{"id":"https://openalex.org/W2042454716","doi":"https://doi.org/10.1145/1342211.1342215","title":"Mining specifications of malicious behavior","display_name":"Mining specifications of malicious behavior","publication_year":2008,"publication_date":"2008-02-19","ids":{"openalex":"https://openalex.org/W2042454716","doi":"https://doi.org/10.1145/1342211.1342215","mag":"2042454716"},"language":"en","primary_location":{"id":"doi:10.1145/1342211.1342215","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1342211.1342215","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 1st India software engineering conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5050855162","display_name":"Mihai Christodorescu","orcid":"https://orcid.org/0000-0001-5808-8015"},"institutions":[{"id":"https://openalex.org/I1341412227","display_name":"IBM (United States)","ror":"https://ror.org/05hh8d621","country_code":"US","type":"company","lineage":["https://openalex.org/I1341412227"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Mihai Christodorescu","raw_affiliation_strings":["IBM Research, Hawthorne, NY","[IBM Research, Hawthorne, NY]"],"affiliations":[{"raw_affiliation_string":"IBM Research, Hawthorne, NY","institution_ids":["https://openalex.org/I1341412227"]},{"raw_affiliation_string":"[IBM Research, Hawthorne, NY]","institution_ids":["https://openalex.org/I1341412227"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088826068","display_name":"Somesh Jha","orcid":"https://orcid.org/0000-0001-5877-0436"},"institutions":[{"id":"https://openalex.org/I135310074","display_name":"University of Wisconsin\u2013Madison","ror":"https://ror.org/01y2jtd41","country_code":"US","type":"education","lineage":["https://openalex.org/I135310074"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Somesh Jha","raw_affiliation_strings":["University of Wisconsin, Madison, WI","University of Wisconsin - Madison WI#TAB#"],"affiliations":[{"raw_affiliation_string":"University of Wisconsin, Madison, WI","institution_ids":["https://openalex.org/I135310074"]},{"raw_affiliation_string":"University of Wisconsin - Madison WI#TAB#","institution_ids":["https://openalex.org/I135310074"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5022177364","display_name":"Christopher Kruegel","orcid":"https://orcid.org/0000-0001-5140-3414"},"institutions":[{"id":"https://openalex.org/I121760703","display_name":"University of Applied Sciences Technikum Wien","ror":"https://ror.org/04jsx0x49","country_code":"AT","type":"education","lineage":["https://openalex.org/I121760703"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Christopher Kruegel","raw_affiliation_strings":["Technical University, Vienna, Austria"],"affiliations":[{"raw_affiliation_string":"Technical University, Vienna, Austria","institution_ids":["https://openalex.org/I121760703"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5050855162"],"corresponding_institution_ids":["https://openalex.org/I1341412227"],"apc_list":null,"apc_paid":null,"fwci":11.0152,"has_fulltext":false,"cited_by_count":141,"citation_normalized_percentile":{"value":0.98775244,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"5","last_page":"14"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9977999925613403,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.678591787815094},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.37780407071113586}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.678591787815094},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.37780407071113586}],"mesh":[],"locations_count":5,"locations":[{"id":"doi:10.1145/1342211.1342215","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1342211.1342215","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 1st India software engineering conference","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.187.6235","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.187.6235","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.cs.wisc.edu/%7Emihai/publications/Mining%20Specifications%20of%20Malicious%20Behavior/Mining%20Specifications%20of%20Malicious%20Behavior.pdf","raw_type":"text"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.523.4719","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.523.4719","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.cs.ucdavis.edu/~devanbu/teaching/289/Schedule_files/Mining Specifications of Malicious Behavior-1.pdf","raw_type":"text"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.66.6878","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.66.6878","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.auto.tuwien.ac.at/~chris/research/doc/esec07_mining.pdf","raw_type":"text"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.68.7834","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.68.7834","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://pag.lcs.mit.edu/reading-group/christodorescu07mining.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/8","score":0.6299999952316284,"display_name":"Decent work and economic growth"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":29,"referenced_works":["https://openalex.org/W123548525","https://openalex.org/W126505109","https://openalex.org/W161183723","https://openalex.org/W1570533264","https://openalex.org/W1593203335","https://openalex.org/W1664285496","https://openalex.org/W1832277845","https://openalex.org/W1966150547","https://openalex.org/W1973828066","https://openalex.org/W2023288969","https://openalex.org/W2054520963","https://openalex.org/W2096522207","https://openalex.org/W2106649514","https://openalex.org/W2113371678","https://openalex.org/W2114067856","https://openalex.org/W2117030266","https://openalex.org/W2118528519","https://openalex.org/W2131523719","https://openalex.org/W2132504937","https://openalex.org/W2138756793","https://openalex.org/W2154933195","https://openalex.org/W2156841542","https://openalex.org/W2158167094","https://openalex.org/W2295399529","https://openalex.org/W3151756653","https://openalex.org/W4212999859","https://openalex.org/W4285719527","https://openalex.org/W6677084613","https://openalex.org/W6685837280"],"related_works":["https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W2382290278","https://openalex.org/W2478288626","https://openalex.org/W4391913857","https://openalex.org/W2350741829","https://openalex.org/W2530322880"],"abstract_inverted_index":{"Malware":[0],"detectors":[1,85],"require":[2],"a":[3,31,39,47,62,70,94,102,119],"specification":[4,32],"of":[5,38,46,49,72,77,97],"maliciousbehavior.":[6],"Typically,":[7],"these":[8],"specifications":[9],"are":[10],"manually":[11],"constructedby":[12],"investigating":[13],"known":[14,40,63],"malware.":[15,115],"We":[16,116],"present":[17,60,68,100],"an":[18],"automatic":[19],"technique":[20,28],"to":[21,86,152],"overcome":[22],"this":[23],"laborious":[24],"manual":[25],"process.":[26],"Our":[27],"derives":[29],"such":[30],"by":[33,83,109],"comparing":[34],"the":[35,43,57,114],"execution":[36,44],"behavior":[37,59,99],"malware":[41,64,84,88,130,154],"against":[42],"behaviors":[45,147],"set":[48,71],"benign":[50,73],"programs.":[51,74,131],"In":[52],"other":[53],"words,":[54],"we":[55],"mine":[56],"malicious":[58,98,146],"in":[61,69,101,144],"that":[65,139,148],"is":[66,142],"not":[67],"The":[75],"output":[76],"our":[78,91,123,136,140],"algorithm":[79,92,124,141],"can":[80,105,149],"be":[81,107,150],"used":[82,108,151],"detect":[87,153],"variants.":[89],"Since":[90],"provides":[93],"succinct":[95],"description":[96],"malware,":[103],"it":[104,127],"also":[106],"security":[110],"analysts":[111],"for":[112],"understanding":[113],"have":[117],"implemented":[118],"prototype":[120,137],"based":[121],"on":[122,128],"and":[125],"tested":[126],"several":[129],"Experimental":[132],"results":[133],"obtained":[134],"from":[135],"indicate":[138],"effective":[143],"extracting":[145],"variants":[155]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":4},{"year":2020,"cited_by_count":5},{"year":2019,"cited_by_count":6},{"year":2018,"cited_by_count":8},{"year":2017,"cited_by_count":17},{"year":2016,"cited_by_count":13},{"year":2015,"cited_by_count":15},{"year":2014,"cited_by_count":11},{"year":2013,"cited_by_count":8},{"year":2012,"cited_by_count":12}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}