{"id":"https://openalex.org/W2011009207","doi":"https://doi.org/10.1145/1774088.1774505","title":"Detecting metamorphic malwares using code graphs","display_name":"Detecting metamorphic malwares using code graphs","publication_year":2010,"publication_date":"2010-03-22","ids":{"openalex":"https://openalex.org/W2011009207","doi":"https://doi.org/10.1145/1774088.1774505","mag":"2011009207"},"language":"en","primary_location":{"id":"doi:10.1145/1774088.1774505","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1774088.1774505","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2010 ACM Symposium on Applied Computing","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5009761760","display_name":"Jusuk Lee","orcid":"https://orcid.org/0000-0002-1100-9268"},"institutions":[{"id":"https://openalex.org/I197347611","display_name":"Korea University","ror":"https://ror.org/047dqcg40","country_code":"KR","type":"education","lineage":["https://openalex.org/I197347611"]}],"countries":["KR"],"is_corresponding":true,"raw_author_name":"Jusuk Lee","raw_affiliation_strings":["Korea University, Seoul, Korea"],"affiliations":[{"raw_affiliation_string":"Korea University, Seoul, Korea","institution_ids":["https://openalex.org/I197347611"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103412850","display_name":"Kyoochang Jeong","orcid":null},"institutions":[{"id":"https://openalex.org/I197347611","display_name":"Korea University","ror":"https://ror.org/047dqcg40","country_code":"KR","type":"education","lineage":["https://openalex.org/I197347611"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Kyoochang Jeong","raw_affiliation_strings":["Korea University, Seoul, Korea"],"affiliations":[{"raw_affiliation_string":"Korea University, Seoul, Korea","institution_ids":["https://openalex.org/I197347611"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101630726","display_name":"Heejo Lee","orcid":"https://orcid.org/0000-0002-5831-0787"},"institutions":[{"id":"https://openalex.org/I197347611","display_name":"Korea University","ror":"https://ror.org/047dqcg40","country_code":"KR","type":"education","lineage":["https://openalex.org/I197347611"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Heejo Lee","raw_affiliation_strings":["Korea University, Seoul, Korea"],"affiliations":[{"raw_affiliation_string":"Korea University, Seoul, Korea","institution_ids":["https://openalex.org/I197347611"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5009761760"],"corresponding_institution_ids":["https://openalex.org/I197347611"],"apc_list":null,"apc_paid":null,"fwci":6.7427,"has_fulltext":false,"cited_by_count":99,"citation_normalized_percentile":{"value":0.97276618,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"1970","last_page":"1977"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9940000176429749,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8926674127578735},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8327232599258423},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.7735780477523804},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.48925161361694336},{"id":"https://openalex.org/keywords/cryptovirology","display_name":"Cryptovirology","score":0.48289918899536133},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.45004093647003174},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.4230080246925354},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.39875438809394836},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.373159259557724},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.35512226819992065}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8926674127578735},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8327232599258423},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.7735780477523804},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.48925161361694336},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.48289918899536133},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.45004093647003174},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.4230080246925354},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.39875438809394836},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.373159259557724},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.35512226819992065}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/1774088.1774505","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1774088.1774505","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2010 ACM Symposium on Applied Computing","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.5400000214576721}],"awards":[{"id":"https://openalex.org/G1534000576","display_name":null,"funder_award_id":"NIOA-2009-(C1090-0902-0016)","funder_id":"https://openalex.org/F4320322065","funder_display_name":"National IT Industry Promotion Agency"},{"id":"https://openalex.org/G4134712134","display_name":null,"funder_award_id":"NIOA-2009-(C1090-0902-0016)","funder_id":"https://openalex.org/F4320321640","funder_display_name":"Ministry of Knowledge Economy"},{"id":"https://openalex.org/G5769697729","display_name":null,"funder_award_id":"2009-KI002090","funder_id":"https://openalex.org/F4320334879","funder_display_name":"Korea Evaluation Institute of Industrial Technology"},{"id":"https://openalex.org/G6221737495","display_name":null,"funder_award_id":"2009-KI002090","funder_id":"https://openalex.org/F4320321640","funder_display_name":"Ministry of Knowledge Economy"}],"funders":[{"id":"https://openalex.org/F4320321640","display_name":"Ministry of Knowledge Economy","ror":"https://ror.org/008nkqk13"},{"id":"https://openalex.org/F4320322065","display_name":"National IT Industry Promotion Agency","ror":"https://ror.org/026v53e29"},{"id":"https://openalex.org/F4320334879","display_name":"Korea Evaluation Institute of Industrial Technology","ror":"https://ror.org/03z9cwa38"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":25,"referenced_works":["https://openalex.org/W162399341","https://openalex.org/W1503224444","https://openalex.org/W1582350176","https://openalex.org/W1591966580","https://openalex.org/W1916732574","https://openalex.org/W1966150547","https://openalex.org/W1989255635","https://openalex.org/W2096725584","https://openalex.org/W2099053789","https://openalex.org/W2099194862","https://openalex.org/W2111038628","https://openalex.org/W2117030266","https://openalex.org/W2122471594","https://openalex.org/W2131523719","https://openalex.org/W2132504937","https://openalex.org/W2132874238","https://openalex.org/W2138471478","https://openalex.org/W2139212933","https://openalex.org/W2143807210","https://openalex.org/W2144112223","https://openalex.org/W2150423842","https://openalex.org/W2409664136","https://openalex.org/W2734353507","https://openalex.org/W3193477162","https://openalex.org/W4249477738"],"related_works":["https://openalex.org/W2900526031","https://openalex.org/W4296272594","https://openalex.org/W4360993664","https://openalex.org/W2465235098","https://openalex.org/W2470029541","https://openalex.org/W2470502009","https://openalex.org/W2167003418","https://openalex.org/W2728713145","https://openalex.org/W2171035369","https://openalex.org/W2507496997"],"abstract_inverted_index":{"Malware":[0,21],"writers":[1,16,22],"and":[2,35,157,177],"detectors":[3],"have":[4,23],"been":[5],"running":[6],"an":[7,77,170],"endless":[8],"battle.":[9],"Self-defense":[10],"is":[11,80,204],"the":[12,27,84,93,97,102,107,120,123,140,146,151,162,207],"weapon":[13],"most":[14],"malware":[15,19,74,79,108],"prepare":[17],"against":[18],"detectors.":[20],"tried":[24],"to":[25,48,53,72,82,118,131,193],"evade":[26,184],"improved":[28],"detection":[29,66,172],"techniques":[30,45,71],"of":[31,86,106,122,139,153,174,214],"anti-virus(AV)":[32],"products.":[33],"Packing":[34],"code":[36,88,133,147],"obfuscation":[37],"are":[38,46,51],"two":[39],"popular":[40],"evasion":[41],"techniques.":[42],"When":[43],"these":[44,69],"applied":[47],"malwares,":[49],"they":[50,219],"able":[52,81],"change":[54,83],"their":[55,60],"instruction":[56],"sequence":[57,105],"while":[58,89],"maintaining":[59],"intended":[61],"function.":[62],"We":[63,100,143],"propose":[64],"a":[65,110,115,132,154,211],"mechanism":[67,95,164,168,209],"defeating":[68],"self-defense":[70],"improve":[73],"detection.":[75],"Since":[76],"obfuscated":[78],"syntax":[85],"its":[87,91],"preserving":[90],"semantics,":[92],"proposed":[94,141,163,208],"uses":[96],"semantic":[98,121,137],"invariant.":[99],"convert":[101],"API":[103],"call":[104,116,126],"into":[109],"graph,":[111,117],"commonly":[112],"known":[113],"as":[114],"extract":[119],"malware.":[124],"The":[125,167],"graph":[127,134,148],"can":[128,149,183],"be":[129],"reduced":[130],"used":[135],"for":[136],"signatures":[138],"mechanism.":[142],"show":[144,191],"that":[145,182,206],"represent":[150],"characteristics":[152],"program":[155,198],"exactly":[156],"uniquely.":[158],"Next,":[159],"we":[160,190],"evaluate":[161],"by":[165,196],"experiment.":[166],"has":[169],"91%":[171],"ratio":[173],"real-world":[175],"malwares":[176,181,195,216],"detects":[178],"300":[179],"metamorphic":[180],"AV":[185],"scanners.":[186],"In":[187],"this":[188],"paper,":[189],"how":[192],"analyze":[194],"extracting":[197],"semantics":[199],"using":[200],"static":[201],"analysis.":[202],"It":[203],"shown":[205],"provides":[210],"high":[212],"possibility":[213],"detecting":[215],"even":[217],"when":[218],"attempt":[220],"self-protection.":[221]},"counts_by_year":[{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":7},{"year":2020,"cited_by_count":5},{"year":2019,"cited_by_count":10},{"year":2018,"cited_by_count":9},{"year":2017,"cited_by_count":10},{"year":2016,"cited_by_count":8},{"year":2015,"cited_by_count":14},{"year":2014,"cited_by_count":9},{"year":2013,"cited_by_count":10},{"year":2012,"cited_by_count":9}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}