{"id":"https://openalex.org/W2525598640","doi":"https://doi.org/10.1186/s13635-016-0045-0","title":"Hidost: a static machine-learning-based detector of malicious files","display_name":"Hidost: a static machine-learning-based detector of malicious files","publication_year":2016,"publication_date":"2016-09-26","ids":{"openalex":"https://openalex.org/W2525598640","doi":"https://doi.org/10.1186/s13635-016-0045-0","mag":"2525598640"},"language":"en","primary_location":{"id":"doi:10.1186/s13635-016-0045-0","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s13635-016-0045-0","pdf_url":"https://jis-eurasipjournals.springeropen.com/track/pdf/10.1186/s13635-016-0045-0","source":{"id":"https://openalex.org/S5820498","display_name":"EURASIP Journal on Information Security","issn_l":"1687-4161","issn":["1687-4161","1687-417X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"EURASIP Journal on Information Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://jis-eurasipjournals.springeropen.com/track/pdf/10.1186/s13635-016-0045-0","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5007121882","display_name":"Nedim \u0160rndi\u0107","orcid":null},"institutions":[{"id":"https://openalex.org/I8087733","display_name":"University of T\u00fcbingen","ror":"https://ror.org/03a1kwz48","country_code":"DE","type":"education","lineage":["https://openalex.org/I8087733"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Nedim \u0160rndi\u0107","raw_affiliation_strings":["Cognitive Systems, Department of Computer Science, University of T\u00fcbingen, Sand 1, 72076, T\u00fcbingen, Germany"],"affiliations":[{"raw_affiliation_string":"Cognitive Systems, Department of Computer Science, University of T\u00fcbingen, Sand 1, 72076, T\u00fcbingen, Germany","institution_ids":["https://openalex.org/I8087733"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5089735573","display_name":"Pavel Laskov","orcid":"https://orcid.org/0000-0002-3212-7167"},"institutions":[{"id":"https://openalex.org/I4210129353","display_name":"Huawei Technologies (Germany)","ror":"https://ror.org/038cdme44","country_code":"DE","type":"company","lineage":["https://openalex.org/I2250955327","https://openalex.org/I4210129353"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Pavel Laskov","raw_affiliation_strings":["Munich Office, European Research Center, Huawei Technologies Duesseldorf GmbH, Riessstr. 25 D-3.OG, M\u00fcnchen, 80992, Germany"],"affiliations":[{"raw_affiliation_string":"Munich Office, European Research Center, Huawei Technologies Duesseldorf GmbH, Riessstr. 25 D-3.OG, M\u00fcnchen, 80992, Germany","institution_ids":["https://openalex.org/I4210129353"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5007121882"],"corresponding_institution_ids":["https://openalex.org/I8087733"],"apc_list":{"value":840,"currency":"EUR","value_usd":1040},"apc_paid":{"value":456,"currency":"EUR","value_usd":491},"fwci":6.8902,"has_fulltext":true,"cited_by_count":88,"citation_normalized_percentile":{"value":0.97637146,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":100},"biblio":{"volume":"2016","issue":"1","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.911765992641449},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8977130651473999},{"id":"https://openalex.org/keywords/executable","display_name":"Executable","score":0.7344032526016235},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.4961002767086029},{"id":"https://openalex.org/keywords/modular-design","display_name":"Modular design","score":0.46547549962997437},{"id":"https://openalex.org/keywords/hypervisor","display_name":"Hypervisor","score":0.45214447379112244},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4403463304042816},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.43698734045028687},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.4355483949184418},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.4312199652194977},{"id":"https://openalex.org/keywords/file-format","display_name":"File format","score":0.4282752275466919},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.33619803190231323},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.2379535734653473},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.10150390863418579}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.911765992641449},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8977130651473999},{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.7344032526016235},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.4961002767086029},{"id":"https://openalex.org/C101468663","wikidata":"https://www.wikidata.org/wiki/Q1620158","display_name":"Modular design","level":2,"score":0.46547549962997437},{"id":"https://openalex.org/C112904061","wikidata":"https://www.wikidata.org/wiki/Q1077480","display_name":"Hypervisor","level":4,"score":0.45214447379112244},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4403463304042816},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.43698734045028687},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.4355483949184418},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.4312199652194977},{"id":"https://openalex.org/C97250363","wikidata":"https://www.wikidata.org/wiki/Q235557","display_name":"File format","level":2,"score":0.4282752275466919},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.33619803190231323},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.2379535734653473},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.10150390863418579},{"id":"https://openalex.org/C513985346","wikidata":"https://www.wikidata.org/wiki/Q270471","display_name":"Virtualization","level":3,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1186/s13635-016-0045-0","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s13635-016-0045-0","pdf_url":"https://jis-eurasipjournals.springeropen.com/track/pdf/10.1186/s13635-016-0045-0","source":{"id":"https://openalex.org/S5820498","display_name":"EURASIP Journal on Information Security","issn_l":"1687-4161","issn":["1687-4161","1687-417X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"EURASIP Journal on Information Security","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1186/s13635-016-0045-0","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s13635-016-0045-0","pdf_url":"https://jis-eurasipjournals.springeropen.com/track/pdf/10.1186/s13635-016-0045-0","source":{"id":"https://openalex.org/S5820498","display_name":"EURASIP Journal on Information Security","issn_l":"1687-4161","issn":["1687-4161","1687-417X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"EURASIP Journal on Information Security","raw_type":"journal-article"},"sustainable_development_goals":[{"score":0.7200000286102295,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320320879","display_name":"Deutsche Forschungsgemeinschaft","ror":"https://ror.org/018mejw64"},{"id":"https://openalex.org/F4320321112","display_name":"Eberhard Karls Universit\u00e4t T\u00fcbingen","ror":"https://ror.org/03a1kwz48"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2525598640.pdf","grobid_xml":"https://content.openalex.org/works/W2525598640.grobid-xml"},"referenced_works_count":25,"referenced_works":["https://openalex.org/W102746433","https://openalex.org/W1519407765","https://openalex.org/W1525958661","https://openalex.org/W1571989395","https://openalex.org/W1773541209","https://openalex.org/W1970867218","https://openalex.org/W1980066693","https://openalex.org/W1987644478","https://openalex.org/W1988146703","https://openalex.org/W1993651556","https://openalex.org/W2014742088","https://openalex.org/W2022775778","https://openalex.org/W2038296020","https://openalex.org/W2054888947","https://openalex.org/W2081293472","https://openalex.org/W2082190528","https://openalex.org/W2101234009","https://openalex.org/W2111038628","https://openalex.org/W2111216264","https://openalex.org/W2113261561","https://openalex.org/W2158302406","https://openalex.org/W2401293755","https://openalex.org/W2486441280","https://openalex.org/W2911964244","https://openalex.org/W2950774332"],"related_works":["https://openalex.org/W2354385412","https://openalex.org/W2498428883","https://openalex.org/W4285507391","https://openalex.org/W2007647094","https://openalex.org/W3107556205","https://openalex.org/W2610659201","https://openalex.org/W2170197386","https://openalex.org/W2183925834","https://openalex.org/W2075886053","https://openalex.org/W2765174411"],"abstract_inverted_index":{"Malicious":[0],"software,":[1],"i.e.,":[2],"malware,":[3,47],"has":[4,64,114],"been":[5,65,115],"a":[6,30,36,91,147],"persistent":[7],"threat":[8],"in":[9,150],"the":[10,15,43,76,99,174,179,189],"information":[11],"security":[12],"landscape":[13],"since":[14],"early":[16],"days":[17],"of":[18,39,45,59,102,182],"personal":[19],"computing.":[20],"The":[21],"recent":[22],"targeted":[23],"attacks":[24],"extensively":[25],"use":[26],"non-executable":[27,46],"malware":[28,80],"as":[29,146],"stealthy":[31],"attack":[32],"vector.":[33],"There":[34],"exists":[35],"substantial":[37],"body":[38],"previous":[40],"work":[41],"on":[42,86,119,153,191],"detection":[44,81,110],"including":[48],"static,":[49],"dynamic,":[50],"and":[51,117,123,131,159,186],"combined":[52],"methods.":[53],"While":[54],"static":[55,78],"methods":[56],"perform":[57],"orders":[58],"magnitude":[60],"faster,":[61],"their":[62,105],"applicability":[63],"hitherto":[66],"limited":[67],"to":[68,84,127,138,177],"specific":[69],"file":[70,88],"formats.":[71,89],"This":[72],"paper":[73],"introduces":[74],"Hidost,":[75],"first":[77],"machine-learning-based":[79],"system":[82,113],"designed":[83],"operate":[85],"multiple":[87],"Extending":[90],"previously":[92],"published,":[93],"highly":[94],"effective":[95],"method,":[96],"it":[97,135],"combines":[98],"logical":[100,142],"structure":[101,143],"files":[103,162,185],"with":[104],"content":[106],"for":[107],"even":[108],"better":[109],"accuracy.":[111],"Our":[112],"implemented":[116],"evaluated":[118],"two":[120],"formats,":[121],"PDF":[122,158,184],"SWF":[124,161,192],"(Flash).":[125],"Thanks":[126],"its":[128],"modular":[129],"design":[130],"general":[132],"feature":[133],"set,":[134],"is":[136,144],"extensible":[137],"other":[139],"formats":[140],"whose":[141],"organized":[145],"hierarchy.":[148],"Evaluated":[149],"realistic":[151],"experiments":[152],"timestamped":[154],"datasets":[155],"comprising":[156],"440,000":[157],"40,000":[160],"collected":[163],"during":[164],"several":[165],"months,":[166],"Hidost":[167],"outperformed":[168],"all":[169],"antivirus":[170],"engines":[171],"deployed":[172],"by":[173],"website":[175],"VirusTotal":[176],"detect":[178],"highest":[180],"number":[181],"malicious":[183],"ranked":[187],"among":[188],"best":[190],"malware.":[193]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":12},{"year":2023,"cited_by_count":9},{"year":2022,"cited_by_count":9},{"year":2021,"cited_by_count":13},{"year":2020,"cited_by_count":13},{"year":2019,"cited_by_count":14},{"year":2018,"cited_by_count":11},{"year":2017,"cited_by_count":2}],"updated_date":"2026-03-12T08:34:05.389933","created_date":"2025-10-10T00:00:00"}
