{"id":"https://openalex.org/W4402807503","doi":"https://doi.org/10.1109/tdsc.2024.3449641","title":"NeuroYara: Learning to Rank for Yara Rules Generation Through Deep Language Modeling and Discriminative N-Gram Encoding","display_name":"NeuroYara: Learning to Rank for Yara Rules Generation Through Deep Language Modeling and Discriminative N-Gram Encoding","publication_year":2024,"publication_date":"2024-09-24","ids":{"openalex":"https://openalex.org/W4402807503","doi":"https://doi.org/10.1109/tdsc.2024.3449641"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2024.3449641","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2024.3449641","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5056137272","display_name":"Ziad Mansour","orcid":"https://orcid.org/0000-0002-0577-2793"},"institutions":[{"id":"https://openalex.org/I204722609","display_name":"Queen's University","ror":"https://ror.org/02y72wh86","country_code":"CA","type":"education","lineage":["https://openalex.org/I204722609"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Ziad Mansour","raw_affiliation_strings":["School of Computing, Queen&#x2019;s University, Kingston, ON, Canada","School of Computing, Queen&#x0027;s University, Ontario, Canada"],"affiliations":[{"raw_affiliation_string":"School of Computing, Queen&#x2019;s University, Kingston, ON, Canada","institution_ids":["https://openalex.org/I204722609"]},{"raw_affiliation_string":"School of Computing, Queen&#x0027;s University, Ontario, Canada","institution_ids":["https://openalex.org/I204722609"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001268150","display_name":"Weihan Ou","orcid":"https://orcid.org/0000-0002-6911-6146"},"institutions":[{"id":"https://openalex.org/I204722609","display_name":"Queen's University","ror":"https://ror.org/02y72wh86","country_code":"CA","type":"education","lineage":["https://openalex.org/I204722609"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Weihan Ou","raw_affiliation_strings":["School of Computing, Queen&#x2019;s University, Kingston, ON, Canada","School of Computing, Queen&#x0027;s University, Ontario, Canada"],"affiliations":[{"raw_affiliation_string":"School of Computing, Queen&#x2019;s University, Kingston, ON, Canada","institution_ids":["https://openalex.org/I204722609"]},{"raw_affiliation_string":"School of Computing, Queen&#x0027;s University, Ontario, Canada","institution_ids":["https://openalex.org/I204722609"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5007693994","display_name":"Steven H. H. Ding","orcid":"https://orcid.org/0000-0003-4513-200X"},"institutions":[{"id":"https://openalex.org/I204722609","display_name":"Queen's University","ror":"https://ror.org/02y72wh86","country_code":"CA","type":"education","lineage":["https://openalex.org/I204722609"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Steven H. H. Ding","raw_affiliation_strings":["School of Computing, Queen&#x2019;s University, Kingston, ON, Canada","School of Computing, Queen&#x0027;s University, Ontario, Canada"],"affiliations":[{"raw_affiliation_string":"School of Computing, Queen&#x2019;s University, Kingston, ON, Canada","institution_ids":["https://openalex.org/I204722609"]},{"raw_affiliation_string":"School of Computing, Queen&#x0027;s University, Ontario, Canada","institution_ids":["https://openalex.org/I204722609"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5005563986","display_name":"Mohammad Zulkernine","orcid":"https://orcid.org/0000-0003-1697-4101"},"institutions":[{"id":"https://openalex.org/I204722609","display_name":"Queen's University","ror":"https://ror.org/02y72wh86","country_code":"CA","type":"education","lineage":["https://openalex.org/I204722609"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Mohammad Zulkernine","raw_affiliation_strings":["School of Computing, Queen&#x2019;s University, Kingston, ON, Canada","School of Computing, Queen&#x0027;s University, Ontario, Canada"],"affiliations":[{"raw_affiliation_string":"School of Computing, Queen&#x2019;s University, Kingston, ON, Canada","institution_ids":["https://openalex.org/I204722609"]},{"raw_affiliation_string":"School of Computing, Queen&#x0027;s University, Ontario, Canada","institution_ids":["https://openalex.org/I204722609"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5052958340","display_name":"Philippe Charland","orcid":"https://orcid.org/0000-0003-4051-9942"},"institutions":[{"id":"https://openalex.org/I1297460800","display_name":"Defence Research and Development Canada","ror":"https://ror.org/00hgy8d33","country_code":"CA","type":"funder","lineage":["https://openalex.org/I1297460800","https://openalex.org/I1336338359","https://openalex.org/I2802286613"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Philippe Charland","raw_affiliation_strings":["Mission Critical Cyber Security Section, Defence R&#x0026;D Canada - Valcartier, Quebec, QC, Canada","Mission Critical Cyber Security Section, Defence R&amp;D Canada - Valcartier, Quebec, QC, Canada"],"affiliations":[{"raw_affiliation_string":"Mission Critical Cyber Security Section, Defence R&#x0026;D Canada - Valcartier, Quebec, QC, Canada","institution_ids":["https://openalex.org/I1297460800"]},{"raw_affiliation_string":"Mission Critical Cyber Security Section, Defence R&amp;D Canada - Valcartier, Quebec, QC, Canada","institution_ids":["https://openalex.org/I1297460800"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5056137272"],"corresponding_institution_ids":["https://openalex.org/I204722609"],"apc_list":null,"apc_paid":null,"fwci":0.3415,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.66513783,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":"22","issue":"2","first_page":"1747","last_page":"1762"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10181","display_name":"Natural Language Processing Techniques","score":0.9912999868392944,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10181","display_name":"Natural Language Processing Techniques","score":0.9912999868392944,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10028","display_name":"Topic Modeling","score":0.9204000234603882,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12031","display_name":"Speech and dialogue systems","score":0.9085000157356262,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/discriminative-model","display_name":"Discriminative model","score":0.8358860611915588},{"id":"https://openalex.org/keywords/n-gram","display_name":"n-gram","score":0.7980280518531799},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7241252064704895},{"id":"https://openalex.org/keywords/encoding","display_name":"Encoding (memory)","score":0.6877200603485107},{"id":"https://openalex.org/keywords/gram","display_name":"Gram","score":0.6729587316513062},{"id":"https://openalex.org/keywords/rank","display_name":"Rank (graph theory)","score":0.6333852410316467},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5247949361801147},{"id":"https://openalex.org/keywords/language-model","display_name":"Language model","score":0.5121190547943115},{"id":"https://openalex.org/keywords/natural-language-processing","display_name":"Natural language processing","score":0.39243006706237793},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.13634595274925232}],"concepts":[{"id":"https://openalex.org/C97931131","wikidata":"https://www.wikidata.org/wiki/Q5282087","display_name":"Discriminative model","level":2,"score":0.8358860611915588},{"id":"https://openalex.org/C117884012","wikidata":"https://www.wikidata.org/wiki/Q94489","display_name":"n-gram","level":3,"score":0.7980280518531799},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7241252064704895},{"id":"https://openalex.org/C125411270","wikidata":"https://www.wikidata.org/wiki/Q18653","display_name":"Encoding (memory)","level":2,"score":0.6877200603485107},{"id":"https://openalex.org/C161369605","wikidata":"https://www.wikidata.org/wiki/Q41803","display_name":"Gram","level":3,"score":0.6729587316513062},{"id":"https://openalex.org/C164226766","wikidata":"https://www.wikidata.org/wiki/Q7293202","display_name":"Rank (graph theory)","level":2,"score":0.6333852410316467},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5247949361801147},{"id":"https://openalex.org/C137293760","wikidata":"https://www.wikidata.org/wiki/Q3621696","display_name":"Language model","level":2,"score":0.5121190547943115},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.39243006706237793},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.13634595274925232},{"id":"https://openalex.org/C523546767","wikidata":"https://www.wikidata.org/wiki/Q10876","display_name":"Bacteria","level":2,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C54355233","wikidata":"https://www.wikidata.org/wiki/Q7162","display_name":"Genetics","level":1,"score":0.0},{"id":"https://openalex.org/C114614502","wikidata":"https://www.wikidata.org/wiki/Q76592","display_name":"Combinatorics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2024.3449641","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2024.3449641","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Reduced inequalities","score":0.8100000023841858,"id":"https://metadata.un.org/sdg/10"}],"awards":[{"id":"https://openalex.org/G1393169191","display_name":null,"funder_award_id":"RGPIN/06962-2020","funder_id":"https://openalex.org/F4320334593","funder_display_name":"Natural Sciences and Engineering Research Council of Canada"}],"funders":[{"id":"https://openalex.org/F4320334593","display_name":"Natural Sciences and Engineering Research Council of Canada","ror":"https://ror.org/01h531d29"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":33,"referenced_works":["https://openalex.org/W151377110","https://openalex.org/W179875071","https://openalex.org/W1551618785","https://openalex.org/W1552056088","https://openalex.org/W1583484179","https://openalex.org/W1893133781","https://openalex.org/W2033368661","https://openalex.org/W2098691354","https://openalex.org/W2099053789","https://openalex.org/W2129650357","https://openalex.org/W2131774270","https://openalex.org/W2138357890","https://openalex.org/W2144112223","https://openalex.org/W2157153057","https://openalex.org/W2157331557","https://openalex.org/W2170529403","https://openalex.org/W2402268235","https://openalex.org/W2514847810","https://openalex.org/W2800695847","https://openalex.org/W2942735926","https://openalex.org/W2969656743","https://openalex.org/W2972552958","https://openalex.org/W2997915791","https://openalex.org/W3083177412","https://openalex.org/W3084078945","https://openalex.org/W3117809002","https://openalex.org/W4313020371","https://openalex.org/W6635128577","https://openalex.org/W6640212811","https://openalex.org/W6739901393","https://openalex.org/W6748325151","https://openalex.org/W6755207826","https://openalex.org/W6767924629"],"related_works":["https://openalex.org/W2906970013","https://openalex.org/W3126081632","https://openalex.org/W2625039379","https://openalex.org/W2088254117","https://openalex.org/W4254593385","https://openalex.org/W2790582133","https://openalex.org/W2113687551","https://openalex.org/W2250909759","https://openalex.org/W1901380241","https://openalex.org/W2787311093"],"abstract_inverted_index":{"Signature-based":[0],"malware":[1,27,39],"detection":[2],"methods":[3,79],"are":[4],"recognized":[5],"for":[6,25,127],"their":[7],"simplicity,":[8],"explainability,":[9],"and":[10,49,122,135,201],"efficiency.":[11],"One":[12],"of":[13,62,86,95,137,174],"the":[14,23,60,71,119,142,185],"most":[15],"commonly":[16],"used":[17],"tools":[18,200],"is":[19],"Yara,":[20],"which":[21],"provides":[22,132],"syntax":[24],"crafting":[26],"signatures.":[28],"However,":[29],"while":[30,140,190],"developing":[31],"high-quality":[32],"Yara":[33,172],"rules":[34,173,192],"requires":[35],"significant":[36],"expertise":[37],"in":[38],"analysis,":[40],"training":[41],"such":[42],"skilled":[43],"analysts":[44,189],"can":[45],"be":[46],"both":[47],"resource-intensive":[48],"time-consuming.":[50],"While":[51],"a":[52,97,107,157,194],"few":[53],"works":[54,68],"have":[55],"been":[56],"conducted":[57],"to":[58,90,101,113,117,149,164],"automate":[59],"generation":[61],"signatures,":[63],"signatures":[64],"generated":[65,73],"by":[66,188],"those":[67],"typically":[69],"underperform":[70],"manually":[72],"ones.":[74],"In":[75],"addition,":[76],"these":[77,153],"automated":[78],"often":[80],"depend":[81],"on":[82],"large":[83,98],"static":[84],"databases":[85],"hard-coded":[87],"byte":[88,103],"n-grams":[89,125,139,167],"minimize":[91],"false":[92],"positives.":[93],"Instead":[94],"storing":[96],"non-inclusive":[99],"database":[100],"score":[102],"n-grams,":[104],"we":[105],"propose":[106],"novel":[108],"architecture":[109],"utilizing":[110],"two":[111,154],"learning":[112],"rank":[114],"neural":[115],"networks":[116],"understand":[118],"underlying":[120],"effectiveness":[121],"correlations":[123],"among":[124],"extracted":[126],"rule":[128],"construction.":[129],"This":[130],"approach":[131],"better":[133],"flexibility":[134],"coverage":[136],"possible":[138],"reducing":[141],"required":[143],"storage":[144],"size":[145],"from":[146],"several":[147],"GBs":[148],"only":[150],"10MBs.":[151],"Combining":[152],"models":[155],"with":[156,193],"hierarchical":[158],"density-based":[159],"clustering":[160],"method":[161],"allows":[162],"us":[163],"group":[165],"multiple":[166],"into":[168],"logical":[169],"conditions":[170],"as":[171],"higher":[175],"quality.":[176],"Experimental":[177],"results":[178],"show":[179],"that":[180],"our":[181],"framework,":[182],"NeuroYara,":[183],"reduces":[184],"resources":[186],"invested":[187],"generating":[191],"low":[195],"false-positive":[196],"rate":[197],"outperforming":[198],"existing":[199],"manually-generated":[202],"rules.":[203]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-10-10T00:00:00"}