{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,2]],"date-time":"2026-06-02T17:51:07Z","timestamp":1780422667486,"version":"3.54.1"},"publisher-location":"Cham","reference-count":28,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030582074","type":"print"},{"value":"9783030582081","type":"electronic"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-58208-1_4","type":"book-chapter","created":{"date-parts":[[2020,8,26]],"date-time":"2020-08-26T09:03:28Z","timestamp":1598432608000},"page":"57-73","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Detection of Running Malware Before it Becomes Malicious"],"prefix":"10.1007","author":[{"given":"Sergii","family":"Banin","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Geir Olav","family":"Dyrkolbotn","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2020,8,26]]},"reference":[{"key":"4_CR1","unstructured":"Virusshare.com. http:\/\/virusshare.com\/. Accessed 09 Mar 2020"},{"key":"4_CR2","unstructured":"Weka: Data mining software in java (2019). http:\/\/www.cs.waikato.ac.nz\/ml\/weka\/. Accessed Mar 2019"},{"key":"4_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"64","DOI":"10.1007\/978-3-540-70542-0_4","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"N Aaraj","year":"2008","unstructured":"Aaraj, N., Raghunathan, A., Jha, N.K.: Dynamic binary instrumentation-based framework for malware defense. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 64\u201387. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-70542-0_4"},{"key":"4_CR4","unstructured":"AVTEST: The independent IT-Security Institute: Malware (2020). https:\/\/nvd.nist.gov\/vuln\/search\/statistics?form_type=Basic&results_type=statistics&search_type=all"},{"key":"4_CR5","doi-asserted-by":"publisher","unstructured":"Bahador, M.B., Abadi, M., Tajoddin, A.: HPCMalHunter: behavioral malware detection using hardware performance counters and singular value decomposition. In: 2014 4th International eConference on Computer and Knowledge Engineering (ICCKE), pp. 703\u2013708. IEEE (2014). https:\/\/doi.org\/10.1109\/iccke.2014.6993402","DOI":"10.1109\/iccke.2014.6993402"},{"issue":"8","key":"4_CR6","doi-asserted-by":"publisher","first-page":"5551","DOI":"10.1007\/s11227-019-02810-z","volume":"75","author":"MB Bahador","year":"2019","unstructured":"Bahador, M.B., Abadi, M., Tajoddin, A.: HLMD: a signature-based approach to hardware-level behavioral malware detection and classification. J. Supercomput. 75(8), 5551\u20135582 (2019). https:\/\/doi.org\/10.1007\/s11227-019-02810-z","journal-title":"J. Supercomput."},{"key":"4_CR7","doi-asserted-by":"publisher","first-page":"S107","DOI":"10.1016\/j.diin.2018.04.019","volume":"26","author":"S Banin","year":"2018","unstructured":"Banin, S., Dyrkolbotn, G.O.: Multinomial malware classification via low-level features. Digit. Investig. 26, S107\u2013S117 (2018). https:\/\/doi.org\/10.1016\/j.diin.2018.04.019","journal-title":"Digit. Investig."},{"key":"4_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"149","DOI":"10.1007\/978-3-030-26834-3_9","volume-title":"Advances in Information and Computer Security","author":"S Banin","year":"2019","unstructured":"Banin, S., Dyrkolbotn, G.O.: Correlating high- and low-level features: In: Attrapadung, N., Yagi, T. (eds.) IWSEC 2019. LNCS, vol. 11689, pp. 149\u2013167. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-26834-3_9"},{"key":"4_CR9","unstructured":"Banin, S., Shalaginov, A., Franke, K.: Memory access patterns for malware detection. Norsk informasjonssikkerhetskonferanse (NISK), pp. 96\u2013107 (2016)"},{"key":"4_CR10","doi-asserted-by":"publisher","first-page":"399","DOI":"10.1016\/j.cose.2017.11.016","volume":"73","author":"P Burnap","year":"2018","unstructured":"Burnap, P., French, R., Turner, F., Jones, K.: Malware classification using self organising feature maps and machine activity data. Comput. Secur. 73, 399\u2013410 (2018). https:\/\/doi.org\/10.1016\/j.cose.2017.11.016","journal-title":"Comput. Secur."},{"key":"4_CR11","unstructured":"Hall, M.A.: Correlation-based feature subset selection for machine learning. Ph.D. thesis, University of Waikato, Hamilton, New Zealand (1998)"},{"key":"4_CR12","unstructured":"IntelPin: A dynamic binary instrumentation tool (2020)"},{"key":"4_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-319-26362-5_1","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"KN Khasawneh","year":"2015","unstructured":"Khasawneh, K.N., Ozsoy, M., Donovick, C., Abu-Ghazaleh, N., Ponomarev, D.: Ensemble learning for low-level hardware-supported malware detection. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 3\u201325. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-26362-5_1"},{"key":"4_CR14","doi-asserted-by":"publisher","DOI":"10.1109\/tdsc.2018.2801858","author":"KN Khasawneh","year":"2018","unstructured":"Khasawneh, K.N., Ozsoy, M., Donovick, C., Ghazaleh, N.A., Ponomarev, D.V.: EnsembleHMD: accurate hardware malware detectors with specialized ensemble classifiers. IEEE Trans. Dependable Secur. Comput. (2018). https:\/\/doi.org\/10.1109\/tdsc.2018.2801858","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"4_CR15","doi-asserted-by":"publisher","DOI":"10.1533\/9780857099440","volume-title":"Machine Learning and Data Mining: Introduction to Principles and Algorithms","author":"I Kononenko","year":"2007","unstructured":"Kononenko, I., Kukar, M.: Machine Learning and Data Mining: Introduction to Principles and Algorithms. Horwood Publishing, Cambridge (2007)"},{"key":"4_CR16","unstructured":"NetMarkeshare: Operating system market share (2020). https:\/\/netmarketshare.com\/operating-system-market-share.aspx"},{"key":"4_CR17","unstructured":"NIST: National vulnerability database (2020). https:\/\/nvd.nist.gov\/vuln\/search\/statistics?form_type=Basic&results_type=statistics&search_type=all"},{"key":"4_CR18","unstructured":"NIST: National vulnerability database: windows (2020). https:\/\/nvd.nist.gov\/vuln\/search\/statistics?form_type=Advanced&results_type=statistics&query=Windows&search_type=all"},{"key":"4_CR19","doi-asserted-by":"publisher","unstructured":"Ozsoy, M., Donovick, C., Gorelik, I., Abu-Ghazaleh, N., Ponomarev, D.: Malware-aware processors: a framework for efficient online malware detection. In: 2015 IEEE 21st International Symposium on High Performance Computer Architecture (HPCA), pp. 651\u2013661. IEEE (2015). https:\/\/doi.org\/10.1109\/hpca.2015.7056070","DOI":"10.1109\/hpca.2015.7056070"},{"issue":"11","key":"4_CR20","doi-asserted-by":"publisher","first-page":"3332","DOI":"10.1109\/tc.2016.2540634","volume":"65","author":"M Ozsoy","year":"2016","unstructured":"Ozsoy, M., Khasawneh, K.N., Donovick, C., Gorelik, I., Abu-Ghazaleh, N., Ponomarev, D.: Hardware-based malware detection using low-level architectural features. IEEE Trans. Comput. 65(11), 3332\u20133344 (2016). https:\/\/doi.org\/10.1109\/tc.2016.2540634","journal-title":"IEEE Trans. Comput."},{"issue":"8","key":"4_CR21","doi-asserted-by":"publisher","first-page":"1226","DOI":"10.1109\/TPAMI.2005.159","volume":"27","author":"H Peng","year":"2005","unstructured":"Peng, H., Long, F., Ding, C.: Feature selection based on mutual information criteria of max-dependency, max-relevance, and min-redundancy. IEEE Trans. Pattern Anal. Mach. Intell. 27(8), 1226\u20131238 (2005)","journal-title":"IEEE Trans. Pattern Anal. Mach. Intell."},{"key":"4_CR22","unstructured":"PortableApps.com: Portableapps.com (2020). https:\/\/portableapps.com\/apps"},{"key":"4_CR23","unstructured":"Reuters: Ukraine\u2019s power outage was a cyber attack: Ukrenergo (2017). https:\/\/www.reuters.com\/article\/us-ukraine-cyber-attack-energy\/ukraines-power-outage-was-a-cyber-attack-ukrenergo-idUSKBN1521BA"},{"key":"4_CR24","series-title":"Advances in Information Security","doi-asserted-by":"publisher","first-page":"7","DOI":"10.1007\/978-3-319-73951-9_2","volume-title":"Cyber Threat Intelligence","author":"A Shalaginov","year":"2018","unstructured":"Shalaginov, A., Banin, S., Dehghantanha, A., Franke, K.: Machine learning aided static malware analysis: a survey and tutorial. In: Dehghantanha, A., Conti, M., Dargahi, T. (eds.) Cyber Threat Intelligence. AIS, vol. 70, pp. 7\u201345. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-73951-9_2"},{"key":"4_CR25","volume-title":"Practical Malware Analysis: The Hands-on Guide to Dissecting Malicious Software","author":"M Sikorski","year":"2012","unstructured":"Sikorski, M., Honig, A.: Practical Malware Analysis: The Hands-on Guide to Dissecting Malicious Software. No Starch Press, San Francisco (2012)"},{"key":"4_CR26","unstructured":"The Verge: The Petya ransomware is starting to look like a cyberattack in disguise (2017). https:\/\/www.theverge.com\/2017\/6\/28\/15888632\/petya-goldeneye-ransomware-cyberattack-ukraine-russia"},{"key":"4_CR27","unstructured":"VirusTotal: VirusTotal-free online virus, malware and URL scanner (2012). https:\/\/www.virustotal.com\/en"},{"key":"4_CR28","volume-title":"Windows Internals, Part 1 (Developer Reference)","author":"P Yosifovich","year":"2017","unstructured":"Yosifovich, P.: Windows Internals, Part 1 (Developer Reference). Microsoft Press, Redmond (2017)"}],"updated-by":[{"DOI":"10.1007\/978-3-030-58208-1_17","type":"correction","label":"Correction","source":"publisher","updated":{"date-parts":[[2020,8,26]],"date-time":"2020-08-26T00:00:00Z","timestamp":1598400000000}}],"container-title":["Lecture Notes in Computer Science","Advances in Information and Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-58208-1_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,24]],"date-time":"2021-04-24T05:57:52Z","timestamp":1619243872000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-58208-1_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030582074","9783030582081"],"references-count":28,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-58208-1_4","relation":{"correction":[{"id-type":"doi","id":"10.1007\/978-3-030-58208-1_17","asserted-by":"object"}]},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"26 August 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"26 August 2020","order":2,"name":"change_date","label":"Change Date","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"Correction","order":3,"name":"change_type","label":"Change Type","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"Some errors were present in the originally published Chapter 4. The following modifications were made:","order":4,"name":"change_details","label":"Change Details","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"Page 67, line 16 has been corrected to: \u201cswitching from BEP behavior to AEP it is relatively low\u201d.","order":5,"name":"change_details","label":"Change Details","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"Page 67, line 22 has been corrected to: \u201cselects more features for AEP data than for BEP data\u201d.","order":6,"name":"change_details","label":"Change Details","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"IWSEC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Workshop on Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Fukui","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Japan","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2 September 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 September 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"iwsec2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.iwsec.org\/2020\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"47","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"15","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"1","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"32% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.9","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4.9","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-19 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}