{"id":"https://openalex.org/W2137365926","doi":"https://doi.org/10.1145/2338965.2336768","title":"A quantitative study of accuracy in system call-based malware detection","display_name":"A quantitative study of accuracy in system call-based malware detection","publication_year":2012,"publication_date":"2012-07-15","ids":{"openalex":"https://openalex.org/W2137365926","doi":"https://doi.org/10.1145/2338965.2336768","mag":"2137365926"},"language":"en","primary_location":{"id":"doi:10.1145/2338965.2336768","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2338965.2336768","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2012 International Symposium on Software Testing and Analysis","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Davide Canali","orcid":null},"institutions":[{"id":"https://openalex.org/I1902872","display_name":"EURECOM","ror":"https://ror.org/00sse7z02","country_code":"FR","type":"education","lineage":["https://openalex.org/I1902872","https://openalex.org/I205703379"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Davide Canali","raw_affiliation_strings":["EURECOM, France","EURECOM - France"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"EURECOM, France","institution_ids":["https://openalex.org/I1902872"]},{"raw_affiliation_string":"EURECOM - France","institution_ids":["https://openalex.org/I1902872"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5017862259","display_name":"Andrea Lanzi","orcid":"https://orcid.org/0000-0002-1544-3758"},"institutions":[{"id":"https://openalex.org/I1902872","display_name":"EURECOM","ror":"https://ror.org/00sse7z02","country_code":"FR","type":"education","lineage":["https://openalex.org/I1902872","https://openalex.org/I205703379"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Andrea Lanzi","raw_affiliation_strings":["EURECOM, France","EURECOM - France"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"EURECOM, France","institution_ids":["https://openalex.org/I1902872"]},{"raw_affiliation_string":"EURECOM - France","institution_ids":["https://openalex.org/I1902872"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5002025561","display_name":"Davide Balzarotti","orcid":"https://orcid.org/0000-0001-5957-6213"},"institutions":[{"id":"https://openalex.org/I1902872","display_name":"EURECOM","ror":"https://ror.org/00sse7z02","country_code":"FR","type":"education","lineage":["https://openalex.org/I1902872","https://openalex.org/I205703379"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Davide Balzarotti","raw_affiliation_strings":["EURECOM, France","EURECOM - France"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"EURECOM, France","institution_ids":["https://openalex.org/I1902872"]},{"raw_affiliation_string":"EURECOM - France","institution_ids":["https://openalex.org/I1902872"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5022177364","display_name":"Christopher Kruegel","orcid":"https://orcid.org/0000-0001-5140-3414"},"institutions":[{"id":"https://openalex.org/I154570441","display_name":"University of California, Santa Barbara","ror":"https://ror.org/02t274463","country_code":"US","type":"education","lineage":["https://openalex.org/I154570441"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Christopher Kruegel","raw_affiliation_strings":["UC Santa Barbara, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"UC Santa Barbara, USA","institution_ids":["https://openalex.org/I154570441"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050855162","display_name":"Mihai Christodorescu","orcid":"https://orcid.org/0000-0001-5808-8015"},"institutions":[{"id":"https://openalex.org/I4210156936","display_name":"IBM Research - Austin","ror":"https://ror.org/05gjbbg60","country_code":"US","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210114115","https://openalex.org/I4210156936"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mihai Christodorescu","raw_affiliation_strings":["IBM Research, USA","IBM Research - USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"IBM Research, USA","institution_ids":[]},{"raw_affiliation_string":"IBM Research - USA","institution_ids":["https://openalex.org/I4210156936"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5077875821","display_name":"Engin Kirda","orcid":"https://orcid.org/0000-0001-9988-6873"},"institutions":[{"id":"https://openalex.org/I12912129","display_name":"Northeastern University","ror":"https://ror.org/04t5xt781","country_code":"US","type":"education","lineage":["https://openalex.org/I12912129"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Engin Kirda","raw_affiliation_strings":["Northeastern University, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Northeastern University, USA","institution_ids":["https://openalex.org/I12912129"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":8.669,"has_fulltext":false,"cited_by_count":141,"citation_normalized_percentile":{"value":0.988364,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":95,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"122","last_page":"132"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9976999759674072,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9869999885559082,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8035650253295898},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7627643346786499},{"id":"https://openalex.org/keywords/sophistication","display_name":"Sophistication","score":0.6212481260299683},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5751599669456482},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.5157466530799866},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4678203761577606},{"id":"https://openalex.org/keywords/measure","display_name":"Measure (data warehouse)","score":0.45839038491249084},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.1540638506412506}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8035650253295898},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7627643346786499},{"id":"https://openalex.org/C168725872","wikidata":"https://www.wikidata.org/wiki/Q991663","display_name":"Sophistication","level":2,"score":0.6212481260299683},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5751599669456482},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.5157466530799866},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4678203761577606},{"id":"https://openalex.org/C2780009758","wikidata":"https://www.wikidata.org/wiki/Q6804172","display_name":"Measure (data warehouse)","level":2,"score":0.45839038491249084},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.1540638506412506},{"id":"https://openalex.org/C36289849","wikidata":"https://www.wikidata.org/wiki/Q34749","display_name":"Social science","level":1,"score":0.0},{"id":"https://openalex.org/C144024400","wikidata":"https://www.wikidata.org/wiki/Q21201","display_name":"Sociology","level":0,"score":0.0}],"mesh":[],"locations_count":7,"locations":[{"id":"doi:10.1145/2338965.2336768","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2338965.2336768","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2012 International Symposium on Software Testing and Analysis","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.259.6600","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.259.6600","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.iseclab.org/papers/detector.pdf","raw_type":"text"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.298.3220","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.298.3220","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.iseclab.org/people/andrew/download/issta2012.pdf","raw_type":"text"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.298.4527","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.298.4527","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.iseclab.org/people/dbalzarotti/download/issta12_detectors.pdf","raw_type":"text"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.937.6290","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.937.6290","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"https://www.researchgate.net/profile/Davide_Canali/publication/230553971_A_Quantitative_Study_of_Accuracy_in_System_Call-Based_Malware_Detection/links/0f3175321604f901ba000000.pdf","raw_type":"text"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.946.2444","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.946.2444","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"https://www.researchgate.net/profile/Davide_Canali/publication/230553971_A_Quantitative_Study_of_Accuracy_in_System_Call-Based_Malware_Detection/links/0f3175321604f901ba000000.pdf?origin%3Dpublication_detail","raw_type":"text"},{"id":"pmh:oai:fr.eurecom:3741","is_oa":false,"landing_page_url":"http://www.eurecom.fr/publication/3741","pdf_url":null,"source":{"id":"https://openalex.org/S4377196942","display_name":"Graduate School and Research Center in Digital Science (EURECOM)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1902872","host_organization_name":"EURECOM","host_organization_lineage":["https://openalex.org/I1902872"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"ISSTA 2012, International Symposium on Software Testing and Analysis, July 15-20, 2012, Minneapolis, MN, USA","raw_type":"Conference"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.41999998688697815}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":21,"referenced_works":["https://openalex.org/W1482228399","https://openalex.org/W1552906779","https://openalex.org/W1573286687","https://openalex.org/W1578351389","https://openalex.org/W1580559113","https://openalex.org/W1595564425","https://openalex.org/W1809063480","https://openalex.org/W1956767865","https://openalex.org/W1966150547","https://openalex.org/W2065339563","https://openalex.org/W2126985156","https://openalex.org/W2129193087","https://openalex.org/W2131523719","https://openalex.org/W2132874238","https://openalex.org/W2144112223","https://openalex.org/W2151135920","https://openalex.org/W2158167094","https://openalex.org/W2167671111","https://openalex.org/W2168519318","https://openalex.org/W6633127768","https://openalex.org/W6679033275"],"related_works":["https://openalex.org/W4241263575","https://openalex.org/W2317823609","https://openalex.org/W3130462184","https://openalex.org/W2902287117","https://openalex.org/W2401463593","https://openalex.org/W4318256508","https://openalex.org/W2349808627","https://openalex.org/W2391671934","https://openalex.org/W3023500690","https://openalex.org/W3124280623"],"abstract_inverted_index":{"Over":[0],"the":[1,11,28,39,49,62,70,75,90,105,111,133,180],"last":[2],"decade,":[3],"there":[4],"has":[5,195],"been":[6,24],"a":[7,65,99,114,123],"significant":[8],"increase":[9],"in":[10,46,74,83,129,161,166,170],"number":[12,125],"and":[13,18,69,183,194,201],"sophistication":[14],"of":[15,42,48,56,64,107,113,126,136,147],"malware-related":[16],"attacks":[17],"infections.":[19],"Many":[20],"detection":[21,36,44,92,171],"techniques":[22,37],"have":[23],"proposed":[25],"to":[26,79,85,102,142,168,196],"mitigate":[27],"malware":[29,115],"threat.":[30],"A":[31],"running":[32],"theme":[33],"among":[34],"existing":[35],"is":[38,177,187],"similar":[40],"promises":[41],"high":[43],"rates,":[45],"spite":[47],"wildly":[50],"different":[51,139],"models":[52,82,109,158],"(or":[53],"specification":[54],"classes)":[55],"malicious":[57],"activity":[58],"used.":[59],"In":[60,94],"addition,":[61],"lack":[63],"common":[66],"testing":[67,127,200],"methodology":[68],"limited":[71],"datasets":[72],"used":[73],"experiments":[76],"make":[77],"difficult":[78],"compare":[80],"these":[81],"order":[84],"determine":[86],"which":[87,130],"ones":[88],"yield":[89],"best":[91],"accuracy.":[93,172],"this":[95,119],"paper,":[96],"we":[97,131],"present":[98],"systematic":[100],"approach":[101],"measure":[103],"how":[104,162],"choice":[106],"behavioral":[108],"influences":[110],"quality":[112],"detector.":[116],"We":[117],"tackle":[118],"problem":[120],"by":[121,199],"executing":[122],"large":[124],"experiments,":[128],"explored":[132],"parameter":[134],"space":[135],"over":[137],"200":[138],"models,":[140],"corresponding":[141],"more":[143],"than":[144],"220":[145],"million":[146],"signatures.":[148],"Our":[149],"results":[150],"suggest":[151],"that":[152,175,184],"commonly":[153],"held":[154],"beliefs":[155],"about":[156],"simple":[157],"are":[159],"incorrect":[160],"they":[163],"relate":[164],"changes":[165,169],"complexity":[167],"This":[173],"implies":[174],"accuracy":[176],"non-linear":[178],"across":[179],"model":[181],"space,":[182],"analytical":[185],"reasoning":[186],"insufficient":[188],"for":[189],"finding":[190],"an":[191],"optimal":[192],"model,":[193],"be":[197],"supplemented":[198],"empirical":[202],"measurements.":[203]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":6},{"year":2022,"cited_by_count":11},{"year":2021,"cited_by_count":8},{"year":2020,"cited_by_count":11},{"year":2019,"cited_by_count":13},{"year":2018,"cited_by_count":18},{"year":2017,"cited_by_count":17},{"year":2016,"cited_by_count":13},{"year":2015,"cited_by_count":18},{"year":2014,"cited_by_count":12},{"year":2013,"cited_by_count":5}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}