{"id":"https://openalex.org/W4313180787","doi":"https://doi.org/10.1109/iscc55528.2022.9913030","title":"MalPro: Learning on Process-Aware Behaviors for Malware Detection","display_name":"MalPro: Learning on Process-Aware Behaviors for Malware Detection","publication_year":2022,"publication_date":"2022-06-30","ids":{"openalex":"https://openalex.org/W4313180787","doi":"https://doi.org/10.1109/iscc55528.2022.9913030"},"language":"en","primary_location":{"id":"doi:10.1109/iscc55528.2022.9913030","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iscc55528.2022.9913030","pdf_url":null,"source":{"id":"https://openalex.org/S4363605780","display_name":"2022 IEEE Symposium on Computers and Communications (ISCC)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE Symposium on Computers and Communications (ISCC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5103103151","display_name":"Xiaohui Chen","orcid":"https://orcid.org/0000-0002-3921-7907"},"institutions":[{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Xiaohui Chen","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China","Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5019236880","display_name":"Ying Tong","orcid":null},"institutions":[{"id":"https://openalex.org/I4210114441","display_name":"Zhejiang Provincial Public Security Department","ror":"https://ror.org/01z3tch16","country_code":"CN","type":"government","lineage":["https://openalex.org/I4210114441"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ying Tong","raw_affiliation_strings":["Jiangsu Provincial,Public Security Department,Nanjing,China","Public Security Department, Jiangsu Provincial, Nanjing, China"],"affiliations":[{"raw_affiliation_string":"Jiangsu Provincial,Public Security Department,Nanjing,China","institution_ids":["https://openalex.org/I4210114441"]},{"raw_affiliation_string":"Public Security Department, Jiangsu Provincial, Nanjing, China","institution_ids":["https://openalex.org/I4210114441"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5044621447","display_name":"Chunlai Du","orcid":null},"institutions":[{"id":"https://openalex.org/I1456306","display_name":"North China University of Technology","ror":"https://ror.org/01nky7652","country_code":"CN","type":"education","lineage":["https://openalex.org/I1456306"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chunlai Du","raw_affiliation_strings":["School of Information Science and Technology, North China University of Technology,Beijing,China","School of Information Science and Technology, North China University of Technology, Beijing, China"],"affiliations":[{"raw_affiliation_string":"School of Information Science and Technology, North China University of Technology,Beijing,China","institution_ids":["https://openalex.org/I1456306"]},{"raw_affiliation_string":"School of Information Science and Technology, North China University of Technology, Beijing, China","institution_ids":["https://openalex.org/I1456306"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101825876","display_name":"Yongji Liu","orcid":"https://orcid.org/0000-0001-7167-6372"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yongji Liu","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China","Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043207623","display_name":"Zhenquan Ding","orcid":"https://orcid.org/0000-0002-8449-6140"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhenquan Ding","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China","Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5021639259","display_name":"Qingyun Ran","orcid":null},"institutions":[{"id":"https://openalex.org/I4210114441","display_name":"Zhejiang Provincial Public Security Department","ror":"https://ror.org/01z3tch16","country_code":"CN","type":"government","lineage":["https://openalex.org/I4210114441"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qingyun Ran","raw_affiliation_strings":["Jiangsu Provincial,Public Security Department,Nanjing,China","Public Security Department, Jiangsu Provincial, Nanjing, China"],"affiliations":[{"raw_affiliation_string":"Jiangsu Provincial,Public Security Department,Nanjing,China","institution_ids":["https://openalex.org/I4210114441"]},{"raw_affiliation_string":"Public Security Department, Jiangsu Provincial, Nanjing, China","institution_ids":["https://openalex.org/I4210114441"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100388178","display_name":"Yi Zhang","orcid":"https://orcid.org/0000-0002-5375-360X"},"institutions":[{"id":"https://openalex.org/I4210114441","display_name":"Zhejiang Provincial Public Security Department","ror":"https://ror.org/01z3tch16","country_code":"CN","type":"government","lineage":["https://openalex.org/I4210114441"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yi Zhang","raw_affiliation_strings":["Jiangsu Provincial,Public Security Department,Nanjing,China","Public Security Department, Jiangsu Provincial, Nanjing, China"],"affiliations":[{"raw_affiliation_string":"Jiangsu Provincial,Public Security Department,Nanjing,China","institution_ids":["https://openalex.org/I4210114441"]},{"raw_affiliation_string":"Public Security Department, Jiangsu Provincial, Nanjing, China","institution_ids":["https://openalex.org/I4210114441"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5026963407","display_name":"Lei Cui","orcid":null},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Lei Cui","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China","Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5021090590","display_name":"Zhiyu Hao","orcid":"https://orcid.org/0000-0003-3946-5094"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhiyu Hao","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China","Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":9,"corresponding_author_ids":["https://openalex.org/A5103103151"],"corresponding_institution_ids":["https://openalex.org/I19820366","https://openalex.org/I4210156404","https://openalex.org/I4210165038"],"apc_list":null,"apc_paid":null,"fwci":0.8591,"has_fulltext":false,"cited_by_count":7,"citation_normalized_percentile":{"value":0.75229068,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"01","last_page":"07"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9847999811172485,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8583250045776367},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8340511918067932},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.6443999409675598},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5696134567260742},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5452443361282349},{"id":"https://openalex.org/keywords/weighting","display_name":"Weighting","score":0.5202754139900208},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.5119553804397583},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.4648963510990143},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.46041351556777954},{"id":"https://openalex.org/keywords/binary-classification","display_name":"Binary classification","score":0.4580278992652893},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4242396056652069},{"id":"https://openalex.org/keywords/support-vector-machine","display_name":"Support vector machine","score":0.21424606442451477},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.16706669330596924},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.0961524248123169}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8583250045776367},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8340511918067932},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.6443999409675598},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5696134567260742},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5452443361282349},{"id":"https://openalex.org/C183115368","wikidata":"https://www.wikidata.org/wiki/Q856577","display_name":"Weighting","level":2,"score":0.5202754139900208},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.5119553804397583},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.4648963510990143},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.46041351556777954},{"id":"https://openalex.org/C66905080","wikidata":"https://www.wikidata.org/wiki/Q17005494","display_name":"Binary classification","level":3,"score":0.4580278992652893},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4242396056652069},{"id":"https://openalex.org/C12267149","wikidata":"https://www.wikidata.org/wiki/Q282453","display_name":"Support vector machine","level":2,"score":0.21424606442451477},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.16706669330596924},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0961524248123169},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0},{"id":"https://openalex.org/C126838900","wikidata":"https://www.wikidata.org/wiki/Q77604","display_name":"Radiology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/iscc55528.2022.9913030","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iscc55528.2022.9913030","pdf_url":null,"source":{"id":"https://openalex.org/S4363605780","display_name":"2022 IEEE Symposium on Computers and Communications (ISCC)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE Symposium on Computers and Communications (ISCC)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.6100000143051147,"display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G7165465486","display_name":null,"funder_award_id":"62072453,61972392","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W2439951656","https://openalex.org/W1573526548","https://openalex.org/W4360982091","https://openalex.org/W3176864451","https://openalex.org/W2053632570","https://openalex.org/W3211525895","https://openalex.org/W2187910102","https://openalex.org/W2128507946","https://openalex.org/W4254552916","https://openalex.org/W2800331776"],"abstract_inverted_index":{"Malware":[0],"continuously":[1],"evolve":[2],"and":[3,6,59,107,127],"become":[4],"more":[5,7],"sophisticated.":[8],"Learning":[9],"on":[10,36,130],"execution":[11],"behavior":[12],"is":[13],"proven":[14],"to":[15,49,56,120],"be":[16],"effective":[17],"for":[18,39,88,115],"malware":[19,30],"detection.":[20],"In":[21],"this":[22],"paper,":[23],"we":[24,124],"present":[25],"MalPro,":[26],"a":[27,82,117],"DNN":[28,114],"based":[29],"detection":[31],"approach":[32],"that":[33,136],"performs":[34],"learning":[35],"process-aware":[37],"behaviors":[38],"Windows":[40],"programs.":[41],"It":[42],"first":[43],"employs":[44],"logistic":[45],"regression-based":[46],"weighting":[47],"method":[48,138],"assess":[50],"the":[51,61,74,90,103,108,113,143],"sensitivity":[52],"of":[53,69,77,84,92,97,145],"an":[54],"API":[55,62,105],"malicious":[57],"behavior,":[58],"weights":[60],"following":[63],"run-time":[64],"arguments":[65],"with":[66],"varying":[67],"degrees":[68],"sensitivities.":[70],"Then,":[71],"it":[72,101],"constructs":[73],"process":[75,109],"graph":[76,110],"inter-process":[78],"interactions":[79],"from":[80],"which":[81],"set":[83],"attributes":[85,111],"are":[86],"extracted,":[87],"characterizing":[89],"relationship":[91],"various":[93],"processes":[94],"in":[95],"term":[96],"invoke":[98],"actions.":[99],"Finally,":[100],"feeds":[102],"weighted":[104],"sequences":[106],"into":[112],"training":[116],"binary":[118],"classifier":[119],"detect":[121],"malware.":[122],"Moreover,":[123],"have":[125],"implemented":[126],"evaluated":[128],"MalPro":[129],"two":[131],"datasets.":[132],"The":[133],"results":[134],"demonstrate":[135],"our":[137],"outperforms":[139],"naive":[140],"models,":[141],"verifying":[142],"effectiveness":[144],"MalPro.":[146]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":4}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}