{"id":"https://openalex.org/W2904792378","doi":"https://doi.org/10.1109/access.2018.2884964","title":"Detection and Elimination of Spyware and Ransomware by Intercepting Kernel-Level System Routines","display_name":"Detection and Elimination of Spyware and Ransomware by Intercepting Kernel-Level System Routines","publication_year":2018,"publication_date":"2018-01-01","ids":{"openalex":"https://openalex.org/W2904792378","doi":"https://doi.org/10.1109/access.2018.2884964","mag":"2904792378"},"language":"en","primary_location":{"id":"doi:10.1109/access.2018.2884964","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2018.2884964","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1109/access.2018.2884964","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5083420500","display_name":"Danial Javaheri","orcid":"https://orcid.org/0000-0002-7275-2370"},"institutions":[{"id":"https://openalex.org/I155419210","display_name":"Islamic Azad University, Science and Research Branch","ror":"https://ror.org/03187yj51","country_code":"IR","type":"education","lineage":["https://openalex.org/I110525433","https://openalex.org/I155419210"]}],"countries":["IR"],"is_corresponding":false,"raw_author_name":"Danial Javaheri","raw_affiliation_strings":["Department of Computer Engineering, Science and Research Branch, Islamic Azad University, Tehran, Iran"],"raw_orcid":"https://orcid.org/0000-0002-7275-2370","affiliations":[{"raw_affiliation_string":"Department of Computer Engineering, Science and Research Branch, Islamic Azad University, Tehran, Iran","institution_ids":["https://openalex.org/I155419210"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5002779288","display_name":"Mehdi Hosseinzadeh","orcid":null},"institutions":[{"id":"https://openalex.org/I161106909","display_name":"Iran University of Medical Sciences","ror":"https://ror.org/03w04rv71","country_code":"IR","type":"education","lineage":["https://openalex.org/I161106909"]}],"countries":["IR"],"is_corresponding":false,"raw_author_name":"Mehdi Hosseinzadeh","raw_affiliation_strings":["International Campus, Iran University of Medical Sciences, Tehran, Iran"],"raw_orcid":"https://orcid.org/0000-0003-1088-4551","affiliations":[{"raw_affiliation_string":"International Campus, Iran University of Medical Sciences, Tehran, Iran","institution_ids":["https://openalex.org/I161106909"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5021772077","display_name":"Amir Masoud Rahmani","orcid":"https://orcid.org/0000-0001-8641-6119"},"institutions":[{"id":"https://openalex.org/I155419210","display_name":"Islamic Azad University, Science and Research Branch","ror":"https://ror.org/03187yj51","country_code":"IR","type":"education","lineage":["https://openalex.org/I110525433","https://openalex.org/I155419210"]}],"countries":["IR"],"is_corresponding":false,"raw_author_name":"Amir Masoud Rahmani","raw_affiliation_strings":["Department of Computer Engineering, Science and Research Branch, Islamic Azad University, Tehran, Iran"],"raw_orcid":"https://orcid.org/0000-0001-8641-6119","affiliations":[{"raw_affiliation_string":"Department of Computer Engineering, Science and Research Branch, Islamic Azad University, Tehran, Iran","institution_ids":["https://openalex.org/I155419210"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":3.9905,"has_fulltext":false,"cited_by_count":62,"citation_normalized_percentile":{"value":0.94838037,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":"6","issue":null,"first_page":"78321","last_page":"78332"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9979000091552734,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9958000183105469,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8272337913513184},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7741129398345947},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5958577394485474},{"id":"https://openalex.org/keywords/ransomware","display_name":"Ransomware","score":0.5794441103935242},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.5749099254608154},{"id":"https://openalex.org/keywords/linux-kernel","display_name":"Linux kernel","score":0.5106416344642639},{"id":"https://openalex.org/keywords/word-error-rate","display_name":"Word error rate","score":0.44396647810935974},{"id":"https://openalex.org/keywords/executable","display_name":"Executable","score":0.4104299545288086},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.38655853271484375},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.35605669021606445},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.33231741189956665},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.25589513778686523}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8272337913513184},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7741129398345947},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5958577394485474},{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.5794441103935242},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.5749099254608154},{"id":"https://openalex.org/C553261973","wikidata":"https://www.wikidata.org/wiki/Q14579","display_name":"Linux kernel","level":2,"score":0.5106416344642639},{"id":"https://openalex.org/C40969351","wikidata":"https://www.wikidata.org/wiki/Q3516228","display_name":"Word error rate","level":2,"score":0.44396647810935974},{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.4104299545288086},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.38655853271484375},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.35605669021606445},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.33231741189956665},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.25589513778686523}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2018.2884964","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2018.2884964","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:5161296f8ae449428df81bcce72faf22","is_oa":true,"landing_page_url":"https://doaj.org/article/5161296f8ae449428df81bcce72faf22","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 6, Pp 78321-78332 (2018)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2018.2884964","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2018.2884964","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.6600000262260437}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":28,"referenced_works":["https://openalex.org/W119280561","https://openalex.org/W1490425716","https://openalex.org/W1834664710","https://openalex.org/W1916709771","https://openalex.org/W1936523258","https://openalex.org/W1994740897","https://openalex.org/W1996975221","https://openalex.org/W1999728176","https://openalex.org/W2003568760","https://openalex.org/W2043491664","https://openalex.org/W2095448920","https://openalex.org/W2157734500","https://openalex.org/W2191468669","https://openalex.org/W2318288230","https://openalex.org/W2537422620","https://openalex.org/W2586097552","https://openalex.org/W2620631670","https://openalex.org/W2725069636","https://openalex.org/W2747456275","https://openalex.org/W2748761731","https://openalex.org/W2765921396","https://openalex.org/W2770502925","https://openalex.org/W2782729947","https://openalex.org/W2792657554","https://openalex.org/W2876466190","https://openalex.org/W2963265635","https://openalex.org/W3151741126","https://openalex.org/W6629538474"],"related_works":["https://openalex.org/W2377509977","https://openalex.org/W2354398839","https://openalex.org/W23760953","https://openalex.org/W2356881557","https://openalex.org/W1970216380","https://openalex.org/W2373778029","https://openalex.org/W840375602","https://openalex.org/W2123619123","https://openalex.org/W2903950487","https://openalex.org/W2171038386"],"abstract_inverted_index":{"Spyware":[0,18],"is":[1,19,57],"the":[2,38,94,125,131,147,180],"most":[3],"complex,":[4],"obfuscated,":[5],"and":[6,24,36,40,43,49,66,77,110,118,145,172],"targeted":[7],"class":[8],"of":[9,54,69,89,98,124,133,139,149,169,196],"malware,":[10],"which":[11],"has":[12],"grown":[13],"dramatically":[14],"in":[15,106,135],"recent":[16],"years.":[17],"designed":[20],"for":[21,33],"secret,":[22],"long-term,":[23],"persistent":[25],"missions.":[26],"This":[27,91],"paper":[28,56,92],"provides":[29],"a":[30,60,83,193],"novel":[31],"method":[32,53,127,160],"detection,":[34],"tracking,":[35],"confronting":[37],"stealth":[39],"obfuscated":[41],"spyware":[42,104,140,165,191],"ransomware,":[44],"including":[45],"keyloggers,":[46],"screen":[47],"recorders,":[48],"blockers.":[50],"The":[51,122],"proposed":[52,126,159,181],"this":[55],"based":[58],"on":[59],"dynamic":[61],"behavioral":[62],"analysis":[63,144],"through":[64],"deep":[65],"transparent":[67],"hooking":[68],"kernel-level":[70],"routines.":[71],"We":[72],"used":[73],"linear":[74],"regression,":[75],"JRIP,":[76],"J48":[78],"decision":[79],"tree":[80],"algorithms":[81],"as":[82],"classifier":[84],"to":[85,102,108,152,163],"recognize":[86,164],"three":[87],"classes":[88],"malware.":[90],"presents":[93],"main":[95],"architectural":[96],"plan":[97],"an":[99,167,173,185],"anti-spyware":[100],"application":[101],"track":[103],"footprints":[105],"order":[107],"detect":[109],"force":[111],"terminate":[112],"running":[113],"processes,":[114],"eliminate":[115],"executable":[116],"files,":[117],"restrict":[119],"network":[120],"communications.":[121],"efficiency":[123],"was":[128,161],"evaluated":[129],"from":[130,146,188],"viewpoint":[132,148],"accuracy":[134,168],"detecting":[136],"real-world":[137],"samples":[138],"by":[141,190],"ROC":[142],"curve":[143],"success":[150],"rate":[151,175,195],"confront":[153],"effectively":[154],"with":[155,166,192],"active":[156],"spyware.":[157],"Our":[158],"able":[162],"about":[170,197],"93%":[171],"error":[174],"near":[176],"7%.":[177],"In":[178],"addition,":[179],"system":[182,187],"can":[183],"disinfect":[184],"operating":[186],"infection":[189],"hit":[194],"82%.":[198]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":7},{"year":2024,"cited_by_count":11},{"year":2023,"cited_by_count":12},{"year":2022,"cited_by_count":7},{"year":2021,"cited_by_count":13},{"year":2020,"cited_by_count":9},{"year":2019,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}