{"id":"https://openalex.org/W2782872864","doi":"https://doi.org/10.23919/ifipnetworking.2017.8264865","title":"A graph theoretic approach to fast and accurate malware detection","display_name":"A graph theoretic approach to fast and accurate malware detection","publication_year":2017,"publication_date":"2017-06-01","ids":{"openalex":"https://openalex.org/W2782872864","doi":"https://doi.org/10.23919/ifipnetworking.2017.8264865","mag":"2782872864"},"language":"en","primary_location":{"id":"doi:10.23919/ifipnetworking.2017.8264865","is_oa":false,"landing_page_url":"https://doi.org/10.23919/ifipnetworking.2017.8264865","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 IFIP Networking Conference (IFIP Networking) and Workshops","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5011499718","display_name":"Zubair Shafiq","orcid":"https://orcid.org/0000-0002-4500-9354"},"institutions":[{"id":"https://openalex.org/I126307644","display_name":"University of Iowa","ror":"https://ror.org/036jqmy94","country_code":"US","type":"education","lineage":["https://openalex.org/I126307644"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Zubair Shafiq","raw_affiliation_strings":["Department of Computer Science, The University of Iowa"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, The University of Iowa","institution_ids":["https://openalex.org/I126307644"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5008787905","display_name":"Alex X. Liu","orcid":"https://orcid.org/0000-0002-6916-1326"},"institutions":[{"id":"https://openalex.org/I87216513","display_name":"Michigan State University","ror":"https://ror.org/05hs6h993","country_code":"US","type":"education","lineage":["https://openalex.org/I87216513"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Alex Liu","raw_affiliation_strings":["Department of Computer Science and Engineering, Michigan State University"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Engineering, Michigan State University","institution_ids":["https://openalex.org/I87216513"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5011499718"],"corresponding_institution_ids":["https://openalex.org/I126307644"],"apc_list":null,"apc_paid":null,"fwci":0.3698,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.60463672,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"9"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9968000054359436,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.992900013923645,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.9344791173934937},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8236178755760193},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.7921260595321655},{"id":"https://openalex.org/keywords/unavailability","display_name":"Unavailability","score":0.7308109998703003},{"id":"https://openalex.org/keywords/signature","display_name":"Signature (topology)","score":0.6471751928329468},{"id":"https://openalex.org/keywords/complement","display_name":"Complement (music)","score":0.537416934967041},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.46016570925712585},{"id":"https://openalex.org/keywords/false-positive-rate","display_name":"False positive rate","score":0.45415133237838745},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.4331769645214081},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.42359215021133423},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3332647979259491},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.2827770709991455},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.26103681325912476},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.20985794067382812},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.13240915536880493},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.10172510147094727},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.0857933759689331}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.9344791173934937},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8236178755760193},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.7921260595321655},{"id":"https://openalex.org/C2780505938","wikidata":"https://www.wikidata.org/wiki/Q17093282","display_name":"Unavailability","level":2,"score":0.7308109998703003},{"id":"https://openalex.org/C2779696439","wikidata":"https://www.wikidata.org/wiki/Q7512811","display_name":"Signature (topology)","level":2,"score":0.6471751928329468},{"id":"https://openalex.org/C112313634","wikidata":"https://www.wikidata.org/wiki/Q7886648","display_name":"Complement (music)","level":5,"score":0.537416934967041},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.46016570925712585},{"id":"https://openalex.org/C95922358","wikidata":"https://www.wikidata.org/wiki/Q5432725","display_name":"False positive rate","level":2,"score":0.45415133237838745},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.4331769645214081},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.42359215021133423},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3332647979259491},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.2827770709991455},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.26103681325912476},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.20985794067382812},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.13240915536880493},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.10172510147094727},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0857933759689331},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C127716648","wikidata":"https://www.wikidata.org/wiki/Q104053","display_name":"Phenotype","level":3,"score":0.0},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C188082640","wikidata":"https://www.wikidata.org/wiki/Q1780899","display_name":"Complementation","level":4,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.23919/ifipnetworking.2017.8264865","is_oa":false,"landing_page_url":"https://doi.org/10.23919/ifipnetworking.2017.8264865","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 IFIP Networking Conference (IFIP Networking) and Workshops","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":26,"referenced_works":["https://openalex.org/W1503224444","https://openalex.org/W1505484906","https://openalex.org/W1544837488","https://openalex.org/W1570448133","https://openalex.org/W1956767865","https://openalex.org/W2003568760","https://openalex.org/W2036575863","https://openalex.org/W2051091809","https://openalex.org/W2051912542","https://openalex.org/W2099111195","https://openalex.org/W2124151159","https://openalex.org/W2131523719","https://openalex.org/W2150795982","https://openalex.org/W2151135920","https://openalex.org/W2163931946","https://openalex.org/W2164960226","https://openalex.org/W2166924764","https://openalex.org/W2168234580","https://openalex.org/W2168754135","https://openalex.org/W3141872514","https://openalex.org/W4237340146","https://openalex.org/W4246343605","https://openalex.org/W6629915129","https://openalex.org/W6632679741","https://openalex.org/W6640826072","https://openalex.org/W6663137286"],"related_works":["https://openalex.org/W2620652965","https://openalex.org/W2024170198","https://openalex.org/W4296272594","https://openalex.org/W2900526031","https://openalex.org/W2728713145","https://openalex.org/W2470502009","https://openalex.org/W2131332603","https://openalex.org/W2072617132","https://openalex.org/W4360993664","https://openalex.org/W2128507946"],"abstract_inverted_index":{"Due":[0,131],"to":[1,128,132],"the":[2],"unavailability":[3],"of":[4,39,73,87,109,118],"signatures":[5],"for":[6],"previously":[7],"unknown":[8],"malware,":[9],"non-signature":[10,23,58],"malware":[11,24,59,140],"detection":[12,25,43,60,78,102,141],"schemes":[13,26],"typically":[14],"rely":[15],"on":[16,83],"analyzing":[17],"program":[18,123],"behavior.":[19],"Prior":[20],"behavior":[21],"based":[22],"are":[27,34],"either":[28],"easily":[29],"evadable":[30],"by":[31],"obfuscation":[32,129],"or":[33],"very":[35],"inefficient":[36],"in":[37,71],"terms":[38,72],"storage":[40,75],"space":[41,76],"and":[42,56,77,91,104,124],"time.":[44,79],"In":[45],"this":[46],"paper,":[47],"we":[48],"propose":[49],"GZero,":[50],"a":[51,84,105],"graph":[52],"theoretic":[53],"approach":[54],"fast":[55],"accurate":[57],"at":[61,143],"end":[62,144],"hosts.":[63,145],"GZero":[64,97,136],"it":[65],"is":[66,125],"effective":[67],"while":[68],"being":[69],"efficient":[70],"both":[74,88],"We":[80],"conducted":[81],"experiments":[82],"large":[85],"set":[86],"benign":[89],"software":[90],"malware.":[92],"Our":[93],"results":[94],"show":[95],"that":[96],"achieves":[98],"more":[99],"than":[100,111,115],"99%":[101],"rate":[103,108],"false":[106],"positive":[107],"less":[110,114],"1%,":[112],"with":[113],"1":[116],"second":[117],"average":[119],"scan":[120],"time":[121],"per":[122],"relatively":[126],"robust":[127],"attacks.":[130],"its":[133],"low":[134],"overheads,":[135],"can":[137],"complement":[138],"existing":[139],"solutions":[142]},"counts_by_year":[{"year":2022,"cited_by_count":1},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}