{"id":"https://openalex.org/W2289453476","doi":"https://doi.org/10.1109/malware.2015.7413685","title":"Segmented sandboxing - A novel approach to Malware polymorphism detection","display_name":"Segmented sandboxing - A novel approach to Malware polymorphism detection","publication_year":2015,"publication_date":"2015-10-01","ids":{"openalex":"https://openalex.org/W2289453476","doi":"https://doi.org/10.1109/malware.2015.7413685","mag":"2289453476"},"language":"en","primary_location":{"id":"doi:10.1109/malware.2015.7413685","is_oa":false,"landing_page_url":"https://doi.org/10.1109/malware.2015.7413685","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 10th International Conference on Malicious and Unwanted Software (MALWARE)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5059090211","display_name":"Fernando C. Col\u00f3n Osorio","orcid":null},"institutions":[{"id":"https://openalex.org/I6902469","display_name":"Brandeis University","ror":"https://ror.org/05abbep66","country_code":"US","type":"education","lineage":["https://openalex.org/I6902469"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Fernando C. Colon Osorio","raw_affiliation_strings":["Wireless Systems Security, Research Laboratory and Brandeis University"],"affiliations":[{"raw_affiliation_string":"Wireless Systems Security, Research Laboratory and Brandeis University","institution_ids":["https://openalex.org/I6902469"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5066455978","display_name":"Hongyuan Qiu","orcid":null},"institutions":[{"id":"https://openalex.org/I6902469","display_name":"Brandeis University","ror":"https://ror.org/05abbep66","country_code":"US","type":"education","lineage":["https://openalex.org/I6902469"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Hongyuan Qiu","raw_affiliation_strings":["Wireless Systems Security, Research Laboratory and Brandeis University"],"affiliations":[{"raw_affiliation_string":"Wireless Systems Security, Research Laboratory and Brandeis University","institution_ids":["https://openalex.org/I6902469"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5035524983","display_name":"Anthony Arrott","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Anthony Arrott","raw_affiliation_strings":["Director of Security Analytics CheckVir CheckVir, USA"],"affiliations":[{"raw_affiliation_string":"Director of Security Analytics CheckVir CheckVir, USA","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5059090211"],"corresponding_institution_ids":["https://openalex.org/I6902469"],"apc_list":null,"apc_paid":null,"fwci":0.5744,"has_fulltext":false,"cited_by_count":13,"citation_normalized_percentile":{"value":0.69356343,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"59","last_page":"68"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.9291374683380127},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8637580275535583},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.7701261043548584},{"id":"https://openalex.org/keywords/evasion","display_name":"Evasion (ethics)","score":0.66811603307724},{"id":"https://openalex.org/keywords/cryptovirology","display_name":"Cryptovirology","score":0.6038307547569275},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.5443751811981201},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5102558135986328},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.5055699348449707},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.46770092844963074},{"id":"https://openalex.org/keywords/signature","display_name":"Signature (topology)","score":0.41997408866882324},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.2451624870300293},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.11259710788726807}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.9291374683380127},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8637580275535583},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.7701261043548584},{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.66811603307724},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.6038307547569275},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.5443751811981201},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5102558135986328},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.5055699348449707},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.46770092844963074},{"id":"https://openalex.org/C2779696439","wikidata":"https://www.wikidata.org/wiki/Q7512811","display_name":"Signature (topology)","level":2,"score":0.41997408866882324},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.2451624870300293},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.11259710788726807},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C8891405","wikidata":"https://www.wikidata.org/wiki/Q1059","display_name":"Immune system","level":2,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C203014093","wikidata":"https://www.wikidata.org/wiki/Q101929","display_name":"Immunology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/malware.2015.7413685","is_oa":false,"landing_page_url":"https://doi.org/10.1109/malware.2015.7413685","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 10th International Conference on Malicious and Unwanted Software (MALWARE)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.5400000214576721,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":20,"referenced_works":["https://openalex.org/W54929040","https://openalex.org/W152854583","https://openalex.org/W162399341","https://openalex.org/W1573286687","https://openalex.org/W1580559113","https://openalex.org/W1582350176","https://openalex.org/W1583484179","https://openalex.org/W1973715256","https://openalex.org/W2034938003","https://openalex.org/W2049384437","https://openalex.org/W2110978214","https://openalex.org/W2122471594","https://openalex.org/W2131523719","https://openalex.org/W2151528949","https://openalex.org/W2167975832","https://openalex.org/W2171887114","https://openalex.org/W2409664136","https://openalex.org/W4285719527","https://openalex.org/W6606704627","https://openalex.org/W6685837280"],"related_works":["https://openalex.org/W2900526031","https://openalex.org/W3115123383","https://openalex.org/W3088492727","https://openalex.org/W4296272594","https://openalex.org/W4392544054","https://openalex.org/W4387947354","https://openalex.org/W109909280","https://openalex.org/W2470029541","https://openalex.org/W2470502009","https://openalex.org/W2132874238"],"abstract_inverted_index":{"Malware":[0,73,94,106,113,122,134,178,199,247],"polymorphic":[1,49],"and":[2,23,61,162,181,301],"metamorphic":[3],"obfuscation":[4,53],"techniques":[5,30,184],"combined":[6],"with":[7,55,249,318],"so-called":[8],"\"sandboxing":[9],"evasion":[10,183],"techniques\"":[11],"continue":[12],"to":[13,88,110,142,157,225,272,308],"erode":[14],"the":[15,34,46,80,140,171,177,190,227,235,258,330],"effectiveness":[16],"of":[17,37,48,82,92,103,130,175,192,206,230,237,239,316,329,333],"both":[18,231,297],"static":[19,196],"detection":[20,25,200,248],"(signature":[21],"matching),":[22],"dynamic":[24,121,194],"(sandboxing).":[26],"Specifically,":[27],"signature":[28],"based":[29,185],"are":[31,212],"overwhelmed":[32],"by":[33,146,256],"sheer":[35],"number":[36],"samples":[38],"generated":[39],"from":[40,126,204,260,267,322],"a":[41,75,90,167,261,268,273,312],"single":[42],"seminal":[43,93],"binary":[44],"through":[45],"use":[47],"variations":[50,84],"(encryption,":[51],"ISP":[52,56],"together":[54],"emulators,":[57],"semantically":[58],"neutral":[59],"transformations,":[60],"so":[62],"forth).":[63],"Anti-virus":[64],"security":[65],"vendors":[66],"often":[67],"report":[68],"more":[69,313],"than":[70],"100,000":[71],"new":[72],"signatures":[74],"day.":[76],"In":[77,96,220],"most":[78],"cases,":[79],"preponderance":[81],"these":[83],"can":[85],"be":[86,309],"attributed":[87],"just":[89,111,179],"handful":[91],"families.":[95],"2011,":[97],"FireEye":[98],"reported":[99],"that":[100,265,281],"over":[101],"50%":[102],"observed":[104],"successful":[105],"infections":[107],"were":[108],"attributable":[109],"13":[112],"families":[114],"(seminals).1":[115],"Similarly,":[116],"sandboxing2,":[117],"also":[118],"known":[119,331],"as":[120,218],"detection,":[123],"has":[124],"suffered":[125],"its":[127],"own":[128,216],"set":[129,315],"limitations.":[131],"Mainly,":[132],"(1)":[133],"writers":[135],"embed":[136],"in":[137,214,287],"their":[138,207,210,215],"code":[139],"ability":[141],"discover":[143],"virtualized":[144,158],"environments":[145],"checking":[147],"for":[148,198],"live":[149],"internet":[150],"access,":[151],"or":[152,195],"certain":[153],"system":[154],"properties":[155],"inherent":[156],"environments,":[159],"(2)":[160],"Wait":[161],"seek":[163],"(aka":[164],"dormant":[165],"Malware),":[166],"technique":[168],"where":[169],"knowing":[170],"execution":[172],"time":[173],"limitations":[174,332],"sandboxes,":[176],"waits,":[180],"(3)":[182],"on":[186,311],"diverse":[187],"communication.":[188],"While":[189],"benefits":[191],"either":[193,238],"approaches":[197],"look":[201],"quite":[202],"tempting":[203],"each":[205],"counterpart's":[208],"perspectives,":[209],"weakness":[211],"daunting":[213],"right":[217],"well.":[219],"this":[221,243,282],"manuscript":[222],"we":[223],"attempted":[224],"combine":[226],"best":[228],"part":[229],"approaches,":[232],"while":[233],"minimizing":[234],"disadvantages":[236],"them.":[240],"We":[241],"call":[242],"mixed":[244],"approach":[245,283],"\"static":[246],"segmented":[250],"sandboxing\".":[251],"It":[252],"was":[253],"first":[254],"developed":[255],"modeling":[257],"problem":[259,270],"classical":[262],"automata":[263],"theory":[264],"leads":[266],"formal":[269],"formulation":[271],"practical":[274],"solution":[275],"implementation.":[276],"Preliminary":[277],"results":[278],"have":[279],"shown":[280],"is":[284],"extremely":[285],"effective":[286],"at":[288],"least":[289],"two":[290],"significant":[291],"ways.":[292],"First,":[293],"it":[294,326],"sequentially":[295],"minimizes":[296],"false":[298,302,323],"negatives":[299],"(misses)":[300],"positives":[303],"(FPs)":[304],"enabling":[305],"response":[306],"resources":[307],"focused":[310],"complete":[314],"attacks":[317],"far":[319],"less":[320],"distraction":[321],"alarms.":[324],"Second,":[325],"overcomes":[327],"many":[328],"sandboxing":[334],"technology.":[335]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":3},{"year":2020,"cited_by_count":2},{"year":2019,"cited_by_count":1},{"year":2017,"cited_by_count":1},{"year":2016,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}