{"id":"https://openalex.org/W2800331776","doi":"https://doi.org/10.23919/icitst.2017.8356357","title":"A comparison between API call sequences and opcode sequences as reflectors of malware behavior","display_name":"A comparison between API call sequences and opcode sequences as reflectors of malware behavior","publication_year":2017,"publication_date":"2017-12-01","ids":{"openalex":"https://openalex.org/W2800331776","doi":"https://doi.org/10.23919/icitst.2017.8356357","mag":"2800331776"},"language":"en","primary_location":{"id":"doi:10.23919/icitst.2017.8356357","is_oa":false,"landing_page_url":"https://doi.org/10.23919/icitst.2017.8356357","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 12th International Conference for Internet Technology and Secured Transactions (ICITST)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5069075627","display_name":"Saja Alqurashi","orcid":"https://orcid.org/0009-0009-9118-5533"},"institutions":[{"id":"https://openalex.org/I185163786","display_name":"King Abdulaziz University","ror":"https://ror.org/02ma4wv74","country_code":"SA","type":"education","lineage":["https://openalex.org/I185163786"]}],"countries":["SA"],"is_corresponding":true,"raw_author_name":"Saja Alqurashi","raw_affiliation_strings":["King Abdulaziz University, Jeddah, Saudi Arabia"],"affiliations":[{"raw_affiliation_string":"King Abdulaziz University, Jeddah, Saudi Arabia","institution_ids":["https://openalex.org/I185163786"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5013239282","display_name":"Omar Batarfi","orcid":"https://orcid.org/0000-0003-2926-1792"},"institutions":[{"id":"https://openalex.org/I185163786","display_name":"King Abdulaziz University","ror":"https://ror.org/02ma4wv74","country_code":"SA","type":"education","lineage":["https://openalex.org/I185163786"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Omar Batarfi","raw_affiliation_strings":["King Abdulaziz University, Jeddah, Saudi Arabia"],"affiliations":[{"raw_affiliation_string":"King Abdulaziz University, Jeddah, Saudi Arabia","institution_ids":["https://openalex.org/I185163786"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5069075627"],"corresponding_institution_ids":["https://openalex.org/I185163786"],"apc_list":null,"apc_paid":null,"fwci":0.5548,"has_fulltext":false,"cited_by_count":9,"citation_normalized_percentile":{"value":0.68377838,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"105","last_page":"110"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9918000102043152,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/opcode","display_name":"Opcode","score":0.992067813873291},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.9500062465667725},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7855758666992188},{"id":"https://openalex.org/keywords/hidden-markov-model","display_name":"Hidden Markov model","score":0.7083678245544434},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.675381064414978},{"id":"https://openalex.org/keywords/subroutine","display_name":"Subroutine","score":0.6366757154464722},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4620913863182068},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.46153008937835693},{"id":"https://openalex.org/keywords/application-programming-interface","display_name":"Application programming interface","score":0.43453067541122437},{"id":"https://openalex.org/keywords/cryptovirology","display_name":"Cryptovirology","score":0.42447909712791443},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.36990416049957275},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.26338377594947815},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.24226096272468567}],"concepts":[{"id":"https://openalex.org/C52173422","wikidata":"https://www.wikidata.org/wiki/Q766483","display_name":"Opcode","level":2,"score":0.992067813873291},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.9500062465667725},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7855758666992188},{"id":"https://openalex.org/C23224414","wikidata":"https://www.wikidata.org/wiki/Q176769","display_name":"Hidden Markov model","level":2,"score":0.7083678245544434},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.675381064414978},{"id":"https://openalex.org/C96147967","wikidata":"https://www.wikidata.org/wiki/Q190686","display_name":"Subroutine","level":2,"score":0.6366757154464722},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4620913863182068},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.46153008937835693},{"id":"https://openalex.org/C99613125","wikidata":"https://www.wikidata.org/wiki/Q165194","display_name":"Application programming interface","level":2,"score":0.43453067541122437},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.42447909712791443},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.36990416049957275},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.26338377594947815},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.24226096272468567},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.23919/icitst.2017.8356357","is_oa":false,"landing_page_url":"https://doi.org/10.23919/icitst.2017.8356357","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 12th International Conference for Internet Technology and Secured Transactions (ICITST)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":20,"referenced_works":["https://openalex.org/W36091977","https://openalex.org/W959081337","https://openalex.org/W1482612322","https://openalex.org/W1573526548","https://openalex.org/W1616768385","https://openalex.org/W1964406293","https://openalex.org/W1968163059","https://openalex.org/W1968519345","https://openalex.org/W1973403081","https://openalex.org/W2031166731","https://openalex.org/W2055716572","https://openalex.org/W2065311994","https://openalex.org/W2136255210","https://openalex.org/W2150795982","https://openalex.org/W2903953076","https://openalex.org/W3123969097","https://openalex.org/W4249258996","https://openalex.org/W6636678818","https://openalex.org/W6643338273","https://openalex.org/W6666934730"],"related_works":["https://openalex.org/W4382794599","https://openalex.org/W2149659470","https://openalex.org/W2079215333","https://openalex.org/W2087539092","https://openalex.org/W2888879623","https://openalex.org/W36091977","https://openalex.org/W2903602818","https://openalex.org/W4388157251","https://openalex.org/W2111741004","https://openalex.org/W2756723748"],"abstract_inverted_index":{"The":[0,98],"volume":[1],"of":[2,65,112],"malware":[3,10,40,47,79,125],"detected":[4],"annually":[5],"is":[6,43,73,107],"increasing":[7],"exponentially,":[8],"and":[9,31,49,56,90],"programs":[11],"are":[12,26,121],"written":[13],"in":[14,103],"such":[15],"a":[16,68,74],"way":[17],"that":[18,101,111,117],"they":[19],"can":[20,27],"often":[21],"escape":[22],"detection":[23],"tools.":[24],"Some":[25],"even":[28],"modify":[29],"themselves":[30],"alter":[32],"their":[33],"appearance":[34],"for":[35,39,78,124],"each":[36],"infection.":[37],"Thus,":[38],"detection,":[41],"it":[42],"important":[44],"to":[45],"analyze":[46],"behavior,":[48],"application":[50],"programming":[51],"interface":[52],"(API)":[53],"call":[54,88,105,119],"sequences":[55,60,89,92,106,120],"operational":[57],"code":[58],"(opcode)":[59],"usefully":[61],"reflect":[62],"the":[63,94],"behavior":[64],"malware.":[66],"Moreover,":[67],"hidden":[69],"Markov":[70],"model":[71,77],"(HMM)":[72],"robust":[75],"learning":[76,96,102],"detection.":[80,126],"In":[81],"this":[82],"work,":[83],"we":[84],"therefore":[85,122],"compared":[86],"API":[87,104,118],"opcode":[91,113],"using":[93],"HMM":[95],"model.":[97],"results":[99],"showed":[100],"more":[108],"accurate":[109],"than":[110],"sequences.":[114],"We":[115],"conclude":[116],"better":[123]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":2},{"year":2019,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}