{"id":"https://openalex.org/W2168519318","doi":"https://doi.org/10.1007/978-3-540-87403-4_5","title":"A Layered Architecture for Detecting Malicious Behaviors","display_name":"A Layered Architecture for Detecting Malicious Behaviors","publication_year":2008,"publication_date":"2008-09-17","ids":{"openalex":"https://openalex.org/W2168519318","doi":"https://doi.org/10.1007/978-3-540-87403-4_5","mag":"2168519318"},"language":"en","primary_location":{"id":"doi:10.1007/978-3-540-87403-4_5","is_oa":false,"landing_page_url":"https://doi.org/10.1007/978-3-540-87403-4_5","pdf_url":null,"source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},"type":"book-chapter","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5062307542","display_name":"Lorenzo Martignoni","orcid":null},"institutions":[{"id":"https://openalex.org/I189158943","display_name":"University of Milan","ror":"https://ror.org/00wjc7c48","country_code":"IT","type":"education","lineage":["https://openalex.org/I189158943"]}],"countries":["IT"],"is_corresponding":true,"raw_author_name":"Lorenzo Martignoni","raw_affiliation_strings":["Universit\u00e0 degli Studi di Milano, \u00a0","Universit\u00e0 degli Studi di Milano,"],"affiliations":[{"raw_affiliation_string":"Universit\u00e0 degli Studi di Milano, \u00a0","institution_ids":["https://openalex.org/I189158943"]},{"raw_affiliation_string":"Universit\u00e0 degli Studi di Milano,","institution_ids":["https://openalex.org/I189158943"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5079413556","display_name":"Elizabeth Stinson","orcid":null},"institutions":[{"id":"https://openalex.org/I97018004","display_name":"Stanford University","ror":"https://ror.org/00f54p054","country_code":"US","type":"education","lineage":["https://openalex.org/I97018004"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Elizabeth Stinson","raw_affiliation_strings":["Stanford University, \u00a0","Stanford University,"],"affiliations":[{"raw_affiliation_string":"Stanford University, \u00a0","institution_ids":["https://openalex.org/I97018004"]},{"raw_affiliation_string":"Stanford University,","institution_ids":["https://openalex.org/I97018004"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5057424614","display_name":"Matt Fredrikson","orcid":"https://orcid.org/0000-0003-1820-1698"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Matt Fredrikson","raw_affiliation_strings":["University of Wisconsin, \u00a0","University of Wisconsin,"],"affiliations":[{"raw_affiliation_string":"University of Wisconsin, \u00a0","institution_ids":[]},{"raw_affiliation_string":"University of Wisconsin,","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088826068","display_name":"Somesh Jha","orcid":"https://orcid.org/0000-0001-5877-0436"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Somesh Jha","raw_affiliation_strings":["University of Wisconsin, \u00a0","University of Wisconsin,"],"affiliations":[{"raw_affiliation_string":"University of Wisconsin, \u00a0","institution_ids":[]},{"raw_affiliation_string":"University of Wisconsin,","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101897622","display_name":"John C. Mitchell","orcid":"https://orcid.org/0000-0002-0024-860X"},"institutions":[{"id":"https://openalex.org/I97018004","display_name":"Stanford University","ror":"https://ror.org/00f54p054","country_code":"US","type":"education","lineage":["https://openalex.org/I97018004"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"John C. Mitchell","raw_affiliation_strings":["Stanford University, \u00a0","Stanford University,"],"affiliations":[{"raw_affiliation_string":"Stanford University, \u00a0","institution_ids":["https://openalex.org/I97018004"]},{"raw_affiliation_string":"Stanford University,","institution_ids":["https://openalex.org/I97018004"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5062307542"],"corresponding_institution_ids":["https://openalex.org/I189158943"],"apc_list":{"value":5000,"currency":"EUR","value_usd":5392},"apc_paid":null,"fwci":18.811,"has_fulltext":false,"cited_by_count":131,"citation_normalized_percentile":{"value":0.99739583,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"78","last_page":"97"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9965999722480774,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8554095029830933},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8109598159790039},{"id":"https://openalex.org/keywords/upload","display_name":"Upload","score":0.6911346912384033},{"id":"https://openalex.org/keywords/keystroke-logging","display_name":"Keystroke logging","score":0.6194128394126892},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5512502789497375},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.5158112049102783},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.49323099851608276},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.47643381357192993},{"id":"https://openalex.org/keywords/control-flow","display_name":"Control flow","score":0.41495048999786377},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3217136263847351},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.2566882073879242},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.166640967130661}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8554095029830933},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8109598159790039},{"id":"https://openalex.org/C71901391","wikidata":"https://www.wikidata.org/wiki/Q7126699","display_name":"Upload","level":2,"score":0.6911346912384033},{"id":"https://openalex.org/C161615301","wikidata":"https://www.wikidata.org/wiki/Q309396","display_name":"Keystroke logging","level":2,"score":0.6194128394126892},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5512502789497375},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.5158112049102783},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.49323099851608276},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.47643381357192993},{"id":"https://openalex.org/C160191386","wikidata":"https://www.wikidata.org/wiki/Q868299","display_name":"Control flow","level":2,"score":0.41495048999786377},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3217136263847351},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.2566882073879242},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.166640967130661},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1007/978-3-540-87403-4_5","is_oa":false,"landing_page_url":"https://doi.org/10.1007/978-3-540-87403-4_5","pdf_url":null,"source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.164.6745","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.164.6745","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.stanford.edu/~jcm/papers/raid_2008.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.7099999785423279,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":25,"referenced_works":["https://openalex.org/W186343359","https://openalex.org/W1522250664","https://openalex.org/W1552906779","https://openalex.org/W1633185320","https://openalex.org/W1641762327","https://openalex.org/W1742385376","https://openalex.org/W1809063480","https://openalex.org/W1813040609","https://openalex.org/W1829003931","https://openalex.org/W1966150547","https://openalex.org/W2000309792","https://openalex.org/W2014589236","https://openalex.org/W2022286645","https://openalex.org/W2102970979","https://openalex.org/W2106637657","https://openalex.org/W2112731379","https://openalex.org/W2117030266","https://openalex.org/W2119982986","https://openalex.org/W2131523719","https://openalex.org/W2150795982","https://openalex.org/W2151135920","https://openalex.org/W2160645305","https://openalex.org/W2163292449","https://openalex.org/W2167671111","https://openalex.org/W4214931895"],"related_works":["https://openalex.org/W2439951656","https://openalex.org/W1998188341","https://openalex.org/W1573526548","https://openalex.org/W4360982091","https://openalex.org/W3176864451","https://openalex.org/W2053632570","https://openalex.org/W4288064943","https://openalex.org/W2187910102","https://openalex.org/W4389341938","https://openalex.org/W2128507946"],"abstract_inverted_index":null,"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":6},{"year":2020,"cited_by_count":3},{"year":2019,"cited_by_count":4},{"year":2018,"cited_by_count":8},{"year":2017,"cited_by_count":8},{"year":2016,"cited_by_count":5},{"year":2015,"cited_by_count":8},{"year":2014,"cited_by_count":9},{"year":2013,"cited_by_count":14},{"year":2012,"cited_by_count":17}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}