{"id":"https://openalex.org/W44891524","doi":"https://doi.org/10.3390/e22050575","title":"Detecting Malware with Information Complexity","display_name":"Detecting Malware with Information Complexity","publication_year":2020,"publication_date":"2020-05-20","ids":{"openalex":"https://openalex.org/W44891524","doi":"https://doi.org/10.3390/e22050575","mag":"44891524","pmid":"https://pubmed.ncbi.nlm.nih.gov/33286347"},"language":"en","primary_location":{"id":"doi:10.3390/e22050575","is_oa":true,"landing_page_url":"https://doi.org/10.3390/e22050575","pdf_url":"https://www.mdpi.com/1099-4300/22/5/575/pdf?version=1590659422","source":{"id":"https://openalex.org/S195231649","display_name":"Entropy","issn_l":"1099-4300","issn":["1099-4300"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Entropy","raw_type":"journal-article"},"type":"preprint","indexed_in":["arxiv","crossref","datacite","doaj","pubmed"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.mdpi.com/1099-4300/22/5/575/pdf?version=1590659422","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5105708113","display_name":"Nadia Alshahwan","orcid":null},"institutions":[{"id":"https://openalex.org/I45129253","display_name":"University College London","ror":"https://ror.org/02jx3x895","country_code":"GB","type":"education","lineage":["https://openalex.org/I124357947","https://openalex.org/I45129253"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Nadia Alshahwan","raw_affiliation_strings":["Computer Science Department, University College London, London WC1E 6BT, UK"],"affiliations":[{"raw_affiliation_string":"Computer Science Department, University College London, London WC1E 6BT, UK","institution_ids":["https://openalex.org/I45129253"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5076587279","display_name":"Earl T. Barr","orcid":"https://orcid.org/0000-0003-0771-7891"},"institutions":[{"id":"https://openalex.org/I45129253","display_name":"University College London","ror":"https://ror.org/02jx3x895","country_code":"GB","type":"education","lineage":["https://openalex.org/I124357947","https://openalex.org/I45129253"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Earl T. Barr","raw_affiliation_strings":["Computer Science Department, University College London, London WC1E 6BT, UK"],"affiliations":[{"raw_affiliation_string":"Computer Science Department, University College London, London WC1E 6BT, UK","institution_ids":["https://openalex.org/I45129253"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5013673413","display_name":"David Clark","orcid":"https://orcid.org/0000-0002-7004-934X"},"institutions":[{"id":"https://openalex.org/I45129253","display_name":"University College London","ror":"https://ror.org/02jx3x895","country_code":"GB","type":"education","lineage":["https://openalex.org/I124357947","https://openalex.org/I45129253"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"David Clark","raw_affiliation_strings":["Computer Science Department, University College London, London WC1E 6BT, UK"],"affiliations":[{"raw_affiliation_string":"Computer Science Department, University College London, London WC1E 6BT, UK","institution_ids":["https://openalex.org/I45129253"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5033480395","display_name":"George Danezis","orcid":null},"institutions":[{"id":"https://openalex.org/I45129253","display_name":"University College London","ror":"https://ror.org/02jx3x895","country_code":"GB","type":"education","lineage":["https://openalex.org/I124357947","https://openalex.org/I45129253"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"George Danezis","raw_affiliation_strings":["Computer Science Department, University College London, London WC1E 6BT, UK"],"affiliations":[{"raw_affiliation_string":"Computer Science Department, University College London, London WC1E 6BT, UK","institution_ids":["https://openalex.org/I45129253"]}]},{"author_position":"last","author":{"id":null,"display_name":"H\u00e9ctor D. Men\u00e9ndez","orcid":"https://orcid.org/0000-0002-6314-3725"},"institutions":[{"id":"https://openalex.org/I60488453","display_name":"Middlesex University","ror":"https://ror.org/01rv4p989","country_code":"GB","type":"education","lineage":["https://openalex.org/I60488453"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"H\u00e9ctor D. Men\u00e9ndez","raw_affiliation_strings":["Computer Science Department, Middlesex University London, London NW4 4BG, UK"],"affiliations":[{"raw_affiliation_string":"Computer Science Department, Middlesex University London, London NW4 4BG, UK","institution_ids":["https://openalex.org/I60488453"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5105708113"],"corresponding_institution_ids":["https://openalex.org/I45129253"],"apc_list":{"value":2000,"currency":"CHF","value_usd":2165},"apc_paid":{"value":2000,"currency":"CHF","value_usd":2165},"fwci":0.4564,"has_fulltext":false,"cited_by_count":9,"citation_normalized_percentile":{"value":0.58769872,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":"22","issue":"5","first_page":"575","last_page":"575"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9887999892234802,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9860000014305115,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8602055311203003},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7968063354492188},{"id":"https://openalex.org/keywords/cryptovirology","display_name":"Cryptovirology","score":0.5546704530715942},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.49757149815559387},{"id":"https://openalex.org/keywords/executable","display_name":"Executable","score":0.4743439257144928},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.46756061911582947},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.45032256841659546},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.44858667254447937},{"id":"https://openalex.org/keywords/word-error-rate","display_name":"Word error rate","score":0.43726375699043274},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.43251487612724304},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.41073596477508545},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2240343987941742},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.0839935839176178}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8602055311203003},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7968063354492188},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.5546704530715942},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.49757149815559387},{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.4743439257144928},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.46756061911582947},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.45032256841659546},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.44858667254447937},{"id":"https://openalex.org/C40969351","wikidata":"https://www.wikidata.org/wiki/Q3516228","display_name":"Word error rate","level":2,"score":0.43726375699043274},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.43251487612724304},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.41073596477508545},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2240343987941742},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0839935839176178}],"mesh":[],"locations_count":10,"locations":[{"id":"doi:10.3390/e22050575","is_oa":true,"landing_page_url":"https://doi.org/10.3390/e22050575","pdf_url":"https://www.mdpi.com/1099-4300/22/5/575/pdf?version=1590659422","source":{"id":"https://openalex.org/S195231649","display_name":"Entropy","issn_l":"1099-4300","issn":["1099-4300"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Entropy","raw_type":"journal-article"},{"id":"pmid:33286347","is_oa":false,"landing_page_url":"https://pubmed.ncbi.nlm.nih.gov/33286347","pdf_url":null,"source":{"id":"https://openalex.org/S4306525036","display_name":"PubMed","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1299303238","host_organization_name":"National Institutes of Health","host_organization_lineage":["https://openalex.org/I1299303238"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Entropy (Basel, Switzerland)","raw_type":null},{"id":"pmh:oai:eprints.mdx.ac.uk:30236","is_oa":false,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4306400025","display_name":"Middlesex University Research Repository (Middlesex University Of London)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I60488453","host_organization_name":"Middlesex University","host_organization_lineage":["https://openalex.org/I60488453"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":"","raw_type":"Article"},{"id":"pmh:oai:arXiv.org:1502.07661","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1502.07661","pdf_url":"https://arxiv.org/pdf/1502.07661","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},{"id":"mag:44891524","is_oa":true,"landing_page_url":"https://arxiv.org/pdf/1502.07661.pdf","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"arXiv (Cornell University)","raw_type":null},{"id":"pmh:oai:doaj.org/article:49730cf7f2b14287a946cea1a5c7310c","is_oa":true,"landing_page_url":"https://doaj.org/article/49730cf7f2b14287a946cea1a5c7310c","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Entropy, Vol 22, Iss 5, p 575 (2020)","raw_type":"article"},{"id":"pmh:oai:eprints.ucl.ac.uk.OAI2:1463997","is_oa":false,"landing_page_url":"https://discovery.ucl.ac.uk/id/eprint/1463997/","pdf_url":null,"source":{"id":"https://openalex.org/S4306400024","display_name":"UCL Discovery (University College London)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I45129253","host_organization_name":"University College London","host_organization_lineage":["https://openalex.org/I45129253"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"     (2015)     ","raw_type":"Working / discussion paper"},{"id":"pmh:oai:mdpi.com:/1099-4300/22/5/575/","is_oa":true,"landing_page_url":"http://dx.doi.org/10.3390/e22050575","pdf_url":null,"source":{"id":"https://openalex.org/S4306400947","display_name":"MDPI (MDPI AG)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210097602","host_organization_name":"Multidisciplinary Digital Publishing Institute (Switzerland)","host_organization_lineage":["https://openalex.org/I4210097602"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Entropy","raw_type":"Text"},{"id":"pmh:oai:pubmedcentral.nih.gov:7517096","is_oa":true,"landing_page_url":"https://www.ncbi.nlm.nih.gov/pmc/articles/7517096","pdf_url":null,"source":{"id":"https://openalex.org/S2764455111","display_name":"PubMed Central","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1299303238","host_organization_name":"National Institutes of Health","host_organization_lineage":["https://openalex.org/I1299303238"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Entropy (Basel)","raw_type":"Text"},{"id":"doi:10.48550/arxiv.1502.07661","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.1502.07661","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.3390/e22050575","is_oa":true,"landing_page_url":"https://doi.org/10.3390/e22050575","pdf_url":"https://www.mdpi.com/1099-4300/22/5/575/pdf?version=1590659422","source":{"id":"https://openalex.org/S195231649","display_name":"Entropy","issn_l":"1099-4300","issn":["1099-4300"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Entropy","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G5748971847","display_name":null,"funder_award_id":"EP/P005888/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"},{"id":"https://openalex.org/G6541759320","display_name":null,"funder_award_id":"EP/K032623/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"},{"id":"https://openalex.org/G7324084056","display_name":"SeMaMatch: Semantic Malware Matching","funder_award_id":"EP/K032623/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"}],"funders":[{"id":"https://openalex.org/F4320334627","display_name":"Engineering and Physical Sciences Research Council","ror":"https://ror.org/0439y7842"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W44891524.pdf","grobid_xml":"https://content.openalex.org/works/W44891524.grobid-xml"},"referenced_works_count":47,"referenced_works":["https://openalex.org/W385108639","https://openalex.org/W1487207002","https://openalex.org/W1502620665","https://openalex.org/W1586252162","https://openalex.org/W1638203394","https://openalex.org/W1982402725","https://openalex.org/W1983076913","https://openalex.org/W1996975221","https://openalex.org/W2021436318","https://openalex.org/W2028138594","https://openalex.org/W2058224795","https://openalex.org/W2070386561","https://openalex.org/W2082190528","https://openalex.org/W2083620785","https://openalex.org/W2103976304","https://openalex.org/W2108104525","https://openalex.org/W2112507308","https://openalex.org/W2115771393","https://openalex.org/W2116810533","https://openalex.org/W2128859735","https://openalex.org/W2132979129","https://openalex.org/W2138644293","https://openalex.org/W2144112223","https://openalex.org/W2144135171","https://openalex.org/W2144221002","https://openalex.org/W2144906988","https://openalex.org/W2150423842","https://openalex.org/W2155615465","https://openalex.org/W2166128942","https://openalex.org/W2168103835","https://openalex.org/W2170519370","https://openalex.org/W2203388234","https://openalex.org/W2247776437","https://openalex.org/W2401293755","https://openalex.org/W2491218167","https://openalex.org/W2582697902","https://openalex.org/W2588646573","https://openalex.org/W2772683029","https://openalex.org/W2894746673","https://openalex.org/W2911964244","https://openalex.org/W2945014264","https://openalex.org/W3008890513","https://openalex.org/W4293171766","https://openalex.org/W6606151733","https://openalex.org/W6660655542","https://openalex.org/W6678051712","https://openalex.org/W6678217462"],"related_works":["https://openalex.org/W3026987650","https://openalex.org/W2784727992","https://openalex.org/W2139688842","https://openalex.org/W3214492260","https://openalex.org/W2972428187","https://openalex.org/W2735195081","https://openalex.org/W2994256894","https://openalex.org/W2951298793","https://openalex.org/W3116039825","https://openalex.org/W2990506317","https://openalex.org/W3210309835","https://openalex.org/W2236938640","https://openalex.org/W1996975221","https://openalex.org/W2147112108","https://openalex.org/W2893466632","https://openalex.org/W2470806257","https://openalex.org/W2508644642","https://openalex.org/W2753303661","https://openalex.org/W3186080995","https://openalex.org/W2908727347"],"abstract_inverted_index":{"Malware":[0,20],"concealment":[1,29],"is":[2,55,69,176,216],"the":[3,28,39,75,89,95,148,157,191,208,238,242,248],"predominant":[4],"strategy":[5,30],"for":[6,102,159],"malware":[7,14,46,60,90,103,125,165,180],"propagation.":[8],"Black":[9],"hats":[10],"create":[11],"variants":[12],"of":[13,44,79,134,151,172,206,213,240,264,266],"based":[15],"on":[16,38,247],"polymorphism":[17],"and":[18,47,129,196,210,261],"metamorphism.":[19],"variants,":[21],"by":[22,144,229],"definition,":[23],"share":[24],"some":[25],"information.":[26],"Although":[27],"alters":[31],"this":[32],"information,":[33],"there":[34],"are":[35],"still":[36,189],"patterns":[37,109],"software.":[40],"Given":[41],"a":[42,52,70,85,130,168,173,197],"zoo":[43],"labelled":[45],"benign-ware,":[48],"we":[49],"ask":[50],"whether":[51],"suspect":[53],"program":[54],"more":[56,100,177],"similar":[57],"to":[58,62,98,116,203,231,237,251],"our":[59,63,187,214,235,252],"or":[61],"benign-ware.":[64],"Normalized":[65],"Compression":[66],"Distance":[67],"(NCD)":[68],"generic":[71],"metric":[72],"that":[73,138,164,186,220,263],"measures":[74],"shared":[76],"information":[77],"content":[78],"two":[80,183],"strings.":[81],"This":[82],"measure":[83],"opens":[84],"new":[86],"front":[87],"in":[88,118],"arms":[91],"race,":[92],"one":[93,258],"where":[94],"countermeasures":[96],"promise":[97],"be":[99,142],"costly":[101],"writers,":[104],"who":[105],"must":[106],"now":[107],"obfuscate":[108],"as":[110],"strings":[111],"qua":[112],"strings,":[113],"without":[114],"reference":[115],"execution,":[117],"their":[119],"variants.":[120],"Our":[121,254],"approach":[122,255],"classifies":[123,190],"disk-resident":[124],"with":[126,147,193],"97.4%":[127],"accuracy":[128,140,195],"false":[131,199],"positive":[132,200],"rate":[133],"3%.":[135],"We":[136,162,218,233],"demonstrate":[137,163],"its":[139,204,226],"can":[141,224],"improved":[143],"combining":[145],"NCD":[146],"compressibility":[149],"rates":[150],"executables":[152],"using":[153],"decision":[154],"forests,":[155],"paving":[156],"way":[158],"future":[160],"improvements.":[161],"reported":[166,181],"within":[167],"narrow":[169],"time":[170,209,228],"frame":[171],"few":[174],"days":[175],"homogeneous":[178],"than":[179],"over":[182],"years,":[184],"but":[185],"method":[188,215],"latter":[192],"95.2%":[194],"5%":[198],"rate.":[201],"Due":[202],"use":[205],"compression,":[207],"computation":[211],"cost":[212],"nontrivial.":[217],"show":[219],"simple":[221],"approximation":[222],"techniques":[223],"improve":[225],"running":[227],"up":[230],"63%.":[232],"compare":[234],"results":[236,239],"applying":[241],"59":[243],"anti-malware":[244],"programs":[245],"used":[246,259,268],"VirusTotal":[249],"website":[250],"malware.":[253],"outperforms":[256],"each":[257],"alone":[260],"matches":[262],"all":[265],"them":[267],"collectively.":[269]},"counts_by_year":[{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":1},{"year":2016,"cited_by_count":1},{"year":2015,"cited_by_count":1}],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-10-10T00:00:00"}