{"id":"https://openalex.org/W4200046519","doi":"https://doi.org/10.1109/pst52912.2021.9647814","title":"Clustering based opcode graph generation for malware variant detection","display_name":"Clustering based opcode graph generation for malware variant detection","publication_year":2021,"publication_date":"2021-12-13","ids":{"openalex":"https://openalex.org/W4200046519","doi":"https://doi.org/10.1109/pst52912.2021.9647814"},"language":"en","primary_location":{"id":"doi:10.1109/pst52912.2021.9647814","is_oa":false,"landing_page_url":"https://doi.org/10.1109/pst52912.2021.9647814","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 18th International Conference on Privacy, Security and Trust (PST)","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2211.10048","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5012357758","display_name":"Fok Kar Wai","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Fok Kar Wai","raw_affiliation_strings":["Cybersecurity Strategic Technology Centre, ST Engineering, Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"Cybersecurity Strategic Technology Centre, ST Engineering, Singapore, Singapore","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5040321131","display_name":"Vrizlynn L. L. Thing","orcid":"https://orcid.org/0000-0003-4424-8596"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Vrizlynn L. L. Thing","raw_affiliation_strings":["Cybersecurity Strategic Technology Centre, ST Engineering, Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"Cybersecurity Strategic Technology Centre, ST Engineering, Singapore, Singapore","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5012357758"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.6155,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.68414339,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":"50","issue":null,"first_page":"1","last_page":"11"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9979000091552734,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.963699996471405,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/opcode","display_name":"Opcode","score":0.9979890584945679},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8984997272491455},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7419339418411255},{"id":"https://openalex.org/keywords/cluster-analysis","display_name":"Cluster analysis","score":0.7121669054031372},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.4432699680328369},{"id":"https://openalex.org/keywords/subroutine","display_name":"Subroutine","score":0.4415069818496704},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.43983006477355957},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.32956069707870483},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.24259495735168457},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.22292423248291016}],"concepts":[{"id":"https://openalex.org/C52173422","wikidata":"https://www.wikidata.org/wiki/Q766483","display_name":"Opcode","level":2,"score":0.9979890584945679},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8984997272491455},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7419339418411255},{"id":"https://openalex.org/C73555534","wikidata":"https://www.wikidata.org/wiki/Q622825","display_name":"Cluster analysis","level":2,"score":0.7121669054031372},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.4432699680328369},{"id":"https://openalex.org/C96147967","wikidata":"https://www.wikidata.org/wiki/Q190686","display_name":"Subroutine","level":2,"score":0.4415069818496704},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.43983006477355957},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.32956069707870483},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.24259495735168457},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.22292423248291016},{"id":"https://openalex.org/C9390403","wikidata":"https://www.wikidata.org/wiki/Q3966","display_name":"Computer hardware","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/pst52912.2021.9647814","is_oa":false,"landing_page_url":"https://doi.org/10.1109/pst52912.2021.9647814","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 18th International Conference on Privacy, Security and Trust (PST)","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2211.10048","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2211.10048","pdf_url":"https://arxiv.org/pdf/2211.10048","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2211.10048","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2211.10048","pdf_url":"https://arxiv.org/pdf/2211.10048","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":31,"referenced_works":["https://openalex.org/W200681053","https://openalex.org/W1542951150","https://openalex.org/W1548500763","https://openalex.org/W1633644964","https://openalex.org/W1673310716","https://openalex.org/W1973211701","https://openalex.org/W1973403081","https://openalex.org/W1975966552","https://openalex.org/W2003960842","https://openalex.org/W2024170198","https://openalex.org/W2057787526","https://openalex.org/W2066833290","https://openalex.org/W2108104525","https://openalex.org/W2124151159","https://openalex.org/W2155535003","https://openalex.org/W2347098755","https://openalex.org/W2476470656","https://openalex.org/W2533841641","https://openalex.org/W2732916693","https://openalex.org/W2756078197","https://openalex.org/W2765776360","https://openalex.org/W2809646433","https://openalex.org/W2896037892","https://openalex.org/W2962906358","https://openalex.org/W3015605314","https://openalex.org/W3035322448","https://openalex.org/W3166610859","https://openalex.org/W3176174600","https://openalex.org/W3186718598","https://openalex.org/W6637131181","https://openalex.org/W6745456659"],"related_works":["https://openalex.org/W36091977","https://openalex.org/W2800331776","https://openalex.org/W4382794599","https://openalex.org/W2903602818","https://openalex.org/W2003791967","https://openalex.org/W4387382577","https://openalex.org/W3016048014","https://openalex.org/W4294976063","https://openalex.org/W2384735743","https://openalex.org/W2902612505"],"abstract_inverted_index":{"Malwares":[0],"are":[1,135,158],"the":[2,10,25,33,36,43,85,102,108,117,154,171,202],"key":[3],"means":[4],"leveraged":[5],"by":[6,178],"threat":[7],"actors":[8],"in":[9,24,51,91],"cyber":[11],"space":[12],"for":[13,62,142],"their":[14,49,96],"attacks.":[15],"There":[16],"is":[17,150],"a":[18,71,146,182,194],"large":[19],"array":[20],"of":[21,35,87,104,114,148,185,196],"commercial":[22],"solutions":[23],"market":[26],"and":[27,38,54,77,94,189,200],"significant":[28],"scientific":[29],"research":[30],"to":[31,57,73,111,128,152,160,169,193,204],"tackle":[32,66],"challenge":[34],"detection":[37,76],"defense":[39],"against":[40],"malwares.":[41],"At":[42],"same":[44,118],"time,":[45],"attackers":[46],"also":[47],"advance":[48],"capabilities":[50],"creating":[52],"polymorphic":[53],"metamorphic":[55],"malwares":[56,90,115],"make":[58],"it":[59],"increasingly":[60],"challenging":[61],"existing":[63,205],"solutions.":[64],"To":[65],"this":[67],"issue,":[68],"we":[69],"propose":[70],"methodology":[72,82,177],"perform":[74],"malware":[75,119,144,172,190,198],"family":[78,93],"attribution.":[79],"The":[80],"proposed":[81],"first":[83],"performs":[84],"extraction":[86],"opcodes":[88],"from":[89,137],"each":[92,138,143],"constructs":[95],"respective":[97],"opcode":[98,109],"graphs.":[99],"We":[100,174],"explore":[101],"use":[103],"clustering":[105],"algorithms":[106],"on":[107,181],"graphs":[110],"detect":[112],"clusters":[113,122],"within":[116],"family.":[120,155],"Such":[121],"can":[123],"be":[124],"seen":[125],"as":[126,165],"belonging":[127,168,192],"different":[129,197],"sub-family":[130],"groups.":[131],"Opcode":[132],"graph":[133],"signatures":[134,149,157],"built":[136],"detected":[139],"cluster.":[140],"Hence,":[141],"family,":[145],"group":[147],"generated":[151],"represent":[153],"These":[156],"used":[159],"classify":[161],"an":[162],"unknown":[163],"sample":[164],"benign":[166,187],"or":[167],"one":[170],"families.":[173],"evaluate":[175],"our":[176],"performing":[179],"experiments":[180],"dataset":[183],"consisting":[184],"both":[186],"files":[188],"samples":[191],"number":[195],"families":[199],"comparing":[201],"results":[203],"approach.":[206]},"counts_by_year":[{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":1}],"updated_date":"2026-03-10T16:38:18.471706","created_date":"2021-12-31T00:00:00"}