{"id":"https://openalex.org/W2903510503","doi":"https://doi.org/10.1109/cybersa.2018.8551432","title":"Cluster analysis for deobfuscation of malware variants during ransomware attacks","display_name":"Cluster analysis for deobfuscation of malware variants during ransomware attacks","publication_year":2018,"publication_date":"2018-06-01","ids":{"openalex":"https://openalex.org/W2903510503","doi":"https://doi.org/10.1109/cybersa.2018.8551432","mag":"2903510503"},"language":"en","primary_location":{"id":"doi:10.1109/cybersa.2018.8551432","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cybersa.2018.8551432","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5035524983","display_name":"Anthony Arrott","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Anthony Arrott","raw_affiliation_strings":["CheckVir"],"affiliations":[{"raw_affiliation_string":"CheckVir","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5005097571","display_name":"Arun Lakhotia","orcid":"https://orcid.org/0000-0001-9943-7795"},"institutions":[{"id":"https://openalex.org/I95746587","display_name":"Cytel (United States)","ror":"https://ror.org/01ftkxq60","country_code":"US","type":"company","lineage":["https://openalex.org/I95746587"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Arun Lakhotia","raw_affiliation_strings":["Cythereal"],"affiliations":[{"raw_affiliation_string":"Cythereal","institution_ids":["https://openalex.org/I95746587"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5010616205","display_name":"Ferenc Leitold","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ferenc Leitold","raw_affiliation_strings":["Veszprog"],"affiliations":[{"raw_affiliation_string":"Veszprog","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5010291697","display_name":"Charles LeDoux","orcid":null},"institutions":[{"id":"https://openalex.org/I95746587","display_name":"Cytel (United States)","ror":"https://ror.org/01ftkxq60","country_code":"US","type":"company","lineage":["https://openalex.org/I95746587"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Charles LeDoux","raw_affiliation_strings":["Cythereal"],"affiliations":[{"raw_affiliation_string":"Cythereal","institution_ids":["https://openalex.org/I95746587"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5035524983"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.3319,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.58954786,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"9"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/ransomware","display_name":"Ransomware","score":0.9249193668365479},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.9121769070625305},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7370685338973999},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.7051217555999756},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6842133402824402},{"id":"https://openalex.org/keywords/evasion","display_name":"Evasion (ethics)","score":0.571074366569519},{"id":"https://openalex.org/keywords/mobile-malware","display_name":"Mobile malware","score":0.5497531890869141},{"id":"https://openalex.org/keywords/cryptovirology","display_name":"Cryptovirology","score":0.525642991065979},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.505933940410614}],"concepts":[{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.9249193668365479},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.9121769070625305},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7370685338973999},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.7051217555999756},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6842133402824402},{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.571074366569519},{"id":"https://openalex.org/C2780967490","wikidata":"https://www.wikidata.org/wiki/Q1291200","display_name":"Mobile malware","level":3,"score":0.5497531890869141},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.525642991065979},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.505933940410614},{"id":"https://openalex.org/C8891405","wikidata":"https://www.wikidata.org/wiki/Q1059","display_name":"Immune system","level":2,"score":0.0},{"id":"https://openalex.org/C203014093","wikidata":"https://www.wikidata.org/wiki/Q101929","display_name":"Immunology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/cybersa.2018.8551432","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cybersa.2018.8551432","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.8399999737739563,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":19,"referenced_works":["https://openalex.org/W4081608","https://openalex.org/W1492352846","https://openalex.org/W1583484179","https://openalex.org/W1973403081","https://openalex.org/W1979400615","https://openalex.org/W2008324060","https://openalex.org/W2010841095","https://openalex.org/W2039529994","https://openalex.org/W2060145807","https://openalex.org/W2068211976","https://openalex.org/W2167975832","https://openalex.org/W2765107023","https://openalex.org/W2765554554","https://openalex.org/W2804073276","https://openalex.org/W3123092919","https://openalex.org/W4248806346","https://openalex.org/W6629376184","https://openalex.org/W6635033438","https://openalex.org/W6751899208"],"related_works":["https://openalex.org/W2900526031","https://openalex.org/W3115123383","https://openalex.org/W3088492727","https://openalex.org/W3200232030","https://openalex.org/W4296272594","https://openalex.org/W2470029541","https://openalex.org/W2470502009","https://openalex.org/W2794652108","https://openalex.org/W2742366121","https://openalex.org/W4283212140"],"abstract_inverted_index":{"Risk":[0],"managers":[1],"attempting":[2],"to":[3,38,59,72,114],"reduce":[4],"cyber-security":[5],"vulnerability":[6],"in":[7,42],"enterprise":[8],"IT":[9],"networks":[10],"rely":[11],"on":[12],"the":[13],"\"malware":[14],"detection":[15,30,47],"rate\"":[16],"as":[17],"a":[18,115],"primary":[19],"measure":[20],"at":[21],"each":[22],"layer":[23],"of":[24,62,67],"protection":[25],"(e.g.,":[26,83,92,106],"network":[27],"firewalls,":[28],"breach":[29],"systems,":[31],"secure":[32],"mail-servers,":[33],"endpoint":[34],"security":[35],"suites).":[36],"However,":[37],"be":[39],"directly":[40],"usable":[41],"risk":[43],"assessments,":[44],"separate":[45],"malware":[46,53,68,90,93,104,124],"rates":[48],"are":[49,56],"required":[50],"for":[51],"different":[52],"categories":[54],"that":[55],"quantitatively":[57],"related":[58],"specific":[60,116],"impacts":[61],"infection.":[63],"A":[64],"three-tier":[65,110],"hierarchy":[66,111],"classification":[69],"is":[70,77,112],"formulated":[71],"assist":[73],"cyber-risk":[74],"decision-making.":[75],"Malware":[76],"first":[78],"categorized":[79],"by":[80,89,97],"victim":[81],"impact":[82],"adware,":[84],"data":[85],"exfiltration,":[86],"ransomware);":[87],"second":[88],"technique":[91],"families),":[94],"and":[95,99,123,132],"third":[96],"evasion":[98],"obfuscation":[100],"variants":[101,126],"within":[102,127],"individual":[103],"families":[105],"polymorphs,":[107],"metamorphs).":[108],"The":[109],"applied":[113],"vertical:":[117],"ransomware":[118,120],"(impact);":[119],"family":[121],"(technique);":[122],"binary":[125],"one":[128],"family,":[129],"WannaCry":[130],"(obfuscation":[131],"evasion).":[133]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":2}],"updated_date":"2026-03-25T13:04:00.132906","created_date":"2025-10-10T00:00:00"}