{"id":"https://openalex.org/W4402813509","doi":"https://doi.org/10.1109/csr61664.2024.10679474","title":"A Hybrid Anomaly Detection Approach for Obfuscated Malware","display_name":"A Hybrid Anomaly Detection Approach for Obfuscated Malware","publication_year":2024,"publication_date":"2024-09-02","ids":{"openalex":"https://openalex.org/W4402813509","doi":"https://doi.org/10.1109/csr61664.2024.10679474"},"language":"en","primary_location":{"id":"doi:10.1109/csr61664.2024.10679474","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csr61664.2024.10679474","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 IEEE International Conference on Cyber Security and Resilience (CSR)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5061123061","display_name":"Gerard Shu Fuhnwi","orcid":null},"institutions":[{"id":"https://openalex.org/I23732399","display_name":"Montana State University","ror":"https://ror.org/02w0trx84","country_code":"US","type":"education","lineage":["https://openalex.org/I23732399","https://openalex.org/I4210126032"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Gerard Shu Fuhnwi","raw_affiliation_strings":["Gianforte School of Computing, Montana State University,Bozeman,MT,USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Gianforte School of Computing, Montana State University,Bozeman,MT,USA","institution_ids":["https://openalex.org/I23732399"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5025567194","display_name":"Matt Revelle","orcid":"https://orcid.org/0000-0002-2952-9835"},"institutions":[{"id":"https://openalex.org/I23732399","display_name":"Montana State University","ror":"https://ror.org/02w0trx84","country_code":"US","type":"education","lineage":["https://openalex.org/I23732399","https://openalex.org/I4210126032"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Matthew Revelle","raw_affiliation_strings":["Gianforte School of Computing, Montana State University,Bozeman,MT,USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Gianforte School of Computing, Montana State University,Bozeman,MT,USA","institution_ids":["https://openalex.org/I23732399"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5041998052","display_name":"Clemente Izurieta","orcid":"https://orcid.org/0000-0002-1002-3906"},"institutions":[{"id":"https://openalex.org/I142606810","display_name":"Pacific Northwest National Laboratory","ror":"https://ror.org/05h992307","country_code":"US","type":"facility","lineage":["https://openalex.org/I1325736334","https://openalex.org/I1330989302","https://openalex.org/I142606810","https://openalex.org/I39565521"]},{"id":"https://openalex.org/I23732399","display_name":"Montana State University","ror":"https://ror.org/02w0trx84","country_code":"US","type":"education","lineage":["https://openalex.org/I23732399","https://openalex.org/I4210126032"]},{"id":"https://openalex.org/I2800102766","display_name":"Idaho National Laboratory","ror":"https://ror.org/00ty2a548","country_code":"US","type":"facility","lineage":["https://openalex.org/I1325736334","https://openalex.org/I1330989302","https://openalex.org/I2800102766","https://openalex.org/I2801818860"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Clemente Izurieta","raw_affiliation_strings":["Gianforte School of Computing, Montana State University,Pacific Northwest National Laboratory, Idaho National Laboratory,Bozeman,MT,USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Gianforte School of Computing, Montana State University,Pacific Northwest National Laboratory, Idaho National Laboratory,Bozeman,MT,USA","institution_ids":["https://openalex.org/I23732399","https://openalex.org/I142606810","https://openalex.org/I2800102766"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.9172,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.74004982,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"159","last_page":"165"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9976999759674072,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8614426851272583},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.7574167847633362},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7109182476997375},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4771256446838379},{"id":"https://openalex.org/keywords/anomaly","display_name":"Anomaly (physics)","score":0.42137882113456726},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.28215736150741577}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8614426851272583},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.7574167847633362},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7109182476997375},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4771256446838379},{"id":"https://openalex.org/C12997251","wikidata":"https://www.wikidata.org/wiki/Q567560","display_name":"Anomaly (physics)","level":2,"score":0.42137882113456726},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.28215736150741577},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C26873012","wikidata":"https://www.wikidata.org/wiki/Q214781","display_name":"Condensed matter physics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/csr61664.2024.10679474","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csr61664.2024.10679474","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 IEEE International Conference on Cyber Security and Resilience (CSR)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":23,"referenced_works":["https://openalex.org/W200681053","https://openalex.org/W1742385376","https://openalex.org/W1941427975","https://openalex.org/W2062749952","https://openalex.org/W2106649514","https://openalex.org/W2116065364","https://openalex.org/W2126985156","https://openalex.org/W2512144135","https://openalex.org/W2612449038","https://openalex.org/W2748761731","https://openalex.org/W2921770285","https://openalex.org/W2968309075","https://openalex.org/W2968872200","https://openalex.org/W2974072230","https://openalex.org/W2997546679","https://openalex.org/W3002277530","https://openalex.org/W3027431742","https://openalex.org/W3118382796","https://openalex.org/W3190752170","https://openalex.org/W4232225775","https://openalex.org/W4247261270","https://openalex.org/W4293192140","https://openalex.org/W4391885750"],"related_works":["https://openalex.org/W2806741695","https://openalex.org/W4290647774","https://openalex.org/W3189286258","https://openalex.org/W3207797160","https://openalex.org/W3210364259","https://openalex.org/W4300558037","https://openalex.org/W2912112202","https://openalex.org/W2667207928","https://openalex.org/W4377864969","https://openalex.org/W2972971679"],"abstract_inverted_index":{"With":[0],"the":[1,106],"rapid":[2],"evolution":[3],"of":[4,41,57,62,157],"malicious":[5],"software,":[6],"cyber":[7],"threats":[8],"have":[9,50],"become":[10],"increasingly":[11],"sophisticated,":[12],"em-ploying":[13],"advanced":[14,65],"obfuscation":[15],"techniques":[16,49,76],"to":[17,31,71,80,97,111],"evade":[18],"traditional":[19,94],"detection":[20,28,48,79,102],"methods.":[21],"This":[22,84],"study":[23],"presents":[24],"a":[25,38,69,87,127],"hybrid":[26,88],"anomaly":[27],"approach":[29,121],"applied":[30],"obfuscated":[32,124],"malware.":[33],"Even":[34],"though":[35],"there":[36],"is":[37,68,134,140],"large":[39,55],"body":[40],"research":[42],"in":[43],"this":[44,113],"field,":[45],"existing":[46],"malware":[47,101,107,125],"drawbacks,":[51],"such":[52],"as":[53],"requiring":[54],"amounts":[56],"data,":[58],"trustworthiness":[59],"(imprecise":[60],"results)":[61],"algorithms,":[63],"and":[64,74,152,161],"obfuscation.":[66],"There":[67],"need":[70],"employ":[72],"solid":[73],"efficient":[75,100],"for":[77,131],"mal-ware":[78],"overcome":[81],"these":[82],"challenges.":[83],"paper":[85],"proposes":[86],"approach,":[89],"combining":[90],"an":[91,99,144],"autoencoder":[92,129],"with":[93,136,143],"machine-learning":[95],"methods":[96],"create":[98],"framework.":[103,114],"We":[104],"used":[105,130],"memory":[108],"dataset":[109],"(MalMemAnalysis-2022)":[110],"evaluate":[112],"The":[115],"experimental":[116],"results":[117],"show":[118],"our":[119],"proposed":[120],"can":[122],"detect":[123],"when":[126],"deep":[128],"feature":[132],"learning":[133],"combined":[135],"logistic":[137],"regression.":[138],"It":[139],"extremely":[141],"fast":[142],"Accuracy,":[145],"Detection":[146],"Rate":[147],"(DR),":[148],"Matthew":[149],"Correlation":[150],"Coefficient(MCC),":[151],"Statistical":[153],"Parity":[154],"Difference":[155],"(SPD)":[156],"99.97%,":[158],"99.98%,":[159],"99.93%,":[160],"0.03%,":[162],"respectively.":[163]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}