{"id":"https://openalex.org/W2766435576","doi":"https://doi.org/10.1109/desec.2017.8073834","title":"Ziffersystem: A novel malware distribution detection system","display_name":"Ziffersystem: A novel malware distribution detection system","publication_year":2017,"publication_date":"2017-08-01","ids":{"openalex":"https://openalex.org/W2766435576","doi":"https://doi.org/10.1109/desec.2017.8073834","mag":"2766435576"},"language":"en","primary_location":{"id":"doi:10.1109/desec.2017.8073834","is_oa":false,"landing_page_url":"https://doi.org/10.1109/desec.2017.8073834","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 IEEE Conference on Dependable and Secure Computing","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5016789453","display_name":"Tzu-Hsien Chuang","orcid":"https://orcid.org/0000-0002-3960-9775"},"institutions":[{"id":"https://openalex.org/I3141939062","display_name":"Institute for Information Industry","ror":"https://ror.org/01d8kr740","country_code":"TW","type":"nonprofit","lineage":["https://openalex.org/I3141939062"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Tzu-Hsien Chuang","raw_affiliation_strings":["Cyber Trust Technology Institute, Institute for Information Industry, Taipei, Taiwan"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Cyber Trust Technology Institute, Institute for Information Industry, Taipei, Taiwan","institution_ids":["https://openalex.org/I3141939062"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5081526846","display_name":"Shin\u2010Ying Huang","orcid":"https://orcid.org/0000-0003-3825-3129"},"institutions":[{"id":"https://openalex.org/I3141939062","display_name":"Institute for Information Industry","ror":"https://ror.org/01d8kr740","country_code":"TW","type":"nonprofit","lineage":["https://openalex.org/I3141939062"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Shin-Ying Huang","raw_affiliation_strings":["Cyber Trust Technology Institute, Institute for Information Industry, Taipei, Taiwan"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Cyber Trust Technology Institute, Institute for Information Industry, Taipei, Taiwan","institution_ids":["https://openalex.org/I3141939062"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5020533893","display_name":"Ching-Hao Mao","orcid":null},"institutions":[{"id":"https://openalex.org/I3141939062","display_name":"Institute for Information Industry","ror":"https://ror.org/01d8kr740","country_code":"TW","type":"nonprofit","lineage":["https://openalex.org/I3141939062"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Ching-Hao Mao","raw_affiliation_strings":["Cyber Trust Technology Institute, Institute for Information Industry, Taipei, Taiwan"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Cyber Trust Technology Institute, Institute for Information Industry, Taipei, Taiwan","institution_ids":["https://openalex.org/I3141939062"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5112005721","display_name":"Albert B. Jeng","orcid":null},"institutions":[{"id":"https://openalex.org/I12509574","display_name":"Jinwen University of Science and Technology","ror":"https://ror.org/03dr26375","country_code":"TW","type":"education","lineage":["https://openalex.org/I12509574"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Albert B. Jeng","raw_affiliation_strings":["Department of Computer Science and Information Engineering, Jinwen University of Science and Technology, Taipei, Taiwan"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Information Engineering, Jinwen University of Science and Technology, Taipei, Taiwan","institution_ids":["https://openalex.org/I12509574"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5044294037","display_name":"Hahn-Ming Lee","orcid":null},"institutions":[{"id":"https://openalex.org/I154864474","display_name":"National Taiwan University of Science and Technology","ror":"https://ror.org/00q09pe49","country_code":"TW","type":"education","lineage":["https://openalex.org/I154864474"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Hahn-Ming Lee","raw_affiliation_strings":["Department of Computer Science and Information Engineering, National Taiwan University of Science and Technology, Taipei, Taiwan"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Information Engineering, National Taiwan University of Science and Technology, Taipei, Taiwan","institution_ids":["https://openalex.org/I154864474"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.5064,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.75948456,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"509","last_page":"515"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8665835857391357},{"id":"https://openalex.org/keywords/download","display_name":"Download","score":0.831894040107727},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7846945524215698},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4832059144973755},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.46729806065559387},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.33214473724365234},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.31829845905303955},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.16112005710601807}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8665835857391357},{"id":"https://openalex.org/C2780154274","wikidata":"https://www.wikidata.org/wiki/Q7126717","display_name":"Download","level":2,"score":0.831894040107727},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7846945524215698},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4832059144973755},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.46729806065559387},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.33214473724365234},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.31829845905303955},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.16112005710601807}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/desec.2017.8073834","is_oa":false,"landing_page_url":"https://doi.org/10.1109/desec.2017.8073834","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 IEEE Conference on Dependable and Secure Computing","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.7400000095367432}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":36,"referenced_works":["https://openalex.org/W40177048","https://openalex.org/W162156064","https://openalex.org/W1481850690","https://openalex.org/W1519699895","https://openalex.org/W1589521420","https://openalex.org/W1590936031","https://openalex.org/W1595868485","https://openalex.org/W1636136796","https://openalex.org/W1645393624","https://openalex.org/W1650881334","https://openalex.org/W1843351773","https://openalex.org/W1993370323","https://openalex.org/W2040424958","https://openalex.org/W2049092543","https://openalex.org/W2053764901","https://openalex.org/W2082180526","https://openalex.org/W2095450067","https://openalex.org/W2095610745","https://openalex.org/W2102475112","https://openalex.org/W2114356569","https://openalex.org/W2116201667","https://openalex.org/W2117202485","https://openalex.org/W2126169116","https://openalex.org/W2146729596","https://openalex.org/W2211880739","https://openalex.org/W2398757235","https://openalex.org/W2400462880","https://openalex.org/W2482374127","https://openalex.org/W6601628813","https://openalex.org/W6606609320","https://openalex.org/W6635150131","https://openalex.org/W6636713437","https://openalex.org/W6639111778","https://openalex.org/W6662660347","https://openalex.org/W6688431723","https://openalex.org/W6713065523"],"related_works":["https://openalex.org/W2183842793","https://openalex.org/W2485259751","https://openalex.org/W2097492617","https://openalex.org/W4287615848","https://openalex.org/W4291722174","https://openalex.org/W2753240997","https://openalex.org/W2226303319","https://openalex.org/W4225768143","https://openalex.org/W4389542061","https://openalex.org/W4366249425"],"abstract_inverted_index":{"Cyber-criminals":[0],"use":[1],"various":[2],"malware":[3],"technologies":[4],"to":[5,35,41,66,117,143],"bypass":[6],"antivirus":[7],"software.":[8],"For":[9],"example,":[10],"drive-by":[11,37,47],"downloads":[12],"happen":[13],"without":[14],"a":[15,20,29,58,69,87,95,100],"person's":[16],"knowledge":[17],"when":[18],"visiting":[19],"website,":[21],"viewing":[22],"an":[23,128],"email":[24],"message,":[25],"or":[26],"clicking":[27],"on":[28],"deceptive":[30],"pop-up":[31],"window.":[32],"One":[33],"way":[34],"understand":[36],"download":[38,48,161],"attacks":[39],"is":[40,125],"study":[42],"the":[43,51,91,123,140,144],"connections":[44,93],"between":[45],"different":[46],"behaviors":[49],"during":[50],"installation":[52],"phase.":[53],"However,":[54],"current":[55],"solutions":[56],"need":[57,110],"large":[59],"number":[60],"of":[61,103,146],"browsing":[62,73],"records":[63],"from":[64,79,148],"ISPs":[65],"build":[67],"up":[68],"model.":[70],"Insufficient":[71],"historical":[72],"data":[74,113],"may":[75],"prevent":[76],"this":[77,82],"approach":[78],"working.":[80],"In":[81],"study,":[83],"we":[84,154],"propose":[85],"Ziffersystem,":[86],"system":[88,124,142],"that":[89,163],"identifies":[90],"suspicious":[92],"in":[94],"targeted":[96],"enterprise.":[97],"We":[98,138],"develop":[99],"graph-based":[101],"model":[102,118],"malicious":[104,119,160],"orchestrated":[105],"behaviors.":[106],"Ziffersystem":[107],"does":[108],"not":[109],"large-scale":[111],"network":[112],"(e.g.,":[114],"IPS":[115],"traffic)":[116],"activity,":[120],"and":[121,134,150,153],"therefore":[122],"useful":[126],"for":[127,158],"enterprise":[129],"with":[130],"few":[131],"in-house":[132],"blacklists":[133,147],"highly":[135],"sensitive":[136],"data.":[137],"apply":[139],"proposed":[141],"analysis":[145],"public":[149],"private":[151],"sources,":[152],"show":[155],"its":[156],"effectiveness":[157],"visualizing":[159],"behavior":[162],"cannot":[164],"be":[165],"identified":[166],"through":[167],"piecewise":[168],"event":[169],"logs.":[170]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2019,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}