{"id":"https://openalex.org/W2538057479","doi":"https://doi.org/10.1145/2976749.2978304","title":"FeatureSmith","display_name":"FeatureSmith","publication_year":2016,"publication_date":"2016-10-24","ids":{"openalex":"https://openalex.org/W2538057479","doi":"https://doi.org/10.1145/2976749.2978304","mag":"2538057479"},"language":"en","primary_location":{"id":"doi:10.1145/2976749.2978304","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2976749.2978304","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5113018360","display_name":"Ziyun Zhu","orcid":null},"institutions":[{"id":"https://openalex.org/I66946132","display_name":"University of Maryland, College Park","ror":"https://ror.org/047s2c258","country_code":"US","type":"education","lineage":["https://openalex.org/I66946132"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Ziyun Zhu","raw_affiliation_strings":["University of Maryland, College Park, College Park, MD, USA"],"affiliations":[{"raw_affiliation_string":"University of Maryland, College Park, College Park, MD, USA","institution_ids":["https://openalex.org/I66946132"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5033409139","display_name":"Tudor Dumitra\u015f","orcid":"https://orcid.org/0000-0003-4350-7226"},"institutions":[{"id":"https://openalex.org/I66946132","display_name":"University of Maryland, College Park","ror":"https://ror.org/047s2c258","country_code":"US","type":"education","lineage":["https://openalex.org/I66946132"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Tudor Dumitra\u015f","raw_affiliation_strings":["University of Maryland, College Park, College Park, MD, USA"],"affiliations":[{"raw_affiliation_string":"University of Maryland, College Park, College Park, MD, USA","institution_ids":["https://openalex.org/I66946132"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5113018360"],"corresponding_institution_ids":["https://openalex.org/I66946132"],"apc_list":null,"apc_paid":null,"fwci":10.4577,"has_fulltext":false,"cited_by_count":107,"citation_normalized_percentile":{"value":0.98678957,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"767","last_page":"778"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9950000047683716,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9930999875068665,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8294403553009033},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8271574378013611},{"id":"https://openalex.org/keywords/feature-engineering","display_name":"Feature engineering","score":0.7351320385932922},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.6725896000862122},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.6094982624053955},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.6005578637123108},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.5422128438949585},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5125420093536377},{"id":"https://openalex.org/keywords/android-malware","display_name":"Android malware","score":0.47849148511886597},{"id":"https://openalex.org/keywords/intuition","display_name":"Intuition","score":0.44416847825050354},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.423685759305954},{"id":"https://openalex.org/keywords/feature-extraction","display_name":"Feature extraction","score":0.4155166745185852},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.36092162132263184},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.21764719486236572},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.16282179951667786},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.12064960598945618},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.08400115370750427}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8294403553009033},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8271574378013611},{"id":"https://openalex.org/C2778827112","wikidata":"https://www.wikidata.org/wiki/Q22245680","display_name":"Feature engineering","level":3,"score":0.7351320385932922},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.6725896000862122},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.6094982624053955},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.6005578637123108},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.5422128438949585},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5125420093536377},{"id":"https://openalex.org/C2989133298","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android malware","level":3,"score":0.47849148511886597},{"id":"https://openalex.org/C132010649","wikidata":"https://www.wikidata.org/wiki/Q189222","display_name":"Intuition","level":2,"score":0.44416847825050354},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.423685759305954},{"id":"https://openalex.org/C52622490","wikidata":"https://www.wikidata.org/wiki/Q1026626","display_name":"Feature extraction","level":2,"score":0.4155166745185852},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.36092162132263184},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.21764719486236572},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.16282179951667786},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.12064960598945618},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.08400115370750427},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2976749.2978304","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2976749.2978304","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1108159876","display_name":null,"funder_award_id":"5-244780","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":48,"referenced_works":["https://openalex.org/W79696261","https://openalex.org/W273955616","https://openalex.org/W1614298861","https://openalex.org/W1898363510","https://openalex.org/W1943233084","https://openalex.org/W1966948031","https://openalex.org/W1985514943","https://openalex.org/W1985987493","https://openalex.org/W2004228899","https://openalex.org/W2011726136","https://openalex.org/W2024030746","https://openalex.org/W2048715902","https://openalex.org/W2052681001","https://openalex.org/W2057954853","https://openalex.org/W2058180826","https://openalex.org/W2069229293","https://openalex.org/W2073302931","https://openalex.org/W2078197322","https://openalex.org/W2079639311","https://openalex.org/W2080696000","https://openalex.org/W2081580037","https://openalex.org/W2087922528","https://openalex.org/W2094061585","https://openalex.org/W2104839588","https://openalex.org/W2114275288","https://openalex.org/W2122672392","https://openalex.org/W2125011234","https://openalex.org/W2132073183","https://openalex.org/W2135255848","https://openalex.org/W2140095007","https://openalex.org/W2158575857","https://openalex.org/W2163922914","https://openalex.org/W2168103835","https://openalex.org/W2205029267","https://openalex.org/W2220697891","https://openalex.org/W2236870451","https://openalex.org/W2282821441","https://openalex.org/W2398147205","https://openalex.org/W2399891510","https://openalex.org/W2400830380","https://openalex.org/W2538865281","https://openalex.org/W2593458616","https://openalex.org/W2913215602","https://openalex.org/W2914982603","https://openalex.org/W4237947392","https://openalex.org/W4239181501","https://openalex.org/W6610017368","https://openalex.org/W6712483131"],"related_works":["https://openalex.org/W1975357770","https://openalex.org/W2782775281","https://openalex.org/W2560361988","https://openalex.org/W2507113366","https://openalex.org/W1998188341","https://openalex.org/W1573526548","https://openalex.org/W4327939473","https://openalex.org/W4382940931","https://openalex.org/W3025122950","https://openalex.org/W2311926078"],"abstract_inverted_index":{"Malware":[0],"detection":[1,46],"increasingly":[2],"relies":[3,196],"on":[4,27,34,53,160,197],"machine":[5],"learning":[6],"techniques,":[7],"which":[8,144,183],"utilize":[9],"multiple":[10],"features":[11,129,159,209,222],"to":[12,44,127,186,206,219,224],"separate":[13],"the":[14,17,28,41,48,56,66,96,105,187,214,221],"malware":[15,54,99,193,229],"from":[16,62,213],"benign":[18,166],"apps.":[19,169],"The":[20],"effectiveness":[21],"of":[22,51,65,165,189],"these":[23,125,137,158],"techniques":[24,80],"primarily":[25],"depends":[26],"manual":[29],"feature":[30,57,76,107,147],"engineering":[31,58,108],"process,":[32],"based":[33],"human":[35,106],"knowledge":[36,97],"and":[37,47,91,94,121,167,218],"intuition.":[38],"However,":[39],"given":[40],"adversaries'":[42],"efforts":[43],"evade":[45],"growing":[49],"volume":[50],"publications":[52],"behaviors,":[55],"process":[59],"likely":[60],"draws":[61],"a":[63,101,140,146,155,161,173,190],"fraction":[64],"relevant":[67],"knowledge.":[68],"We":[69,78,135,153],"propose":[70],"an":[71],"end-to-end":[72],"approach":[73],"for":[74,81,92,149],"automatic":[75],"engineering.":[77],"describe":[79,228],"mining":[82],"documents":[83],"written":[84],"in":[85,100,139],"natural":[86],"language":[87],"(e.g.":[88],"scientific":[89],"papers)":[90],"representing":[93],"querying":[95],"about":[98],"way":[102],"that":[103,116,130,195,210,227],"mirrors":[104],"process.":[109],"Specifically,":[110],"we":[111,123],"first":[112],"identify":[113],"abstract":[114,225],"behaviors":[115,126],"are":[117,211],"associated":[118],"with":[119,178],"malware,":[120],"then":[122],"map":[124],"concrete":[128],"can":[131],"be":[132],"tested":[133],"experimentally.":[134],"implement":[136],"ideas":[138],"system":[141],"called":[142],"FeatureSmith,":[143],"generates":[145],"set":[148,164,217],"detecting":[150],"Android":[151,192],"malware.":[152],"train":[154],"classifier":[156,171],"using":[157],"large":[162],"data":[163],"malicious":[168],"This":[170],"achieves":[172],"92.5%":[174],"true":[175],"positive":[176],"rate":[177],"only":[179],"1%":[180],"false":[181],"positives,":[182],"is":[184,204],"comparable":[185],"performance":[188],"state-of-the-art":[191],"detector":[194],"manually":[198,215],"engineered":[199,216],"features.":[200],"In":[201],"addition,":[202],"FeatureSmith":[203],"able":[205],"suggest":[207],"informative":[208],"absent":[212],"link":[220],"generated":[223],"concepts":[226],"behaviors.":[230]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":8},{"year":2022,"cited_by_count":10},{"year":2021,"cited_by_count":19},{"year":2020,"cited_by_count":21},{"year":2019,"cited_by_count":19},{"year":2018,"cited_by_count":15},{"year":2017,"cited_by_count":7}],"updated_date":"2026-03-25T14:56:36.534964","created_date":"2016-10-28T00:00:00"}