{"id":"https://openalex.org/W4294672413","doi":"https://doi.org/10.1109/icccn54977.2022.9868914","title":"Evaluating Feature Robustness for Windows Malware Family Classification","display_name":"Evaluating Feature Robustness for Windows Malware Family Classification","publication_year":2022,"publication_date":"2022-07-01","ids":{"openalex":"https://openalex.org/W4294672413","doi":"https://doi.org/10.1109/icccn54977.2022.9868914"},"language":"en","primary_location":{"id":"doi:10.1109/icccn54977.2022.9868914","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icccn54977.2022.9868914","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 International Conference on Computer Communications and Networks (ICCCN)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5075793938","display_name":"Adam Duby","orcid":null},"institutions":[{"id":"https://openalex.org/I192545095","display_name":"United States Military Academy","ror":"https://ror.org/01jepya76","country_code":"US","type":"education","lineage":["https://openalex.org/I1304082316","https://openalex.org/I1330347796","https://openalex.org/I192545095","https://openalex.org/I4210088792"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Adam Duby","raw_affiliation_strings":["United States Military Academy,West Point,NY","United States Military Academy, West Point, NY"],"affiliations":[{"raw_affiliation_string":"United States Military Academy,West Point,NY","institution_ids":["https://openalex.org/I192545095"]},{"raw_affiliation_string":"United States Military Academy, West Point, NY","institution_ids":["https://openalex.org/I192545095"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5111373813","display_name":"Teryl Taylor","orcid":"https://orcid.org/0000-0002-4915-1286"},"institutions":[{"id":"https://openalex.org/I1341412227","display_name":"IBM (United States)","ror":"https://ror.org/05hh8d621","country_code":"US","type":"company","lineage":["https://openalex.org/I1341412227"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Teryl Taylor","raw_affiliation_strings":["IBM Research,Yorktown Heights,NY","IBM Research, Yorktown Heights, NY"],"affiliations":[{"raw_affiliation_string":"IBM Research,Yorktown Heights,NY","institution_ids":["https://openalex.org/I1341412227"]},{"raw_affiliation_string":"IBM Research, Yorktown Heights, NY","institution_ids":["https://openalex.org/I1341412227"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5055170166","display_name":"Gedare Bloom","orcid":"https://orcid.org/0000-0002-5677-7092"},"institutions":[{"id":"https://openalex.org/I888729015","display_name":"University of Colorado Colorado Springs","ror":"https://ror.org/054spjc55","country_code":"US","type":"education","lineage":["https://openalex.org/I888729015"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Gedare Bloom","raw_affiliation_strings":["University of Colorado Colorado Springs,Colorado Springs,CO","University of Colorado Colorado Springs, Colorado Springs, CO"],"affiliations":[{"raw_affiliation_string":"University of Colorado Colorado Springs,Colorado Springs,CO","institution_ids":["https://openalex.org/I888729015"]},{"raw_affiliation_string":"University of Colorado Colorado Springs, Colorado Springs, CO","institution_ids":["https://openalex.org/I888729015"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5072959708","display_name":"Yanyan Zhuang","orcid":"https://orcid.org/0000-0002-8407-0801"},"institutions":[{"id":"https://openalex.org/I888729015","display_name":"University of Colorado Colorado Springs","ror":"https://ror.org/054spjc55","country_code":"US","type":"education","lineage":["https://openalex.org/I888729015"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yanyan Zhuang","raw_affiliation_strings":["University of Colorado Colorado Springs,Colorado Springs,CO","University of Colorado Colorado Springs, Colorado Springs, CO"],"affiliations":[{"raw_affiliation_string":"University of Colorado Colorado Springs,Colorado Springs,CO","institution_ids":["https://openalex.org/I888729015"]},{"raw_affiliation_string":"University of Colorado Colorado Springs, Colorado Springs, CO","institution_ids":["https://openalex.org/I888729015"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5075793938"],"corresponding_institution_ids":["https://openalex.org/I192545095"],"apc_list":null,"apc_paid":null,"fwci":0.4462,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.58199899,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"10"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12761","display_name":"Data Stream Mining Techniques","score":0.9961000084877014,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.9618613123893738},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8125812411308289},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.8119391202926636},{"id":"https://openalex.org/keywords/concept-drift","display_name":"Concept drift","score":0.7961106300354004},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.6364614367485046},{"id":"https://openalex.org/keywords/cryptovirology","display_name":"Cryptovirology","score":0.6348533034324646},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5698014497756958},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.5446398258209229},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.5126253962516785},{"id":"https://openalex.org/keywords/feature-extraction","display_name":"Feature extraction","score":0.43310368061065674},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.42901909351348877},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.4186279773712158},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2204858660697937},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.14090511202812195},{"id":"https://openalex.org/keywords/data-stream-mining","display_name":"Data stream mining","score":0.09520772099494934}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.9618613123893738},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8125812411308289},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.8119391202926636},{"id":"https://openalex.org/C60777511","wikidata":"https://www.wikidata.org/wiki/Q3045002","display_name":"Concept drift","level":3,"score":0.7961106300354004},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.6364614367485046},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.6348533034324646},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5698014497756958},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.5446398258209229},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.5126253962516785},{"id":"https://openalex.org/C52622490","wikidata":"https://www.wikidata.org/wiki/Q1026626","display_name":"Feature extraction","level":2,"score":0.43310368061065674},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.42901909351348877},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.4186279773712158},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2204858660697937},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.14090511202812195},{"id":"https://openalex.org/C89198739","wikidata":"https://www.wikidata.org/wiki/Q3079880","display_name":"Data stream mining","level":2,"score":0.09520772099494934},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icccn54977.2022.9868914","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icccn54977.2022.9868914","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 International Conference on Computer Communications and Networks (ICCCN)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.699999988079071,"display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G4746655729","display_name":null,"funder_award_id":"OAC-2115134,OAC-1920462,OAC-2001789,CNS-2046705","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":66,"referenced_works":["https://openalex.org/W152854583","https://openalex.org/W1544697441","https://openalex.org/W1558357780","https://openalex.org/W1581009051","https://openalex.org/W1985328160","https://openalex.org/W2021183772","https://openalex.org/W2054888947","https://openalex.org/W2089468765","https://openalex.org/W2095195675","https://openalex.org/W2099499363","https://openalex.org/W2101234009","https://openalex.org/W2125743503","https://openalex.org/W2143481518","https://openalex.org/W2161336914","https://openalex.org/W2238882206","https://openalex.org/W2267635142","https://openalex.org/W2289955225","https://openalex.org/W2292109572","https://openalex.org/W2600031682","https://openalex.org/W2601305972","https://openalex.org/W2607219512","https://openalex.org/W2621204675","https://openalex.org/W2744095836","https://openalex.org/W2751661638","https://openalex.org/W2753594008","https://openalex.org/W2762226429","https://openalex.org/W2776884785","https://openalex.org/W2788864200","https://openalex.org/W2792991556","https://openalex.org/W2795033129","https://openalex.org/W2894746673","https://openalex.org/W2897880975","https://openalex.org/W2947447457","https://openalex.org/W2963961561","https://openalex.org/W2964636835","https://openalex.org/W2990954041","https://openalex.org/W2996806689","https://openalex.org/W2999620626","https://openalex.org/W3004650773","https://openalex.org/W3007070494","https://openalex.org/W3009445099","https://openalex.org/W3015481738","https://openalex.org/W3045322569","https://openalex.org/W3096432474","https://openalex.org/W3102720581","https://openalex.org/W3111533025","https://openalex.org/W3112173953","https://openalex.org/W3127265720","https://openalex.org/W4211117556","https://openalex.org/W4211194511","https://openalex.org/W4214898199","https://openalex.org/W4250463209","https://openalex.org/W4288356425","https://openalex.org/W4288638181","https://openalex.org/W4297747285","https://openalex.org/W6606151733","https://openalex.org/W6674279605","https://openalex.org/W6675354045","https://openalex.org/W6735216983","https://openalex.org/W6743618022","https://openalex.org/W6745899033","https://openalex.org/W6748641434","https://openalex.org/W6749652745","https://openalex.org/W6753153400","https://openalex.org/W6758125152","https://openalex.org/W6771540365"],"related_works":["https://openalex.org/W2900526031","https://openalex.org/W170652726","https://openalex.org/W109909280","https://openalex.org/W3118559199","https://openalex.org/W2059467397","https://openalex.org/W2465235098","https://openalex.org/W2160637255","https://openalex.org/W4234891089","https://openalex.org/W1855034413","https://openalex.org/W4294672413"],"abstract_inverted_index":{"Machine":[0],"learning":[1,103],"approaches":[2,20],"to":[3,92,126,138],"classify":[4],"malware":[5,35,56,86,106,150,157],"by":[6,100],"family":[7,57],"save":[8],"analysts":[9],"valuable":[10],"time":[11,123],"during":[12],"incident":[13],"response.":[14],"A":[15],"key":[16],"challenge":[17],"for":[18,55,170],"these":[19],"is":[21],"selecting":[22],"features":[23,99,146],"that":[24,77,81,117,133,144],"are":[25,147],"robust":[26,148],"against":[27,69,115,149],"concept":[28,70,93,127],"drift,":[29],"which":[30],"describes":[31],"the":[32,62,79,109,113],"change":[33],"in":[34,108],"over":[36,95],"time.":[37],"In":[38],"this":[39],"paper,":[40],"we":[41,60,121,153],"evaluate":[42,66],"a":[43,74],"dynamic":[44],"feature":[45],"set":[46],"based":[47],"on":[48,85,105],"Windows":[49],"handles":[50],"(e.g.,":[51],"files,":[52],"registry":[53],"keys)":[54],"classification.":[58],"Specifically,":[59],"examine":[61],"features'":[63],"vulnerabilities":[64],"and":[65,111,167],"their":[67],"robustness":[68,91],"drift.":[71],"We":[72,88],"curated":[73],"novel":[75],"dataset":[76,171],"simulates":[78],"manipulations":[80],"attackers":[82],"may":[83],"invoke":[84],"samples.":[87],"demonstrate":[89,155],"improved":[90],"drift":[94,128],"traditional":[96],"API":[97],"call-based":[98],"training":[101],"machine":[102],"classifiers":[104,114],"collected":[107],"wild,":[110],"testing":[112],"samples":[116],"underwent":[118],"manipulations.":[119],"Further,":[120],"investigate":[122],"decay":[124],"due":[125],"using":[129],"temporally":[130],"consistent":[131],"evaluations":[132],"do":[134],"not":[135],"assume":[136],"access":[137],"newer":[139],"information.":[140],"The":[141],"evaluation":[142],"shows":[143],"our":[145],"obfuscation.":[151],"Furthermore,":[152],"empirically":[154],"how":[156],"labeling":[158],"conventions":[159],"(malware":[160],"type":[161],"or":[162],"family)":[163],"can":[164],"affect":[165],"results,":[166],"make":[168],"recommendations":[169],"construction.":[172]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}