{"id":"https://openalex.org/W2148727298","doi":"https://doi.org/10.4304/jnw.6.4.638-645","title":"Detecting Malware Variants by Byte Frequency","display_name":"Detecting Malware Variants by Byte Frequency","publication_year":2011,"publication_date":"2011-04-01","ids":{"openalex":"https://openalex.org/W2148727298","doi":"https://doi.org/10.4304/jnw.6.4.638-645","mag":"2148727298"},"language":"en","primary_location":{"id":"doi:10.4304/jnw.6.4.638-645","is_oa":false,"landing_page_url":"https://doi.org/10.4304/jnw.6.4.638-645","pdf_url":null,"source":{"id":"https://openalex.org/S189188848","display_name":"Journal of Networks","issn_l":"1796-2056","issn":["1796-2056"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318660","host_organization_name":"Academy Publisher","host_organization_lineage":["https://openalex.org/P4310318660"],"host_organization_lineage_names":["Academy Publisher"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Networks","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101706948","display_name":"Yu Sheng","orcid":"https://orcid.org/0000-0002-6347-0769"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Sheng Yu","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5012385922","display_name":"Shijie Zhou","orcid":"https://orcid.org/0000-0001-8314-754X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Shijie Zhou","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103233126","display_name":"Leyuan Liu","orcid":"https://orcid.org/0000-0002-8050-8677"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Leyuan Liu","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100614865","display_name":"Rui Yang","orcid":"https://orcid.org/0000-0002-9679-7338"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Rui Yang","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5102196579","display_name":"Jiaqing Luo","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jiaqing Luo","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5101706948"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":1.2249,"has_fulltext":false,"cited_by_count":15,"citation_normalized_percentile":{"value":0.80511012,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":"6","issue":"4","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9969000220298767,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9635999798774719,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.9213298559188843},{"id":"https://openalex.org/keywords/byte","display_name":"Byte","score":0.7400582432746887},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.6531301736831665},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.34192296862602234},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.266604483127594}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.9213298559188843},{"id":"https://openalex.org/C43364308","wikidata":"https://www.wikidata.org/wiki/Q8799","display_name":"Byte","level":2,"score":0.7400582432746887},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.6531301736831665},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.34192296862602234},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.266604483127594}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.4304/jnw.6.4.638-645","is_oa":false,"landing_page_url":"https://doi.org/10.4304/jnw.6.4.638-645","pdf_url":null,"source":{"id":"https://openalex.org/S189188848","display_name":"Journal of Networks","issn_l":"1796-2056","issn":["1796-2056"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318660","host_organization_name":"Academy Publisher","host_organization_lineage":["https://openalex.org/P4310318660"],"host_organization_lineage_names":["Academy Publisher"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Networks","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":7,"referenced_works":["https://openalex.org/W1544837488","https://openalex.org/W1552906779","https://openalex.org/W1595564425","https://openalex.org/W2131523719","https://openalex.org/W2143807210","https://openalex.org/W2150423842","https://openalex.org/W4285719527"],"related_works":["https://openalex.org/W2748952813","https://openalex.org/W2097492617","https://openalex.org/W2753240997","https://openalex.org/W1764168690","https://openalex.org/W2537959205","https://openalex.org/W2740895074","https://openalex.org/W3152891574","https://openalex.org/W2249809453","https://openalex.org/W2562617734","https://openalex.org/W4366249425"],"abstract_inverted_index":{"In":[0,75,115],"order":[1,116],"to":[2,23,32,49,88,102,117,142],"make":[3],"lots":[4],"of":[5,55,70,99,105,166,189],"new":[6,25,35,62],"malwares":[7,17,36,51],"fast":[8],"and":[9,67,124,131,139,155,184],"cheaply,":[10],"attacker":[11],"can":[12,52,65],"simply":[13],"modify":[14],"the":[15,34,56,61,91,103,106,111,122,125,128,143,151,156,160,167,187,194],"existing":[16,43],"based":[18,84],"on":[19],"their":[20],"binary":[21,113],"files":[22],"produce":[24,50],"ones,":[26],"malware":[27,58,63,92,169,190],"variants.":[28],"Malware":[29],"variants":[30,64,93],"refer":[31],"all":[33],"manually":[37],"or":[38],"automatically":[39],"produced":[40],"from":[41],"any":[42],"malware.":[44],"However,":[45],"such":[46],"simple":[47],"approach":[48],"change":[53],"signatures":[54],"original":[57],"so":[59],"that":[60,149,179],"confuse":[66],"bypass":[68],"most":[69],"popular":[71],"signature-based":[72],"anti-malware":[73],"tools.":[74],"this":[76],"paper":[77],"we":[78,146],"propose":[79],"a":[80,134,164],"novel":[81],"byte":[82,97],"frequency":[83,98,104],"detecting":[85],"model":[86,181],"(BFBDM)":[87],"deal":[89],"with":[90,170],"identification":[94,188],"issue.":[95],"The":[96,174],"software":[100,130,162],"refers":[101],"different":[107],"unsigned":[108],"bytes":[109],"in":[110],"corresponding":[112],"file.":[114],"implement":[118],"BFBDM,":[119],"two":[120],"metrics,":[121],"distance":[123,152],"similarity":[126,157],"between":[127],"suspicious":[129,161],"base":[132],"sample,":[133],"known":[135],"malware,":[136],"are":[137],"defined":[138],"calculated.":[140],"According":[141],"experimental":[144,176],"results,":[145],"found":[147],"out":[148],"if":[150],"is":[153,158,163,182],"low":[154],"high,":[159],"variant":[165],"selected":[168],"very":[171],"high":[172],"probability.":[173],"primary":[175],"results":[177],"show":[178],"our":[180],"efficient":[183],"effective":[185],"for":[186,193],"variants,":[191],"especially":[192],"manual":[195],"variant.":[196]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":2},{"year":2016,"cited_by_count":2},{"year":2015,"cited_by_count":2},{"year":2014,"cited_by_count":1},{"year":2013,"cited_by_count":2},{"year":2012,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}