{"id":"https://openalex.org/W2288678424","doi":"https://doi.org/10.1109/iscc.2015.7405521","title":"Finding contextual clues to malware using a large corpus","display_name":"Finding contextual clues to malware using a large corpus","publication_year":2015,"publication_date":"2015-07-01","ids":{"openalex":"https://openalex.org/W2288678424","doi":"https://doi.org/10.1109/iscc.2015.7405521","mag":"2288678424"},"language":"en","primary_location":{"id":"doi:10.1109/iscc.2015.7405521","is_oa":false,"landing_page_url":"http://doi.org/10.1109/iscc.2015.7405521","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 IEEE Symposium on Computers and Communication (ISCC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.1109/iscc.2015.7405521","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5019584512","display_name":"Neil C. Rowe","orcid":"https://orcid.org/0000-0003-2612-0062"},"institutions":[{"id":"https://openalex.org/I35364215","display_name":"Naval Postgraduate School","ror":"https://ror.org/033yfkj90","country_code":"US","type":"education","lineage":["https://openalex.org/I1330347796","https://openalex.org/I3130687028","https://openalex.org/I35364215"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Neil C. Rowe","raw_affiliation_strings":["Dept. of Computer Science, U.S. Naval Postgraduate School, Monterey, California, USA"],"affiliations":[{"raw_affiliation_string":"Dept. of Computer Science, U.S. Naval Postgraduate School, Monterey, California, USA","institution_ids":["https://openalex.org/I35364215"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5019584512"],"corresponding_institution_ids":["https://openalex.org/I35364215"],"apc_list":null,"apc_paid":null,"fwci":0.2872,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.58762826,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"229","last_page":"236"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9973000288009644,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9962999820709229,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8205424547195435},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8187898993492126},{"id":"https://openalex.org/keywords/metadata","display_name":"Metadata","score":0.6684439182281494},{"id":"https://openalex.org/keywords/directory","display_name":"Directory","score":0.6255138516426086},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.6183128356933594},{"id":"https://openalex.org/keywords/hash-function","display_name":"Hash function","score":0.5771229863166809},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.48666101694107056},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.41825899481773376},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.26248499751091003},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2163969874382019}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8205424547195435},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8187898993492126},{"id":"https://openalex.org/C93518851","wikidata":"https://www.wikidata.org/wiki/Q180160","display_name":"Metadata","level":2,"score":0.6684439182281494},{"id":"https://openalex.org/C2777683733","wikidata":"https://www.wikidata.org/wiki/Q201456","display_name":"Directory","level":2,"score":0.6255138516426086},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.6183128356933594},{"id":"https://openalex.org/C99138194","wikidata":"https://www.wikidata.org/wiki/Q183427","display_name":"Hash function","level":2,"score":0.5771229863166809},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.48666101694107056},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.41825899481773376},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.26248499751091003},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2163969874382019},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C59822182","wikidata":"https://www.wikidata.org/wiki/Q441","display_name":"Botany","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/iscc.2015.7405521","is_oa":false,"landing_page_url":"http://doi.org/10.1109/iscc.2015.7405521","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 IEEE Symposium on Computers and Communication (ISCC)","raw_type":"proceedings-article"},{"id":"pmh:oai:zenodo.org:1274032","is_oa":true,"landing_page_url":"https://doi.org/10.1109/iscc.2015.7405521","pdf_url":null,"source":{"id":"https://openalex.org/S4306400562","display_name":"Zenodo (CERN European Organization for Nuclear Research)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I67311998","host_organization_name":"European Organization for Nuclear Research","host_organization_lineage":["https://openalex.org/I67311998"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"info:eu-repo/semantics/conferencePaper"}],"best_oa_location":{"id":"pmh:oai:zenodo.org:1274032","is_oa":true,"landing_page_url":"https://doi.org/10.1109/iscc.2015.7405521","pdf_url":null,"source":{"id":"https://openalex.org/S4306400562","display_name":"Zenodo (CERN European Organization for Nuclear Research)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I67311998","host_organization_name":"European Organization for Nuclear Research","host_organization_lineage":["https://openalex.org/I67311998"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"info:eu-repo/semantics/conferencePaper"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320332923","display_name":"U.S. Navy","ror":"https://ror.org/03ar0mv07"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W154046626","https://openalex.org/W1777157359","https://openalex.org/W2015996057","https://openalex.org/W2018428473","https://openalex.org/W2023429893","https://openalex.org/W2064915393","https://openalex.org/W2080778654","https://openalex.org/W2114188192","https://openalex.org/W2115445295","https://openalex.org/W2160127232","https://openalex.org/W2325361246","https://openalex.org/W2539805567","https://openalex.org/W6638033346"],"related_works":["https://openalex.org/W3115906952","https://openalex.org/W3134811395","https://openalex.org/W3155196058","https://openalex.org/W1529821365","https://openalex.org/W2135486207","https://openalex.org/W1499611046","https://openalex.org/W3024420453","https://openalex.org/W2388608119","https://openalex.org/W2915494741","https://openalex.org/W1514887537"],"abstract_inverted_index":{"Identification":[0],"of":[1,46,67,74,84,98,122,141,219,230,242,248,267],"malware":[2,63,85,131,208,231,243,268],"is":[3,34],"a":[4,195,204],"critical":[5],"problem":[6],"in":[7,51,64,88,145,188,232],"computer":[8],"security.":[9],"Many":[10],"signature-identification,":[11],"behavior-recognition,":[12],"and":[13,36,57,94,116,124,149,154,159,174,179,186,260],"reputation-based":[14],"tools":[15],"are":[16,25,39,45],"available":[17],"for":[18,102,112,119,163],"host-based":[19],"detection.":[20],"However,":[21],"so":[22],"many":[23],"files":[24,33,44,77,233],"present":[26],"on":[27,70,78,211],"systems":[28,69],"today":[29],"that":[30,129,203],"checking":[31],"all":[32],"time-consuming,":[35],"better":[37,227,239],"methods":[38,133,223],"needed":[40],"to":[41,49,62,199],"suggest":[42],"which":[43],"highest":[47],"priority":[48],"check":[50],"partial":[52],"scans.":[53],"This":[54],"work":[55],"developed":[56],"tested":[58],"local":[59,143],"contextual":[60],"clues":[61,144,169],"the":[65,113,139,164,189,201,246],"metadata":[66,147,213],"file":[68,125,146,150,172,206],"an":[71],"international":[72],"corpus":[73,90],"248":[75],"million":[76],"3961":[79],"drives.":[80],"398,949":[81],"hash":[82,96,155],"values":[83,97],"were":[86,100,110,117,161,177,181],"found":[87],"this":[89,193],"using":[91,104],"five":[92],"methods,":[93],"3,681,211":[95],"non-malware":[99],"chosen":[101],"comparison":[103],"three":[105,216],"methods.":[106],"Malware":[107],"identification":[108,132],"rates":[109],"compared":[111,162],"fifteen":[114,165],"combinations":[115],"cross-correlated":[118],"different":[120,130,136],"types":[121],"drives":[123],"types.":[126],"Results":[127],"showed":[128],"find":[134],"significantly":[135,255],"things.":[137],"Then":[138],"strength":[140],"particular":[142],"(directory":[148],"names,":[151],"sizes,":[152],"times,":[153],"values)":[156],"was":[157,197,207],"assessed":[158],"results":[160],"combinations.":[166],"Some":[167],"classic":[168],"(e.g.":[170,183],"rare":[171],"extensions":[173,185],"deletion":[175],"status)":[176],"confirmed":[178],"others":[180],"not":[182],"double":[184],"occurrence":[187],"operating":[190],"system).":[191],"With":[192,215],"data,":[194],"program":[196],"implemented":[198],"estimate":[200],"likelihood":[202],"given":[205],"based":[209],"solely":[210],"its":[212],"context.":[214],"random":[217],"subsets":[218],"our":[220,222],"corpus,":[221],"gave":[224],"51":[225],"times":[226],"precision":[228],"(fraction":[229,241],"identified":[234],"as":[235],"malware)":[236],"with":[237],"70%":[238],"recall":[240],"detected)":[244],"than":[245,257],"approach":[247],"inspecting":[249],"executables":[250],"alone.":[251],"They":[252],"also":[253],"ran":[254],"faster":[256],"signature":[258],"checking,":[259],"can":[261],"be":[262],"used":[263],"before":[264],"other":[265],"kinds":[266],"analysis.":[269]},"counts_by_year":[{"year":2021,"cited_by_count":1},{"year":2016,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}