{"id":"https://openalex.org/W7116860279","doi":"https://doi.org/10.1109/isc266238.2025.11293303","title":"Temporal Dimension of Concept Drift in Malware Behavior Classification","display_name":"Temporal Dimension of Concept Drift in Malware Behavior Classification","publication_year":2025,"publication_date":"2025-10-06","ids":{"openalex":"https://openalex.org/W7116860279","doi":"https://doi.org/10.1109/isc266238.2025.11293303"},"language":null,"primary_location":{"id":"doi:10.1109/isc266238.2025.11293303","is_oa":false,"landing_page_url":"https://doi.org/10.1109/isc266238.2025.11293303","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Smart Cities Conference (ISC2)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5121076622","display_name":"Sotirios Giannopoulos","orcid":null},"institutions":[{"id":"https://openalex.org/I120729142","display_name":"Research Academic Computer Technology Institute","ror":"https://ror.org/021nszj63","country_code":"GR","type":"facility","lineage":["https://openalex.org/I120729142","https://openalex.org/I4210154149"]}],"countries":["GR"],"is_corresponding":true,"raw_author_name":"Sotirios Giannopoulos","raw_affiliation_strings":["Computer Technology Institute and Press DIOPHANTUS, University Of Patras,Patras,Greece"],"affiliations":[{"raw_affiliation_string":"Computer Technology Institute and Press DIOPHANTUS, University Of Patras,Patras,Greece","institution_ids":["https://openalex.org/I120729142"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5073781033","display_name":"Georgios Xenos","orcid":null},"institutions":[{"id":"https://openalex.org/I120729142","display_name":"Research Academic Computer Technology Institute","ror":"https://ror.org/021nszj63","country_code":"GR","type":"facility","lineage":["https://openalex.org/I120729142","https://openalex.org/I4210154149"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Georgios Xenos","raw_affiliation_strings":["Computer Technology Institute and Press DIOPHANTUS, University Of Patras,Patras,Greece"],"affiliations":[{"raw_affiliation_string":"Computer Technology Institute and Press DIOPHANTUS, University Of Patras,Patras,Greece","institution_ids":["https://openalex.org/I120729142"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5027257996","display_name":"Dimitrios Serpanos","orcid":"https://orcid.org/0000-0002-1385-7113"},"institutions":[{"id":"https://openalex.org/I120729142","display_name":"Research Academic Computer Technology Institute","ror":"https://ror.org/021nszj63","country_code":"GR","type":"facility","lineage":["https://openalex.org/I120729142","https://openalex.org/I4210154149"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Dimitrios Serpanos","raw_affiliation_strings":["Computer Technology Institute and Press DIOPHANTUS, University Of Patras,Patras,Greece"],"affiliations":[{"raw_affiliation_string":"Computer Technology Institute and Press DIOPHANTUS, University Of Patras,Patras,Greece","institution_ids":["https://openalex.org/I120729142"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5121076622"],"corresponding_institution_ids":["https://openalex.org/I120729142"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.83357852,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12761","display_name":"Data Stream Mining Techniques","score":0.7081999778747559,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12761","display_name":"Data Stream Mining Techniques","score":0.7081999778747559,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.18330000340938568,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.02879999950528145,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.9398999810218811},{"id":"https://openalex.org/keywords/concept-drift","display_name":"Concept drift","score":0.6484000086784363},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.5694000124931335},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.4945000112056732},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.4390000104904175},{"id":"https://openalex.org/keywords/baseline","display_name":"Baseline (sea)","score":0.435699999332428},{"id":"https://openalex.org/keywords/dimension","display_name":"Dimension (graph theory)","score":0.42800000309944153},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.3928000032901764}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.9398999810218811},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.73580002784729},{"id":"https://openalex.org/C60777511","wikidata":"https://www.wikidata.org/wiki/Q3045002","display_name":"Concept drift","level":3,"score":0.6484000086784363},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.6089000105857849},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.6044999957084656},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.5694000124931335},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.4945000112056732},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.4390000104904175},{"id":"https://openalex.org/C12725497","wikidata":"https://www.wikidata.org/wiki/Q810247","display_name":"Baseline (sea)","level":2,"score":0.435699999332428},{"id":"https://openalex.org/C33676613","wikidata":"https://www.wikidata.org/wiki/Q13415176","display_name":"Dimension (graph theory)","level":2,"score":0.42800000309944153},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.3928000032901764},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.390500009059906},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.38100001215934753},{"id":"https://openalex.org/C168167062","wikidata":"https://www.wikidata.org/wiki/Q1117970","display_name":"Component (thermodynamics)","level":2,"score":0.3693000078201294},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.3675999939441681},{"id":"https://openalex.org/C12267149","wikidata":"https://www.wikidata.org/wiki/Q282453","display_name":"Support vector machine","level":2,"score":0.334199994802475},{"id":"https://openalex.org/C2779662365","wikidata":"https://www.wikidata.org/wiki/Q5416694","display_name":"Event (particle physics)","level":2,"score":0.32690000534057617},{"id":"https://openalex.org/C87007009","wikidata":"https://www.wikidata.org/wiki/Q210832","display_name":"Statistical hypothesis testing","level":2,"score":0.3249000012874603},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.2996000051498413},{"id":"https://openalex.org/C51632099","wikidata":"https://www.wikidata.org/wiki/Q3985153","display_name":"Training set","level":2,"score":0.29429998993873596},{"id":"https://openalex.org/C52622490","wikidata":"https://www.wikidata.org/wiki/Q1026626","display_name":"Feature extraction","level":2,"score":0.29190000891685486},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.26350000500679016},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.26080000400543213},{"id":"https://openalex.org/C110083411","wikidata":"https://www.wikidata.org/wiki/Q1744628","display_name":"Statistical classification","level":2,"score":0.25429999828338623}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/isc266238.2025.11293303","is_oa":false,"landing_page_url":"https://doi.org/10.1109/isc266238.2025.11293303","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Smart Cities Conference (ISC2)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","score":0.6335381865501404,"display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":12,"referenced_works":["https://openalex.org/W1536719639","https://openalex.org/W2001292291","https://openalex.org/W2087211161","https://openalex.org/W2101234009","https://openalex.org/W2295598076","https://openalex.org/W2788388592","https://openalex.org/W2889057033","https://openalex.org/W2898017895","https://openalex.org/W3149857249","https://openalex.org/W4212915751","https://openalex.org/W4224288244","https://openalex.org/W4388886775"],"related_works":[],"abstract_inverted_index":{"As":[0],"cyberphysical":[1],"systems":[2,114],"in":[3,7,49,100],"smart":[4],"cities":[5],"increase":[6],"interconnectivity,":[8],"so":[9],"does":[10],"their":[11],"vulnerability":[12],"to":[13,20,40,60,66,82,160,208],"evolving":[14],"malware":[15,35,45,52,59,78,101,126,139,149,215],"threats,":[16,26],"posing":[17],"significant":[18],"risks":[19],"critical":[21],"infrastructure.":[22],"To":[23],"counteract":[24],"these":[25],"researchers":[27],"are":[28,115],"developing":[29],"machine":[30],"learning":[31],"(ML)":[32],"models":[33,172],"for":[34,148],"detection":[36,62],"and":[37,105,212],"classification.":[38,151],"Contrary":[39],"other":[41],"ML":[42,86,146],"application":[43],"domains,":[44],"classification":[46,113],"is":[47,103,133,163,206],"adversarial":[48],"nature,":[50],"as":[51,70,171],"authors":[53],"continually":[54],"alter":[55],"the":[56,74,91,94,109,136,175,180,194,197,203,210],"behavior":[57,102,150],"of":[58,77,85,93,97,111,138,145,157,179,196],"bypass":[61],"systems.":[63],"This":[64],"leads":[65,81],"a":[67,119],"phenomenon":[68],"known":[69],"concept":[71,98,219],"drift,":[72],"where":[73],"continuous":[75],"evolution":[76,137],"through":[79],"time,":[80],"performance":[83,110,144],"degradation":[84],"classifiers.":[87],"In":[88],"this":[89],"paper":[90],"impact":[92],"temporal":[95,155,218],"component":[96],"drift":[99],"investigated":[104],"its":[106],"effects":[107],"on":[108,174,185,193,202],"ML-based":[112],"assessed.":[116],"By":[117],"leveraging":[118],"large":[120],"public":[121],"benchmark":[122],"dataset,":[123],"MalDICT-Behavior,":[124],"with":[125],"samples":[127,159],"spanning":[128],"over":[129,140],"15":[130],"years,":[131],"it":[132],"demonstrated":[134],"that":[135,154],"time":[141],"significantly":[142],"degraded":[143],"classifiers":[147,191],"Experiments":[152],"highlight":[153],"proximity":[156],"training":[158,168],"test":[161],"cases":[162],"more":[164],"important":[165],"than":[166],"sheer":[167],"data":[169],"volume,":[170],"trained":[173,184,192],"most":[176,211],"recent":[177],"subset":[178],"dataset":[181],"outperformed":[182],"those":[183],"older":[186],"data,":[187],"even":[188],"outperforming":[189],"baseline":[190],"entirety":[195],"dataset.":[198],"Further":[199],"statistical":[200],"analysis":[201],"feature":[204],"set":[205],"performed":[207],"identify":[209],"least":[213],"susceptible":[214],"characteristics":[216],"against":[217],"drift.":[220]},"counts_by_year":[],"updated_date":"2025-12-24T23:09:58.560324","created_date":"2025-12-23T00:00:00"}