{"id":"https://openalex.org/W1984205382","doi":"https://doi.org/10.1145/2388576.2388591","title":"Classification of polymorphic and metamorphic malware samples based on their behavior","display_name":"Classification of polymorphic and metamorphic malware samples based on their behavior","publication_year":2012,"publication_date":"2012-10-25","ids":{"openalex":"https://openalex.org/W1984205382","doi":"https://doi.org/10.1145/2388576.2388591","mag":"1984205382"},"language":"en","primary_location":{"id":"doi:10.1145/2388576.2388591","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2388576.2388591","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Fifth International Conference on Security of Information and Networks","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5015980679","display_name":"Ksenia Tsyganok","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Ksenia Tsyganok","raw_affiliation_strings":["South. Fed. Univ., Taganrog, Russia"],"affiliations":[{"raw_affiliation_string":"South. Fed. Univ., Taganrog, Russia","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5068007583","display_name":"Evgeny Tumoyan","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Evgeny Tumoyan","raw_affiliation_strings":["South. Fed. Univ., Taganrog, Russia"],"affiliations":[{"raw_affiliation_string":"South. Fed. Univ., Taganrog, Russia","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5037382667","display_name":"Liudmila Babenko","orcid":"https://orcid.org/0000-0003-2353-7911"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liudmila Babenko","raw_affiliation_strings":["South. Fed. Univ., Taganrog, Russia"],"affiliations":[{"raw_affiliation_string":"South. Fed. Univ., Taganrog, Russia","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5074125567","display_name":"Maxim Anikeev","orcid":"https://orcid.org/0000-0002-4959-2663"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Maxim Anikeev","raw_affiliation_strings":["South. Fed. Univ., Taganrog, Russia"],"affiliations":[{"raw_affiliation_string":"South. Fed. Univ., Taganrog, Russia","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5015980679"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":1.2242,"has_fulltext":false,"cited_by_count":13,"citation_normalized_percentile":{"value":0.81672666,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"111","last_page":"116"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9925000071525574,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9812999963760376,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7137637138366699},{"id":"https://openalex.org/keywords/metamorphic-rock","display_name":"Metamorphic rock","score":0.6350482702255249},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6021981835365295},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3777410686016083},{"id":"https://openalex.org/keywords/geology","display_name":"Geology","score":0.27830028533935547},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2433265745639801},{"id":"https://openalex.org/keywords/geochemistry","display_name":"Geochemistry","score":0.22421333193778992}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7137637138366699},{"id":"https://openalex.org/C26687426","wikidata":"https://www.wikidata.org/wiki/Q47069","display_name":"Metamorphic rock","level":2,"score":0.6350482702255249},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6021981835365295},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3777410686016083},{"id":"https://openalex.org/C127313418","wikidata":"https://www.wikidata.org/wiki/Q1069","display_name":"Geology","level":0,"score":0.27830028533935547},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2433265745639801},{"id":"https://openalex.org/C17409809","wikidata":"https://www.wikidata.org/wiki/Q161764","display_name":"Geochemistry","level":1,"score":0.22421333193778992}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2388576.2388591","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2388576.2388591","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Fifth International Conference on Security of Information and Networks","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":9,"referenced_works":["https://openalex.org/W1540198462","https://openalex.org/W1916732574","https://openalex.org/W1971505071","https://openalex.org/W1989255635","https://openalex.org/W2042454716","https://openalex.org/W2051223603","https://openalex.org/W2110978214","https://openalex.org/W2113076747","https://openalex.org/W2752885492"],"related_works":["https://openalex.org/W2748952813","https://openalex.org/W2097492617","https://openalex.org/W2753240997","https://openalex.org/W2388869842","https://openalex.org/W1764168690","https://openalex.org/W2537959205","https://openalex.org/W2740895074","https://openalex.org/W2772446090","https://openalex.org/W3152891574","https://openalex.org/W2249809453"],"abstract_inverted_index":{"This":[0],"work":[1],"proposes":[2],"a":[3,15],"new":[4],"method":[5,41],"of":[6],"malware":[7,46],"classification":[8],"based":[9],"on":[10],"behavior":[11],"features.":[12],"We":[13],"developed":[14],"proximity":[16],"measure":[17],"for":[18,38],"programs,":[19],"which":[20],"takes":[21],"into":[22],"account":[23],"WinAPI":[24],"calls,":[25],"their":[26],"arguments,":[27],"and":[28],"files":[29],"handled":[30],"by":[31],"these":[32],"programs.":[33],"Cluster":[34],"analysis":[35],"is":[36],"used":[37],"grouping.":[39],"The":[40],"was":[42],"tested":[43],"with":[44],"actual":[45],"samples.":[47]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":3},{"year":2017,"cited_by_count":2},{"year":2015,"cited_by_count":3},{"year":2014,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}