{"id":"https://openalex.org/W3091956118","doi":"https://doi.org/10.1109/iwqos49365.2020.9212829","title":"Network-based Malware Detection with a Two-tier Architecture for Online Incremental Update","display_name":"Network-based Malware Detection with a Two-tier Architecture for Online Incremental Update","publication_year":2020,"publication_date":"2020-06-01","ids":{"openalex":"https://openalex.org/W3091956118","doi":"https://doi.org/10.1109/iwqos49365.2020.9212829","mag":"3091956118"},"language":"en","primary_location":{"id":"doi:10.1109/iwqos49365.2020.9212829","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iwqos49365.2020.9212829","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 IEEE/ACM 28th International Symposium on Quality of Service (IWQoS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5067313044","display_name":"Anli Yan","orcid":"https://orcid.org/0000-0002-2854-2931"},"institutions":[{"id":"https://openalex.org/I34949971","display_name":"University of Jinan","ror":"https://ror.org/02mjz6f26","country_code":"CN","type":"education","lineage":["https://openalex.org/I34949971"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Anli Yan","raw_affiliation_strings":["School of Information Science and Engineering, University of Jinan, China"],"affiliations":[{"raw_affiliation_string":"School of Information Science and Engineering, University of Jinan, China","institution_ids":["https://openalex.org/I34949971"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5044246017","display_name":"Zhenxiang Chen","orcid":"https://orcid.org/0000-0001-9730-768X"},"institutions":[{"id":"https://openalex.org/I34949971","display_name":"University of Jinan","ror":"https://ror.org/02mjz6f26","country_code":"CN","type":"education","lineage":["https://openalex.org/I34949971"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhenxiang Chen","raw_affiliation_strings":["School of Information Science and Engineering, University of Jinan, China"],"affiliations":[{"raw_affiliation_string":"School of Information Science and Engineering, University of Jinan, China","institution_ids":["https://openalex.org/I34949971"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5008246763","display_name":"Riccardo Spolaor","orcid":"https://orcid.org/0000-0002-3878-7940"},"institutions":[{"id":"https://openalex.org/I40120149","display_name":"University of Oxford","ror":"https://ror.org/052gg0110","country_code":"GB","type":"education","lineage":["https://openalex.org/I40120149"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Riccardo Spolaor","raw_affiliation_strings":["Department of Computer Science, University of Oxford, United Kingdom"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Oxford, United Kingdom","institution_ids":["https://openalex.org/I40120149"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102192631","display_name":"Shuaishuai Tan","orcid":null},"institutions":[{"id":"https://openalex.org/I2250955327","display_name":"Huawei Technologies (China)","ror":"https://ror.org/00cmhce21","country_code":"CN","type":"company","lineage":["https://openalex.org/I2250955327"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shuaishuai Tan","raw_affiliation_strings":["Huawei-Technologies, China"],"affiliations":[{"raw_affiliation_string":"Huawei-Technologies, China","institution_ids":["https://openalex.org/I2250955327"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5066185224","display_name":"Chuan Zhao","orcid":"https://orcid.org/0000-0001-9106-6010"},"institutions":[{"id":"https://openalex.org/I4210128818","display_name":"Institute of Software","ror":"https://ror.org/033dfsn42","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210128818"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chuan Zhao","raw_affiliation_strings":["Shandong Provincial Key Laboratory of Software Engineering"],"affiliations":[{"raw_affiliation_string":"Shandong Provincial Key Laboratory of Software Engineering","institution_ids":["https://openalex.org/I4210128818"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001075168","display_name":"Lizhi Peng","orcid":"https://orcid.org/0000-0002-6009-522X"},"institutions":[{"id":"https://openalex.org/I34949971","display_name":"University of Jinan","ror":"https://ror.org/02mjz6f26","country_code":"CN","type":"education","lineage":["https://openalex.org/I34949971"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Lizhi Peng","raw_affiliation_strings":["School of Information Science and Engineering, University of Jinan, China"],"affiliations":[{"raw_affiliation_string":"School of Information Science and Engineering, University of Jinan, China","institution_ids":["https://openalex.org/I34949971"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5065368480","display_name":"Bo Yang","orcid":"https://orcid.org/0000-0001-7961-853X"},"institutions":[{"id":"https://openalex.org/I34949971","display_name":"University of Jinan","ror":"https://ror.org/02mjz6f26","country_code":"CN","type":"education","lineage":["https://openalex.org/I34949971"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Bo Yang","raw_affiliation_strings":["School of Information Science and Engineering, University of Jinan, China"],"affiliations":[{"raw_affiliation_string":"School of Information Science and Engineering, University of Jinan, China","institution_ids":["https://openalex.org/I34949971"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5067313044"],"corresponding_institution_ids":["https://openalex.org/I34949971"],"apc_list":null,"apc_paid":null,"fwci":0.6061,"has_fulltext":false,"cited_by_count":9,"citation_normalized_percentile":{"value":0.67024358,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"10"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12761","display_name":"Data Stream Mining Techniques","score":0.9965999722480774,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8580999374389648},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8448333144187927},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5813689827919006},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5605030655860901},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.5025901794433594},{"id":"https://openalex.org/keywords/retraining","display_name":"Retraining","score":0.48729002475738525},{"id":"https://openalex.org/keywords/support-vector-machine","display_name":"Support vector machine","score":0.43921807408332825},{"id":"https://openalex.org/keywords/concept-drift","display_name":"Concept drift","score":0.4215085804462433},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3744584619998932},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.13278159499168396}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8580999374389648},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8448333144187927},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5813689827919006},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5605030655860901},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.5025901794433594},{"id":"https://openalex.org/C2778712577","wikidata":"https://www.wikidata.org/wiki/Q3505966","display_name":"Retraining","level":2,"score":0.48729002475738525},{"id":"https://openalex.org/C12267149","wikidata":"https://www.wikidata.org/wiki/Q282453","display_name":"Support vector machine","level":2,"score":0.43921807408332825},{"id":"https://openalex.org/C60777511","wikidata":"https://www.wikidata.org/wiki/Q3045002","display_name":"Concept drift","level":3,"score":0.4215085804462433},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3744584619998932},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.13278159499168396},{"id":"https://openalex.org/C155202549","wikidata":"https://www.wikidata.org/wiki/Q178803","display_name":"International trade","level":1,"score":0.0},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.0},{"id":"https://openalex.org/C89198739","wikidata":"https://www.wikidata.org/wiki/Q3079880","display_name":"Data stream mining","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/iwqos49365.2020.9212829","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iwqos49365.2020.9212829","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 IEEE/ACM 28th International Symposium on Quality of Service (IWQoS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","score":0.5099999904632568,"id":"https://metadata.un.org/sdg/9"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":30,"referenced_works":["https://openalex.org/W1585854823","https://openalex.org/W1749887058","https://openalex.org/W1972428331","https://openalex.org/W2035925615","https://openalex.org/W2037026906","https://openalex.org/W2070386561","https://openalex.org/W2122672392","https://openalex.org/W2143991132","https://openalex.org/W2191468669","https://openalex.org/W2215111767","https://openalex.org/W2477856237","https://openalex.org/W2488579949","https://openalex.org/W2534602447","https://openalex.org/W2538940504","https://openalex.org/W2585223762","https://openalex.org/W2586536827","https://openalex.org/W2607911734","https://openalex.org/W2626498001","https://openalex.org/W2768073432","https://openalex.org/W2792567669","https://openalex.org/W2804769055","https://openalex.org/W2907487329","https://openalex.org/W2913857451","https://openalex.org/W2953209229","https://openalex.org/W2956315402","https://openalex.org/W2962774976","https://openalex.org/W2964136807","https://openalex.org/W3091890513","https://openalex.org/W6728920836","https://openalex.org/W6733179014"],"related_works":["https://openalex.org/W2081982437","https://openalex.org/W4394857231","https://openalex.org/W2027050655","https://openalex.org/W4297683550","https://openalex.org/W2068319486","https://openalex.org/W4389000576","https://openalex.org/W3160499573","https://openalex.org/W2810128799","https://openalex.org/W2619158163","https://openalex.org/W2167825284"],"abstract_inverted_index":{"As":[0],"smartphones":[1],"carry":[2],"more":[3,5],"and":[4,37,147,167,180,193,211],"private":[6],"information,":[7],"it":[8,26,142,182],"has":[9],"become":[10,22],"the":[11,57,65,84,102,110,137,158],"main":[12],"target":[13],"of":[14,87,96,207],"malware":[15,43,190],"attacks.":[16],"Threats":[17],"on":[18,47,64,165,169,175],"mobile":[19],"devices":[20],"have":[21],"increasingly":[23],"sophisticated,":[24],"making":[25],"imperative":[27],"to":[28,35,52,56,90,134,163],"develop":[29],"effective":[30],"tools":[31,45],"that":[32,155,201],"are":[33],"able":[34],"detect":[36,91],"counter":[38],"such":[39,120],"threats.":[40],"Unfortunately,":[41],"existing":[42,159],"detection":[44,66,138,191],"based":[46,129],"machine":[48,185],"learning":[49,186,196],"techniques":[50],"struggle":[51],"keep":[53],"up":[54,162],"due":[55],"difficulty":[58],"in":[59,101,150,205],"performing":[60],"online":[61],"incremental":[62,127,195],"update":[63,136,209],"models.":[67],"In":[68],"this":[69],"paper,":[70],"a":[71,106],"Two-tier":[72],"Architecture":[73],"Malware":[74],"Detection":[75],"(TAMD)":[76],"method":[77],"is":[78,203],"proposed,":[79],"which":[80,132],"can":[81],"learn":[82],"from":[83,143],"statistical":[85],"features":[86],"network":[88],"traffic":[89],"malware.":[92],"The":[93],"first":[94],"layer":[95,112],"TAMD":[97,124,156],"identifies":[98],"uncertain":[99],"samples":[100],"training":[103],"set":[104],"through":[105],"preliminary":[107],"classification,":[108],"whereas":[109],"second":[111],"builds":[113],"an":[114,126],"improved":[115],"classifier":[116],"by":[117,145],"filtering":[118],"out":[119],"samples.":[121],"We":[122,152,171],"enhance":[123],"with":[125,161,183],"leaning":[128],"technique":[130],"(TAMD-IL),":[131],"allows":[133],"incrementally":[135],"models":[139],"without":[140],"retraining":[141],"scratch":[144],"removing":[146],"adding":[148],"sub-models":[149],"TAMD.":[151],"experimentally":[153],"demonstrate":[154],"outperforms":[157],"methods":[160],"98.72%":[164],"precision":[166],"96.57%":[168],"recall.":[170],"also":[172],"evaluate":[173],"TAMD-IL":[174,202],"four":[176],"concept":[177],"drift":[178],"datasets":[179],"compare":[181],"classical":[184],"algorithms,":[187],"two":[188],"state-of-the-art":[189],"technologies,":[192],"three":[194],"technologies.":[197],"Experimental":[198],"results":[199],"show":[200],"efficient":[204],"terms":[206],"both":[208],"time":[210],"memory":[212],"usage.":[213]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":1},{"year":2021,"cited_by_count":3}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}