{"id":"https://openalex.org/W3085755012","doi":"https://doi.org/10.1109/coins49042.2020.9191381","title":"HAC-T and Fast Search for Similarity in Security","display_name":"HAC-T and Fast Search for Similarity in Security","publication_year":2020,"publication_date":"2020-08-01","ids":{"openalex":"https://openalex.org/W3085755012","doi":"https://doi.org/10.1109/coins49042.2020.9191381","mag":"3085755012"},"language":"en","primary_location":{"id":"doi:10.1109/coins49042.2020.9191381","is_oa":false,"landing_page_url":"https://doi.org/10.1109/coins49042.2020.9191381","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 International Conference on Omni-layer Intelligent Systems (COINS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5037234971","display_name":"Jonathan Oliver","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Jonathan Oliver","raw_affiliation_strings":["TrendMicro Research, Australia"],"affiliations":[{"raw_affiliation_string":"TrendMicro Research, Australia","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5010038170","display_name":"Muqeet Ali","orcid":null},"institutions":[{"id":"https://openalex.org/I1325404993","display_name":"Forest Trends","ror":"https://ror.org/025ardq11","country_code":"US","type":"nonprofit","lineage":["https://openalex.org/I1325404993"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Muqeet Ali","raw_affiliation_strings":["TrendMicro Research, USA"],"affiliations":[{"raw_affiliation_string":"TrendMicro Research, USA","institution_ids":["https://openalex.org/I1325404993"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5083607713","display_name":"Josiah Hagen","orcid":null},"institutions":[{"id":"https://openalex.org/I1325404993","display_name":"Forest Trends","ror":"https://ror.org/025ardq11","country_code":"US","type":"nonprofit","lineage":["https://openalex.org/I1325404993"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Josiah Hagen","raw_affiliation_strings":["TrendMicro Research, USA"],"affiliations":[{"raw_affiliation_string":"TrendMicro Research, USA","institution_ids":["https://openalex.org/I1325404993"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5037234971"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.9672,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.78219667,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"7"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7903319001197815},{"id":"https://openalex.org/keywords/cluster-analysis","display_name":"Cluster analysis","score":0.7345719933509827},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.6895300149917603},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.6777442097663879},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.6568156480789185},{"id":"https://openalex.org/keywords/hash-function","display_name":"Hash function","score":0.5908368229866028},{"id":"https://openalex.org/keywords/nearest-neighbor-search","display_name":"Nearest neighbor search","score":0.5474061965942383},{"id":"https://openalex.org/keywords/hierarchical-clustering","display_name":"Hierarchical clustering","score":0.5257354974746704},{"id":"https://openalex.org/keywords/similarity","display_name":"Similarity (geometry)","score":0.45634138584136963},{"id":"https://openalex.org/keywords/tree","display_name":"Tree (set theory)","score":0.4380779564380646},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.28060540556907654},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.23533743619918823},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.232191801071167},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.11517152190208435},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.10561472177505493}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7903319001197815},{"id":"https://openalex.org/C73555534","wikidata":"https://www.wikidata.org/wiki/Q622825","display_name":"Cluster analysis","level":2,"score":0.7345719933509827},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.6895300149917603},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.6777442097663879},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.6568156480789185},{"id":"https://openalex.org/C99138194","wikidata":"https://www.wikidata.org/wiki/Q183427","display_name":"Hash function","level":2,"score":0.5908368229866028},{"id":"https://openalex.org/C116738811","wikidata":"https://www.wikidata.org/wiki/Q608751","display_name":"Nearest neighbor search","level":2,"score":0.5474061965942383},{"id":"https://openalex.org/C92835128","wikidata":"https://www.wikidata.org/wiki/Q1277447","display_name":"Hierarchical clustering","level":3,"score":0.5257354974746704},{"id":"https://openalex.org/C103278499","wikidata":"https://www.wikidata.org/wiki/Q254465","display_name":"Similarity (geometry)","level":3,"score":0.45634138584136963},{"id":"https://openalex.org/C113174947","wikidata":"https://www.wikidata.org/wiki/Q2859736","display_name":"Tree (set theory)","level":2,"score":0.4380779564380646},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.28060540556907654},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.23533743619918823},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.232191801071167},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.11517152190208435},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.10561472177505493},{"id":"https://openalex.org/C115961682","wikidata":"https://www.wikidata.org/wiki/Q860623","display_name":"Image (mathematics)","level":2,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/coins49042.2020.9191381","is_oa":false,"landing_page_url":"https://doi.org/10.1109/coins49042.2020.9191381","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 International Conference on Omni-layer Intelligent Systems (COINS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":30,"referenced_works":["https://openalex.org/W74897528","https://openalex.org/W174476237","https://openalex.org/W1548500763","https://openalex.org/W1673310716","https://openalex.org/W1910686388","https://openalex.org/W1981221397","https://openalex.org/W2018175892","https://openalex.org/W2021963610","https://openalex.org/W2049644877","https://openalex.org/W2083620785","https://openalex.org/W2126626732","https://openalex.org/W2172607710","https://openalex.org/W2562617734","https://openalex.org/W2743988610","https://openalex.org/W2747969544","https://openalex.org/W2768705651","https://openalex.org/W2775300889","https://openalex.org/W2792211467","https://openalex.org/W2896068600","https://openalex.org/W2912883037","https://openalex.org/W2939926088","https://openalex.org/W2963469388","https://openalex.org/W2963989339","https://openalex.org/W2981273440","https://openalex.org/W3098166657","https://openalex.org/W6632780167","https://openalex.org/W6637131181","https://openalex.org/W6639864006","https://openalex.org/W6685286602","https://openalex.org/W6699972550"],"related_works":["https://openalex.org/W2097492617","https://openalex.org/W2753240997","https://openalex.org/W1764168690","https://openalex.org/W2537959205","https://openalex.org/W2740895074","https://openalex.org/W2772446090","https://openalex.org/W3152891574","https://openalex.org/W2249809453","https://openalex.org/W4284893819","https://openalex.org/W4387185219"],"abstract_inverted_index":{"Similarity":[0],"digests":[1,39,108,161,171],"have":[2],"gained":[3],"popularity":[4],"for":[5,100],"many":[6,189],"security":[7,53,56],"applications":[8],"like":[9,40],"blacklisting/whitelisting,":[10],"and":[11,29,42,45,55,63,86,103,191,204,250],"finding":[12],"similar":[13,27],"variants":[14],"of":[15,84,105,117,256],"malware.":[16,65],"TLSH":[17,106,139],"has":[18],"been":[19],"shown":[20],"to":[21,32,36,70,77,113,128,159,208,237],"be":[22],"particularly":[23],"good":[24,210],"at":[25],"hunting":[26,62],"malware,":[28],"is":[30,145,157,200,206],"resistant":[31],"evasion":[33],"as":[34],"compared":[35],"other":[37],"similarity":[38],"ssdeep":[41],"sdhash.":[43],"Searching":[44],"clustering":[46,104,167,193],"are":[47,73],"fundamental":[48],"tools":[49],"which":[50,68,98,109,133,156,252],"help":[51],"the":[52,81,90,233,254,257],"analysts":[54,112],"operations":[57],"center":[58],"(SOC)":[59],"operators":[60],"in":[61,89,147,162,172,232],"analyzing":[64],"Current":[66],"approaches":[67],"aim":[69],"cluster":[71,160,170,211,215],"malware":[72,85],"not":[74],"scalable":[75,164,203],"enough":[76],"keep":[78],"up":[79],"with":[80,188],"vast":[82],"amount":[83],"goodware":[87],"available":[88],"wild.":[91],"In":[92],"this":[93],"paper,":[94],"we":[95],"present":[96],"techniques":[97,127],"allow":[99],"fast":[101,123,135],"search":[102,126,136],"hash":[107,140],"can":[110,169],"aid":[111],"inspect":[114],"large":[115],"amounts":[116],"malware/goodware.":[118],"Our":[119,166],"approach":[120,187,199],"builds":[121],"on":[122,138,177,219],"nearest":[124],"neighbor":[125],"build":[129],"a":[130,163,228],"tree-based":[131,143],"index":[132,144],"performs":[134],"based":[137,150],"digests.":[141],"The":[142],"used":[146],"our":[148,186,198],"threshold":[149],"Hierarchical":[151],"Agglomerative":[152],"Clustering":[153],"(HAC-T)":[154],"algorithm":[155],"able":[158,207],"manner.":[165],"technique":[168],"O":[173],"(n":[174],"logn)":[175],"time":[176],"average.":[178],"We":[179,195,213,226],"performed":[180],"an":[181],"empirical":[182],"evaluation":[183],"by":[184],"comparing":[185],"standard":[190],"recent":[192],"techniques.":[194],"demonstrate":[196],"that":[197],"much":[201],"more":[202],"still":[205],"produce":[209],"quality.":[212],"measured":[214],"quality":[216],"using":[217,239],"purity":[218,230],"10":[220],"million":[221],"samples":[222],"obtained":[223,227],"from":[224,235,241],"VirusTotal.":[225],"high":[229],"score":[231],"range":[234],"0.97":[236],"0.98":[238],"labels":[240],"five":[242],"major":[243],"anti-virus":[244],"vendors":[245],"(Kaspersky,":[246],"Microsoft,":[247],"Symantec,":[248],"Sophos,":[249],"McAfee)":[251],"demonstrates":[253],"effectiveness":[255],"proposed":[258],"method.":[259]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":3},{"year":2020,"cited_by_count":1}],"updated_date":"2026-03-25T13:04:00.132906","created_date":"2025-10-10T00:00:00"}