{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,10]],"date-time":"2026-04-10T14:36:14Z","timestamp":1775831774354,"version":"3.50.1"},"publisher-location":"Cham","reference-count":33,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030937324","type":"print"},{"value":"9783030937331","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-93733-1_6","type":"book-chapter","created":{"date-parts":[[2022,2,18]],"date-time":"2022-02-18T06:02:58Z","timestamp":1645164178000},"page":"90-103","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Metamorphic Malware Behavior Analysis Using Sequential Pattern Mining"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9856-2885","authenticated-orcid":false,"given":"M. Saqib","family":"Nawaz","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7680-9899","authenticated-orcid":false,"given":"Philippe","family":"Fournier-Viger","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9205-912X","authenticated-orcid":false,"given":"M. Zohaib","family":"Nawaz","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2072-1588","authenticated-orcid":false,"given":"Guoting","family":"Chen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5314-3468","authenticated-orcid":false,"given":"Youxi","family":"Wu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,2,18]]},"reference":[{"key":"6_CR1","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1007\/978-3-642-02788-8_9","volume-title":"Scientific Data Mining and Knowledge Discovery","author":"M Abouelhoda","year":"2009","unstructured":"Abouelhoda, M., Ghanem, M.: String mining in bioinformatics. In: Gaber, M. (ed.) Scientific Data Mining and Knowledge Discovery, pp. 207\u2013247. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-02788-8_9"},{"key":"6_CR2","unstructured":"Agrawal, R., Srikant, R.: Fast algorithms for mining association rules in large databases. In: Proceedings of VLDB, pp. 487\u2013499 (1994)"},{"issue":"8","key":"6_CR3","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1016\/S1361-3723(13)70072-1","volume":"2013","author":"M Ahmadi","year":"2013","unstructured":"Ahmadi, M., Sami, A., Rahimi, H., Yadegari, B.: Malware detection by behavioural sequential patterns. Comput. Fraud Secur. 2013(8), 11\u201319 (2013)","journal-title":"Comput. Fraud Secur."},{"key":"6_CR4","unstructured":"\u00c7atak, F.\u00d6., Yazi, A.F.: A benchmark API call dataset for windows PE malware classification. CoRR, abs\/1905.01999 (2019)"},{"key":"6_CR5","doi-asserted-by":"publisher","first-page":"e285","DOI":"10.7717\/peerj-cs.285","volume":"6","author":"F\u00d6 \u00c7atak","year":"2020","unstructured":"\u00c7atak, F.\u00d6., Yazi, A.F., Elezaj, O., Ahmed, J.: Deep learning based sequential model for malware analysis using Windows exe API calls. Peer J. Comput. Sci. 6, e285 (2020)","journal-title":"Peer J. Comput. Sci."},{"key":"6_CR6","doi-asserted-by":"crossref","unstructured":"Cho, I.K., Im, E.G.: Extracting representative API patterns of malware families using multiple sequence alignments. In: Proceedings of RACS, pp. 308\u2013313 (2015)","DOI":"10.1145\/2811411.2811543"},{"key":"6_CR7","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1016\/j.eswa.2016.01.002","volume":"52","author":"Y Fan","year":"2016","unstructured":"Fan, Y., Ye, Y., Chen, L.: Malicious sequential pattern mining for automatic malware detection. Expert Syst. Appl. 52, 16\u201325 (2016)","journal-title":"Expert Syst. Appl."},{"key":"6_CR8","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1007\/978-3-319-06608-0_4","volume-title":"Advances in Knowledge Discovery and Data Mining","author":"P Fournier-Viger","year":"2014","unstructured":"Fournier-Viger, P., Gomariz, A., Campos, M., Thomas, R.: Fast vertical mining of sequential patterns using co-occurrence information. In: Tseng, V.S., Ho, T.B., Zhou, Z.-H., Chen, A.L.P., Kao, H.-Y. (eds.) PAKDD 2014. LNCS (LNAI), vol. 8443, pp. 40\u201352. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-06608-0_4"},{"key":"6_CR9","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"109","DOI":"10.1007\/978-3-642-53914-5_10","volume-title":"Advanced Data Mining and Applications","author":"P Fournier-Viger","year":"2013","unstructured":"Fournier-Viger, P., Gomariz, A., Gueniche, T., Mwamikazi, E., Thomas, R.: TKS: efficient mining of Top-K sequential patterns. In: Motoda, H., Wu, Z., Cao, L., Zaiane, O., Yao, M., Wang, W. (eds.) ADMA 2013. LNCS (LNAI), vol. 8346, pp. 109\u2013120. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-53914-5_10"},{"key":"6_CR10","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"431","DOI":"10.1007\/978-3-642-35527-1_36","volume-title":"Advanced Data Mining and Applications","author":"P Fournier-Viger","year":"2012","unstructured":"Fournier-Viger, P., Gueniche, T., Tseng, V.S.: Using partially-ordered sequential rules to generate more accurate sequence prediction. In: Zhou, S., Zhang, S., Karypis, G. (eds.) ADMA 2012. LNCS (LNAI), vol. 7713, pp. 431\u2013442. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-35527-1_36"},{"key":"6_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"108","DOI":"10.1007\/978-3-319-12571-8_10","volume-title":"Advances in Intelligent Data Analysis XIII","author":"P Fournier-Viger","year":"2014","unstructured":"Fournier-Viger, P., Gueniche, T., Zida, S., Tseng, V.S.: ERMiner: sequential rule mining using equivalence classes. In: Blockeel, H., van Leeuwen, M., Vinciotti, V. (eds.) IDA 2014. LNCS, vol. 8819, pp. 108\u2013119. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-12571-8_10"},{"key":"6_CR12","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1007\/978-3-319-46131-1_8","volume-title":"Machine Learning and Knowledge Discovery in Databases","author":"P Fournier-Viger","year":"2016","unstructured":"Fournier-Viger, P., et al.: The SPMF open-source data mining library version 2. In: Berendt, B., et al. (eds.) ECML PKDD 2016. LNCS (LNAI), vol. 9853, pp. 36\u201340. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-46131-1_8"},{"issue":"1","key":"6_CR13","first-page":"54","volume":"1","author":"P Fournier-Viger","year":"2017","unstructured":"Fournier-Viger, P., Lin, J.C.W., Kiran, R.U., Koh, Y.S., Thomas, R.: A survey of sequential pattern mining. Data Sci. Pattern Recogn. 1(1), 54\u201377 (2017)","journal-title":"Data Sci. Pattern Recogn."},{"key":"6_CR14","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1007\/978-3-319-06483-3_8","volume-title":"Advances in Artificial Intelligence","author":"P Fournier-Viger","year":"2014","unstructured":"Fournier-Viger, P., Wu, C.-W., Gomariz, A., Tseng, V.S.: VMSP: efficient vertical mining of maximal sequential patterns. In: Sokolova, M., van Beek, P. (eds.) AI 2014. LNCS (LNAI), vol. 8436, pp. 83\u201394. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-06483-3_8"},{"issue":"2","key":"6_CR15","doi-asserted-by":"publisher","first-page":"429","DOI":"10.1007\/s10115-015-0884-x","volume":"48","author":"F Fumarola","year":"2016","unstructured":"Fumarola, F., Lanotte, P.F., Ceci, M., Malerba, D.: CloFAST: closed sequential pattern mining using sparse and vertical id-lists. Knowl. Inf. Syst. 48(2), 429\u2013463 (2016)","journal-title":"Knowl. Inf. Syst."},{"key":"6_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1007\/978-3-642-04342-0_6","volume-title":"Recent Advances in Intrusion Detection","author":"K Griffin","year":"2009","unstructured":"Griffin, K., Schneider, S., Hu, X., Chiueh, T.: Automatic generation of string signatures for malware detection. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) RAID 2009. LNCS, vol. 5758, pp. 101\u2013120. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-04342-0_6"},{"issue":"3","key":"6_CR17","doi-asserted-by":"publisher","first-page":"151","DOI":"10.3233\/JCS-980109","volume":"6","author":"SA Hofmeyr","year":"1998","unstructured":"Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. J. Comput. Secur. 6(3), 151\u2013180 (1998)","journal-title":"J. Comput. Secur."},{"key":"6_CR18","doi-asserted-by":"crossref","unstructured":"Ki, Y., Kim, E., Kim, H.K.: A novel approach to detect malware based on API call sequence analysis. Int. J. Distrib. Sens. Netw. 11, 659101:1\u2013659101:9 (2015)","DOI":"10.1155\/2015\/659101"},{"issue":"2","key":"6_CR19","first-page":"26","volume":"1","author":"RU Mustafa","year":"2017","unstructured":"Mustafa, R.U., Nawaz, M.S., Ferzund, J., Lali, M.I.U., Shahzad, B., Fournier-Viger, P.: Early detection of controversial Urdu speeches from social media. Data Sci. Pattern Recogn. 1(2), 26\u201342 (2017)","journal-title":"Data Sci. Pattern Recogn."},{"issue":"5","key":"6_CR20","doi-asserted-by":"publisher","first-page":"3086","DOI":"10.1007\/s10489-021-02193-w","volume":"51","author":"MS Nawaz","year":"2021","unstructured":"Nawaz, M.S., Fournier-Viger, P., Shojaee, A., Fujita, H.: Using artificial intelligence techniques for COVID-19 genome analysis. Appl. Intell. 51(5), 3086\u20133103 (2021)","journal-title":"Appl. Intell."},{"key":"6_CR21","doi-asserted-by":"publisher","first-page":"119806","DOI":"10.1109\/ACCESS.2020.3004199","volume":"8","author":"MS Nawaz","year":"2020","unstructured":"Nawaz, M.S., Fournier-Viger, P., Zhang, J.: Proof learning in PVS with utility pattern mining. IEEE Access 8, 119806\u2013119818 (2020)","journal-title":"IEEE Access"},{"key":"6_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1007\/978-3-030-31517-7_4","volume-title":"Fundamentals of Software Engineering","author":"MS Nawaz","year":"2019","unstructured":"Nawaz, M.S., Sun, M., Fournier-Viger, P.: Proof guidance in PVS with sequential pattern mining. In: Hojjat, H., Massink, M. (eds.) FSEN 2019. LNCS, vol. 11761, pp. 45\u201360. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-31517-7_4"},{"key":"6_CR23","doi-asserted-by":"crossref","unstructured":"Ni, L., Luo, W., Lu, N., Zhu, W.: Mining the local dependency itemset in a products network. ACM Trans. Manage. Inf. Syst. 11(1), 3:1\u20133:31 (2020)","DOI":"10.1145\/3384473"},{"issue":"4","key":"6_CR24","first-page":"1","volume":"10","author":"A Pektas","year":"2018","unstructured":"Pektas, A., Pektas, E.N., Acarman, T.: Mining patterns of sequential malicious APIs to detect malware. Int. J. Netw. Secur. Appl. 10(4), 1\u20139 (2018)","journal-title":"Int. J. Netw. Secur. Appl."},{"key":"6_CR25","doi-asserted-by":"crossref","unstructured":"Pokou, Y.J.M., Fournier-Viger, P., Moghrabi, C.: Authorship attribution using small sets of frequent part-of-speech skip-grams. In: Proceedings of FLAIRS, pp. 86\u201391 (2016)","DOI":"10.5220\/0005710103540361"},{"key":"6_CR26","series-title":"Advances in Intelligent Systems and Computing","doi-asserted-by":"publisher","first-page":"225","DOI":"10.1007\/978-3-642-37832-4_21","volume-title":"Knowledge Engineering and Management","author":"Y Qiao","year":"2014","unstructured":"Qiao, Y., Yang, Y., He, J., Tang, C., Liu, Z.: CBM: free, automatic malware analysis framework using API call sequences. In: Sun, F., Li, T., Li, H. (eds.) Knowledge Engineering and Management. AISC, vol. 214, pp. 225\u2013236. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-642-37832-4_21"},{"key":"6_CR27","doi-asserted-by":"crossref","unstructured":"Qiao, Y., Yang, Y., Ji, L., He, J.: Analyzing malware by abstracting the frequent itemsets in API call sequences. In: Proceedings of TrustCom, pp. 265\u2013270 (2013)","DOI":"10.1109\/TrustCom.2013.36"},{"key":"6_CR28","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-98140-6","volume-title":"Supervised Descriptive Pattern Mining","author":"S Ventura","year":"2018","unstructured":"Ventura, S., Luna, J.M.: Supervised Descriptive Pattern Mining. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-98140-6"},{"key":"6_CR29","doi-asserted-by":"crossref","unstructured":"Schweizer, D., Zehnder, M., Wache, H., Witschel, H.F., Zanatta, D., Rodriguez, M.: Using consumer behavior data to reduce energy consumption in smart homes: applying machine learning to save energy without lowering comfort of inhabitants. In: Proceedings of ICMLA, pp. 1123\u20131129 (2015)","DOI":"10.1109\/ICMLA.2015.62"},{"key":"6_CR30","doi-asserted-by":"crossref","unstructured":"Sundarkumar, G.G., Ravi, V., Nwogu, I., Govindaraju, V.: Malware detection via API calls, topic models and machine learning. In: Proceedings of CASE, pp. 1212\u20131217 (2015)","DOI":"10.1109\/CoASE.2015.7294263"},{"key":"6_CR31","doi-asserted-by":"crossref","unstructured":"Uppal, D., Sinha, R., Mehra, V., Jain, V.: Malware detection and classification based on extraction of API sequences. In: Proceedings of ICACCI, pp. 2337\u20132342 (2014)","DOI":"10.1109\/ICACCI.2014.6968547"},{"key":"6_CR32","doi-asserted-by":"crossref","unstructured":"Ye, Y., Li, T., Adjeroh, D.A., Iyengar, S.S.: A survey on malware detection using data mining techniques. ACM Comput. Surv. 50(3), 41:1\u201341:40 (2017)","DOI":"10.1145\/3073559"},{"issue":"4","key":"6_CR33","doi-asserted-by":"publisher","first-page":"323","DOI":"10.1007\/s11416-008-0082-4","volume":"4","author":"Y Ye","year":"2008","unstructured":"Ye, Y., Wang, D., Li, T., Ye, D., Jiang, Q.: An intelligent PE-malware detection system based on association mining. J. Comput. Virol. 4(4), 323\u2013334 (2008)","journal-title":"J. Comput. Virol."}],"container-title":["Communications in Computer and Information Science","Machine Learning and Principles and Practice of Knowledge Discovery in Databases"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-93733-1_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,6]],"date-time":"2022-05-06T22:41:14Z","timestamp":1651876874000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-93733-1_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030937324","9783030937331"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-93733-1_6","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"value":"1865-0929","type":"print"},{"value":"1865-0937","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"18 February 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ECML PKDD","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Joint European Conference on Machine Learning and Knowledge Discovery in Databases","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bilbao","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Spain","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 September 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 September 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ecml2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/2021.ecmlpkdd.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"869","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"210","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"24% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3-4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3-9","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held online due to the COVID-19 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}