{"id":"https://openalex.org/W2972552958","doi":"https://doi.org/10.1145/3329786","title":"Dynamic Malware Analysis in the Modern Era\u2014A State of the Art Survey","display_name":"Dynamic Malware Analysis in the Modern Era\u2014A State of the Art Survey","publication_year":2019,"publication_date":"2019-09-13","ids":{"openalex":"https://openalex.org/W2972552958","doi":"https://doi.org/10.1145/3329786","mag":"2972552958"},"language":"en","primary_location":{"id":"doi:10.1145/3329786","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3329786","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3329786","source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"},"type":"review","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"bronze","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3329786","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5050642147","display_name":"Ori Or-Meir","orcid":null},"institutions":[{"id":"https://openalex.org/I124227911","display_name":"Ben-Gurion University of the Negev","ror":"https://ror.org/05tkyf982","country_code":"IL","type":"education","lineage":["https://openalex.org/I124227911"]}],"countries":["IL"],"is_corresponding":true,"raw_author_name":"Ori Or-Meir","raw_affiliation_strings":["Ben-Gurion University of the Negev, Beer-Sheva, Israel"],"affiliations":[{"raw_affiliation_string":"Ben-Gurion University of the Negev, Beer-Sheva, Israel","institution_ids":["https://openalex.org/I124227911"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5006355294","display_name":"Nir Nissim","orcid":"https://orcid.org/0000-0003-0652-8861"},"institutions":[{"id":"https://openalex.org/I124227911","display_name":"Ben-Gurion University of the Negev","ror":"https://ror.org/05tkyf982","country_code":"IL","type":"education","lineage":["https://openalex.org/I124227911"]}],"countries":["IL"],"is_corresponding":false,"raw_author_name":"Nir Nissim","raw_affiliation_strings":["Ben-Gurion University of the Negev, Beer-Sheva, Israel"],"affiliations":[{"raw_affiliation_string":"Ben-Gurion University of the Negev, Beer-Sheva, Israel","institution_ids":["https://openalex.org/I124227911"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5072913672","display_name":"Yuval Elovici","orcid":"https://orcid.org/0000-0002-9641-128X"},"institutions":[{"id":"https://openalex.org/I124227911","display_name":"Ben-Gurion University of the Negev","ror":"https://ror.org/05tkyf982","country_code":"IL","type":"education","lineage":["https://openalex.org/I124227911"]}],"countries":["IL"],"is_corresponding":false,"raw_author_name":"Yuval Elovici","raw_affiliation_strings":["Ben-Gurion University of the Negev, Beer-Sheva, Israel"],"affiliations":[{"raw_affiliation_string":"Ben-Gurion University of the Negev, Beer-Sheva, Israel","institution_ids":["https://openalex.org/I124227911"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5012622155","display_name":"Lior Rokach","orcid":"https://orcid.org/0000-0002-6956-3341"},"institutions":[{"id":"https://openalex.org/I124227911","display_name":"Ben-Gurion University of the Negev","ror":"https://ror.org/05tkyf982","country_code":"IL","type":"education","lineage":["https://openalex.org/I124227911"]}],"countries":["IL"],"is_corresponding":false,"raw_author_name":"Lior Rokach","raw_affiliation_strings":["Ben-Gurion University of the Negev, Beer-Sheva, Israel"],"affiliations":[{"raw_affiliation_string":"Ben-Gurion University of the Negev, Beer-Sheva, Israel","institution_ids":["https://openalex.org/I124227911"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5050642147"],"corresponding_institution_ids":["https://openalex.org/I124227911"],"apc_list":null,"apc_paid":null,"fwci":22.3762,"has_fulltext":true,"cited_by_count":361,"citation_normalized_percentile":{"value":0.99744401,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":100},"biblio":{"volume":"52","issue":"5","first_page":"1","last_page":"48"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9954000115394592,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.9060304164886475},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8501006364822388},{"id":"https://openalex.org/keywords/cryptovirology","display_name":"Cryptovirology","score":0.7386020421981812},{"id":"https://openalex.org/keywords/ransomware","display_name":"Ransomware","score":0.7197677493095398},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6898761987686157},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.6699812412261963},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.6124778389930725},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.50722336769104},{"id":"https://openalex.org/keywords/static-program-analysis","display_name":"Static program analysis","score":0.5044103860855103},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.4574649930000305},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.38814300298690796},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.1853521466255188},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.17963412404060364}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.9060304164886475},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8501006364822388},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.7386020421981812},{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.7197677493095398},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6898761987686157},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.6699812412261963},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.6124778389930725},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.50722336769104},{"id":"https://openalex.org/C137287247","wikidata":"https://www.wikidata.org/wiki/Q1329550","display_name":"Static program analysis","level":4,"score":0.5044103860855103},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.4574649930000305},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.38814300298690796},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.1853521466255188},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.17963412404060364},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3329786","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3329786","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3329786","source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3329786","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3329786","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3329786","source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure","score":0.5199999809265137}],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2972552958.pdf","grobid_xml":"https://content.openalex.org/works/W2972552958.grobid-xml"},"referenced_works_count":96,"referenced_works":["https://openalex.org/W7103708","https://openalex.org/W169303955","https://openalex.org/W200681053","https://openalex.org/W1492352846","https://openalex.org/W1492832459","https://openalex.org/W1515180657","https://openalex.org/W1522250664","https://openalex.org/W1545528966","https://openalex.org/W1549154409","https://openalex.org/W1583301963","https://openalex.org/W1827822366","https://openalex.org/W1851403712","https://openalex.org/W1858426298","https://openalex.org/W1970914644","https://openalex.org/W1977103239","https://openalex.org/W1981221397","https://openalex.org/W1990981691","https://openalex.org/W2008071701","https://openalex.org/W2014589236","https://openalex.org/W2024170198","https://openalex.org/W2025560520","https://openalex.org/W2033244161","https://openalex.org/W2052412856","https://openalex.org/W2057787526","https://openalex.org/W2066220442","https://openalex.org/W2068661019","https://openalex.org/W2071028761","https://openalex.org/W2071289869","https://openalex.org/W2078197322","https://openalex.org/W2085807744","https://openalex.org/W2087300543","https://openalex.org/W2089560940","https://openalex.org/W2089745089","https://openalex.org/W2091085572","https://openalex.org/W2096269529","https://openalex.org/W2102031794","https://openalex.org/W2111038628","https://openalex.org/W2113032636","https://openalex.org/W2115392339","https://openalex.org/W2117030266","https://openalex.org/W2117882778","https://openalex.org/W2119251836","https://openalex.org/W2119521622","https://openalex.org/W2120297918","https://openalex.org/W2121398530","https://openalex.org/W2124631616","https://openalex.org/W2126734536","https://openalex.org/W2128487888","https://openalex.org/W2131726714","https://openalex.org/W2138788987","https://openalex.org/W2140807364","https://openalex.org/W2145688371","https://openalex.org/W2147323820","https://openalex.org/W2150795982","https://openalex.org/W2151135920","https://openalex.org/W2155943969","https://openalex.org/W2157185728","https://openalex.org/W2159702664","https://openalex.org/W2163292449","https://openalex.org/W2164956449","https://openalex.org/W2165100126","https://openalex.org/W2166766372","https://openalex.org/W2179519055","https://openalex.org/W2283648232","https://openalex.org/W2284378730","https://openalex.org/W2294049595","https://openalex.org/W2333278739","https://openalex.org/W2397240470","https://openalex.org/W2412686421","https://openalex.org/W2460736843","https://openalex.org/W2464245941","https://openalex.org/W2504756161","https://openalex.org/W2505418096","https://openalex.org/W2576376563","https://openalex.org/W2598566119","https://openalex.org/W2620946705","https://openalex.org/W2625110865","https://openalex.org/W2732916693","https://openalex.org/W2742682864","https://openalex.org/W2770502925","https://openalex.org/W2789471414","https://openalex.org/W2792599578","https://openalex.org/W2800557391","https://openalex.org/W2807415350","https://openalex.org/W2932551155","https://openalex.org/W2950774332","https://openalex.org/W2962679028","https://openalex.org/W3007346474","https://openalex.org/W3143835353","https://openalex.org/W4230575913","https://openalex.org/W4238996902","https://openalex.org/W4239813889","https://openalex.org/W4244704438","https://openalex.org/W4254762831","https://openalex.org/W6608206699","https://openalex.org/W7073826365"],"related_works":["https://openalex.org/W2900526031","https://openalex.org/W109909280","https://openalex.org/W4386387815","https://openalex.org/W3211746486","https://openalex.org/W4240330722","https://openalex.org/W4210907385","https://openalex.org/W4293077671","https://openalex.org/W2246375780","https://openalex.org/W3037087970","https://openalex.org/W2007647094"],"abstract_inverted_index":{"Although":[0,201],"malicious":[1,38,71,142],"software":[2],"(malware)":[3],"has":[4,19,31,107,251],"been":[5,109],"around":[6],"since":[7],"the":[8,13,22,26,35,66,132,139,147,190,248,330],"early":[9,77],"days":[10],"of":[11,17,29,37,229,257,283,294,306,326,332],"computers,":[12],"sophistication":[14],"and":[15,54,58,65,103,124,135,161,184,193,214,218,279,291,311,313,345],"innovation":[16],"malware":[18,69,105,167,230,258,317,338],"increased":[20],"over":[21],"years.":[23],"In":[24,320],"particular,":[25],"latest":[27],"crop":[28],"ransomware":[30],"drawn":[32],"attention":[33],"to":[34,44,93,96,169,181,197,287,298,335],"dangers":[36],"software,":[39],"which":[40,302],"can":[41,121,163,185,195,225],"cause":[42],"harm":[43],"private":[45],"users":[46],"as":[47,49,76,78],"well":[48],"corporations,":[50],"public":[51,67],"services":[52],"(hospitals":[53],"transportation":[55],"systems),":[56],"governments,":[57],"security":[59],"institutions.":[60],"To":[61],"protect":[62],"these":[63,182],"institutions":[64],"from":[68],"attacks,":[70],"activity":[72],"must":[73],"be":[74,164],"detected":[75],"possible,":[79],"preferably":[80],"before":[81],"it":[82,88],"conducts":[83],"its":[84,309,314],"harmful":[85],"acts.":[86],"However,":[87],"is":[89,141,179,204,220,286],"not":[90],"always":[91],"easy":[92],"know":[94],"what":[95],"look":[97],"for\u2014especially":[98],"when":[99],"dealing":[100],"with":[101,254],"new":[102,255,261,269,276],"unknown":[104],"that":[106,224,246],"never":[108],"seen.":[110],"Analyzing":[111],"a":[112,128,289,304],"suspicious":[113],"file":[114,140,192],"by":[115,166],"static":[116,171,208],"or":[117,143],"dynamic":[118,157,177,202,211,337],"analysis":[119,172,178,203,212,262,339],"methods":[120,263,296,334],"provide":[122,186,288],"relevant":[123],"valuable":[125],"information":[126],"regarding":[127,189],"file's":[129],"impact":[130],"on":[131,146],"hosting":[133],"system":[134],"help":[136],"determine":[137],"whether":[138],"not,":[144],"based":[145],"method's":[148],"predefined":[149],"rules.":[150],"While":[151],"various":[152],"techniques":[153,183,215],"(e.g.,":[154],"code":[155,158],"obfuscation,":[156],"loading,":[159],"encryption,":[160],"packing)":[162],"used":[165,297],"writers":[168],"evade":[170],"(including":[173],"signature-based":[174],"anti-virus":[175],"tools),":[176],"robust":[180,206],"greater":[187],"understanding":[188],"analyzed":[191],"consequently":[194],"lead":[196],"better":[198],"detection":[199],"capabilities.":[200],"more":[205],"than":[207],"analysis,":[209],"existing":[210,295],"tools":[213],"are":[216],"imperfect,":[217],"there":[219],"no":[221],"single":[222],"tool":[223],"cover":[226],"all":[227],"aspects":[228],"behavior.":[231],"The":[232,281],"most":[233],"recent":[234],"comprehensive":[235,290],"survey":[236,285],"performed":[237],"in":[238,243],"this":[239,284],"area":[240],"was":[241],"published":[242],"2012.":[244],"Since":[245],"time,":[247],"computing":[249,270],"environment":[250],"changed":[252],"dramatically":[253],"types":[256],"(ransomware,":[259],"cryptominers),":[260],"(volatile":[264],"memory":[265],"forensics,":[266],"side-channel":[267],"analysis),":[268],"environments":[271],"(cloud":[272],"computing,":[273],"IoT":[274],"devices),":[275],"machine-learning":[277,333],"algorithms,":[278],"more.":[280],"goal":[282],"up-to-date":[292],"overview":[293,325],"dynamically":[299],"analyze":[300],"malware,":[301],"includes":[303],"description":[305],"each":[307],"method,":[308],"strengths":[310],"weaknesses,":[312],"resilience":[315],"against":[316],"evasion":[318],"techniques.":[319],"addition,":[321],"we":[322],"include":[323],"an":[324],"prominent":[327],"studies":[328],"presenting":[329],"usage":[331],"enhance":[336],"capabilities":[340],"aimed":[341],"at":[342],"detection,":[343],"classification,":[344],"categorization.":[346]},"counts_by_year":[{"year":2026,"cited_by_count":14},{"year":2025,"cited_by_count":75},{"year":2024,"cited_by_count":75},{"year":2023,"cited_by_count":63},{"year":2022,"cited_by_count":62},{"year":2021,"cited_by_count":51},{"year":2020,"cited_by_count":20},{"year":2019,"cited_by_count":1}],"updated_date":"2026-04-19T08:26:33.389920","created_date":"2025-10-10T00:00:00"}