M. Christodeorescu and S. Jha, Static Analysis of Executables to Detect Malicious Patterns, 2006.
DOI : 10.21236/ADA449067

K. Griffin, S. Schneider, X. Hu, and T. C. Chiueh, Automatic Generation of String Signatures for Malware Detection, International Workshop on Recent Advances in Intrusion Detection, pp.101-120, 2009.
DOI : 10.1007/978-3-540-87403-4_6

D. Bruschi, L. Martignoni, and M. Monga, Detecting Self-mutating Malware Using Control-Flow Graph Matching, International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp.129-143, 2006.
DOI : 10.1007/11790754_8

Y. Feng, S. Anand, I. Dillig, and A. Aiken, Apposcopy: semantics-based detection of Android malware through static analysis, Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, FSE 2014, pp.576-587, 2014.
DOI : 10.1145/2635868.2635869

M. Egele, T. Scholte, E. Kirda, and C. Kruegel, A survey on automated dynamic malware-analysis techniques and tools, ACM Computing Surveys, vol.44, issue.2, p.6, 2012.
DOI : 10.1145/2089125.2089126

G. Hunt and D. Brubacher, Detours: Binary interception of Win32 functions, 3rd Usenix Windows NT Symposium, 1999.

M. Bailey, J. Oberheide, J. Andersen, Z. M. Mao, F. Jahanian et al., Automated Classification and Analysis of Internet Malware, International Workshop on Recent Advances in Intrusion Detection, pp.178-197, 2007.
DOI : 10.1007/978-3-540-74320-0_10

K. Rieck, P. Trinius, C. Willems, and T. Holz, Automatic analysis of malware behavior using machine learning, Journal of Computer Security, vol.19, issue.4, pp.639-668, 2011.
DOI : 10.3233/JCS-2010-0410

F. Cohen, The deception toolkit, Risks Digest, vol.19, 1998.

F. Cohen, A note on the role of deception in information protection, Computers & Security, vol.17, issue.6, pp.483-506, 1998.
DOI : 10.1016/S0167-4048(98)80071-0

C. Stoll, The cuckoo's egg: Tracing a spy through the maze of computer espionage. Doubleday, 1989.

E. Balas, Know your enemy: Sebek. The Honeynet Project, 2003.

J. Nazario, PhoneyC: A Virtual Client Honeypot, pp.911-919, 2009.

F. Leder and T. Werner, Know your enemy: Containing conficker. The Honeynet Project, 2009.

N. C. Rowe, B. T. Duong, and E. J. Custy, Defending Cyberspace with Fake Honeypots, Journal of Computers, vol.2, issue.2, 2007.
DOI : 10.4304/jcp.2.2.25-36
URL : https://calhoun.nps.edu/bitstream/10945/36428/1/Rowe_Defending_Cyberspace.pdf

K. G. Anagnostakis, S. Sidiroglou, P. Akritidis, K. Xinidis, E. P. Markatos et al., Detecting Targeted Attacks Using Shadow Honeypots, 2005.

L. Spitzner, Honeypots: catching the insider threat, 19th Annual Computer Security Applications Conference, 2003. Proceedings., pp.170-179, 2003.
DOI : 10.1109/CSAC.2003.1254322

J. Yuill, M. Zappe, D. Denning, and F. Feer, Honeyfiles: deceptive files for intrusion detection, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004., pp.116-122, 2004.
DOI : 10.1109/IAW.2004.1437806
URL : https://calhoun.nps.edu/bitstream/10945/37180/1/honeyfiles.pdf

B. Whitham, Canary files: generating fake files to detect critical data loss from complex computer networks, The Second International Conference on Cyber Security , Cyber Peacefare and Digital Forensic, pp.170-179, 2013.

M. Device and D. Technologies, HID drivers Available online from https://msdn.microsoft.com/en-us/windows, 2016.

P. Szor, The art of computer virus research and defense, 2005.

W. J. Li, S. Stolfo, A. Stavrou, E. Androulaki, and A. D. Keromytis, A Study of Malcode-Bearing Documents, International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp.231-250, 2007.
DOI : 10.1007/978-3-540-73614-1_14

W. J. Li, K. Wang, S. J. Stolfo, and B. Herzog, Fileprints: Identifying file types by n-gram analysis, Proceedings from the Sixth Annual IEEE SMC In Information Assurance Workshop, pp.64-71, 2005.

D. Bruschi, L. Martignoni, and M. Monga, Detecting Self-mutating Malware Using Control-Flow Graph Matching, International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp.129-143, 2006.
DOI : 10.1007/11790754_8

C. Kruegel, E. Kirda, D. Mutz, W. Robertson, and G. Vigna, Polymorphic Worm Detection Using Structural Information of Executables, International Workshop on Recent Advances in Intrusion Detection, pp.207-226, 2005.
DOI : 10.1007/11663812_11

C. Kruegel, W. Robertson, and G. Vigna, Detecting Kernel-Level Rootkits Through Binary Analysis, 20th Annual Computer Security Applications Conference, pp.91-100, 2004.
DOI : 10.1109/CSAC.2004.19
URL : http://www.cs.ucsb.edu/~wkr/publications/acsac_2004_lkrm/acsac2004lkrm.pdf

J. Kinder, S. Katzenbeisser, C. Schallhart, and H. Veith, Detecting Malicious Code by Model Checking, International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp.174-187, 2005.
DOI : 10.1007/11506881_11
URL : http://wwwbrauer.in.tum.de/~katzenbe/download/mcode.ps.gz

M. Christodorescu, S. Jha, S. A. Seshia, D. Song, and R. E. Bryant, Semantics-Aware Malware Detection, 2005 IEEE Symposium on Security and Privacy (S&P'05), pp.32-46, 2005.
DOI : 10.1109/SP.2005.20

M. Christodorescu, S. Jha, and C. Kruegel, Mining specifications of malicious behavior, Proceedings of the 1st India software engineering conference, pp.5-14, 2008.

D. Canali, A. Lanzi, D. Balzarotti, C. Kruegel, M. Christodorescu et al., A quantitative study of accuracy in system call-based malware detection, Proceedings of the 2012 International Symposium on Software Testing and Analysis, ISSTA 2012, pp.122-132, 2012.
DOI : 10.1145/2338965.2336768
URL : https://hal.archives-ouvertes.fr/hal-00727280

C. Kolbitsch, P. M. Comparetti, C. Kruegel, E. Kirda, X. Y. Zhou et al., Effective and Efficient Malware Detection at the End Host, USENIX security symposium, pp.351-366, 2009.

D. Umphress and . Williams, Identity verification through keyboard characteristics, International Journal of Man-Machine Studies, vol.23, issue.3, pp.263-273, 1985.
DOI : 10.1016/S0020-7373(85)80036-5

R. S. Gaines, W. Lisowski, S. J. Press, and N. Shapiro, Authentication by keystroke timing: Some preliminary results. No. RAND-R-2526-NSF, RAND CORP, 1980.

. Keytrac-keyboard and . Biometrics, Available online from http

S. P. Banerjee and D. L. Woodard, Biometric Authentication and Identification Using Keystroke Dynamics: A Survey, Journal of Pattern Recognition Research, vol.7, issue.1, pp.116-139, 2012.
DOI : 10.13176/11.427

J. Roth, X. Liu, and D. Metaxas, On Continuous User Authentication via Typing Behavior, IEEE Transactions on Image Processing, vol.23, issue.10, pp.4611-4624, 2014.
DOI : 10.1109/TIP.2014.2348802

A. M. Feit, D. Weir, and A. Oulasvirta, How We Type, Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, CHI '16, pp.4262-4273, 2016.
DOI : 10.1145/2470654.2481384

Y. Choi, Keystroke patterns as prosody in digital writings: A case study with deceptive reviews and essays, Empirical Methods on Natural Language Processing, vol.6, 2014.

C. Leys, C. Ley, O. Klein, P. Bernard, and L. Licata, Detecting outliers: Do not use standard deviation around the mean, use absolute deviation around the median, Journal of Experimental Social Psychology, vol.49, issue.4, pp.764-766, 2013.
DOI : 10.1016/j.jesp.2013.03.013

J. Rrushi, NIC displays to thwart malware attacks mounted from within the OS Computers & Security, pp.61-59, 2016.
DOI : 10.1016/j.cose.2016.05.002

M. Hardware and D. Center, Device nodes and device stacks Available online from https://msdn.microsoft.com/en-us/windows/hardware/drivers/ gettingstarted/device-nodes-and-device-stacks

D. Newton, Virtual Multiple HID Driver (multitouch, mouse, digitizer, keyboard, joystick) Available online from https