{"id":"https://openalex.org/W2810114801","doi":"https://doi.org/10.1109/milcom.2018.8599785","title":"Robust Neural Malware Detection Models for Emulation Sequence Learning","display_name":"Robust Neural Malware Detection Models for Emulation Sequence Learning","publication_year":2018,"publication_date":"2018-10-01","ids":{"openalex":"https://openalex.org/W2810114801","doi":"https://doi.org/10.1109/milcom.2018.8599785","mag":"2810114801"},"language":"en","primary_location":{"id":"doi:10.1109/milcom.2018.8599785","is_oa":false,"landing_page_url":"https://doi.org/10.1109/milcom.2018.8599785","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5103855547","display_name":"Rakshit Agrawal","orcid":null},"institutions":[{"id":"https://openalex.org/I185103710","display_name":"University of California, Santa Cruz","ror":"https://ror.org/03s65by71","country_code":"US","type":"education","lineage":["https://openalex.org/I185103710"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Rakshit Agrawal","raw_affiliation_strings":["University of California at Santa Cruz, Santa Cruz, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California at Santa Cruz, Santa Cruz, CA, USA","institution_ids":["https://openalex.org/I185103710"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059859993","display_name":"Jack W. Stokes","orcid":null},"institutions":[{"id":"https://openalex.org/I1290206253","display_name":"Microsoft (United States)","ror":"https://ror.org/00d0nc645","country_code":"US","type":"company","lineage":["https://openalex.org/I1290206253"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jack W. Stokes","raw_affiliation_strings":["Microsoft Research, Redmond, WA, USA"],"affiliations":[{"raw_affiliation_string":"Microsoft Research, Redmond, WA, USA","institution_ids":["https://openalex.org/I1290206253"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029654238","display_name":"Mady Marinescu","orcid":null},"institutions":[{"id":"https://openalex.org/I1290206253","display_name":"Microsoft (United States)","ror":"https://ror.org/00d0nc645","country_code":"US","type":"company","lineage":["https://openalex.org/I1290206253"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mady Marinescu","raw_affiliation_strings":["Microsoft Corp., Redmond, WA, USA"],"affiliations":[{"raw_affiliation_string":"Microsoft Corp., Redmond, WA, USA","institution_ids":["https://openalex.org/I1290206253"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5104052353","display_name":"Karthik Selvaraj","orcid":null},"institutions":[{"id":"https://openalex.org/I1290206253","display_name":"Microsoft (United States)","ror":"https://ror.org/00d0nc645","country_code":"US","type":"company","lineage":["https://openalex.org/I1290206253"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Karthik Selvaraj","raw_affiliation_strings":["Microsoft Corp., Redmond, WA, USA"],"affiliations":[{"raw_affiliation_string":"Microsoft Corp., Redmond, WA, USA","institution_ids":["https://openalex.org/I1290206253"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5103855547"],"corresponding_institution_ids":["https://openalex.org/I185103710"],"apc_list":null,"apc_paid":null,"fwci":1.6514,"has_fulltext":false,"cited_by_count":15,"citation_normalized_percentile":{"value":0.84996354,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"8"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9965000152587891,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.9274048805236816},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8445972204208374},{"id":"https://openalex.org/keywords/emulation","display_name":"Emulation","score":0.8012582063674927},{"id":"https://openalex.org/keywords/cryptovirology","display_name":"Cryptovirology","score":0.5905179381370544},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.5423861145973206},{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.5239565372467041},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4894615411758423},{"id":"https://openalex.org/keywords/event","display_name":"Event (particle physics)","score":0.4536267817020416},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.449688583612442},{"id":"https://openalex.org/keywords/convolutional-neural-network","display_name":"Convolutional neural network","score":0.43366360664367676},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.4140964150428772},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3472696542739868},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2398102879524231},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.2193383276462555}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.9274048805236816},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8445972204208374},{"id":"https://openalex.org/C149810388","wikidata":"https://www.wikidata.org/wiki/Q5374873","display_name":"Emulation","level":2,"score":0.8012582063674927},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.5905179381370544},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.5423861145973206},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.5239565372467041},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4894615411758423},{"id":"https://openalex.org/C2779662365","wikidata":"https://www.wikidata.org/wiki/Q5416694","display_name":"Event (particle physics)","level":2,"score":0.4536267817020416},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.449688583612442},{"id":"https://openalex.org/C81363708","wikidata":"https://www.wikidata.org/wiki/Q17084460","display_name":"Convolutional neural network","level":2,"score":0.43366360664367676},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.4140964150428772},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3472696542739868},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2398102879524231},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.2193383276462555},{"id":"https://openalex.org/C50522688","wikidata":"https://www.wikidata.org/wiki/Q189833","display_name":"Economic growth","level":1,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/milcom.2018.8599785","is_oa":false,"landing_page_url":"https://doi.org/10.1109/milcom.2018.8599785","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.5}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":43,"referenced_works":["https://openalex.org/W1514535095","https://openalex.org/W1522301498","https://openalex.org/W1523493493","https://openalex.org/W1538131130","https://openalex.org/W1545528966","https://openalex.org/W1666731339","https://openalex.org/W2005708641","https://openalex.org/W2064675550","https://openalex.org/W2069143585","https://openalex.org/W2072698166","https://openalex.org/W2107878631","https://openalex.org/W2116261113","https://openalex.org/W2117539524","https://openalex.org/W2130942839","https://openalex.org/W2133564696","https://openalex.org/W2136848157","https://openalex.org/W2143612262","https://openalex.org/W2148461049","https://openalex.org/W2163605009","https://openalex.org/W2234884273","https://openalex.org/W2507756961","https://openalex.org/W2508015754","https://openalex.org/W2530887700","https://openalex.org/W2552839021","https://openalex.org/W2557513839","https://openalex.org/W2613904329","https://openalex.org/W2632775315","https://openalex.org/W2734713605","https://openalex.org/W2803955564","https://openalex.org/W2912811302","https://openalex.org/W2950527759","https://openalex.org/W2963106521","https://openalex.org/W2963834268","https://openalex.org/W2964121744","https://openalex.org/W2964265128","https://openalex.org/W2964308564","https://openalex.org/W2964335273","https://openalex.org/W4297747285","https://openalex.org/W4303633609","https://openalex.org/W6684191040","https://openalex.org/W6728279584","https://openalex.org/W6745899033","https://openalex.org/W6752167428"],"related_works":["https://openalex.org/W1573526548","https://openalex.org/W2053632570","https://openalex.org/W2965893286","https://openalex.org/W2810666735","https://openalex.org/W4389341938","https://openalex.org/W1602547571","https://openalex.org/W2991580804","https://openalex.org/W3211525895","https://openalex.org/W4254552916","https://openalex.org/W2469346691"],"abstract_inverted_index":{"Malicious":[0],"software,":[1],"or":[2,23],"malware,":[3],"presents":[4],"a":[5,29,60,230],"continuously":[6],"evolving":[7],"challenge":[8],"in":[9,17,59,76,86,198,214],"computer":[10],"security.":[11],"These":[12,93,134],"embedded":[13],"snippets":[14],"of":[15,20,98,108,110,180,206,210,234],"code":[16],"the":[18,96,99,104,130,178,181,207],"form":[19],"malicious":[21,39,54,100,111,175],"files":[22,27],"hidden":[24],"within":[25,115],"legitimate":[26],"cause":[28],"major":[30],"risk":[31],"to":[32,37,47,88,216],"systems":[33],"with":[34,238],"their":[35],"ability":[36],"run":[38],"command":[40,71],"sequences.":[41,72,117,224,242],"Malware":[42,91],"authors":[43],"even":[44],"use":[45],"polymorphism":[46],"reorder":[48],"these":[49,116],"commands":[50],"and":[51,106,125,151,220],"create":[52],"several":[53],"variations.":[55],"However,":[56],"if":[57],"executed":[58],"secure":[61],"environment,":[62],"one":[63],"can":[64,120,169,188],"perform":[65,89],"early":[66],"malware":[67,159,196],"detection":[68,171,197],"on":[69,222,229],"emulated":[70],"The":[73],"models":[74,94,119,137,161,186],"presented":[75],"this":[77,80,218],"paper":[78],"leverage":[79],"sequential":[81,158],"data":[82],"derived":[83],"via":[84],"emulation":[85],"order":[87,215],"Neural":[90,153],"Detection.":[92],"target":[95,132],"core":[97],"operation":[101],"by":[102,140,172],"learning":[103,136],"presence":[105],"pattern":[107],"co-occurrence":[109],"event":[112,123],"actions":[113],"from":[114],"Our":[118],"capture":[121],"entire":[122],"sequences":[124,192],"be":[126],"trained":[127],"directly":[128],"using":[129],"known":[131],"labels.":[133],"end-to-end":[135],"are":[138],"powered":[139],"two":[141],"commonly":[142],"used":[143],"structures":[144],"-":[145],"Long":[146,211],"Short-Term":[147],"Memory":[148],"(LSTM)":[149],"Networks":[150,154],"Convolutional":[152],"(CNNs),":[155],"Previously":[156],"proposed":[157],"classification":[160],"process":[162],"no":[163],"more":[164],"than":[165],"200":[166],"events.":[167],"Attackers":[168],"evade":[170],"delaying":[173],"any":[174],"activity":[176],"beyond":[177],"beginning":[179],"file.":[182],"We":[183,202,225],"present":[184,203,226],"specialized":[185],"that":[187],"handle":[189],"extremely":[190,239],"long":[191,223,240],"while":[193],"successfully":[194],"performing":[195],"an":[199,204],"efficient":[200],"way.":[201],"implementation":[205],"Convoluted":[208],"Partitioning":[209],"Sequences":[212],"approach":[213],"tackle":[217],"vulnerability":[219],"operate":[221],"our":[227],"results":[228],"large":[231],"dataset":[232],"consisting":[233],"634,249":[235],"file":[236,241],"sequences,":[237]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":3},{"year":2020,"cited_by_count":3},{"year":2019,"cited_by_count":4}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}