{"id":"https://openalex.org/W4415933724","doi":"https://doi.org/10.1109/access.2025.3629338","title":"Malware Detection Using Cuckoo Sandbox Report Features as Human Readable Description and the BERT Model","display_name":"Malware Detection Using Cuckoo Sandbox Report Features as Human Readable Description and the BERT Model","publication_year":2025,"publication_date":"2025-01-01","ids":{"openalex":"https://openalex.org/W4415933724","doi":"https://doi.org/10.1109/access.2025.3629338"},"language":"en","primary_location":{"id":"doi:10.1109/access.2025.3629338","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3629338","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1109/access.2025.3629338","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5119581591","display_name":"Oussama El Rhayati","orcid":"https://orcid.org/0009-0007-5336-7913"},"institutions":[{"id":"https://openalex.org/I81605866","display_name":"Sidi Mohamed Ben Abdellah University","ror":"https://ror.org/04efg9a07","country_code":"MA","type":"education","lineage":["https://openalex.org/I81605866"]}],"countries":["MA"],"is_corresponding":false,"raw_author_name":"Oussama El Rhayati","raw_affiliation_strings":["Department of Informatics, Faculty of Sciences Dhar El Mahraz, Informatique, Innovation et Intelligence Artificielle Laboratory, Sidi Mohamed Ben Abdellah University, Fes, Morocco","Department of Informatics, Faculty of Sciences Dhar El Mahraz, Informatique, Innovation et Intelligence Artificielle Laboratory, Sidi Mohamed Ben Abdellah University, Fez, Morocco"],"raw_orcid":"https://orcid.org/0009-0007-5336-7913","affiliations":[{"raw_affiliation_string":"Department of Informatics, Faculty of Sciences Dhar El Mahraz, Informatique, Innovation et Intelligence Artificielle Laboratory, Sidi Mohamed Ben Abdellah University, Fes, Morocco","institution_ids":["https://openalex.org/I81605866"]},{"raw_affiliation_string":"Department of Informatics, Faculty of Sciences Dhar El Mahraz, Informatique, Innovation et Intelligence Artificielle Laboratory, Sidi Mohamed Ben Abdellah University, Fez, Morocco","institution_ids":["https://openalex.org/I81605866"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048317087","display_name":"Omar El Beqqali","orcid":"https://orcid.org/0000-0003-0269-3819"},"institutions":[{"id":"https://openalex.org/I81605866","display_name":"Sidi Mohamed Ben Abdellah University","ror":"https://ror.org/04efg9a07","country_code":"MA","type":"education","lineage":["https://openalex.org/I81605866"]}],"countries":["MA"],"is_corresponding":false,"raw_author_name":"Omar El Beqqali","raw_affiliation_strings":["Department of Informatics, Faculty of Sciences Dhar El Mahraz, Informatique, Innovation et Intelligence Artificielle Laboratory, Sidi Mohamed Ben Abdellah University, Fes, Morocco","Department of Informatics, Faculty of Sciences Dhar El Mahraz, Informatique, Innovation et Intelligence Artificielle Laboratory, Sidi Mohamed Ben Abdellah University, Fez, Morocco"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Informatics, Faculty of Sciences Dhar El Mahraz, Informatique, Innovation et Intelligence Artificielle Laboratory, Sidi Mohamed Ben Abdellah University, Fes, Morocco","institution_ids":["https://openalex.org/I81605866"]},{"raw_affiliation_string":"Department of Informatics, Faculty of Sciences Dhar El Mahraz, Informatique, Innovation et Intelligence Artificielle Laboratory, Sidi Mohamed Ben Abdellah University, Fez, Morocco","institution_ids":["https://openalex.org/I81605866"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038331849","display_name":"Hamid Tairi","orcid":"https://orcid.org/0000-0002-5445-0037"},"institutions":[{"id":"https://openalex.org/I81605866","display_name":"Sidi Mohamed Ben Abdellah University","ror":"https://ror.org/04efg9a07","country_code":"MA","type":"education","lineage":["https://openalex.org/I81605866"]}],"countries":["MA"],"is_corresponding":false,"raw_author_name":"Hamid Tairi","raw_affiliation_strings":["Department of Informatics, Faculty of Sciences Dhar El Mahraz, Informatique, Innovation et Intelligence Artificielle Laboratory, Sidi Mohamed Ben Abdellah University, Fes, Morocco","Department of Informatics, Faculty of Sciences Dhar El Mahraz, Informatique, Innovation et Intelligence Artificielle Laboratory, Sidi Mohamed Ben Abdellah University, Fez, Morocco"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Informatics, Faculty of Sciences Dhar El Mahraz, Informatique, Innovation et Intelligence Artificielle Laboratory, Sidi Mohamed Ben Abdellah University, Fes, Morocco","institution_ids":["https://openalex.org/I81605866"]},{"raw_affiliation_string":"Department of Informatics, Faculty of Sciences Dhar El Mahraz, Informatique, Innovation et Intelligence Artificielle Laboratory, Sidi Mohamed Ben Abdellah University, Fez, Morocco","institution_ids":["https://openalex.org/I81605866"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069765987","display_name":"Mohamed Lamrini","orcid":"https://orcid.org/0009-0008-8400-1508"},"institutions":[{"id":"https://openalex.org/I81605866","display_name":"Sidi Mohamed Ben Abdellah University","ror":"https://ror.org/04efg9a07","country_code":"MA","type":"education","lineage":["https://openalex.org/I81605866"]}],"countries":["MA"],"is_corresponding":false,"raw_author_name":"Mohamed Lamrini","raw_affiliation_strings":["Department of Informatics, Faculty of Sciences Dhar El Mahraz, Informatique, Innovation et Intelligence Artificielle Laboratory, Sidi Mohamed Ben Abdellah University, Fes, Morocco","Department of Informatics, Faculty of Sciences Dhar El Mahraz, Informatique, Innovation et Intelligence Artificielle Laboratory, Sidi Mohamed Ben Abdellah University, Fez, Morocco"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Informatics, Faculty of Sciences Dhar El Mahraz, Informatique, Innovation et Intelligence Artificielle Laboratory, Sidi Mohamed Ben Abdellah University, Fes, Morocco","institution_ids":["https://openalex.org/I81605866"]},{"raw_affiliation_string":"Department of Informatics, Faculty of Sciences Dhar El Mahraz, Informatique, Innovation et Intelligence Artificielle Laboratory, Sidi Mohamed Ben Abdellah University, Fez, Morocco","institution_ids":["https://openalex.org/I81605866"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5090906662","display_name":"Jamal Riffi","orcid":null},"institutions":[{"id":"https://openalex.org/I81605866","display_name":"Sidi Mohamed Ben Abdellah University","ror":"https://ror.org/04efg9a07","country_code":"MA","type":"education","lineage":["https://openalex.org/I81605866"]}],"countries":["MA"],"is_corresponding":false,"raw_author_name":"Jamal Riffi","raw_affiliation_strings":["Department of Informatics, Faculty of Sciences Dhar El Mahraz, Informatique, Innovation et Intelligence Artificielle Laboratory, Sidi Mohamed Ben Abdellah University, Fes, Morocco","Department of Informatics, Faculty of Sciences Dhar El Mahraz, Informatique, Innovation et Intelligence Artificielle Laboratory, Sidi Mohamed Ben Abdellah University, Fez, Morocco"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Informatics, Faculty of Sciences Dhar El Mahraz, Informatique, Innovation et Intelligence Artificielle Laboratory, Sidi Mohamed Ben Abdellah University, Fes, Morocco","institution_ids":["https://openalex.org/I81605866"]},{"raw_affiliation_string":"Department of Informatics, Faculty of Sciences Dhar El Mahraz, Informatique, Innovation et Intelligence Artificielle Laboratory, Sidi Mohamed Ben Abdellah University, Fez, Morocco","institution_ids":["https://openalex.org/I81605866"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I81605866"],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.34991926,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"13","issue":null,"first_page":"191406","last_page":"191414"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9839000105857849,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9839000105857849,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.001500000013038516,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.00139999995008111,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7541000247001648},{"id":"https://openalex.org/keywords/sandbox","display_name":"Sandbox (software development)","score":0.6191999912261963},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.5613999962806702},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.5394999980926514},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.46540001034736633},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.44040000438690186},{"id":"https://openalex.org/keywords/representation","display_name":"Representation (politics)","score":0.3253999948501587},{"id":"https://openalex.org/keywords/feature-learning","display_name":"Feature learning","score":0.3068999946117401}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8743000030517578},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7541000247001648},{"id":"https://openalex.org/C167981075","wikidata":"https://www.wikidata.org/wiki/Q2667186","display_name":"Sandbox (software development)","level":2,"score":0.6191999912261963},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.565500020980835},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.5613999962806702},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.5394999980926514},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.47769999504089355},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.46540001034736633},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.44040000438690186},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.3978999853134155},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.33079999685287476},{"id":"https://openalex.org/C2776359362","wikidata":"https://www.wikidata.org/wiki/Q2145286","display_name":"Representation (politics)","level":3,"score":0.3253999948501587},{"id":"https://openalex.org/C59404180","wikidata":"https://www.wikidata.org/wiki/Q17013334","display_name":"Feature learning","level":2,"score":0.3068999946117401},{"id":"https://openalex.org/C2776810535","wikidata":"https://www.wikidata.org/wiki/Q26381","display_name":"Cuckoo","level":2,"score":0.303600013256073},{"id":"https://openalex.org/C2778827112","wikidata":"https://www.wikidata.org/wiki/Q22245680","display_name":"Feature engineering","level":3,"score":0.3005000054836273},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.2985999882221222},{"id":"https://openalex.org/C52622490","wikidata":"https://www.wikidata.org/wiki/Q1026626","display_name":"Feature extraction","level":2,"score":0.2978000044822693},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.295199990272522},{"id":"https://openalex.org/C23123220","wikidata":"https://www.wikidata.org/wiki/Q816826","display_name":"Information retrieval","level":1,"score":0.2858000099658966},{"id":"https://openalex.org/C199033989","wikidata":"https://www.wikidata.org/wiki/Q1318295","display_name":"Narrative","level":2,"score":0.28540000319480896},{"id":"https://openalex.org/C2779585090","wikidata":"https://www.wikidata.org/wiki/Q3457762","display_name":"Resilience (materials science)","level":2,"score":0.28540000319480896},{"id":"https://openalex.org/C173483453","wikidata":"https://www.wikidata.org/wiki/Q1040689","display_name":"Synonym (taxonomy)","level":3,"score":0.2809000015258789},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.27970001101493835},{"id":"https://openalex.org/C137293760","wikidata":"https://www.wikidata.org/wiki/Q3621696","display_name":"Language model","level":2,"score":0.2696000039577484},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.26899999380111694},{"id":"https://openalex.org/C22019652","wikidata":"https://www.wikidata.org/wiki/Q331309","display_name":"Overfitting","level":3,"score":0.2671999931335449}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2025.3629338","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3629338","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:ffd0239fba764cfcbc20f4ae3f362241","is_oa":true,"landing_page_url":"https://doaj.org/article/ffd0239fba764cfcbc20f4ae3f362241","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 13, Pp 191406-191414 (2025)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2025.3629338","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3629338","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":3,"referenced_works":["https://openalex.org/W2896457183","https://openalex.org/W3105966348","https://openalex.org/W4321454754"],"related_works":[],"abstract_inverted_index":{"The":[0,38],"ever-evolving":[1],"nature":[2],"of":[3,153],"malware":[4,79,198],"renders":[5],"conventional":[6],"detection":[7,19],"techniques":[8],"increasingly":[9],"ineffective":[10],"against":[11],"adaptive":[12],"threats.":[13],"This":[14],"work":[15],"proposes":[16],"a":[17,34,66,190],"behavior-driven":[18],"framework":[20],"that":[21,130,183],"converts":[22],"dynamic":[23],"sandbox":[24],"reports":[25],"into":[26],"human-readable":[27],"narratives":[28],"and":[29,52,71,88,94,111,116,123,143,177,193],"learns":[30],"semantic":[31,154],"patterns":[32],"with":[33,106],"fine-tuned":[35],"BERT":[36],"model.":[37],"narrative":[39],"transformation":[40],"captures":[41],"higher-order":[42],"relations":[43],"among":[44],"system":[45],"activities":[46],"(e.g.,":[47],"process":[48],"creation,":[49],"registry":[50],"persistence,":[51],"network":[53],"communication),":[54],"enabling":[55],"contextual":[56],"representation":[57],"beyond":[58],"handcrafted":[59],"features.":[60],"Validation":[61],"was":[62],"conducted":[63],"on":[64],"both":[65],"controlled":[67],"Cuckoo-based":[68],"benchmark":[69],"(binary)":[70],"the":[72,83,151,158,164],"large-scale":[73],"public":[74],"Avast\u2013CTU":[75],"CAPEv2":[76],"dataset":[77],"(ten":[78],"families).":[80],"On":[81],"CAPEv2,":[82],"method":[84],"achieved":[85],"96.2%":[86],"accuracy":[87,134],"95.8%":[89],"macro-F1":[90],"under":[91,97],"chronological":[92],"partitioning,":[93],"strong":[95],"performance":[96],"5-fold":[98],"cross-validation,":[99],"outperforming":[100],"TF\u2013IDF":[101,148],"+SVM":[102],"baselines.":[103],"Robustness":[104],"studies":[105],"textual":[107],"perturbations":[108],"(token":[109],"masking":[110],"synonym":[112],"substitution":[113],"at":[114],"5\u201320%)":[115],"time-aware":[117],"evaluation":[118],"indicate":[119],"resilience":[120],"to":[121,170],"obfuscation":[122],"temporal":[124],"drift.":[125],"An":[126],"ablation":[127],"analysis":[128],"shows":[129],"narrative-based":[131],"modeling":[132,188],"improves":[133],"by":[135,144],"\u224812":[136],"percentage":[137],"points":[138,146],"over":[139,147],"raw":[140],"feature":[141],"baselines":[142],"\u22485":[145],"representations,":[149],"highlighting":[150],"contribution":[152],"abstraction.":[155],"Besides":[156],"accuracy,":[157],"approach":[159],"can":[160,166],"provide":[161],"practical":[162],"interpretability:":[163],"predictions":[165],"be":[167],"traced":[168],"back":[169],"behavioral":[171,184],"descriptive":[172],"indicators,":[173],"allowing":[174],"analyst":[175],"auditability":[176],"forensic":[178],"use.":[179],"These":[180],"results":[181],"show":[182],"data":[185],"contextualized":[186],"language":[187],"is":[189],"scalable,":[191],"explainable,":[192],"generalizable":[194],"next-generation":[195],"basis":[196],"for":[197],"detection.":[199]},"counts_by_year":[],"updated_date":"2026-06-26T08:34:08.712188","created_date":"2025-11-05T00:00:00"}
