{"id":"https://openalex.org/W2973818840","doi":"https://doi.org/10.32657/10356/93574","title":"Frequency analysis and online learning in malware detection","display_name":"Frequency analysis and online learning in malware detection","publication_year":2019,"publication_date":"2019-01-01","ids":{"openalex":"https://openalex.org/W2973818840","doi":"https://doi.org/10.32657/10356/93574","mag":"2973818840"},"language":"en","primary_location":{"id":"doi:10.32657/10356/93574","is_oa":true,"landing_page_url":"https://doi.org/10.32657/10356/93574","pdf_url":"https://dr.ntu.edu.sg/bitstream/10356/93574/3/REVISED%20Thesis_HNA_Name.pdf","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Nanyang Technological University","raw_type":"dissertation"},"type":"dissertation","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dr.ntu.edu.sg/bitstream/10356/93574/3/REVISED%20Thesis_HNA_Name.pdf","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5035291633","display_name":"Ngoc Anh Huynh","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Huynh, Ngoc Anh","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5035291633"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":true,"cited_by_count":2,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.996399998664856,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12761","display_name":"Data Stream Mining Techniques","score":0.9958999752998352,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.810157299041748},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.549102783203125},{"id":"https://openalex.org/keywords/online-learning","display_name":"Online learning","score":0.4165854752063751},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.41144153475761414},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.36617839336395264},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2360369861125946},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.23180165886878967}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.810157299041748},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.549102783203125},{"id":"https://openalex.org/C2986087404","wikidata":"https://www.wikidata.org/wiki/Q15946010","display_name":"Online learning","level":2,"score":0.4165854752063751},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.41144153475761414},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.36617839336395264},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2360369861125946},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.23180165886878967}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.32657/10356/93574","is_oa":true,"landing_page_url":"https://doi.org/10.32657/10356/93574","pdf_url":"https://dr.ntu.edu.sg/bitstream/10356/93574/3/REVISED%20Thesis_HNA_Name.pdf","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Nanyang Technological University","raw_type":"dissertation"},{"id":"pmh:oai:dr.ntu.edu.sg:10356/93574","is_oa":false,"landing_page_url":"https://hdl.handle.net/10356/93574","pdf_url":null,"source":{"id":"https://openalex.org/S4306402609","display_name":"DR-NTU (Nanyang Technological University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I172675005","host_organization_name":"Nanyang Technological University","host_organization_lineage":["https://openalex.org/I172675005"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Thesis"},{"id":"pmh:oai:publica.fraunhofer.de:publica/282840","is_oa":false,"landing_page_url":"https://publica.fraunhofer.de/handle/publica/282840","pdf_url":null,"source":{"id":"https://openalex.org/S4306400318","display_name":"Fraunhofer-Publica (Fraunhofer-Gesellschaft)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4923324","host_organization_name":"Fraunhofer-Gesellschaft","host_organization_lineage":["https://openalex.org/I4923324"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"doctoral thesis"}],"best_oa_location":{"id":"doi:10.32657/10356/93574","is_oa":true,"landing_page_url":"https://doi.org/10.32657/10356/93574","pdf_url":"https://dr.ntu.edu.sg/bitstream/10356/93574/3/REVISED%20Thesis_HNA_Name.pdf","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Nanyang Technological University","raw_type":"dissertation"},"sustainable_development_goals":[{"display_name":"Decent work and economic growth","score":0.4000000059604645,"id":"https://metadata.un.org/sdg/8"}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2973818840.pdf","grobid_xml":"https://content.openalex.org/works/W2973818840.grobid-xml"},"referenced_works_count":109,"referenced_works":["https://openalex.org/W27170557","https://openalex.org/W36091977","https://openalex.org/W59296718","https://openalex.org/W59369888","https://openalex.org/W96119912","https://openalex.org/W131378802","https://openalex.org/W250393214","https://openalex.org/W250426404","https://openalex.org/W258019806","https://openalex.org/W316323414","https://openalex.org/W607505555","https://openalex.org/W1497927080","https://openalex.org/W1504269120","https://openalex.org/W1572771420","https://openalex.org/W1585854823","https://openalex.org/W1673310716","https://openalex.org/W1674877186","https://openalex.org/W1762008180","https://openalex.org/W1834737771","https://openalex.org/W1869391892","https://openalex.org/W1893133781","https://openalex.org/W1904826605","https://openalex.org/W1946632051","https://openalex.org/W1952056635","https://openalex.org/W1968980002","https://openalex.org/W1981229864","https://openalex.org/W1981261802","https://openalex.org/W1981678312","https://openalex.org/W1985746537","https://openalex.org/W1985987493","https://openalex.org/W1990079212","https://openalex.org/W1991076541","https://openalex.org/W1996842697","https://openalex.org/W1999427165","https://openalex.org/W2005662348","https://openalex.org/W2005813008","https://openalex.org/W2010657328","https://openalex.org/W2013668940","https://openalex.org/W2024170198","https://openalex.org/W2026272479","https://openalex.org/W2031998113","https://openalex.org/W2034139177","https://openalex.org/W2039389092","https://openalex.org/W2039427951","https://openalex.org/W2051627298","https://openalex.org/W2052283750","https://openalex.org/W2055234825","https://openalex.org/W2068714596","https://openalex.org/W2073256825","https://openalex.org/W2088220893","https://openalex.org/W2093331366","https://openalex.org/W2097236039","https://openalex.org/W2099419573","https://openalex.org/W2100308537","https://openalex.org/W2104593144","https://openalex.org/W2108333114","https://openalex.org/W2112676296","https://openalex.org/W2114065168","https://openalex.org/W2114092087","https://openalex.org/W2120256168","https://openalex.org/W2121096237","https://openalex.org/W2122537498","https://openalex.org/W2126345423","https://openalex.org/W2129277385","https://openalex.org/W2130416896","https://openalex.org/W2130546503","https://openalex.org/W2131140847","https://openalex.org/W2136495567","https://openalex.org/W2150973794","https://openalex.org/W2155714768","https://openalex.org/W2156938859","https://openalex.org/W2157103390","https://openalex.org/W2160218441","https://openalex.org/W2163487757","https://openalex.org/W2171809276","https://openalex.org/W2182464523","https://openalex.org/W2188432926","https://openalex.org/W2191468669","https://openalex.org/W2271840356","https://openalex.org/W2276979642","https://openalex.org/W2292109572","https://openalex.org/W2320700546","https://openalex.org/W2325996806","https://openalex.org/W2333984965","https://openalex.org/W2397052757","https://openalex.org/W2425931228","https://openalex.org/W2462192250","https://openalex.org/W2470806257","https://openalex.org/W2474828096","https://openalex.org/W2479781685","https://openalex.org/W2518632831","https://openalex.org/W2555608580","https://openalex.org/W2603136197","https://openalex.org/W2606400595","https://openalex.org/W2756212932","https://openalex.org/W2762258958","https://openalex.org/W2770281867","https://openalex.org/W2963208797","https://openalex.org/W2963463723","https://openalex.org/W2964323557","https://openalex.org/W3003253354","https://openalex.org/W3009009611","https://openalex.org/W3017285694","https://openalex.org/W4238299102","https://openalex.org/W4249116379","https://openalex.org/W4292022450","https://openalex.org/W4386549231","https://openalex.org/W6652010967","https://openalex.org/W6684191731"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2097492617","https://openalex.org/W2753240997","https://openalex.org/W1764168690","https://openalex.org/W2537959205","https://openalex.org/W2740895074","https://openalex.org/W2772446090","https://openalex.org/W4284893819","https://openalex.org/W2249809453"],"abstract_inverted_index":{"Traditional":[0],"antivirus":[1],"products":[2],"are":[3,141],"signature-based":[4],"solutions,":[5],"which":[6,41,216],"rely":[7],"on":[8,47,61,327],"a":[9,258,296,400],"static":[10],"database":[11],"to":[12,31,43,79,105,118,125,132,158,183,198,219,239,263,311,316,354,358,370,405,423],"perform":[13,360],"detection.":[14,205,414],"The":[15,35,57,75,206,366],"weakness":[16],"of":[17,65,84,122,135,147,175,188,267,283,334,349,375,385,392,409],"this":[18,211,273,292,344,396],"design":[19],"is":[20,38,99,213,217,229,236,275,346],"that":[21,234],"the":[22,29,82,120,133,159,176,184,193,200,232,244,249,265,306,328,336,347,373,376,379,383,390,393,407],"signatures":[23],"may":[24],"become":[25],"outdated,":[26],"resulting":[27],"in":[28,54,144,186,210,243,248,272,343,361,378,395,412],"failure":[30],"detect":[32],"new":[33,297,401],"samples.":[34],"other":[36,277,424],"method":[37],"behavior-based":[39,148],"detection,":[40],"aims":[42,78],"identify":[44],"malware":[45,66,85,137,189,204,318,413],"based":[46],"their":[48,116],"dynamic":[49],"behavior.":[50],"Behavior-based":[51,97],"detection":[52,98,138],"comes":[53],"two":[55,145],"approaches.":[56],"first":[58,194],"approach":[59,77],"leverages":[60],"common":[62],"known":[63],"behaviors":[64],"such":[67,90,165],"as":[68,91,166],"random":[69],"domain":[70,134,225,246],"name":[71],"generation":[72],"and":[73,94,109,139,152],"periodicity.":[74],"second":[76,307],"directly":[80],"learn":[81],"behavior":[83,151,153,156,187,202,321],"from":[86],"data":[87],"using":[88],"tools":[89],"graph":[92],"analytics":[93,299],"machine":[95,331],"learning.":[96],"di":[100],"cult":[101],"because":[102],"we":[103,140,196,256,294,309],"have":[104],"deal":[106],"with":[107,363],"intelligent":[108],"highly":[110],"motivated":[111,230],"attackers,":[112],"who":[113],"can":[114],"change":[115,185],"strategy":[117],"maximize":[119],"chance":[121],"getting":[123],"access":[124],"computer":[126],"networks.":[127],"We":[128,325,388],"narrow":[129],"our":[130],"research":[131],"Windows":[136],"particularly":[142],"interested":[143],"approaches":[146],"detection:":[149],"periodic":[150,167,173,201,241,288],"evolution.":[154],"Periodic":[155],"refers":[157,182],"regular":[160],"activities":[161],"programmed":[162],"by":[163,231,398],"attackers":[164],"polling":[168],"for":[169,203,301],"server":[170],"connection":[171],"or":[172],"update":[174],"victim":[177],"machine's":[178],"status.":[179],"Behavior":[180],"evolution":[181],"over":[190,323],"time.":[191,324],"In":[192,305],"approach,":[195,308],"aim":[197,310],"exploit":[199],"main":[207,341],"analysis":[208],"tool":[209],"direction":[212,274,345,397],"Fourier":[214,254],"transform,":[215,255],"used":[218],"convert":[220],"time-domain":[221],"signals":[222,242],"into":[223],"frequency":[224,245],"signals.":[226,289],"This":[227],"idea":[228],"fact":[233],"it":[235],"often":[237],"easier":[238],"analyze":[240],"than":[247,278],"original":[250],"time":[251],"domain.":[252],"Using":[253],"propose":[257,295],"novel":[259],"frequency-based":[260],"periodicity":[261],"measure":[262],"evaluate":[264],"regularity":[266],"network":[268],"traffic.":[269],"Another":[270],"challenge":[271],"that,":[276],"malware,":[279],"most":[280],"automatic":[281],"services":[282],"operating":[284],"systems":[285],"also":[286,419],"generate":[287],"To":[290],"address":[291],"challenge,":[293],"visual":[298],"solution":[300],"effective":[302],"alert":[303],"verification.":[304],"develop":[312],"adaptive":[313,351,402],"learning":[314,332],"algorithms":[315,357],"capture":[317],"samples,":[319],"whose":[320],"changes":[322],"capitalize":[326],"well-known":[329],"online":[330,403],"framework":[333],"Follow":[335],"Regularized":[337],"Leader":[338],"(FTRL).":[339],"Our":[340,415],"contribution":[342,374],"usage":[348],"an":[350],"decaying":[352,367],"factor":[353,368],"allow":[355],"FTRL":[356],"better":[359],"environments":[362],"concept":[364,386,410],"drifts.":[365,387],"helps":[369],"increasingly":[371],"discount":[372],"examples":[377],"past,":[380],"thereby":[381],"alleviating":[382],"problem":[384,408],"advance":[389],"state":[391],"art":[394],"proposing":[399],"algorithm":[404,417],"handle":[406],"drift":[411],"improved":[416],"has":[418],"been":[420],"successfully":[421],"applied":[422],"non-security":[425],"domains.":[426]},"counts_by_year":[{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":1}],"updated_date":"2026-04-12T07:58:50.170612","created_date":"2019-09-26T00:00:00"}