{"id":"https://openalex.org/W4226510616","doi":"https://doi.org/10.1109/tii.2022.3167672","title":"IIoT Deep Malware Threat Hunting: From Adversarial Example Detection to Adversarial Scenario Detection","display_name":"IIoT Deep Malware Threat Hunting: From Adversarial Example Detection to Adversarial Scenario Detection","publication_year":2022,"publication_date":"2022-04-19","ids":{"openalex":"https://openalex.org/W4226510616","doi":"https://doi.org/10.1109/tii.2022.3167672"},"language":"en","primary_location":{"id":"doi:10.1109/tii.2022.3167672","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tii.2022.3167672","pdf_url":null,"source":{"id":"https://openalex.org/S184777250","display_name":"IEEE Transactions on Industrial Informatics","issn_l":"1551-3203","issn":["1551-3203","1941-0050"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Industrial Informatics","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5017182552","display_name":"Bardia Esmaeili","orcid":"https://orcid.org/0000-0003-0149-501X"},"institutions":[{"id":"https://openalex.org/I79817857","display_name":"University of Guelph","ror":"https://ror.org/01r7awg59","country_code":"CA","type":"education","lineage":["https://openalex.org/I79817857"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Bardia Esmaeili","raw_affiliation_strings":["Cyber Science Laboratory, School of Computer Science, University of Guelph, Guelph, ON, Canada"],"raw_orcid":"https://orcid.org/0000-0003-0149-501X","affiliations":[{"raw_affiliation_string":"Cyber Science Laboratory, School of Computer Science, University of Guelph, Guelph, ON, Canada","institution_ids":["https://openalex.org/I79817857"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046380826","display_name":"Amin Azmoodeh","orcid":"https://orcid.org/0000-0002-4109-4395"},"institutions":[{"id":"https://openalex.org/I79817857","display_name":"University of Guelph","ror":"https://ror.org/01r7awg59","country_code":"CA","type":"education","lineage":["https://openalex.org/I79817857"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Amin Azmoodeh","raw_affiliation_strings":["Cyber Science Laboratory, School of Computer Science, University of Guelph, Guelph, ON, Canada"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Cyber Science Laboratory, School of Computer Science, University of Guelph, Guelph, ON, Canada","institution_ids":["https://openalex.org/I79817857"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038019914","display_name":"Ali Dehghantanha","orcid":"https://orcid.org/0000-0002-9294-7554"},"institutions":[{"id":"https://openalex.org/I79817857","display_name":"University of Guelph","ror":"https://ror.org/01r7awg59","country_code":"CA","type":"education","lineage":["https://openalex.org/I79817857"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Ali Dehghantanha","raw_affiliation_strings":["Cyber Science Laboratory, School of Computer Science, University of Guelph, Guelph, ON, Canada"],"raw_orcid":"https://orcid.org/0000-0002-9294-7554","affiliations":[{"raw_affiliation_string":"Cyber Science Laboratory, School of Computer Science, University of Guelph, Guelph, ON, Canada","institution_ids":["https://openalex.org/I79817857"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102945288","display_name":"Hadis Karimipour","orcid":"https://orcid.org/0000-0001-7948-4033"},"institutions":[{"id":"https://openalex.org/I168635309","display_name":"University of Calgary","ror":"https://ror.org/03yjb2x39","country_code":"CA","type":"education","lineage":["https://openalex.org/I168635309"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Hadis Karimipour","raw_affiliation_strings":["Electrical and Computer Engineering, University of Calgary, Calgary, AB, Canada"],"raw_orcid":"https://orcid.org/0000-0001-7948-4033","affiliations":[{"raw_affiliation_string":"Electrical and Computer Engineering, University of Calgary, Calgary, AB, Canada","institution_ids":["https://openalex.org/I168635309"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029096455","display_name":"Behrouz Zolfaghari","orcid":"https://orcid.org/0000-0001-6691-0988"},"institutions":[{"id":"https://openalex.org/I79817857","display_name":"University of Guelph","ror":"https://ror.org/01r7awg59","country_code":"CA","type":"education","lineage":["https://openalex.org/I79817857"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Behrouz Zolfaghari","raw_affiliation_strings":["Cyber Science Laboratory, School of Computer Science, University of Guelph, Guelph, ON, Canada"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Cyber Science Laboratory, School of Computer Science, University of Guelph, Guelph, ON, Canada","institution_ids":["https://openalex.org/I79817857"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5089637331","display_name":"Mohammad Hammoudeh","orcid":"https://orcid.org/0000-0003-1058-0996"},"institutions":[{"id":"https://openalex.org/I134085113","display_name":"King Fahd University of Petroleum and Minerals","ror":"https://ror.org/03yez3163","country_code":"SA","type":"education","lineage":["https://openalex.org/I134085113"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Mohammad Hammoudeh","raw_affiliation_strings":["Department of Information and Computer Science, King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia"],"raw_orcid":"https://orcid.org/0000-0003-1058-0996","affiliations":[{"raw_affiliation_string":"Department of Information and Computer Science, King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia","institution_ids":["https://openalex.org/I134085113"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":4.6084,"has_fulltext":false,"cited_by_count":34,"citation_normalized_percentile":{"value":0.95656886,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":"18","issue":"12","first_page":"8477","last_page":"8486"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9954000115394592,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7913670539855957},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7288118004798889},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.6126921772956848},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.6117709279060364},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5602906942367554},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.45999252796173096},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.4492824375629425},{"id":"https://openalex.org/keywords/convolutional-neural-network","display_name":"Convolutional neural network","score":0.4379897117614746},{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.43708330392837524},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.416599839925766},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3763813376426697},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2585277557373047},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.2524767518043518},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.09219643473625183}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7913670539855957},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7288118004798889},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.6126921772956848},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.6117709279060364},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5602906942367554},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.45999252796173096},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.4492824375629425},{"id":"https://openalex.org/C81363708","wikidata":"https://www.wikidata.org/wiki/Q17084460","display_name":"Convolutional neural network","level":2,"score":0.4379897117614746},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.43708330392837524},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.416599839925766},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3763813376426697},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2585277557373047},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.2524767518043518},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.09219643473625183}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tii.2022.3167672","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tii.2022.3167672","pdf_url":null,"source":{"id":"https://openalex.org/S184777250","display_name":"IEEE Transactions on Industrial Informatics","issn_l":"1551-3203","issn":["1551-3203","1941-0050"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Industrial Informatics","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.41999998688697815,"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":30,"referenced_works":["https://openalex.org/W1540596182","https://openalex.org/W1673923490","https://openalex.org/W2271840356","https://openalex.org/W2536353943","https://openalex.org/W2573650634","https://openalex.org/W2610321374","https://openalex.org/W2753669113","https://openalex.org/W2792450155","https://openalex.org/W2800912855","https://openalex.org/W2884984219","https://openalex.org/W2885070483","https://openalex.org/W2891700561","https://openalex.org/W2964159373","https://openalex.org/W2966399854","https://openalex.org/W2989930814","https://openalex.org/W2990495437","https://openalex.org/W3005260862","https://openalex.org/W3020985685","https://openalex.org/W3088909400","https://openalex.org/W3091857398","https://openalex.org/W3131231119","https://openalex.org/W3170842352","https://openalex.org/W3194459689","https://openalex.org/W4394663350","https://openalex.org/W6632267817","https://openalex.org/W6637162671","https://openalex.org/W6694517276","https://openalex.org/W6754717347","https://openalex.org/W6800583627","https://openalex.org/W6864274290"],"related_works":["https://openalex.org/W2294483539","https://openalex.org/W2378449000","https://openalex.org/W2901835651","https://openalex.org/W3005861778","https://openalex.org/W2883616266","https://openalex.org/W186576250","https://openalex.org/W2372254325","https://openalex.org/W2929621094","https://openalex.org/W1996006176","https://openalex.org/W4285325964"],"abstract_inverted_index":{"Protecting":[0],"widely":[1,147],"used":[2],"deep":[3],"classifiers":[4],"against":[5],"black-box":[6,70],"adversarial":[7,71,110,122,202],"attacks":[8,24,72,126],"is":[9],"a":[10,28,47,65,159,192,198],"recent":[11],"research":[12],"challenge":[13],"in":[14,153,163,173],"many":[15],"security-related":[16],"areas,":[17],"including":[18],"malware":[19,66,145,150],"classification.":[20],"This":[21],"class":[22],"of":[23,30,61,77,115,136,158,168,181,189,195,201],"relies":[25],"on":[26,73,97,138],"optimizing":[27],"sequence":[29],"highly":[31],"similar":[32],"queries":[33,62,116],"to":[34,68,107,120],"bypass":[35],"given":[36],"classifiers.":[37],"In":[38,80],"this":[39,43],"article,":[40],"we":[41],"leverage":[42],"property":[44],"and":[45,92,124,177],"propose":[46],"history-based":[48],"method":[49,119],"named,":[50],"<italic":[51],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[52],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">stateful":[53],"query":[54],"analysis":[55],"(SQA)</i>":[56],",":[57],"which":[58,105],"analyzes":[59],"sequences":[60],"received":[63],"by":[64],"classifier":[67],"detect":[69],"an":[74,139],"industrial":[75],"Internet":[76],"Things":[78],"(IIoT).":[79],"the":[81,89,93,102,113,165,169,179,187],"SQA":[82,132,190],"pipeline,":[83],"there":[84],"are":[85],"two":[86],"components,":[87],"namely":[88],"similarity":[90,170],"encoder":[91,171],"classifier,":[94],"both":[95],"based":[96],"convolutional":[98],"neural":[99],"networks.":[100],"Unlike":[101],"state-of-the-art":[103],"methods,":[104],"aim":[106],"identify":[108,121],"individual":[109],"examples,":[111],"tracking":[112],"history":[114],"allows":[117],"our":[118,182],"scenarios":[123],"abort":[125],"before":[127],"their":[128],"completion.":[129],"We":[130],"optimize":[131],"using":[133],"different":[134],"combinations":[135],"hyperparameters":[137],"advanced":[140],"risc":[141],"machine":[142],"(ARM)-based":[143],"IIoT":[144],"dataset,":[146],"adopted":[148],"for":[149],"threat":[151],"hunting":[152],"industry":[154],"4.0.":[155],"The":[156],"use":[157],"novel":[160],"distance":[161],"metric":[162],"calculating":[164],"loss":[166],"function":[167],"results":[172],"more":[174],"disentangled":[175],"representations":[176],"improves":[178],"performance":[180],"method.":[183],"Our":[184],"evaluations":[185],"demonstrate":[186],"validity":[188],"via":[191],"detection":[193],"rate":[194],"93.1%":[196],"over":[197],"wide":[199],"range":[200],"examples.":[203]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":11},{"year":2024,"cited_by_count":10},{"year":2023,"cited_by_count":8},{"year":2022,"cited_by_count":2}],"updated_date":"2026-06-13T07:54:00.901334","created_date":"2025-10-10T00:00:00"}