{"id":"https://openalex.org/W7123413912","doi":"https://doi.org/10.1109/ecrime66972.2025.11327982","title":"Beaver: Estimating Future Risks at Scale in Real-World Deployments","display_name":"Beaver: Estimating Future Risks at Scale in Real-World Deployments","publication_year":2025,"publication_date":"2025-11-04","ids":{"openalex":"https://openalex.org/W7123413912","doi":"https://doi.org/10.1109/ecrime66972.2025.11327982"},"language":null,"primary_location":{"id":"doi:10.1109/ecrime66972.2025.11327982","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ecrime66972.2025.11327982","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 APWG Symposium on Electronic Crime Research (eCrime)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5048021434","display_name":"Marco Balduzzi","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Marco Balduzzi","raw_affiliation_strings":["Trend Micro Research"],"affiliations":[{"raw_affiliation_string":"Trend Micro Research","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5122972047","display_name":"Roel Reyes","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Roel Reyes","raw_affiliation_strings":["Trend Micro Research"],"affiliations":[{"raw_affiliation_string":"Trend Micro Research","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5122966674","display_name":"Jessica Balaquit","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jessica Balaquit","raw_affiliation_strings":["Trend Micro Research"],"affiliations":[{"raw_affiliation_string":"Trend Micro Research","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5122937180","display_name":"Ryan Flores","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ryan Flores","raw_affiliation_strings":["Trend Micro Research"],"affiliations":[{"raw_affiliation_string":"Trend Micro Research","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5048021434"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.69681932,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"15"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.652899980545044,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.652899980545044,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.11710000038146973,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.06520000100135803,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7717999815940857},{"id":"https://openalex.org/keywords/scale","display_name":"Scale (ratio)","score":0.5687000155448914},{"id":"https://openalex.org/keywords/work","display_name":"Work (physics)","score":0.555899977684021},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.43790000677108765},{"id":"https://openalex.org/keywords/empirical-research","display_name":"Empirical research","score":0.38089999556541443},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.3684000074863434},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.3529999852180481},{"id":"https://openalex.org/keywords/point","display_name":"Point (geometry)","score":0.32589998841285706}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7717999815940857},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6930000185966492},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6371999979019165},{"id":"https://openalex.org/C2778755073","wikidata":"https://www.wikidata.org/wiki/Q10858537","display_name":"Scale (ratio)","level":2,"score":0.5687000155448914},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.555899977684021},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.5370000004768372},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.43790000677108765},{"id":"https://openalex.org/C120936955","wikidata":"https://www.wikidata.org/wiki/Q2155640","display_name":"Empirical research","level":2,"score":0.38089999556541443},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.3684000074863434},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.3529999852180481},{"id":"https://openalex.org/C28719098","wikidata":"https://www.wikidata.org/wiki/Q44946","display_name":"Point (geometry)","level":2,"score":0.32589998841285706},{"id":"https://openalex.org/C12174686","wikidata":"https://www.wikidata.org/wiki/Q1058438","display_name":"Risk assessment","level":2,"score":0.3052000105381012},{"id":"https://openalex.org/C110121322","wikidata":"https://www.wikidata.org/wiki/Q865811","display_name":"Distribution (mathematics)","level":2,"score":0.28790000081062317},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.2822999954223633},{"id":"https://openalex.org/C2779390178","wikidata":"https://www.wikidata.org/wiki/Q29137","display_name":"Cybercrime","level":3,"score":0.2727000117301941},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.2678000032901764},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.25600001215934753},{"id":"https://openalex.org/C166052673","wikidata":"https://www.wikidata.org/wiki/Q83021","display_name":"Empirical evidence","level":2,"score":0.2517000138759613},{"id":"https://openalex.org/C182306322","wikidata":"https://www.wikidata.org/wiki/Q1779371","display_name":"Order (exchange)","level":2,"score":0.2515000104904175},{"id":"https://openalex.org/C168167062","wikidata":"https://www.wikidata.org/wiki/Q1117970","display_name":"Component (thermodynamics)","level":2,"score":0.250900000333786}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/ecrime66972.2025.11327982","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ecrime66972.2025.11327982","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 APWG Symposium on Electronic Crime Research (eCrime)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.7808762192726135}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":47,"referenced_works":["https://openalex.org/W150078352","https://openalex.org/W1490011260","https://openalex.org/W1541898988","https://openalex.org/W1977586926","https://openalex.org/W1989335842","https://openalex.org/W1998637589","https://openalex.org/W2003371939","https://openalex.org/W2014171012","https://openalex.org/W2023429893","https://openalex.org/W2065890363","https://openalex.org/W2081840305","https://openalex.org/W2104209065","https://openalex.org/W2104923322","https://openalex.org/W2127062979","https://openalex.org/W2135930857","https://openalex.org/W2152575748","https://openalex.org/W2228853307","https://openalex.org/W2281397941","https://openalex.org/W2535603283","https://openalex.org/W2602218799","https://openalex.org/W2748245824","https://openalex.org/W2765667105","https://openalex.org/W2767011015","https://openalex.org/W2792805829","https://openalex.org/W2794801050","https://openalex.org/W2883457276","https://openalex.org/W2891316582","https://openalex.org/W2904027722","https://openalex.org/W2912095101","https://openalex.org/W2947608454","https://openalex.org/W2970545278","https://openalex.org/W3008949272","https://openalex.org/W3012755363","https://openalex.org/W3015342250","https://openalex.org/W3093609112","https://openalex.org/W3113371616","https://openalex.org/W3118716900","https://openalex.org/W3122267592","https://openalex.org/W3125868980","https://openalex.org/W3138173041","https://openalex.org/W3156588337","https://openalex.org/W4250681672","https://openalex.org/W4280511617","https://openalex.org/W4283643001","https://openalex.org/W4300865450","https://openalex.org/W4400762160","https://openalex.org/W4402389591"],"related_works":[],"abstract_inverted_index":{"Malware":[0],"continues":[1],"to":[2,7,48,89,106,112,164,171],"pose":[3],"a":[4,62,74,121,126,136],"significant":[5],"threat":[6],"organizations":[8,105],"worldwide,":[9],"with":[10,180],"various":[11],"forms":[12],"of":[13,80,102,138,158],"malicious":[14],"software":[15],"enabling":[16,104],"criminal":[17],"activities.":[18],"To":[19],"protect":[20],"against":[21],"these":[22,39],"threats,":[23],"security":[24],"solutions":[25,40],"such":[26],"as":[27],"anti-malware":[28],"and":[29,85,124],"intrusion-detection-systems":[30],"have":[31],"been":[32],"introduced":[33],"over":[34,86,135],"the":[35,78,87,97,147,156,167,181],"years.":[36],"However,":[37],"while":[38],"work":[41],"well,":[42],"especially":[43],"when":[44,52],"combined,":[45],"they":[46,53,70],"tend":[47],"detect":[49],"attacks":[50],"only":[51],"are":[54,161],"already":[55],"happening.":[56],"In":[57],"this":[58],"paper,":[59],"we":[60,178],"adopt":[61],"proactive":[63],"strategy":[64],"aimed":[65],"at":[66,154],"anticipating":[67],"threats":[68],"before":[69],"occur.":[71],"We":[72,116],"introduce":[73],"system":[75],"that":[76,149,160],"leverages":[77],"activities":[79],"users":[81,153],"on":[82,146],"their":[83,113],"machines":[84],"Internet":[88],"predict":[90],"future":[91],"malware":[92,173],"outbreaks.":[93],"Our":[94,141],"solution":[95],"estimates":[96],"risk":[98,114,128],"for":[99],"different":[100],"classes":[101],"malware,":[103,166],"proactively":[107],"implement":[108],"mitigation":[109],"strategies":[110],"tailored":[111],"profiles.":[115],"deploy":[117],"our":[118],"implementation":[119],"in":[120],"real-world":[122],"setting":[123],"conduct":[125],"large-scale":[127],"study":[129,143],"across":[130],"10.7":[131],"million":[132],"endpoints":[133,159],"collected":[134],"period":[137],"one":[139],"month.":[140],"empirical":[142],"provides":[144],"insights":[145],"behaviors":[148],"most":[150,162],"significantly":[151],"put":[152],"risk,":[155],"categories":[157],"vulnerable":[163],"specific":[165],"distribution":[168],"mechanisms":[169],"used":[170],"operate":[172],"campaigns,":[174],"among":[175],"other":[176],"findings":[177],"share":[179],"community.":[182]},"counts_by_year":[],"updated_date":"2026-01-14T23:44:37.837170","created_date":"2026-01-14T00:00:00"}