{"id":"https://openalex.org/W2114765320","doi":"https://doi.org/10.1145/1103626.1103641","title":"Host-based detection of worms through peer-to-peer cooperation","display_name":"Host-based detection of worms through peer-to-peer cooperation","publication_year":2005,"publication_date":"2005-11-11","ids":{"openalex":"https://openalex.org/W2114765320","doi":"https://doi.org/10.1145/1103626.1103641","mag":"2114765320"},"language":"en","primary_location":{"id":"doi:10.1145/1103626.1103641","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1103626.1103641","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2005 ACM workshop on Rapid malcode","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"http://nrs.harvard.edu/urn-3:HUL.InstRepos:2961698","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5037466176","display_name":"David J. Malan","orcid":"https://orcid.org/0000-0001-5338-2522"},"institutions":[{"id":"https://openalex.org/I2801851002","display_name":"Harvard University Press","ror":"https://ror.org/006v7bf86","country_code":"US","type":"other","lineage":["https://openalex.org/I136199984","https://openalex.org/I2801851002"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"David J. Malan","raw_affiliation_strings":["Harvard University, Cambridge, Massachusetts"],"affiliations":[{"raw_affiliation_string":"Harvard University, Cambridge, Massachusetts","institution_ids":["https://openalex.org/I2801851002"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5058599127","display_name":"Michael D. Smith","orcid":"https://orcid.org/0000-0001-6844-7923"},"institutions":[{"id":"https://openalex.org/I2801851002","display_name":"Harvard University Press","ror":"https://ror.org/006v7bf86","country_code":"US","type":"other","lineage":["https://openalex.org/I136199984","https://openalex.org/I2801851002"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Michael D. Smith","raw_affiliation_strings":["Harvard University, Cambridge, Massachusetts"],"affiliations":[{"raw_affiliation_string":"Harvard University, Cambridge, Massachusetts","institution_ids":["https://openalex.org/I2801851002"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5037466176"],"corresponding_institution_ids":["https://openalex.org/I2801851002"],"apc_list":null,"apc_paid":null,"fwci":4.9271,"has_fulltext":false,"cited_by_count":47,"citation_normalized_percentile":{"value":0.95588554,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"72","last_page":"80"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.994700014591217,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7322579622268677},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.6924006938934326},{"id":"https://openalex.org/keywords/host","display_name":"Host (biology)","score":0.6532158851623535},{"id":"https://openalex.org/keywords/variance","display_name":"Variance (accounting)","score":0.6127659678459167},{"id":"https://openalex.org/keywords/consistency","display_name":"Consistency (knowledge bases)","score":0.591044545173645},{"id":"https://openalex.org/keywords/similarity","display_name":"Similarity (geometry)","score":0.5833539962768555},{"id":"https://openalex.org/keywords/peer-to-peer","display_name":"Peer-to-peer","score":0.5778762102127075},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3697596788406372},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.34308335185050964},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.21526098251342773},{"id":"https://openalex.org/keywords/biology","display_name":"Biology","score":0.07743960618972778}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7322579622268677},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.6924006938934326},{"id":"https://openalex.org/C126831891","wikidata":"https://www.wikidata.org/wiki/Q221673","display_name":"Host (biology)","level":2,"score":0.6532158851623535},{"id":"https://openalex.org/C196083921","wikidata":"https://www.wikidata.org/wiki/Q7915758","display_name":"Variance (accounting)","level":2,"score":0.6127659678459167},{"id":"https://openalex.org/C2776436953","wikidata":"https://www.wikidata.org/wiki/Q5163215","display_name":"Consistency (knowledge bases)","level":2,"score":0.591044545173645},{"id":"https://openalex.org/C103278499","wikidata":"https://www.wikidata.org/wiki/Q254465","display_name":"Similarity (geometry)","level":3,"score":0.5833539962768555},{"id":"https://openalex.org/C534932454","wikidata":"https://www.wikidata.org/wiki/Q161410","display_name":"Peer-to-peer","level":2,"score":0.5778762102127075},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3697596788406372},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.34308335185050964},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.21526098251342773},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.07743960618972778},{"id":"https://openalex.org/C115961682","wikidata":"https://www.wikidata.org/wiki/Q860623","display_name":"Image (mathematics)","level":2,"score":0.0},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.0},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0},{"id":"https://openalex.org/C121955636","wikidata":"https://www.wikidata.org/wiki/Q4116214","display_name":"Accounting","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/1103626.1103641","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1103626.1103641","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2005 ACM workshop on Rapid malcode","raw_type":"proceedings-article"},{"id":"pmh:oai:dash.harvard.edu:1/2961698","is_oa":true,"landing_page_url":"http://nrs.harvard.edu/urn-3:HUL.InstRepos:2961698","pdf_url":null,"source":{"id":"https://openalex.org/S4306401540","display_name":"Digital Access to Scholarship at Harvard (DASH) (Harvard University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I136199984","host_organization_name":"Harvard University","host_organization_lineage":["https://openalex.org/I136199984"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Conference Paper"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.60.7035","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.60.7035","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www1.cs.columbia.edu/~angelos/worm05/worm34-malan.pdf","raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:dash.harvard.edu:1/2961698","is_oa":true,"landing_page_url":"http://nrs.harvard.edu/urn-3:HUL.InstRepos:2961698","pdf_url":null,"source":{"id":"https://openalex.org/S4306401540","display_name":"Digital Access to Scholarship at Harvard (DASH) (Harvard University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I136199984","host_organization_name":"Harvard University","host_organization_lineage":["https://openalex.org/I136199984"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Conference Paper"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":28,"referenced_works":["https://openalex.org/W88694106","https://openalex.org/W113230985","https://openalex.org/W1498585374","https://openalex.org/W1509130105","https://openalex.org/W1516211918","https://openalex.org/W1527422375","https://openalex.org/W1597305440","https://openalex.org/W1781758015","https://openalex.org/W1941427975","https://openalex.org/W2021735617","https://openalex.org/W2031006315","https://openalex.org/W2092043296","https://openalex.org/W2102399005","https://openalex.org/W2103042216","https://openalex.org/W2110492388","https://openalex.org/W2123770058","https://openalex.org/W2125109784","https://openalex.org/W2128217000","https://openalex.org/W2129193087","https://openalex.org/W2137786570","https://openalex.org/W2161641280","https://openalex.org/W2743634147","https://openalex.org/W4285719527","https://openalex.org/W4299301436","https://openalex.org/W6604562088","https://openalex.org/W6635716266","https://openalex.org/W6638056121","https://openalex.org/W6678276135"],"related_works":["https://openalex.org/W1557094818","https://openalex.org/W2183246718","https://openalex.org/W2099261052","https://openalex.org/W3209204065","https://openalex.org/W2105707930","https://openalex.org/W1755711892","https://openalex.org/W2160907113","https://openalex.org/W2070813941","https://openalex.org/W3046510185","https://openalex.org/W2348583279"],"abstract_inverted_index":{"We":[0,18,34,52,84],"propose":[1],"a":[2,31,113,134,136],"host-based,":[3],"runtime":[4],"defense":[5],"against":[6],"worms":[7,69],"that":[8,86,105,126,129],"achieves":[9],"negligible":[10],"risk":[11],"of":[12,30,49,65,68,92,100,119],"false":[13],"positives":[14],"through":[15],"peer-to-peer":[16],"cooperation.":[17],"view":[19],"correlation":[20,36],"among":[21],"otherwise":[22],"independent":[23],"peers'":[24],"behavior":[25],"as":[26],"anomalous":[27],"behavior,":[28,95],"indication":[29],"fast-spreading":[32],"worm.":[33],"detect":[35],"by":[37],"exploiting":[38],"worms'":[39,47],"temporal":[40,44],"consistency,":[41],"similarity":[42],"(low":[43],"variance)":[45],"in":[46],"invocations":[48],"system":[50,101],"calls.":[51],"evaluate":[53],"our":[54],"ideas":[55],"on":[56],"Windows":[57],"XP":[58],"with":[59,97],"Service":[60],"Pack":[61],"2":[62],"using":[63],"traces":[64],"nine":[66],"variants":[67],"and":[70,77,117],"twenty-five":[71],"non-worms,":[72],"including":[73],"ten":[74],"commercial":[75],"applications":[76],"fifteen":[78],"processes":[79],"native":[80],"to":[81],"the":[82,120,127],"platform.":[83],"find":[85,125],"two":[87],"peers,":[88],"upon":[89],"exchanging":[90],"snapshots":[91],"their":[93],"internal":[94],"defined":[96],"frequency":[98],"distributions":[99],"calls,":[102],"can":[103],"decide":[104],"they":[106],"are,":[107],"more":[108],"likely":[109],"than":[110],"not,":[111],"executing":[112],"worm":[114],"between":[115],"76%":[116],"97%":[118],"time.":[121],"More":[122],"importantly,":[123],"we":[124],"probability":[128],"peers":[130],"might":[131],"err,":[132],"judging":[133],"non-worm":[135],"worm,":[137],"is":[138],"negligible.":[139]},"counts_by_year":[{"year":2018,"cited_by_count":1},{"year":2016,"cited_by_count":2},{"year":2015,"cited_by_count":2},{"year":2014,"cited_by_count":2},{"year":2013,"cited_by_count":4},{"year":2012,"cited_by_count":6}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}