{"id":"https://openalex.org/W7117129491","doi":"https://doi.org/10.1109/tifs.2025.3648113","title":"MCLPF: Malware Collaborative Detection With LLM-Enhanced Pruning for Attributed Interpretable Flow Graphs","display_name":"MCLPF: Malware Collaborative Detection With LLM-Enhanced Pruning for Attributed Interpretable Flow Graphs","publication_year":2025,"publication_date":"2025-12-24","ids":{"openalex":"https://openalex.org/W7117129491","doi":"https://doi.org/10.1109/tifs.2025.3648113"},"language":null,"primary_location":{"id":"doi:10.1109/tifs.2025.3648113","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2025.3648113","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Jun Tang","orcid":"https://orcid.org/0009-0000-6935-1608"},"institutions":[{"id":"https://openalex.org/I41198531","display_name":"Nanjing University of Posts and Telecommunications","ror":"https://ror.org/043bpky34","country_code":"CN","type":"education","lineage":["https://openalex.org/I41198531"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Jun Tang","raw_affiliation_strings":["School of Computer Science, the State Key Laboratory of Tibetan Intelligence, and Jiangsu Provincial Key Laboratory of Internet of Things Intelligent Perception and Computing, Nanjing University of Posts and Telecommunications, Nanjing, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science, the State Key Laboratory of Tibetan Intelligence, and Jiangsu Provincial Key Laboratory of Internet of Things Intelligent Perception and Computing, Nanjing University of Posts and Telecommunications, Nanjing, China","institution_ids":["https://openalex.org/I41198531"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5121208823","display_name":"Zijun Li","orcid":null},"institutions":[{"id":"https://openalex.org/I41198531","display_name":"Nanjing University of Posts and Telecommunications","ror":"https://ror.org/043bpky34","country_code":"CN","type":"education","lineage":["https://openalex.org/I41198531"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zijun Li","raw_affiliation_strings":["School of Computer Science, the State Key Laboratory of Tibetan Intelligence, and Jiangsu Provincial Key Laboratory of Internet of Things Intelligent Perception and Computing, Nanjing University of Posts and Telecommunications, Nanjing, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science, the State Key Laboratory of Tibetan Intelligence, and Jiangsu Provincial Key Laboratory of Internet of Things Intelligent Perception and Computing, Nanjing University of Posts and Telecommunications, Nanjing, China","institution_ids":["https://openalex.org/I41198531"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5026099432","display_name":"Haiping Huang","orcid":null},"institutions":[{"id":"https://openalex.org/I41198531","display_name":"Nanjing University of Posts and Telecommunications","ror":"https://ror.org/043bpky34","country_code":"CN","type":"education","lineage":["https://openalex.org/I41198531"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Haiping Huang","raw_affiliation_strings":["School of Computer Science, the State Key Laboratory of Tibetan Intelligence, and Jiangsu Provincial Key Laboratory of Internet of Things Intelligent Perception and Computing, Nanjing University of Posts and Telecommunications, Nanjing, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science, the State Key Laboratory of Tibetan Intelligence, and Jiangsu Provincial Key Laboratory of Internet of Things Intelligent Perception and Computing, Nanjing University of Posts and Telecommunications, Nanjing, China","institution_ids":["https://openalex.org/I41198531"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5027733268","display_name":"Le Yu","orcid":"https://orcid.org/0000-0003-1457-6329"},"institutions":[{"id":"https://openalex.org/I41198531","display_name":"Nanjing University of Posts and Telecommunications","ror":"https://ror.org/043bpky34","country_code":"CN","type":"education","lineage":["https://openalex.org/I41198531"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Le Yu","raw_affiliation_strings":["School of Computer Science, the State Key Laboratory of Tibetan Intelligence, and Jiangsu Provincial Key Laboratory of Internet of Things Intelligent Perception and Computing, Nanjing University of Posts and Telecommunications, Nanjing, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science, the State Key Laboratory of Tibetan Intelligence, and Jiangsu Provincial Key Laboratory of Internet of Things Intelligent Perception and Computing, Nanjing University of Posts and Telecommunications, Nanjing, China","institution_ids":["https://openalex.org/I41198531"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5121161052","display_name":"Fu Xiao","orcid":null},"institutions":[{"id":"https://openalex.org/I41198531","display_name":"Nanjing University of Posts and Telecommunications","ror":"https://ror.org/043bpky34","country_code":"CN","type":"education","lineage":["https://openalex.org/I41198531"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Fu Xiao","raw_affiliation_strings":["School of Computer Science, the State Key Laboratory of Tibetan Intelligence, and Jiangsu Provincial Key Laboratory of Internet of Things Intelligent Perception and Computing, Nanjing University of Posts and Telecommunications, Nanjing, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science, the State Key Laboratory of Tibetan Intelligence, and Jiangsu Provincial Key Laboratory of Internet of Things Intelligent Perception and Computing, Nanjing University of Posts and Telecommunications, Nanjing, China","institution_ids":["https://openalex.org/I41198531"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5121142165","display_name":"Ruilong Deng","orcid":null},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ruilong Deng","raw_affiliation_strings":["College of Control Science and Engineering, Zhejiang University, Hangzhou, Zhejiang, China"],"affiliations":[{"raw_affiliation_string":"College of Control Science and Engineering, Zhejiang University, Hangzhou, Zhejiang, China","institution_ids":["https://openalex.org/I76130692"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I41198531"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.63330081,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"21","issue":null,"first_page":"460","last_page":"475"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.711899995803833,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.711899995803833,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11273","display_name":"Advanced Graph Neural Networks","score":0.07760000228881836,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.022199999541044235,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.6949999928474426},{"id":"https://openalex.org/keywords/control-flow-graph","display_name":"Control flow graph","score":0.6877999901771545},{"id":"https://openalex.org/keywords/pruning","display_name":"Pruning","score":0.5805000066757202},{"id":"https://openalex.org/keywords/control-flow","display_name":"Control flow","score":0.555899977684021},{"id":"https://openalex.org/keywords/embedding","display_name":"Embedding","score":0.5038999915122986},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.49639999866485596},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.39750000834465027},{"id":"https://openalex.org/keywords/language-model","display_name":"Language model","score":0.3675999939441681},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.33329999446868896}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8652999997138977},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.6949999928474426},{"id":"https://openalex.org/C27458966","wikidata":"https://www.wikidata.org/wiki/Q1187693","display_name":"Control flow graph","level":2,"score":0.6877999901771545},{"id":"https://openalex.org/C108010975","wikidata":"https://www.wikidata.org/wiki/Q500094","display_name":"Pruning","level":2,"score":0.5805000066757202},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5717999935150146},{"id":"https://openalex.org/C160191386","wikidata":"https://www.wikidata.org/wiki/Q868299","display_name":"Control flow","level":2,"score":0.555899977684021},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5436000227928162},{"id":"https://openalex.org/C41608201","wikidata":"https://www.wikidata.org/wiki/Q980509","display_name":"Embedding","level":2,"score":0.5038999915122986},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.49639999866485596},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.39750000834465027},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3788999915122986},{"id":"https://openalex.org/C137293760","wikidata":"https://www.wikidata.org/wiki/Q3621696","display_name":"Language model","level":2,"score":0.3675999939441681},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.33329999446868896},{"id":"https://openalex.org/C168725872","wikidata":"https://www.wikidata.org/wiki/Q991663","display_name":"Sophistication","level":2,"score":0.33009999990463257},{"id":"https://openalex.org/C2776359362","wikidata":"https://www.wikidata.org/wiki/Q2145286","display_name":"Representation (politics)","level":3,"score":0.3278999924659729},{"id":"https://openalex.org/C2781067378","wikidata":"https://www.wikidata.org/wiki/Q17027399","display_name":"Interpretability","level":2,"score":0.3154999911785126},{"id":"https://openalex.org/C55439883","wikidata":"https://www.wikidata.org/wiki/Q360812","display_name":"Correctness","level":2,"score":0.3093000054359436},{"id":"https://openalex.org/C106937863","wikidata":"https://www.wikidata.org/wiki/Q7236518","display_name":"Power graph analysis","level":3,"score":0.299699991941452},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.29580000042915344},{"id":"https://openalex.org/C52622490","wikidata":"https://www.wikidata.org/wiki/Q1026626","display_name":"Feature extraction","level":2,"score":0.29249998927116394},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.2782000005245209},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.2766000032424927},{"id":"https://openalex.org/C3770464","wikidata":"https://www.wikidata.org/wiki/Q775963","display_name":"Smoothing","level":2,"score":0.27559998631477356},{"id":"https://openalex.org/C111335779","wikidata":"https://www.wikidata.org/wiki/Q3454686","display_name":"Reduction (mathematics)","level":2,"score":0.2712000012397766},{"id":"https://openalex.org/C152745839","wikidata":"https://www.wikidata.org/wiki/Q5438153","display_name":"Fault detection and isolation","level":3,"score":0.2685999870300293},{"id":"https://openalex.org/C2777462759","wikidata":"https://www.wikidata.org/wiki/Q18395344","display_name":"Word embedding","level":3,"score":0.2653000056743622},{"id":"https://openalex.org/C77618280","wikidata":"https://www.wikidata.org/wiki/Q1155772","display_name":"Scheme (mathematics)","level":2,"score":0.26249998807907104},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.25920000672340393},{"id":"https://openalex.org/C75564084","wikidata":"https://www.wikidata.org/wiki/Q5597085","display_name":"Graph embedding","level":3,"score":0.2572999894618988},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.2572000026702881}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tifs.2025.3648113","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2025.3648113","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G698852458","display_name":null,"funder_award_id":"62293503","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":45,"referenced_works":["https://openalex.org/W1832693441","https://openalex.org/W2008453980","https://openalex.org/W2567948266","https://openalex.org/W2584009249","https://openalex.org/W2788919350","https://openalex.org/W2907492528","https://openalex.org/W2964015378","https://openalex.org/W2969904462","https://openalex.org/W2973937899","https://openalex.org/W2992820505","https://openalex.org/W3125508839","https://openalex.org/W3178593045","https://openalex.org/W3196688193","https://openalex.org/W3201570226","https://openalex.org/W4255756278","https://openalex.org/W4281659734","https://openalex.org/W4283017975","https://openalex.org/W4283214123","https://openalex.org/W4287849792","https://openalex.org/W4290876396","https://openalex.org/W4292230971","https://openalex.org/W4294877868","https://openalex.org/W4295950666","https://openalex.org/W4308529607","https://openalex.org/W4308632257","https://openalex.org/W4313216189","https://openalex.org/W4360831820","https://openalex.org/W4388571407","https://openalex.org/W4390698031","https://openalex.org/W4392303153","https://openalex.org/W4394001739","https://openalex.org/W4394862626","https://openalex.org/W4398183551","https://openalex.org/W4399930919","https://openalex.org/W4400076000","https://openalex.org/W4400909628","https://openalex.org/W4401879213","https://openalex.org/W4402457704","https://openalex.org/W4404136508","https://openalex.org/W4405103929","https://openalex.org/W4407247921","https://openalex.org/W4408749888","https://openalex.org/W4409361689","https://openalex.org/W4411997068","https://openalex.org/W4415795551"],"related_works":[],"abstract_inverted_index":{"With":[0],"the":[1,50,71,128,191,200,211,223,228],"increasing":[2],"sophistication":[3],"of":[4,33,53,74,186,199,208,227],"malware,":[5,34],"enhanced":[6],"Attributed":[7,91],"Control":[8],"Flow":[9,93],"Graphs":[10],"(ACFGs)":[11],"have":[12],"become":[13],"a":[14,89],"fundamental":[15],"representation":[16],"and":[17,38,105,121,131,137,168,170,189,225],"are":[18],"widely":[19],"applied":[20],"in":[21,46],"malware":[22,64,76],"detection.":[23],"However,":[24],"existing":[25,75],"CFG-based":[26],"detection":[27,54,65,77,123,179,212],"techniques":[28],"primarily":[29],"extract":[30,97],"shallow":[31],"features":[32,109],"neglecting":[35],"deeper":[36],"structural":[37],"semantic":[39],"characteristics.":[40],"Additionally,":[41],"retaining":[42],"all":[43],"basic":[44],"blocks":[45],"CFGs":[47],"significantly":[48],"increases":[49],"memory":[51],"overhead":[52],"models.":[55],"To":[56],"address":[57],"these":[58],"issues,":[59],"we":[60],"propose":[61],"MCLPF,":[62],"collaborative":[63],"with":[66,146,202],"interpretable":[67],"pruning,":[68],"to":[69,96,196],"improve":[70],"overall":[72],"performance":[73,213],"systems":[78],"that":[79,172],"rely":[80],"on":[81,151],"fine-grained":[82],"control":[83],"flow":[84],"features.":[85],"MCLPF":[86],"first":[87],"introduces":[88],"novel":[90],"Interpretable":[92],"Graph":[94,147],"(AIFG)":[95],"functional":[98],"attributes,":[99],"integrating":[100],"node-level":[101],"features,":[102,104],"edge-level":[103],"assembly":[106],"language":[107,132],"embedding":[108],"derived":[110],"from":[111],"Large":[112],"Language":[113,143],"Models":[114,144],"(LLMs).":[115],"Subsequently,":[116],"it":[117],"proposes":[118],"an":[119,176,203],"efficient":[120],"reliable":[122],"scheme":[124],"by":[125],"alternately":[126],"updating":[127],"graph":[129],"structure":[130],"learning":[133],"modules":[134],"through":[135],"L-Step":[136],"G-Step,":[138],"rather":[139],"than":[140],"synchronously":[141],"training":[142],"(LMs)":[145],"Neural":[148],"Networks":[149],"(GNNs)":[150],"large-scale":[152],"graphs.":[153],"We":[154],"conduct":[155],"experiments":[156],"using":[157],"public":[158],"datasets":[159],"involving":[160],"four":[161],"different":[162],"architectures":[163],"(i.e.,":[164,181],"PE-32,":[165],"PE-64,":[166],"ELF-32,":[167],"ELF-64)":[169],"demonstrate":[171],"our":[173],"model":[174],"achieves":[175],"exceptionally":[177],"high":[178],"accuracy":[180],"99.30%).":[182],"After":[183],"pruning":[184],"100%":[185],"noncritical":[187],"nodes":[188],"edges,":[190],"sample":[192],"size":[193],"is":[194],"reduced":[195],"approximately":[197],"8%":[198],"original,":[201],"average":[204],"time":[205],"cost":[206],"reduction":[207],"74.7%,":[209],"while":[210],"fluctuation":[214],"averages":[215],"only":[216],"about":[217],"1%.":[218],"Extensive":[219],"cross-dataset":[220],"evaluations":[221],"validate":[222],"effectiveness":[224],"efficiency":[226],"proposed":[229],"method.":[230]},"counts_by_year":[],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-12-24T00:00:00"}