{"id":"https://openalex.org/W2901874618","doi":"https://doi.org/10.1145/3243734.3278527","title":"Towards Architecture and OS-Independent Malware Detection via Memory Forensics","display_name":"Towards Architecture and OS-Independent Malware Detection via Memory Forensics","publication_year":2018,"publication_date":"2018-10-15","ids":{"openalex":"https://openalex.org/W2901874618","doi":"https://doi.org/10.1145/3243734.3278527","mag":"2901874618"},"language":"en","primary_location":{"id":"doi:10.1145/3243734.3278527","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3243734.3278527","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3243734.3278527","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3243734.3278527","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5040286546","display_name":"Rachel Petrik","orcid":null},"institutions":[{"id":"https://openalex.org/I143302722","display_name":"University of Kentucky","ror":"https://ror.org/02k3smh20","country_code":"US","type":"education","lineage":["https://openalex.org/I143302722"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Rachel Petrik","raw_affiliation_strings":["University of Kentucky, Lexington, KY, USA"],"affiliations":[{"raw_affiliation_string":"University of Kentucky, Lexington, KY, USA","institution_ids":["https://openalex.org/I143302722"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001470126","display_name":"Berat Arik","orcid":null},"institutions":[{"id":"https://openalex.org/I2802706902","display_name":"Knoxville College","ror":"https://ror.org/02bxrp522","country_code":"US","type":"education","lineage":["https://openalex.org/I2802706902"]},{"id":"https://openalex.org/I75027704","display_name":"University of Tennessee at Knoxville","ror":"https://ror.org/020f3ap87","country_code":"US","type":"education","lineage":["https://openalex.org/I75027704"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Berat Arik","raw_affiliation_strings":["University of Tennessee, Knoxville, Knoxville, TN, USA"],"affiliations":[{"raw_affiliation_string":"University of Tennessee, Knoxville, Knoxville, TN, USA","institution_ids":["https://openalex.org/I2802706902","https://openalex.org/I75027704"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5012619069","display_name":"Jared M. Smith","orcid":"https://orcid.org/0000-0002-3240-2405"},"institutions":[{"id":"https://openalex.org/I1289243028","display_name":"Oak Ridge National Laboratory","ror":"https://ror.org/01qz5mb56","country_code":"US","type":"facility","lineage":["https://openalex.org/I1289243028","https://openalex.org/I1330989302","https://openalex.org/I39565521","https://openalex.org/I4210159294"]},{"id":"https://openalex.org/I75027704","display_name":"University of Tennessee at Knoxville","ror":"https://ror.org/020f3ap87","country_code":"US","type":"education","lineage":["https://openalex.org/I75027704"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jared M. Smith","raw_affiliation_strings":["Oak Ridge National Laboratory &amp; University of Tennessee, Knoxville, Oak Ridge, TN, USA"],"affiliations":[{"raw_affiliation_string":"Oak Ridge National Laboratory &amp; University of Tennessee, Knoxville, Oak Ridge, TN, USA","institution_ids":["https://openalex.org/I1289243028","https://openalex.org/I75027704"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5040286546"],"corresponding_institution_ids":["https://openalex.org/I143302722"],"apc_list":null,"apc_paid":null,"fwci":0.6633,"has_fulltext":true,"cited_by_count":14,"citation_normalized_percentile":{"value":0.70568344,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"2267","last_page":"2269"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9959999918937683,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8726722002029419},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.841334342956543},{"id":"https://openalex.org/keywords/host","display_name":"Host (biology)","score":0.7112319469451904},{"id":"https://openalex.org/keywords/architecture","display_name":"Architecture","score":0.5713667869567871},{"id":"https://openalex.org/keywords/memory-management","display_name":"Memory management","score":0.48727166652679443},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.48068127036094666},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.45831650495529175},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.45527878403663635},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.4404958188533783},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.38118335604667664},{"id":"https://openalex.org/keywords/semiconductor-memory","display_name":"Semiconductor memory","score":0.1428312063217163}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8726722002029419},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.841334342956543},{"id":"https://openalex.org/C126831891","wikidata":"https://www.wikidata.org/wiki/Q221673","display_name":"Host (biology)","level":2,"score":0.7112319469451904},{"id":"https://openalex.org/C123657996","wikidata":"https://www.wikidata.org/wiki/Q12271","display_name":"Architecture","level":2,"score":0.5713667869567871},{"id":"https://openalex.org/C176649486","wikidata":"https://www.wikidata.org/wiki/Q2308807","display_name":"Memory management","level":3,"score":0.48727166652679443},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.48068127036094666},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.45831650495529175},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.45527878403663635},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.4404958188533783},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.38118335604667664},{"id":"https://openalex.org/C98986596","wikidata":"https://www.wikidata.org/wiki/Q1143031","display_name":"Semiconductor memory","level":2,"score":0.1428312063217163},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0},{"id":"https://openalex.org/C153349607","wikidata":"https://www.wikidata.org/wiki/Q36649","display_name":"Visual arts","level":1,"score":0.0},{"id":"https://openalex.org/C142362112","wikidata":"https://www.wikidata.org/wiki/Q735","display_name":"Art","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3243734.3278527","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3243734.3278527","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3243734.3278527","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:osti.gov:1486945","is_oa":true,"landing_page_url":"https://www.osti.gov/biblio/1486945","pdf_url":"https://www.osti.gov/servlets/purl/1486945","source":{"id":"https://openalex.org/S4306402487","display_name":"OSTI OAI (U.S. Department of Energy Office of Scientific and Technical Information)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I139351228","host_organization_name":"Office of Scientific and Technical Information","host_organization_lineage":["https://openalex.org/I139351228"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":null}],"best_oa_location":{"id":"doi:10.1145/3243734.3278527","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3243734.3278527","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3243734.3278527","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[{"score":0.5899999737739563,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G1645119126","display_name":null,"funder_award_id":"AC05-00OR22725","funder_id":"https://openalex.org/F4320306084","funder_display_name":"U.S. Department of Energy"},{"id":"https://openalex.org/G1793461121","display_name":null,"funder_award_id":"DOE-AC05-00OR22725","funder_id":"https://openalex.org/F4320337674","funder_display_name":"Wind Energy Technologies Office"},{"id":"https://openalex.org/G2042897603","display_name":null,"funder_award_id":"DE-AC05-00OR2272","funder_id":"https://openalex.org/F4320316892","funder_display_name":"UT-Battelle"},{"id":"https://openalex.org/G2296932962","display_name":null,"funder_award_id":"DE-AC05-00OR227","funder_id":"https://openalex.org/F4320306084","funder_display_name":"U.S. Department of Energy"},{"id":"https://openalex.org/G3299391273","display_name":null,"funder_award_id":"E-AC05-00OR22725","funder_id":"https://openalex.org/F4320306084","funder_display_name":"U.S. Department of Energy"},{"id":"https://openalex.org/G4423657506","display_name":null,"funder_award_id":"AC05-00OR22725","funder_id":"https://openalex.org/F4320338287","funder_display_name":"Oak Ridge National Laboratory"},{"id":"https://openalex.org/G5726405315","display_name":null,"funder_award_id":"DE-AC05","funder_id":"https://openalex.org/F4320306250","funder_display_name":"Battelle"},{"id":"https://openalex.org/G6129992089","display_name":null,"funder_award_id":"DE-AC05-","funder_id":"https://openalex.org/F4320316892","funder_display_name":"UT-Battelle"},{"id":"https://openalex.org/G6864165199","display_name":null,"funder_award_id":"DE-AC05-00OR22725","funder_id":"https://openalex.org/F4320306250","funder_display_name":"Battelle"},{"id":"https://openalex.org/G691578896","display_name":null,"funder_award_id":"DE-AC05-00OR2272","funder_id":"https://openalex.org/F4320306084","funder_display_name":"U.S. Department of Energy"},{"id":"https://openalex.org/G7114708214","display_name":null,"funder_award_id":"DE-AC05-00OR2272","funder_id":"https://openalex.org/F4320338287","funder_display_name":"Oak Ridge National Laboratory"},{"id":"https://openalex.org/G7995982022","display_name":null,"funder_award_id":"DE-AC05","funder_id":"https://openalex.org/F4320306084","funder_display_name":"U.S. Department of Energy"},{"id":"https://openalex.org/G8414908677","display_name":null,"funder_award_id":"DE-AC0","funder_id":"https://openalex.org/F4320306084","funder_display_name":"U.S. Department of Energy"},{"id":"https://openalex.org/G8799952057","display_name":null,"funder_award_id":"DE-AC05-00OR22","funder_id":"https://openalex.org/F4320306084","funder_display_name":"U.S. Department of Energy"},{"id":"https://openalex.org/G8813984943","display_name":null,"funder_award_id":"DE-AC05-00OR22725","funder_id":"https://openalex.org/F4320316892","funder_display_name":"UT-Battelle"},{"id":"https://openalex.org/G8906985441","display_name":null,"funder_award_id":"00OR22725","funder_id":"https://openalex.org/F4320306084","funder_display_name":"U.S. Department of Energy"},{"id":"https://openalex.org/G8943143067","display_name":null,"funder_award_id":"AC05-00OR22725","funder_id":"https://openalex.org/F4320316892","funder_display_name":"UT-Battelle"}],"funders":[{"id":"https://openalex.org/F4320306084","display_name":"U.S. Department of Energy","ror":"https://ror.org/01bj3aw27"},{"id":"https://openalex.org/F4320306250","display_name":"Battelle","ror":"https://ror.org/01h5tnr73"},{"id":"https://openalex.org/F4320316892","display_name":"UT-Battelle","ror":"https://ror.org/04nza6677"},{"id":"https://openalex.org/F4320337674","display_name":"Wind Energy Technologies Office","ror":null},{"id":"https://openalex.org/F4320338287","display_name":"Oak Ridge National Laboratory","ror":"https://ror.org/01qz5mb56"}],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W2901874618.pdf"},"referenced_works_count":9,"referenced_works":["https://openalex.org/W2010065958","https://openalex.org/W2593390416","https://openalex.org/W2766804144","https://openalex.org/W2803344972","https://openalex.org/W2806294538","https://openalex.org/W2806678366","https://openalex.org/W2891621711","https://openalex.org/W2962835968","https://openalex.org/W2963401022"],"related_works":["https://openalex.org/W2097492617","https://openalex.org/W2753240997","https://openalex.org/W1764168690","https://openalex.org/W2537959205","https://openalex.org/W2740895074","https://openalex.org/W2772446090","https://openalex.org/W3152891574","https://openalex.org/W2249809453","https://openalex.org/W4284893819","https://openalex.org/W4316881845"],"abstract_inverted_index":{"In":[0],"this":[1],"work,":[2],"we":[3],"take":[4],"a":[5,14,43,48,89,113],"fundamentally":[6],"different":[7],"approach":[8,21],"to":[9,83,104],"the":[10,33,39,60,65],"problem":[11],"of":[12,42,52,69,81,86,108,111],"analyzing":[13],"device":[15],"for":[16],"compromises":[17],"via":[18],"malware;":[19],"our":[20,93],"is":[22],"OS":[23],"and":[24,28,64,100],"instruction":[25],"architecture":[26],"independent":[27],"relies":[29],"only":[30],"on":[31,88],"having":[32],"raw":[34],"binary":[35],"data":[36],"extracted":[37,58],"from":[38,59],"memory":[40,56,72,91],"dump":[41],"device.":[44],"Our":[45],"system":[46,94],"leverages":[47,95],"multi-hundred":[49],"TB":[50],"dataset":[51,62,68],"both":[53,96],"compromised":[54,114],"host":[55,71],"dumps":[57,73],"MalRec":[61],"[8]":[63],"first":[66],"known":[67],"benign":[70],"running":[74],"normal,":[75],"non-compromised":[76],"software.":[77],"After":[78],"an":[79,106],"average":[80,107],"30":[82],"45":[84],"seconds":[85],"pre-processing":[87],"single":[90],"dump,":[92],"traditional":[97],"machine":[98],"learning":[99,102],"deep":[101],"algorithms":[103],"achieve":[105],"98%":[109],"accuracy":[110],"detecting":[112],"host.":[115]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":1}],"updated_date":"2026-04-14T08:04:32.555800","created_date":"2025-10-10T00:00:00"}