{"id":"https://openalex.org/W3083161653","doi":"https://doi.org/10.1145/3386263.3407585","title":"StealthMiner: Specialized Time Series Machine Learning for Run-Time Stealthy Malware Detection based on Microarchitectural Features","display_name":"StealthMiner: Specialized Time Series Machine Learning for Run-Time Stealthy Malware Detection based on Microarchitectural Features","publication_year":2020,"publication_date":"2020-09-04","ids":{"openalex":"https://openalex.org/W3083161653","doi":"https://doi.org/10.1145/3386263.3407585","mag":"3083161653"},"language":"en","primary_location":{"id":"doi:10.1145/3386263.3407585","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3386263.3407585","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2020 on Great Lakes Symposium on VLSI","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5080844858","display_name":"Hossein Sayadi","orcid":"https://orcid.org/0000-0001-6423-0145"},"institutions":[{"id":"https://openalex.org/I59897056","display_name":"California State University, Long Beach","ror":"https://ror.org/0080fxk18","country_code":"US","type":"education","lineage":["https://openalex.org/I59897056"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Hossein Sayadi","raw_affiliation_strings":["California State University, Long Beach, Long Beach, CA, USA"],"affiliations":[{"raw_affiliation_string":"California State University, Long Beach, Long Beach, CA, USA","institution_ids":["https://openalex.org/I59897056"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5025224867","display_name":"Yifeng Gao","orcid":"https://orcid.org/0000-0002-0629-050X"},"institutions":[{"id":"https://openalex.org/I162714631","display_name":"George Mason University","ror":"https://ror.org/02jqj7156","country_code":"US","type":"education","lineage":["https://openalex.org/I162714631"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yifeng Gao","raw_affiliation_strings":["George Mason University, Fairfax, VA, USA"],"affiliations":[{"raw_affiliation_string":"George Mason University, Fairfax, VA, USA","institution_ids":["https://openalex.org/I162714631"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5044003457","display_name":"Hosein Mohammadi Makrani","orcid":"https://orcid.org/0000-0002-5088-8728"},"institutions":[{"id":"https://openalex.org/I84218800","display_name":"University of California, Davis","ror":"https://ror.org/05rrcem69","country_code":"US","type":"education","lineage":["https://openalex.org/I84218800"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Hosein Mohammadi Makrani","raw_affiliation_strings":["University of California, Davis, Davis, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Davis, Davis, CA, USA","institution_ids":["https://openalex.org/I84218800"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084010501","display_name":"Tinoosh Mohsenin","orcid":"https://orcid.org/0000-0001-5551-2124"},"institutions":[{"id":"https://openalex.org/I126744593","display_name":"University of Maryland, Baltimore","ror":"https://ror.org/04rq5mt64","country_code":"US","type":"education","lineage":["https://openalex.org/I126744593"]},{"id":"https://openalex.org/I6059380","display_name":"University of Baltimore","ror":"https://ror.org/024gw2733","country_code":"US","type":"education","lineage":["https://openalex.org/I6059380"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Tinoosh Mohsenin","raw_affiliation_strings":["University of Maryland, Baltimore, Baltimore, MD, USA"],"affiliations":[{"raw_affiliation_string":"University of Maryland, Baltimore, Baltimore, MD, USA","institution_ids":["https://openalex.org/I6059380","https://openalex.org/I126744593"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5060036961","display_name":"Avesta Sasan","orcid":"https://orcid.org/0000-0002-4052-8075"},"institutions":[{"id":"https://openalex.org/I162714631","display_name":"George Mason University","ror":"https://ror.org/02jqj7156","country_code":"US","type":"education","lineage":["https://openalex.org/I162714631"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Avesta Sasan","raw_affiliation_strings":["George Mason University, Fairfax, VA, USA"],"affiliations":[{"raw_affiliation_string":"George Mason University, Fairfax, VA, USA","institution_ids":["https://openalex.org/I162714631"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103033046","display_name":"Setareh Rafatirad","orcid":"https://orcid.org/0000-0003-2035-8512"},"institutions":[{"id":"https://openalex.org/I162714631","display_name":"George Mason University","ror":"https://ror.org/02jqj7156","country_code":"US","type":"education","lineage":["https://openalex.org/I162714631"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Setareh Rafatirad","raw_affiliation_strings":["George Mason University, Fairfax, VA, USA"],"affiliations":[{"raw_affiliation_string":"George Mason University, Fairfax, VA, USA","institution_ids":["https://openalex.org/I162714631"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101558875","display_name":"Jessica Lin","orcid":"https://orcid.org/0000-0002-4887-0692"},"institutions":[{"id":"https://openalex.org/I162714631","display_name":"George Mason University","ror":"https://ror.org/02jqj7156","country_code":"US","type":"education","lineage":["https://openalex.org/I162714631"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jessica Lin","raw_affiliation_strings":["George Mason University, Fairfax, VA, USA"],"affiliations":[{"raw_affiliation_string":"George Mason University, Fairfax, VA, USA","institution_ids":["https://openalex.org/I162714631"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5047382437","display_name":"Houman Homayoun","orcid":"https://orcid.org/0000-0001-8904-4699"},"institutions":[{"id":"https://openalex.org/I84218800","display_name":"University of California, Davis","ror":"https://ror.org/05rrcem69","country_code":"US","type":"education","lineage":["https://openalex.org/I84218800"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Houman Homayoun","raw_affiliation_strings":["University of California, Davis, Davis, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Davis, Davis, CA, USA","institution_ids":["https://openalex.org/I84218800"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5080844858"],"corresponding_institution_ids":["https://openalex.org/I59897056"],"apc_list":null,"apc_paid":null,"fwci":2.273,"has_fulltext":false,"cited_by_count":21,"citation_normalized_percentile":{"value":0.88913759,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"175","last_page":"180"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9952999949455261,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.894802987575531},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8478944897651672},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5004642009735107},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.46535617113113403},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.45224982500076294},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.44335609674453735},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.367680162191391},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.3649590015411377}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.894802987575531},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8478944897651672},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5004642009735107},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.46535617113113403},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.45224982500076294},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.44335609674453735},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.367680162191391},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.3649590015411377},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3386263.3407585","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3386263.3407585","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2020 on Great Lakes Symposium on VLSI","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":27,"referenced_works":["https://openalex.org/W2034053858","https://openalex.org/W2111216264","https://openalex.org/W2112731379","https://openalex.org/W2145969515","https://openalex.org/W2166844173","https://openalex.org/W2203388234","https://openalex.org/W2508317201","https://openalex.org/W2551393996","https://openalex.org/W2597473461","https://openalex.org/W2625408821","https://openalex.org/W2754051771","https://openalex.org/W2768424695","https://openalex.org/W2772616816","https://openalex.org/W2783411047","https://openalex.org/W2809457377","https://openalex.org/W2893959673","https://openalex.org/W2909155758","https://openalex.org/W2932551155","https://openalex.org/W2945027786","https://openalex.org/W2950774332","https://openalex.org/W2963265635","https://openalex.org/W2979963465","https://openalex.org/W3036243698","https://openalex.org/W3045670632","https://openalex.org/W3099514962","https://openalex.org/W4230841294","https://openalex.org/W4353004773"],"related_works":["https://openalex.org/W2097492617","https://openalex.org/W2753240997","https://openalex.org/W1764168690","https://openalex.org/W3152891574","https://openalex.org/W4284893819","https://openalex.org/W4316881845","https://openalex.org/W4232632923","https://openalex.org/W2775776836","https://openalex.org/W4323520309","https://openalex.org/W4220843502"],"abstract_inverted_index":{"Hardware-Assisted":[0],"Malware":[1],"Detection":[2],"(HMD)":[3],"techniques":[4],"deploy":[5],"Machine":[6],"Learning":[7],"(ML)":[8],"classifiers":[9],"to":[10,64,110,144],"detect":[11,146,166],"patterns":[12,53],"of":[13,112,186],"malicious":[14,37,72,103],"applications":[15,38,78,108],"based":[16],"on":[17,35,175],"microarchitectural":[18,124,158],"features":[19,119],"captured":[20],"by":[21,82,190],"modern":[22],"microprocessors'":[23],"Hardware":[24],"Performance":[25],"Counters":[26],"(HPCs).":[27],"Existing":[28],"HMD":[29,88,188],"methods":[30,189],"have":[31],"limited":[32],"their":[33],"analysis":[34],"detecting":[36,50],"that":[39,163],"are":[40],"spawned":[41],"as":[42,115],"a":[43,98,137],"separate":[44],"thread":[45],"during":[46],"application":[47],"execution,":[48],"hence":[49],"embedded":[51,147,167],"malware":[52,62,84,123,148,168],"at":[54,149,169],"run-time":[55,150,170],"still":[56],"remains":[57,80],"an":[58],"important":[59],"challenge.":[60],"Embedded":[61],"refers":[63],"harmful":[65],"stealthy":[66],"cyber":[67],"attacks":[68],"in":[69,131],"which":[70],"the":[71,91,106,116,155,183],"code":[73,104],"is":[74,94],"hidden":[75],"within":[76],"benign":[77,107,121],"and":[79,122],"undetected":[81],"traditional":[83],"detection":[85,173,184],"approaches.":[86],"In":[87],"methods,":[89],"when":[90],"HPC":[92,113,118,180],"data":[93],"directly":[95],"fed":[96],"into":[97],"machine":[99,141],"learning":[100,142],"classifier,":[101],"embedding":[102],"inside":[105],"leads":[109],"contamination":[111],"information,":[114],"collected":[117],"combine":[120],"events":[125],"together.":[126],"To":[127],"address":[128],"this":[129,132],"challenge,":[130],"paper":[133],"we":[134],"propose":[135],"StealthMiner,":[136],"specialized":[138],"time":[139],"series":[140],"approach":[143],"accurately":[145],"using":[151],"branch":[152],"instructions":[153],"feature,":[154,181],"most":[156],"prominent":[157],"feature.":[159],"The":[160],"results":[161],"indicate":[162],"StealthMiner":[164],"can":[165],"with":[171,177],"94%":[172],"performance":[174,185],"average":[176],"only":[178],"one":[179],"outperforming":[182],"state-of-the-art":[187],"42%.":[191]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":4},{"year":2021,"cited_by_count":5},{"year":2020,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}