{"id":"https://openalex.org/W2921746396","doi":"https://doi.org/10.1109/malware.2018.8659373","title":"A Hybrid Static Tool to Increase the Usability and Scalability of Dynamic Detection of Malware","display_name":"A Hybrid Static Tool to Increase the Usability and Scalability of Dynamic Detection of Malware","publication_year":2018,"publication_date":"2018-10-01","ids":{"openalex":"https://openalex.org/W2921746396","doi":"https://doi.org/10.1109/malware.2018.8659373","mag":"2921746396"},"language":"en","primary_location":{"id":"doi:10.1109/malware.2018.8659373","is_oa":false,"landing_page_url":"https://doi.org/10.1109/malware.2018.8659373","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2018 13th International Conference on Malicious and Unwanted Software (MALWARE)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5001642240","display_name":"Daniel Kim","orcid":"https://orcid.org/0000-0003-3683-777X"},"institutions":[{"id":"https://openalex.org/I66946132","display_name":"University of Maryland, College Park","ror":"https://ror.org/047s2c258","country_code":"US","type":"education","lineage":["https://openalex.org/I66946132"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Danny Kim","raw_affiliation_strings":["University of Maryland"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Maryland","institution_ids":["https://openalex.org/I66946132"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5055149646","display_name":"Daniel Mirsky","orcid":null},"institutions":[{"id":"https://openalex.org/I66946132","display_name":"University of Maryland, College Park","ror":"https://ror.org/047s2c258","country_code":"US","type":"education","lineage":["https://openalex.org/I66946132"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Daniel Mirsky","raw_affiliation_strings":["University of Maryland"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Maryland","institution_ids":["https://openalex.org/I66946132"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5068524413","display_name":"Amir Majlesi-Kupaei","orcid":null},"institutions":[{"id":"https://openalex.org/I66946132","display_name":"University of Maryland, College Park","ror":"https://ror.org/047s2c258","country_code":"US","type":"education","lineage":["https://openalex.org/I66946132"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Amir Majlesi-Kupaei","raw_affiliation_strings":["University of Maryland"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Maryland","institution_ids":["https://openalex.org/I66946132"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5110710474","display_name":"Rajeev Barua","orcid":"https://orcid.org/0000-0003-4210-6893"},"institutions":[{"id":"https://openalex.org/I66946132","display_name":"University of Maryland, College Park","ror":"https://ror.org/047s2c258","country_code":"US","type":"education","lineage":["https://openalex.org/I66946132"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Rajeev Barua","raw_affiliation_strings":["University of Maryland"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Maryland","institution_ids":["https://openalex.org/I66946132"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.1663,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.50694128,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":"4","issue":null,"first_page":"115","last_page":"123"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9936000108718872,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.984000027179718,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/usability","display_name":"Usability","score":0.8126134872436523},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.809589147567749},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.6993895769119263},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.6535859107971191},{"id":"https://openalex.org/keywords/human\u2013computer-interaction","display_name":"Human\u2013computer interaction","score":0.3490021228790283},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.20869943499565125}],"concepts":[{"id":"https://openalex.org/C170130773","wikidata":"https://www.wikidata.org/wiki/Q216378","display_name":"Usability","level":2,"score":0.8126134872436523},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.809589147567749},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.6993895769119263},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.6535859107971191},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.3490021228790283},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.20869943499565125}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/malware.2018.8659373","is_oa":false,"landing_page_url":"https://doi.org/10.1109/malware.2018.8659373","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2018 13th International Conference on Malicious and Unwanted Software (MALWARE)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":35,"referenced_works":["https://openalex.org/W36091977","https://openalex.org/W152854583","https://openalex.org/W165688198","https://openalex.org/W1553801604","https://openalex.org/W1559833478","https://openalex.org/W1893133781","https://openalex.org/W1910686388","https://openalex.org/W1956767865","https://openalex.org/W1974598044","https://openalex.org/W1985936489","https://openalex.org/W1990698892","https://openalex.org/W2021436318","https://openalex.org/W2051223603","https://openalex.org/W2064976406","https://openalex.org/W2114312434","https://openalex.org/W2115392339","https://openalex.org/W2126734536","https://openalex.org/W2132874238","https://openalex.org/W2149659470","https://openalex.org/W2155943969","https://openalex.org/W2247776437","https://openalex.org/W2584414817","https://openalex.org/W2611949786","https://openalex.org/W2620652965","https://openalex.org/W2734018130","https://openalex.org/W2747715470","https://openalex.org/W2765820957","https://openalex.org/W3130402274","https://openalex.org/W6606151733","https://openalex.org/W6633282783","https://openalex.org/W6639864006","https://openalex.org/W6640826072","https://openalex.org/W6682798926","https://openalex.org/W6741083740","https://openalex.org/W6742852740"],"related_works":["https://openalex.org/W2748952813","https://openalex.org/W2097492617","https://openalex.org/W4389670110","https://openalex.org/W2753240997","https://openalex.org/W2429057255","https://openalex.org/W2187546663","https://openalex.org/W148745890","https://openalex.org/W2611942503","https://openalex.org/W4315621326","https://openalex.org/W2899790217"],"abstract_inverted_index":{"Malware":[0,15],"detection":[1,16,132,210,311],"is":[2,29,137,148,229,248,273],"a":[3,58,90,115,129,138,144,198,207,214,290,317],"paramount":[4],"priority":[5],"in":[6,9,18,64,177,237,244,265,275,349,355],"today's":[7],"world":[8],"order":[10],"to":[11,74,100,117,156,213,313,368],"prevent":[12],"malware":[13,37,209,243,284,321],"attacks.":[14],"comes":[17],"three":[19,161],"methods:":[20],"static":[21,96,139,154],"analysis,":[22,24],"dynamic":[23,40,98,185,378],"and":[25,31,46,97,153,167,288],"hybrids.":[26],"Static":[27],"analysis":[28,41,99,155,379],"fast":[30],"effective":[32],"for":[33,69,282,377],"detecting":[34,105],"previously":[35],"seen":[36,354],"where":[38],"as":[39,261],"can":[42,235],"be":[43],"more":[44],"accurate":[45,344],"robust":[47],"against":[48],"zero-day":[49],"or":[50],"polymorphic":[51],"malware,":[52,303],"but":[53,327],"at":[54,79],"the":[55,70,119,172,178,184,190,193,219,231,252,305,310,324,330,350,369,374],"cost":[56,68],"of":[57,104,121,175,192,201,221,226,251,256,295,302,320,360],"high":[59],"computational":[60,203],"load,":[61],"which":[62,93,141,247],"results":[63,264],"an":[65,80],"often-prohibitive":[66],"dollar":[67],"needed":[71],"server":[72],"farm":[73],"handle":[75],"all":[76],"incoming":[77,158],"traffic":[78],"organization's":[81],"network":[82],"entry":[83],"point.":[84],"Most":[85],"modern":[86],"defenses":[87],"today":[88],"use":[89],"hybrid":[91,109,131],"approach,":[92],"uses":[94],"both":[95,122,222],"maximize":[101],"their":[102,125],"chances":[103],"malware.":[106],"However,":[107],"current":[108],"approaches":[110,189],"are":[111,181,366],"suboptimal.":[112],"We":[113],"propose":[114],"solution":[116],"utilize":[118],"strengths":[120],"while":[123,205],"minimizing":[124],"weaknesses":[126],"by":[127,323,329,339,347,380],"using":[128],"two-phase":[130],"tool.":[133],"The":[134,269,297],"first":[135,232,298,325],"phase":[136,234,272,299,307],"tool,":[140,146],"we":[142],"call":[143],"\u201cstatic-hybrid\u201d":[145],"that":[147,230,362],"based":[149],"on":[150,183],"machine":[151],"learning":[152],"categorize":[157],"programs":[159,176,260,361],"into":[160],"buckets:":[162],"definitely":[163,165],"benign,":[164],"malicious,":[166],"needs":[168],"further":[169,364],"analysis.":[170],"Only":[171],"small":[173,199,318],"fraction":[174,200,319],"third":[179],"bucket":[180],"run":[182,236,274],"analyzer.":[186],"Our":[187],"system":[188,195,228,336,345],"accuracy":[191],"dynamic-only":[194],"with":[196],"only":[197,316,358],"its":[202],"cost,":[204],"maintaining":[206],"real-time":[208],"timeliness":[211],"similar":[212],"static-only":[215],"system,":[216],"thus":[217],"achieving":[218],"best":[220],"approaches.A":[223],"key":[224],"feature":[225],"our":[227,266,335],"(static)":[233],"active":[238],"mode,":[239,277],"i.e.":[240,278],"it":[241,279],"blocks":[242,300],"real":[245],"time,":[246],"possible":[249],"because":[250],"low":[253],"0.08%":[254],"rate":[255,294,312],"mistakenly":[257],"blocking":[258,286],"benign":[259],"malicious":[262],"(all":[263],"salient":[267],"configuration).":[268],"second":[270,306,331,370],"(dynamic)":[271],"passive":[276,352],"send":[280],"alerts":[281,338],"suspected":[283],"without":[285],"them,":[287],"has":[289],"higher":[291],"false":[292],"positive":[293],"0.75%.":[296],"88.98%":[301],"whereas":[304],"brings":[308],"up":[309],"98.73%.":[314],"Since":[315,357],"missed":[322],"stage":[326,332],"caught":[328],"generates":[333],"alerts,":[334],"reduces":[337,373],"9.5X":[340],"vs":[341],"any":[342],"highly":[343],"running":[346],"itself":[348],"typical":[351],"mode":[353],"practice.":[356],"3.63%":[359],"need":[363],"study":[365],"sent":[367],"phase,":[371],"this":[372],"computation":[375],"load":[376],"100/3.63":[381],"=":[382],"27.5X.":[383]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}