{"id":"https://openalex.org/W3206809172","doi":"https://doi.org/10.1007/s40747-021-00560-1","title":"PROUD-MAL: static analysis-based progressive framework for deep unsupervised malware classification of windows portable executable","display_name":"PROUD-MAL: static analysis-based progressive framework for deep unsupervised malware classification of windows portable executable","publication_year":2021,"publication_date":"2021-10-12","ids":{"openalex":"https://openalex.org/W3206809172","doi":"https://doi.org/10.1007/s40747-021-00560-1","mag":"3206809172"},"language":"en","primary_location":{"id":"doi:10.1007/s40747-021-00560-1","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s40747-021-00560-1","pdf_url":"https://link.springer.com/content/pdf/10.1007/s40747-021-00560-1.pdf","source":{"id":"https://openalex.org/S3035462843","display_name":"Complex & Intelligent Systems","issn_l":"2198-6053","issn":["2198-6053","2199-4536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Complex & Intelligent Systems","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://link.springer.com/content/pdf/10.1007/s40747-021-00560-1.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5027757956","display_name":"Syed Khurram Jah Rizvi","orcid":"https://orcid.org/0000-0003-3302-938X"},"institutions":[{"id":"https://openalex.org/I929597975","display_name":"National University of Sciences and Technology","ror":"https://ror.org/03w2j5y17","country_code":"PK","type":"education","lineage":["https://openalex.org/I929597975"]},{"id":"https://openalex.org/I39555362","display_name":"University of Warwick","ror":"https://ror.org/01a77tt86","country_code":"GB","type":"education","lineage":["https://openalex.org/I39555362"]}],"countries":["GB","PK"],"is_corresponding":true,"raw_author_name":"Syed Khurram Jah Rizvi","raw_affiliation_strings":["Department of Computer Science, University of Warwick, Coventry, CV47AL, UK","National University of Sciences and Technology (NUST), Islamabad, Pakistan"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Warwick, Coventry, CV47AL, UK","institution_ids":["https://openalex.org/I39555362"]},{"raw_affiliation_string":"National University of Sciences and Technology (NUST), Islamabad, Pakistan","institution_ids":["https://openalex.org/I929597975"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5010099857","display_name":"Warda Aslam","orcid":null},"institutions":[{"id":"https://openalex.org/I929597975","display_name":"National University of Sciences and Technology","ror":"https://ror.org/03w2j5y17","country_code":"PK","type":"education","lineage":["https://openalex.org/I929597975"]}],"countries":["PK"],"is_corresponding":false,"raw_author_name":"Warda Aslam","raw_affiliation_strings":["National University of Sciences and Technology (NUST), Islamabad, Pakistan"],"affiliations":[{"raw_affiliation_string":"National University of Sciences and Technology (NUST), Islamabad, Pakistan","institution_ids":["https://openalex.org/I929597975"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035787368","display_name":"Muhammad Shahzad","orcid":"https://orcid.org/0000-0002-8278-9118"},"institutions":[{"id":"https://openalex.org/I929597975","display_name":"National University of Sciences and Technology","ror":"https://ror.org/03w2j5y17","country_code":"PK","type":"education","lineage":["https://openalex.org/I929597975"]}],"countries":["PK"],"is_corresponding":false,"raw_author_name":"Muhammad Shahzad","raw_affiliation_strings":["National University of Sciences and Technology (NUST), Islamabad, Pakistan"],"affiliations":[{"raw_affiliation_string":"National University of Sciences and Technology (NUST), Islamabad, Pakistan","institution_ids":["https://openalex.org/I929597975"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5011022614","display_name":"Shahzad Saleem","orcid":"https://orcid.org/0000-0002-0264-5887"},"institutions":[{"id":"https://openalex.org/I4210099699","display_name":"Jeddah University","ror":"https://ror.org/015ya8798","country_code":"SA","type":"education","lineage":["https://openalex.org/I4210099699"]},{"id":"https://openalex.org/I929597975","display_name":"National University of Sciences and Technology","ror":"https://ror.org/03w2j5y17","country_code":"PK","type":"education","lineage":["https://openalex.org/I929597975"]}],"countries":["PK","SA"],"is_corresponding":false,"raw_author_name":"Shahzad Saleem","raw_affiliation_strings":["Department of Computer Science, University of Jeddah, Jeddah, Kingdom of Saudi Arabia","National University of Sciences and Technology (NUST), Islamabad, Pakistan"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Jeddah, Jeddah, Kingdom of Saudi Arabia","institution_ids":["https://openalex.org/I4210099699"]},{"raw_affiliation_string":"National University of Sciences and Technology (NUST), Islamabad, Pakistan","institution_ids":["https://openalex.org/I929597975"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5017459474","display_name":"Muhammad Moazam Fraz","orcid":"https://orcid.org/0000-0003-0495-463X"},"institutions":[{"id":"https://openalex.org/I4210128584","display_name":"The Alan Turing Institute","ror":"https://ror.org/035dkdb55","country_code":"GB","type":"facility","lineage":["https://openalex.org/I4210128584"]},{"id":"https://openalex.org/I125680101","display_name":"Turing Institute","ror":"https://ror.org/02x2mw849","country_code":"GB","type":"facility","lineage":["https://openalex.org/I125680101"]},{"id":"https://openalex.org/I929597975","display_name":"National University of Sciences and Technology","ror":"https://ror.org/03w2j5y17","country_code":"PK","type":"education","lineage":["https://openalex.org/I929597975"]}],"countries":["GB","PK"],"is_corresponding":false,"raw_author_name":"Muhammad Moazam Fraz","raw_affiliation_strings":["National University of Sciences and Technology (NUST), Islamabad, Pakistan","The Alan Turing Institute, London, NW1 2DB, UK"],"affiliations":[{"raw_affiliation_string":"National University of Sciences and Technology (NUST), Islamabad, Pakistan","institution_ids":["https://openalex.org/I929597975"]},{"raw_affiliation_string":"The Alan Turing Institute, London, NW1 2DB, UK","institution_ids":["https://openalex.org/I125680101","https://openalex.org/I4210128584"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5027757956"],"corresponding_institution_ids":["https://openalex.org/I39555362","https://openalex.org/I929597975"],"apc_list":{"value":1320,"currency":"GBP","value_usd":1619},"apc_paid":{"value":1320,"currency":"GBP","value_usd":1619},"fwci":3.3953,"has_fulltext":true,"cited_by_count":30,"citation_normalized_percentile":{"value":0.93381911,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":"8","issue":"1","first_page":"673","last_page":"685"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9958999752998352,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.935139536857605},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7901339530944824},{"id":"https://openalex.org/keywords/executable","display_name":"Executable","score":0.6913760900497437},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5877445936203003},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.5713399052619934},{"id":"https://openalex.org/keywords/block","display_name":"Block (permutation group theory)","score":0.5245770812034607},{"id":"https://openalex.org/keywords/unsupervised-learning","display_name":"Unsupervised learning","score":0.5160626769065857},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5073956847190857},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.4962082505226135},{"id":"https://openalex.org/keywords/cluster-analysis","display_name":"Cluster analysis","score":0.4767621159553528},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.47565171122550964},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.4186372756958008},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.39813148975372314},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.29109126329421997},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.1625327467918396}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.935139536857605},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7901339530944824},{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.6913760900497437},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5877445936203003},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.5713399052619934},{"id":"https://openalex.org/C2777210771","wikidata":"https://www.wikidata.org/wiki/Q4927124","display_name":"Block (permutation group theory)","level":2,"score":0.5245770812034607},{"id":"https://openalex.org/C8038995","wikidata":"https://www.wikidata.org/wiki/Q1152135","display_name":"Unsupervised learning","level":2,"score":0.5160626769065857},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5073956847190857},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.4962082505226135},{"id":"https://openalex.org/C73555534","wikidata":"https://www.wikidata.org/wiki/Q622825","display_name":"Cluster analysis","level":2,"score":0.4767621159553528},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.47565171122550964},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.4186372756958008},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.39813148975372314},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.29109126329421997},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.1625327467918396},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1007/s40747-021-00560-1","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s40747-021-00560-1","pdf_url":"https://link.springer.com/content/pdf/10.1007/s40747-021-00560-1.pdf","source":{"id":"https://openalex.org/S3035462843","display_name":"Complex & Intelligent Systems","issn_l":"2198-6053","issn":["2198-6053","2199-4536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Complex & Intelligent Systems","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1007/s40747-021-00560-1","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s40747-021-00560-1","pdf_url":"https://link.springer.com/content/pdf/10.1007/s40747-021-00560-1.pdf","source":{"id":"https://openalex.org/S3035462843","display_name":"Complex & Intelligent Systems","issn_l":"2198-6053","issn":["2198-6053","2199-4536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Complex & Intelligent Systems","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9","score":0.6700000166893005}],"awards":[],"funders":[{"id":"https://openalex.org/F4320320279","display_name":"University of Warwick","ror":"https://ror.org/01a77tt86"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3206809172.pdf","grobid_xml":"https://content.openalex.org/works/W3206809172.grobid-xml"},"referenced_works_count":51,"referenced_works":["https://openalex.org/W34492510","https://openalex.org/W120243429","https://openalex.org/W1482228399","https://openalex.org/W1505217784","https://openalex.org/W1514368868","https://openalex.org/W1544837488","https://openalex.org/W1958068621","https://openalex.org/W1984350393","https://openalex.org/W1987684126","https://openalex.org/W1996975221","https://openalex.org/W2008056655","https://openalex.org/W2034114524","https://openalex.org/W2057787526","https://openalex.org/W2066220442","https://openalex.org/W2083183119","https://openalex.org/W2090868254","https://openalex.org/W2096945460","https://openalex.org/W2110143557","https://openalex.org/W2125011234","https://openalex.org/W2129018774","https://openalex.org/W2135940344","https://openalex.org/W2144112223","https://openalex.org/W2146567535","https://openalex.org/W2148542813","https://openalex.org/W2161160262","https://openalex.org/W2171718468","https://openalex.org/W2246811656","https://openalex.org/W2280242822","https://openalex.org/W2295135469","https://openalex.org/W2341349540","https://openalex.org/W2396876049","https://openalex.org/W2508015754","https://openalex.org/W2529118267","https://openalex.org/W2584414817","https://openalex.org/W2591830932","https://openalex.org/W2619363104","https://openalex.org/W2735195081","https://openalex.org/W2736723828","https://openalex.org/W2742475488","https://openalex.org/W2752241832","https://openalex.org/W2767177879","https://openalex.org/W2784452215","https://openalex.org/W2786476294","https://openalex.org/W2903774075","https://openalex.org/W2939926088","https://openalex.org/W2946525659","https://openalex.org/W2962965405","https://openalex.org/W2997676437","https://openalex.org/W3045322569","https://openalex.org/W3099388751","https://openalex.org/W6602664198"],"related_works":["https://openalex.org/W1995118279","https://openalex.org/W4285507391","https://openalex.org/W2610659201","https://openalex.org/W65788704","https://openalex.org/W3107556205","https://openalex.org/W4200453963","https://openalex.org/W2805262980","https://openalex.org/W2765174411","https://openalex.org/W2067547021","https://openalex.org/W4234891089"],"abstract_inverted_index":{"Abstract":[0],"Enterprises":[1],"are":[2,106,278],"striving":[3],"to":[4,23,46,67,221],"remain":[5],"protected":[6],"against":[7],"malware-based":[8,85],"cyber-attacks":[9],"on":[10,157,181,204,216,264],"their":[11],"infrastructure,":[12],"facilities,":[13],"networks":[14],"and":[15,73,118,129,163,200,228,241,267,276],"systems.":[16],"Static":[17],"analysis":[18,36,61,105,114],"is":[19,43,123,155,179,213],"an":[20,34,205,217,250],"effective":[21,125],"approach":[22],"detect":[24],"the":[25,48,54,68,182,187,230],"malware,":[26],"i.e.,":[27],"malicious":[28,51,240],"Portable":[29],"Executable":[30],"(PE).":[31],"It":[32],"performs":[33],"in-depth":[35],"of":[37,50,75,80,84,160,234,252],"PE":[38,52,236],"files":[39],"without":[40],"executing,":[41],"which":[42],"highly":[44],"useful":[45],"minimize":[47],"risk":[49],"contaminating":[53],"system.":[55],"Yet,":[56],"instant":[57],"detection":[58,83,101,111,151],"using":[59,103,112],"static":[60,104,113,148],"has":[62],"become":[63],"very":[64],"difficult":[65],"due":[66],"exponential":[69],"rise":[70],"in":[71,126,260],"volume":[72],"variety":[74],"malware.":[76],"The":[77,95,153,169,245,274],"compelling":[78],"need":[79],"early":[81],"stage":[82],"attacks":[86],"significantly":[87],"motivates":[88],"research":[89],"inclination":[90],"towards":[91],"automated":[92],"malware":[93,100,110,150,195,223],"detection.":[94],"recent":[96],"machine":[97,271],"learning":[98,272],"aided":[99],"approaches":[102],"mostly":[107],"supervised.":[108],"Supervised":[109],"requires":[115],"manual":[116],"labelling":[117],"human":[119],"feedback;":[120],"therefore,":[121],"it":[122],"less":[124],"rapidly":[127],"evolutionary":[128],"dynamic":[130],"threat":[131],"space.":[132],"To":[133,185],"this":[134],"end,":[135],"we":[136,191],"propose":[137],"a":[138,193],"progressive":[139],"deep":[140,166,171],"unsupervised":[141,161,189],"framework":[142,154,248],"with":[143,175,256],"feature":[144,176],"attention":[145,177],"block":[146,178],"for":[147],"analysis-based":[149],"(PROUD-MAL).":[152],"based":[156],"cascading":[158],"blocks":[159],"clustering":[162],"features":[164],"attention-based":[165],"neural":[167,172],"network.":[168,208],"proposed":[170,188,246],"network":[173,220],"embedded":[174],"trained":[180],"pseudo":[183],"labels.":[184],"evaluate":[186],"framework,":[190],"collected":[192,265],"real-time":[194],"dataset":[196,232,266,277],"by":[197],"deploying":[198],"low":[199],"high":[201],"interaction":[202],"honeypots":[203],"enterprise":[206,218],"organizational":[207,219],"Moreover,":[209],"endpoint":[210],"security":[211],"solution":[212],"also":[214],"deployed":[215],"collect":[222],"samples.":[224],"After":[225],"post":[226],"processing":[227],"cleaning,":[229],"novel":[231],"consists":[233],"15,457":[235],"samples":[237],"comprising":[238],"8775":[239],"6681":[242],"benign":[243],"ones.":[244],"PROUD-MAL":[247],"achieved":[249],"accuracy":[251],"more":[253],"than":[254],"98.09%":[255],"better":[257],"quantitative":[258],"performance":[259],"standard":[261],"evaluation":[262],"parameters":[263],"outperformed":[268],"other":[269],"conventional":[270],"algorithms.":[273],"implementation":[275],"available":[279],"at":[280],"https://bit.ly/35Sne3a":[281],".":[282]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":7},{"year":2024,"cited_by_count":10},{"year":2023,"cited_by_count":7},{"year":2022,"cited_by_count":5}],"updated_date":"2026-04-11T08:14:18.477133","created_date":"2025-10-10T00:00:00"}