{"id":"https://openalex.org/W3033839823","doi":"https://doi.org/10.1145/3379174.3392318","title":"Malware Detection Using System Logs","display_name":"Malware Detection Using System Logs","publication_year":2020,"publication_date":"2020-06-07","ids":{"openalex":"https://openalex.org/W3033839823","doi":"https://doi.org/10.1145/3379174.3392318","mag":"3033839823"},"language":"en","primary_location":{"id":"doi:10.1145/3379174.3392318","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3379174.3392318","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2020 ACM Workshop on Intelligent Cross-Data Analysis and Retrieval","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101082496","display_name":"Nhu T. Nguyen","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Nhu T. Nguyen","raw_affiliation_strings":["AISIA Research Lab, Ho Chi Minh, Vietnam"],"affiliations":[{"raw_affiliation_string":"AISIA Research Lab, Ho Chi Minh, Vietnam","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101708835","display_name":"Thuy T. Pham","orcid":"https://orcid.org/0000-0002-7153-0135"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Thuy T. Pham","raw_affiliation_strings":["AISIA Research Lab, Ho Chi Minh, Vietnam"],"affiliations":[{"raw_affiliation_string":"AISIA Research Lab, Ho Chi Minh, Vietnam","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048526869","display_name":"Tien Dang","orcid":"https://orcid.org/0000-0001-6894-2852"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Tien X. Dang","raw_affiliation_strings":["AISIA Research Lab, Ho Chi Minh, Vietnam"],"affiliations":[{"raw_affiliation_string":"AISIA Research Lab, Ho Chi Minh, Vietnam","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5023083273","display_name":"Minh-Son Dao","orcid":"https://orcid.org/0000-0003-3044-8175"},"institutions":[{"id":"https://openalex.org/I90023481","display_name":"National Institute of Information and Communications Technology","ror":"https://ror.org/016bgq349","country_code":"JP","type":"facility","lineage":["https://openalex.org/I90023481"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Minh-Son Dao","raw_affiliation_strings":["National Institute of Information and Communications Technology, Tokyo, Japan"],"affiliations":[{"raw_affiliation_string":"National Institute of Information and Communications Technology, Tokyo, Japan","institution_ids":["https://openalex.org/I90023481"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5064606251","display_name":"Duc\u2010Tien Dang\u2010Nguyen","orcid":"https://orcid.org/0000-0002-2761-2213"},"institutions":[{"id":"https://openalex.org/I4432739","display_name":"University of Bergen","ror":"https://ror.org/03zga2b32","country_code":"NO","type":"education","lineage":["https://openalex.org/I4432739"]}],"countries":["NO"],"is_corresponding":false,"raw_author_name":"Duc-Tien Dang-Nguyen","raw_affiliation_strings":["University of Bergen, Bergen, Norway"],"affiliations":[{"raw_affiliation_string":"University of Bergen, Bergen, Norway","institution_ids":["https://openalex.org/I4432739"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5014224452","display_name":"Cathal Gurrin","orcid":"https://orcid.org/0000-0003-2903-3968"},"institutions":[{"id":"https://openalex.org/I42934936","display_name":"Dublin City University","ror":"https://ror.org/04a1a1e81","country_code":"IE","type":"education","lineage":["https://openalex.org/I42934936"]}],"countries":["IE"],"is_corresponding":false,"raw_author_name":"Cathal Gurrin","raw_affiliation_strings":["Dublin City University, Dublin, Ireland"],"affiliations":[{"raw_affiliation_string":"Dublin City University, Dublin, Ireland","institution_ids":["https://openalex.org/I42934936"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5051882105","display_name":"Binh T. Nguyen","orcid":"https://orcid.org/0000-0001-5249-9702"},"institutions":[{"id":"https://openalex.org/I123565023","display_name":"Vietnam National University Ho Chi Minh City","ror":"https://ror.org/00waaqh38","country_code":"VN","type":"education","lineage":["https://openalex.org/I123565023"]},{"id":"https://openalex.org/I23582244","display_name":"Ho Chi Minh City University of Science","ror":"https://ror.org/05jfbgm49","country_code":"VN","type":"education","lineage":["https://openalex.org/I123565023","https://openalex.org/I23582244"]}],"countries":["VN"],"is_corresponding":false,"raw_author_name":"Binh T. Nguyen","raw_affiliation_strings":["VNU HCM - University of Science, Ho Chi Minh, Vietnam"],"affiliations":[{"raw_affiliation_string":"VNU HCM - University of Science, Ho Chi Minh, Vietnam","institution_ids":["https://openalex.org/I23582244","https://openalex.org/I123565023"]}]}],"institutions":[],"countries_distinct_count":4,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5101082496"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.05499088,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"9","last_page":"14"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9702000021934509,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8498204946517944},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8440977931022644},{"id":"https://openalex.org/keywords/random-forest","display_name":"Random forest","score":0.6714082956314087},{"id":"https://openalex.org/keywords/mobile-malware","display_name":"Mobile malware","score":0.6197079420089722},{"id":"https://openalex.org/keywords/boosting","display_name":"Boosting (machine learning)","score":0.6069756150245667},{"id":"https://openalex.org/keywords/support-vector-machine","display_name":"Support vector machine","score":0.591076135635376},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5707575082778931},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5523982048034668},{"id":"https://openalex.org/keywords/gradient-boosting","display_name":"Gradient boosting","score":0.5217905044555664},{"id":"https://openalex.org/keywords/internet-of-things","display_name":"Internet of Things","score":0.4573501944541931},{"id":"https://openalex.org/keywords/extreme-learning-machine","display_name":"Extreme learning machine","score":0.44676506519317627},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4389127194881439},{"id":"https://openalex.org/keywords/construct","display_name":"Construct (python library)","score":0.43579578399658203},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.13343539834022522},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.12021109461784363},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.08622410893440247}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8498204946517944},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8440977931022644},{"id":"https://openalex.org/C169258074","wikidata":"https://www.wikidata.org/wiki/Q245748","display_name":"Random forest","level":2,"score":0.6714082956314087},{"id":"https://openalex.org/C2780967490","wikidata":"https://www.wikidata.org/wiki/Q1291200","display_name":"Mobile malware","level":3,"score":0.6197079420089722},{"id":"https://openalex.org/C46686674","wikidata":"https://www.wikidata.org/wiki/Q466303","display_name":"Boosting (machine learning)","level":2,"score":0.6069756150245667},{"id":"https://openalex.org/C12267149","wikidata":"https://www.wikidata.org/wiki/Q282453","display_name":"Support vector machine","level":2,"score":0.591076135635376},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5707575082778931},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5523982048034668},{"id":"https://openalex.org/C70153297","wikidata":"https://www.wikidata.org/wiki/Q5591907","display_name":"Gradient boosting","level":3,"score":0.5217905044555664},{"id":"https://openalex.org/C81860439","wikidata":"https://www.wikidata.org/wiki/Q251212","display_name":"Internet of Things","level":2,"score":0.4573501944541931},{"id":"https://openalex.org/C2780150128","wikidata":"https://www.wikidata.org/wiki/Q21948731","display_name":"Extreme learning machine","level":3,"score":0.44676506519317627},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4389127194881439},{"id":"https://openalex.org/C2780801425","wikidata":"https://www.wikidata.org/wiki/Q5164392","display_name":"Construct (python library)","level":2,"score":0.43579578399658203},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.13343539834022522},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.12021109461784363},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.08622410893440247},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3379174.3392318","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3379174.3392318","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2020 ACM Workshop on Intelligent Cross-Data Analysis and Retrieval","raw_type":"proceedings-article"},{"id":"pmh:oai:doras.dcu.ie:24668","is_oa":false,"landing_page_url":"http://doras.dcu.ie/24668/","pdf_url":null,"source":{"id":"https://openalex.org/S4306401511","display_name":"Dublin City University Open Access Institutional Repository (Dublin City University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I42934936","host_organization_name":"Dublin City University","host_organization_lineage":["https://openalex.org/I42934936"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":"  Nguyen, Nhu T., Pham, Thuy T., Dang, Tien X., Dao, Minh-Son, Dang-Nguyen, Duc-Tien ORCID: 0000-0002-2761-2213 &lt;https://orcid.org/0000-0002-2761-2213&gt;, Gurrin, Cathal ORCID: 0000-0003-2903-3968 &lt;https://orcid.org/0000-0003-2903-3968&gt; and Nguyen, Binh T.  (2020) Malware detection using system logs.  In: 2020 Intelligent Cross-Data Analysis and Retrieval Workshop (ICDAR'20), 26 Oct 2020, Dublin, Ireland.  ISBN 978-1-4503-7087-5     ","raw_type":"Conference or Workshop Item"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.49000000953674316,"id":"https://metadata.un.org/sdg/15","display_name":"Life in Land"}],"awards":[{"id":"https://openalex.org/G3993907298","display_name":null,"funder_award_id":"13/RC/2106","funder_id":"https://openalex.org/F4320320847","funder_display_name":"Science Foundation Ireland"},{"id":"https://openalex.org/G4053123157","display_name":null,"funder_award_id":"SFI/13/RC/2106","funder_id":"https://openalex.org/F4320320847","funder_display_name":"Science Foundation Ireland"}],"funders":[{"id":"https://openalex.org/F4320320847","display_name":"Science Foundation Ireland","ror":"https://ror.org/0271asj38"},{"id":"https://openalex.org/F4320324891","display_name":"Iran Telecommunication Research Center","ror":"https://ror.org/01a3g2z22"},{"id":"https://openalex.org/F4320335839","display_name":"National Institute of Information and Communications Technology","ror":"https://ror.org/016bgq349"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":19,"referenced_works":["https://openalex.org/W115536321","https://openalex.org/W200681053","https://openalex.org/W1574901103","https://openalex.org/W1678356000","https://openalex.org/W1964241047","https://openalex.org/W1980867644","https://openalex.org/W2045812729","https://openalex.org/W2149706766","https://openalex.org/W2295598076","https://openalex.org/W2599823825","https://openalex.org/W2808282688","https://openalex.org/W2911964244","https://openalex.org/W2963471098","https://openalex.org/W3102476541","https://openalex.org/W3121299688","https://openalex.org/W3125937743","https://openalex.org/W4230674625","https://openalex.org/W4285719527","https://openalex.org/W6608206699"],"related_works":["https://openalex.org/W2967733078","https://openalex.org/W2538622067","https://openalex.org/W3204430031","https://openalex.org/W3137904399","https://openalex.org/W4310492845","https://openalex.org/W2885778889","https://openalex.org/W2766514146","https://openalex.org/W2885516856","https://openalex.org/W4289703016","https://openalex.org/W4310224730"],"abstract_inverted_index":{"Malware":[0],"detection":[1],"is":[2],"one":[3],"of":[4,21,29,38,70,72,90,132,137,149,175],"the":[5,15,19,27,33,36,59,88,97,102,130,156,169,173,176],"most":[6],"critical":[7],"features":[8],"in":[9,107,135,168],"many":[10],"real":[11],"applications,":[12],"especially":[13],"for":[14],"mobile":[16,30],"platform":[17],"and":[18,32,96,124,128,140],"Internet":[20],"Things":[22],"(IoT)":[23],"technology.":[24],"Due":[25],"to":[26,48,164],"proliferation":[28],"devices":[31],"associated":[34],"app-stores,":[35],"volume":[37],"new":[39],"applications":[40],"growing":[41],"extremely":[42],"fast":[43],"requires":[44],"a":[45,81,147],"better":[46],"way":[47],"analyze":[49],"all":[50],"possible":[51],"malicious":[52],"behaviors.":[53],"In":[54],"this":[55],"paper,":[56],"we":[57,112],"investigate":[58],"malware":[60],"prediction":[61],"problem":[62],"using":[63,87,155],"system":[64,73,105],"log":[65,109],"files":[66],"that":[67,146],"contain":[68],"numbers":[69],"sequences":[71],"calls":[74,106],"recorded":[75],"from":[76,101],"IoT":[77],"devices.":[78],"We":[79],"construct":[80],"suitable":[82],"multi-class":[83],"classification":[84],"model":[85],"by":[86,172],"combination":[89,148],"hand-crafted":[91],"features,":[92,151],"(including":[93],"Bag-of-Ngrams,":[94],"TF-IDF,":[95],"statistical":[98],"metrics":[99],"computed":[100],"consecutive":[103],"repeated":[104],"each":[108,133],"file).":[110],"Also,":[111],"consider":[113],"different":[114,150],"machine":[115],"learning":[116],"models,":[117],"including":[118],"Random":[119],"Forest,":[120],"Support":[121],"Vector":[122],"Machines,":[123],"Extreme":[125,157],"Gradient":[126,158],"Boosting,":[127],"measure":[129],"performance":[131,167],"method":[134],"terms":[136],"precision,":[138],"recall,":[139],"F1-score.":[141],"The":[142],"experimental":[143],"results":[144],"show":[145],"as":[152,154],"well":[153],"Boosting":[159],"technique,":[160],"can":[161],"help":[162],"us":[163],"achieve":[165],"promising":[166],"dataset":[170],"provided":[171],"organizers":[174],"competition":[177],"CMDC":[178],"2019.":[179]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":4}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}