{"id":"https://openalex.org/W2151895509","doi":"https://doi.org/10.1145/1179542.1179557","title":"Signature metrics for accurate and automated worm detection","display_name":"Signature metrics for accurate and automated worm detection","publication_year":2006,"publication_date":"2006-11-03","ids":{"openalex":"https://openalex.org/W2151895509","doi":"https://doi.org/10.1145/1179542.1179557","mag":"2151895509"},"language":"en","primary_location":{"id":"doi:10.1145/1179542.1179557","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1179542.1179557","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 4th ACM workshop on Recurring malcode","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5031364854","display_name":"Prem Gopalan","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Prem Gopalan","raw_affiliation_strings":["Mazu Networks"],"affiliations":[{"raw_affiliation_string":"Mazu Networks","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050964830","display_name":"Kyle Jamieson","orcid":"https://orcid.org/0000-0002-7940-2867"},"institutions":[{"id":"https://openalex.org/I63966007","display_name":"Massachusetts Institute of Technology","ror":"https://ror.org/042nb2s44","country_code":"US","type":"education","lineage":["https://openalex.org/I63966007"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kyle Jamieson","raw_affiliation_strings":["Massachusetts Institute of Technology"],"affiliations":[{"raw_affiliation_string":"Massachusetts Institute of Technology","institution_ids":["https://openalex.org/I63966007"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5065096878","display_name":"Panayiotis Mavrommatis","orcid":null},"institutions":[{"id":"https://openalex.org/I63966007","display_name":"Massachusetts Institute of Technology","ror":"https://ror.org/042nb2s44","country_code":"US","type":"education","lineage":["https://openalex.org/I63966007"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Panayiotis Mavrommatis","raw_affiliation_strings":["Massachusetts Institute of Technology"],"affiliations":[{"raw_affiliation_string":"Massachusetts Institute of Technology","institution_ids":["https://openalex.org/I63966007"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5027593529","display_name":"Massimiliano Poletto","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Massimiliano Poletto","raw_affiliation_strings":["Mazu Networks"],"affiliations":[{"raw_affiliation_string":"Mazu Networks","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5031364854"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":1.5769,"has_fulltext":false,"cited_by_count":8,"citation_normalized_percentile":{"value":0.85987595,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"65","last_page":"72"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.8786019086837769},{"id":"https://openalex.org/keywords/payload","display_name":"Payload (computing)","score":0.8596583604812622},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7716693878173828},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.6685770750045776},{"id":"https://openalex.org/keywords/signature","display_name":"Signature (topology)","score":0.6254193186759949},{"id":"https://openalex.org/keywords/true-positive-rate","display_name":"True positive rate","score":0.5704930424690247},{"id":"https://openalex.org/keywords/false-positives-and-false-negatives","display_name":"False positives and false negatives","score":0.44934356212615967},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.2897564470767975},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2495688796043396},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.07842123508453369}],"concepts":[{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.8786019086837769},{"id":"https://openalex.org/C134066672","wikidata":"https://www.wikidata.org/wiki/Q1424639","display_name":"Payload (computing)","level":3,"score":0.8596583604812622},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7716693878173828},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.6685770750045776},{"id":"https://openalex.org/C2779696439","wikidata":"https://www.wikidata.org/wiki/Q7512811","display_name":"Signature (topology)","level":2,"score":0.6254193186759949},{"id":"https://openalex.org/C2989486834","wikidata":"https://www.wikidata.org/wiki/Q3808900","display_name":"True positive rate","level":2,"score":0.5704930424690247},{"id":"https://openalex.org/C112789634","wikidata":"https://www.wikidata.org/wiki/Q18207010","display_name":"False positives and false negatives","level":3,"score":0.44934356212615967},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2897564470767975},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2495688796043396},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.07842123508453369},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/1179542.1179557","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1179542.1179557","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 4th ACM workshop on Recurring malcode","raw_type":"proceedings-article"},{"id":"pmh:oai:eprints.ucl.ac.uk.OAI2:75834","is_oa":false,"landing_page_url":"http://discovery.ucl.ac.uk/75834/","pdf_url":null,"source":{"id":"https://openalex.org/S4306400024","display_name":"UCL Discovery (University College London)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I45129253","host_organization_name":"University College London","host_organization_lineage":["https://openalex.org/I45129253"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"     In:    (pp. pp. 65-72).   (2006)     ","raw_type":"Proceedings paper"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320331904","display_name":"Stony Brook University","ror":"https://ror.org/05qghxh33"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":24,"referenced_works":["https://openalex.org/W88694106","https://openalex.org/W186942752","https://openalex.org/W1597305440","https://openalex.org/W1601184934","https://openalex.org/W1614703486","https://openalex.org/W1674877186","https://openalex.org/W1744212210","https://openalex.org/W1993284846","https://openalex.org/W2010365467","https://openalex.org/W2023955403","https://openalex.org/W2033811087","https://openalex.org/W2096007208","https://openalex.org/W2102399005","https://openalex.org/W2102970979","https://openalex.org/W2103315222","https://openalex.org/W2134006599","https://openalex.org/W2137754263","https://openalex.org/W2137786570","https://openalex.org/W2165100126","https://openalex.org/W4246911711","https://openalex.org/W4254762831","https://openalex.org/W6635716266","https://openalex.org/W6648522431","https://openalex.org/W7066491068"],"related_works":["https://openalex.org/W1557094818","https://openalex.org/W3129715955","https://openalex.org/W4287692494","https://openalex.org/W2183246718","https://openalex.org/W2099261052","https://openalex.org/W1973412793","https://openalex.org/W2027184711","https://openalex.org/W4226316650","https://openalex.org/W2951146195","https://openalex.org/W3047594718"],"abstract_inverted_index":{"This":[0],"paper":[1],"presents":[2],"two":[3],"simple":[4],"algorithms,":[5,21],"TreeCount":[6,73],"and":[7,16,60,85,92,98],"SenderCount":[8,94],"that":[9,35],"detect":[10,54],"a":[11,99],"broad":[12],"range":[13],"of":[14,39,56,67],"exploit-based":[15],"email":[17,96],"worms,":[18,41],"respectively.":[19],"These":[20],"when":[22],"combined":[23],"with":[24,81],"automated":[25],"payload":[26,31],"fingerprinting,":[27],"generate":[28],"precise":[29],"worm":[30],"signatures.":[32],"We":[33],"show":[34],"fundamental":[36],"traffic":[37,69],"properties":[38],"most":[40],"such":[42],"as":[43],"infected":[44],"hosts'":[45],"attempts":[46],"to":[47,53],"propagate":[48],"the":[49,78],"worm,":[50],"can":[51],"serve":[52],"signatures":[55,76],"non-polymorphic":[57],"worms":[58,89,97],"reliably":[59],"rapidly.Our":[61],"prototype":[62],"monitored":[63],"over":[64],"200":[65],"Mb/s":[66],"university":[68],"for":[70],"3":[71],"months.":[72],"generated":[74],"new":[75],"during":[77],"Zotob":[79],"outbreak":[80],"no":[82],"false":[83,105],"positives,":[84],"also":[86],"identified":[87,95],"known":[88],"like":[90],"Sasser":[91],"Phatbot.":[93],"spam":[100],"cluster,":[101],"while":[102],"generating":[103],"\u223c2":[104],"positives/hour.":[106]},"counts_by_year":[{"year":2013,"cited_by_count":1},{"year":2012,"cited_by_count":1}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}