{"id":"https://openalex.org/W3015301903","doi":"https://doi.org/10.1109/access.2020.2986014","title":"Comparative Analysis of Low-Dimensional Features and Tree-Based Ensembles for Malware Detection Systems","display_name":"Comparative Analysis of Low-Dimensional Features and Tree-Based Ensembles for Malware Detection Systems","publication_year":2020,"publication_date":"2020-01-01","ids":{"openalex":"https://openalex.org/W3015301903","doi":"https://doi.org/10.1109/access.2020.2986014","mag":"3015301903"},"language":"en","primary_location":{"id":"doi:10.1109/access.2020.2986014","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2020.2986014","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/8948470/09057637.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://ieeexplore.ieee.org/ielx7/6287639/8948470/09057637.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5034901814","display_name":"Seoungyul Euh","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Seoungyul Euh","raw_affiliation_strings":["Security Technology Institute, KSign, Seoul, South Korea"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Security Technology Institute, KSign, Seoul, South Korea","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034510245","display_name":"Hyunjong Lee","orcid":"https://orcid.org/0000-0002-2990-1545"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Hyunjong Lee","raw_affiliation_strings":["Security Technology Institute, KSign, Seoul, South Korea"],"raw_orcid":"https://orcid.org/0000-0002-2990-1545","affiliations":[{"raw_affiliation_string":"Security Technology Institute, KSign, Seoul, South Korea","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100448787","display_name":"Donghoon Kim","orcid":"https://orcid.org/0000-0003-3142-4458"},"institutions":[{"id":"https://openalex.org/I125956826","display_name":"Arkansas State University","ror":"https://ror.org/006pyvd89","country_code":"US","type":"education","lineage":["https://openalex.org/I125956826"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Donghoon Kim","raw_affiliation_strings":["Department of Computer Science, Arkansas State University, Jonesboro, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Arkansas State University, Jonesboro, USA","institution_ids":["https://openalex.org/I125956826"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5014175226","display_name":"Doosung Hwang","orcid":"https://orcid.org/0000-0003-1840-9296"},"institutions":[{"id":"https://openalex.org/I89015989","display_name":"Dankook University","ror":"https://ror.org/058pdbn81","country_code":"KR","type":"education","lineage":["https://openalex.org/I89015989"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Doosung Hwang","raw_affiliation_strings":["Department of Software Science, Dankook University, Yongin, South Korea"],"raw_orcid":"https://orcid.org/0000-0003-1840-9296","affiliations":[{"raw_affiliation_string":"Department of Software Science, Dankook University, Yongin, South Korea","institution_ids":["https://openalex.org/I89015989"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":6.3871,"has_fulltext":true,"cited_by_count":55,"citation_normalized_percentile":{"value":0.97495434,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":100},"biblio":{"volume":"8","issue":null,"first_page":"76796","last_page":"76808"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9894000291824341,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9749000072479248,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8486800193786621},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7753007411956787},{"id":"https://openalex.org/keywords/ensemble-learning","display_name":"Ensemble learning","score":0.6591628789901733},{"id":"https://openalex.org/keywords/adaboost","display_name":"AdaBoost","score":0.6224712133407593},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.618838906288147},{"id":"https://openalex.org/keywords/feature-selection","display_name":"Feature selection","score":0.5971775650978088},{"id":"https://openalex.org/keywords/random-forest","display_name":"Random forest","score":0.5804391503334045},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5352090001106262},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.4896240830421448},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4610667824745178},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.4505952298641205},{"id":"https://openalex.org/keywords/tree","display_name":"Tree (set theory)","score":0.42035096883773804},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.41778823733329773},{"id":"https://openalex.org/keywords/support-vector-machine","display_name":"Support vector machine","score":0.37673038244247437},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.08107662200927734}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8486800193786621},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7753007411956787},{"id":"https://openalex.org/C45942800","wikidata":"https://www.wikidata.org/wiki/Q245652","display_name":"Ensemble learning","level":2,"score":0.6591628789901733},{"id":"https://openalex.org/C141404830","wikidata":"https://www.wikidata.org/wiki/Q2823869","display_name":"AdaBoost","level":3,"score":0.6224712133407593},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.618838906288147},{"id":"https://openalex.org/C148483581","wikidata":"https://www.wikidata.org/wiki/Q446488","display_name":"Feature selection","level":2,"score":0.5971775650978088},{"id":"https://openalex.org/C169258074","wikidata":"https://www.wikidata.org/wiki/Q245748","display_name":"Random forest","level":2,"score":0.5804391503334045},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5352090001106262},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.4896240830421448},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4610667824745178},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.4505952298641205},{"id":"https://openalex.org/C113174947","wikidata":"https://www.wikidata.org/wiki/Q2859736","display_name":"Tree (set theory)","level":2,"score":0.42035096883773804},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.41778823733329773},{"id":"https://openalex.org/C12267149","wikidata":"https://www.wikidata.org/wiki/Q282453","display_name":"Support vector machine","level":2,"score":0.37673038244247437},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.08107662200927734},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2020.2986014","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2020.2986014","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/8948470/09057637.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:084dd718738447e68eb1cf019a2c2798","is_oa":true,"landing_page_url":"https://doaj.org/article/084dd718738447e68eb1cf019a2c2798","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 8, Pp 76796-76808 (2020)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2020.2986014","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2020.2986014","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/8948470/09057637.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G7569628515","display_name":null,"funder_award_id":"2019-0-00197","funder_id":"https://openalex.org/F4320335489","funder_display_name":"Institute for Information and Communications Technology Promotion"}],"funders":[{"id":"https://openalex.org/F4320328359","display_name":"Ministry of Science and ICT, South Korea","ror":"https://ror.org/01wpjm123"},{"id":"https://openalex.org/F4320335489","display_name":"Institute for Information and Communications Technology Promotion","ror":"https://ror.org/01g0hqq23"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3015301903.pdf","grobid_xml":"https://content.openalex.org/works/W3015301903.grobid-xml"},"referenced_works_count":58,"referenced_works":["https://openalex.org/W4081608","https://openalex.org/W172558989","https://openalex.org/W1573526548","https://openalex.org/W1736726159","https://openalex.org/W1851403712","https://openalex.org/W1893133781","https://openalex.org/W1926592634","https://openalex.org/W1966716734","https://openalex.org/W1976526581","https://openalex.org/W1981033991","https://openalex.org/W1987644478","https://openalex.org/W1996975221","https://openalex.org/W2047167450","https://openalex.org/W2053959006","https://openalex.org/W2056132907","https://openalex.org/W2064274762","https://openalex.org/W2066220442","https://openalex.org/W2079215333","https://openalex.org/W2101234009","https://openalex.org/W2121032650","https://openalex.org/W2124833832","https://openalex.org/W2125914984","https://openalex.org/W2126975788","https://openalex.org/W2132874238","https://openalex.org/W2150188172","https://openalex.org/W2150757437","https://openalex.org/W2216444195","https://openalex.org/W2237959143","https://openalex.org/W2267635142","https://openalex.org/W2295598076","https://openalex.org/W2295755339","https://openalex.org/W2302010255","https://openalex.org/W2307930854","https://openalex.org/W2347098755","https://openalex.org/W2506582421","https://openalex.org/W2613869537","https://openalex.org/W2737067645","https://openalex.org/W2766613627","https://openalex.org/W2775173651","https://openalex.org/W2788864200","https://openalex.org/W2789575546","https://openalex.org/W2789758093","https://openalex.org/W2795063185","https://openalex.org/W2801888526","https://openalex.org/W2911964244","https://openalex.org/W2963961561","https://openalex.org/W2970602317","https://openalex.org/W3010411193","https://openalex.org/W3102476541","https://openalex.org/W3123969097","https://openalex.org/W4297944103","https://openalex.org/W6675354045","https://openalex.org/W6678472248","https://openalex.org/W6679060694","https://openalex.org/W6688716199","https://openalex.org/W6697196120","https://openalex.org/W6698146022","https://openalex.org/W6748641434"],"related_works":["https://openalex.org/W4382315444","https://openalex.org/W3011239835","https://openalex.org/W4312534362","https://openalex.org/W4388745254","https://openalex.org/W2980082554","https://openalex.org/W1517228774","https://openalex.org/W2767419625","https://openalex.org/W2915047625","https://openalex.org/W2389704471","https://openalex.org/W4233259193"],"abstract_inverted_index":{"Advances":[0],"in":[1,40,212],"machine":[2],"learning":[3,31],"algorithms":[4],"have":[5],"improved":[6],"the":[7,14,73,92,105,121,131,136,139,144,166,179,187,194,197,210],"performance":[8,145,195],"of":[9,29,95,123,138,146,175,182,196,200],"malware":[10,51,96,116,188,201],"detection":[11,52,189],"systems":[12],"for":[13,49,68],"last":[15],"decade.":[16],"However,":[17],"there":[18],"are":[19,66],"still":[20],"some":[21],"challenges":[22],"such":[23,150],"as":[24,151],"processing":[25,132],"a":[26,50],"large":[27],"amount":[28],"malware,":[30],"high-dimensional":[32],"vectors,":[33],"high":[34],"storage":[35,85],"usage,":[36,86],"and":[37,54,63,87,120,158,177,205],"low":[38,84],"scalability":[39],"learning.":[41,89],"This":[42],"paper":[43],"proposes":[44],"low-dimensional":[45,81],"but":[46],"effective":[47],"features":[48,97],"system":[53],"analyzes":[55],"them":[56],"with":[57,117],"tree-base":[58],"ensemble":[59,148,183],"models.":[60],"Expert":[61],"knowledge":[62],"frequency":[64],"analysis":[65],"adapted":[67],"relevant":[69],"feature":[70,82,163,168],"selection":[71],"from":[72,99],"collected":[74],"data":[75],"set,":[76],"which":[77],"contributes":[78],"to":[79,114,129,173,193],"fast":[80,88],"preparation,":[83],"We":[90],"extract":[91],"five":[93],"types":[94],"represented":[98],"binary":[100],"or":[101],"disassembly":[102],"files.":[103],"Specifically,":[104],"novel":[106],"WEM":[107],"(Window":[108],"Entropy":[109],"Map)":[110],"image":[111],"is":[112,127,209],"designed":[113],"represent":[115],"variable":[118],"length,":[119],"set":[122,199],"frequently":[124],"used":[125],"APIs":[126],"analyzed":[128],"shorten":[130],"time.":[133],"To":[134],"validate":[135],"effectiveness":[137],"selected":[140],"features,":[141],"we":[142],"compare":[143],"tree-based":[147],"models":[149,184],"AdaBoost,":[152],"XGBoost,":[153],"random":[154],"forest,":[155],"extra":[156],"trees,":[157],"rotation":[159],"trees.":[160],"The":[161],"proposed":[162],"can":[164],"reduce":[165],"original":[167],"dimensionality":[169],"by":[170],"several":[171],"tens":[172],"hundreds":[174],"times":[176],"decrease":[178],"training":[180],"time":[181],"without":[185],"degrading":[186],"rate":[190],"when":[191],"compared":[192],"whole":[198],"features.":[202],"In":[203],"accuracy":[204],"AUC-PRC":[206],"evaluation,":[207],"XGBoost":[208],"highest":[211],"rank.":[213]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":16},{"year":2022,"cited_by_count":10},{"year":2021,"cited_by_count":11},{"year":2020,"cited_by_count":5}],"updated_date":"2026-06-13T07:54:00.901334","created_date":"2025-10-10T00:00:00"}