{"id":"https://openalex.org/W4388430735","doi":"https://doi.org/10.1109/tii.2023.3327522","title":"Antibypassing Four-Stage Dynamic Behavior Modeling for Time-Efficient Evasive Malware Detection","display_name":"Antibypassing Four-Stage Dynamic Behavior Modeling for Time-Efficient Evasive Malware Detection","publication_year":2023,"publication_date":"2023-11-06","ids":{"openalex":"https://openalex.org/W4388430735","doi":"https://doi.org/10.1109/tii.2023.3327522"},"language":"en","primary_location":{"id":"doi:10.1109/tii.2023.3327522","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tii.2023.3327522","pdf_url":null,"source":{"id":"https://openalex.org/S184777250","display_name":"IEEE Transactions on Industrial Informatics","issn_l":"1551-3203","issn":["1551-3203","1941-0050"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Industrial Informatics","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100386949","display_name":"Yifei Zhang","orcid":"https://orcid.org/0000-0003-4745-3771"},"institutions":[{"id":"https://openalex.org/I125839683","display_name":"Beijing Institute of Technology","ror":"https://ror.org/01skt4w74","country_code":"CN","type":"education","lineage":["https://openalex.org/I125839683","https://openalex.org/I890469752"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Yifei Zhang","raw_affiliation_strings":["Beijing Institute of Technology, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Beijing Institute of Technology, Beijing, China","institution_ids":["https://openalex.org/I125839683"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101877453","display_name":"Senlin Luo","orcid":"https://orcid.org/0000-0002-7729-5439"},"institutions":[{"id":"https://openalex.org/I125839683","display_name":"Beijing Institute of Technology","ror":"https://ror.org/01skt4w74","country_code":"CN","type":"education","lineage":["https://openalex.org/I125839683","https://openalex.org/I890469752"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Senlin Luo","raw_affiliation_strings":["Beijing Institute of Technology, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Beijing Institute of Technology, Beijing, China","institution_ids":["https://openalex.org/I125839683"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103074394","display_name":"Hangyi Wu","orcid":"https://orcid.org/0009-0009-1272-4907"},"institutions":[{"id":"https://openalex.org/I125839683","display_name":"Beijing Institute of Technology","ror":"https://ror.org/01skt4w74","country_code":"CN","type":"education","lineage":["https://openalex.org/I125839683","https://openalex.org/I890469752"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Hangyi Wu","raw_affiliation_strings":["Beijing Institute of Technology, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Beijing Institute of Technology, Beijing, China","institution_ids":["https://openalex.org/I125839683"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5069772530","display_name":"Limin Pan","orcid":"https://orcid.org/0000-0002-8850-8380"},"institutions":[{"id":"https://openalex.org/I125839683","display_name":"Beijing Institute of Technology","ror":"https://ror.org/01skt4w74","country_code":"CN","type":"education","lineage":["https://openalex.org/I125839683","https://openalex.org/I890469752"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Limin Pan","raw_affiliation_strings":["Beijing Institute of Technology, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Beijing Institute of Technology, Beijing, China","institution_ids":["https://openalex.org/I125839683"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5100386949"],"corresponding_institution_ids":["https://openalex.org/I125839683"],"apc_list":null,"apc_paid":null,"fwci":1.0189,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.76932707,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":97},"biblio":{"volume":"20","issue":"3","first_page":"4627","last_page":"4639"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9977999925613403,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9915000200271606,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8311326503753662},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8257239460945129},{"id":"https://openalex.org/keywords/virtualization","display_name":"Virtualization","score":0.5600019097328186},{"id":"https://openalex.org/keywords/trace","display_name":"TRACE (psycholinguistics)","score":0.5345690846443176},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.47291120886802673},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.45510756969451904},{"id":"https://openalex.org/keywords/virtual-machine","display_name":"Virtual machine","score":0.4526401162147522},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.429464191198349},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3449985980987549},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.25317245721817017},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.19085317850112915}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8311326503753662},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8257239460945129},{"id":"https://openalex.org/C513985346","wikidata":"https://www.wikidata.org/wiki/Q270471","display_name":"Virtualization","level":3,"score":0.5600019097328186},{"id":"https://openalex.org/C75291252","wikidata":"https://www.wikidata.org/wiki/Q1315756","display_name":"TRACE (psycholinguistics)","level":2,"score":0.5345690846443176},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.47291120886802673},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.45510756969451904},{"id":"https://openalex.org/C25344961","wikidata":"https://www.wikidata.org/wiki/Q192726","display_name":"Virtual machine","level":2,"score":0.4526401162147522},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.429464191198349},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3449985980987549},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.25317245721817017},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.19085317850112915},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tii.2023.3327522","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tii.2023.3327522","pdf_url":null,"source":{"id":"https://openalex.org/S184777250","display_name":"IEEE Transactions on Industrial Informatics","issn_l":"1551-3203","issn":["1551-3203","1941-0050"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Industrial Informatics","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.5699999928474426,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":27,"referenced_works":["https://openalex.org/W1515180657","https://openalex.org/W1967261319","https://openalex.org/W2032151752","https://openalex.org/W2087740020","https://openalex.org/W2126169116","https://openalex.org/W2151182669","https://openalex.org/W2179519055","https://openalex.org/W2517430515","https://openalex.org/W2550538157","https://openalex.org/W2586610235","https://openalex.org/W2603961508","https://openalex.org/W2620612601","https://openalex.org/W2754791263","https://openalex.org/W2799664252","https://openalex.org/W2988961468","https://openalex.org/W3006578308","https://openalex.org/W3036246938","https://openalex.org/W3118507196","https://openalex.org/W3162825625","https://openalex.org/W4200054136","https://openalex.org/W4220744310","https://openalex.org/W4281394465","https://openalex.org/W4285401218","https://openalex.org/W4296339055","https://openalex.org/W4324093415","https://openalex.org/W4362634109","https://openalex.org/W6685576885"],"related_works":["https://openalex.org/W2088620127","https://openalex.org/W2743348030","https://openalex.org/W2947629119","https://openalex.org/W1963799338","https://openalex.org/W2542775576","https://openalex.org/W2900408237","https://openalex.org/W2036412865","https://openalex.org/W2906562101","https://openalex.org/W2545334782","https://openalex.org/W2160597328"],"abstract_inverted_index":{"With":[0],"the":[1,32,36,46,77,87,98,106,110,117,133,146,156,163,175,179],"widespread":[2],"adoption":[3],"of":[4,50],"virtualization":[5],"technology,":[6],"it":[7,96],"is":[8,41,166,182],"imperative":[9],"to":[10,44,54,115,131,170],"strengthen":[11],"its":[12,83],"security,":[13],"and":[14,17,82,101,145,178],"dynamically":[15],"modeling":[16,68,150],"instantly":[18],"trapping":[19],"malicious":[20,134],"behaviors":[21],"are":[22],"challenging":[23],"problems.":[24],"Extant":[25],"detection":[26,73,89,158,164,180],"methods":[27],"will":[28],"be":[29],"invalidated":[30],"after":[31],"evasive":[33,51,71,80,93,107],"malware":[34,72,81,108],"manipulates":[35],"behavior":[37,49,67,119,149],"trace.":[38],"Currently,":[39],"there":[40],"no":[42],"approach":[43],"model":[45],"complex":[47],"dynamic":[48,66,118,148],"malware,":[52],"leading":[53],"missed":[55],"opportunities":[56],"for":[57,69,91],"optimal":[58,88],"detection.":[59],"This":[60],"work":[61],"first":[62],"presents":[63],"antibypassing":[64],"four-stage":[65],"time-efficient":[70],"(AFDBM-TEMD).":[74],"AFDBM-TEMD":[75,140],"models":[76],"interaction":[78],"between":[79],"execution":[84,124],"environment,":[85],"identifying":[86],"phases":[90],"various":[92],"malware.":[94],"Moreover,":[95],"traps":[97],"crucial":[99],"instructions":[100],"system":[102],"calls":[103],"invoked":[104],"by":[105,184],"into":[109],"virtual":[111],"machine":[112],"monitor":[113],"layer":[114],"obtain":[116],"information":[120],"(including":[121],"transmitted":[122],"parameters,":[123],"time,":[125],"process":[126],"information,":[127],"return":[128],"values,":[129],"etc.)":[130],"identify":[132],"software.":[135],"Experimental":[136],"results":[137],"show":[138],"that":[139],"achieves":[141],"new":[142],"state-of-the-art":[143],"results,":[144],"proposed":[147],"method":[151],"has":[152],"wide":[153],"applicability,":[154],"while":[155],"average":[157],"time":[159],"reaches":[160],"milliseconds.":[161],"Specifically,":[162],"rate":[165],"improved":[167],"from":[168],"0\u201356.52%":[169],"100%":[171],"in":[172],"contrast":[173],"with":[174],"comparative":[176],"methods,":[177],"speed":[181],"increased":[183],"more":[185],"than":[186],"six":[187],"times.":[188]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":3}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}