{"id":"https://openalex.org/W3092098427","doi":"https://doi.org/10.1145/3387905.3388595","title":"Representing string computations as graphs for classifying malware","display_name":"Representing string computations as graphs for classifying malware","publication_year":2020,"publication_date":"2020-07-13","ids":{"openalex":"https://openalex.org/W3092098427","doi":"https://doi.org/10.1145/3387905.3388595","mag":"3092098427"},"language":"en","primary_location":{"id":"doi:10.1145/3387905.3388595","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3387905.3388595","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the IEEE/ACM 7th International Conference on Mobile Software Engineering and Systems","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5090547463","display_name":"Justin Del Vecchio","orcid":null},"institutions":[{"id":"https://openalex.org/I63190737","display_name":"University at Buffalo, State University of New York","ror":"https://ror.org/01y64my43","country_code":"US","type":"education","lineage":["https://openalex.org/I63190737"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Justin Del Vecchio","raw_affiliation_strings":["University at Buffalo"],"affiliations":[{"raw_affiliation_string":"University at Buffalo","institution_ids":["https://openalex.org/I63190737"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5109113161","display_name":"Steven Y. Ko","orcid":null},"institutions":[{"id":"https://openalex.org/I63190737","display_name":"University at Buffalo, State University of New York","ror":"https://ror.org/01y64my43","country_code":"US","type":"education","lineage":["https://openalex.org/I63190737"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Steven Y. Ko","raw_affiliation_strings":["University at Buffalo"],"affiliations":[{"raw_affiliation_string":"University at Buffalo","institution_ids":["https://openalex.org/I63190737"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5027309456","display_name":"Lukasz Ziarek","orcid":"https://orcid.org/0000-0003-4353-1998"},"institutions":[{"id":"https://openalex.org/I63190737","display_name":"University at Buffalo, State University of New York","ror":"https://ror.org/01y64my43","country_code":"US","type":"education","lineage":["https://openalex.org/I63190737"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Lukasz Ziarek","raw_affiliation_strings":["University at Buffalo"],"affiliations":[{"raw_affiliation_string":"University at Buffalo","institution_ids":["https://openalex.org/I63190737"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5090547463"],"corresponding_institution_ids":["https://openalex.org/I63190737"],"apc_list":null,"apc_paid":null,"fwci":0.1515,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.4435813,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"120","last_page":"131"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9959999918937683,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9951000213623047,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8041290640830994},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.800993025302887},{"id":"https://openalex.org/keywords/computation","display_name":"Computation","score":0.6261520385742188},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.5789673924446106},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.5191785097122192},{"id":"https://openalex.org/keywords/string","display_name":"String (physics)","score":0.5171365141868591},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.5148198008537292},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.47825658321380615},{"id":"https://openalex.org/keywords/android-malware","display_name":"Android malware","score":0.4490712583065033},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.2326985001564026},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.20034611225128174},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.1426253616809845},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.1213454008102417},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.09427270293235779}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8041290640830994},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.800993025302887},{"id":"https://openalex.org/C45374587","wikidata":"https://www.wikidata.org/wiki/Q12525525","display_name":"Computation","level":2,"score":0.6261520385742188},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.5789673924446106},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.5191785097122192},{"id":"https://openalex.org/C157486923","wikidata":"https://www.wikidata.org/wiki/Q1376436","display_name":"String (physics)","level":2,"score":0.5171365141868591},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.5148198008537292},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.47825658321380615},{"id":"https://openalex.org/C2989133298","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android malware","level":3,"score":0.4490712583065033},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.2326985001564026},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.20034611225128174},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.1426253616809845},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.1213454008102417},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.09427270293235779},{"id":"https://openalex.org/C37914503","wikidata":"https://www.wikidata.org/wiki/Q156495","display_name":"Mathematical physics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3387905.3388595","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3387905.3388595","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the IEEE/ACM 7th International Conference on Mobile Software Engineering and Systems","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":46,"referenced_works":["https://openalex.org/W1583484179","https://openalex.org/W1943233084","https://openalex.org/W1985686072","https://openalex.org/W1988036170","https://openalex.org/W1990649188","https://openalex.org/W2001693166","https://openalex.org/W2003276999","https://openalex.org/W2007323463","https://openalex.org/W2014390890","https://openalex.org/W2041276426","https://openalex.org/W2069959685","https://openalex.org/W2070493638","https://openalex.org/W2071536101","https://openalex.org/W2073754016","https://openalex.org/W2080696000","https://openalex.org/W2091540464","https://openalex.org/W2102890180","https://openalex.org/W2103660000","https://openalex.org/W2114275288","https://openalex.org/W2122672392","https://openalex.org/W2127723417","https://openalex.org/W2131523719","https://openalex.org/W2148397566","https://openalex.org/W2152149943","https://openalex.org/W2166743230","https://openalex.org/W2236850279","https://openalex.org/W2249879170","https://openalex.org/W2407313496","https://openalex.org/W2509162308","https://openalex.org/W2600431008","https://openalex.org/W2603160474","https://openalex.org/W2680865343","https://openalex.org/W2735533479","https://openalex.org/W2749008552","https://openalex.org/W2783327762","https://openalex.org/W2794652108","https://openalex.org/W2802756541","https://openalex.org/W2896042305","https://openalex.org/W2912456980","https://openalex.org/W2975823972","https://openalex.org/W2997473338","https://openalex.org/W3002912819","https://openalex.org/W3105926539","https://openalex.org/W4233269256","https://openalex.org/W4239799938","https://openalex.org/W4315746341"],"related_works":["https://openalex.org/W2717179875","https://openalex.org/W4249118297","https://openalex.org/W4285507391","https://openalex.org/W2610659201","https://openalex.org/W3107556205","https://openalex.org/W65788704","https://openalex.org/W3036603968","https://openalex.org/W2791662519","https://openalex.org/W3200508744","https://openalex.org/W2183925834"],"abstract_inverted_index":{"Android":[0,69,151,180],"applications":[1,70],"rely":[2],"heavily":[3],"on":[4,127,206],"strings":[5,36,58,173],"for":[6],"sensitive":[7],"operations":[8],"like":[9],"reflection,":[10],"access":[11],"to":[12,48,71,108,115,141,147,174,221],"system":[13],"resources,":[14],"URL":[15],"connections,":[16],"database":[17],"access,":[18],"among":[19],"others.":[20],"Thus,":[21],"insight":[22],"into":[23],"application":[24,38,111,181],"behavior":[25,112],"can":[26,196],"be":[27],"gained":[28],"through":[29],"not":[30],"only":[31,126,167],"an":[32,37,178],"analysis":[33,67,86,161],"of":[34,44,68,83,89,95,129,137,150,158,171,177,226],"what":[35,54],"creates":[39],"but":[40],"also":[41,210],"the":[42,45,93,106,135,138,159,168,223],"structure":[43,136],"computation":[46,139,192],"used":[47,140],"create":[49],"theses":[50],"strings,":[51,73],"and":[52,78,199,219],"in":[53,92],"manner":[55],"are":[56,76],"these":[57],"used.":[59],"In":[60],"this":[61,90],"paper":[62],"we":[63,99,155],"introduce":[64],"a":[65,96,101],"static":[66,85,160],"discover":[72],"how":[74],"they":[75],"created,":[77],"their":[79],"usage.":[80],"The":[81],"output":[82],"our":[84,132],"contains":[87],"all":[88],"information":[91],"form":[94],"graph":[97,169],"which":[98],"call":[100],"string":[102,130,143,163,191],"computation.":[103],"We":[104,209],"leverage":[105],"results":[107,187,213],"classify":[109,222],"individual":[110],"with":[113],"respect":[114],"malicious":[116],"or":[117,184],"benign":[118],"intent.":[119],"Unlike":[120],"previous":[121],"work":[122],"that":[123,189],"has":[124],"focused":[125],"extraction":[128],"values,":[131,164],"approach":[133],"leverages":[134],"generate":[142],"values":[144],"as":[145,182,194,202,204],"features":[146,195],"perform":[148],"classification":[149,176],"applications.":[152,227],"That":[153],"is,":[154],"use":[156],"none":[157],"computed":[162],"rather":[165],"using":[166],"structures":[170,193],"created":[172],"do":[175],"arbitrary":[179],"malware":[183,216],"benign.":[185],"Our":[186],"show":[188],"leveraging":[190],"yield":[197],"precision":[198],"recall":[200],"rates":[201],"high":[203],"97%":[205],"modern":[207],"malware.":[208],"provide":[211],"baseline":[212],"against":[214],"other":[215],"detection":[217],"tools":[218],"techniques":[220],"same":[224],"corpus":[225]},"counts_by_year":[{"year":2022,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}