{"id":"https://openalex.org/W2166844173","doi":"https://doi.org/10.1145/2485922.2485970","title":"On the feasibility of online malware detection with performance counters","display_name":"On the feasibility of online malware detection with performance counters","publication_year":2013,"publication_date":"2013-06-23","ids":{"openalex":"https://openalex.org/W2166844173","doi":"https://doi.org/10.1145/2485922.2485970","mag":"2166844173"},"language":"en","primary_location":{"id":"doi:10.1145/2485922.2485970","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2485922.2485970","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 40th Annual International Symposium on Computer Architecture","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5010439953","display_name":"John Demme","orcid":null},"institutions":[{"id":"https://openalex.org/I78577930","display_name":"Columbia University","ror":"https://ror.org/00hj8s172","country_code":"US","type":"education","lineage":["https://openalex.org/I78577930"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"John Demme","raw_affiliation_strings":["Columbia University, NY"],"affiliations":[{"raw_affiliation_string":"Columbia University, NY","institution_ids":["https://openalex.org/I78577930"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5009882681","display_name":"Matthew Maycock","orcid":null},"institutions":[{"id":"https://openalex.org/I78577930","display_name":"Columbia University","ror":"https://ror.org/00hj8s172","country_code":"US","type":"education","lineage":["https://openalex.org/I78577930"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Matthew Maycock","raw_affiliation_strings":["Columbia University, NY"],"affiliations":[{"raw_affiliation_string":"Columbia University, NY","institution_ids":["https://openalex.org/I78577930"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5089900907","display_name":"Jared Schmitz","orcid":null},"institutions":[{"id":"https://openalex.org/I78577930","display_name":"Columbia University","ror":"https://ror.org/00hj8s172","country_code":"US","type":"education","lineage":["https://openalex.org/I78577930"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jared Schmitz","raw_affiliation_strings":["Columbia University, NY"],"affiliations":[{"raw_affiliation_string":"Columbia University, NY","institution_ids":["https://openalex.org/I78577930"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5079757794","display_name":"Adrian Tang","orcid":"https://orcid.org/0000-0001-5569-4490"},"institutions":[{"id":"https://openalex.org/I78577930","display_name":"Columbia University","ror":"https://ror.org/00hj8s172","country_code":"US","type":"education","lineage":["https://openalex.org/I78577930"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Adrian Tang","raw_affiliation_strings":["Columbia University, NY"],"affiliations":[{"raw_affiliation_string":"Columbia University, NY","institution_ids":["https://openalex.org/I78577930"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029618009","display_name":"Adam Waksman","orcid":null},"institutions":[{"id":"https://openalex.org/I78577930","display_name":"Columbia University","ror":"https://ror.org/00hj8s172","country_code":"US","type":"education","lineage":["https://openalex.org/I78577930"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Adam Waksman","raw_affiliation_strings":["Columbia University, NY"],"affiliations":[{"raw_affiliation_string":"Columbia University, NY","institution_ids":["https://openalex.org/I78577930"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5030436580","display_name":"Simha Sethumadhavan","orcid":"https://orcid.org/0000-0002-6180-7153"},"institutions":[{"id":"https://openalex.org/I78577930","display_name":"Columbia University","ror":"https://ror.org/00hj8s172","country_code":"US","type":"education","lineage":["https://openalex.org/I78577930"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Simha Sethumadhavan","raw_affiliation_strings":["Columbia University, NY"],"affiliations":[{"raw_affiliation_string":"Columbia University, NY","institution_ids":["https://openalex.org/I78577930"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5084213178","display_name":"Salvatore J. Stolfo","orcid":"https://orcid.org/0000-0003-1611-0100"},"institutions":[{"id":"https://openalex.org/I78577930","display_name":"Columbia University","ror":"https://ror.org/00hj8s172","country_code":"US","type":"education","lineage":["https://openalex.org/I78577930"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Salvatore Stolfo","raw_affiliation_strings":["Columbia University, NY"],"affiliations":[{"raw_affiliation_string":"Columbia University, NY","institution_ids":["https://openalex.org/I78577930"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5010439953"],"corresponding_institution_ids":["https://openalex.org/I78577930"],"apc_list":null,"apc_paid":null,"fwci":17.0428,"has_fulltext":false,"cited_by_count":331,"citation_normalized_percentile":{"value":0.99527241,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"559","last_page":"570"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9919999837875366,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.9663917422294617},{"id":"https://openalex.org/keywords/rootkit","display_name":"Rootkit","score":0.882634699344635},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.7908225059509277},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7402042746543884},{"id":"https://openalex.org/keywords/computer-virus","display_name":"Computer virus","score":0.674002468585968},{"id":"https://openalex.org/keywords/anti-virus","display_name":"Anti virus","score":0.6612829566001892},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.6577924489974976},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6440014839172363},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.6149395108222961},{"id":"https://openalex.org/keywords/phishing","display_name":"Phishing","score":0.48742249608039856},{"id":"https://openalex.org/keywords/cryptovirology","display_name":"Cryptovirology","score":0.45403146743774414},{"id":"https://openalex.org/keywords/security-bug","display_name":"Security bug","score":0.43125271797180176},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.38268429040908813},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.28113824129104614},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.24988406896591187},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.13310688734054565}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.9663917422294617},{"id":"https://openalex.org/C10144332","wikidata":"https://www.wikidata.org/wiki/Q14645","display_name":"Rootkit","level":3,"score":0.882634699344635},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.7908225059509277},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7402042746543884},{"id":"https://openalex.org/C19407854","wikidata":"https://www.wikidata.org/wiki/Q485","display_name":"Computer virus","level":2,"score":0.674002468585968},{"id":"https://openalex.org/C2983655198","wikidata":"https://www.wikidata.org/wiki/Q93249","display_name":"Anti virus","level":2,"score":0.6612829566001892},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.6577924489974976},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6440014839172363},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.6149395108222961},{"id":"https://openalex.org/C83860907","wikidata":"https://www.wikidata.org/wiki/Q135005","display_name":"Phishing","level":3,"score":0.48742249608039856},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.45403146743774414},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.43125271797180176},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.38268429040908813},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.28113824129104614},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.24988406896591187},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.13310688734054565},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0},{"id":"https://openalex.org/C159047783","wikidata":"https://www.wikidata.org/wiki/Q7215","display_name":"Virology","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/2485922.2485970","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2485922.2485970","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 40th Annual International Symposium on Computer Architecture","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.295.7927","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.295.7927","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.cs.columbia.edu/~simha/preprint_isca13_malware.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G2717731302","display_name":null,"funder_award_id":"CCF/TC 1054844","funder_id":"https://openalex.org/F4320337387","funder_display_name":"Division of Computing and Communication Foundations"},{"id":"https://openalex.org/G3381184825","display_name":null,"funder_award_id":"FA 99500910389","funder_id":"https://openalex.org/F4320338279","funder_display_name":"Air Force Office of Scientific Research"},{"id":"https://openalex.org/G5948255975","display_name":null,"funder_award_id":"FA 865011C7190, FA 87501020253","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"}],"funders":[{"id":"https://openalex.org/F4320306151","display_name":"Alfred P. Sloan Foundation","ror":"https://ror.org/052csg198"},{"id":"https://openalex.org/F4320308943","display_name":"Microsoft Research","ror":"https://ror.org/00d0nc645"},{"id":"https://openalex.org/F4320309545","display_name":"Synopsys","ror":"https://ror.org/013by2m91"},{"id":"https://openalex.org/F4320332180","display_name":"Defense Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"},{"id":"https://openalex.org/F4320337387","display_name":"Division of Computing and Communication Foundations","ror":"https://ror.org/01mng8331"},{"id":"https://openalex.org/F4320338279","display_name":"Air Force Office of Scientific Research","ror":"https://ror.org/011e9bt93"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":25,"referenced_works":["https://openalex.org/W1581009051","https://openalex.org/W1597482600","https://openalex.org/W1650881334","https://openalex.org/W1884606608","https://openalex.org/W1910686388","https://openalex.org/W1986465830","https://openalex.org/W2039427951","https://openalex.org/W2053343312","https://openalex.org/W2065890363","https://openalex.org/W2088503757","https://openalex.org/W2101903894","https://openalex.org/W2115200566","https://openalex.org/W2125011234","https://openalex.org/W2125743503","https://openalex.org/W2128217000","https://openalex.org/W2138644293","https://openalex.org/W2148156428","https://openalex.org/W2166509025","https://openalex.org/W2167671111","https://openalex.org/W2171929398","https://openalex.org/W2213391909","https://openalex.org/W4285719527","https://openalex.org/W6639864006","https://openalex.org/W6678985388","https://openalex.org/W6688591054"],"related_works":["https://openalex.org/W1994712384","https://openalex.org/W1516960038","https://openalex.org/W2356039636","https://openalex.org/W2741867772","https://openalex.org/W3170525725","https://openalex.org/W3200236636","https://openalex.org/W2393889683","https://openalex.org/W2153957938","https://openalex.org/W2150675148","https://openalex.org/W4245385354"],"abstract_inverted_index":{"The":[0],"proliferation":[1,11],"of":[2,12,33,38,52],"computers":[3],"in":[4,14,65],"any":[5],"domain":[6],"is":[7],"followed":[8],"by":[9],"the":[10,19,36,66],"malware":[13,41],"that":[15],"domain.":[16],"Systems,":[17],"including":[18],"latest":[20],"mobile":[21],"platforms,":[22],"are":[23,45],"laden":[24],"with":[25],"viruses,":[26],"rootkits,":[27],"spyware,":[28],"adware":[29],"and":[30,44],"other":[31],"classes":[32],"malware.":[34],"Despite":[35],"existence":[37],"anti-virus":[39,56],"software,":[40],"threats":[42],"persist":[43],"growing":[46],"as":[47],"there":[48],"exist":[49],"a":[50],"myriad":[51],"ways":[53],"to":[54,69],"subvert":[55],"(AV)":[57],"software.":[58],"In":[59],"fact,":[60],"attackers":[61],"today":[62],"exploit":[63],"bugs":[64],"AV":[67],"software":[68],"break":[70],"into":[71],"systems.":[72]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":9},{"year":2023,"cited_by_count":17},{"year":2022,"cited_by_count":21},{"year":2021,"cited_by_count":48},{"year":2020,"cited_by_count":52},{"year":2019,"cited_by_count":51},{"year":2018,"cited_by_count":40},{"year":2017,"cited_by_count":36},{"year":2016,"cited_by_count":21},{"year":2015,"cited_by_count":16},{"year":2014,"cited_by_count":16}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}