{"id":"https://openalex.org/W3197146747","doi":"https://doi.org/10.1109/csr51186.2021.9527902","title":"Clustering Analysis of Email Malware Campaigns","display_name":"Clustering Analysis of Email Malware Campaigns","publication_year":2021,"publication_date":"2021-07-26","ids":{"openalex":"https://openalex.org/W3197146747","doi":"https://doi.org/10.1109/csr51186.2021.9527902","mag":"3197146747"},"language":"en","primary_location":{"id":"doi:10.1109/csr51186.2021.9527902","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csr51186.2021.9527902","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101416985","display_name":"Ruichao Zhang","orcid":"https://orcid.org/0000-0002-1643-2399"},"institutions":[{"id":"https://openalex.org/I4210150356","display_name":"University of Washington Tacoma","ror":"https://ror.org/05n8t2628","country_code":"US","type":"education","lineage":["https://openalex.org/I201448701","https://openalex.org/I4210150356"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Ruichao Zhang","raw_affiliation_strings":["University of Washington,School of Engineering and Technology,Tacoma","School of Engineering and Technology, University of Washington, Tacoma"],"affiliations":[{"raw_affiliation_string":"University of Washington,School of Engineering and Technology,Tacoma","institution_ids":["https://openalex.org/I4210150356"]},{"raw_affiliation_string":"School of Engineering and Technology, University of Washington, Tacoma","institution_ids":["https://openalex.org/I4210150356"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100346384","display_name":"Shang Wang","orcid":"https://orcid.org/0000-0002-9284-6390"},"institutions":[{"id":"https://openalex.org/I4210150356","display_name":"University of Washington Tacoma","ror":"https://ror.org/05n8t2628","country_code":"US","type":"education","lineage":["https://openalex.org/I201448701","https://openalex.org/I4210150356"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Shang Wang","raw_affiliation_strings":["University of Washington,School of Engineering and Technology,Tacoma","School of Engineering and Technology, University of Washington, Tacoma"],"affiliations":[{"raw_affiliation_string":"University of Washington,School of Engineering and Technology,Tacoma","institution_ids":["https://openalex.org/I4210150356"]},{"raw_affiliation_string":"School of Engineering and Technology, University of Washington, Tacoma","institution_ids":["https://openalex.org/I4210150356"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075933002","display_name":"Ren\u00e9e Burton","orcid":"https://orcid.org/0000-0002-4802-7419"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Renee Burton","raw_affiliation_strings":["Infoblox"],"affiliations":[{"raw_affiliation_string":"Infoblox","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5017076828","display_name":"Minh Hoang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Minh Hoang","raw_affiliation_strings":["Infoblox"],"affiliations":[{"raw_affiliation_string":"Infoblox","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029673876","display_name":"Juhua Hu","orcid":"https://orcid.org/0000-0001-5869-3549"},"institutions":[{"id":"https://openalex.org/I4210150356","display_name":"University of Washington Tacoma","ror":"https://ror.org/05n8t2628","country_code":"US","type":"education","lineage":["https://openalex.org/I201448701","https://openalex.org/I4210150356"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Juhua Hu","raw_affiliation_strings":["University of Washington,School of Engineering and Technology,Tacoma","School of Engineering and Technology, University of Washington, Tacoma"],"affiliations":[{"raw_affiliation_string":"University of Washington,School of Engineering and Technology,Tacoma","institution_ids":["https://openalex.org/I4210150356"]},{"raw_affiliation_string":"School of Engineering and Technology, University of Washington, Tacoma","institution_ids":["https://openalex.org/I4210150356"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5070505291","display_name":"Anderson C. A. Nascimento","orcid":"https://orcid.org/0000-0002-8298-6250"},"institutions":[{"id":"https://openalex.org/I4210150356","display_name":"University of Washington Tacoma","ror":"https://ror.org/05n8t2628","country_code":"US","type":"education","lineage":["https://openalex.org/I201448701","https://openalex.org/I4210150356"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Anderson C A Nascimento","raw_affiliation_strings":["University of Washington,School of Engineering and Technology,Tacoma","School of Engineering and Technology, University of Washington, Tacoma"],"affiliations":[{"raw_affiliation_string":"University of Washington,School of Engineering and Technology,Tacoma","institution_ids":["https://openalex.org/I4210150356"]},{"raw_affiliation_string":"School of Engineering and Technology, University of Washington, Tacoma","institution_ids":["https://openalex.org/I4210150356"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5101416985"],"corresponding_institution_ids":["https://openalex.org/I4210150356"],"apc_list":null,"apc_paid":null,"fwci":0.1524,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.44252874,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":93},"biblio":{"volume":"11","issue":null,"first_page":"95","last_page":"102"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9969000220298767,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8120449781417847},{"id":"https://openalex.org/keywords/cluster-analysis","display_name":"Cluster analysis","score":0.7890089750289917},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7502784132957458},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.4693005681037903},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3640320897102356},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.30261707305908203},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.24094218015670776}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8120449781417847},{"id":"https://openalex.org/C73555534","wikidata":"https://www.wikidata.org/wiki/Q622825","display_name":"Cluster analysis","level":2,"score":0.7890089750289917},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7502784132957458},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.4693005681037903},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3640320897102356},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.30261707305908203},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.24094218015670776}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/csr51186.2021.9527902","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csr51186.2021.9527902","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":22,"referenced_works":["https://openalex.org/W151377110","https://openalex.org/W1673310716","https://openalex.org/W1981221397","https://openalex.org/W2033403400","https://openalex.org/W2048009404","https://openalex.org/W2121032650","https://openalex.org/W2122672392","https://openalex.org/W2162833336","https://openalex.org/W2168154523","https://openalex.org/W2514847810","https://openalex.org/W2518350929","https://openalex.org/W2625739732","https://openalex.org/W2912883037","https://openalex.org/W2980750320","https://openalex.org/W2997359200","https://openalex.org/W4244030505","https://openalex.org/W4288356425","https://openalex.org/W6606062967","https://openalex.org/W6637131181","https://openalex.org/W6678472248","https://openalex.org/W6684050148","https://openalex.org/W6771540365"],"related_works":["https://openalex.org/W2469507153","https://openalex.org/W2008790809","https://openalex.org/W2768892939","https://openalex.org/W3164408430","https://openalex.org/W4285507391","https://openalex.org/W2397240470","https://openalex.org/W2602767565","https://openalex.org/W170652726","https://openalex.org/W2883822334","https://openalex.org/W2134874482"],"abstract_inverted_index":{"The":[0],"task":[1],"of":[2,14,21,39,51,82],"malware":[3,24,41,87,104],"labeling":[4,42],"on":[5,25,61,110],"real":[6,63],"datasets":[7,11],"faces":[8],"huge":[9],"challenges\u2014ever-changing":[10],"and":[12,55,96,127],"lack":[13],"ground-truth":[15],"labels\u2014owing":[16],"to":[17,78],"the":[18,37,40,49,80,103],"rapid":[19],"growth":[20],"malware.":[22],"Clustering":[23],"their":[26],"respective":[27],"families":[28],"is":[29,77],"a":[30,58,62,70],"well":[31],"known":[32],"tool":[33],"used":[34],"for":[35,86],"improving":[36],"efficiency":[38],"process.":[43],"In":[44],"this":[45],"paper,":[46],"we":[47],"addressed":[48],"challenge":[50],"clustering":[52,88,108],"email":[53,67,111,133],"malware,":[54],"carried":[56],"out":[57],"cluster":[59],"analysis":[60],"dataset":[64],"collected":[65,101],"from":[66,102,118],"campaigns":[68],"over":[69],"13-month":[71],"period.":[72],"Our":[73],"main":[74],"original":[75],"contribution":[76],"analyze":[79],"usefulness":[81],"email\u2019s":[83],"header":[84,134],"information":[85,113,135],"(a":[89],"novel":[90],"approach":[91],"proposed":[92],"by":[93,122],"Burton":[94],"[1]),":[95],"compare":[97,107],"it":[98],"with":[99,114],"features":[100,116],"directly.":[105],"We":[106,130],"based":[109],"header\u2019s":[112],"traditional":[115],"extracted":[117],"varied":[119],"resources":[120],"provided":[121],"VirusTotal":[123],"[2],":[124],"including":[125],"static":[126],"dynamic":[128],"analysis.":[129],"show":[131],"that":[132],"has":[136],"an":[137],"excellent":[138],"performance.":[139]},"counts_by_year":[{"year":2021,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}