{"id":"https://openalex.org/W2957715860","doi":"https://doi.org/10.1109/icsrs48664.2019.8987703","title":"Applications of Graph Integration to Function Comparison and Malware Classification","display_name":"Applications of Graph Integration to Function Comparison and Malware Classification","publication_year":2019,"publication_date":"2019-11-01","ids":{"openalex":"https://openalex.org/W2957715860","doi":"https://doi.org/10.1109/icsrs48664.2019.8987703","mag":"2957715860"},"language":"en","primary_location":{"id":"doi:10.1109/icsrs48664.2019.8987703","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icsrs48664.2019.8987703","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 4th International Conference on System Reliability and Safety (ICSRS)","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/1810.04789","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102897618","display_name":"Michael A. Slawi\u0144ski","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Michael Slawinski","raw_affiliation_strings":["Cylance Inc., Irvine, CA","Cylance"],"affiliations":[{"raw_affiliation_string":"Cylance Inc., Irvine, CA","institution_ids":[]},{"raw_affiliation_string":"Cylance","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5057372821","display_name":"Andy Wortman","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Andy Wortman","raw_affiliation_strings":["Cylance Inc., Irvine, CA","Cylance"],"affiliations":[{"raw_affiliation_string":"Cylance Inc., Irvine, CA","institution_ids":[]},{"raw_affiliation_string":"Cylance","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5102897618"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.06278985,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"20","issue":null,"first_page":"16","last_page":"24"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9944999814033508,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9921000003814697,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7114551663398743},{"id":"https://openalex.org/keywords/pagerank","display_name":"PageRank","score":0.6015946865081787},{"id":"https://openalex.org/keywords/feature-vector","display_name":"Feature vector","score":0.5290685296058655},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.50022292137146},{"id":"https://openalex.org/keywords/mit-license","display_name":"MIT License","score":0.4818657338619232},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.4560045003890991},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.4552721679210663},{"id":"https://openalex.org/keywords/vectorization","display_name":"Vectorization (mathematics)","score":0.4455660581588745},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.28216123580932617},{"id":"https://openalex.org/keywords/parallel-computing","display_name":"Parallel computing","score":0.16409990191459656},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.10866191983222961},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.0980488657951355}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7114551663398743},{"id":"https://openalex.org/C2779172887","wikidata":"https://www.wikidata.org/wiki/Q184316","display_name":"PageRank","level":2,"score":0.6015946865081787},{"id":"https://openalex.org/C83665646","wikidata":"https://www.wikidata.org/wiki/Q42139305","display_name":"Feature vector","level":2,"score":0.5290685296058655},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.50022292137146},{"id":"https://openalex.org/C174183944","wikidata":"https://www.wikidata.org/wiki/Q334661","display_name":"MIT License","level":3,"score":0.4818657338619232},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.4560045003890991},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.4552721679210663},{"id":"https://openalex.org/C41681595","wikidata":"https://www.wikidata.org/wiki/Q7917855","display_name":"Vectorization (mathematics)","level":2,"score":0.4455660581588745},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.28216123580932617},{"id":"https://openalex.org/C173608175","wikidata":"https://www.wikidata.org/wiki/Q232661","display_name":"Parallel computing","level":1,"score":0.16409990191459656},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.10866191983222961},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.0980488657951355},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1109/icsrs48664.2019.8987703","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icsrs48664.2019.8987703","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 4th International Conference on System Reliability and Safety (ICSRS)","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:1810.04789","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1810.04789","pdf_url":"https://arxiv.org/pdf/1810.04789","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"mag:2957715860","is_oa":true,"landing_page_url":"https://arxiv.org/abs/1810.04789","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"arXiv (Cornell University)","raw_type":null},{"id":"doi:10.48550/arxiv.1810.04789","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.1810.04789","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:1810.04789","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1810.04789","pdf_url":"https://arxiv.org/pdf/1810.04789","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[{"score":0.550000011920929,"id":"https://metadata.un.org/sdg/15","display_name":"Life in Land"}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2957715860.pdf","grobid_xml":"https://content.openalex.org/works/W2957715860.grobid-xml"},"referenced_works_count":28,"referenced_works":["https://openalex.org/W60817130","https://openalex.org/W1545528966","https://openalex.org/W1573286687","https://openalex.org/W1893133781","https://openalex.org/W1930624869","https://openalex.org/W1966948031","https://openalex.org/W1985205072","https://openalex.org/W2000441249","https://openalex.org/W2005662348","https://openalex.org/W2069992656","https://openalex.org/W2085562432","https://openalex.org/W2096188852","https://openalex.org/W2099053789","https://openalex.org/W2113242816","https://openalex.org/W2120092158","https://openalex.org/W2127637733","https://openalex.org/W2432142698","https://openalex.org/W2532962075","https://openalex.org/W2591102410","https://openalex.org/W2612872092","https://openalex.org/W2632775315","https://openalex.org/W2787229963","https://openalex.org/W2807294751","https://openalex.org/W2963579187","https://openalex.org/W2966764754","https://openalex.org/W2973628901","https://openalex.org/W2984279299","https://openalex.org/W3105926539"],"related_works":["https://openalex.org/W3006245688","https://openalex.org/W3043242689","https://openalex.org/W1591023849","https://openalex.org/W3067066149","https://openalex.org/W2005662348","https://openalex.org/W2269316186","https://openalex.org/W2285685067","https://openalex.org/W2084652036","https://openalex.org/W3211716863","https://openalex.org/W2997001386","https://openalex.org/W2808104812","https://openalex.org/W1584327673","https://openalex.org/W2886034153","https://openalex.org/W2151743994","https://openalex.org/W2906943923","https://openalex.org/W3208183553","https://openalex.org/W2794349174","https://openalex.org/W2898282322","https://openalex.org/W3136505081","https://openalex.org/W1994624481"],"abstract_inverted_index":{"We":[0,139,151],"classify":[1],".NET":[2],"files":[3],"as":[4,28,145],"either":[5],"benign":[6,173],"or":[7,132],"malicious":[8],"by":[9,44,70,94,157],"examining":[10],"directed":[11],"graphs":[12,105],"derived":[13],"from":[14,107,176],"the":[15,20,40,46,60,63,79,83,87,96,102,109,153],"set":[16,81,97,103],"of":[17,39,62,74,82,98,104,155,167],"functions":[18,76],"comprising":[19],"given":[21,64,84,110],"file.":[22,111],"Each":[23,66],"graph":[24,67,85],"is":[25,68,114],"viewed":[26],"probabilistically":[27],"a":[29,36,53,115,129,159,185,190],"Markov":[30],"chain":[31],"where":[32],"each":[33],"node":[34],"represents":[35],"code":[37],"block":[38],"corresponding":[41,100],"function,":[42],"and":[43,118,174,180,200],"computing":[45,71],"PageRank":[47,88,146],"vector":[48,50],"(Perron":[49],"with":[51],"transport),":[52],"probability":[54],"measure":[55],"can":[56,124],"be":[57,125],"defined":[58,77],"over":[59],"nodes":[61],"graph.":[65],"vectorized":[69,93],"Lebesgue":[72],"antiderivatives":[73],"hand-engineered":[75],"on":[78,163],"vertex":[80],"against":[86],"measure.":[89],"Files":[90],"are":[91],"subsequently":[92],"aggregating":[95],"vectors":[99],"to":[101,133,141,184],"resulting":[106],"decompiling":[108],"The":[112,194],"result":[113],"fast,":[116],"intuitive,":[117],"easy-to-compute":[119],"glass-box":[120],"vectorization":[121,143],"scheme,":[122],"which":[123,188],"leveraged":[126],"for":[127,198],"training":[128,158],"standalone":[130],"classifier":[131],"augment":[134],"an":[135],"existing":[136],"feature":[137,192],"space.":[138,193],"refer":[140],"this":[142,182],"technique":[144],"Measure":[147],"Integration":[148],"Vectorization":[149],"(PMIV).":[150],"demonstrate":[152],"efficacy":[154],"PMIV":[156],"vanilla":[160],"random":[161],"forest":[162],"2.5":[164],"million":[165],"samples":[166],"decompiled.":[168],"NET,":[169],"evenly":[170],"split":[171],"between":[172],"malicious,":[175],"our":[177],"in-house":[178],"corpus":[179],"compare":[181],"model":[183,187],"baseline":[186],"leverages":[189],"text-only":[191],"median":[195],"time":[196],"needed":[197],"decompilation":[199],"scoring":[201],"was":[202],"24ms.":[203],"<sup":[204],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[205],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">11</sup>":[206],"Code":[207],"available":[208],"at":[209],"https://github.com/gtownrocks/grafuple.":[210]},"counts_by_year":[],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-10-10T00:00:00"}