{"id":"https://openalex.org/W1661167618","doi":"https://doi.org/10.1109/tifs.2015.2469253","title":"Employing Program Semantics for Malware Detection","display_name":"Employing Program Semantics for Malware Detection","publication_year":2015,"publication_date":"2015-08-17","ids":{"openalex":"https://openalex.org/W1661167618","doi":"https://doi.org/10.1109/tifs.2015.2469253","mag":"1661167618"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2015.2469253","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2015.2469253","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5074937791","display_name":"Smita Naval","orcid":"https://orcid.org/0000-0003-3533-5030"},"institutions":[{"id":"https://openalex.org/I83205935","display_name":"Malaviya National Institute of Technology Jaipur","ror":"https://ror.org/0077k1j32","country_code":"IN","type":"education","lineage":["https://openalex.org/I83205935"]}],"countries":["IN"],"is_corresponding":true,"raw_author_name":"Smita Naval","raw_affiliation_strings":["Department of Computer Science and Engineering, Malaviya National Institute of Technology at Jaipur, Jaipur, India"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Engineering, Malaviya National Institute of Technology at Jaipur, Jaipur, India","institution_ids":["https://openalex.org/I83205935"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5087820056","display_name":"Vijay Laxmi","orcid":"https://orcid.org/0000-0002-3662-8487"},"institutions":[{"id":"https://openalex.org/I83205935","display_name":"Malaviya National Institute of Technology Jaipur","ror":"https://ror.org/0077k1j32","country_code":"IN","type":"education","lineage":["https://openalex.org/I83205935"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Vijay Laxmi","raw_affiliation_strings":["Department of Computer Science and Engineering, Malaviya National Institute of Technology at Jaipur, Jaipur, India"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Engineering, Malaviya National Institute of Technology at Jaipur, Jaipur, India","institution_ids":["https://openalex.org/I83205935"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059640195","display_name":"Muttukrishnan Rajarajan","orcid":"https://orcid.org/0000-0001-5814-9922"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Muttukrishnan Rajarajan","raw_affiliation_strings":["Department of Security Engineering, City University London, London, U.K"],"affiliations":[{"raw_affiliation_string":"Department of Security Engineering, City University London, London, U.K","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028420263","display_name":"Manoj Singh Gaur","orcid":"https://orcid.org/0000-0002-0497-721X"},"institutions":[{"id":"https://openalex.org/I83205935","display_name":"Malaviya National Institute of Technology Jaipur","ror":"https://ror.org/0077k1j32","country_code":"IN","type":"education","lineage":["https://openalex.org/I83205935"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Manoj Singh Gaur","raw_affiliation_strings":["Department of Computer Science and Engineering, Malaviya National Institute of Technology at Jaipur, Jaipur, India"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Engineering, Malaviya National Institute of Technology at Jaipur, Jaipur, India","institution_ids":["https://openalex.org/I83205935"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5063847107","display_name":"Mauro Conti","orcid":"https://orcid.org/0000-0002-3612-1934"},"institutions":[{"id":"https://openalex.org/I138689650","display_name":"University of Padua","ror":"https://ror.org/00240q980","country_code":"IT","type":"education","lineage":["https://openalex.org/I138689650"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Mauro Conti","raw_affiliation_strings":["Department of Mathematics, University of Padua, Padua, Italy","[Department of Mathematics, University of Padua, Padua, Italy]"],"affiliations":[{"raw_affiliation_string":"Department of Mathematics, University of Padua, Padua, Italy","institution_ids":["https://openalex.org/I138689650"]},{"raw_affiliation_string":"[Department of Mathematics, University of Padua, Padua, Italy]","institution_ids":["https://openalex.org/I138689650"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5074937791"],"corresponding_institution_ids":["https://openalex.org/I83205935"],"apc_list":null,"apc_paid":null,"fwci":8.1081,"has_fulltext":false,"cited_by_count":109,"citation_normalized_percentile":{"value":0.98075372,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":100},"biblio":{"volume":"10","issue":"12","first_page":"2591","last_page":"2604"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9930999875068665,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.9384140968322754},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8662706613540649},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.777624249458313},{"id":"https://openalex.org/keywords/cryptovirology","display_name":"Cryptovirology","score":0.7538638114929199},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.6149968504905701},{"id":"https://openalex.org/keywords/evasion","display_name":"Evasion (ethics)","score":0.6069117188453674},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5775235295295715},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.4246734082698822},{"id":"https://openalex.org/keywords/semantics","display_name":"Semantics (computer science)","score":0.413277804851532},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.3304583430290222},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.16928702592849731}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.9384140968322754},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8662706613540649},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.777624249458313},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.7538638114929199},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.6149968504905701},{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.6069117188453674},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5775235295295715},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.4246734082698822},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.413277804851532},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3304583430290222},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.16928702592849731},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C8891405","wikidata":"https://www.wikidata.org/wiki/Q1059","display_name":"Immune system","level":2,"score":0.0},{"id":"https://openalex.org/C203014093","wikidata":"https://www.wikidata.org/wiki/Q101929","display_name":"Immunology","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/tifs.2015.2469253","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2015.2469253","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},{"id":"pmh:oai:openaccess.city.ac.uk:12313","is_oa":false,"landing_page_url":"https://openaccess.city.ac.uk/view/creators_id/m=2Erajarajan.html>","pdf_url":null,"source":{"id":"https://openalex.org/S4306401940","display_name":"City Research Online (City University London)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I180825142","host_organization_name":"City, University of London","host_organization_lineage":["https://openalex.org/I180825142"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":null,"raw_type":"PeerReviewed"},{"id":"pmh:oai:www.research.unipd.it:11577/3169198","is_oa":false,"landing_page_url":"http://hdl.handle.net/11577/3169198","pdf_url":null,"source":{"id":"https://openalex.org/S4377196283","display_name":"Research Padua  Archive (University of Padua)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I138689650","host_organization_name":"University of Padua","host_organization_lineage":["https://openalex.org/I138689650"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.7400000095367432,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":57,"referenced_works":["https://openalex.org/W10841817","https://openalex.org/W11174961","https://openalex.org/W57205749","https://openalex.org/W191656338","https://openalex.org/W654161293","https://openalex.org/W1519699895","https://openalex.org/W1531782611","https://openalex.org/W1581009051","https://openalex.org/W1845875229","https://openalex.org/W1876478908","https://openalex.org/W1884976205","https://openalex.org/W1973715256","https://openalex.org/W1977119258","https://openalex.org/W1984350393","https://openalex.org/W1985328160","https://openalex.org/W1991001460","https://openalex.org/W1992904312","https://openalex.org/W1996975221","https://openalex.org/W1998188341","https://openalex.org/W2003568760","https://openalex.org/W2005662348","https://openalex.org/W2030806251","https://openalex.org/W2032151752","https://openalex.org/W2041404167","https://openalex.org/W2041905826","https://openalex.org/W2046504126","https://openalex.org/W2054093027","https://openalex.org/W2072617132","https://openalex.org/W2098668462","https://openalex.org/W2101699859","https://openalex.org/W2111574103","https://openalex.org/W2113242816","https://openalex.org/W2120297918","https://openalex.org/W2125743503","https://openalex.org/W2126359798","https://openalex.org/W2130826921","https://openalex.org/W2130971075","https://openalex.org/W2131296020","https://openalex.org/W2131523719","https://openalex.org/W2131726714","https://openalex.org/W2134380836","https://openalex.org/W2140807364","https://openalex.org/W2158698691","https://openalex.org/W2159238567","https://openalex.org/W2166564602","https://openalex.org/W2166924764","https://openalex.org/W2177448797","https://openalex.org/W2294212083","https://openalex.org/W2478708596","https://openalex.org/W2538108907","https://openalex.org/W2545965848","https://openalex.org/W2911964244","https://openalex.org/W3128209738","https://openalex.org/W6631261549","https://openalex.org/W6631877889","https://openalex.org/W6674527536","https://openalex.org/W6677743974"],"related_works":["https://openalex.org/W2900526031","https://openalex.org/W4296272594","https://openalex.org/W4360993664","https://openalex.org/W2465235098","https://openalex.org/W2470029541","https://openalex.org/W2167003418","https://openalex.org/W2470502009","https://openalex.org/W2128507946","https://openalex.org/W2728713145","https://openalex.org/W1573526548"],"abstract_inverted_index":{"In":[0,11],"recent":[1],"years,":[2],"malware":[3,13,25,37,187,207,222],"has":[4],"emerged":[5],"as":[6,178],"a":[7,191],"critical":[8],"security":[9],"threat.":[10],"addition,":[12],"authors":[14],"continue":[15],"to":[16,21,63,95,128,153,162,175,186,196],"embed":[17],"numerous":[18],"anti-detection":[19,80],"features":[20],"evade":[22],"the":[23,41,47,65,92,102,107,111,164,168,179,204,214],"existing":[24,112,205],"detection":[26,38,170,208],"approaches.":[27],"Against":[28],"this":[29,117],"advanced":[30],"class":[31],"of":[32,49,56,70,82,194],"malicious":[33,93,165],"programs,":[34],"dynamic":[35,57],"behavior-based":[36],"approaches":[39,44,74],"outperform":[40],"traditional":[42],"signature-based":[43],"by":[45],"neutralizing":[46],"effects":[48],"obfuscation":[50],"and":[51,67,98,200],"morphing":[52],"techniques.":[53,209],"The":[54,149,210],"majority":[55],"behavior":[58],"detectors":[59],"rely":[60],"on":[61],"system-calls":[62,100],"model":[64,171],"infection":[66],"propagation":[68],"dynamics":[69],"malware.":[71],"However,":[72],"these":[73],"do":[75],"not":[76,126,183],"account":[77],"an":[78,121],"important":[79],"feature":[81],"modern":[83],"malware,":[84],"i.e.,":[85],"systemcall":[86],"injection":[87,130],"attack.":[88],"This":[89],"attack":[90],"allows":[91,151],"binaries":[94],"inject":[96],"irrelevant":[97],"independent":[99],"during":[101],"program":[103,136],"execution":[104,108],"thus":[105],"modifying":[106],"sequences":[109,157],"defeating":[110],"system-call-based":[113,206],"detection.":[114],"To":[115],"address":[116],"problem,":[118],"we":[119],"propose":[120],"evasion-proof":[122],"solution":[123,199,216],"that":[124,158,213],"is":[125,172,217],"vulnerable":[127,174],"system-call":[129],"attacks.":[131],"Our":[132],"proposed":[133,169,215],"approach":[134],"characterizes":[135],"semantics":[137],"using":[138],"asymptotic":[139],"equipartition":[140],"property":[141],"(AEP)":[142],"mainly":[143],"applied":[144],"in":[145,219],"information":[146],"theoretic":[147],"domain.":[148],"AEP":[150],"us":[152],"extract":[154],"information-rich":[155],"call":[156],"are":[159,182],"further":[160],"quantified":[161],"detect":[163],"binaries.":[166],"Furthermore,":[167],"less":[173],"call-injection":[176],"attacks":[177],"discriminating":[180],"components":[181],"directly":[184],"visible":[185],"authors.":[188],"We":[189],"run":[190],"thorough":[192],"set":[193],"experiments":[195],"evaluate":[197],"our":[198],"compare":[201],"it":[202],"with":[203],"results":[211],"demonstrate":[212],"effective":[218],"identifying":[220],"real":[221],"instances.":[223]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":8},{"year":2023,"cited_by_count":15},{"year":2022,"cited_by_count":11},{"year":2021,"cited_by_count":13},{"year":2020,"cited_by_count":14},{"year":2019,"cited_by_count":12},{"year":2018,"cited_by_count":11},{"year":2017,"cited_by_count":12},{"year":2016,"cited_by_count":5}],"updated_date":"2026-03-22T08:09:32.410652","created_date":"2025-10-10T00:00:00"}