{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T14:47:28Z","timestamp":1742914048321,"version":"3.40.3"},"publisher-location":"Cham","reference-count":25,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030120849"},{"type":"electronic","value":"9783030120856"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-12085-6_10","type":"book-chapter","created":{"date-parts":[[2019,1,29]],"date-time":"2019-01-29T17:17:55Z","timestamp":1548782275000},"page":"110-121","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Malware Clustering Based on Called API During Runtime"],"prefix":"10.1007","author":[{"given":"Gerg\u0151 J\u00e1nos","family":"Sz\u00e9les","sequence":"first","affiliation":[]},{"given":"Adrian","family":"Cole\u015fa","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,1,30]]},"reference":[{"key":"10_CR1","unstructured":"Arthur, D., Vassilvitskii, S.: k-means++: the advantages of careful seeding. In: Proceedings of the Eighteenth Annual ACM-SIAM Symposium on Discrete Algorithms, pp. 1027\u20131035. Society for Industrial and Applied Mathematics (2007)"},{"key":"10_CR2","unstructured":"AV-TEST: Number of malware throughout 2009\u20132018. https:\/\/www.av-test.org\/en\/statistics\/malware\/"},{"key":"10_CR3","unstructured":"Bayer, U., Comparetti, P.M., Hlauschek, C., Kruegel, C., Kirda, E.: Scalable, behavior-based malware clustering. In: NDSS, vol. 9, pp. 8\u201311. Citeseer (2009)"},{"issue":"184\u2013189","key":"10_CR4","first-page":"79","volume":"2001","author":"J Bergeron","year":"2001","unstructured":"Bergeron, J., Debbabi, M., Desharnais, J., Erhioui, M.M., Lavoie, Y., Tawbi, N., et al.: Static detection of malicious code in executable programs. Int. J. Req. Eng. 2001(184\u2013189), 79 (2001)","journal-title":"Int. J. Req. Eng."},{"issue":"10","key":"10_CR5","first-page":"1","volume":"50","author":"C Buchta","year":"2012","unstructured":"Buchta, C., Kober, M., Feinerer, I., Hornik, K.: Spherical k-means clustering. J. Stat. Softw. 50(10), 1\u201322 (2012)","journal-title":"J. Stat. Softw."},{"issue":"1","key":"10_CR6","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1080\/03610927408827101","volume":"3","author":"T Cali\u0144ski","year":"1974","unstructured":"Cali\u0144ski, T., Harabasz, J.: A dendrite method for cluster analysis. Commun. Stat.-Theory Methods 3(1), 1\u201327 (1974)","journal-title":"Commun. Stat.-Theory Methods"},{"issue":"2","key":"10_CR7","first-page":"161","volume":"48113","author":"WB Cavnar","year":"1994","unstructured":"Cavnar, W.B., Trenkle, J.M., et al.: N-gram-based text categorization. Ann arbor mi 48113(2), 161\u2013175 (1994)","journal-title":"Ann arbor mi"},{"key":"10_CR8","doi-asserted-by":"publisher","first-page":"224","DOI":"10.1109\/TPAMI.1979.4766909","volume":"2","author":"DL Davies","year":"1979","unstructured":"Davies, D.L., Bouldin, D.W.: A cluster separation measure. IEEE Trans. Pattern Anal. Mach. Intell. 2, 224\u2013227 (1979)","journal-title":"IEEE Trans. Pattern Anal. Mach. Intell."},{"key":"10_CR9","unstructured":"Galkovsky, M.: Dlls the dynamic way. MSDN Library Website (1999)"},{"issue":"3","key":"10_CR10","doi-asserted-by":"publisher","first-page":"171","DOI":"10.1007\/s40595-016-0086-9","volume":"4","author":"M Hassani","year":"2017","unstructured":"Hassani, M., Seidl, T.: Using internal evaluation measures to validate the quality of diverse stream clustering algorithms. Vietnam J. Comput. Sci. 4(3), 171\u2013183 (2017)","journal-title":"Vietnam J. Comput. Sci."},{"key":"10_CR11","doi-asserted-by":"crossref","unstructured":"Huang, A.: Similarity measures for text document clustering. In: Proceedings of the Sixth New Zealand Computer Science Research Student Conference (NZCSRSC 2008), Christchurch, New Zealand, pp. 49\u201356 (2008)","DOI":"10.1080\/00480169.2008.36806"},{"issue":"23","key":"10_CR12","first-page":"38","volume":"117","author":"A Khabia","year":"2015","unstructured":"Khabia, A., Chandak, M.: A cluster based approach with n-grams at word level for document classification. Int. J. Comput. Appl. 117(23), 38\u201342 (2015)","journal-title":"Int. J. Comput. Appl."},{"key":"10_CR13","doi-asserted-by":"publisher","first-page":"7","DOI":"10.1017\/CBO9781139924801","volume-title":"Mining of Massive Datasets","author":"J Leskovec","year":"2014","unstructured":"Leskovec, J., Rajaraman, A., Ullman, J.D.: Mining of Massive Datasets, pp. 7\u201315. Cambridge University Press, Cambridge (2014)"},{"key":"10_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"238","DOI":"10.1007\/978-3-642-15512-3_13","volume-title":"Recent Advances in Intrusion Detection","author":"P Li","year":"2010","unstructured":"Li, P., Liu, L., Gao, D., Reiter, M.K.: On challenges in evaluating malware clustering. In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol. 6307, pp. 238\u2013255. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-15512-3_13"},{"key":"10_CR15","unstructured":"Malwarebytes: Cybercrime tactics and techniques: Q1 2018. https:\/\/www.malwarebytes.com\/pdf\/white-papers\/CTNT-Q1-2018.pdf"},{"key":"10_CR16","doi-asserted-by":"crossref","unstructured":"Perdisci, R., et al.: VAMO: towards a fully automated malware clustering validity analysis. In: Proceedings of the 28th Annual Computer Security Applications Conference, pp. 329\u2013338. ACM (2012)","DOI":"10.1145\/2420950.2420999"},{"key":"10_CR17","doi-asserted-by":"crossref","unstructured":"Qiao, Y., He, J., Yang, Y., Ji, L.: Analyzing malware by abstracting the frequent itemsets in API call sequences. In: 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp. 265\u2013270. IEEE (2013)","DOI":"10.1109\/TrustCom.2013.36"},{"key":"10_CR18","unstructured":"Ramos, J., et al.: Using TF-IDF to determine word relevance in document queries. In: Proceedings of the First Instructional Conference on Machine Learning, vol. 242, pp. 133\u2013142 (2003)"},{"issue":"4","key":"10_CR19","doi-asserted-by":"publisher","first-page":"639","DOI":"10.3233\/JCS-2010-0410","volume":"19","author":"K Rieck","year":"2011","unstructured":"Rieck, K., Trinius, P., Willems, C., Holz, T.: Automatic analysis of malware behavior using machine learning. J. Comput. Secur. 19(4), 639\u2013668 (2011)","journal-title":"J. Comput. Secur."},{"key":"10_CR20","unstructured":"Rosenberg, A., Hirschberg, J.: V-measure: a conditional entropy-based external cluster evaluation measure. In: Proceedings of the 2007 Joint Conference on Empirical Methods in Natural Language Processing and Computational Natural Language Learning (EMNLP-CoNLL) (2007)"},{"key":"10_CR21","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1016\/0377-0427(87)90125-7","volume":"20","author":"PJ Rousseeuw","year":"1987","unstructured":"Rousseeuw, P.J.: Silhouettes: a graphical aid to the interpretation and validation of cluster analysis. J. Comput. Appl. Math. 20, 53\u201365 (1987)","journal-title":"J. Comput. Appl. Math."},{"issue":"11","key":"10_CR22","doi-asserted-by":"publisher","first-page":"613","DOI":"10.1145\/361219.361220","volume":"18","author":"G Salton","year":"1975","unstructured":"Salton, G., Wong, A., Yang, C.S.: A vector space model for automatic indexing. Commun. ACM 18(11), 613\u2013620 (1975)","journal-title":"Commun. ACM"},{"key":"10_CR23","doi-asserted-by":"crossref","unstructured":"Sculley, D.: Web-scale k-means clustering. In: Proceedings of the 19th International Conference on World Wide Web, pp. 1177\u20131178. ACM (2010)","DOI":"10.1145\/1772690.1772862"},{"issue":"2","key":"10_CR24","doi-asserted-by":"publisher","first-page":"107","DOI":"10.1007\/s11416-010-0141-5","volume":"7","author":"MK Shankarapani","year":"2011","unstructured":"Shankarapani, M.K., Ramamoorthy, S., Movva, R.S., Mukkamala, S.: Malware detection using assembly and API call sequences. J. Comput. Virol. 7(2), 107\u2013119 (2011)","journal-title":"J. Comput. Virol."},{"issue":"2","key":"10_CR25","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1109\/MSP.2007.45","volume":"5","author":"C Willems","year":"2007","unstructured":"Willems, C., Holz, T., Freiling, F.: Toward automated dynamic malware analysis using cwsandbox. IEEE Secur. Privacy 5(2), 32\u201339 (2007)","journal-title":"IEEE Secur. Privacy"}],"container-title":["Lecture Notes in Computer Science","Information and Operational Technology Security Systems"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-12085-6_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,9,11]],"date-time":"2022-09-11T02:56:30Z","timestamp":1662864990000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-12085-6_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030120849","9783030120856"],"references-count":25,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-12085-6_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"30 January 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"IOSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Workshop on Information and Operational Technology Security Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Heraklion","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Greece","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 September 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 September 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"1","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"iosec2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.raid2018.org\/cipsecworkshop.html","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"22","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"11","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"1","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"50% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}}]}}