{"id":"https://openalex.org/W2805859698","doi":"https://doi.org/10.1145/3196494.3201588","title":"POSTER","display_name":"POSTER","publication_year":2018,"publication_date":"2018-05-29","ids":{"openalex":"https://openalex.org/W2805859698","doi":"https://doi.org/10.1145/3196494.3201588","mag":"2805859698"},"language":"en","primary_location":{"id":"doi:10.1145/3196494.3201588","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3196494.3201588","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2018 on Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://zenodo.org/record/3502400","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101546784","display_name":"Fabio Martinelli","orcid":"https://orcid.org/0000-0002-6721-9395"},"institutions":[{"id":"https://openalex.org/I4210130157","display_name":"Institute of Informatics and Telematics","ror":"https://ror.org/02gdcn153","country_code":"IT","type":"facility","lineage":["https://openalex.org/I4210130157","https://openalex.org/I4210155236"]}],"countries":["IT"],"is_corresponding":true,"raw_author_name":"Fabio Martinelli","raw_affiliation_strings":["IIT-CNR, Pisa, Italy"],"affiliations":[{"raw_affiliation_string":"IIT-CNR, Pisa, Italy","institution_ids":["https://openalex.org/I4210130157"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5023695406","display_name":"Francesco Mercaldo","orcid":"https://orcid.org/0000-0002-9425-1657"},"institutions":[{"id":"https://openalex.org/I4210130157","display_name":"Institute of Informatics and Telematics","ror":"https://ror.org/02gdcn153","country_code":"IT","type":"facility","lineage":["https://openalex.org/I4210130157","https://openalex.org/I4210155236"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Francesco Mercaldo","raw_affiliation_strings":["IIT-CNR, Pisa, Italy"],"affiliations":[{"raw_affiliation_string":"IIT-CNR, Pisa, Italy","institution_ids":["https://openalex.org/I4210130157"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5043827499","display_name":"Andrea Saracino","orcid":"https://orcid.org/0000-0001-8149-9322"},"institutions":[{"id":"https://openalex.org/I4210130157","display_name":"Institute of Informatics and Telematics","ror":"https://ror.org/02gdcn153","country_code":"IT","type":"facility","lineage":["https://openalex.org/I4210130157","https://openalex.org/I4210155236"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Andrea Ssaracino","raw_affiliation_strings":["IIT-CNR, Pisa, Italy"],"affiliations":[{"raw_affiliation_string":"IIT-CNR, Pisa, Italy","institution_ids":["https://openalex.org/I4210130157"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5101546784"],"corresponding_institution_ids":["https://openalex.org/I4210130157"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.05111715,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"825","last_page":"827"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9909999966621399,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9729999899864197,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.9290571212768555},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8187819123268127},{"id":"https://openalex.org/keywords/payload","display_name":"Payload (computing)","score":0.7531955242156982},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.7175545692443848},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.6147927045822144},{"id":"https://openalex.org/keywords/cryptovirology","display_name":"Cryptovirology","score":0.541685163974762},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.4996364116668701},{"id":"https://openalex.org/keywords/tree","display_name":"Tree (set theory)","score":0.4186785817146301},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4012991487979889},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.3655201494693756},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.2855221629142761},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.133512943983078}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.9290571212768555},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8187819123268127},{"id":"https://openalex.org/C134066672","wikidata":"https://www.wikidata.org/wiki/Q1424639","display_name":"Payload (computing)","level":3,"score":0.7531955242156982},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.7175545692443848},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.6147927045822144},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.541685163974762},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.4996364116668701},{"id":"https://openalex.org/C113174947","wikidata":"https://www.wikidata.org/wiki/Q2859736","display_name":"Tree (set theory)","level":2,"score":0.4186785817146301},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4012991487979889},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.3655201494693756},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.2855221629142761},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.133512943983078},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3196494.3201588","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3196494.3201588","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2018 on Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:zenodo.org:3502400","is_oa":true,"landing_page_url":"https://zenodo.org/record/3502400","pdf_url":null,"source":{"id":"https://openalex.org/S4306400562","display_name":"Zenodo (CERN European Organization for Nuclear Research)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I67311998","host_organization_name":"European Organization for Nuclear Research","host_organization_lineage":["https://openalex.org/I67311998"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"info:eu-repo/semantics/conferencePaper"}],"best_oa_location":{"id":"pmh:oai:zenodo.org:3502400","is_oa":true,"landing_page_url":"https://zenodo.org/record/3502400","pdf_url":null,"source":{"id":"https://openalex.org/S4306400562","display_name":"Zenodo (CERN European Organization for Nuclear Research)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I67311998","host_organization_name":"European Organization for Nuclear Research","host_organization_lineage":["https://openalex.org/I67311998"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"info:eu-repo/semantics/conferencePaper"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G3831331168","display_name":null,"funder_award_id":"675320","funder_id":"https://openalex.org/F4320338350","funder_display_name":"H2020 Security"}],"funders":[{"id":"https://openalex.org/F4320332999","display_name":"Horizon 2020 Framework Programme","ror":"https://ror.org/00k4n6c32"},{"id":"https://openalex.org/F4320338350","display_name":"H2020 Security","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":8,"referenced_works":["https://openalex.org/W1494423854","https://openalex.org/W1947535385","https://openalex.org/W2125011234","https://openalex.org/W2600659481","https://openalex.org/W2608570228","https://openalex.org/W2724122170","https://openalex.org/W2787931603","https://openalex.org/W3047067980"],"related_works":["https://openalex.org/W4296272594","https://openalex.org/W2469507153","https://openalex.org/W4360993664","https://openalex.org/W2008790809","https://openalex.org/W2465235098","https://openalex.org/W2470029541","https://openalex.org/W2470502009","https://openalex.org/W2167003418","https://openalex.org/W2900526031","https://openalex.org/W3022706011"],"abstract_inverted_index":{"To":[0],"maximize":[1],"the":[2,9,20,50,55,76,109],"probability":[3],"of":[4,11,19,27,65,78,90,112,131],"successful":[5],"attacks":[6],"and":[7,107,129],"reduce":[8],"odds":[10],"being":[12,82],"detected,":[13],"malware":[14,29,70],"developers":[15],"implement":[16],"different":[17],"versions":[18],"same":[21],"malicious":[22,34,56,80,114,132],"payloads.":[23],"As":[24],"a":[25,79,87,102],"matter":[26],"fact,":[28],"writers":[30],"often":[31],"generate":[32],"new":[33],"code":[35,51,91],"starting":[36],"from":[37],"existing":[38],"ones,":[39],"adding":[40],"small":[41],"programmed":[42],"variations,":[43],"or":[44],"applying":[45],"obfuscation":[46],"mechanisms,":[47],"that":[48],"change":[49],"structure,":[52],"without":[53],"altering":[54],"functionalities.":[57],"For":[58],"these":[59],"reasons":[60],"phylogenetic":[61,110],"analysis":[62],"is":[63],"becoming":[64],"interest":[66],"as":[67],"instrument":[68],"for":[69],"analysts":[71],"in":[72],"order":[73],"to":[74,85,92,105,126],"understand":[75],"derivation":[77],"payload,":[81],"thus":[83],"able":[84],"reconduct":[86],"derived":[88],"piece":[89],"its":[93],"original,":[94],"known":[95],"originator.":[96],"In":[97],"this":[98],"poster":[99],"we":[100],"describe":[101],"framework":[103,117],"designed":[104],"infer":[106],"shape":[108],"tree":[111],"mobile":[113],"applications.":[115],"The":[116],"considers":[118],"multi-level":[119],"features":[120],"with":[121],"rule-based":[122],"machine":[123],"learning":[124],"algorithm":[125],"retrieve":[127],"antecedents":[128],"descendants":[130],"samples.":[133]},"counts_by_year":[{"year":2023,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2018-06-13T00:00:00"}