{"id":"https://openalex.org/W3112173953","doi":"https://doi.org/10.1145/3427228.3427242","title":"Advanced Windows Methods on Malware Detection and Classification","display_name":"Advanced Windows Methods on Malware Detection and Classification","publication_year":2020,"publication_date":"2020-12-07","ids":{"openalex":"https://openalex.org/W3112173953","doi":"https://doi.org/10.1145/3427228.3427242","mag":"3112173953"},"language":"en","primary_location":{"id":"doi:10.1145/3427228.3427242","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3427228.3427242","pdf_url":null,"source":{"id":"https://openalex.org/S4306417673","display_name":"Annual Computer Security Applications Conference","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5022721209","display_name":"Dima Rabadi","orcid":"https://orcid.org/0000-0001-8067-1995"},"institutions":[{"id":"https://openalex.org/I3005327000","display_name":"Institute for Infocomm Research","ror":"https://ror.org/053rfa017","country_code":"SG","type":"facility","lineage":["https://openalex.org/I115228651","https://openalex.org/I3005327000","https://openalex.org/I91275662"]}],"countries":["SG"],"is_corresponding":true,"raw_author_name":"Dima Rabadi","raw_affiliation_strings":["Institute for Infocomm Research, Singapore"],"affiliations":[{"raw_affiliation_string":"Institute for Infocomm Research, Singapore","institution_ids":["https://openalex.org/I3005327000"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5018516368","display_name":"Sin G. Teo","orcid":"https://orcid.org/0000-0003-1090-505X"},"institutions":[{"id":"https://openalex.org/I3005327000","display_name":"Institute for Infocomm Research","ror":"https://ror.org/053rfa017","country_code":"SG","type":"facility","lineage":["https://openalex.org/I115228651","https://openalex.org/I3005327000","https://openalex.org/I91275662"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Sin G. Teo","raw_affiliation_strings":["Institute for Infocomm Research Research, Singapore"],"affiliations":[{"raw_affiliation_string":"Institute for Infocomm Research Research, Singapore","institution_ids":["https://openalex.org/I3005327000"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5022721209"],"corresponding_institution_ids":["https://openalex.org/I3005327000"],"apc_list":null,"apc_paid":null,"fwci":4.377,"has_fulltext":false,"cited_by_count":47,"citation_normalized_percentile":{"value":0.95652174,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"54","last_page":"68"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9969000220298767,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9800999760627747,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8511356711387634},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8309289216995239},{"id":"https://openalex.org/keywords/application-programming-interface","display_name":"Application programming interface","score":0.5771341919898987},{"id":"https://openalex.org/keywords/function","display_name":"Function (biology)","score":0.5225169658660889},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.49517717957496643},{"id":"https://openalex.org/keywords/argument","display_name":"Argument (complex analysis)","score":0.42683225870132446},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.37807199358940125},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.35501790046691895},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.30792027711868286}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8511356711387634},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8309289216995239},{"id":"https://openalex.org/C99613125","wikidata":"https://www.wikidata.org/wiki/Q165194","display_name":"Application programming interface","level":2,"score":0.5771341919898987},{"id":"https://openalex.org/C14036430","wikidata":"https://www.wikidata.org/wiki/Q3736076","display_name":"Function (biology)","level":2,"score":0.5225169658660889},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.49517717957496643},{"id":"https://openalex.org/C98184364","wikidata":"https://www.wikidata.org/wiki/Q1780131","display_name":"Argument (complex analysis)","level":2,"score":0.42683225870132446},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.37807199358940125},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.35501790046691895},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.30792027711868286},{"id":"https://openalex.org/C78458016","wikidata":"https://www.wikidata.org/wiki/Q840400","display_name":"Evolutionary biology","level":1,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3427228.3427242","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3427228.3427242","pdf_url":null,"source":{"id":"https://openalex.org/S4306417673","display_name":"Annual Computer Security Applications Conference","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Annual Computer Security Applications Conference","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.5,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":44,"referenced_works":["https://openalex.org/W36091977","https://openalex.org/W1525120920","https://openalex.org/W1545528966","https://openalex.org/W1549998098","https://openalex.org/W1573526548","https://openalex.org/W1666731339","https://openalex.org/W1851403712","https://openalex.org/W1966917005","https://openalex.org/W1970635365","https://openalex.org/W2018022926","https://openalex.org/W2020184885","https://openalex.org/W2031166731","https://openalex.org/W2036575863","https://openalex.org/W2041130390","https://openalex.org/W2051223603","https://openalex.org/W2055716572","https://openalex.org/W2065311994","https://openalex.org/W2066220442","https://openalex.org/W2101234009","https://openalex.org/W2119954997","https://openalex.org/W2125743503","https://openalex.org/W2132874238","https://openalex.org/W2133990480","https://openalex.org/W2135814109","https://openalex.org/W2137365926","https://openalex.org/W2160218441","https://openalex.org/W2163931946","https://openalex.org/W2256319980","https://openalex.org/W2295598076","https://openalex.org/W2514847810","https://openalex.org/W2553476679","https://openalex.org/W2557513839","https://openalex.org/W2564494760","https://openalex.org/W2761652379","https://openalex.org/W2767001890","https://openalex.org/W2883011451","https://openalex.org/W2910657275","https://openalex.org/W2914516771","https://openalex.org/W2917661079","https://openalex.org/W2981560863","https://openalex.org/W3006140559","https://openalex.org/W3015301903","https://openalex.org/W3082575476","https://openalex.org/W3102476541"],"related_works":["https://openalex.org/W2439951656","https://openalex.org/W2377509977","https://openalex.org/W1998188341","https://openalex.org/W1573526548","https://openalex.org/W3176864451","https://openalex.org/W4360982091","https://openalex.org/W2053632570","https://openalex.org/W3211525895","https://openalex.org/W2187910102","https://openalex.org/W2351528581"],"abstract_inverted_index":{"Application":[0],"Programming":[1],"Interfaces":[2],"(APIs)":[3],"are":[4,130],"still":[5],"considered":[6],"the":[7,16,38,69,73,82,105,108,112,143,151,160,178,191,212,216,220,231],"standard":[8],"accessible":[9],"data":[10],"source":[11],"and":[12,22,71,206,225,242,251,266,302],"core":[13],"wok":[14],"of":[15,41,107,142,146,150,222,230,263,288,299],"most":[17,149],"widely":[18],"adopted":[19],"malware":[20,26,59,249,274,292,307],"detection":[21,250,293],"classification":[23,253,282],"techniques.":[24],"API-based":[25,153,237,306],"detectors":[27,66,156,175],"highly":[28],"rely":[29],"on":[30,87,118,134],"measuring":[31],"API\u2019s":[32],"statistical":[33],"features,":[34],"such":[35,65],"as":[36],"calculating":[37],"frequency":[39,83],"counter":[40],"calling":[42],"specific":[43],"API":[44,74,88,114,147,161,179,192],"calls":[45,75,79,89,162],"or":[46,76,194],"finding":[47],"their":[48,98,167,182],"malicious":[49,154,268],"sequence":[50,70],"pattern":[51],"(i.e.,":[52,80],"signature-based":[53],"detectors).":[54],"Using":[55],"simple":[56],"hooking":[57],"tools,":[58],"authors":[60],"would":[61,121,157],"help":[62,221],"in":[63,123,181],"failing":[64],"by":[67],"interrupting":[68],"shuffling":[72],"deleting/inserting":[77],"irrelevant":[78],"changing":[81],"counter).":[84],"Moreover,":[85],"relying":[86],"(e.g.,":[90,116,132,170],"function":[91,99,171],"names)":[92],"alone":[93],"without":[94,163,226],"taking":[95,164],"into":[96,165],"account":[97,166],"parameters":[100],"is":[101],"insufficient":[102],"to":[103,197,209,246,271],"understand":[104],"purpose":[106],"program.":[109],"For":[110],"example,":[111],"same":[113],"call":[115],"writing":[117,133],"a":[119,135,203,235,248],"file)":[120],"act":[122],"two":[124,127],"ways":[125],"if":[126],"different":[128],"arguments":[129,180,193],"passed":[131],"system":[136],"versus":[137],"user":[138],"file).":[139],"However,":[140],"because":[141],"heterogeneous":[144],"nature":[145],"arguments,":[148,232],"available":[152],"behavior":[155],"consider":[158],"only":[159],"argument":[168],"information":[169],"parameters).":[172],"Alternatively,":[173],"other":[174],"try":[176],"considering":[177],"techniques,":[183],"but":[184],"they":[185],"acquire":[186],"having":[187],"proficient":[188],"knowledge":[189,229],"about":[190],"powerful":[195],"processors":[196],"extract":[198],"them.":[199],"Such":[200],"requirements":[201],"demand":[202],"prohibitive":[204],"cost":[205],"complex":[207],"operations":[208],"deal":[210],"with":[211,219],"arguments.":[213],"To":[214,255],"overcome":[215],"above":[217],"limitations,":[218],"machine":[223],"learning":[224],"any":[227],"expert":[228],"we":[233,243,259],"propose":[234],"light-weight":[236],"dynamic":[238],"feature":[239],"extraction":[240],"technique,":[241],"use":[244,260],"it":[245],"implement":[247],"type":[252,281],"approach.":[254],"evaluate":[256],"our":[257,280,291],"approach,":[258],"reasonable":[261],"datasets":[262],"7774":[264],"benign":[265],"7105":[267],"samples":[269],"belonging":[270],"ten":[272],"distinct":[273],"types.":[275],"Experimental":[276],"results":[277],"show":[278],"that":[279],"module":[283,294],"could":[284,295],"achieve":[285],"an":[286,297],"accuracy":[287,298],",":[289,301],"where":[290],"reach":[296],"over":[300],"outperforms":[303],"many":[304],"state-of-the-art":[305],"detectors.":[308]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":15},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":12},{"year":2022,"cited_by_count":8},{"year":2021,"cited_by_count":6}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}