{"id":"https://openalex.org/W2766186205","doi":"https://doi.org/10.1109/desec.2017.8073803","title":"The dose makes the poison \u2014 Leveraging uncertainty for effective malware detection","display_name":"The dose makes the poison \u2014 Leveraging uncertainty for effective malware detection","publication_year":2017,"publication_date":"2017-08-01","ids":{"openalex":"https://openalex.org/W2766186205","doi":"https://doi.org/10.1109/desec.2017.8073803","mag":"2766186205"},"language":"en","primary_location":{"id":"doi:10.1109/desec.2017.8073803","is_oa":false,"landing_page_url":"https://doi.org/10.1109/desec.2017.8073803","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 IEEE Conference on Dependable and Secure Computing","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://escholarship.org/content/qt91j6p0j3/qt91j6p0j3.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5086586147","display_name":"Ruimin Sun","orcid":"https://orcid.org/0000-0003-2940-5549"},"institutions":[{"id":"https://openalex.org/I33213144","display_name":"University of Florida","ror":"https://ror.org/02y3ad647","country_code":"US","type":"education","lineage":["https://openalex.org/I33213144"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Ruimin Sun","raw_affiliation_strings":["University of Florida, USA"],"affiliations":[{"raw_affiliation_string":"University of Florida, USA","institution_ids":["https://openalex.org/I33213144"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5010643450","display_name":"Xiaoyong Yuan","orcid":"https://orcid.org/0000-0003-0782-4187"},"institutions":[{"id":"https://openalex.org/I33213144","display_name":"University of Florida","ror":"https://ror.org/02y3ad647","country_code":"US","type":"education","lineage":["https://openalex.org/I33213144"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xiaoyong Yuan","raw_affiliation_strings":["University of Florida, USA"],"affiliations":[{"raw_affiliation_string":"University of Florida, USA","institution_ids":["https://openalex.org/I33213144"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100450498","display_name":"Andrew Lee","orcid":"https://orcid.org/0000-0002-5943-5821"},"institutions":[{"id":"https://openalex.org/I170897317","display_name":"Duke University","ror":"https://ror.org/00py81415","country_code":"US","type":"education","lineage":["https://openalex.org/I170897317"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Andrew Lee","raw_affiliation_strings":["Duke University, USA"],"affiliations":[{"raw_affiliation_string":"Duke University, USA","institution_ids":["https://openalex.org/I170897317"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5053448222","display_name":"Matt Bishop","orcid":null},"institutions":[{"id":"https://openalex.org/I84218800","display_name":"University of California, Davis","ror":"https://ror.org/05rrcem69","country_code":"US","type":"education","lineage":["https://openalex.org/I84218800"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Matt Bishop","raw_affiliation_strings":["University of California at Davis, USA"],"affiliations":[{"raw_affiliation_string":"University of California at Davis, USA","institution_ids":["https://openalex.org/I84218800"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075511151","display_name":"Donald E. Porter","orcid":"https://orcid.org/0000-0002-9804-0857"},"institutions":[{"id":"https://openalex.org/I114027177","display_name":"University of North Carolina at Chapel Hill","ror":"https://ror.org/0130frc33","country_code":"US","type":"education","lineage":["https://openalex.org/I114027177"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Donald E. Porter","raw_affiliation_strings":["University of North Carolina at Chapel Hill, USA"],"affiliations":[{"raw_affiliation_string":"University of North Carolina at Chapel Hill, USA","institution_ids":["https://openalex.org/I114027177"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100353846","display_name":"Xiaolin Li","orcid":"https://orcid.org/0000-0002-3368-159X"},"institutions":[{"id":"https://openalex.org/I33213144","display_name":"University of Florida","ror":"https://ror.org/02y3ad647","country_code":"US","type":"education","lineage":["https://openalex.org/I33213144"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xiaolin Li","raw_affiliation_strings":["University of Florida, USA"],"affiliations":[{"raw_affiliation_string":"University of Florida, USA","institution_ids":["https://openalex.org/I33213144"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059851424","display_name":"Andr\u00e9 Gr\u00e9gio","orcid":"https://orcid.org/0000-0003-1766-5757"},"institutions":[{"id":"https://openalex.org/I52418104","display_name":"Universidade Federal do Paran\u00e1","ror":"https://ror.org/05syd6y78","country_code":"BR","type":"education","lineage":["https://openalex.org/I52418104"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Andre Gregio","raw_affiliation_strings":["Federal University of Parana, Brazil"],"affiliations":[{"raw_affiliation_string":"Federal University of Parana, Brazil","institution_ids":["https://openalex.org/I52418104"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5082282267","display_name":"Daniela S Oliveira","orcid":"https://orcid.org/0000-0003-3488-0053"},"institutions":[{"id":"https://openalex.org/I33213144","display_name":"University of Florida","ror":"https://ror.org/02y3ad647","country_code":"US","type":"education","lineage":["https://openalex.org/I33213144"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Daniela Oliveira","raw_affiliation_strings":["University of Florida, USA"],"affiliations":[{"raw_affiliation_string":"University of Florida, USA","institution_ids":["https://openalex.org/I33213144"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5086586147"],"corresponding_institution_ids":["https://openalex.org/I33213144"],"apc_list":null,"apc_paid":null,"fwci":0.7457,"has_fulltext":true,"cited_by_count":9,"citation_normalized_percentile":{"value":0.72209738,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"123","last_page":"130"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9970999956130981,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9969000220298767,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.9293912649154663},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7762464880943298},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.7097214460372925},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5378751754760742},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5363292694091797},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.46399208903312683},{"id":"https://openalex.org/keywords/detector","display_name":"Detector","score":0.44832438230514526},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.35097795724868774},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.3276069760322571},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.32433950901031494},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.298660546541214}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.9293912649154663},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7762464880943298},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.7097214460372925},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5378751754760742},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5363292694091797},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.46399208903312683},{"id":"https://openalex.org/C94915269","wikidata":"https://www.wikidata.org/wiki/Q1834857","display_name":"Detector","level":2,"score":0.44832438230514526},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.35097795724868774},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.3276069760322571},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.32433950901031494},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.298660546541214},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/desec.2017.8073803","is_oa":false,"landing_page_url":"https://doi.org/10.1109/desec.2017.8073803","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 IEEE Conference on Dependable and Secure Computing","raw_type":"proceedings-article"},{"id":"pmh:oai:escholarship.org/ark:/13030/qt91j6p0j3","is_oa":true,"landing_page_url":"https://escholarship.org/uc/item/91j6p0j3","pdf_url":"https://escholarship.org/content/qt91j6p0j3/qt91j6p0j3.pdf","source":{"id":"https://openalex.org/S4306400115","display_name":"eScholarship (California Digital Library)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I2801248553","host_organization_name":"California Digital Library","host_organization_lineage":["https://openalex.org/I2801248553"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"monograph"},{"id":"pmh:qt91j6p0j3","is_oa":false,"landing_page_url":"http://www.escholarship.org/uc/item/91j6p0j3","pdf_url":null,"source":{"id":"https://openalex.org/S4306400115","display_name":"eScholarship (California Digital Library)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I2801248553","host_organization_name":"California Digital Library","host_organization_lineage":["https://openalex.org/I2801248553"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Sun, Ruimin; Yuan, Xiaoyong; Lee, Andrew; Bishop, Matt; Porter, Donald E.; Li, Xiaolin; \u00c2\u00a0et al.(2017). The Dose Makes the Poison --\u00c2\u00a0Leveraging Uncertainty for Effective Malware Detection. UC Davis: Retrieved from: http://www.escholarship.org/uc/item/91j6p0j3","raw_type":"monograph"}],"best_oa_location":{"id":"pmh:oai:escholarship.org/ark:/13030/qt91j6p0j3","is_oa":true,"landing_page_url":"https://escholarship.org/uc/item/91j6p0j3","pdf_url":"https://escholarship.org/content/qt91j6p0j3/qt91j6p0j3.pdf","source":{"id":"https://openalex.org/S4306400115","display_name":"eScholarship (California Digital Library)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I2801248553","host_organization_name":"California Digital Library","host_organization_lineage":["https://openalex.org/I2801248553"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"monograph"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2766186205.pdf","grobid_xml":"https://content.openalex.org/works/W2766186205.grobid-xml"},"referenced_works_count":20,"referenced_works":["https://openalex.org/W1517527854","https://openalex.org/W1974898167","https://openalex.org/W1980199047","https://openalex.org/W2021264330","https://openalex.org/W2064462335","https://openalex.org/W2081105932","https://openalex.org/W2096318715","https://openalex.org/W2111817346","https://openalex.org/W2125743503","https://openalex.org/W2126345423","https://openalex.org/W2131523719","https://openalex.org/W2140807364","https://openalex.org/W2151135920","https://openalex.org/W2168519318","https://openalex.org/W2229410421","https://openalex.org/W2337699331","https://openalex.org/W2560671213","https://openalex.org/W2734412659","https://openalex.org/W3136767761","https://openalex.org/W6643764816"],"related_works":["https://openalex.org/W2097492617","https://openalex.org/W2753240997","https://openalex.org/W1764168690","https://openalex.org/W2537959205","https://openalex.org/W2740895074","https://openalex.org/W2772446090","https://openalex.org/W4284893819","https://openalex.org/W3152891574","https://openalex.org/W4316881845","https://openalex.org/W2975527072"],"abstract_inverted_index":{"Malware":[0],"has":[1],"become":[2],"sophisticated":[3],"and":[4,139,179,193],"organizations":[5],"don't":[6],"have":[7,19],"a":[8,111],"Plan":[9],"B":[10],"when":[11],"standard":[12,127],"lines":[13],"of":[14,37,93,99,199,209,219],"defense":[15],"fail.":[16],"These":[17],"failures":[18],"devastating":[20],"consequences":[21],"for":[22,33,123,129,142,183],"organizations,":[23],"such":[24],"as":[25,132],"sensitive":[26],"information":[27],"being":[28],"exfiltrated.":[29],"A":[30],"promising":[31],"avenue":[32],"improving":[34],"the":[35,210],"effectiveness":[36],"behavioral-based":[38],"malware":[39,101,181,200],"detectors":[40,53,137],"is":[41,65,81,85,95],"to":[42,66,96,158,201,214],"combine":[43],"fast":[44],"(usually":[45],"not":[46],"highly":[47],"accurate)":[48],"traditional":[49,73,135],"machine":[50],"learning":[51,59],"(ML)":[52],"with":[54,173,216],"high-accuracy,":[55],"but":[56],"time-consuming,":[57],"deep":[58,103],"(DL)":[60],"models.":[61,90],"The":[62,91,152],"main":[63],"idea":[64],"place":[67],"software":[68,84,130,143,159,213,229],"receiving":[69],"borderline":[70,146],"classifications":[71,147],"by":[72,87,134,149,235],"ML":[74,136,150],"methods":[75],"in":[76],"an":[77],"environment":[78,154],"where":[79],"uncertainty":[80,94,236],"added,":[82],"while":[83,206],"analyzed":[86,148,211],"time-consuming":[88],"DL":[89],"goal":[92],"rate-limit":[97],"actions":[98],"potential":[100],"during":[102],"analysis.":[104],"In":[105],"this":[106,116],"paper,":[107],"we":[108],"describe":[109],"Chameleon,":[110],"Linux-based":[112],"framework":[113],"that":[114,144,188,227],"implements":[115],"uncertain":[117,140,153],"environment.":[118],"Chameleon":[119,172],"offers":[120],"two":[121],"environments":[122],"its":[124],"OS":[125],"processes:":[126],"-":[128,138,141],"identified":[131],"benign":[133,212],"received":[145],"methods.":[151],"will":[155],"bring":[156],"obstacles":[157],"execution":[160],"through":[161],"random":[162],"perturbations":[163],"applied":[164],"probabilistically":[165],"on":[166],"selected":[167],"system":[168],"calls.":[169],"We":[170,224],"evaluated":[171],"113":[174],"applications":[175],"from":[176],"common":[177],"benchmarks":[178],"100":[180],"samples":[182],"Linux.":[184],"Our":[185],"results":[186],"show":[187],"at":[189],"threshold":[190],"10%,":[191],"intrusive":[192],"non-intrusive":[194],"strategies":[195],"caused":[196],"approximately":[197,207],"65%":[198],"fail":[202],"accomplishing":[203],"their":[204],"tasks,":[205],"30%":[208],"meet":[215],"various":[217],"levels":[218],"disruption":[220],"(crashed":[221],"or":[222],"hampered).":[223],"also":[225],"found":[226],"I/O-bound":[228],"was":[230],"three":[231],"times":[232],"more":[233],"affected":[234],"than":[237],"CPU-bound":[238],"software.":[239]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":2}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}