{"id":"https://openalex.org/W2518895230","doi":"https://doi.org/10.1109/tdsc.2016.2609907","title":"LARGen: Automatic Signature Generation for Malwares Using Latent Dirichlet Allocation","display_name":"LARGen: Automatic Signature Generation for Malwares Using Latent Dirichlet Allocation","publication_year":2016,"publication_date":"2016-09-15","ids":{"openalex":"https://openalex.org/W2518895230","doi":"https://doi.org/10.1109/tdsc.2016.2609907","mag":"2518895230"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2016.2609907","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2016.2609907","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5033598172","display_name":"Suchul Lee","orcid":"https://orcid.org/0000-0002-6117-0770"},"institutions":[{"id":"https://openalex.org/I119575151","display_name":"Korea National University of Transportation","ror":"https://ror.org/03qqbe534","country_code":"KR","type":"education","lineage":["https://openalex.org/I119575151"]},{"id":"https://openalex.org/I4387156240","display_name":"National Security Research Institute","ror":"https://ror.org/01rg5mm74","country_code":"KR","type":"government","lineage":["https://openalex.org/I2801339556","https://openalex.org/I4210144908","https://openalex.org/I4387152098","https://openalex.org/I4387156240"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Suchul Lee","raw_affiliation_strings":["Korea National University of Transportation, Uiwang-si, Korea","National Security Research Institute, Daejeon, Korea","[Korea National University of Transportation, Uiwang-si, Korea]"],"raw_orcid":"https://orcid.org/0000-0002-6117-0770","affiliations":[{"raw_affiliation_string":"Korea National University of Transportation, Uiwang-si, Korea","institution_ids":["https://openalex.org/I119575151"]},{"raw_affiliation_string":"National Security Research Institute, Daejeon, Korea","institution_ids":["https://openalex.org/I4387156240"]},{"raw_affiliation_string":"[Korea National University of Transportation, Uiwang-si, Korea]","institution_ids":["https://openalex.org/I119575151"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100619134","display_name":"Sungho Kim","orcid":"https://orcid.org/0000-0002-5401-2459"},"institutions":[{"id":"https://openalex.org/I4387156240","display_name":"National Security Research Institute","ror":"https://ror.org/01rg5mm74","country_code":"KR","type":"government","lineage":["https://openalex.org/I2801339556","https://openalex.org/I4210144908","https://openalex.org/I4387152098","https://openalex.org/I4387156240"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Sungho Kim","raw_affiliation_strings":["National Security Research Institute, Daejeon, Korea"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"National Security Research Institute, Daejeon, Korea","institution_ids":["https://openalex.org/I4387156240"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069414137","display_name":"Sung-Il Lee","orcid":null},"institutions":[{"id":"https://openalex.org/I119575151","display_name":"Korea National University of Transportation","ror":"https://ror.org/03qqbe534","country_code":"KR","type":"education","lineage":["https://openalex.org/I119575151"]},{"id":"https://openalex.org/I4387156240","display_name":"National Security Research Institute","ror":"https://ror.org/01rg5mm74","country_code":"KR","type":"government","lineage":["https://openalex.org/I2801339556","https://openalex.org/I4210144908","https://openalex.org/I4387152098","https://openalex.org/I4387156240"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Sungil Lee","raw_affiliation_strings":["Korea National University of Transportation, Uiwang-si, Korea","National Security Research Institute, Daejeon, Korea"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Korea National University of Transportation, Uiwang-si, Korea","institution_ids":["https://openalex.org/I119575151"]},{"raw_affiliation_string":"National Security Research Institute, Daejeon, Korea","institution_ids":["https://openalex.org/I4387156240"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028161582","display_name":"Jaehyuk Choi","orcid":"https://orcid.org/0000-0002-4367-3913"},"institutions":[{"id":"https://openalex.org/I12832649","display_name":"Gachon University","ror":"https://ror.org/03ryywt80","country_code":"KR","type":"education","lineage":["https://openalex.org/I12832649"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Jaehyuk Choi","raw_affiliation_strings":["Gachon University, Seongnam-si, Korea","[Gachon University, Seongnam-si, Korea]"],"raw_orcid":"https://orcid.org/0000-0002-4367-3913","affiliations":[{"raw_affiliation_string":"Gachon University, Seongnam-si, Korea","institution_ids":["https://openalex.org/I12832649"]},{"raw_affiliation_string":"[Gachon University, Seongnam-si, Korea]","institution_ids":["https://openalex.org/I12832649"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058435875","display_name":"Hanjun Yoon","orcid":null},"institutions":[{"id":"https://openalex.org/I4387156240","display_name":"National Security Research Institute","ror":"https://ror.org/01rg5mm74","country_code":"KR","type":"government","lineage":["https://openalex.org/I2801339556","https://openalex.org/I4210144908","https://openalex.org/I4387152098","https://openalex.org/I4387156240"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Hanjun Yoon","raw_affiliation_strings":["National Security Research Institute, Daejeon, Korea"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"National Security Research Institute, Daejeon, Korea","institution_ids":["https://openalex.org/I4387156240"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5118899054","display_name":"Dohoon Lee","orcid":null},"institutions":[{"id":"https://openalex.org/I4387156240","display_name":"National Security Research Institute","ror":"https://ror.org/01rg5mm74","country_code":"KR","type":"government","lineage":["https://openalex.org/I2801339556","https://openalex.org/I4210144908","https://openalex.org/I4387152098","https://openalex.org/I4387156240"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Dohoon Lee","raw_affiliation_strings":["National Security Research Institute, Daejeon, Korea"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"National Security Research Institute, Daejeon, Korea","institution_ids":["https://openalex.org/I4387156240"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5025270734","display_name":"Jun-Rak Lee","orcid":null},"institutions":[{"id":"https://openalex.org/I165507594","display_name":"Kangwon National University","ror":"https://ror.org/01mh5ph17","country_code":"KR","type":"education","lineage":["https://openalex.org/I165507594"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Jun-Rak Lee","raw_affiliation_strings":["Kangwon National University, Samcheok-si, Korea"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Kangwon National University, Samcheok-si, Korea","institution_ids":["https://openalex.org/I165507594"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":2.6589,"has_fulltext":false,"cited_by_count":37,"citation_normalized_percentile":{"value":0.91144272,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":"15","issue":"5","first_page":"771","last_page":"783"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8485926389694214},{"id":"https://openalex.org/keywords/latent-dirichlet-allocation","display_name":"Latent Dirichlet allocation","score":0.7005444169044495},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6865695714950562},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.617933988571167},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.614716112613678},{"id":"https://openalex.org/keywords/signature","display_name":"Signature (topology)","score":0.5963975191116333},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.5424033999443054},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5293484330177307},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.5246037244796753},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.5020222663879395},{"id":"https://openalex.org/keywords/network-forensics","display_name":"Network forensics","score":0.46885403990745544},{"id":"https://openalex.org/keywords/attack-patterns","display_name":"Attack patterns","score":0.45936861634254456},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.32314687967300415},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.26353979110717773},{"id":"https://openalex.org/keywords/topic-model","display_name":"Topic model","score":0.16095039248466492},{"id":"https://openalex.org/keywords/digital-forensics","display_name":"Digital forensics","score":0.09271174669265747}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8485926389694214},{"id":"https://openalex.org/C500882744","wikidata":"https://www.wikidata.org/wiki/Q269236","display_name":"Latent Dirichlet allocation","level":3,"score":0.7005444169044495},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6865695714950562},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.617933988571167},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.614716112613678},{"id":"https://openalex.org/C2779696439","wikidata":"https://www.wikidata.org/wiki/Q7512811","display_name":"Signature (topology)","level":2,"score":0.5963975191116333},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.5424033999443054},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5293484330177307},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.5246037244796753},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.5020222663879395},{"id":"https://openalex.org/C50747538","wikidata":"https://www.wikidata.org/wiki/Q7001032","display_name":"Network forensics","level":3,"score":0.46885403990745544},{"id":"https://openalex.org/C2780741293","wikidata":"https://www.wikidata.org/wiki/Q4818019","display_name":"Attack patterns","level":3,"score":0.45936861634254456},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.32314687967300415},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.26353979110717773},{"id":"https://openalex.org/C171686336","wikidata":"https://www.wikidata.org/wiki/Q3532085","display_name":"Topic model","level":2,"score":0.16095039248466492},{"id":"https://openalex.org/C84418412","wikidata":"https://www.wikidata.org/wiki/Q3246940","display_name":"Digital forensics","level":2,"score":0.09271174669265747},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2016.2609907","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2016.2609907","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.6800000071525574,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320321349","display_name":"Korea National University of Transportation","ror":"https://ror.org/03qqbe534"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":66,"referenced_works":["https://openalex.org/W4861383","https://openalex.org/W155384935","https://openalex.org/W191098608","https://openalex.org/W1516111018","https://openalex.org/W1543512222","https://openalex.org/W1583484179","https://openalex.org/W1627074804","https://openalex.org/W1674877186","https://openalex.org/W1775772884","https://openalex.org/W1880262756","https://openalex.org/W1918274310","https://openalex.org/W1970992617","https://openalex.org/W1974189812","https://openalex.org/W1976242982","https://openalex.org/W1985690171","https://openalex.org/W1990312847","https://openalex.org/W1998025795","https://openalex.org/W2001082470","https://openalex.org/W2003619630","https://openalex.org/W2005802709","https://openalex.org/W2011628134","https://openalex.org/W2026065824","https://openalex.org/W2033368661","https://openalex.org/W2039524325","https://openalex.org/W2041855183","https://openalex.org/W2042448840","https://openalex.org/W2063432924","https://openalex.org/W2074909580","https://openalex.org/W2075986968","https://openalex.org/W2083477206","https://openalex.org/W2096205677","https://openalex.org/W2100583963","https://openalex.org/W2100734403","https://openalex.org/W2104706938","https://openalex.org/W2106177700","https://openalex.org/W2110591510","https://openalex.org/W2112459718","https://openalex.org/W2113766921","https://openalex.org/W2116010854","https://openalex.org/W2121448470","https://openalex.org/W2121973001","https://openalex.org/W2137786570","https://openalex.org/W2144119854","https://openalex.org/W2144801155","https://openalex.org/W2153164877","https://openalex.org/W2160140914","https://openalex.org/W2163762767","https://openalex.org/W2171836785","https://openalex.org/W2185643225","https://openalex.org/W2399978149","https://openalex.org/W2401054255","https://openalex.org/W4231510805","https://openalex.org/W4241235419","https://openalex.org/W4250353368","https://openalex.org/W6606342502","https://openalex.org/W6607784307","https://openalex.org/W6632389096","https://openalex.org/W6636576504","https://openalex.org/W6637096788","https://openalex.org/W6638021444","https://openalex.org/W6639619044","https://openalex.org/W6640164566","https://openalex.org/W6676781583","https://openalex.org/W6682749145","https://openalex.org/W6713023146","https://openalex.org/W6713095524"],"related_works":["https://openalex.org/W2035643924","https://openalex.org/W109647043","https://openalex.org/W2347635077","https://openalex.org/W4207048601","https://openalex.org/W4242896091","https://openalex.org/W2131880356","https://openalex.org/W2161225422","https://openalex.org/W2294007831","https://openalex.org/W2537496145","https://openalex.org/W2036903135"],"abstract_inverted_index":{"As":[0],"the":[1,43,68,71,77,89,113,118,140,146,160,170,183,188],"quantity":[2],"and":[3,31,42,73,116,150,207],"complexity":[4],"of":[5,70,112,172,185,190,204],"network":[6,21,137,191,200],"threats":[7],"grow,":[8],"Intrusion":[9],"Detection":[10],"Systems":[11],"(IDSs)":[12],"have":[13],"become":[14],"critical":[15],"for":[16,126,154],"securing":[17],"networks.":[18],"Achieving":[19],"computer":[20],"intrusion":[22],"detection":[23],"with":[24,198,224],"these":[25],"IDSs":[26],"requires":[27],"high-level":[28],"information":[29],"technology":[30],"security":[32],"expertise":[33],"because":[34],"malicious":[35,114,155,179,208],"traffic":[36,115,156],"has":[37],"to":[38,48,95],"be":[39,55,124],"rigorously":[40],"analyzed":[41],"appropriate":[44,119],"IDS":[45,59,97,127,174],"rules":[46,60,215],"written":[47],"effectively":[49],"detect":[50,178,220],"vulnerabilities":[51],"that":[52,87,122,176,213],"may":[53,61],"potentially":[54],"exploited.":[56],"However,":[57],"incorrect":[58],"produce":[62],"numerous":[63],"false":[64],"positives,":[65],"thereby":[66],"degrading":[67],"performance":[69],"IDS,":[72],"even":[74],"worse,":[75],"paralyzing":[76],"network.":[78],"In":[79],"this":[80],"paper,":[81],"we":[82],"present":[83],"a":[84],"novel":[85],"approach":[86],"exploits":[88],"Latent":[90],"Dirichle":[91],"Allocation":[92],"(LDA)":[93],"algorithm":[94],"generate":[96],"rules.":[98,128],"Our":[99],"proposed":[100],"method,":[101],"called":[102],"LDA-based":[103],"Automatic":[104],"Rule":[105],"Generation":[106],"(LARGen),":[107],"automatically":[108],"performs":[109],"an":[110,173],"analysis":[111],"extracts":[117,131],"attack":[120,192,223],"signatures":[121],"will":[123],"used":[125],"LARGen":[129,218],"first":[130],"multiple":[132],"signature":[133,148,193],"strings":[134,153,168],"embedded":[135],"in":[136,187],"flows.":[138],"Then,":[139],"flows":[141],"are":[142,157,169],"classified":[143],"based":[144],"on":[145],"extracted":[147],"strings,":[149],"key":[151,166],"content":[152,167],"identified":[158],"through":[159],"LDA":[161,186],"inferential":[162],"topic":[163],"model.":[164],"Those":[165],"core":[171],"rule":[175],"can":[177],"traffic.":[180,209],"We":[181],"study":[182],"effectiveness":[184],"context":[189],"generation":[194],"via":[195],"extensive":[196],"experiments":[197],"real":[199],"trace":[201],"data,":[202],"consisting":[203],"both":[205],"benign":[206],"Experimental":[210],"results":[211],"confirm":[212],"threat":[214],"generated":[216],"from":[217],"accurately":[219],"every":[221],"cyber":[222],"high":[225],"accuracy.":[226]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":10},{"year":2020,"cited_by_count":5},{"year":2019,"cited_by_count":4},{"year":2018,"cited_by_count":2},{"year":2017,"cited_by_count":3}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}