{"id":"https://openalex.org/W3188588464","doi":"https://doi.org/10.1109/tcad.2021.3102007","title":"Accurate and Robust Malware Detection: Running XGBoost on Runtime Data From Performance Counters","display_name":"Accurate and Robust Malware Detection: Running XGBoost on Runtime Data From Performance Counters","publication_year":2021,"publication_date":"2021-08-03","ids":{"openalex":"https://openalex.org/W3188588464","doi":"https://doi.org/10.1109/tcad.2021.3102007","mag":"3188588464"},"language":"en","primary_location":{"id":"doi:10.1109/tcad.2021.3102007","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tcad.2021.3102007","pdf_url":null,"source":{"id":"https://openalex.org/S100835903","display_name":"IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems","issn_l":"0278-0070","issn":["0278-0070","1937-4151"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5090705662","display_name":"Rana Elnaggar","orcid":"https://orcid.org/0000-0002-9733-2938"},"institutions":[{"id":"https://openalex.org/I170897317","display_name":"Duke University","ror":"https://ror.org/00py81415","country_code":"US","type":"education","lineage":["https://openalex.org/I170897317"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Rana Elnaggar","raw_affiliation_strings":["Department of Electrical and Computer Engineering, Duke University, Durham, NC, USA"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, Duke University, Durham, NC, USA","institution_ids":["https://openalex.org/I170897317"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5015292011","display_name":"Lorenzo Servadei","orcid":null},"institutions":[{"id":"https://openalex.org/I121883995","display_name":"Johannes Kepler University of Linz","ror":"https://ror.org/052r2xn60","country_code":"AT","type":"education","lineage":["https://openalex.org/I121883995"]},{"id":"https://openalex.org/I137594350","display_name":"Infineon Technologies (Germany)","ror":"https://ror.org/005kw6t15","country_code":"DE","type":"company","lineage":["https://openalex.org/I137594350"]}],"countries":["AT","DE"],"is_corresponding":false,"raw_author_name":"Lorenzo Servadei","raw_affiliation_strings":["Power &#x0026; Sensors Systems, Infineon Technologies, Neubiberg, Germany","Johannes Kepler University, Linz, Austria"],"affiliations":[{"raw_affiliation_string":"Power &#x0026; Sensors Systems, Infineon Technologies, Neubiberg, Germany","institution_ids":["https://openalex.org/I137594350"]},{"raw_affiliation_string":"Johannes Kepler University, Linz, Austria","institution_ids":["https://openalex.org/I121883995"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5012464938","display_name":"Shubham Mathur","orcid":"https://orcid.org/0000-0002-5616-0877"},"institutions":[{"id":"https://openalex.org/I170897317","display_name":"Duke University","ror":"https://ror.org/00py81415","country_code":"US","type":"education","lineage":["https://openalex.org/I170897317"]},{"id":"https://openalex.org/I205783295","display_name":"Cornell University","ror":"https://ror.org/05bnh6r87","country_code":"US","type":"education","lineage":["https://openalex.org/I205783295"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Shubham Mathur","raw_affiliation_strings":["Duke University, Durham, NC, USA","Mechanical and Aerospace Engineering Department, Cornell University, Ithaca, NY, USA"],"affiliations":[{"raw_affiliation_string":"Duke University, Durham, NC, USA","institution_ids":["https://openalex.org/I170897317"]},{"raw_affiliation_string":"Mechanical and Aerospace Engineering Department, Cornell University, Ithaca, NY, USA","institution_ids":["https://openalex.org/I205783295"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5004214923","display_name":"Robert Wille","orcid":"https://orcid.org/0000-0002-4993-7860"},"institutions":[{"id":"https://openalex.org/I121883995","display_name":"Johannes Kepler University of Linz","ror":"https://ror.org/052r2xn60","country_code":"AT","type":"education","lineage":["https://openalex.org/I121883995"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Robert Wille","raw_affiliation_strings":["Institute for Integrated Circuits, Johannes Kepler University, Linz, Austria"],"affiliations":[{"raw_affiliation_string":"Institute for Integrated Circuits, Johannes Kepler University, Linz, Austria","institution_ids":["https://openalex.org/I121883995"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046956677","display_name":"Wolfgang Ecker","orcid":"https://orcid.org/0000-0002-9362-8096"},"institutions":[{"id":"https://openalex.org/I137594350","display_name":"Infineon Technologies (Germany)","ror":"https://ror.org/005kw6t15","country_code":"DE","type":"company","lineage":["https://openalex.org/I137594350"]},{"id":"https://openalex.org/I62916508","display_name":"Technical University of Munich","ror":"https://ror.org/02kkvpp62","country_code":"DE","type":"education","lineage":["https://openalex.org/I62916508"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Wolfgang Ecker","raw_affiliation_strings":["Design Enabling &#x0026; Services, Infineon Technologies, Neubiberg, Germany","Department of Design Automation, Technical University of Munich, Munich, Germany"],"affiliations":[{"raw_affiliation_string":"Design Enabling &#x0026; Services, Infineon Technologies, Neubiberg, Germany","institution_ids":["https://openalex.org/I137594350"]},{"raw_affiliation_string":"Department of Design Automation, Technical University of Munich, Munich, Germany","institution_ids":["https://openalex.org/I62916508"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5033880864","display_name":"Krishnendu Chakrabarty","orcid":"https://orcid.org/0000-0003-4475-6435"},"institutions":[{"id":"https://openalex.org/I170897317","display_name":"Duke University","ror":"https://ror.org/00py81415","country_code":"US","type":"education","lineage":["https://openalex.org/I170897317"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Krishnendu Chakrabarty","raw_affiliation_strings":["Department of Electrical and Computer Engineering, Duke University, Durham, NC, USA"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, Duke University, Durham, NC, USA","institution_ids":["https://openalex.org/I170897317"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5090705662"],"corresponding_institution_ids":["https://openalex.org/I170897317"],"apc_list":null,"apc_paid":null,"fwci":1.6927,"has_fulltext":false,"cited_by_count":20,"citation_normalized_percentile":{"value":0.84678881,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":"41","issue":"7","first_page":"2066","last_page":"2079"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.9379671216011047},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8177624344825745},{"id":"https://openalex.org/keywords/preprocessor","display_name":"Preprocessor","score":0.6591693162918091},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.5750970840454102},{"id":"https://openalex.org/keywords/cryptovirology","display_name":"Cryptovirology","score":0.4602988362312317},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.4224199652671814},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.41645127534866333},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.41283828020095825},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3900126814842224}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.9379671216011047},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8177624344825745},{"id":"https://openalex.org/C34736171","wikidata":"https://www.wikidata.org/wiki/Q918333","display_name":"Preprocessor","level":2,"score":0.6591693162918091},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.5750970840454102},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.4602988362312317},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4224199652671814},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.41645127534866333},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.41283828020095825},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3900126814842224}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tcad.2021.3102007","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tcad.2021.3102007","pdf_url":null,"source":{"id":"https://openalex.org/S100835903","display_name":"IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems","issn_l":"0278-0070","issn":["0278-0070","1937-4151"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.5600000023841858,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":45,"referenced_works":["https://openalex.org/W1534477342","https://openalex.org/W1968969471","https://openalex.org/W1984732505","https://openalex.org/W2024170198","https://openalex.org/W2058315483","https://openalex.org/W2083350792","https://openalex.org/W2109628770","https://openalex.org/W2124833832","https://openalex.org/W2154871153","https://openalex.org/W2166509025","https://openalex.org/W2168020168","https://openalex.org/W2295124130","https://openalex.org/W2295598076","https://openalex.org/W2319159802","https://openalex.org/W2515745369","https://openalex.org/W2516373086","https://openalex.org/W2602229646","https://openalex.org/W2744095836","https://openalex.org/W2767023880","https://openalex.org/W2807415350","https://openalex.org/W2945980541","https://openalex.org/W2950774332","https://openalex.org/W2963389226","https://openalex.org/W2964159373","https://openalex.org/W3007346474","https://openalex.org/W3215186461","https://openalex.org/W4240768087","https://openalex.org/W4242127608","https://openalex.org/W4244356531","https://openalex.org/W4256044039","https://openalex.org/W4293846201","https://openalex.org/W4297957988","https://openalex.org/W6607259140","https://openalex.org/W6630645733","https://openalex.org/W6679060694","https://openalex.org/W6682777827","https://openalex.org/W6685053522","https://openalex.org/W6695159855","https://openalex.org/W6726264252","https://openalex.org/W6729756640","https://openalex.org/W6739868092","https://openalex.org/W6745899033","https://openalex.org/W6761231816","https://openalex.org/W6761664358","https://openalex.org/W6762976101"],"related_works":["https://openalex.org/W4249009605","https://openalex.org/W2900526031","https://openalex.org/W2395100307","https://openalex.org/W3183826413","https://openalex.org/W4243179955","https://openalex.org/W2968504645","https://openalex.org/W2557742076","https://openalex.org/W4234891089","https://openalex.org/W1956767865","https://openalex.org/W2887568553"],"abstract_inverted_index":{"Malware":[0],"applications":[1],"are":[2,73,176],"one":[3],"of":[4,87,98,143,147],"the":[5,85,88,96,111,140,163],"major":[6],"threats":[7],"that":[8,30,64,110,138,159,175],"computing":[9],"systems":[10],"face":[11],"today.":[12],"While":[13],"security":[14],"researchers":[15],"develop":[16],"new":[17,27],"defense":[18,34],"mechanisms":[19,35],"to":[20,25,40,55,94,168,172,178],"detect":[21,56,115],"malware,":[22],"attackers":[23],"continue":[24],"release":[26],"malware":[28,65,99,116,148,181],"families":[29],"evade":[31],"detection.":[32],"New":[33],"must":[36],"therefore":[37],"be":[38,92],"developed":[39],"effectively":[41],"counter":[42],"malware.":[43,57],"Hardware":[44],"performance":[45,71,97],"counters":[46,72],"(HPCs)":[47],"have":[48],"been":[49],"recently":[50],"proposed":[51,112],"as":[52],"a":[53,134,144],"means":[54],"However,":[58],"recent":[59],"work":[60],"has":[61],"also":[62,108],"shown":[63],"detection":[66,100,142,182],"is":[67],"not":[68],"effective":[69],"when":[70],"sampled":[74],"in":[75],"realistic":[76],"scenarios.":[77],"We":[78,107],"show":[79,109,158],"how":[80],"proper":[81],"data":[82],"preprocessing":[83],"and":[84],"use":[86],"XGBoost":[89,164],"classifier":[90,165],"can":[91,114],"used":[93],"improve":[95],"using":[101],"HPCs":[102],"by":[103,122],"at":[104,126],"least":[105],"15%.":[106],"method":[113],"early":[117,141],"(shortly":[118],"after":[119],"its":[120,180],"launch)":[121],"classifying":[123],"HPC":[124],"datastreams":[125],"short":[127],"time":[128],"intervals.":[129],"In":[130],"addition,":[131],"we":[132,157],"propose":[133],"multitemporal":[135],"classification":[136],"model":[137],"ensures":[139],"high":[145],"percentage":[146],"while":[149],"maintaining":[150],"overall":[151],"low":[152],"false":[153],"positive":[154],"rates.":[155],"Finally,":[156],"through":[160],"robust":[161],"training,":[162],"shows":[166],"up":[167],"50x":[169],"less":[170],"vulnerability":[171],"adversarial":[173],"attacks":[174],"intended":[177],"undermine":[179],"performance.":[183]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":8},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":1}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}