{"id":"https://openalex.org/W4398151606","doi":"https://doi.org/10.1109/access.2024.3402956","title":"Enhancing Cybersecurity With P-Code Analysis and XGBoost: A Novel Approach for Malicious VBA Macro Detection in Office Documents","display_name":"Enhancing Cybersecurity With P-Code Analysis and XGBoost: A Novel Approach for Malicious VBA Macro Detection in Office Documents","publication_year":2024,"publication_date":"2024-01-01","ids":{"openalex":"https://openalex.org/W4398151606","doi":"https://doi.org/10.1109/access.2024.3402956"},"language":"en","primary_location":{"id":"doi:10.1109/access.2024.3402956","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2024.3402956","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/10534288.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/10534288.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5001584575","display_name":"Candra Ahmadi","orcid":"https://orcid.org/0000-0001-6583-2156"},"institutions":[{"id":"https://openalex.org/I154864474","display_name":"National Taiwan University of Science and Technology","ror":"https://ror.org/00q09pe49","country_code":"TW","type":"education","lineage":["https://openalex.org/I154864474"]}],"countries":["TW"],"is_corresponding":true,"raw_author_name":"Candra Ahmadi","raw_affiliation_strings":["Department of Electrical Engineering, National Taiwan University of Science and Technology, Taipei, Taiwan"],"affiliations":[{"raw_affiliation_string":"Department of Electrical Engineering, National Taiwan University of Science and Technology, Taipei, Taiwan","institution_ids":["https://openalex.org/I154864474"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5091813828","display_name":"Jiann-Liang Chen","orcid":"https://orcid.org/0000-0003-0400-5514"},"institutions":[{"id":"https://openalex.org/I154864474","display_name":"National Taiwan University of Science and Technology","ror":"https://ror.org/00q09pe49","country_code":"TW","type":"education","lineage":["https://openalex.org/I154864474"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Jiann-Liang Chen","raw_affiliation_strings":["Department of Electrical Engineering, National Taiwan University of Science and Technology, Taipei, Taiwan"],"affiliations":[{"raw_affiliation_string":"Department of Electrical Engineering, National Taiwan University of Science and Technology, Taipei, Taiwan","institution_ids":["https://openalex.org/I154864474"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5063829576","display_name":"Yi-Cheng Lai","orcid":null},"institutions":[{"id":"https://openalex.org/I154864474","display_name":"National Taiwan University of Science and Technology","ror":"https://ror.org/00q09pe49","country_code":"TW","type":"education","lineage":["https://openalex.org/I154864474"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Yi-Cheng Lai","raw_affiliation_strings":["Department of Electrical Engineering, National Taiwan University of Science and Technology, Taipei, Taiwan"],"affiliations":[{"raw_affiliation_string":"Department of Electrical Engineering, National Taiwan University of Science and Technology, Taipei, Taiwan","institution_ids":["https://openalex.org/I154864474"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5001584575"],"corresponding_institution_ids":["https://openalex.org/I154864474"],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":1.8677,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.85479467,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":97},"biblio":{"volume":"12","issue":null,"first_page":"71746","last_page":"71760"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.993399977684021,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8313078880310059},{"id":"https://openalex.org/keywords/macro","display_name":"Macro","score":0.749507486820221},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5463353991508484},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.5459876656532288},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.503696620464325},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.4925685524940491},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.462954580783844},{"id":"https://openalex.org/keywords/automation","display_name":"Automation","score":0.4424327611923218},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.43997856974601746},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4144248068332672},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.16052493453025818}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8313078880310059},{"id":"https://openalex.org/C166955791","wikidata":"https://www.wikidata.org/wiki/Q629579","display_name":"Macro","level":2,"score":0.749507486820221},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5463353991508484},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.5459876656532288},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.503696620464325},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.4925685524940491},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.462954580783844},{"id":"https://openalex.org/C115901376","wikidata":"https://www.wikidata.org/wiki/Q184199","display_name":"Automation","level":2,"score":0.4424327611923218},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.43997856974601746},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4144248068332672},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.16052493453025818},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2024.3402956","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2024.3402956","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/10534288.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:99837f517dc74742a632851a1de499a3","is_oa":true,"landing_page_url":"https://doaj.org/article/99837f517dc74742a632851a1de499a3","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 12, Pp 71746-71760 (2024)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2024.3402956","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2024.3402956","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/6514899/10534288.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4398151606.pdf"},"referenced_works_count":37,"referenced_works":["https://openalex.org/W2295598076","https://openalex.org/W2471456063","https://openalex.org/W2950048690","https://openalex.org/W2960404346","https://openalex.org/W2974072230","https://openalex.org/W3015699601","https://openalex.org/W3046149163","https://openalex.org/W3082686536","https://openalex.org/W3098789273","https://openalex.org/W3114105288","https://openalex.org/W3128866156","https://openalex.org/W3131727541","https://openalex.org/W3145691682","https://openalex.org/W3167995052","https://openalex.org/W3200413364","https://openalex.org/W3201129094","https://openalex.org/W4200395040","https://openalex.org/W4206332460","https://openalex.org/W4213358192","https://openalex.org/W4224302404","https://openalex.org/W4226163627","https://openalex.org/W4281628079","https://openalex.org/W4285295176","https://openalex.org/W4288057734","https://openalex.org/W4288057801","https://openalex.org/W4296079469","https://openalex.org/W4296349030","https://openalex.org/W4311165726","https://openalex.org/W4312875835","https://openalex.org/W4313164219","https://openalex.org/W4324137541","https://openalex.org/W4367595808","https://openalex.org/W4378976878","https://openalex.org/W4383898134","https://openalex.org/W4384302787","https://openalex.org/W4385802528","https://openalex.org/W4387145771"],"related_works":["https://openalex.org/W2030816003","https://openalex.org/W2097492617","https://openalex.org/W2753240997","https://openalex.org/W1764168690","https://openalex.org/W2610659201","https://openalex.org/W4285507391","https://openalex.org/W3107556205","https://openalex.org/W2805262980","https://openalex.org/W2067547021","https://openalex.org/W4234891089"],"abstract_inverted_index":{"In":[0],"the":[1,6,141,162,178,189,196,203,209],"evolving":[2,216],"landscape":[3],"of":[4,8,66,104,109,118,143,164,180,191,205,211],"cybersecurity,":[5,172],"prevalence":[7],"malicious":[9,97,127],"Visual":[10],"Basic":[11],"for":[12,34,82,145,171,198,202],"Applications":[13],"(VBA)":[14],"macros":[15],"embedded":[16],"in":[17,111,122,153,177],"Office":[18],"documents":[19],"presents":[20],"a":[21,43,51,131,150,174],"formidable":[22],"challenge.":[23],"These":[24],"macros,":[25,98],"while":[26],"integral":[27],"to":[28,56,126,214],"automation,":[29],"have":[30],"become":[31],"potent":[32],"vehicles":[33],"cyber-attacks,":[35],"necessitating":[36],"advanced":[37],"detection":[38,102,179],"techniques.":[39],"This":[40,184],"study":[41,185],"introduces":[42,149],"comprehensive":[44],"framework":[45,133],"employing":[46],"P-Code":[47,72,166,226],"Analysis":[48],"and":[49,96,106,208],"XGBoost,":[50,228],"leading-edge":[52],"machine":[53,146,169],"learning":[54,147,170],"algorithm,":[55],"address":[57],"this":[58,119],"issue.":[59],"The":[60,115,159],"proposed":[61],"solution":[62],"synergizes":[63],"static":[64],"analysis":[65,148,167],"VBA":[67,223],"source":[68],"code":[69],"with":[70,168],"dynamic":[71],"structural":[73],"analysis,":[74],"enhanced":[75],"by":[76],"Natural":[77],"Language":[78],"Processing":[79],"(NLP)":[80],"techniques":[81],"effective":[83],"feature":[84],"extraction.":[85],"By":[86],"integrating":[87],"these":[88],"methodologies,":[89],"our":[90,212],"model":[91,213],"adeptly":[92],"distinguishes":[93],"between":[94],"benign":[95],"achieving":[99],"an":[100,107],"unprecedented":[101],"accuracy":[103],"98.70%":[105],"F1-score":[108],"98.81%":[110],"rigorous":[112],"testing":[113],"environments.":[114],"core":[116],"contribution":[117],"research":[120],"lies":[121],"its":[123],"innovative":[124],"approach":[125],"macro":[128],"detection,":[129],"offering":[130],"robust":[132],"that":[134],"significantly":[135],"improves":[136],"upon":[137],"existing":[138],"methods.":[139],"Additionally,":[140],"utilization":[142],"XGBoost":[144],"novel":[151],"application":[152],"cybersecurity":[154,192],"defenses":[155],"against":[156],"macro-based":[157],"threats.":[158,183],"results":[160],"underscore":[161],"efficacy":[163],"combining":[165],"marking":[173],"significant":[175],"stride":[176],"sophisticated":[181],"cyber":[182],"not":[186],"only":[187],"advances":[188],"domain":[190],"but":[193],"also":[194],"lays":[195],"groundwork":[197],"future":[199],"research,":[200],"advocating":[201],"exploration":[204],"further":[206],"optimizations":[207],"adaptation":[210],"combat":[215],"attack":[217],"vectors.":[218],"Recommended":[219],"terms:":[220],"Cybersecurity,":[221],"Malicious":[222],"Macro":[224],"Detection,":[225],"Analysis,":[227],"Machine":[229],"Learning.":[230]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}