{"id":"https://openalex.org/W2752241832","doi":"https://doi.org/10.1145/3128572.3140442","title":"Learning the PE Header, Malware Detection with Minimal Domain Knowledge","display_name":"Learning the PE Header, Malware Detection with Minimal Domain Knowledge","publication_year":2017,"publication_date":"2017-11-03","ids":{"openalex":"https://openalex.org/W2752241832","doi":"https://doi.org/10.1145/3128572.3140442","mag":"2752241832"},"language":"en","primary_location":{"id":"doi:10.1145/3128572.3140442","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3128572.3140442","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/1709.01471","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5068036546","display_name":"Edward Raff","orcid":"https://orcid.org/0000-0002-9900-1972"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Edward Raff","raw_affiliation_strings":["Laboratory for Physical Sciences, Catonsville, MD, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Laboratory for Physical Sciences, Catonsville, MD, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059651448","display_name":"Jared Sylvester","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jared Sylvester","raw_affiliation_strings":["Laboratory for Physical Sciences, Catonsville, MD, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Laboratory for Physical Sciences, Catonsville, MD, USA","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5025012064","display_name":"Charles Nicholas","orcid":"https://orcid.org/0000-0001-9494-7139"},"institutions":[{"id":"https://openalex.org/I79272384","display_name":"University of Maryland, Baltimore County","ror":"https://ror.org/02qskvh78","country_code":"US","type":"education","lineage":["https://openalex.org/I79272384"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Charles Nicholas","raw_affiliation_strings":["University of Maryland, Baltimore County, Catonsville, MD, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Maryland, Baltimore County, Catonsville, MD, USA","institution_ids":["https://openalex.org/I79272384"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5068036546"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":7.2803,"has_fulltext":false,"cited_by_count":128,"citation_normalized_percentile":{"value":0.97835882,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"121","last_page":"132"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8171459436416626},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8151233196258545},{"id":"https://openalex.org/keywords/header","display_name":"Header","score":0.7789276242256165},{"id":"https://openalex.org/keywords/executable","display_name":"Executable","score":0.6719163656234741},{"id":"https://openalex.org/keywords/byte","display_name":"Byte","score":0.642799973487854},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.6373291015625},{"id":"https://openalex.org/keywords/domain-knowledge","display_name":"Domain knowledge","score":0.5891405344009399},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5152626037597656},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.5081090927124023},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.45230746269226074},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.4429965019226074},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.4269673228263855},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3596373200416565},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.238546222448349},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.1763671338558197},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.08712014555931091}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8171459436416626},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8151233196258545},{"id":"https://openalex.org/C48105269","wikidata":"https://www.wikidata.org/wiki/Q1141160","display_name":"Header","level":2,"score":0.7789276242256165},{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.6719163656234741},{"id":"https://openalex.org/C43364308","wikidata":"https://www.wikidata.org/wiki/Q8799","display_name":"Byte","level":2,"score":0.642799973487854},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.6373291015625},{"id":"https://openalex.org/C207685749","wikidata":"https://www.wikidata.org/wiki/Q2088941","display_name":"Domain knowledge","level":2,"score":0.5891405344009399},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5152626037597656},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.5081090927124023},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.45230746269226074},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.4429965019226074},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.4269673228263855},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3596373200416565},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.238546222448349},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.1763671338558197},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.08712014555931091},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3128572.3140442","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3128572.3140442","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:1709.01471","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1709.01471","pdf_url":"https://arxiv.org/pdf/1709.01471","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:1709.01471","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1709.01471","pdf_url":"https://arxiv.org/pdf/1709.01471","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.4300000071525574}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":84,"referenced_works":["https://openalex.org/W1412775481","https://openalex.org/W1482612322","https://openalex.org/W1497883910","https://openalex.org/W1508856789","https://openalex.org/W1522301498","https://openalex.org/W1545528966","https://openalex.org/W1549656520","https://openalex.org/W1558357780","https://openalex.org/W1571989395","https://openalex.org/W1586939924","https://openalex.org/W1614298861","https://openalex.org/W1618905105","https://openalex.org/W1665214252","https://openalex.org/W1760401052","https://openalex.org/W1810943226","https://openalex.org/W1815076433","https://openalex.org/W1836465849","https://openalex.org/W1849277567","https://openalex.org/W1987684126","https://openalex.org/W2003094813","https://openalex.org/W2004511978","https://openalex.org/W2012942264","https://openalex.org/W2042742130","https://openalex.org/W2056132907","https://openalex.org/W2064675550","https://openalex.org/W2095705004","https://openalex.org/W2098824882","https://openalex.org/W2099505562","https://openalex.org/W2101807845","https://openalex.org/W2110978214","https://openalex.org/W2114515438","https://openalex.org/W2116261113","https://openalex.org/W2120100126","https://openalex.org/W2120480077","https://openalex.org/W2121749752","https://openalex.org/W2122825543","https://openalex.org/W2127141656","https://openalex.org/W2136848157","https://openalex.org/W2138857742","https://openalex.org/W2144112223","https://openalex.org/W2149933564","https://openalex.org/W2156938859","https://openalex.org/W2163605009","https://openalex.org/W2165357553","https://openalex.org/W2169178923","https://openalex.org/W2170240176","https://openalex.org/W2194775991","https://openalex.org/W2203388234","https://openalex.org/W2212703438","https://openalex.org/W2253807446","https://openalex.org/W2282821441","https://openalex.org/W2344905779","https://openalex.org/W2439568532","https://openalex.org/W2477351702","https://openalex.org/W2516809705","https://openalex.org/W2518866423","https://openalex.org/W2525778437","https://openalex.org/W2557283755","https://openalex.org/W2559997609","https://openalex.org/W2607662938","https://openalex.org/W2608296545","https://openalex.org/W2618530766","https://openalex.org/W2911964244","https://openalex.org/W2949117887","https://openalex.org/W2949650786","https://openalex.org/W2950577311","https://openalex.org/W2962684187","https://openalex.org/W2962958286","https://openalex.org/W2963012544","https://openalex.org/W2963285578","https://openalex.org/W2963993553","https://openalex.org/W2964121744","https://openalex.org/W2990138404","https://openalex.org/W4232919069","https://openalex.org/W4234423918","https://openalex.org/W4241104394","https://openalex.org/W4249594181","https://openalex.org/W4285719527","https://openalex.org/W4293568472","https://openalex.org/W4294541781","https://openalex.org/W4299341000","https://openalex.org/W4299408792","https://openalex.org/W4299518610","https://openalex.org/W4299828299"],"related_works":["https://openalex.org/W2171597999","https://openalex.org/W2189136227","https://openalex.org/W1995118279","https://openalex.org/W4240624848","https://openalex.org/W171785150","https://openalex.org/W4233480150","https://openalex.org/W1565224167","https://openalex.org/W4238950177","https://openalex.org/W3184389706","https://openalex.org/W1517634371"],"abstract_inverted_index":{"Many":[0],"efforts":[1],"have":[2],"been":[3],"made":[4],"to":[5,21,43,55,64],"use":[6],"various":[7],"forms":[8],"of":[9,39,59,68],"domain":[10,25,60,97],"knowledge":[11,61,98],"in":[12,62],"malware":[13,22,44],"detection.":[14],"Currently":[15],"there":[16],"exist":[17],"two":[18],"common":[19],"approaches":[20],"detection":[23,45],"without":[24,87],"knowledge,":[26],"namely":[27],"byte":[28],"n-grams":[29],"and":[30,46,91],"strings.":[31],"In":[32],"this":[33,51,76],"work":[34],"we":[35,77],"explore":[36],"the":[37,69,102],"feasibility":[38],"applying":[40],"neural":[41,80],"networks":[42,81],"feature":[47,89],"learning.":[48],"We":[49],"do":[50],"by":[52],"restricting":[53],"ourselves":[54],"a":[56,66,96],"minimal":[57],"amount":[58],"order":[63],"extract":[65],"portion":[67],"Portable":[70],"Executable":[71],"(PE)":[72],"header.":[73],"By":[74],"doing":[75],"show":[78],"that":[79,100],"can":[82],"learn":[83],"from":[84],"raw":[85],"bytes":[86],"explicit":[88,106],"construction,":[90],"perform":[92],"even":[93],"better":[94],"than":[95],"approach":[99],"parses":[101],"PE":[103],"header":[104],"into":[105],"features.":[107]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":11},{"year":2024,"cited_by_count":14},{"year":2023,"cited_by_count":14},{"year":2022,"cited_by_count":24},{"year":2021,"cited_by_count":24},{"year":2020,"cited_by_count":14},{"year":2019,"cited_by_count":19},{"year":2018,"cited_by_count":5},{"year":2017,"cited_by_count":1}],"updated_date":"2026-05-05T08:41:31.759640","created_date":"2025-10-10T00:00:00"}