{"id":"https://openalex.org/W4379374387","doi":"https://doi.org/10.21428/594757db.88040587","title":"Detecting Malicious .NET Files Using CLR Header Features and Machine Learning","display_name":"Detecting Malicious .NET Files Using CLR Header Features and Machine Learning","publication_year":2023,"publication_date":"2023-06-05","ids":{"openalex":"https://openalex.org/W4379374387","doi":"https://doi.org/10.21428/594757db.88040587"},"language":"en","primary_location":{"id":"doi:10.21428/594757db.88040587","is_oa":true,"landing_page_url":"https://doi.org/10.21428/594757db.88040587","pdf_url":"https://caiac.pubpub.org/pub/zdou0fln/download/pdf","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Canadian Conference on Artificial Intelligence","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://caiac.pubpub.org/pub/zdou0fln/download/pdf","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5025434069","display_name":"Mohammed Hassan","orcid":"https://orcid.org/0000-0002-2014-7603"},"institutions":[{"id":"https://openalex.org/I153718931","display_name":"University of Ottawa","ror":"https://ror.org/03c4mmv16","country_code":"CA","type":"education","lineage":["https://openalex.org/I153718931"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Mohammed Hassan","raw_affiliation_strings":["Faculty of Engineering, University of Ottawa"],"affiliations":[{"raw_affiliation_string":"Faculty of Engineering, University of Ottawa","institution_ids":["https://openalex.org/I153718931"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Mohamed Eid","orcid":null},"institutions":[{"id":"https://openalex.org/I153718931","display_name":"University of Ottawa","ror":"https://ror.org/03c4mmv16","country_code":"CA","type":"education","lineage":["https://openalex.org/I153718931"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Mohamed Eid","raw_affiliation_strings":["Faculty of Engineering, University of Ottawa"],"affiliations":[{"raw_affiliation_string":"Faculty of Engineering, University of Ottawa","institution_ids":["https://openalex.org/I153718931"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5092086827","display_name":"Hossam Elnems","orcid":null},"institutions":[{"id":"https://openalex.org/I153718931","display_name":"University of Ottawa","ror":"https://ror.org/03c4mmv16","country_code":"CA","type":"education","lineage":["https://openalex.org/I153718931"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Hossam Elnems","raw_affiliation_strings":["Faculty of Engineering, University of Ottawa"],"affiliations":[{"raw_affiliation_string":"Faculty of Engineering, University of Ottawa","institution_ids":["https://openalex.org/I153718931"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5104124759","display_name":"Eslam Ahmed","orcid":null},"institutions":[{"id":"https://openalex.org/I153718931","display_name":"University of Ottawa","ror":"https://ror.org/03c4mmv16","country_code":"CA","type":"education","lineage":["https://openalex.org/I153718931"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Eslam Ahmed","raw_affiliation_strings":["Faculty of Engineering, University of Ottawa"],"affiliations":[{"raw_affiliation_string":"Faculty of Engineering, University of Ottawa","institution_ids":["https://openalex.org/I153718931"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5092086828","display_name":"Ebraam Mesak","orcid":null},"institutions":[{"id":"https://openalex.org/I153718931","display_name":"University of Ottawa","ror":"https://ror.org/03c4mmv16","country_code":"CA","type":"education","lineage":["https://openalex.org/I153718931"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Ebraam Mesak","raw_affiliation_strings":["Faculty of Engineering, University of Ottawa"],"affiliations":[{"raw_affiliation_string":"Faculty of Engineering, University of Ottawa","institution_ids":["https://openalex.org/I153718931"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5043554078","display_name":"Paula Branco","orcid":"https://orcid.org/0000-0002-9917-3694"},"institutions":[{"id":"https://openalex.org/I153718931","display_name":"University of Ottawa","ror":"https://ror.org/03c4mmv16","country_code":"CA","type":"education","lineage":["https://openalex.org/I153718931"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Paula Branco","raw_affiliation_strings":["Faculty of Engineering, University of Ottawa"],"affiliations":[{"raw_affiliation_string":"Faculty of Engineering, University of Ottawa","institution_ids":["https://openalex.org/I153718931"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5025434069"],"corresponding_institution_ids":["https://openalex.org/I153718931"],"apc_list":null,"apc_paid":null,"fwci":0.3903,"has_fulltext":true,"cited_by_count":2,"citation_normalized_percentile":{"value":0.54315568,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":96},"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9801999926567078,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8788424730300903},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8029696941375732},{"id":"https://openalex.org/keywords/header","display_name":"Header","score":0.7762181758880615},{"id":"https://openalex.org/keywords/net","display_name":"Net (polyhedron)","score":0.4963875412940979},{"id":"https://openalex.org/keywords/.net-framework","display_name":".NET Framework","score":0.47884130477905273},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.40335363149642944},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3923647999763489},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.34948134422302246},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.07485637068748474}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8788424730300903},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8029696941375732},{"id":"https://openalex.org/C48105269","wikidata":"https://www.wikidata.org/wiki/Q1141160","display_name":"Header","level":2,"score":0.7762181758880615},{"id":"https://openalex.org/C14166107","wikidata":"https://www.wikidata.org/wiki/Q253829","display_name":"Net (polyhedron)","level":2,"score":0.4963875412940979},{"id":"https://openalex.org/C523747234","wikidata":"https://www.wikidata.org/wiki/Q5289","display_name":".NET Framework","level":2,"score":0.47884130477905273},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.40335363149642944},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3923647999763489},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.34948134422302246},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.07485637068748474},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.21428/594757db.88040587","is_oa":true,"landing_page_url":"https://doi.org/10.21428/594757db.88040587","pdf_url":"https://caiac.pubpub.org/pub/zdou0fln/download/pdf","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Canadian Conference on Artificial Intelligence","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.21428/594757db.88040587","is_oa":true,"landing_page_url":"https://doi.org/10.21428/594757db.88040587","pdf_url":"https://caiac.pubpub.org/pub/zdou0fln/download/pdf","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Canadian Conference on Artificial Intelligence","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/4","display_name":"Quality Education","score":0.7699999809265137}],"awards":[{"id":"https://openalex.org/G2165548363","display_name":null,"funder_award_id":"Canada","funder_id":"https://openalex.org/F4320334593","funder_display_name":"Natural Sciences and Engineering Research Council of Canada"},{"id":"https://openalex.org/G2862252062","display_name":null,"funder_award_id":"Grant","funder_id":"https://openalex.org/F4320334593","funder_display_name":"Natural Sciences and Engineering Research Council of Canada"}],"funders":[{"id":"https://openalex.org/F4320334593","display_name":"Natural Sciences and Engineering Research Council of Canada","ror":"https://ror.org/01h531d29"}],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4379374387.pdf"},"referenced_works_count":3,"referenced_works":["https://openalex.org/W3004023980","https://openalex.org/W3026804104","https://openalex.org/W3052433045"],"related_works":["https://openalex.org/W2968586400","https://openalex.org/W4316087074","https://openalex.org/W2921716587","https://openalex.org/W2942650110","https://openalex.org/W2373714642","https://openalex.org/W2356862706","https://openalex.org/W4312622353","https://openalex.org/W2363592251","https://openalex.org/W2978009716","https://openalex.org/W2361552676"],"abstract_inverted_index":{"The":[0,183],".Net":[1,22,59,125],"Framework":[2],"has":[3,61],"made":[4],"writing":[5],"windows":[6,46],"applications":[7],"easier":[8],"than":[9],"ever.":[10],"Several":[11],"programming":[12],"languages":[13],"can":[14],"be":[15],"used":[16],"to":[17,31,42,70,98,144,164,178],"write":[18,71],"software":[19],"using":[20],"the":[21,24,32,45,58,88,95,100,120,131,141,165,171,188,192],"Framework,":[23],"most":[25],"common":[26],"one":[27],"being":[28],"C#.":[29],"Due":[30],"abundance":[33],"of":[34,76,122,173,194,200],"modules":[35],"and":[36,52,85,157],"pre-built":[37],"functionalities":[38],"that":[39],"allow":[40],"programmers":[41],"easily":[43],"manipulate":[44],"operating":[47],"system":[48],"with":[49],"high":[50],"abstraction":[51],"no":[53],"need":[54],"for":[55,67,202],"low-level":[56],"coding,":[57],"framework":[60],"also":[62],"become":[63],"a":[64,151,198],"desirable":[65],"environment":[66],"malicious":[68,124,180],"actors":[69],"their":[72,109],"malware.":[73],"To":[74],"best":[75,189],"our":[77],"knowledge,":[78],"researchers":[79],"have":[80],"been":[81],"treating":[82],".NET":[83,181],"malware":[84,87,156],"other":[86],"same":[89],"way":[90],"by":[91,127],"utilizing":[92],"features":[93,129],"from":[94,130],"PE":[96,110],"header":[97],"classify":[99],"files.":[101,182],"This":[102],"is":[103],"not":[104],"possible":[105],"for.Net":[106],"files":[107,126],"because":[108],"headers":[111],"are":[112,140],"nearly":[113],"identical.":[114],"In":[115],"this":[116,146,203],"paper,":[117],"we":[118,137,139,149,161,169],"tackle":[119],"problem":[121],"detecting":[123],"extracting":[128],"CLR":[132],"header.":[133],"As":[134],"far":[135],"as":[136],"know,":[138],"first":[142],"ones":[143],"explore":[145],"approach.":[147],"Furthermore,":[148],"create":[150],"new":[152],"dataset":[153],"comprised":[154],"of.Net":[155],"benign":[158],"files,":[159],"which":[160],"freely":[162],"distribute":[163],"research":[166],"community.":[167],"Finally,":[168],"assess":[170],"performance":[172,199],"several":[174],"machine":[175],"learning":[176],"algorithms":[177,195],"detect":[179],"random":[184],"forest":[185],"model":[186],"was":[187],"solution":[190],"among":[191],"set":[193],"tested,":[196],"exhibiting":[197],"92%":[201],"predictive":[204],"task.":[205]},"counts_by_year":[{"year":2025,"cited_by_count":2}],"updated_date":"2026-04-16T08:26:57.006410","created_date":"2025-10-10T00:00:00"}