{"id":"https://openalex.org/W4401006908","doi":"https://doi.org/10.1186/s42400-024-00243-7","title":"GLDOC: detection of implicitly malicious MS-Office documents using graph convolutional networks","display_name":"GLDOC: detection of implicitly malicious MS-Office documents using graph convolutional networks","publication_year":2024,"publication_date":"2024-07-25","ids":{"openalex":"https://openalex.org/W4401006908","doi":"https://doi.org/10.1186/s42400-024-00243-7"},"language":"en","primary_location":{"id":"doi:10.1186/s42400-024-00243-7","is_oa":true,"landing_page_url":"http://dx.doi.org/10.1186/s42400-024-00243-7","pdf_url":"https://link.springer.com/content/pdf/10.1186/s42400-024-00243-7.pdf","source":{"id":"https://openalex.org/S3035238565","display_name":"Cybersecurity","issn_l":"2523-3246","issn":["2523-3246"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cybersecurity","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://link.springer.com/content/pdf/10.1186/s42400-024-00243-7.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5103001365","display_name":"Wenbo Wang","orcid":"https://orcid.org/0000-0003-4767-8794"},"institutions":[{"id":"https://openalex.org/I169689159","display_name":"PLA Information Engineering University","ror":"https://ror.org/00mm1qk40","country_code":"CN","type":"education","lineage":["https://openalex.org/I169689159"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Wenbo Wang","raw_affiliation_strings":["PLA Information Engineering University, Zhengzhou, China"],"raw_orcid":"https://orcid.org/0000-0003-4767-8794","affiliations":[{"raw_affiliation_string":"PLA Information Engineering University, Zhengzhou, China","institution_ids":["https://openalex.org/I169689159"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5068839920","display_name":"Yi Peng","orcid":"https://orcid.org/0000-0002-1010-6090"},"institutions":[{"id":"https://openalex.org/I169689159","display_name":"PLA Information Engineering University","ror":"https://ror.org/00mm1qk40","country_code":"CN","type":"education","lineage":["https://openalex.org/I169689159"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Peng Yi","raw_affiliation_strings":["PLA Information Engineering University, Zhengzhou, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"PLA Information Engineering University, Zhengzhou, China","institution_ids":["https://openalex.org/I169689159"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5063361904","display_name":"Taotao Kou","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Taotao Kou","raw_affiliation_strings":["Shanxi Binhe Research Institute, Taiyuan, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Shanxi Binhe Research Institute, Taiyuan, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043721166","display_name":"Weitao Han","orcid":"https://orcid.org/0009-0007-1085-5941"},"institutions":[{"id":"https://openalex.org/I169689159","display_name":"PLA Information Engineering University","ror":"https://ror.org/00mm1qk40","country_code":"CN","type":"education","lineage":["https://openalex.org/I169689159"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Weitao Han","raw_affiliation_strings":["PLA Information Engineering University, Zhengzhou, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"PLA Information Engineering University, Zhengzhou, China","institution_ids":["https://openalex.org/I169689159"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100373451","display_name":"Chengyu Wang","orcid":"https://orcid.org/0000-0003-1010-9678"},"institutions":[{"id":"https://openalex.org/I169689159","display_name":"PLA Information Engineering University","ror":"https://ror.org/00mm1qk40","country_code":"CN","type":"education","lineage":["https://openalex.org/I169689159"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chengyu Wang","raw_affiliation_strings":["PLA Information Engineering University, Zhengzhou, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"PLA Information Engineering University, Zhengzhou, China","institution_ids":["https://openalex.org/I169689159"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5103001365"],"corresponding_institution_ids":["https://openalex.org/I169689159"],"apc_list":null,"apc_paid":null,"fwci":0.3134,"has_fulltext":true,"cited_by_count":1,"citation_normalized_percentile":{"value":0.50944698,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":94},"biblio":{"volume":"7","issue":"1","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9977999925613403,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9934999942779541,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7170335650444031},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.5658767819404602},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4495677351951599},{"id":"https://openalex.org/keywords/information-retrieval","display_name":"Information retrieval","score":0.3397057056427002},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.28487628698349}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7170335650444031},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.5658767819404602},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4495677351951599},{"id":"https://openalex.org/C23123220","wikidata":"https://www.wikidata.org/wiki/Q816826","display_name":"Information retrieval","level":1,"score":0.3397057056427002},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.28487628698349}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1186/s42400-024-00243-7","is_oa":true,"landing_page_url":"http://dx.doi.org/10.1186/s42400-024-00243-7","pdf_url":"https://link.springer.com/content/pdf/10.1186/s42400-024-00243-7.pdf","source":{"id":"https://openalex.org/S3035238565","display_name":"Cybersecurity","issn_l":"2523-3246","issn":["2523-3246"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cybersecurity","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:c8d5f31f4a8941998af1c735a12f89dc","is_oa":false,"landing_page_url":"https://doaj.org/article/c8d5f31f4a8941998af1c735a12f89dc","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Cybersecurity, Vol 7, Iss 1, Pp 1-14 (2024)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1186/s42400-024-00243-7","is_oa":true,"landing_page_url":"http://dx.doi.org/10.1186/s42400-024-00243-7","pdf_url":"https://link.springer.com/content/pdf/10.1186/s42400-024-00243-7.pdf","source":{"id":"https://openalex.org/S3035238565","display_name":"Cybersecurity","issn_l":"2523-3246","issn":["2523-3246"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cybersecurity","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G575655210","display_name":null,"funder_award_id":"62176264","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4401006908.pdf","grobid_xml":"https://content.openalex.org/works/W4401006908.grobid-xml"},"referenced_works_count":15,"referenced_works":["https://openalex.org/W1519407765","https://openalex.org/W2005662348","https://openalex.org/W2087671069","https://openalex.org/W2111216264","https://openalex.org/W2517869697","https://openalex.org/W2557716486","https://openalex.org/W2621801683","https://openalex.org/W2779064420","https://openalex.org/W2884157903","https://openalex.org/W2923724895","https://openalex.org/W3196559500","https://openalex.org/W4224253745","https://openalex.org/W4288057801","https://openalex.org/W6602334313","https://openalex.org/W6603135882"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052","https://openalex.org/W2382290278","https://openalex.org/W4395014643"],"abstract_inverted_index":{"Abstract":[0],"Nowadays,":[1],"the":[2,11,33,58,98,107,112,126,157,214],"malicious":[3,42,50,70,158],"MS-Office":[4],"document":[5,159],"has":[6,173],"already":[7],"become":[8],"one":[9],"of":[10,60,75,102,134,177],"most":[12,74,116],"effective":[13],"attacking":[14,200],"vectors":[15],"in":[16,115,123,196],"APT":[17],"attacks.":[18],"Though":[19],"many":[20],"protection":[21],"mechanisms":[22],"are":[23],"provided,":[24],"they":[25],"have":[26],"been":[27],"proved":[28],"easy":[29],"to":[30,62,141,155],"bypass,":[31],"and":[32,72,96,131,166,180,186,209],"existed":[34],"detection":[35,104,160,191,211],"methods":[36],"show":[37,68,170],"poor":[38],"performance":[39],"when":[40],"facing":[41],"documents":[43,66],"with":[44,48,93],"unknown":[45,215],"vulnerabilities":[46],"or":[47],"few":[49],"behaviors.":[51],"In":[52],"this":[53],"paper,":[54],"we":[55,80,118],"first":[56],"introduce":[57],"definition":[59],"im-documents,":[61],"describe":[63],"those":[64],"vulnerable":[65],"which":[67,110],"implicitly":[69],"behaviors":[71,122],"escape":[73],"public":[76],"antivirus":[77],"engines.":[78],"Then":[79],"present":[81],"GLDOC\u2014a":[82],"GCN":[83],"based":[84],"framework":[85,204],"that":[86,171],"is":[87,111],"aimed":[88],"at":[89],"effectively":[90],"detecting":[91],"im-documents":[92],"dynamic":[94,121],"analysis,":[95],"improving":[97],"possible":[99],"blind":[100],"spots":[101],"past":[103],"methods.":[105,192],"Besides":[106],"system":[108],"call":[109],"only":[113],"focus":[114],"researches,":[117],"capture":[119],"all":[120],"sandbox,":[124],"take":[125],"process":[127],"tree":[128],"into":[129,136,162],"consideration":[130],"reconstruct":[132],"both":[133],"them":[135],"graphs.":[137],"Using":[138],"each":[139,143],"line":[140],"learn":[142],"graph,":[144],"GLDOC":[145,172],"trains":[146],"a":[147,153,163,174,197,207],"2-channel":[148],"network":[149],"as":[150,152],"well":[151],"classifier":[154],"formulate":[156],"problem":[161],"graph":[164],"learning":[165],"classification":[167],"problem.":[168],"Experiments":[169],"comprehensive":[175],"balance":[176],"accuracy":[178,212],"rate":[179,183],"false":[181],"alarm":[182],"\u2212":[184],"95.33%":[185],"4.33%":[187],"respectively,":[188],"outperforming":[189],"other":[190],"When":[193],"further":[194],"testing":[195],"simulated":[198],"5-day":[199],"scenario,":[201],"our":[202],"proposed":[203],"still":[205],"maintains":[206],"stable":[208],"high":[210],"on":[213],"vulnerabilities.":[216]},"counts_by_year":[{"year":2024,"cited_by_count":1}],"updated_date":"2026-05-21T06:26:12.895304","created_date":"2025-10-10T00:00:00"}