{"id":"https://openalex.org/W2177448797","doi":"https://doi.org/10.1109/malware.2013.6703684","title":"Synthesizing near-optimal malware specifications from suspicious behaviors","display_name":"Synthesizing near-optimal malware specifications from suspicious behaviors","publication_year":2013,"publication_date":"2013-10-01","ids":{"openalex":"https://openalex.org/W2177448797","doi":"https://doi.org/10.1109/malware.2013.6703684","mag":"2177448797"},"language":"en","primary_location":{"id":"doi:10.1109/malware.2013.6703684","is_oa":false,"landing_page_url":"https://doi.org/10.1109/malware.2013.6703684","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2013 8th International Conference on Malicious and Unwanted Software: \"The Americas\" (MALWARE)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5088826068","display_name":"Somesh Jha","orcid":"https://orcid.org/0000-0001-5877-0436"},"institutions":[{"id":"https://openalex.org/I135310074","display_name":"University of Wisconsin\u2013Madison","ror":"https://ror.org/01y2jtd41","country_code":"US","type":"education","lineage":["https://openalex.org/I135310074"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Somesh Jha","raw_affiliation_strings":["University of Wisconsin-Madison"],"affiliations":[{"raw_affiliation_string":"University of Wisconsin-Madison","institution_ids":["https://openalex.org/I135310074"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5057424614","display_name":"Matt Fredrikson","orcid":"https://orcid.org/0000-0003-1820-1698"},"institutions":[{"id":"https://openalex.org/I135310074","display_name":"University of Wisconsin\u2013Madison","ror":"https://ror.org/01y2jtd41","country_code":"US","type":"education","lineage":["https://openalex.org/I135310074"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Matthew Fredrikson","raw_affiliation_strings":["University of Wisconsin-Madison"],"affiliations":[{"raw_affiliation_string":"University of Wisconsin-Madison","institution_ids":["https://openalex.org/I135310074"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5004329579","display_name":"Mihai Christodoresu","orcid":null},"institutions":[{"id":"https://openalex.org/I19268510","display_name":"Qualcomm (United Kingdom)","ror":"https://ror.org/04d3djg48","country_code":"GB","type":"company","lineage":["https://openalex.org/I19268510","https://openalex.org/I4210087596"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Mihai Christodoresu","raw_affiliation_strings":["Qualcomm Research Silicon Valley"],"affiliations":[{"raw_affiliation_string":"Qualcomm Research Silicon Valley","institution_ids":["https://openalex.org/I19268510"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5015743671","display_name":"Reiner Sailer","orcid":null},"institutions":[{"id":"https://openalex.org/I1341412227","display_name":"IBM (United States)","ror":"https://ror.org/05hh8d621","country_code":"US","type":"company","lineage":["https://openalex.org/I1341412227"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Reiner Sailer","raw_affiliation_strings":["IBM T.J Watson Research Center"],"affiliations":[{"raw_affiliation_string":"IBM T.J Watson Research Center","institution_ids":["https://openalex.org/I1341412227"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5047709762","display_name":"Xifeng Yan","orcid":"https://orcid.org/0009-0000-6508-4792"},"institutions":[{"id":"https://openalex.org/I154570441","display_name":"University of California, Santa Barbara","ror":"https://ror.org/02t274463","country_code":"US","type":"education","lineage":["https://openalex.org/I154570441"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xifeng Yan","raw_affiliation_strings":["University of California-Santa, Barbara"],"affiliations":[{"raw_affiliation_string":"University of California-Santa, Barbara","institution_ids":["https://openalex.org/I154570441"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5088826068"],"corresponding_institution_ids":["https://openalex.org/I135310074"],"apc_list":null,"apc_paid":null,"fwci":4.7881,"has_fulltext":false,"cited_by_count":27,"citation_normalized_percentile":{"value":0.95671782,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"41","last_page":"50"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9970999956130981,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.9433469176292419},{"id":"https://openalex.org/keywords/discriminative-model","display_name":"Discriminative model","score":0.8397665023803711},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8366655111312866},{"id":"https://openalex.org/keywords/workstation","display_name":"Workstation","score":0.5072788596153259},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.4211381673812866},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4203137755393982},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3687015473842621},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2875679135322571},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.07019039988517761}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.9433469176292419},{"id":"https://openalex.org/C97931131","wikidata":"https://www.wikidata.org/wiki/Q5282087","display_name":"Discriminative model","level":2,"score":0.8397665023803711},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8366655111312866},{"id":"https://openalex.org/C67953723","wikidata":"https://www.wikidata.org/wiki/Q192525","display_name":"Workstation","level":2,"score":0.5072788596153259},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4211381673812866},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4203137755393982},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3687015473842621},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2875679135322571},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.07019039988517761}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/malware.2013.6703684","is_oa":false,"landing_page_url":"https://doi.org/10.1109/malware.2013.6703684","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2013 8th International Conference on Malicious and Unwanted Software: \"The Americas\" (MALWARE)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Reduced inequalities","score":0.6899999976158142,"id":"https://metadata.un.org/sdg/10"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":33,"referenced_works":["https://openalex.org/W6183661","https://openalex.org/W182734301","https://openalex.org/W1167171564","https://openalex.org/W1581009051","https://openalex.org/W1809063480","https://openalex.org/W1851672339","https://openalex.org/W1956767865","https://openalex.org/W2013729009","https://openalex.org/W2014589236","https://openalex.org/W2100645382","https://openalex.org/W2107690445","https://openalex.org/W2115808517","https://openalex.org/W2117030266","https://openalex.org/W2123697676","https://openalex.org/W2123886726","https://openalex.org/W2124961838","https://openalex.org/W2126775986","https://openalex.org/W2131523719","https://openalex.org/W2138644293","https://openalex.org/W2145083214","https://openalex.org/W2151135920","https://openalex.org/W2160510992","https://openalex.org/W2164281374","https://openalex.org/W2166924764","https://openalex.org/W2167671111","https://openalex.org/W2295399529","https://openalex.org/W4234423219","https://openalex.org/W4235261014","https://openalex.org/W4253181625","https://openalex.org/W6607492917","https://openalex.org/W6640826072","https://openalex.org/W6654358211","https://openalex.org/W6683485974"],"related_works":["https://openalex.org/W4389116644","https://openalex.org/W2153315159","https://openalex.org/W3103844505","https://openalex.org/W2097492617","https://openalex.org/W259157601","https://openalex.org/W4205463238","https://openalex.org/W2761785940","https://openalex.org/W2753240997","https://openalex.org/W2045348955","https://openalex.org/W2352028719"],"abstract_inverted_index":{"Behavior-based":[0],"detection":[1,113],"techniques":[2],"are":[3],"a":[4,65,70,77],"promising":[5,137],"solution":[6],"to":[7,37,91,125],"the":[8,102],"problem":[9],"of":[10,18,29,67,94],"malware":[11,79,108],"proliferation.":[12],"However,":[13],"they":[14],"require":[15],"precise":[16],"specifications":[17],"malicious":[19],"behavior":[20],"that":[21,120],"do":[22],"not":[23],"result":[24],"in":[25,142],"an":[26,54],"excessive":[27],"number":[28],"false":[30],"alarms,":[31],"while":[32],"still":[33],"remaining":[34],"general":[35],"enough":[36],"detect":[38],"new":[39,116,132],"variants":[40],"before":[41],"traditional":[42],"signatures":[43],"can":[44,73,122],"be":[45,74,123],"created":[46],"and":[47,87,134],"distributed.":[48],"In":[49],"this":[50,97,143],"paper,":[51],"we":[52],"present":[53],"automatic":[55],"technique":[56,103],"for":[57,131,139],"extracting":[58],"optimally":[59],"discriminative":[60,71],"specifications,":[61],"which":[62],"uniquely":[63],"identify":[64],"class":[66],"programs.":[68,95],"Such":[69],"specification":[72],"used":[75],"by":[76],"behavior-based":[78],"detector.":[80],"Our":[81],"technique,":[82],"based":[83],"on":[84,107,115,127],"graph":[85],"mining":[86],"stochastic":[88],"optimization,":[89],"scales":[90],"large":[92],"classes":[93],"When":[96],"work":[98,141],"was":[99],"originally":[100],"published,":[101],"yielded":[104],"favorable":[105],"results":[106],"targeted":[109],"towards":[110],"workstations":[111],"(\u223c86%":[112],"rates":[114],"malware).":[117],"We":[118],"believe":[119],"it":[121],"brought":[124],"bear":[126],"emerging":[128],"malware-based":[129],"threats":[130],"platforms,":[133],"discuss":[135],"several":[136],"avenues":[138],"future":[140],"direction.":[144]},"counts_by_year":[{"year":2023,"cited_by_count":1},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":6},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":2},{"year":2016,"cited_by_count":1},{"year":2015,"cited_by_count":3},{"year":2014,"cited_by_count":5},{"year":2013,"cited_by_count":6},{"year":2012,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}