{"id":"https://openalex.org/W3176588888","doi":"https://doi.org/10.1109/access.2021.3093366","title":"An Adaptive Behavioral-Based Incremental Batch Learning Malware Variants Detection Model Using Concept Drift Detection and Sequential Deep Learning","display_name":"An Adaptive Behavioral-Based Incremental Batch Learning Malware Variants Detection Model Using Concept Drift Detection and Sequential Deep Learning","publication_year":2021,"publication_date":"2021-01-01","ids":{"openalex":"https://openalex.org/W3176588888","doi":"https://doi.org/10.1109/access.2021.3093366","mag":"3176588888"},"language":"en","primary_location":{"id":"doi:10.1109/access.2021.3093366","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2021.3093366","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/9312710/09467300.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://ieeexplore.ieee.org/ielx7/6287639/9312710/09467300.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5060131213","display_name":"Abdulbasit A. Darem","orcid":"https://orcid.org/0000-0002-5650-1838"},"institutions":[{"id":"https://openalex.org/I118590987","display_name":"Northern Border University","ror":"https://ror.org/03j9tzj20","country_code":"SA","type":"education","lineage":["https://openalex.org/I118590987"]}],"countries":["SA"],"is_corresponding":true,"raw_author_name":"Abdulbasit A. Darem","raw_affiliation_strings":["Northern Border University, Arar, Saudi Arabia"],"raw_orcid":"https://orcid.org/0000-0002-5650-1838","affiliations":[{"raw_affiliation_string":"Northern Border University, Arar, Saudi Arabia","institution_ids":["https://openalex.org/I118590987"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043834125","display_name":"Fuad A. Ghaleb","orcid":"https://orcid.org/0000-0002-1468-0655"},"institutions":[{"id":"https://openalex.org/I170535673","display_name":"Sana'a University","ror":"https://ror.org/04hcvaf32","country_code":"YE","type":"education","lineage":["https://openalex.org/I170535673"]},{"id":"https://openalex.org/I4576418","display_name":"University of Technology Malaysia","ror":"https://ror.org/026w31v75","country_code":"MY","type":"education","lineage":["https://openalex.org/I4576418"]}],"countries":["MY","YE"],"is_corresponding":false,"raw_author_name":"Fuad A. Ghaleb","raw_affiliation_strings":["Faculty of Engineering, School of Computing, Universiti Teknologi Malaysia (UTM), Johor Bahru, Malaysia","Sana\u2019a Community College, Sana\u2019a, Yemen","Sana'a Community College, Sana'a, Yemen"],"raw_orcid":"https://orcid.org/0000-0002-1468-0655","affiliations":[{"raw_affiliation_string":"Faculty of Engineering, School of Computing, Universiti Teknologi Malaysia (UTM), Johor Bahru, Malaysia","institution_ids":["https://openalex.org/I4576418"]},{"raw_affiliation_string":"Sana\u2019a Community College, Sana\u2019a, Yemen","institution_ids":["https://openalex.org/I170535673"]},{"raw_affiliation_string":"Sana'a Community College, Sana'a, Yemen","institution_ids":["https://openalex.org/I170535673"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5012876317","display_name":"Asma A. Alhashmi","orcid":"https://orcid.org/0000-0001-7871-7069"},"institutions":[{"id":"https://openalex.org/I118590987","display_name":"Northern Border University","ror":"https://ror.org/03j9tzj20","country_code":"SA","type":"education","lineage":["https://openalex.org/I118590987"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Asma A. Al-Hashmi","raw_affiliation_strings":["Northern Border University, Arar, Saudi Arabia"],"raw_orcid":"https://orcid.org/0000-0001-7871-7069","affiliations":[{"raw_affiliation_string":"Northern Border University, Arar, Saudi Arabia","institution_ids":["https://openalex.org/I118590987"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5019489166","display_name":"Jemal Abawajy","orcid":"https://orcid.org/0000-0001-8962-1222"},"institutions":[{"id":"https://openalex.org/I149704539","display_name":"Deakin University","ror":"https://ror.org/02czsnj07","country_code":"AU","type":"education","lineage":["https://openalex.org/I149704539"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Jemal H. Abawajy","raw_affiliation_strings":["Cybersecurity Research and Innovation Centre, Deakin University, Burwood, VIC, Australia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Cybersecurity Research and Innovation Centre, Deakin University, Burwood, VIC, Australia","institution_ids":["https://openalex.org/I149704539"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090295471","display_name":"Sultan M. Alanazi","orcid":"https://orcid.org/0000-0002-8827-9290"},"institutions":[{"id":"https://openalex.org/I118590987","display_name":"Northern Border University","ror":"https://ror.org/03j9tzj20","country_code":"SA","type":"education","lineage":["https://openalex.org/I118590987"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Sultan M. Alanazi","raw_affiliation_strings":["Northern Border University, Arar, Saudi Arabia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Northern Border University, Arar, Saudi Arabia","institution_ids":["https://openalex.org/I118590987"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5111292376","display_name":"A. Y. Al-Rezami","orcid":null},"institutions":[{"id":"https://openalex.org/I142608572","display_name":"Prince Sattam Bin Abdulaziz University","ror":"https://ror.org/04jt46d36","country_code":"SA","type":"education","lineage":["https://openalex.org/I142608572"]},{"id":"https://openalex.org/I170535673","display_name":"Sana'a University","ror":"https://ror.org/04hcvaf32","country_code":"YE","type":"education","lineage":["https://openalex.org/I170535673"]}],"countries":["SA","YE"],"is_corresponding":false,"raw_author_name":"Afrah Y. Al-Rezami","raw_affiliation_strings":["Prince Sattam Bin Abdulaziz University, Al-Kharj, Saudi Arabia","Sana\u2019a University, Sana\u2019a, Yemen","Sana'a University, Sana'a, Yemen"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Prince Sattam Bin Abdulaziz University, Al-Kharj, Saudi Arabia","institution_ids":["https://openalex.org/I142608572"]},{"raw_affiliation_string":"Sana\u2019a University, Sana\u2019a, Yemen","institution_ids":["https://openalex.org/I170535673"]},{"raw_affiliation_string":"Sana'a University, Sana'a, Yemen","institution_ids":["https://openalex.org/I170535673"]}]}],"institutions":[],"countries_distinct_count":4,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5060131213"],"corresponding_institution_ids":["https://openalex.org/I118590987"],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":8.4911,"has_fulltext":true,"cited_by_count":77,"citation_normalized_percentile":{"value":0.98439593,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":100},"biblio":{"volume":"9","issue":null,"first_page":"97180","last_page":"97196"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12761","display_name":"Data Stream Mining Techniques","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9927999973297119,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.9326589107513428},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8418590426445007},{"id":"https://openalex.org/keywords/concept-drift","display_name":"Concept drift","score":0.6840794086456299},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.6557654142379761},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5642844438552856},{"id":"https://openalex.org/keywords/sandbox","display_name":"Sandbox (software development)","score":0.5408454537391663},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.4522547721862793},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.42757105827331543},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.19038715958595276},{"id":"https://openalex.org/keywords/data-stream-mining","display_name":"Data stream mining","score":0.16999348998069763},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.1126413345336914}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.9326589107513428},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8418590426445007},{"id":"https://openalex.org/C60777511","wikidata":"https://www.wikidata.org/wiki/Q3045002","display_name":"Concept drift","level":3,"score":0.6840794086456299},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.6557654142379761},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5642844438552856},{"id":"https://openalex.org/C167981075","wikidata":"https://www.wikidata.org/wiki/Q2667186","display_name":"Sandbox (software development)","level":2,"score":0.5408454537391663},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.4522547721862793},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.42757105827331543},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.19038715958595276},{"id":"https://openalex.org/C89198739","wikidata":"https://www.wikidata.org/wiki/Q3079880","display_name":"Data stream mining","level":2,"score":0.16999348998069763},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.1126413345336914}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1109/access.2021.3093366","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2021.3093366","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/9312710/09467300.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:bd32c535c0454d2cb53b58b018281e09","is_oa":true,"landing_page_url":"https://doaj.org/article/bd32c535c0454d2cb53b58b018281e09","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 9, Pp 97180-97196 (2021)","raw_type":"article"},{"id":"pmh:oai:dro.deakin.edu.au:DU:30154235","is_oa":false,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4306401102","display_name":"Own your potential (DEAKIN)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I149704539","host_organization_name":"Deakin University","host_organization_lineage":["https://openalex.org/I149704539"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Journal Article"},{"id":"pmh:oai:figshare.com:article/20652912","is_oa":true,"landing_page_url":"https://figshare.com/articles/journal_contribution/An_Adaptive_Behavioral-Based_Incremental_Batch_Learning_Malware_Variants_Detection_Model_Using_Concept_Drift_Detection_and_Sequential_Deep_Learning/20652912","pdf_url":null,"source":{"id":"https://openalex.org/S4377196282","display_name":"Figshare","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210132348","host_organization_name":"Figshare (United Kingdom)","host_organization_lineage":["https://openalex.org/I4210132348"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Text"}],"best_oa_location":{"id":"doi:10.1109/access.2021.3093366","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2021.3093366","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/9312710/09467300.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3176588888.pdf","grobid_xml":"https://content.openalex.org/works/W3176588888.grobid-xml"},"referenced_works_count":53,"referenced_works":["https://openalex.org/W135165129","https://openalex.org/W172558989","https://openalex.org/W1824981487","https://openalex.org/W1966741850","https://openalex.org/W1984233424","https://openalex.org/W2034042820","https://openalex.org/W2041130390","https://openalex.org/W2083183119","https://openalex.org/W2087211161","https://openalex.org/W2148143831","https://openalex.org/W2191468669","https://openalex.org/W2295598076","https://openalex.org/W2563273224","https://openalex.org/W2564494760","https://openalex.org/W2584414817","https://openalex.org/W2609225916","https://openalex.org/W2732916693","https://openalex.org/W2737324849","https://openalex.org/W2755632345","https://openalex.org/W2761114781","https://openalex.org/W2771479418","https://openalex.org/W2780577826","https://openalex.org/W2784113120","https://openalex.org/W2792672492","https://openalex.org/W2796394805","https://openalex.org/W2809646433","https://openalex.org/W2895892359","https://openalex.org/W2898457271","https://openalex.org/W2900633536","https://openalex.org/W2914649569","https://openalex.org/W2915893383","https://openalex.org/W2933960034","https://openalex.org/W2939746199","https://openalex.org/W2950348902","https://openalex.org/W2967107104","https://openalex.org/W2969849145","https://openalex.org/W2972428187","https://openalex.org/W2981292756","https://openalex.org/W2994101726","https://openalex.org/W2996806689","https://openalex.org/W2997247224","https://openalex.org/W3014274353","https://openalex.org/W3015605314","https://openalex.org/W3034576826","https://openalex.org/W3039822732","https://openalex.org/W3046149163","https://openalex.org/W3048779965","https://openalex.org/W3080279788","https://openalex.org/W3091956118","https://openalex.org/W3092353577","https://openalex.org/W3102476541","https://openalex.org/W3102780856","https://openalex.org/W6783619954"],"related_works":["https://openalex.org/W2034129977","https://openalex.org/W1745773915","https://openalex.org/W2765820957","https://openalex.org/W2311131113","https://openalex.org/W4367595269","https://openalex.org/W2294212083","https://openalex.org/W2068319486","https://openalex.org/W4389000576","https://openalex.org/W3160499573","https://openalex.org/W2810128799"],"abstract_inverted_index":{"Malware":[0,90,132,151],"variants":[1,41,325],"are":[2],"the":[3,12,34,39,52,73,84,100,108,114,117,147,160,177,181,188,229,242,259,268,274,285,299,306],"major":[4],"emerging":[5],"threats":[6],"that":[7,42,51,284],"face":[8],"cybersecurity":[9],"due":[10,32,94],"to":[11,15,33,95,106,145,176,186,228,240,257],"potential":[13],"damage":[14],"computer":[16],"systems.":[17],"Many":[18],"solutions":[19,49],"have":[20],"been":[21,77,255],"proposed":[22,286],"for":[23,62,83,265],"detecting":[24],"malware":[25,40,47,57,88,104,149,161,178,182,189,205,215,326],"variants.":[26,89,150],"However,":[27],"accurate":[28],"detection":[29,48,115,118,139,293,320],"is":[30,288],"challenging":[31],"constantly":[35],"evolving":[36],"nature":[37,86],"of":[38,87,203,222,246,276,292,318,322,332],"cause":[43],"concept":[44,137,260],"drift.":[45],"Existing":[46],"assume":[50],"mapping":[53],"learned":[54],"from":[55,280],"historical":[56,204],"features":[58,71,91],"will":[59],"be":[60],"valid":[61],"new":[63,148,214,323],"and":[64,72,99,111,121,140,167,225,295,305,324],"future":[65],"malware.":[66],"The":[67,193,213,249,313],"relationship":[68],"between":[69],"input":[70],"class":[74],"label":[75],"has":[76,254],"considered":[78],"stationary,":[79],"which":[80],"doesn't":[81],"hold":[82],"ever-evolving":[85],"change":[92,107,191],"dynamically":[93],"code":[96],"obfuscations,":[97],"mutations,":[98],"modification":[101],"made":[102],"by":[103,158],"authors":[105],"features'":[109],"distribution":[110],"thus":[112],"evade":[113],"rendering":[116],"model":[119,135,231,269,277,287,314],"obsolete":[120],"ineffective.":[122],"This":[123],"study":[124],"presents":[125],"an":[126,233,263,316],"Adaptive":[127],"behavioral-based":[128],"Incremental":[129],"Batch":[130],"Learning":[131],"Variants":[133],"Detection":[134],"using":[136,155,207],"drift":[138,261],"sequential":[141,209],"deep":[142,210],"learning":[143,211,230,238,311],"(AIBL-MVD)":[144],"accommodate":[146],"behaviors":[152],"were":[153,184,217],"extracted":[154],"dynamic":[156],"analysis":[157],"running":[159],"files":[162],"in":[163,232,290],"a":[164,201,208,220,328],"sandbox":[165],"environment":[166],"collecting":[168],"their":[169],"Application":[170],"Programming":[171],"Interface":[172],"(API)":[173],"traces.":[174],"According":[175],"first-time":[179],"appearance,":[180],"samples":[183,206,216],"sorted":[185],"capture":[187],"variants'":[190],"characteristics.":[192],"base":[194],"classifier":[195],"was":[196],"then":[197],"trained":[198],"based":[199],"on":[200],"subset":[202,221],"model.":[212],"mixed":[218],"with":[219,298,327],"old":[223],"data":[224],"gradually":[226],"introduced":[227],"adaptive":[234],"batch":[235,308],"size":[236,309],"incremental":[237,247,310],"manner":[239],"address":[241],"catastrophic":[243],"forgetting":[244],"dilemma":[245],"learning.":[248],"statistical":[250],"process":[251],"control":[252],"technique":[253],"used":[256],"detect":[258],"as":[262,270,272],"indication":[264],"incrementally":[266],"updating":[267,330],"well":[271],"reducing":[273],"frequency":[275,331],"updates.":[278],"Results":[279],"extensive":[281],"experiments":[282],"show":[283],"superior":[289],"terms":[291],"rate":[294],"efficiency":[296],"compared":[297],"static":[300],"model,":[301],"periodic":[302],"retraining":[303],"approaches,":[304],"fixed":[307],"approach.":[312],"maintains":[315],"average":[317],"99.41%":[319],"accuracy":[321],"low":[329],"1.35":[333],"times":[334],"per":[335],"month.":[336]},"counts_by_year":[{"year":2026,"cited_by_count":4},{"year":2025,"cited_by_count":18},{"year":2024,"cited_by_count":16},{"year":2023,"cited_by_count":20},{"year":2022,"cited_by_count":17},{"year":2021,"cited_by_count":2}],"updated_date":"2026-05-12T08:28:47.272897","created_date":"2025-10-10T00:00:00"}