{"id":"https://openalex.org/W4400489947","doi":"https://doi.org/10.1109/cscwd61410.2024.10580029","title":"Automated Anti-malware Detection Rules Converter Based on SIMIOC","display_name":"Automated Anti-malware Detection Rules Converter Based on SIMIOC","publication_year":2024,"publication_date":"2024-05-08","ids":{"openalex":"https://openalex.org/W4400489947","doi":"https://doi.org/10.1109/cscwd61410.2024.10580029"},"language":"en","primary_location":{"id":"doi:10.1109/cscwd61410.2024.10580029","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1109/cscwd61410.2024.10580029","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 27th International Conference on Computer Supported Cooperative Work in Design (CSCWD)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100411139","display_name":"Ling Chen","orcid":"https://orcid.org/0000-0003-1934-5992"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Chen Ling","raw_affiliation_strings":["Chinese Academy of Sciences,Institute of Information Engineering,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences,Institute of Information Engineering,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100395562","display_name":"Bin Liu","orcid":"https://orcid.org/0000-0003-1529-1552"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Bin Liu","raw_affiliation_strings":["Chinese Academy of Sciences,Institute of Information Engineering,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences,Institute of Information Engineering,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103087651","display_name":"Wei Xia","orcid":"https://orcid.org/0000-0001-5021-1322"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wei Xia","raw_affiliation_strings":["Chinese Academy of Sciences,Institute of Information Engineering,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences,Institute of Information Engineering,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100599102","display_name":"Shuangze He","orcid":null},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shuangze He","raw_affiliation_strings":["Chinese Academy of Sciences,Institute of Information Engineering,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences,Institute of Information Engineering,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5020151253","display_name":"Zhengwei Jiang","orcid":null},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhengwei Jiang","raw_affiliation_strings":["Chinese Academy of Sciences,Institute of Information Engineering,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences,Institute of Information Engineering,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100647376","display_name":"Qiuyun Wang","orcid":"https://orcid.org/0000-0001-6101-9715"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qiuyun Wang","raw_affiliation_strings":["Chinese Academy of Sciences,Institute of Information Engineering,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences,Institute of Information Engineering,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5100411139"],"corresponding_institution_ids":["https://openalex.org/I19820366","https://openalex.org/I4210156404"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.11050434,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1770","last_page":"1775"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9749000072479248,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9749000072479248,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9549000263214111,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7841894626617432},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6949902772903442},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3608444333076477},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3513358235359192},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.20825126767158508}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7841894626617432},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6949902772903442},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3608444333076477},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3513358235359192},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.20825126767158508}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/cscwd61410.2024.10580029","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1109/cscwd61410.2024.10580029","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 27th International Conference on Computer Supported Cooperative Work in Design (CSCWD)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320335892","display_name":"Youth Innovation Promotion Association","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W2563150099","https://openalex.org/W2810758612","https://openalex.org/W2911005136","https://openalex.org/W2969031636","https://openalex.org/W2990671699","https://openalex.org/W3004403289","https://openalex.org/W3015650867","https://openalex.org/W3126661916","https://openalex.org/W3209226123","https://openalex.org/W4283219743","https://openalex.org/W4381744517","https://openalex.org/W4387298166","https://openalex.org/W4388867297"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2097492617","https://openalex.org/W2753240997","https://openalex.org/W1764168690","https://openalex.org/W2537959205","https://openalex.org/W2740895074","https://openalex.org/W2772446090","https://openalex.org/W4284893819","https://openalex.org/W2249809453"],"abstract_inverted_index":{"In":[0,62,100],"recent":[1],"years,":[2],"using":[3,77],"IOC":[4,23],"to":[5,48,69,108,147],"detect":[6,148],"malware-based":[7],"network":[8],"attacks":[9],"has":[10],"become":[11],"an":[12,83],"effective":[13],"and":[14,27,95,127,143,173,201,203,209],"accurate":[15],"method,":[16],"but":[17],"the":[18,31,71,101,105,114,140,153,159,163,188,207],"scheme":[19],"of":[20,34,38,73,93,162,177,211],"manually":[21],"writing":[22],"rules":[24,52,56,58,76,112,134,146,165,189],"is":[25,171],"inefficient":[26],"can":[28,136],"not":[29],"meet":[30],"detection":[32,55,75,79,133,160,164],"needs":[33],"a":[35,67,97],"large":[36],"number":[37],"rapidly":[39],"iterated":[40],"malware.":[41,150],"Therefore,":[42],"more":[43],"efficient":[44],"methods":[45],"are":[46,206],"needed":[47],"automatically":[49,109,166],"convert":[50,110],"open-source":[51,78,119],"into":[53,131],"anti-malware":[54,74],"(IOC":[57],"for":[59,90,113],"detecting":[60],"malware).":[61],"this":[63],"paper,":[64],"we":[65,103,156,185],"propose":[66],"method":[68],"automate":[70],"conversion":[72],"rules.":[80,183,213],"We":[81],"designed":[82],"intermediate":[84],"structure":[85],"called":[86],"SIMIOC":[87],"(Structure":[88],"Intermediate-representation":[89],"Malware":[91],"Information":[92],"Compromise)":[94],"implemented":[96],"SIMIOC-based":[98,106,169,192],"converter.":[99],"experiment,":[102],"used":[104,138],"converter":[107,170],"1218":[111],"Windows":[115],"platform":[116],"from":[117],"three":[118],"rule":[120],"repositories:":[121],"Sigma,":[122],"Elastic":[123],"Security":[124,129],"Detection":[125],"Rules,":[126],"Splunk":[128],"Content":[130],"signature":[132,181],"that":[135,158,187],"be":[137],"in":[139],"Cuckoo":[141],"sandbox,":[142],"deployed":[144],"these":[145],"21044":[149],"By":[151],"analyzing":[152],"experimental":[154],"results,":[155],"found":[157],"rate":[161],"converted":[167],"by":[168,191],"50.3%,":[172],"it":[174],"reaches":[175],"73%":[176],"640":[178],"cuckoo":[179],"Sandbox":[180],"manual":[182,212],"Furthermore,":[184],"demonstrated":[186],"generated":[190],"converters":[193],"have":[194],"their":[195],"emphasis":[196],"on":[197],"TTPs":[198],"(Tactics,":[199],"Techniques,":[200],"Procedures)":[202],"families,":[204],"which":[205],"optimization":[208],"complement":[210]},"counts_by_year":[],"updated_date":"2025-12-26T23:08:49.675405","created_date":"2025-10-10T00:00:00"}