{"id":"https://openalex.org/W7127076749","doi":"https://doi.org/10.1007/s44443-026-00521-z","title":"Intelligent detection and forensics method for malware based on memory opcode genes","display_name":"Intelligent detection and forensics method for malware based on memory opcode genes","publication_year":2026,"publication_date":"2026-02-02","ids":{"openalex":"https://openalex.org/W7127076749","doi":"https://doi.org/10.1007/s44443-026-00521-z"},"language":"en","primary_location":{"id":"doi:10.1007/s44443-026-00521-z","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s44443-026-00521-z","pdf_url":null,"source":{"id":"https://openalex.org/S2764955546","display_name":"Journal of King Saud University - Computer and Information Sciences","issn_l":"1319-1578","issn":["1319-1578","2213-1248"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of King Saud University Computer and Information Sciences","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1007/s44443-026-00521-z","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101527863","display_name":"Binglong Li","orcid":null},"institutions":[{"id":"https://openalex.org/I38877650","display_name":"Zhengzhou University","ror":"https://ror.org/04ypx8c21","country_code":"CN","type":"education","lineage":["https://openalex.org/I38877650"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Binglong Li","raw_affiliation_strings":["School of Cryptographic Engineering, Information Engineering University, 62 Kexue Avenue, High-Tech Zone, Zhengzhou, 450001, Henan Province, China"],"affiliations":[{"raw_affiliation_string":"School of Cryptographic Engineering, Information Engineering University, 62 Kexue Avenue, High-Tech Zone, Zhengzhou, 450001, Henan Province, China","institution_ids":["https://openalex.org/I38877650"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5064487185","display_name":"Shilong Yu","orcid":"https://orcid.org/0000-0001-6339-4308"},"institutions":[{"id":"https://openalex.org/I38877650","display_name":"Zhengzhou University","ror":"https://ror.org/04ypx8c21","country_code":"CN","type":"education","lineage":["https://openalex.org/I38877650"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Shilong Yu","raw_affiliation_strings":["School of Cryptographic Engineering, Information Engineering University, 62 Kexue Avenue, High-Tech Zone, Zhengzhou, 450001, Henan Province, China"],"affiliations":[{"raw_affiliation_string":"School of Cryptographic Engineering, Information Engineering University, 62 Kexue Avenue, High-Tech Zone, Zhengzhou, 450001, Henan Province, China","institution_ids":["https://openalex.org/I38877650"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5124858040","display_name":"Yong Zhao","orcid":null},"institutions":[{"id":"https://openalex.org/I191208505","display_name":"Xiamen University","ror":"https://ror.org/00mcjh785","country_code":"CN","type":"education","lineage":["https://openalex.org/I191208505"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yong Zhao","raw_affiliation_strings":["SDIC Intelligent (Xiamen) Information Co., Ltd., Xiamen, 361000, China"],"affiliations":[{"raw_affiliation_string":"SDIC Intelligent (Xiamen) Information Co., Ltd., Xiamen, 361000, China","institution_ids":["https://openalex.org/I191208505"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5111216471","display_name":"Y L Sun","orcid":null},"institutions":[{"id":"https://openalex.org/I38877650","display_name":"Zhengzhou University","ror":"https://ror.org/04ypx8c21","country_code":"CN","type":"education","lineage":["https://openalex.org/I38877650"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yifeng Sun","raw_affiliation_strings":["School of Cryptographic Engineering, Information Engineering University, 62 Kexue Avenue, High-Tech Zone, Zhengzhou, 450001, Henan Province, China"],"affiliations":[{"raw_affiliation_string":"School of Cryptographic Engineering, Information Engineering University, 62 Kexue Avenue, High-Tech Zone, Zhengzhou, 450001, Henan Province, China","institution_ids":["https://openalex.org/I38877650"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5124836593","display_name":"Hongwei Zhou","orcid":null},"institutions":[{"id":"https://openalex.org/I38877650","display_name":"Zhengzhou University","ror":"https://ror.org/04ypx8c21","country_code":"CN","type":"education","lineage":["https://openalex.org/I38877650"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Hongwei Zhou","raw_affiliation_strings":["School of Cryptographic Engineering, Information Engineering University, 62 Kexue Avenue, High-Tech Zone, Zhengzhou, 450001, Henan Province, China"],"affiliations":[{"raw_affiliation_string":"School of Cryptographic Engineering, Information Engineering University, 62 Kexue Avenue, High-Tech Zone, Zhengzhou, 450001, Henan Province, China","institution_ids":["https://openalex.org/I38877650"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5124840622","display_name":"Yuchen Zhang","orcid":null},"institutions":[{"id":"https://openalex.org/I38877650","display_name":"Zhengzhou University","ror":"https://ror.org/04ypx8c21","country_code":"CN","type":"education","lineage":["https://openalex.org/I38877650"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yuchen Zhang","raw_affiliation_strings":["School of Cryptographic Engineering, Information Engineering University, 62 Kexue Avenue, High-Tech Zone, Zhengzhou, 450001, Henan Province, China"],"affiliations":[{"raw_affiliation_string":"School of Cryptographic Engineering, Information Engineering University, 62 Kexue Avenue, High-Tech Zone, Zhengzhou, 450001, Henan Province, China","institution_ids":["https://openalex.org/I38877650"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5054322582","display_name":"Chaowen Chang","orcid":null},"institutions":[{"id":"https://openalex.org/I38877650","display_name":"Zhengzhou University","ror":"https://ror.org/04ypx8c21","country_code":"CN","type":"education","lineage":["https://openalex.org/I38877650"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chaowen Chang","raw_affiliation_strings":["School of Cryptographic Engineering, Information Engineering University, 62 Kexue Avenue, High-Tech Zone, Zhengzhou, 450001, Henan Province, China"],"affiliations":[{"raw_affiliation_string":"School of Cryptographic Engineering, Information Engineering University, 62 Kexue Avenue, High-Tech Zone, Zhengzhou, 450001, Henan Province, China","institution_ids":["https://openalex.org/I38877650"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5001651607","display_name":"Q. Wang","orcid":null},"institutions":[{"id":"https://openalex.org/I38877650","display_name":"Zhengzhou University","ror":"https://ror.org/04ypx8c21","country_code":"CN","type":"education","lineage":["https://openalex.org/I38877650"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qingxian Wang","raw_affiliation_strings":["School of Cryptographic Engineering, Information Engineering University, 62 Kexue Avenue, High-Tech Zone, Zhengzhou, 450001, Henan Province, China"],"affiliations":[{"raw_affiliation_string":"School of Cryptographic Engineering, Information Engineering University, 62 Kexue Avenue, High-Tech Zone, Zhengzhou, 450001, Henan Province, China","institution_ids":["https://openalex.org/I38877650"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5064487185"],"corresponding_institution_ids":["https://openalex.org/I38877650"],"apc_list":{"value":1350,"currency":"USD","value_usd":1350},"apc_paid":{"value":1350,"currency":"USD","value_usd":1350},"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.2569235,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"38","issue":"3","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9417999982833862,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9417999982833862,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.04179999977350235,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.0013000000035390258,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/opcode","display_name":"Opcode","score":0.9901999831199646},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7477999925613403},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.6421999931335449},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.4212000072002411},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.3894999921321869},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.3594000041484833}],"concepts":[{"id":"https://openalex.org/C52173422","wikidata":"https://www.wikidata.org/wiki/Q766483","display_name":"Opcode","level":2,"score":0.9901999831199646},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.824400007724762},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7477999925613403},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.6421999931335449},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.6290000081062317},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5418999791145325},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.4212000072002411},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4049000144004822},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.3894999921321869},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.3594000041484833},{"id":"https://openalex.org/C81363708","wikidata":"https://www.wikidata.org/wiki/Q17084460","display_name":"Convolutional neural network","level":2,"score":0.30660000443458557},{"id":"https://openalex.org/C112789634","wikidata":"https://www.wikidata.org/wiki/Q18207010","display_name":"False positives and false negatives","level":3,"score":0.29589998722076416},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.26010000705718994},{"id":"https://openalex.org/C84418412","wikidata":"https://www.wikidata.org/wiki/Q3246940","display_name":"Digital forensics","level":2,"score":0.2572000026702881},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.25119999051094055}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1007/s44443-026-00521-z","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s44443-026-00521-z","pdf_url":null,"source":{"id":"https://openalex.org/S2764955546","display_name":"Journal of King Saud University - Computer and Information Sciences","issn_l":"1319-1578","issn":["1319-1578","2213-1248"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of King Saud University Computer and Information Sciences","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:223ba2cc98ed4b4a94ac1db2cc6cdd85","is_oa":true,"landing_page_url":"https://doaj.org/article/223ba2cc98ed4b4a94ac1db2cc6cdd85","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Journal of King Saud University: Computer and Information Sciences, Vol 38, Iss 3 (2026)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1007/s44443-026-00521-z","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s44443-026-00521-z","pdf_url":null,"source":{"id":"https://openalex.org/S2764955546","display_name":"Journal of King Saud University - Computer and Information Sciences","issn_l":"1319-1578","issn":["1319-1578","2213-1248"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of King Saud University Computer and Information Sciences","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.6146225333213806,"display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G2735665649","display_name":null,"funder_award_id":"60903220","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":27,"referenced_works":["https://openalex.org/W1502129784","https://openalex.org/W1542951322","https://openalex.org/W2599823825","https://openalex.org/W3019514289","https://openalex.org/W3119994573","https://openalex.org/W3132746979","https://openalex.org/W3207948582","https://openalex.org/W4200469653","https://openalex.org/W4213019189","https://openalex.org/W4307548881","https://openalex.org/W4307570965","https://openalex.org/W4321787264","https://openalex.org/W4327952342","https://openalex.org/W4380996693","https://openalex.org/W4383498362","https://openalex.org/W4384824609","https://openalex.org/W4385481489","https://openalex.org/W4389827903","https://openalex.org/W4396968134","https://openalex.org/W4399423660","https://openalex.org/W4399667088","https://openalex.org/W4400771328","https://openalex.org/W4400974138","https://openalex.org/W4401392361","https://openalex.org/W4403003826","https://openalex.org/W4406126680","https://openalex.org/W4411096576"],"related_works":[],"abstract_inverted_index":{"To":[0],"tackle":[1],"the":[2,6,62,101,112,140,161],"challenge":[3],"posed":[4],"by":[5,16],"extensive":[7],"use":[8],"of":[9,119,123,128,142,164],"obfuscation,":[10],"packing,":[11],"encryption,":[12],"and":[13,24,32,56,81,97,125],"other":[14],"means":[15],"current":[17,36],"malware,":[18],"which":[19],"results":[20,105],"in":[21,35,66,152],"numerous":[22],"variants":[23],"decreased":[25],"identification":[26],"accuracy":[27,118],"alongside":[28],"increased":[29],"false":[30,33],"negatives":[31],"positives":[34],"detection":[37,45,117],"methods,":[38],"this":[39],"paper":[40],"proposes":[41],"an":[42,126],"intelligent":[43,162],"malware":[44,153],"method":[46,52,114],"utilizing":[47],"memory":[48,54,67,144],"opcode":[49,63,79,102,145],"genes.":[50],"This":[51,137],"integrates":[53],"forensics":[55,163],"deep":[57,95,150],"learning":[58,151],"technologies.":[59],"It":[60],"captures":[61],"sequences":[64],"left":[65],"during":[68],"software":[69],"execution":[70],"as":[71,77,147],"key":[72],"behavioral":[73],"features,":[74],"referred":[75],"to":[76,93],"\u201cmemory":[78],"genes\u201d":[80],"develops":[82],"a":[83,87,107,116,121,156],"model":[84],"based":[85],"on":[86,106],"Transformer-enhanced":[88],"Graph":[89],"Convolutional":[90],"Network":[91],"(TFGCN)":[92],"extract":[94],"semantic":[96],"structural":[98],"relationships":[99],"within":[100],"sequences.":[103],"Experimental":[104],"public":[108],"dataset":[109],"indicate":[110],"that":[111],"proposed":[113],"achieves":[115],"98.09%,":[120],"precision":[122],"98.16%,":[124],"F1-score":[127],"0.9809,":[129],"significantly":[130],"surpassing":[131],"traditional":[132],"baseline":[133],"methods":[134],"like":[135],"N-gram.":[136],"research":[138],"confirms":[139],"efficacy":[141],"combining":[143],"genes":[146],"features":[148],"with":[149],"detection,":[154],"offering":[155],"novel":[157],"technical":[158],"approach":[159],"for":[160],"highly":[165],"evasive":[166],"malware.":[167]},"counts_by_year":[],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2026-02-03T00:00:00"}