{"id":"https://openalex.org/W4214898199","doi":"https://doi.org/10.1109/ccwc54503.2022.9720874","title":"Detecting and Classifying Self-Deleting Windows Malware Using Prefetch Files","display_name":"Detecting and Classifying Self-Deleting Windows Malware Using Prefetch Files","publication_year":2022,"publication_date":"2022-01-26","ids":{"openalex":"https://openalex.org/W4214898199","doi":"https://doi.org/10.1109/ccwc54503.2022.9720874"},"language":"en","primary_location":{"id":"doi:10.1109/ccwc54503.2022.9720874","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ccwc54503.2022.9720874","pdf_url":null,"source":{"id":"https://openalex.org/S4363608098","display_name":"2022 IEEE 12th Annual Computing and Communication Workshop and Conference (CCWC)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE 12th Annual Computing and Communication Workshop and Conference (CCWC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5075793938","display_name":"Adam Duby","orcid":null},"institutions":[{"id":"https://openalex.org/I4210137659","display_name":"American Military Academy","ror":"https://ror.org/02xs6gm19","country_code":"PR","type":"education","lineage":["https://openalex.org/I4210137659"]},{"id":"https://openalex.org/I192545095","display_name":"United States Military Academy","ror":"https://ror.org/01jepya76","country_code":"US","type":"education","lineage":["https://openalex.org/I1304082316","https://openalex.org/I1330347796","https://openalex.org/I192545095","https://openalex.org/I4210088792"]}],"countries":["PR","US"],"is_corresponding":true,"raw_author_name":"Adam Duby","raw_affiliation_strings":["United States Military Academy"],"affiliations":[{"raw_affiliation_string":"United States Military Academy","institution_ids":["https://openalex.org/I4210137659","https://openalex.org/I192545095"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5111373813","display_name":"Teryl Taylor","orcid":"https://orcid.org/0000-0002-4915-1286"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Teryl Taylor","raw_affiliation_strings":["IBM Research"],"affiliations":[{"raw_affiliation_string":"IBM Research","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5055170166","display_name":"Gedare Bloom","orcid":"https://orcid.org/0000-0002-5677-7092"},"institutions":[{"id":"https://openalex.org/I888729015","display_name":"University of Colorado Colorado Springs","ror":"https://ror.org/054spjc55","country_code":"US","type":"education","lineage":["https://openalex.org/I888729015"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Gedare Bloom","raw_affiliation_strings":["University of Colorado Colorado Springs"],"affiliations":[{"raw_affiliation_string":"University of Colorado Colorado Springs","institution_ids":["https://openalex.org/I888729015"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5072959708","display_name":"Yanyan Zhuang","orcid":"https://orcid.org/0000-0002-8407-0801"},"institutions":[{"id":"https://openalex.org/I888729015","display_name":"University of Colorado Colorado Springs","ror":"https://ror.org/054spjc55","country_code":"US","type":"education","lineage":["https://openalex.org/I888729015"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yanyan Zhuang","raw_affiliation_strings":["University of Colorado Colorado Springs"],"affiliations":[{"raw_affiliation_string":"University of Colorado Colorado Springs","institution_ids":["https://openalex.org/I888729015"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5075793938"],"corresponding_institution_ids":["https://openalex.org/I192545095","https://openalex.org/I4210137659"],"apc_list":null,"apc_paid":null,"fwci":0.8591,"has_fulltext":false,"cited_by_count":7,"citation_normalized_percentile":{"value":0.72132701,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"0745","last_page":"0751"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9976999759674072,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.926427960395813},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8730630874633789},{"id":"https://openalex.org/keywords/instruction-prefetch","display_name":"Instruction prefetch","score":0.7678054571151733},{"id":"https://openalex.org/keywords/executable","display_name":"Executable","score":0.7023025751113892},{"id":"https://openalex.org/keywords/cryptovirology","display_name":"Cryptovirology","score":0.6091643571853638},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.5504294037818909},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.4315717816352844},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.4215892553329468},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.3576091527938843},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3394347131252289},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.21597665548324585},{"id":"https://openalex.org/keywords/cache","display_name":"Cache","score":0.08148524165153503}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.926427960395813},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8730630874633789},{"id":"https://openalex.org/C133588205","wikidata":"https://www.wikidata.org/wiki/Q28455645","display_name":"Instruction prefetch","level":3,"score":0.7678054571151733},{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.7023025751113892},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.6091643571853638},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.5504294037818909},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.4315717816352844},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.4215892553329468},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.3576091527938843},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3394347131252289},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.21597665548324585},{"id":"https://openalex.org/C115537543","wikidata":"https://www.wikidata.org/wiki/Q165596","display_name":"Cache","level":2,"score":0.08148524165153503}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/ccwc54503.2022.9720874","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ccwc54503.2022.9720874","pdf_url":null,"source":{"id":"https://openalex.org/S4363608098","display_name":"2022 IEEE 12th Annual Computing and Communication Workshop and Conference (CCWC)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE 12th Annual Computing and Communication Workshop and Conference (CCWC)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.7300000190734863,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G4746655729","display_name":null,"funder_award_id":"OAC-2115134,OAC-1920462,OAC-2001789,CNS-2046705","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":43,"referenced_works":["https://openalex.org/W152854583","https://openalex.org/W1544697441","https://openalex.org/W1545528966","https://openalex.org/W1549130775","https://openalex.org/W1558357780","https://openalex.org/W1985328160","https://openalex.org/W2021183772","https://openalex.org/W2021963610","https://openalex.org/W2168154523","https://openalex.org/W2292109572","https://openalex.org/W2527619560","https://openalex.org/W2529285936","https://openalex.org/W2586677434","https://openalex.org/W2600031682","https://openalex.org/W2616933536","https://openalex.org/W2621204675","https://openalex.org/W2751661638","https://openalex.org/W2753594008","https://openalex.org/W2766465617","https://openalex.org/W2786476294","https://openalex.org/W2790484531","https://openalex.org/W2792211467","https://openalex.org/W2792991556","https://openalex.org/W2795435272","https://openalex.org/W2900633536","https://openalex.org/W2944079373","https://openalex.org/W2947447457","https://openalex.org/W2963563709","https://openalex.org/W2963650941","https://openalex.org/W2963961561","https://openalex.org/W2964636835","https://openalex.org/W2990954041","https://openalex.org/W2996791554","https://openalex.org/W3007070494","https://openalex.org/W3008603700","https://openalex.org/W3015481738","https://openalex.org/W3169281546","https://openalex.org/W3193668405","https://openalex.org/W4211194511","https://openalex.org/W6606151733","https://openalex.org/W6743618022","https://openalex.org/W6745676123","https://openalex.org/W6753153400"],"related_works":["https://openalex.org/W4200453963","https://openalex.org/W2183925834","https://openalex.org/W2007647094","https://openalex.org/W2995172056","https://openalex.org/W2610659201","https://openalex.org/W4234891089","https://openalex.org/W2056625284","https://openalex.org/W2067547021","https://openalex.org/W2805262980","https://openalex.org/W4213012150"],"abstract_inverted_index":{"Malware":[0],"detection":[1,23],"and":[2,24,31,34,65,83,96],"analysis":[3],"can":[4],"be":[5],"a":[6,93,118,146,164],"burdensome":[7],"task":[8],"for":[9,75],"incident":[10],"responders.":[11],"As":[12],"such,":[13],"research":[14],"has":[15,53,149],"turned":[16],"to":[17,20,41,55,68,87,105,133,152,157],"machine":[18],"learning":[19],"automate":[21],"malware":[22,25,39,57,61,73,89,100,144],"family":[26,104,148],"classification.":[27],"Existing":[28],"work":[29],"extracts":[30],"engineers":[32],"static":[33],"dynamic":[35],"features":[36,112],"from":[37,113],"the":[38,51,56,99,114,135,143,158,169],"sample":[40],"train":[42],"classifiers.":[43],"Despite":[44],"promising":[45],"results,":[46],"such":[47],"techniques":[48,153],"assume":[49],"that":[50,90,123,129,154],"analyst":[52],"access":[54,156],"executable":[58],"file.":[59],"Self-deleting":[60],"invalidates":[62],"this":[63,79],"assumption":[64],"requires":[66],"analysts":[67],"find":[69],"forensic":[70,121],"evidence":[71],"of":[72,168],"execution":[74],"further":[76,97],"analysis.":[77],"In":[78],"paper,":[80],"we":[81,110],"present":[82],"evaluate":[84],"an":[85],"approach":[86,171],"detecting":[88],"executed":[91],"on":[92],"Windows":[94,115],"target":[95],"classify":[98],"into":[101,145],"its":[102],"associated":[103],"provide":[106,163],"semantic":[107],"insight.":[108],"Specifically,":[109],"engineer":[111],"prefetch":[116],"file,":[117],"file":[119],"system":[120],"artifact":[122,137],"archives":[124],"process":[125],"information.":[126],"Results":[127],"show":[128],"it":[130],"is":[131],"possible":[132],"detect":[134],"malicious":[136],"with":[138],"99%":[139],"accuracy;":[140],"furthermore,":[141],"classifying":[142],"fine-grained":[147],"comparable":[150],"performance":[151],"require":[155],"original":[159],"executable.":[160],"We":[161],"also":[162],"thorough":[165],"security":[166],"discussion":[167],"proposed":[170],"against":[172],"adversarial":[173],"diversity.":[174]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}