{"id":"https://openalex.org/W4414538719","doi":"https://doi.org/10.1109/icc52391.2025.11161263","title":"Malware Detection in Docker Containers: An Image is Worth a Thousand Logs","display_name":"Malware Detection in Docker Containers: An Image is Worth a Thousand Logs","publication_year":2025,"publication_date":"2025-06-08","ids":{"openalex":"https://openalex.org/W4414538719","doi":"https://doi.org/10.1109/icc52391.2025.11161263"},"language":"en","primary_location":{"id":"doi:10.1109/icc52391.2025.11161263","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icc52391.2025.11161263","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ICC 2025 - IEEE International Conference on Communications","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.1109/ICC52391.2025.11161263","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5119739780","display_name":"Akis Nousias","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Akis Nousias","raw_affiliation_strings":["K3Y Ltd,Sofia,Bulgaria"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"K3Y Ltd,Sofia,Bulgaria","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5072647401","display_name":"Efklidis Katsaros","orcid":"https://orcid.org/0000-0002-0261-9187"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Efklidis Katsaros","raw_affiliation_strings":["K3Y Ltd,Sofia,Bulgaria"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"K3Y Ltd,Sofia,Bulgaria","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5073346381","display_name":"Evangelos Syrmos","orcid":"https://orcid.org/0000-0001-6504-8660"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Evangelos Syrmos","raw_affiliation_strings":["K3Y Ltd,Sofia,Bulgaria"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"K3Y Ltd,Sofia,Bulgaria","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5025891312","display_name":"Panagiotis Radoglou\u2010Grammatikis","orcid":"https://orcid.org/0000-0003-1605-9413"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Panagiotis Radoglou-Grammatikis","raw_affiliation_strings":["K3Y Ltd,Sofia,Bulgaria"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"K3Y Ltd,Sofia,Bulgaria","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5066475089","display_name":"\u0398\u03c9\u03bc\u03ac\u03c2 \u039b\u03ac\u03b3\u03ba\u03b1\u03c2","orcid":"https://orcid.org/0000-0002-0749-9794"},"institutions":[{"id":"https://openalex.org/I183898223","display_name":"International Hellenic University","ror":"https://ror.org/00708jp83","country_code":"GR","type":"education","lineage":["https://openalex.org/I183898223"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Thomas Lagkas","raw_affiliation_strings":["International Hellenic University,Department of Computer Science,Kavala,Greece"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"International Hellenic University,Department of Computer Science,Kavala,Greece","institution_ids":["https://openalex.org/I183898223"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5013565466","display_name":"Vasileios Argyriou","orcid":"https://orcid.org/0000-0003-4679-8049"},"institutions":[{"id":"https://openalex.org/I205051169","display_name":"Kingston University","ror":"https://ror.org/05bbqza97","country_code":"GB","type":"education","lineage":["https://openalex.org/I205051169"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Vasileios Argyriou","raw_affiliation_strings":["Kingston University,Department of Networks and Digital Media,London,U.K"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Kingston University,Department of Networks and Digital Media,London,U.K","institution_ids":["https://openalex.org/I205051169"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5040071039","display_name":"Ioannis D. Moscholios","orcid":"https://orcid.org/0000-0003-3656-277X"},"institutions":[{"id":"https://openalex.org/I158716096","display_name":"University of Peloponnese","ror":"https://ror.org/04d4d3c02","country_code":"GR","type":"education","lineage":["https://openalex.org/I158716096"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Ioannis Moscholios","raw_affiliation_strings":["University of Peloponnese,Department Informatics &#x0026; Telecommunications,Tripolis,Greece"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Peloponnese,Department Informatics &#x0026; Telecommunications,Tripolis,Greece","institution_ids":["https://openalex.org/I158716096"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5009055115","display_name":"Evangelos Markakis","orcid":"https://orcid.org/0000-0003-0959-598X"},"institutions":[{"id":"https://openalex.org/I28710699","display_name":"Hellenic Mediterranean University","ror":"https://ror.org/039ce0m20","country_code":"GR","type":"education","lineage":["https://openalex.org/I28710699"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Evangelos Markakis","raw_affiliation_strings":["Hellenic Mediterranean University,Department of Electrical and Computer Engineering,Heraklion,Greece"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Hellenic Mediterranean University,Department of Electrical and Computer Engineering,Heraklion,Greece","institution_ids":["https://openalex.org/I28710699"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5031068531","display_name":"Sotirios K. Goudos","orcid":"https://orcid.org/0000-0001-5981-5683"},"institutions":[{"id":"https://openalex.org/I21370196","display_name":"Aristotle University of Thessaloniki","ror":"https://ror.org/02j61yw88","country_code":"GR","type":"education","lineage":["https://openalex.org/I21370196"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Sotirios Goudos","raw_affiliation_strings":["Aristotle University of Thessaloniki,Physics Department,Thessaloniki,Greece"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Aristotle University of Thessaloniki,Physics Department,Thessaloniki,Greece","institution_ids":["https://openalex.org/I21370196"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5050756789","display_name":"Panagiotis Sarigiannidis","orcid":"https://orcid.org/0000-0001-6042-0355"},"institutions":[{"id":"https://openalex.org/I89506807","display_name":"University of Western Macedonia","ror":"https://ror.org/00a5pe906","country_code":"GR","type":"education","lineage":["https://openalex.org/I89506807"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Panagiotis Sarigiannidis","raw_affiliation_strings":["University of Western Macedonia,Department of Electrical and Computer Engineering,Kozani,Greece"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Western Macedonia,Department of Electrical and Computer Engineering,Kozani,Greece","institution_ids":["https://openalex.org/I89506807"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":10,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":3.1921,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.92573132,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":95,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"6401","last_page":"6407"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9904000163078308,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9868999719619751,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8932999968528748},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.6794000267982483},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.6186000108718872},{"id":"https://openalex.org/keywords/convolutional-neural-network","display_name":"Convolutional neural network","score":0.6000000238418579},{"id":"https://openalex.org/keywords/point","display_name":"Point (geometry)","score":0.44290000200271606},{"id":"https://openalex.org/keywords/limiting","display_name":"Limiting","score":0.44190001487731934},{"id":"https://openalex.org/keywords/rgb-color-model","display_name":"RGB color model","score":0.38109999895095825},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.357699990272522}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8932999968528748},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.73580002784729},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.6794000267982483},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.6186000108718872},{"id":"https://openalex.org/C81363708","wikidata":"https://www.wikidata.org/wiki/Q17084460","display_name":"Convolutional neural network","level":2,"score":0.6000000238418579},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5769000053405762},{"id":"https://openalex.org/C28719098","wikidata":"https://www.wikidata.org/wiki/Q44946","display_name":"Point (geometry)","level":2,"score":0.44290000200271606},{"id":"https://openalex.org/C188198153","wikidata":"https://www.wikidata.org/wiki/Q1613840","display_name":"Limiting","level":2,"score":0.44190001487731934},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4106000065803528},{"id":"https://openalex.org/C82990744","wikidata":"https://www.wikidata.org/wiki/Q166194","display_name":"RGB color model","level":2,"score":0.38109999895095825},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.357699990272522},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.3255000114440918},{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.32420000433921814},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.3068000078201294},{"id":"https://openalex.org/C21491501","wikidata":"https://www.wikidata.org/wiki/Q430253","display_name":"Backporting","level":5,"score":0.2946000099182129},{"id":"https://openalex.org/C100660578","wikidata":"https://www.wikidata.org/wiki/Q18733","display_name":"Recall","level":2,"score":0.2865000069141388},{"id":"https://openalex.org/C115961682","wikidata":"https://www.wikidata.org/wiki/Q860623","display_name":"Image (mathematics)","level":2,"score":0.273499995470047},{"id":"https://openalex.org/C52622490","wikidata":"https://www.wikidata.org/wiki/Q1026626","display_name":"Feature extraction","level":2,"score":0.2648000121116638},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.2615000009536743},{"id":"https://openalex.org/C77618280","wikidata":"https://www.wikidata.org/wiki/Q1155772","display_name":"Scheme (mathematics)","level":2,"score":0.26109999418258667},{"id":"https://openalex.org/C1009929","wikidata":"https://www.wikidata.org/wiki/Q179550","display_name":"Software bug","level":3,"score":0.2603999972343445},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.25769999623298645},{"id":"https://openalex.org/C81669768","wikidata":"https://www.wikidata.org/wiki/Q2359161","display_name":"Precision and recall","level":2,"score":0.2563000023365021},{"id":"https://openalex.org/C149091818","wikidata":"https://www.wikidata.org/wiki/Q2429814","display_name":"Software system","level":3,"score":0.2531000077724457},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.25200000405311584}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/icc52391.2025.11161263","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icc52391.2025.11161263","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ICC 2025 - IEEE International Conference on Communications","raw_type":"proceedings-article"},{"id":"pmh:oai:zenodo.org:17432393","is_oa":true,"landing_page_url":"https://doi.org/10.1109/ICC52391.2025.11161263","pdf_url":null,"source":{"id":"https://openalex.org/S4306400562","display_name":"Zenodo (CERN European Organization for Nuclear Research)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I67311998","host_organization_name":"European Organization for Nuclear Research","host_organization_lineage":["https://openalex.org/I67311998"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/conferencePaper"}],"best_oa_location":{"id":"pmh:oai:zenodo.org:17432393","is_oa":true,"landing_page_url":"https://doi.org/10.1109/ICC52391.2025.11161263","pdf_url":null,"source":{"id":"https://openalex.org/S4306400562","display_name":"Zenodo (CERN European Organization for Nuclear Research)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I67311998","host_organization_name":"European Organization for Nuclear Research","host_organization_lineage":["https://openalex.org/I67311998"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/conferencePaper"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":17,"referenced_works":["https://openalex.org/W1916732574","https://openalex.org/W2064675550","https://openalex.org/W2108598243","https://openalex.org/W2159772324","https://openalex.org/W2194775991","https://openalex.org/W2560886373","https://openalex.org/W2721204918","https://openalex.org/W2796394805","https://openalex.org/W2883780447","https://openalex.org/W2889100747","https://openalex.org/W2963163009","https://openalex.org/W2998074434","https://openalex.org/W3092118421","https://openalex.org/W3203322735","https://openalex.org/W3217476834","https://openalex.org/W4312943307","https://openalex.org/W4412945498"],"related_works":[],"abstract_inverted_index":{"Malware":[0],"detection":[1],"is":[2],"increasingly":[3],"challenged":[4],"by":[5,59],"evolving":[6],"techniques":[7],"like":[8],"obfuscation":[9],"and":[10,89,122,133,137,143,151],"polymorphism,":[11],"limiting":[12],"the":[13,19,31,77,109],"effectiveness":[14,150],"of":[15,22,34,71,113,120,145],"traditional":[16],"methods.":[17],"Meanwhile,":[18],"widespread":[20],"adoption":[21],"software":[23,36,79,124,159],"containers":[24,66,80,125],"has":[25],"introduced":[26],"new":[27,154],"security":[28,57],"challenges,":[29],"including":[30],"growing":[32],"threat":[33],"malicious":[35],"injection,":[37],"where":[38],"a":[39,61,99,153],"container,":[40],"once":[41],"compromised,":[42],"can":[43],"serve":[44],"as":[45],"entry":[46],"point":[47],"for":[48,156],"further":[49],"cyberattacks.":[50],"In":[51],"this":[52],"work,":[53],"we":[54,107],"address":[55],"these":[56],"issues":[58],"introducing":[60],"method":[62,129],"to":[63,91],"identify":[64],"compromised":[65,123],"through":[67],"machine":[68],"learning":[69],"analysis":[70],"their":[72,86],"file":[73],"systems.":[74],"We":[75],"cast":[76],"entire":[78],"into":[81],"large":[82],"RGB":[83,118],"images":[84,119],"via":[85],"tarball":[87],"representations,":[88],"propose":[90],"use":[92],"established":[93],"Convolutional":[94],"Neural":[95],"Network":[96],"architectures":[97],"on":[98],"streaming,":[100],"patchbased":[101],"manner.":[102],"To":[103],"support":[104],"our":[105],"experiments,":[106],"release":[108],"COSOCO":[110],"dataset-the":[111],"first":[112],"its":[114,149],"kind-containing":[115],"3364":[116],"largescale":[117],"benign":[121],"at":[126],"https://huggingface.co/datasets/k3ylabs/cosoco-imagedataset.":[127],"Our":[128],"detects":[130],"more":[131],"malware":[132],"achieves":[134],"higher":[135],"F1":[136],"Recall":[138],"scores":[139],"than":[140],"all":[141],"individual":[142],"ensembles":[144],"VirusTotal":[146],"engines,":[147],"demonstrating":[148],"setting":[152],"standard":[155],"identifying":[157],"malware-compromised":[158],"containers.":[160]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}