{"id":"https://openalex.org/W1964459432","doi":"https://doi.org/10.1145/2671491.2671498","title":"Problem characterization and abstraction for visual analytics in behavior-based malware pattern analysis","display_name":"Problem characterization and abstraction for visual analytics in behavior-based malware pattern analysis","publication_year":2014,"publication_date":"2014-11-10","ids":{"openalex":"https://openalex.org/W1964459432","doi":"https://doi.org/10.1145/2671491.2671498","mag":"1964459432"},"language":"en","primary_location":{"id":"doi:10.1145/2671491.2671498","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2671491.2671498","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Eleventh Workshop on Visualization for Cyber Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5000928551","display_name":"Markus Wagner","orcid":"https://orcid.org/0000-0002-6619-6494"},"institutions":[{"id":"https://openalex.org/I25485817","display_name":"University of Applied Sciences St P\u00f6lten","ror":"https://ror.org/039a2re55","country_code":"AT","type":"education","lineage":["https://openalex.org/I25485817"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Markus Wagner","raw_affiliation_strings":["St. P\u00f6lten Univ. of Applied Sciences, Austria"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"St. P\u00f6lten Univ. of Applied Sciences, Austria","institution_ids":["https://openalex.org/I25485817"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5005355207","display_name":"Wolfgang Aigner","orcid":"https://orcid.org/0000-0001-5762-1869"},"institutions":[{"id":"https://openalex.org/I25485817","display_name":"University of Applied Sciences St P\u00f6lten","ror":"https://ror.org/039a2re55","country_code":"AT","type":"education","lineage":["https://openalex.org/I25485817"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Wolfgang Aigner","raw_affiliation_strings":["St. P\u00f6lten Univ. of Applied Sciences, Austria"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"St. P\u00f6lten Univ. of Applied Sciences, Austria","institution_ids":["https://openalex.org/I25485817"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5027673731","display_name":"Alexander Rind","orcid":"https://orcid.org/0000-0001-8788-4600"},"institutions":[{"id":"https://openalex.org/I25485817","display_name":"University of Applied Sciences St P\u00f6lten","ror":"https://ror.org/039a2re55","country_code":"AT","type":"education","lineage":["https://openalex.org/I25485817"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Alexander Rind","raw_affiliation_strings":["St. P\u00f6lten Univ. of Applied Sciences, Austria"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"St. P\u00f6lten Univ. of Applied Sciences, Austria","institution_ids":["https://openalex.org/I25485817"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5080737421","display_name":"Hermann Dornhackl","orcid":null},"institutions":[{"id":"https://openalex.org/I25485817","display_name":"University of Applied Sciences St P\u00f6lten","ror":"https://ror.org/039a2re55","country_code":"AT","type":"education","lineage":["https://openalex.org/I25485817"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Hermann Dornhackl","raw_affiliation_strings":["St. P\u00f6lten Univ. of Applied Sciences, Austria"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"St. P\u00f6lten Univ. of Applied Sciences, Austria","institution_ids":["https://openalex.org/I25485817"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029297708","display_name":"Konstantin Kadletz","orcid":null},"institutions":[{"id":"https://openalex.org/I25485817","display_name":"University of Applied Sciences St P\u00f6lten","ror":"https://ror.org/039a2re55","country_code":"AT","type":"education","lineage":["https://openalex.org/I25485817"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Konstantin Kadletz","raw_affiliation_strings":["St. P\u00f6lten Univ. of Applied Sciences, Austria"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"St. P\u00f6lten Univ. of Applied Sciences, Austria","institution_ids":["https://openalex.org/I25485817"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5086413609","display_name":"Robert Luh","orcid":"https://orcid.org/0000-0001-6536-6706"},"institutions":[{"id":"https://openalex.org/I25485817","display_name":"University of Applied Sciences St P\u00f6lten","ror":"https://ror.org/039a2re55","country_code":"AT","type":"education","lineage":["https://openalex.org/I25485817"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Robert Luh","raw_affiliation_strings":["St. P\u00f6lten Univ. of Applied Sciences, Austria"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"St. P\u00f6lten Univ. of Applied Sciences, Austria","institution_ids":["https://openalex.org/I25485817"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5048784616","display_name":"Paul Tavolato","orcid":null},"institutions":[{"id":"https://openalex.org/I25485817","display_name":"University of Applied Sciences St P\u00f6lten","ror":"https://ror.org/039a2re55","country_code":"AT","type":"education","lineage":["https://openalex.org/I25485817"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Paul Tavolato","raw_affiliation_strings":["St. P\u00f6lten Univ. of Applied Sciences, Austria"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"St. P\u00f6lten Univ. of Applied Sciences, Austria","institution_ids":["https://openalex.org/I25485817"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":2.4721,"has_fulltext":false,"cited_by_count":20,"citation_normalized_percentile":{"value":0.91039119,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"9","last_page":"16"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10799","display_name":"Data Visualization and Analytics","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10799","display_name":"Data Visualization and Analytics","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.972100019454956,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.968500018119812,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8412643671035767},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.83885258436203},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8207847476005554},{"id":"https://openalex.org/keywords/abstraction","display_name":"Abstraction","score":0.8139060735702515},{"id":"https://openalex.org/keywords/visual-analytics","display_name":"Visual analytics","score":0.7268938422203064},{"id":"https://openalex.org/keywords/analytics","display_name":"Analytics","score":0.64490807056427},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.570378303527832},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.4740599989891052},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.43821296095848083},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.41998475790023804},{"id":"https://openalex.org/keywords/data-analysis","display_name":"Data analysis","score":0.41275784373283386},{"id":"https://openalex.org/keywords/human\u2013computer-interaction","display_name":"Human\u2013computer interaction","score":0.37344372272491455},{"id":"https://openalex.org/keywords/visualization","display_name":"Visualization","score":0.37150976061820984},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.30869781970977783},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.21719202399253845},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.17163074016571045}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8412643671035767},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.83885258436203},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8207847476005554},{"id":"https://openalex.org/C124304363","wikidata":"https://www.wikidata.org/wiki/Q673661","display_name":"Abstraction","level":2,"score":0.8139060735702515},{"id":"https://openalex.org/C59732488","wikidata":"https://www.wikidata.org/wiki/Q2528440","display_name":"Visual analytics","level":3,"score":0.7268938422203064},{"id":"https://openalex.org/C79158427","wikidata":"https://www.wikidata.org/wiki/Q485396","display_name":"Analytics","level":2,"score":0.64490807056427},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.570378303527832},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.4740599989891052},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.43821296095848083},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.41998475790023804},{"id":"https://openalex.org/C175801342","wikidata":"https://www.wikidata.org/wiki/Q1988917","display_name":"Data analysis","level":2,"score":0.41275784373283386},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.37344372272491455},{"id":"https://openalex.org/C36464697","wikidata":"https://www.wikidata.org/wiki/Q451553","display_name":"Visualization","level":2,"score":0.37150976061820984},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.30869781970977783},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.21719202399253845},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.17163074016571045},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2671491.2671498","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2671491.2671498","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Eleventh Workshop on Visualization for Cyber Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G3284068406","display_name":"KAVA-Time","funder_award_id":"P25489","funder_id":"https://openalex.org/F4320321181","funder_display_name":"Austrian Science Fund"},{"id":"https://openalex.org/G6284720193","display_name":null,"funder_award_id":"836264","funder_id":"https://openalex.org/F4320323033","funder_display_name":"Bundesministerium f\u00fcr Verkehr, Innovation und Technologie"}],"funders":[{"id":"https://openalex.org/F4320321181","display_name":"Austrian Science Fund","ror":"https://ror.org/013tf3c58"},{"id":"https://openalex.org/F4320323033","display_name":"Bundesministerium f\u00fcr Verkehr, Innovation und Technologie","ror":"https://ror.org/04marky29"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":47,"referenced_works":["https://openalex.org/W32063464","https://openalex.org/W65833265","https://openalex.org/W160080120","https://openalex.org/W286869598","https://openalex.org/W625463995","https://openalex.org/W1503224444","https://openalex.org/W1506965148","https://openalex.org/W1545958326","https://openalex.org/W1557873589","https://openalex.org/W1576209423","https://openalex.org/W1594453896","https://openalex.org/W1968057757","https://openalex.org/W1970569592","https://openalex.org/W1973403081","https://openalex.org/W1982231152","https://openalex.org/W1987472036","https://openalex.org/W1999705655","https://openalex.org/W2008795456","https://openalex.org/W2024290096","https://openalex.org/W2037369246","https://openalex.org/W2042454716","https://openalex.org/W2058203255","https://openalex.org/W2066220442","https://openalex.org/W2073800769","https://openalex.org/W2075038621","https://openalex.org/W2105686649","https://openalex.org/W2106330775","https://openalex.org/W2111038628","https://openalex.org/W2126415191","https://openalex.org/W2126773229","https://openalex.org/W2132068130","https://openalex.org/W2138199375","https://openalex.org/W2141880430","https://openalex.org/W2142493242","https://openalex.org/W2166488058","https://openalex.org/W2167983404","https://openalex.org/W2169691657","https://openalex.org/W2343885978","https://openalex.org/W2369295637","https://openalex.org/W2532274934","https://openalex.org/W2538108907","https://openalex.org/W2545965848","https://openalex.org/W2611369375","https://openalex.org/W2990879431","https://openalex.org/W3003570873","https://openalex.org/W6629915129","https://openalex.org/W7029632937"],"related_works":["https://openalex.org/W2469507153","https://openalex.org/W2768892939","https://openalex.org/W2008790809","https://openalex.org/W4285507391","https://openalex.org/W3107556205","https://openalex.org/W2610659201","https://openalex.org/W2765174411","https://openalex.org/W2067547021","https://openalex.org/W2805262980","https://openalex.org/W4234891089"],"abstract_inverted_index":{"Behavior-based":[0],"analysis":[1],"of":[2,13,50,60,92],"emerging":[3,99],"malware":[4,24,28,82,114],"families":[5,25],"involves":[6],"finding":[7],"suspicious":[8],"patterns":[9],"in":[10,38],"large":[11],"collections":[12],"execution":[14],"traces.":[15],"This":[16],"activity":[17],"cannot":[18],"be":[19],"automated":[20],"for":[21,107],"previously":[22],"unknown":[23],"and":[26,52,58,95],"thus":[27],"analysts":[29,83],"would":[30],"benefit":[31],"greatly":[32],"from":[33,100],"integrating":[34],"visual":[35,112],"analytics":[36],"methods":[37],"their":[39],"process.":[40],"However":[41],"existing":[42],"approaches":[43],"are":[44],"limited":[45],"to":[46,84,111],"fairly":[47],"static":[48],"representations":[49],"data":[51],"there":[53],"is":[54],"no":[55],"systematic":[56,68],"characterization":[57],"abstraction":[59,88],"this":[61,101],"problem":[62,87],"domain.":[63],"Therefore":[64],"we":[65],"performed":[66],"a":[67,72,86],"literature":[69],"study,":[70],"conducted":[71],"focus":[73],"group":[74],"as":[75,77,105],"well":[76],"semi-structured":[78],"interviews":[79],"with":[80],"10":[81],"elicit":[85],"along":[89],"the":[90],"lines":[91],"data,":[93],"users,":[94],"tasks.":[96],"The":[97],"requirements":[98],"work":[102],"can":[103],"serve":[104],"basis":[106],"future":[108],"design":[109],"proposals":[110],"analytics-supported":[113],"pattern":[115],"analysis.":[116]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":1},{"year":2020,"cited_by_count":2},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":3},{"year":2017,"cited_by_count":5},{"year":2016,"cited_by_count":1},{"year":2015,"cited_by_count":4}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}