{"id":"https://openalex.org/W3128485327","doi":"https://doi.org/10.1109/snams52053.2020.9336538","title":"Evaluating Performance Maintenance and Deterioration Over Time of Machine Learning-based Malware Detection Models on the EMBER PE Dataset","display_name":"Evaluating Performance Maintenance and Deterioration Over Time of Machine Learning-based Malware Detection Models on the EMBER PE Dataset","publication_year":2020,"publication_date":"2020-12-14","ids":{"openalex":"https://openalex.org/W3128485327","doi":"https://doi.org/10.1109/snams52053.2020.9336538","mag":"3128485327"},"language":"en","primary_location":{"id":"doi:10.1109/snams52053.2020.9336538","is_oa":false,"landing_page_url":"https://doi.org/10.1109/snams52053.2020.9336538","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 Seventh International Conference on Social Networks Analysis, Management and Security (SNAMS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5016876933","display_name":"Colin Galen","orcid":null},"institutions":[{"id":"https://openalex.org/I98993165","display_name":"Capitol Technology University","ror":"https://ror.org/045ej2q36","country_code":"US","type":"education","lineage":["https://openalex.org/I98993165"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Colin Galen","raw_affiliation_strings":["Computer Science Lab, Capitol Technology University,Laurel,MD,USA","Computer Science Lab, Capitol Technology University, Laurel, MD, USA"],"affiliations":[{"raw_affiliation_string":"Computer Science Lab, Capitol Technology University,Laurel,MD,USA","institution_ids":["https://openalex.org/I98993165"]},{"raw_affiliation_string":"Computer Science Lab, Capitol Technology University, Laurel, MD, USA","institution_ids":["https://openalex.org/I98993165"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5036821499","display_name":"R. Steele","orcid":"https://orcid.org/0000-0003-4248-6785"},"institutions":[{"id":"https://openalex.org/I98993165","display_name":"Capitol Technology University","ror":"https://ror.org/045ej2q36","country_code":"US","type":"education","lineage":["https://openalex.org/I98993165"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Robert Steele","raw_affiliation_strings":["Computer Science Lab, Capitol Technology University,Laurel,MD,USA","Computer Science Lab, Capitol Technology University, Laurel, MD, USA"],"affiliations":[{"raw_affiliation_string":"Computer Science Lab, Capitol Technology University,Laurel,MD,USA","institution_ids":["https://openalex.org/I98993165"]},{"raw_affiliation_string":"Computer Science Lab, Capitol Technology University, Laurel, MD, USA","institution_ids":["https://openalex.org/I98993165"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5016876933"],"corresponding_institution_ids":["https://openalex.org/I98993165"],"apc_list":null,"apc_paid":null,"fwci":1.0607,"has_fulltext":false,"cited_by_count":14,"citation_normalized_percentile":{"value":0.779921,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"7"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9966999888420105,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9918000102043152,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.9124080538749695},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8279614448547363},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.7348905801773071},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.6479783654212952},{"id":"https://openalex.org/keywords/face","display_name":"Face (sociological concept)","score":0.4424934685230255},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3447648286819458},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.12865883111953735}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.9124080538749695},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8279614448547363},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.7348905801773071},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.6479783654212952},{"id":"https://openalex.org/C2779304628","wikidata":"https://www.wikidata.org/wiki/Q3503480","display_name":"Face (sociological concept)","level":2,"score":0.4424934685230255},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3447648286819458},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.12865883111953735},{"id":"https://openalex.org/C144024400","wikidata":"https://www.wikidata.org/wiki/Q21201","display_name":"Sociology","level":0,"score":0.0},{"id":"https://openalex.org/C36289849","wikidata":"https://www.wikidata.org/wiki/Q34749","display_name":"Social science","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/snams52053.2020.9336538","is_oa":false,"landing_page_url":"https://doi.org/10.1109/snams52053.2020.9336538","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 Seventh International Conference on Social Networks Analysis, Management and Security (SNAMS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":29,"referenced_works":["https://openalex.org/W62298501","https://openalex.org/W2002478203","https://openalex.org/W2023294425","https://openalex.org/W2041130390","https://openalex.org/W2101234009","https://openalex.org/W2112076978","https://openalex.org/W2157825442","https://openalex.org/W2534043454","https://openalex.org/W2583918649","https://openalex.org/W2738219410","https://openalex.org/W2898132656","https://openalex.org/W2899776223","https://openalex.org/W2911250519","https://openalex.org/W2963106521","https://openalex.org/W2963583660","https://openalex.org/W3008163412","https://openalex.org/W3033637419","https://openalex.org/W3114857645","https://openalex.org/W3126970030","https://openalex.org/W4212883601","https://openalex.org/W4297747285","https://openalex.org/W4300687693","https://openalex.org/W6602539881","https://openalex.org/W6675354045","https://openalex.org/W6676769703","https://openalex.org/W6745899033","https://openalex.org/W6750318962","https://openalex.org/W6787898137","https://openalex.org/W6790696794"],"related_works":["https://openalex.org/W2961085424","https://openalex.org/W4306674287","https://openalex.org/W3046775127","https://openalex.org/W4394896187","https://openalex.org/W3170094116","https://openalex.org/W4386462264","https://openalex.org/W3107602296","https://openalex.org/W4364306694","https://openalex.org/W4312192474","https://openalex.org/W4283697347"],"abstract_inverted_index":{"Academic":[0],"studies":[1],"evaluating":[2],"the":[3,46,52,58,61,84,141,157,166],"performance":[4,44,76,108,117,137,170],"of":[5,27,54,60,83,99,118,129,143,163,169,172],"machine":[6,150,174],"learning-based":[7,151,175],"malware":[8,152,176],"detection":[9,153,177],"models":[10,40,119,133,178],"have":[11],"in":[12,48,57,106,124],"numerous":[13],"cases":[14],"demonstrated":[15],"high":[16,38],"accuracy":[17],"measures,":[18],"based":[19],"upon":[20],"training":[21,55],"and":[22,56,64,94,101,131,139],"evaluation":[23],"on":[24,78],"large":[25,80,97,183],"datasets":[26],"malware/goodware":[28,90,185],"examples.":[29],"However,":[30],"an":[31],"important":[32],"consideration":[33],"is":[34,120,156],"how":[35],"well":[36],"those":[37,127],"performing":[39],"will":[41],"maintain":[42],"their":[43],"into":[45],"future":[47],"real-world":[49,149,184],"settings,":[50],"after":[51],"time":[53],"face":[59],"varying":[62],"malwares":[63],"goodwares":[65],"subsequently":[66],"encountered":[67],"over":[68],"time.":[69],"In":[70],"this":[71],"work,":[72],"we":[73,160],"consider":[74],"model":[75,107,130],"maintenance":[77,109,138],"a":[79,96,103,182],"time-ordered":[81],"dataset":[82],"features":[85],"extracted":[86],"from":[87],"one":[88],"million":[89],"samples.":[91],"We":[92,122],"train":[93],"evaluate":[95,165],"range":[98],"models,":[100,113],"see":[102],"wide":[104],"variation":[105],"for":[110,146],"different":[111,173],"base":[112],"even":[114],"where":[115],"initial":[116],"similar.":[121],"investigate":[123],"further":[125],"detail":[126],"classes":[128],"specific":[132],"that":[134],"show":[135],"highest":[136],"discuss":[140],"significance":[142],"these":[144],"findings":[145],"building":[147],"robust":[148],"systems.":[154],"This":[155],"first":[158],"work":[159],"are":[161],"aware":[162],"to":[164],"relative":[167],"rate":[168],"deterioration":[171],"evaluated":[179],"utilizing":[180],"such":[181],"dataset.":[186]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":3}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}