{"id":"https://openalex.org/W4409426888","doi":"https://doi.org/10.1109/tdsc.2025.3561052","title":"MalFocus: Locating Malicious Modules in Malware Based on Hybrid Deep Learning","display_name":"MalFocus: Locating Malicious Modules in Malware Based on Hybrid Deep Learning","publication_year":2025,"publication_date":"2025-04-14","ids":{"openalex":"https://openalex.org/W4409426888","doi":"https://doi.org/10.1109/tdsc.2025.3561052"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2025.3561052","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2025.3561052","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Weihao Huang","orcid":"https://orcid.org/0009-0000-1503-0964"},"institutions":[{"id":"https://openalex.org/I157773358","display_name":"Sun Yat-sen University","ror":"https://ror.org/0064kty71","country_code":"CN","type":"education","lineage":["https://openalex.org/I157773358"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Weihao Huang","raw_affiliation_strings":["School of Cyber Science and Technology, Shenzhen Campus of Sun Yat-sen University, Shenzhen, China"],"raw_orcid":"https://orcid.org/0009-0000-1503-0964","affiliations":[{"raw_affiliation_string":"School of Cyber Science and Technology, Shenzhen Campus of Sun Yat-sen University, Shenzhen, China","institution_ids":["https://openalex.org/I157773358"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Chaoyang Lin","orcid":"https://orcid.org/0009-0004-5963-2886"},"institutions":[{"id":"https://openalex.org/I4210143258","display_name":"SBS CyberSecurity (United States)","ror":"https://ror.org/0572r3k48","country_code":"US","type":"company","lineage":["https://openalex.org/I4210143258"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Chaoyang Lin","raw_affiliation_strings":["Safety &#x0026; CyberSecurity, NIO, Shanghai, China","Safety &amp; CyberSecurity, NIO, Shanghai, China"],"raw_orcid":"https://orcid.org/0009-0004-5963-2886","affiliations":[{"raw_affiliation_string":"Safety &#x0026; CyberSecurity, NIO, Shanghai, China","institution_ids":["https://openalex.org/I4210143258"]},{"raw_affiliation_string":"Safety &amp; CyberSecurity, NIO, Shanghai, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":null,"display_name":"Lu Xiang","orcid":"https://orcid.org/0009-0000-7959-7433"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Lu Xiang","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"],"raw_orcid":"https://orcid.org/0009-0000-7959-7433","affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Zhiyu Zhang","orcid":"https://orcid.org/0009-0006-7966-3107"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I45928872","display_name":"Alibaba Group (China)","ror":"https://ror.org/00k642b80","country_code":"CN","type":"company","lineage":["https://openalex.org/I45928872"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhiyu Zhang","raw_affiliation_strings":["Alibaba Cloud Computing, Hangzhou, China","Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"],"raw_orcid":"https://orcid.org/0009-0006-7966-3107","affiliations":[{"raw_affiliation_string":"Alibaba Cloud Computing, Hangzhou, China","institution_ids":["https://openalex.org/I45928872"]},{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5017417068","display_name":"Guozhu Meng","orcid":"https://orcid.org/0000-0001-6388-2571"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Guozhu Meng","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0001-6388-2571","affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5095909642","display_name":"Lei Xue","orcid":"https://orcid.org/0009-0003-1952-885X"},"institutions":[{"id":"https://openalex.org/I157773358","display_name":"Sun Yat-sen University","ror":"https://ror.org/0064kty71","country_code":"CN","type":"education","lineage":["https://openalex.org/I157773358"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Lei Xue","raw_affiliation_strings":["School of Cyber Science and Technology, Shenzhen Campus of Sun Yat-sen University, Shenzhen, China"],"raw_orcid":"https://orcid.org/0009-0003-1952-885X","affiliations":[{"raw_affiliation_string":"School of Cyber Science and Technology, Shenzhen Campus of Sun Yat-sen University, Shenzhen, China","institution_ids":["https://openalex.org/I157773358"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100437976","display_name":"Kai Chen","orcid":"https://orcid.org/0000-0002-5624-2987"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Kai Chen","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0002-5624-2987","affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101944414","display_name":"Lei Meng","orcid":"https://orcid.org/0000-0002-9384-3837"},"institutions":[{"id":"https://openalex.org/I45928872","display_name":"Alibaba Group (China)","ror":"https://ror.org/00k642b80","country_code":"CN","type":"company","lineage":["https://openalex.org/I45928872"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Lei Meng","raw_affiliation_strings":["Alibaba Cloud Computing, Hangzhou, China","Alibaba Group, Hangzhou, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Alibaba Cloud Computing, Hangzhou, China","institution_ids":["https://openalex.org/I45928872"]},{"raw_affiliation_string":"Alibaba Group, Hangzhou, China","institution_ids":["https://openalex.org/I45928872"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5103246273","display_name":"Zongming Zhang","orcid":"https://orcid.org/0000-0002-7108-2432"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I45928872","display_name":"Alibaba Group (China)","ror":"https://ror.org/00k642b80","country_code":"CN","type":"company","lineage":["https://openalex.org/I45928872"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zongming Zhang","raw_affiliation_strings":["Alibaba Cloud Computing, Hangzhou, China","Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","Alibaba Group, Hangzhou, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Alibaba Cloud Computing, Hangzhou, China","institution_ids":["https://openalex.org/I45928872"]},{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"Alibaba Group, Hangzhou, China","institution_ids":["https://openalex.org/I45928872"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":9,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I157773358"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.07622997,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"22","issue":"5","first_page":"5060","last_page":"5076"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9918000102043152,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8313513398170471},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8132638931274414},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4957490861415863},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.49033045768737793},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.44656047224998474},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.3821394443511963}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8313513398170471},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8132638931274414},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4957490861415863},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.49033045768737793},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.44656047224998474},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3821394443511963}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2025.3561052","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2025.3561052","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/8","display_name":"Decent work and economic growth","score":0.41999998688697815}],"awards":[{"id":"https://openalex.org/G1176391293","display_name":null,"funder_award_id":"W2412110","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G4673128147","display_name":null,"funder_award_id":"62372490","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":57,"referenced_works":["https://openalex.org/W1482612322","https://openalex.org/W1567553843","https://openalex.org/W1573526548","https://openalex.org/W1589720045","https://openalex.org/W1956519559","https://openalex.org/W1987684126","https://openalex.org/W2054093027","https://openalex.org/W2060692877","https://openalex.org/W2071289869","https://openalex.org/W2080778654","https://openalex.org/W2089458547","https://openalex.org/W2095293504","https://openalex.org/W2103464385","https://openalex.org/W2114312434","https://openalex.org/W2120418828","https://openalex.org/W2134262590","https://openalex.org/W2144112223","https://openalex.org/W2150795982","https://openalex.org/W2151135920","https://openalex.org/W2170770919","https://openalex.org/W2191468669","https://openalex.org/W2462192250","https://openalex.org/W2508015754","https://openalex.org/W2572070369","https://openalex.org/W2601116080","https://openalex.org/W2606250847","https://openalex.org/W2735533479","https://openalex.org/W2792657554","https://openalex.org/W2794239758","https://openalex.org/W2794801050","https://openalex.org/W2806646123","https://openalex.org/W2849849680","https://openalex.org/W2885070483","https://openalex.org/W2897887243","https://openalex.org/W2901486871","https://openalex.org/W2961187130","https://openalex.org/W2972552958","https://openalex.org/W2982596671","https://openalex.org/W2982645003","https://openalex.org/W2984061032","https://openalex.org/W2986144686","https://openalex.org/W2987962504","https://openalex.org/W2990954041","https://openalex.org/W2998074434","https://openalex.org/W3002912819","https://openalex.org/W3008497156","https://openalex.org/W3023529621","https://openalex.org/W3031273498","https://openalex.org/W3035409833","https://openalex.org/W3045322569","https://openalex.org/W3109130616","https://openalex.org/W3167818199","https://openalex.org/W4200050214","https://openalex.org/W4211030792","https://openalex.org/W4247464060","https://openalex.org/W4300103449","https://openalex.org/W4402056280"],"related_works":["https://openalex.org/W2731899572","https://openalex.org/W3215138031","https://openalex.org/W3009238340","https://openalex.org/W4360585206","https://openalex.org/W4321369474","https://openalex.org/W4285208911","https://openalex.org/W3082895349","https://openalex.org/W4213079790","https://openalex.org/W2248239756","https://openalex.org/W3086377361"],"abstract_inverted_index":{"In":[0,54],"recent":[1],"years,":[2],"binary":[3,125],"malware":[4,93,134,179,199],"detection":[5,210],"has":[6],"attracted":[7],"extensive":[8],"attention":[9],"from":[10,52,185],"industry":[11],"and":[12,50,98,118,143,197,208],"academia.":[13],"However,":[14],"most":[15],"of":[16,82,132,139,169,177,229],"the":[17,47,66,79,101,130,137,167,178,186],"existing":[18],"work":[19,45],"only":[20],"focuses":[21],"on":[22,46,123,216],"judging":[23],"whether":[24],"a":[25,86,109,124,174,205],"sample":[26],"is":[27],"malicious":[28,34,43,63,80,102],"or":[29],"not,":[30],"rather":[31],"than":[32],"identifying":[33],"modules":[35],"in":[36,108,113],"malware.":[37,83],"Few":[38],"studies":[39],"aiming":[40],"at":[41,65],"locating":[42,62],"code":[44,64],"function":[48],"granularity":[49],"suffer":[51],"inaccuracy.":[53],"this":[55,59],"paper,":[56],"we":[57],"address":[58],"problem":[60],"by":[61],"functional":[67,103],"module":[68,104],"(<italic":[69,105],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[70,96,106,141,153,189,231],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">FM</i>)":[71],"granularity,":[72],"which":[73,114],"combines":[74],"several":[75],"functions":[76],"to":[77,90,147,158,164,194],"express":[78],"behaviors":[81],"We":[84,212],"design":[85],"tool":[87],"called":[88],"MalFocus":[89,224],"automatically":[91],"divide":[92],"into":[94],"<italic":[95,140,152,188,230],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">FMs</i>":[97],"then":[99,156],"identify":[100,227],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">MFM</i>)":[107],"multi-model":[110],"hybrid":[111],"manner,":[112],"an":[115,119],"unsupervised":[116],"model":[117],"interpretability":[120],"approach":[121],"based":[122],"classifier":[126],"are":[127,155],"combined,":[128],"eliminating":[129],"workload":[131],"labeling":[133],"samples,":[135],"determining":[136],"scope":[138,168],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">MFMs</i>":[142,154,190],"ranking":[144],"them":[145],"according":[146],"their":[148],"maliciousness.":[149],"The":[150,220],"identified":[151],"passed":[157],"security":[159],"analysts":[160],"for":[161],"verification,":[162],"helping":[163],"significantly":[165],"reduce":[166],"manual":[170],"analysis":[171],"while":[172],"providing":[173],"comprehensive":[175],"view":[176],"attack":[180],"flow.":[181],"Additionally,":[182],"rules":[183],"derived":[184],"verified":[187],"can":[191,225],"be":[192],"used":[193],"detect":[195],"variants":[196],"new":[198],"families":[200],"with":[201],"different":[202],"functionalities,":[203],"offering":[204],"more":[206],"general":[207],"flexible":[209],"approach.":[211],"evaluate":[213],"MalFocus\u2019s":[214],"performance":[215],"6764":[217],"real-world":[218],"samples.":[219],"results":[221],"show":[222],"that":[223],"correctly":[226],"95%":[228],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">MFMs</i>,":[232],"outperforming":[233],"current":[234],"state-of-the-art":[235],"work.":[236]},"counts_by_year":[],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}