{"id":"https://openalex.org/W2290946252","doi":"https://doi.org/10.1109/worldcis.2015.7359437","title":"Runtime-behavior based malware classification using online machine learning","display_name":"Runtime-behavior based malware classification using online machine learning","publication_year":2015,"publication_date":"2015-10-01","ids":{"openalex":"https://openalex.org/W2290946252","doi":"https://doi.org/10.1109/worldcis.2015.7359437","mag":"2290946252"},"language":"en","primary_location":{"id":"doi:10.1109/worldcis.2015.7359437","is_oa":false,"landing_page_url":"https://doi.org/10.1109/worldcis.2015.7359437","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 World Congress on Internet Security (WorldCIS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5028123850","display_name":"Abdurrahman Pekta\u015f","orcid":"https://orcid.org/0000-0003-1167-0862"},"institutions":[{"id":"https://openalex.org/I899635006","display_name":"Universit\u00e9 Grenoble Alpes","ror":"https://ror.org/02rx3b187","country_code":"FR","type":"education","lineage":["https://openalex.org/I899635006"]},{"id":"https://openalex.org/I4210156361","display_name":"Verimag","ror":"https://ror.org/05afmzm11","country_code":"FR","type":"facility","lineage":["https://openalex.org/I106785703","https://openalex.org/I1294671590","https://openalex.org/I1294671590","https://openalex.org/I4210156361","https://openalex.org/I4210159245","https://openalex.org/I899635006"]}],"countries":["FR"],"is_corresponding":true,"raw_author_name":"Abdurrahman Pektas","raw_affiliation_strings":["Univ. Grenoble Alpes, VERIMAG, Grenoble, France"],"affiliations":[{"raw_affiliation_string":"Univ. Grenoble Alpes, VERIMAG, Grenoble, France","institution_ids":["https://openalex.org/I4210156361","https://openalex.org/I899635006"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084367490","display_name":"Tankut Acarman","orcid":"https://orcid.org/0000-0003-4169-1189"},"institutions":[{"id":"https://openalex.org/I94294566","display_name":"Galatasaray University","ror":"https://ror.org/00btgsb62","country_code":"TR","type":"education","lineage":["https://openalex.org/I94294566"]}],"countries":["TR"],"is_corresponding":false,"raw_author_name":"Tankut Acarman","raw_affiliation_strings":["Computer Eng. Dept., Galatasaray University, Istanbul, Turkey"],"affiliations":[{"raw_affiliation_string":"Computer Eng. Dept., Galatasaray University, Istanbul, Turkey","institution_ids":["https://openalex.org/I94294566"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5037726232","display_name":"Yl\u00ec\u00e8s Falcone","orcid":"https://orcid.org/0000-0002-0114-0641"},"institutions":[{"id":"https://openalex.org/I4210104430","display_name":"Laboratoire d'Informatique de Grenoble","ror":"https://ror.org/01c8rcg82","country_code":"FR","type":"facility","lineage":["https://openalex.org/I106785703","https://openalex.org/I1294671590","https://openalex.org/I1294671590","https://openalex.org/I1326498283","https://openalex.org/I4210104430","https://openalex.org/I4210159245","https://openalex.org/I899635006","https://openalex.org/I899635006"]},{"id":"https://openalex.org/I4210101348","display_name":"Centre Inria de l'Universit\u00e9 Grenoble Alpes","ror":"https://ror.org/00n8d6z93","country_code":"FR","type":"facility","lineage":["https://openalex.org/I1326498283","https://openalex.org/I4210101348"]},{"id":"https://openalex.org/I899635006","display_name":"Universit\u00e9 Grenoble Alpes","ror":"https://ror.org/02rx3b187","country_code":"FR","type":"education","lineage":["https://openalex.org/I899635006"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Ylies Falcone","raw_affiliation_strings":["Inria, LIG, Univ. Grenoble Alpes, Grenoble, France"],"affiliations":[{"raw_affiliation_string":"Inria, LIG, Univ. Grenoble Alpes, Grenoble, France","institution_ids":["https://openalex.org/I899635006","https://openalex.org/I4210101348","https://openalex.org/I4210104430"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5111440197","display_name":"Jean-Claude Fernandez","orcid":null},"institutions":[{"id":"https://openalex.org/I899635006","display_name":"Universit\u00e9 Grenoble Alpes","ror":"https://ror.org/02rx3b187","country_code":"FR","type":"education","lineage":["https://openalex.org/I899635006"]},{"id":"https://openalex.org/I4210156361","display_name":"Verimag","ror":"https://ror.org/05afmzm11","country_code":"FR","type":"facility","lineage":["https://openalex.org/I106785703","https://openalex.org/I1294671590","https://openalex.org/I1294671590","https://openalex.org/I4210156361","https://openalex.org/I4210159245","https://openalex.org/I899635006"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Jean-Claude Fernandez","raw_affiliation_strings":["Univ. Grenoble Alpes, VERIMAG, Grenoble, France"],"affiliations":[{"raw_affiliation_string":"Univ. Grenoble Alpes, VERIMAG, Grenoble, France","institution_ids":["https://openalex.org/I4210156361","https://openalex.org/I899635006"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5028123850"],"corresponding_institution_ids":["https://openalex.org/I4210156361","https://openalex.org/I899635006"],"apc_list":null,"apc_paid":null,"fwci":0.8732,"has_fulltext":false,"cited_by_count":9,"citation_normalized_percentile":{"value":0.75771816,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":"7","issue":null,"first_page":"166","last_page":"171"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9973999857902527,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9819999933242798,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8807665109634399},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8498001098632812},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.4878268539905548},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.45058390498161316},{"id":"https://openalex.org/keywords/support-vector-machine","display_name":"Support vector machine","score":0.418326735496521},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.3995125889778137}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8807665109634399},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8498001098632812},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.4878268539905548},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.45058390498161316},{"id":"https://openalex.org/C12267149","wikidata":"https://www.wikidata.org/wiki/Q282453","display_name":"Support vector machine","level":2,"score":0.418326735496521},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3995125889778137}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/worldcis.2015.7359437","is_oa":false,"landing_page_url":"https://doi.org/10.1109/worldcis.2015.7359437","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 World Congress on Internet Security (WorldCIS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320322626","display_name":"T\u00fcrkiye Bilimsel ve Teknolojik Ara\u015ft\u0131rma Kurumu","ror":"https://ror.org/04w9kkr77"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":17,"referenced_works":["https://openalex.org/W1487037064","https://openalex.org/W1581009051","https://openalex.org/W1966771059","https://openalex.org/W1972004006","https://openalex.org/W1973685381","https://openalex.org/W1973990666","https://openalex.org/W1974189812","https://openalex.org/W2018022926","https://openalex.org/W2080778654","https://openalex.org/W2122537498","https://openalex.org/W2138644293","https://openalex.org/W2151380595","https://openalex.org/W2160218441","https://openalex.org/W3009009611","https://openalex.org/W6641990611","https://openalex.org/W6682477108","https://openalex.org/W6683584131"],"related_works":["https://openalex.org/W2961085424","https://openalex.org/W4306674287","https://openalex.org/W3046775127","https://openalex.org/W3107602296","https://openalex.org/W3170094116","https://openalex.org/W4386462264","https://openalex.org/W4364306694","https://openalex.org/W4312192474","https://openalex.org/W4283697347","https://openalex.org/W4210805261"],"abstract_inverted_index":{"Identification":[0],"of":[1,24,26,34,77,135,160],"malware's":[2],"family":[3],"is":[4],"an":[5,158],"intricate":[6],"process":[7,23],"whose":[8],"success":[9],"and":[10,28,45,133],"accuracy":[11,159],"depends":[12],"on":[13,64],"different":[14],"factors.":[15],"These":[16],"factors":[17],"are":[18,81,100],"mainly":[19],"related":[20],"to":[21,49,83,94,125],"the":[22,74,78,95,117,126,131],"extracting":[25],"meaningful":[27],"distinctive":[29],"features":[30,44],"from":[31],"a":[32,58],"set":[33],"malware":[35,38,51,60,79,119,156],"samples,":[36],"modeling":[37],"via":[39],"its":[40,123],"static":[41],"or":[42],"dynamic":[43],"particularly":[46],"techniques":[47],"used":[48,82],"classify":[50],"samples.":[52],"In":[53,102],"this":[54,103],"paper,":[55],"we":[56,105,138],"propose":[57],"new":[59,118],"classification":[61,89,127],"method":[62,142,154],"based":[63,86],"behavioral":[65],"features.":[66,87],"File":[67],"system,":[68],"network,":[69],"registry":[70],"activities":[71],"observed":[72],"during":[73],"execution":[75],"traces":[76],"samples":[80],"represent":[84],"behavior":[85],"Existing":[88],"schemes":[90],"apply":[91],"machine-learning":[92],"algorithms":[93,110],"stored":[96],"data,":[97],"i.e.,":[98],"they":[99],"off-line.":[101],"study,":[104],"use":[106],"on-line":[107],"machine":[108],"learning":[109],"that":[111,152],"can":[112],"provide":[113],"instantaneous":[114],"update":[115],"about":[116],"sample":[120],"by":[121,143],"following":[122],"introduction":[124],"scheme.":[128],"To":[129],"validate":[130],"effectiveness":[132],"scalability":[134],"our":[136,141,153],"method,":[137],"have":[139],"evaluated":[140],"using":[144],"18,000":[145],"recent":[146],"malicious":[147],"files.":[148],"Experimental":[149],"results":[150],"show":[151],"classifies":[155],"with":[157],"92.":[161]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2019,"cited_by_count":4},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}