{"id":"https://openalex.org/W2030806251","doi":"https://doi.org/10.1109/tifs.2013.2291066","title":"Growing Grapes in Your Computer to Defend Against Malware","display_name":"Growing Grapes in Your Computer to Defend Against Malware","publication_year":2013,"publication_date":"2013-11-19","ids":{"openalex":"https://openalex.org/W2030806251","doi":"https://doi.org/10.1109/tifs.2013.2291066","mag":"2030806251"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2013.2291066","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2013.2291066","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5017433912","display_name":"Zhiyong Shan","orcid":null},"institutions":[{"id":"https://openalex.org/I78988378","display_name":"Renmin University of China","ror":"https://ror.org/041pakw92","country_code":"CN","type":"education","lineage":["https://openalex.org/I78988378"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Zhiyong Shan","raw_affiliation_strings":["Department of Computer Science, Renmin University of China and Purdue University, Beijing, China","Department of Computer Science, Renmin University of China, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Renmin University of China and Purdue University, Beijing, China","institution_ids":["https://openalex.org/I78988378"]},{"raw_affiliation_string":"Department of Computer Science, Renmin University of China, Beijing, China","institution_ids":["https://openalex.org/I78988378"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5009150883","display_name":"Xin Wang","orcid":"https://orcid.org/0000-0002-2199-3879"},"institutions":[{"id":"https://openalex.org/I59553526","display_name":"Stony Brook University","ror":"https://ror.org/05qghxh33","country_code":"US","type":"education","lineage":["https://openalex.org/I59553526"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xin Wang","raw_affiliation_strings":["Department of Electrical and Computer Engineering, Stony Brook University, Stony Brook, NY, USA","Dept. of Electr. & Comput. Eng., Stony Brook Univ., Stony Brook, NY, USA#TAB#"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, Stony Brook University, Stony Brook, NY, USA","institution_ids":["https://openalex.org/I59553526"]},{"raw_affiliation_string":"Dept. of Electr. & Comput. Eng., Stony Brook Univ., Stony Brook, NY, USA#TAB#","institution_ids":["https://openalex.org/I59553526"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5017433912"],"corresponding_institution_ids":["https://openalex.org/I78988378"],"apc_list":null,"apc_paid":null,"fwci":2.2344,"has_fulltext":false,"cited_by_count":31,"citation_normalized_percentile":{"value":0.88081293,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":"9","issue":"2","first_page":"196","last_page":"207"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9948999881744385,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8780113458633423},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8297973871231079},{"id":"https://openalex.org/keywords/cluster-analysis","display_name":"Cluster analysis","score":0.7315540313720703},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.6092690229415894},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.5586879253387451},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.5134400129318237},{"id":"https://openalex.org/keywords/cluster","display_name":"Cluster (spacecraft)","score":0.4161780774593353},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3396254777908325},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.335651695728302},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.15613806247711182}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8780113458633423},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8297973871231079},{"id":"https://openalex.org/C73555534","wikidata":"https://www.wikidata.org/wiki/Q622825","display_name":"Cluster analysis","level":2,"score":0.7315540313720703},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.6092690229415894},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.5586879253387451},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.5134400129318237},{"id":"https://openalex.org/C164866538","wikidata":"https://www.wikidata.org/wiki/Q367351","display_name":"Cluster (spacecraft)","level":2,"score":0.4161780774593353},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3396254777908325},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.335651695728302},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.15613806247711182},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tifs.2013.2291066","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2013.2291066","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.47999998927116394,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":37,"referenced_works":["https://openalex.org/W1482228399","https://openalex.org/W1552906779","https://openalex.org/W1578351389","https://openalex.org/W1581009051","https://openalex.org/W1583975142","https://openalex.org/W1595564425","https://openalex.org/W1761672165","https://openalex.org/W1941427975","https://openalex.org/W1956767865","https://openalex.org/W1990649188","https://openalex.org/W2065448121","https://openalex.org/W2086469601","https://openalex.org/W2093406244","https://openalex.org/W2101451533","https://openalex.org/W2103499520","https://openalex.org/W2106649514","https://openalex.org/W2120900307","https://openalex.org/W2125743503","https://openalex.org/W2137569638","https://openalex.org/W2151135920","https://openalex.org/W2152172333","https://openalex.org/W2166924764","https://openalex.org/W2167332015","https://openalex.org/W2167671111","https://openalex.org/W2168519318","https://openalex.org/W2295705535","https://openalex.org/W3136767761","https://openalex.org/W4255411440","https://openalex.org/W6633127768","https://openalex.org/W6634829514","https://openalex.org/W6640826072","https://openalex.org/W6675222458","https://openalex.org/W6675295966","https://openalex.org/W6680876652","https://openalex.org/W6682264434","https://openalex.org/W6684657808","https://openalex.org/W6922295283"],"related_works":["https://openalex.org/W2105037940","https://openalex.org/W4289244019","https://openalex.org/W2952645149","https://openalex.org/W4313315004","https://openalex.org/W1827256152","https://openalex.org/W2999430634","https://openalex.org/W2961085424","https://openalex.org/W2968586400","https://openalex.org/W2888523397","https://openalex.org/W2380798983"],"abstract_inverted_index":{"Behavior-based":[0],"detection":[1,37,55,80,190,274],"is":[2,107,129,167],"promising":[3],"to":[4,19,43,196,212,244],"resolve":[5],"the":[6,13,61,83,88,91,119,122,125,149,154,161,173,182,189,197,220,247,286],"pressing":[7],"security":[8],"problem":[9],"of":[10,50,67,90,102,121,139,159,249],"malware.":[11],"However,":[12],"great":[14],"challenge":[15],"lies":[16],"in":[17,22,227,238],"how":[18],"detect":[20,268],"malware":[21,113,217,251,253,270],"a":[23,34,51,68,73,94,100,112,156,201,214,228,250],"both":[24],"accurate":[25,45,108],"and":[26,54,65,118,164,186,192,208,276],"light-weight":[27,131],"manner.":[28],"In":[29],"this":[30],"paper,":[31],"we":[32],"propose":[33],"novel":[35,157],"behavior-based":[36],"method,":[38],"named":[39],"growing":[40,77],"grapes,":[41],"aiming":[42],"enable":[44],"online":[46],"detection.":[47,218],"It":[48],"consists":[49],"clustering":[52,58],"engine":[53,59,81],"engine.":[56],"The":[57,79,105,127],"groups":[60],"objects,":[62],"e.g.,":[63],"processes":[64,123],"files,":[66],"suspicious":[69],"program":[70],"together":[71],"into":[72],"cluster,":[74],"just":[75],"like":[76],"grapes.":[78],"recognizes":[82],"cluster":[84,92,229],"as":[85,132,236],"malicious":[86,224],"if":[87],"behaviors":[89,117,211],"match":[93],"predefined":[95],"behavior":[96,162],"template":[97,163,165,174,215],"formed":[98],"by":[99,234],"set":[101],"discrete":[103],"behaviors.":[104,126],"approach":[106,128,221,266],"since":[109],"it":[110,133],"identifies":[111,223],"based":[114],"on":[115,148,285],"multiple":[116,210],"source":[120],"requesting":[124],"also":[130,180],"uses":[134],"OS-level":[135],"information":[136],"flows":[137,141],"instead":[138],"data":[140],"that":[142,264],"generally":[143],"impose":[144],"significant":[145],"performance":[146,193],"impact":[147],"system.":[150,287],"To":[151],"further":[152],"improve":[153],"performance,":[155],"method":[158],"organizing":[160],"database":[166],"proposed,":[168],"which":[169,205,241],"not":[170],"only":[171],"makes":[172,181],"matching":[175],"process":[176],"very":[177],"quick,":[178],"but":[179],"storage":[183],"space":[184],"small":[185],"fixed.":[187],"Furthermore,":[188],"accuracy":[191],"are":[194],"optimized":[195],"best":[198],"degree":[199],"using":[200],"combinatorial":[202],"optimization":[203],"algorithm,":[204],"properly":[206],"selects":[207],"combines":[209],"form":[213],"for":[216],"Finally,":[219],"novelly":[222],"OS":[225],"objects":[226],"fashion":[230],"rather":[231],"than":[232],"one":[233,235],"done":[237],"traditional":[239],"methods,":[240],"help":[242],"users":[243],"thoroughly":[245],"eliminate":[246],"changes":[248],"without":[252],"family":[254],"knowledge.":[255],"Compared":[256],"with":[257,272],"commercial":[258],"antimalware":[259],"tools,":[260],"extensive":[261],"experiments":[262],"show":[263],"our":[265],"can":[267],"new":[269],"samples":[271],"higher":[273],"rate":[275,280],"lower":[277],"false":[278],"positive":[279],"while":[281],"imposing":[282],"low":[283],"overhead":[284]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":4},{"year":2020,"cited_by_count":3},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":5},{"year":2017,"cited_by_count":3},{"year":2016,"cited_by_count":4},{"year":2015,"cited_by_count":2},{"year":2014,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}