{"id":"https://openalex.org/W2084191355","doi":"https://doi.org/10.1145/2666652.2666665","title":"Automating Reverse Engineering with Machine Learning Techniques","display_name":"Automating Reverse Engineering with Machine Learning Techniques","publication_year":2014,"publication_date":"2014-11-07","ids":{"openalex":"https://openalex.org/W2084191355","doi":"https://doi.org/10.1145/2666652.2666665","mag":"2084191355"},"language":"en","primary_location":{"id":"doi:10.1145/2666652.2666665","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2666652.2666665","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2014 Workshop on Artificial Intelligent and Security Workshop","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5001372796","display_name":"Blake Anderson","orcid":"https://orcid.org/0000-0002-4185-5801"},"institutions":[{"id":"https://openalex.org/I1343871089","display_name":"Los Alamos National Laboratory","ror":"https://ror.org/01e41cf67","country_code":"US","type":"facility","lineage":["https://openalex.org/I1330989302","https://openalex.org/I1343871089","https://openalex.org/I198811213","https://openalex.org/I4210120050"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Blake Anderson","raw_affiliation_strings":["Los Alamos National Laboratory, Los Alamos, USA","[Los Alamos National Laboratory, Los Alamos, USA]"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Los Alamos National Laboratory, Los Alamos, USA","institution_ids":["https://openalex.org/I1343871089"]},{"raw_affiliation_string":"[Los Alamos National Laboratory, Los Alamos, USA]","institution_ids":["https://openalex.org/I1343871089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5079013017","display_name":"Curtis B. Storlie","orcid":"https://orcid.org/0000-0002-2464-6864"},"institutions":[{"id":"https://openalex.org/I1343871089","display_name":"Los Alamos National Laboratory","ror":"https://ror.org/01e41cf67","country_code":"US","type":"facility","lineage":["https://openalex.org/I1330989302","https://openalex.org/I1343871089","https://openalex.org/I198811213","https://openalex.org/I4210120050"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Curtis Storlie","raw_affiliation_strings":["Los Alamos National Laboratory, Los Alamos, USA","[Los Alamos National Laboratory, Los Alamos, USA]"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Los Alamos National Laboratory, Los Alamos, USA","institution_ids":["https://openalex.org/I1343871089"]},{"raw_affiliation_string":"[Los Alamos National Laboratory, Los Alamos, USA]","institution_ids":["https://openalex.org/I1343871089"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Micah Yates","orcid":null},"institutions":[{"id":"https://openalex.org/I1343871089","display_name":"Los Alamos National Laboratory","ror":"https://ror.org/01e41cf67","country_code":"US","type":"facility","lineage":["https://openalex.org/I1330989302","https://openalex.org/I1343871089","https://openalex.org/I198811213","https://openalex.org/I4210120050"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Micah Yates","raw_affiliation_strings":["Los Alamos National Laboratory, Los Alamos, USA","[Los Alamos National Laboratory, Los Alamos, USA]"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Los Alamos National Laboratory, Los Alamos, USA","institution_ids":["https://openalex.org/I1343871089"]},{"raw_affiliation_string":"[Los Alamos National Laboratory, Los Alamos, USA]","institution_ids":["https://openalex.org/I1343871089"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5049778346","display_name":"Aaron McPhall","orcid":null},"institutions":[{"id":"https://openalex.org/I1343871089","display_name":"Los Alamos National Laboratory","ror":"https://ror.org/01e41cf67","country_code":"US","type":"facility","lineage":["https://openalex.org/I1330989302","https://openalex.org/I1343871089","https://openalex.org/I198811213","https://openalex.org/I4210120050"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Aaron McPhall","raw_affiliation_strings":["Los Alamos National Laboratory, Los Alamos, USA","[Los Alamos National Laboratory, Los Alamos, USA]"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Los Alamos National Laboratory, Los Alamos, USA","institution_ids":["https://openalex.org/I1343871089"]},{"raw_affiliation_string":"[Los Alamos National Laboratory, Los Alamos, USA]","institution_ids":["https://openalex.org/I1343871089"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.8846,"has_fulltext":false,"cited_by_count":15,"citation_normalized_percentile":{"value":0.75592214,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"103","last_page":"112"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9890999794006348,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9567999839782715,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/subroutine","display_name":"Subroutine","score":0.9647653102874756},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8808618783950806},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8317683935165405},{"id":"https://openalex.org/keywords/reverse-engineering","display_name":"Reverse engineering","score":0.6084652543067932},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.5492116212844849},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.5090024471282959},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.4687120318412781},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4585753083229065},{"id":"https://openalex.org/keywords/function","display_name":"Function (biology)","score":0.43586868047714233},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.4180624485015869},{"id":"https://openalex.org/keywords/support-vector-machine","display_name":"Support vector machine","score":0.4163750410079956},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.3264979124069214},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.24418044090270996},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.21137675642967224}],"concepts":[{"id":"https://openalex.org/C96147967","wikidata":"https://www.wikidata.org/wiki/Q190686","display_name":"Subroutine","level":2,"score":0.9647653102874756},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8808618783950806},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8317683935165405},{"id":"https://openalex.org/C207850805","wikidata":"https://www.wikidata.org/wiki/Q269608","display_name":"Reverse engineering","level":2,"score":0.6084652543067932},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.5492116212844849},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.5090024471282959},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.4687120318412781},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4585753083229065},{"id":"https://openalex.org/C14036430","wikidata":"https://www.wikidata.org/wiki/Q3736076","display_name":"Function (biology)","level":2,"score":0.43586868047714233},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4180624485015869},{"id":"https://openalex.org/C12267149","wikidata":"https://www.wikidata.org/wiki/Q282453","display_name":"Support vector machine","level":2,"score":0.4163750410079956},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.3264979124069214},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.24418044090270996},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.21137675642967224},{"id":"https://openalex.org/C78458016","wikidata":"https://www.wikidata.org/wiki/Q840400","display_name":"Evolutionary biology","level":1,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C187736073","wikidata":"https://www.wikidata.org/wiki/Q2920921","display_name":"Management","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2666652.2666665","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2666652.2666665","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2014 Workshop on Artificial Intelligent and Security Workshop","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.550000011920929}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":28,"referenced_works":["https://openalex.org/W1573286687","https://openalex.org/W1578351389","https://openalex.org/W1580559113","https://openalex.org/W1581009051","https://openalex.org/W1941427975","https://openalex.org/W2005662348","https://openalex.org/W2012747472","https://openalex.org/W2012942264","https://openalex.org/W2024315245","https://openalex.org/W2032921253","https://openalex.org/W2034938003","https://openalex.org/W2042742130","https://openalex.org/W2056127986","https://openalex.org/W2075887074","https://openalex.org/W2105063115","https://openalex.org/W2139212933","https://openalex.org/W2150579376","https://openalex.org/W2154462399","https://openalex.org/W2154529672","https://openalex.org/W2154630456","https://openalex.org/W2169492277","https://openalex.org/W2172000360","https://openalex.org/W2997532932","https://openalex.org/W3003585926","https://openalex.org/W3105622041","https://openalex.org/W3119651796","https://openalex.org/W3193477162","https://openalex.org/W4285719527"],"related_works":["https://openalex.org/W1966145327","https://openalex.org/W2469507153","https://openalex.org/W2008790809","https://openalex.org/W2768892939","https://openalex.org/W4285507391","https://openalex.org/W3164408430","https://openalex.org/W2397240470","https://openalex.org/W2602767565","https://openalex.org/W170652726","https://openalex.org/W4210907385"],"abstract_inverted_index":{"Malware":[0],"continues":[1],"to":[2,28,86,92,112,119,148],"be":[3],"an":[4],"ongoing":[5],"threat,":[6],"with":[7],"millions":[8],"of":[9,18,35,71,96,101,109,138,152,165,173],"unique":[10],"variants":[11],"created":[12,27],"every":[13],"year.":[14],"Unlike":[15],"the":[16,58,63,69,94,98,102,105,110,114,121,142,145,163],"majority":[17],"this":[19,166],"malware,":[20],"Advanced":[21],"Persistent":[22],"Threat":[23],"(APT)":[24],"malware":[25,48,72],"is":[26,73,91,141],"target":[29],"a":[30,39,51,75,126,131,149,171],"specific":[31],"network":[32],"or":[33],"set":[34],"networks":[36],"and":[37,79,130],"has":[38],"precise":[40],"objective,":[41],"e.g.":[42],"exfiltrating":[43],"sensitive":[44,77],"data.":[45],"While":[46],"0-day":[47],"detectors":[49],"are":[50,124,168],"good":[52],"start,":[53],"they":[54],"do":[55],"not":[56],"help":[57],"reverse":[59,115],"engineers":[60],"better":[61],"understand":[62],"threats":[64],"attacking":[65],"their":[66],"networks.":[67],"Understanding":[68],"behavior":[70],"often":[74],"time":[76],"task,":[78],"can":[80],"take":[81],"anywhere":[82],"between":[83],"several":[84,87],"hours":[85],"weeks.":[88],"Our":[89],"goal":[90],"automate":[93],"task":[95],"identifying":[97],"general":[99],"function":[100,106],"subroutines":[103,175],"in":[104],"call":[107],"graph":[108],"program":[111],"aid":[113],"engineers.":[116],"Two":[117],"approaches":[118],"model":[120],"subroutine":[122,146],"labels":[123],"investigated,":[125],"multiclass":[127,132],"Gaussian":[128],"process":[129],"support":[133],"vector":[134],"machine.":[135],"The":[136],"output":[137],"these":[139],"methods":[140],"probability":[143],"that":[144],"belongs":[147],"certain":[150],"class":[151],"functionality":[153],"(e.g.,":[154],"file":[155],"I/O,":[156],"exploit,":[157],"etc.).":[158],"Promising":[159],"initial":[160],"results,":[161],"illustrating":[162],"efficacy":[164],"method,":[167],"presented":[169],"on":[170],"sample":[172],"201":[174],"taken":[176],"from":[177],"two":[178],"malicious":[179],"families.":[180]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2019,"cited_by_count":3},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":1},{"year":2016,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}