{"id":"https://openalex.org/W4394994376","doi":"https://doi.org/10.26599/bdma.2023.9020025","title":"Interpretable Detection of Malicious Behavior in Windows Portable Executables Using Multi-Head 2D Transformers","display_name":"Interpretable Detection of Malicious Behavior in Windows Portable Executables Using Multi-Head 2D Transformers","publication_year":2024,"publication_date":"2024-04-22","ids":{"openalex":"https://openalex.org/W4394994376","doi":"https://doi.org/10.26599/bdma.2023.9020025"},"language":"en","primary_location":{"id":"doi:10.26599/bdma.2023.9020025","is_oa":true,"landing_page_url":"https://doi.org/10.26599/bdma.2023.9020025","pdf_url":"https://ieeexplore.ieee.org/ielx7/8254253/10506765/10506812.pdf","source":{"id":"https://openalex.org/S4210209060","display_name":"Big Data Mining and Analytics","issn_l":"2096-0654","issn":["2096-0654"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310311901","host_organization_name":"Tsinghua University Press","host_organization_lineage":["https://openalex.org/P4310311901"],"host_organization_lineage_names":["Tsinghua University Press"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Big Data Mining and Analytics","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://ieeexplore.ieee.org/ielx7/8254253/10506765/10506812.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5050157488","display_name":"Sohail Khan","orcid":"https://orcid.org/0000-0001-9286-5236"},"institutions":[{"id":"https://openalex.org/I125656591","display_name":"Effat University","ror":"https://ror.org/02cnwgt19","country_code":"SA","type":"education","lineage":["https://openalex.org/I125656591"]}],"countries":["SA"],"is_corresponding":true,"raw_author_name":"Sohail Khan","raw_affiliation_strings":["Effat College of Engineering, Effat University,Computer Science Department,Jeddah,Kingdom of Saudi Arabia,23341"],"affiliations":[{"raw_affiliation_string":"Effat College of Engineering, Effat University,Computer Science Department,Jeddah,Kingdom of Saudi Arabia,23341","institution_ids":["https://openalex.org/I125656591"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5053057903","display_name":"Mohammad Nauman","orcid":"https://orcid.org/0000-0003-0941-2549"},"institutions":[{"id":"https://openalex.org/I125656591","display_name":"Effat University","ror":"https://ror.org/02cnwgt19","country_code":"SA","type":"education","lineage":["https://openalex.org/I125656591"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Mohammad Nauman","raw_affiliation_strings":["Effat College of Engineering, Effat University,Computer Science Department,Jeddah,Kingdom of Saudi Arabia,23341"],"affiliations":[{"raw_affiliation_string":"Effat College of Engineering, Effat University,Computer Science Department,Jeddah,Kingdom of Saudi Arabia,23341","institution_ids":["https://openalex.org/I125656591"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5050157488"],"corresponding_institution_ids":["https://openalex.org/I125656591"],"apc_list":null,"apc_paid":null,"fwci":2.835,"has_fulltext":true,"cited_by_count":8,"citation_normalized_percentile":{"value":0.91256164,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":100},"biblio":{"volume":"7","issue":"2","first_page":"485","last_page":"499"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9944999814033508,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/executable","display_name":"Executable","score":0.6909106969833374},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5839505195617676},{"id":"https://openalex.org/keywords/transformer","display_name":"Transformer","score":0.5363404154777527},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.4783079922199249},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.39081159234046936},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.3524039387702942},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.2878473997116089},{"id":"https://openalex.org/keywords/electrical-engineering","display_name":"Electrical engineering","score":0.1280205249786377}],"concepts":[{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.6909106969833374},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5839505195617676},{"id":"https://openalex.org/C66322947","wikidata":"https://www.wikidata.org/wiki/Q11658","display_name":"Transformer","level":3,"score":0.5363404154777527},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.4783079922199249},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.39081159234046936},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.3524039387702942},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.2878473997116089},{"id":"https://openalex.org/C119599485","wikidata":"https://www.wikidata.org/wiki/Q43035","display_name":"Electrical engineering","level":1,"score":0.1280205249786377},{"id":"https://openalex.org/C165801399","wikidata":"https://www.wikidata.org/wiki/Q25428","display_name":"Voltage","level":2,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.26599/bdma.2023.9020025","is_oa":true,"landing_page_url":"https://doi.org/10.26599/bdma.2023.9020025","pdf_url":"https://ieeexplore.ieee.org/ielx7/8254253/10506765/10506812.pdf","source":{"id":"https://openalex.org/S4210209060","display_name":"Big Data Mining and Analytics","issn_l":"2096-0654","issn":["2096-0654"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310311901","host_organization_name":"Tsinghua University Press","host_organization_lineage":["https://openalex.org/P4310311901"],"host_organization_lineage_names":["Tsinghua University Press"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Big Data Mining and Analytics","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:73abe221c8bf4929a4e5b86cf8f4127c","is_oa":true,"landing_page_url":"https://doaj.org/article/73abe221c8bf4929a4e5b86cf8f4127c","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Big Data Mining and Analytics, Vol 7, Iss 2, Pp 485-499 (2024)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.26599/bdma.2023.9020025","is_oa":true,"landing_page_url":"https://doi.org/10.26599/bdma.2023.9020025","pdf_url":"https://ieeexplore.ieee.org/ielx7/8254253/10506765/10506812.pdf","source":{"id":"https://openalex.org/S4210209060","display_name":"Big Data Mining and Analytics","issn_l":"2096-0654","issn":["2096-0654"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310311901","host_organization_name":"Tsinghua University Press","host_organization_lineage":["https://openalex.org/P4310311901"],"host_organization_lineage_names":["Tsinghua University Press"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Big Data Mining and Analytics","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.5}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4394994376.pdf","grobid_xml":"https://content.openalex.org/works/W4394994376.grobid-xml"},"referenced_works_count":41,"referenced_works":["https://openalex.org/W2557513839","https://openalex.org/W2747715470","https://openalex.org/W2796394805","https://openalex.org/W2803920557","https://openalex.org/W2899663614","https://openalex.org/W2908623803","https://openalex.org/W2914373984","https://openalex.org/W2922243907","https://openalex.org/W3004577623","https://openalex.org/W3013211776","https://openalex.org/W3094316335","https://openalex.org/W3094502228","https://openalex.org/W3100645411","https://openalex.org/W3102135219","https://openalex.org/W3176196997","https://openalex.org/W3207293968","https://openalex.org/W3214926740","https://openalex.org/W4221112654","https://openalex.org/W4223953496","https://openalex.org/W4226427748","https://openalex.org/W4282929420","https://openalex.org/W4283325293","https://openalex.org/W4292381820","https://openalex.org/W4297477879","https://openalex.org/W4297819691","https://openalex.org/W4300687693","https://openalex.org/W4308867596","https://openalex.org/W4311493459","https://openalex.org/W4313216189","https://openalex.org/W4313315004","https://openalex.org/W4319442612","https://openalex.org/W4385245566","https://openalex.org/W6743446608","https://openalex.org/W6750318962","https://openalex.org/W6755207826","https://openalex.org/W6755977528","https://openalex.org/W6766978945","https://openalex.org/W6767278793","https://openalex.org/W6778883912","https://openalex.org/W6784333009","https://openalex.org/W6790978476"],"related_works":["https://openalex.org/W2350278424","https://openalex.org/W2071432835","https://openalex.org/W4239401009","https://openalex.org/W4234371507","https://openalex.org/W1628824497","https://openalex.org/W4299534542","https://openalex.org/W2053441600","https://openalex.org/W1990401748","https://openalex.org/W2047586841","https://openalex.org/W2141018266"],"abstract_inverted_index":{"Windows":[0,112],"malware":[1,12,37,59,95,115,159],"is":[2,20,33,147],"becoming":[3],"an":[4],"increasingly":[5],"pressing":[6],"problem":[7,32,201],"as":[8,80],"the":[9,26,34,53,72,75,81,102,131,140,143,172],"amount":[10],"of":[11,25,36,55,107,126],"continues":[13],"to":[14,52,70,100,149,155],"grow":[15],"and":[16,167,178,188],"more":[17,108],"sensitive":[18],"information":[19],"stored":[21],"on":[22],"systems.":[23],"One":[24],"major":[27],"challenges":[28],"in":[29,47,158,164,171],"tackling":[30],"this":[31,88,199],"complexity":[35],"analysis,":[38],"which":[39],"requires":[40],"expertise":[41],"from":[42,117],"human":[43,162],"analysts.":[44],"Recent":[45],"developments":[46],"machine":[48],"learning":[49,194],"have":[50],"led":[51],"creation":[54],"deep":[56,193],"models":[57,63],"for":[58,94,202],"detection.":[60],"However,":[61],"these":[62,86],"often":[64],"lack":[65],"transparency,":[66],"making":[67],"it":[68],"difficult":[69],"understand":[71],"reasoning":[73,141],"behind":[74,142],"model's":[76],"decisions,":[77],"otherwise":[78],"known":[79],"black-box":[82,200],"problem.":[83],"To":[84],"address":[85],"limitations,":[87],"paper":[89],"presents":[90],"a":[91,123,192],"novel":[92],"model":[93,121,146],"detection,":[96],"utilizing":[97],"vision":[98],"transformers":[99],"analyze":[101],"Operation":[103],"Code":[104],"(OpCode)":[105],"sequences":[106],"than":[109],"350":[110],"000":[111],"portable":[113],"executable":[114],"samples":[116],"real-world":[118],"datasets.":[119],"The":[120],"achieves":[122],"high":[124],"accuracy":[125],"0.9864,":[127],"not":[128],"only":[129],"surpassing":[130],"previous":[132],"results":[133],"but":[134],"also":[135],"providing":[136],"valuable":[137],"insights":[138],"into":[139],"classification.":[144],"Our":[145],"able":[148],"pinpoint":[150],"specific":[151],"instructions":[152],"that":[153],"lead":[154],"malicious":[156,186],"behavior":[157],"samples,":[160],"aiding":[161],"experts":[163],"their":[165],"analysis":[166],"driving":[168],"further":[169],"advancements":[170],"field.":[173],"We":[174],"report":[175],"our":[176],"findings":[177],"show":[179],"how":[180],"causality":[181],"can":[182],"be":[183],"established":[184],"between":[185],"code":[187],"actual":[189],"classification":[190],"by":[191],"model,":[195],"thus":[196],"opening":[197],"up":[198],"deeper":[203],"analysis.":[204]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":5}],"updated_date":"2026-03-25T14:56:36.534964","created_date":"2025-10-10T00:00:00"}