{"id":"https://openalex.org/W4322730961","doi":"https://doi.org/10.1109/tnsm.2023.3251282","title":"Automated, Reliable Zero-Day Malware Detection Based on Autoencoding Architecture","display_name":"Automated, Reliable Zero-Day Malware Detection Based on Autoencoding Architecture","publication_year":2023,"publication_date":"2023-03-01","ids":{"openalex":"https://openalex.org/W4322730961","doi":"https://doi.org/10.1109/tnsm.2023.3251282"},"language":"en","primary_location":{"id":"doi:10.1109/tnsm.2023.3251282","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tnsm.2023.3251282","pdf_url":null,"source":{"id":"https://openalex.org/S173527311","display_name":"IEEE Transactions on Network and Service Management","issn_l":"1932-4537","issn":["1932-4537","2373-7379"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Network and Service Management","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5018939520","display_name":"Chiho Kim","orcid":"https://orcid.org/0000-0002-1814-4980"},"institutions":[{"id":"https://openalex.org/I206651237","display_name":"East Texas A&M University","ror":"https://ror.org/01red3556","country_code":"US","type":"education","lineage":["https://openalex.org/I206651237"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Chiho Kim","raw_affiliation_strings":["Computer Science Department, Texas A&#x0026;M University, Commerce, TX, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Computer Science Department, Texas A&#x0026;M University, Commerce, TX, USA","institution_ids":["https://openalex.org/I206651237"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5025389734","display_name":"Sang\u2010Yoon Chang","orcid":"https://orcid.org/0000-0002-5736-5823"},"institutions":[{"id":"https://openalex.org/I888729015","display_name":"University of Colorado Colorado Springs","ror":"https://ror.org/054spjc55","country_code":"US","type":"education","lineage":["https://openalex.org/I888729015"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sang-Yoon Chang","raw_affiliation_strings":["Department of Computer Science, University of Colorado, Colorado Springs, CO, USA"],"raw_orcid":"https://orcid.org/0000-0002-5736-5823","affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Colorado, Colorado Springs, CO, USA","institution_ids":["https://openalex.org/I888729015"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5016013197","display_name":"Jonghyun Kim","orcid":"https://orcid.org/0000-0002-5532-2117"},"institutions":[{"id":"https://openalex.org/I142401562","display_name":"Electronics and Telecommunications Research Institute","ror":"https://ror.org/03ysstz10","country_code":"KR","type":"facility","lineage":["https://openalex.org/I142401562","https://openalex.org/I2801339556","https://openalex.org/I4210144908","https://openalex.org/I4387152098"]},{"id":"https://openalex.org/I206651237","display_name":"East Texas A&M University","ror":"https://ror.org/01red3556","country_code":"US","type":"education","lineage":["https://openalex.org/I206651237"]}],"countries":["KR","US"],"is_corresponding":false,"raw_author_name":"Jonghyun Kim","raw_affiliation_strings":["Computer Science Department, Texas A&#x0026;M University, Commerce, TX, USA","Cybersecurity Research Division, Electronics Telecommunications Research Institute, Daejeon, South Korea"],"raw_orcid":"https://orcid.org/0000-0002-5532-2117","affiliations":[{"raw_affiliation_string":"Computer Science Department, Texas A&#x0026;M University, Commerce, TX, USA","institution_ids":["https://openalex.org/I206651237"]},{"raw_affiliation_string":"Cybersecurity Research Division, Electronics Telecommunications Research Institute, Daejeon, South Korea","institution_ids":["https://openalex.org/I142401562"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100720915","display_name":"Dongeun Lee","orcid":"https://orcid.org/0000-0003-3306-1566"},"institutions":[{"id":"https://openalex.org/I206651237","display_name":"East Texas A&M University","ror":"https://ror.org/01red3556","country_code":"US","type":"education","lineage":["https://openalex.org/I206651237"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Dongeun Lee","raw_affiliation_strings":["Computer Science Department, Texas A&#x0026;M University, Commerce, TX, USA"],"raw_orcid":"https://orcid.org/0000-0003-3306-1566","affiliations":[{"raw_affiliation_string":"Computer Science Department, Texas A&#x0026;M University, Commerce, TX, USA","institution_ids":["https://openalex.org/I206651237"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101877231","display_name":"Jinoh Kim","orcid":"https://orcid.org/0000-0002-9835-1866"},"institutions":[{"id":"https://openalex.org/I142401562","display_name":"Electronics and Telecommunications Research Institute","ror":"https://ror.org/03ysstz10","country_code":"KR","type":"facility","lineage":["https://openalex.org/I142401562","https://openalex.org/I2801339556","https://openalex.org/I4210144908","https://openalex.org/I4387152098"]},{"id":"https://openalex.org/I206651237","display_name":"East Texas A&M University","ror":"https://ror.org/01red3556","country_code":"US","type":"education","lineage":["https://openalex.org/I206651237"]}],"countries":["KR","US"],"is_corresponding":false,"raw_author_name":"Jinoh Kim","raw_affiliation_strings":["Computer Science Department, Texas A&#x0026;M University, Commerce, TX, USA","Cybersecurity Research Division, Electronics Telecommunications Research Institute, Daejeon, South Korea"],"raw_orcid":"https://orcid.org/0000-0002-9835-1866","affiliations":[{"raw_affiliation_string":"Computer Science Department, Texas A&#x0026;M University, Commerce, TX, USA","institution_ids":["https://openalex.org/I206651237"]},{"raw_affiliation_string":"Cybersecurity Research Division, Electronics Telecommunications Research Institute, Daejeon, South Korea","institution_ids":["https://openalex.org/I142401562"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5018939520"],"corresponding_institution_ids":["https://openalex.org/I206651237"],"apc_list":null,"apc_paid":null,"fwci":7.2221,"has_fulltext":false,"cited_by_count":39,"citation_normalized_percentile":{"value":0.98031447,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":100},"biblio":{"volume":"20","issue":"3","first_page":"3900","last_page":"3914"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8638560175895691},{"id":"https://openalex.org/keywords/autoencoder","display_name":"Autoencoder","score":0.7642961740493774},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7583049535751343},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.652655303478241},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.6178752183914185},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.608050525188446},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5837447643280029},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.48325783014297485},{"id":"https://openalex.org/keywords/feature-selection","display_name":"Feature selection","score":0.45799097418785095},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.44938036799430847},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.41757044196128845},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.33300524950027466},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.09910336136817932}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8638560175895691},{"id":"https://openalex.org/C101738243","wikidata":"https://www.wikidata.org/wiki/Q786435","display_name":"Autoencoder","level":3,"score":0.7642961740493774},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7583049535751343},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.652655303478241},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.6178752183914185},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.608050525188446},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5837447643280029},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.48325783014297485},{"id":"https://openalex.org/C148483581","wikidata":"https://www.wikidata.org/wiki/Q446488","display_name":"Feature selection","level":2,"score":0.45799097418785095},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.44938036799430847},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.41757044196128845},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.33300524950027466},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.09910336136817932}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tnsm.2023.3251282","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tnsm.2023.3251282","pdf_url":null,"source":{"id":"https://openalex.org/S173527311","display_name":"IEEE Transactions on Network and Service Management","issn_l":"1932-4537","issn":["1932-4537","2373-7379"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Network and Service Management","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":54,"referenced_works":["https://openalex.org/W1945616565","https://openalex.org/W1980262437","https://openalex.org/W2095577883","https://openalex.org/W2119251836","https://openalex.org/W2122646361","https://openalex.org/W2122672392","https://openalex.org/W2131989759","https://openalex.org/W2296719434","https://openalex.org/W2732916693","https://openalex.org/W2788864200","https://openalex.org/W2792764867","https://openalex.org/W2803697594","https://openalex.org/W2954508354","https://openalex.org/W2962802821","https://openalex.org/W2963197901","https://openalex.org/W2969495950","https://openalex.org/W2971144668","https://openalex.org/W2991150929","https://openalex.org/W2996826556","https://openalex.org/W2998074434","https://openalex.org/W3007481080","https://openalex.org/W3007580316","https://openalex.org/W3015316773","https://openalex.org/W3015625436","https://openalex.org/W3024340288","https://openalex.org/W3028000844","https://openalex.org/W3036847733","https://openalex.org/W3089994140","https://openalex.org/W3097911904","https://openalex.org/W3102758057","https://openalex.org/W3104141960","https://openalex.org/W3112311055","https://openalex.org/W3118774794","https://openalex.org/W3126686235","https://openalex.org/W3133369889","https://openalex.org/W3133726397","https://openalex.org/W3153872861","https://openalex.org/W3154326919","https://openalex.org/W3159337037","https://openalex.org/W3161594686","https://openalex.org/W3168997536","https://openalex.org/W3173162515","https://openalex.org/W4205737303","https://openalex.org/W4214733430","https://openalex.org/W4281945774","https://openalex.org/W4287782834","https://openalex.org/W6640425456","https://openalex.org/W6748641434","https://openalex.org/W6749825310","https://openalex.org/W6751494907","https://openalex.org/W6770900481","https://openalex.org/W6776705002","https://openalex.org/W6784203933","https://openalex.org/W6794343177"],"related_works":["https://openalex.org/W2159052453","https://openalex.org/W3013693939","https://openalex.org/W2566616303","https://openalex.org/W3131327266","https://openalex.org/W2752972570","https://openalex.org/W4297051394","https://openalex.org/W2734887215","https://openalex.org/W2803255133","https://openalex.org/W2909431601","https://openalex.org/W4321789545"],"abstract_inverted_index":{"While":[0],"a":[1,86,103,143,173,183],"body":[2],"of":[3,110,130,148,185,201,221,230],"studies":[4],"has":[5],"been":[6],"carried":[7],"out":[8],"for":[9,41],"malware":[10,21,166,193,235],"detection":[11,70,96,105,240],"with":[12,94,191,205,237],"its":[13],"significance,":[14],"they":[15],"are":[16],"often":[17],"limited":[18,93],"to":[19,24,74,116,162,165,207,211,234],"known":[20],"patterns":[22,45],"due":[23,161],"the":[25,61,75,108,128,131,149,152,199,212,219,228],"reliance":[26],"on":[27],"signature-based":[28],"or":[29],"supervised":[30,213],"learning":[31,35],"approaches.":[32],"The":[33,187],"semi-supervised":[34],"approach":[36,63],"would":[37],"be":[38,92],"an":[39,65,125,136,158],"option":[40],"identifying":[42],"previously":[43],"unseen":[44],"(i.e.,":[46],"zero-day":[47],"detection);":[48],"however,":[49],"our":[50,202],"preliminary":[51],"study":[52],"reveals":[53],"critical":[54],"limitations":[55],"from":[56,118,182],"existing":[57],"methods,":[58],"including":[59],"(i)":[60],"profiling-based":[62],"using":[64,224],"autoencoder":[66,150],"can":[67],"provide":[68],"better":[69],"but":[71,90],"is":[72,145],"sensitive":[73],"threshold":[76,88,133],"setting,":[77],"and":[78,112,127,151,196],"(ii)":[79],"one-class":[80],"(OC)":[81],"classification":[82],"does":[83],"not":[84],"require":[85],"manual":[87],"discovery":[89],"may":[91,156],"low":[95],"rates.":[97,241],"In":[98],"this":[99,140,169],"paper,":[100],"we":[101,171],"present":[102],"new":[104,174],"method":[106,177],"incorporating":[107],"concept":[109],"autoencoding":[111],"OC":[113,137,153],"classification,":[114],"designed":[115],"benefit":[117],"strong":[119],"abstraction":[120],"by":[121],"neural":[122],"networks":[123],"(using":[124,135],"autoencoder)":[126],"removal":[129],"complex":[132],"selection":[134,176],"classifier).":[138],"For":[139],"combined":[141],"architecture,":[142],"challenge":[144],"concurrent":[146],"training":[147],"classifier,":[154],"which":[155,231],"cause":[157],"ill-suited":[159],"learner":[160],"no":[163],"reference":[164],"instances.":[167],"To":[168],"end,":[170],"introduce":[172],"model":[175],"that":[178],"discovers":[179],"well-optimized":[180],"models":[181],"variety":[184],"combinations.":[186],"experimental":[188],"results":[189],"performed":[190],"public":[192],"datasets":[194],"(Meraz\u201918":[195],"Drebin)":[197],"show":[198],"effectiveness":[200],"presented":[203],"methods":[204],"up":[206],"97.1%":[208],"accuracy,":[209],"comparable":[210],"learning-based":[214],"detection.":[215],"We":[216],"also":[217],"examine":[218],"impact":[220],"evading":[222],"attacks":[223],"adversarial":[225],"attack":[226],"tools,":[227],"result":[229],"shows":[232],"resilience":[233],"variants":[236],"over":[238],"99%":[239]},"counts_by_year":[{"year":2026,"cited_by_count":7},{"year":2025,"cited_by_count":18},{"year":2024,"cited_by_count":9},{"year":2023,"cited_by_count":5}],"updated_date":"2026-06-09T15:46:55.921056","created_date":"2025-10-10T00:00:00"}