, August, 2004.
 Militan (C. Lin), “Linux/x86 Connect back, Download a File and Execute 149 bytes,” Exploit-db, http://www.exploit-db.com/exploits/13337/.