{"id":"https://openalex.org/W2808649067","doi":"https://doi.org/10.1109/ecrime.2018.8376209","title":"MalClassifier: Malware family classification using network flow sequence behaviour","display_name":"MalClassifier: Malware family classification using network flow sequence behaviour","publication_year":2018,"publication_date":"2018-05-01","ids":{"openalex":"https://openalex.org/W2808649067","doi":"https://doi.org/10.1109/ecrime.2018.8376209","mag":"2808649067"},"language":"en","primary_location":{"id":"doi:10.1109/ecrime.2018.8376209","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ecrime.2018.8376209","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2018 APWG Symposium on Electronic Crime Research (eCrime)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5060392072","display_name":"Bushra Alahmadi","orcid":"https://orcid.org/0000-0003-1917-4871"},"institutions":[{"id":"https://openalex.org/I40120149","display_name":"University of Oxford","ror":"https://ror.org/052gg0110","country_code":"GB","type":"education","lineage":["https://openalex.org/I40120149"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Bushra A. AlAhmadi","raw_affiliation_strings":["Department of Computer Science, University of Oxford, Oxford, United Kingdom"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Oxford, Oxford, United Kingdom","institution_ids":["https://openalex.org/I40120149"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5033928805","display_name":"Ivan Martinovi\u0107","orcid":"https://orcid.org/0000-0003-2340-3040"},"institutions":[{"id":"https://openalex.org/I40120149","display_name":"University of Oxford","ror":"https://ror.org/052gg0110","country_code":"GB","type":"education","lineage":["https://openalex.org/I40120149"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Ivan Martinovic","raw_affiliation_strings":["Department of Computer Science, University of Oxford, Oxford, United Kingdom"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Oxford, Oxford, United Kingdom","institution_ids":["https://openalex.org/I40120149"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5060392072"],"corresponding_institution_ids":["https://openalex.org/I40120149"],"apc_list":null,"apc_paid":null,"fwci":4.4589,"has_fulltext":false,"cited_by_count":39,"citation_normalized_percentile":{"value":0.95484983,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"13"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9901000261306763,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.9323223829269409},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.8371971845626831},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7637722492218018},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5691336989402771},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.5547136068344116},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.5509862899780273},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.5167649984359741},{"id":"https://openalex.org/keywords/flow-network","display_name":"Flow network","score":0.4871489703655243},{"id":"https://openalex.org/keywords/ransomware","display_name":"Ransomware","score":0.4852995276451111},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.47836464643478394},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.45192572474479675},{"id":"https://openalex.org/keywords/similarity-measure","display_name":"Similarity measure","score":0.4307458996772766},{"id":"https://openalex.org/keywords/cryptovirology","display_name":"Cryptovirology","score":0.4167078733444214},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.20771682262420654},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.20748665928840637},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.10147014260292053}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.9323223829269409},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.8371971845626831},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7637722492218018},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5691336989402771},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.5547136068344116},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.5509862899780273},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.5167649984359741},{"id":"https://openalex.org/C114809511","wikidata":"https://www.wikidata.org/wiki/Q1412924","display_name":"Flow network","level":2,"score":0.4871489703655243},{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.4852995276451111},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.47836464643478394},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.45192572474479675},{"id":"https://openalex.org/C2776517306","wikidata":"https://www.wikidata.org/wiki/Q29017317","display_name":"Similarity measure","level":2,"score":0.4307458996772766},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.4167078733444214},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.20771682262420654},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.20748665928840637},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.10147014260292053},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.0},{"id":"https://openalex.org/C126255220","wikidata":"https://www.wikidata.org/wiki/Q141495","display_name":"Mathematical optimization","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/ecrime.2018.8376209","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ecrime.2018.8376209","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2018 APWG Symposium on Electronic Crime Research (eCrime)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320318570","display_name":"Saudi Arabian Cultural Bureau","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":44,"referenced_works":["https://openalex.org/W169303955","https://openalex.org/W191098608","https://openalex.org/W192227941","https://openalex.org/W1507388815","https://openalex.org/W1527646163","https://openalex.org/W1581009051","https://openalex.org/W1583098994","https://openalex.org/W1647671624","https://openalex.org/W1775772884","https://openalex.org/W1827212170","https://openalex.org/W1851403712","https://openalex.org/W1910686388","https://openalex.org/W1974189812","https://openalex.org/W2033368661","https://openalex.org/W2057787526","https://openalex.org/W2064274762","https://openalex.org/W2077488147","https://openalex.org/W2089468765","https://openalex.org/W2092756033","https://openalex.org/W2099053789","https://openalex.org/W2100308537","https://openalex.org/W2109877485","https://openalex.org/W2114996745","https://openalex.org/W2115002964","https://openalex.org/W2123519624","https://openalex.org/W2126401948","https://openalex.org/W2126881776","https://openalex.org/W2128286266","https://openalex.org/W2129650357","https://openalex.org/W2138644293","https://openalex.org/W2157949690","https://openalex.org/W2185643225","https://openalex.org/W2200832203","https://openalex.org/W2804207136","https://openalex.org/W6606847443","https://openalex.org/W6607784307","https://openalex.org/W6630161724","https://openalex.org/W6631843488","https://openalex.org/W6636915900","https://openalex.org/W6638021444","https://openalex.org/W6638623425","https://openalex.org/W6639864006","https://openalex.org/W6752053048","https://openalex.org/W6981170678"],"related_works":["https://openalex.org/W3200232030","https://openalex.org/W2914889256","https://openalex.org/W4380789778","https://openalex.org/W3211746486","https://openalex.org/W4240330722","https://openalex.org/W1573526548","https://openalex.org/W4235820881","https://openalex.org/W3155898660","https://openalex.org/W4293077671","https://openalex.org/W2903950487"],"abstract_inverted_index":{"Anti-malware":[0],"vendors":[1],"receive":[2],"daily":[3],"thousands":[4],"of":[5,22,42,133,162,175,206],"potentially":[6],"malicious":[7,57,68],"binaries":[8],"to":[9,63,114,188],"analyse":[10],"and":[11,26,40,83,91,122,139,156,177],"categorise":[12],"before":[13],"deploying":[14],"the":[15,20,37,52,64,76,93,131,140,151,157,160,163,196],"appropriate":[16],"defence":[17],"measure.":[18],"Considering":[19],"limitations":[21],"existing":[23],"malware":[24,43,53,77,98,126,189,215,222],"analysis":[25,39,210],"classification":[27,41],"methods,":[28],"we":[29,170],"present":[30],"MalClassifier,":[31],"a":[32,136,144],"novel":[33,145],"privacy-preserving":[34],"system":[35],"for":[36,96,125,182],"automatic":[38],"using":[44,143],"network":[45,58,79,103,172,207,223],"flow":[46,80,104,137,164,192,224],"sequence":[47,81,105,138,193,209],"mining.":[48],"MalClassifier":[49,74,185],"allows":[50],"identifying":[51],"family":[54,127,183,216],"behind":[55],"detected":[56],"activity":[59],"without":[60],"requiring":[61],"access":[62],"infected":[65],"host":[66],"or":[67],"executable":[69],"reducing":[70],"overall":[71],"response":[72],"time.":[73],"abstracts":[75],"families'":[78],"order":[82,161],"semantics":[84],"behaviour":[85,106],"as":[86,112],"an":[87],"n-flow.":[88],"By":[89],"mining":[90],"extracting":[92],"distinctive":[94],"n-flows":[95],"each":[97],"family,":[99],"it":[100],"automatically":[101],"generates":[102],"profiles.":[107],"These":[108],"profiles":[109,142],"are":[110],"used":[111],"features":[113],"build":[115],"supervised":[116],"machine":[117],"learning":[118],"classifiers":[119],"(K-Nearest":[120],"Neighbour":[121],"Random":[123],"Forest)":[124],"classification.":[128,184],"We":[129],"compute":[130],"degree":[132],"similarity":[134,147,152,158],"between":[135,153,159],"extracted":[141],"fuzzy":[146],"measure":[148],"that":[149,203],"computes":[150],"flows":[154],"attributes":[155],"sequences.":[165],"For":[166],"classifier":[167],"performance":[168],"evaluation,":[169],"use":[171],"traffic":[173],"datasets":[174],"ransomware":[176],"botnets":[178],"obtaining":[179],"96%":[180],"F-measure":[181],"is":[186,211],"resilient":[187],"evasion":[190],"through":[191],"manipulation,":[194],"maintaining":[195],"classifier's":[197],"high":[198],"accuracy.":[199],"Our":[200],"results":[201],"demonstrate":[202],"this":[204],"type":[205],"flow-level":[208],"highly":[212],"effective":[213],"in":[214],"classification,":[217],"providing":[218],"insights":[219],"on":[220],"reoccurring":[221],"patterns.":[225]},"counts_by_year":[{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":7},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":14},{"year":2020,"cited_by_count":5},{"year":2019,"cited_by_count":8}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}