{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,26]],"date-time":"2025-12-26T07:14:50Z","timestamp":1766733290056},"publisher-location":"Cham","reference-count":37,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319598697"},{"type":"electronic","value":"9783319598703"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-59870-3_10","type":"book-chapter","created":{"date-parts":[[2017,5,30]],"date-time":"2017-05-30T02:14:17Z","timestamp":1496110457000},"page":"173-189","source":"Crossref","is-referenced-by-count":13,"title":["A New Malware Classification Approach Based on Malware Dynamic Analysis"],"prefix":"10.1007","author":[{"given":"Ying","family":"Fang","sequence":"first","affiliation":[]},{"given":"Bo","family":"Yu","sequence":"additional","affiliation":[]},{"given":"Yong","family":"Tang","sequence":"additional","affiliation":[]},{"given":"Liu","family":"Liu","sequence":"additional","affiliation":[]},{"given":"Zexin","family":"Lu","sequence":"additional","affiliation":[]},{"given":"Yi","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Qiang","family":"Yang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,5,31]]},"reference":[{"key":"10_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"108","DOI":"10.1007\/978-3-540-70542-0_6","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"K Rieck","year":"2008","unstructured":"Rieck, K., Holz, T., Willems, C., D\u00fcssel, P., Laskov, P.: Learning and classification of malware behavior. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 108\u2013125. Springer, Heidelberg (2008). doi: 10.1007\/978-3-540-70542-0_6"},{"key":"10_CR2","unstructured":"Liu L., Wang, B.-S., Yu, B., Zhong, Q.-X.: Automatic malware classification and new malware detection using machine learning. Frontiers of Information Technology & Electronic Engineering, pp. 1\u201312 (2016)"},{"issue":"1","key":"10_CR3","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s11416-015-0261-z","volume":"13","author":"A Damodaran","year":"2017","unstructured":"Damodaran, A., Di Troia, F., Visaggio, C.A., Austin, T.H., Stamp, M.: A comparison of static, dynamic, and hybrid analysis for malware detection. J. Comput. Virol. Hacking Tech. 13(1), 1\u201312 (2017)","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"10_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"137","DOI":"10.1007\/978-3-319-50127-7_11","volume-title":"AI 2016: Advances in Artificial Intelligence","author":"B Kolosnjaji","year":"2016","unstructured":"Kolosnjaji, B., Zarras, A., Webster, G., Eckert, C.: Deep learning for classification of malware system call sequences. In: Kang, B.H., Bai, Q. (eds.) AI 2016. LNCS, vol. 9992, pp. 137\u2013149. Springer, Cham (2016). doi: 10.1007\/978-3-319-50127-7_11"},{"key":"10_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"335","DOI":"10.1007\/978-3-319-14325-5_29","volume-title":"Euro-Par 2014: Parallel Processing Workshops","author":"PK Chouhan","year":"2014","unstructured":"Chouhan, P.K., Hagan, M., McWilliams, G., Sezer, S.: Network based malware detection within virtualised environments. In: Lopes, L., et al. (eds.) Euro-Par 2014. LNCS, vol. 8805, pp. 335\u2013346. Springer, Cham (2014). doi: 10.1007\/978-3-319-14325-5_29"},{"key":"10_CR6","doi-asserted-by":"crossref","unstructured":"Rhee, J., Riley, R., Dongyan, X., Jiang, X.: Kernel malware analysis with un-tampered and temporal views of dynamic kernel memory. In: Recent Advances in Intrusion Detection, International Symposium, pp. 178\u2013197 (2010)","DOI":"10.1007\/978-3-642-15512-3_10"},{"key":"10_CR7","unstructured":"Witten, L.H., Frank, E., Hall, M.A., Pal, C.J., Mining, D.: Practical machine learning tools and techniques. Elsevier Ltd. (2011)"},{"issue":"2","key":"10_CR8","doi-asserted-by":"crossref","first-page":"59","DOI":"10.1007\/s11416-015-0244-0","volume":"12","author":"H Shehata","year":"2016","unstructured":"Shehata, H., Yousef, G., Mahdy, B., Ali, M.: Behavior-based features model for malware detection. J. Comput. Virol. Hacking Tech. 12(2), 59\u201367 (2016)","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"10_CR9","doi-asserted-by":"crossref","unstructured":"Roelleke, T., Wang, J.: TFIDF uncovered: a study of theories and probabilities. In: International ACM SIGIR Conference on Research and Development in Information Retrieval, pp. 435\u2013442 (2008)","DOI":"10.1145\/1390334.1390409"},{"issue":"1","key":"10_CR10","doi-asserted-by":"crossref","first-page":"25","DOI":"10.1007\/BF02949798","volume":"5","author":"H Aoyama","year":"1953","unstructured":"Aoyama, H.: On the chi-square test for weighted samples. Ann. Inst. Stat. Math. 5(1), 25\u201328 (1953)","journal-title":"Ann. Inst. Stat. Math."},{"issue":"3","key":"10_CR11","doi-asserted-by":"crossref","first-page":"500","DOI":"10.1109\/TIFS.2013.2242890","volume":"8","author":"P Okane","year":"2013","unstructured":"Okane, P., Sezer, S., McLaughlin, K., Im, E.G.: SVM training phase reduction using dataset feature filtering for malware detection. IEEE Trans. Inf. Forensics Secur. 8(3), 500\u2013509 (2013)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"issue":"4","key":"10_CR12","doi-asserted-by":"crossref","first-page":"304","DOI":"10.1109\/TDSC.2013.40","volume":"11","author":"S Cesare","year":"2014","unstructured":"Cesare, S., Xiang, Y., Member, S.: Control flow-based malware variant detection. IEEE Trans. Dependable Secure Comput. 11(4), 304\u2013317 (2014)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"10_CR13","doi-asserted-by":"crossref","unstructured":"Liu, K., Shuai, L., Liu, C.: POSTER: fingerprinting the publicly available sandboxes. In: ACM SIGSAC Conference on Computer and Communications Security, pp. 1469\u20131471 (2014)","DOI":"10.1145\/2660267.2662396"},{"issue":"4","key":"10_CR14","doi-asserted-by":"crossref","first-page":"400","DOI":"10.1109\/TDSC.2014.2355839","volume":"12","author":"L Cen","year":"2015","unstructured":"Cen, L., Gates, C.S., Si, L., Li, N.: A probabilistic discriminative model for android malware detection with decompiled source code. IEEE Trans. Dependable Secure Comput. 12(4), 400\u2013412 (2015)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"issue":"8","key":"10_CR15","first-page":"45","volume":"2","author":"YK Jain","year":"2011","unstructured":"Jain, Y.K., Bhandare, S.K.: Min max normalization based data perturbation method for privacy protection. Int. J. Comput. Commun. Technol. 2(8), 45\u201350 (2011)","journal-title":"Int. J. Comput. Commun. Technol."},{"key":"10_CR16","series-title":"Springer Series in Statistics","doi-asserted-by":"crossref","DOI":"10.1007\/978-0-387-84858-7","volume-title":"The Elements of Statistical Learning","author":"T Hastie","year":"2009","unstructured":"Hastie, T., Tibshirani, R., Friedman, J.: The Elements of Statistical Learning. SSS. Springer, New York (2009)"},{"issue":"1","key":"10_CR17","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1023\/A:1010933404324","volume":"45","author":"LEO Breiman","year":"2001","unstructured":"Breiman, L.E.O.: Random forests. Mach. Learn. 45(1), 5\u201332 (2001)","journal-title":"Mach. Learn."},{"issue":"5","key":"10_CR18","doi-asserted-by":"crossref","first-page":"1189","DOI":"10.1214\/aos\/1013203451","volume":"29","author":"JH Friedman","year":"2000","unstructured":"Friedman, J.H.: Greedy function approximation: a gradient boosting machine 1 function estimation 2 numerical optimization in function space. Ann. Stat. 29(5), 1189\u20131232 (2000)","journal-title":"Ann. Stat."},{"issue":"4","key":"10_CR19","doi-asserted-by":"crossref","first-page":"333","DOI":"10.1007\/s100440200030","volume":"5","author":"D Ruta","year":"2002","unstructured":"Ruta, D., Gabrys, B.: A theoretical analysis of the limits of majority voting errors for multiple classifier systems. Pattern Anal. Appl. 5(4), 333\u2013350 (2002)","journal-title":"Pattern Anal. Appl."},{"key":"10_CR20","first-page":"2935","volume":"10","author":"A Gunawardana","year":"2009","unstructured":"Gunawardana, A., Shani, G.: A survey of accuracy evaluation metrics of recommendation tasks. J. Mach. Learn. Res. 10, 2935\u20132962 (2009)","journal-title":"J. Mach. Learn. Res."},{"key":"10_CR21","doi-asserted-by":"crossref","unstructured":"Yang, Y., Liu, X.: A re-examination of text categorization methods. In: International ACM SIGIR Conference on Research and Development in Information Retrieval, pp. 42\u201349 (1999)","DOI":"10.1145\/312624.312647"},{"issue":"1","key":"10_CR22","first-page":"37","volume":"2","author":"D Martin","year":"2011","unstructured":"Martin, D., Powers, W.: Evaluation: from precision, recall and F-measure to ROC, informendness, markendness & correlation. J. Mach. Learn. Technol. 2(1), 37\u201363 (2011)","journal-title":"J. Mach. Learn. Technol."},{"issue":"4","key":"10_CR23","doi-asserted-by":"crossref","first-page":"639","DOI":"10.3233\/JCS-2010-0410","volume":"19","author":"K Rieck","year":"2011","unstructured":"Rieck, K., Trinius, P., Willems, C., Holz, T.: Automatic analysis of malware behavior using machine learning. J. Comput. Secur. 19(4), 639\u2013668 (2011)","journal-title":"J. Comput. Secur."},{"key":"10_CR24","unstructured":"Le Berre, S., Chevalier, A., Pourcelot, T.: D\u00e9marche d\u2019analyse collaborative de codes malveillants. In: Symposium sur la s\u00e9curit\u00e9 des technologies de l\u2019information et des communications, pp. 3\u201319 (2016)"},{"key":"10_CR25","unstructured":"Bayer, U., Comparetti, P.M., Hlauschek, C., Kruegel, C., Kirda, E.: Scalable, behavior-based malware clustering. In: Network and Distributed System Security Symposium, pp. 1\u201318 (2009)"},{"issue":"2","key":"10_CR26","doi-asserted-by":"crossref","first-page":"65","DOI":"10.1016\/j.cose.2014.04.003","volume":"44","author":"Y Ding","year":"2014","unstructured":"Ding, Y., Dai, W., Yan, S., Zhang, Y.: Control flow-based opcode behavior analysis for Malware detection. Comput. Secur. 44(2), 65\u201374 (2014)","journal-title":"Comput. Secur."},{"key":"10_CR27","first-page":"98","volume":"9148","author":"T Wuchner","year":"2015","unstructured":"Wuchner, T., Ochoa, M., Pretschner, A.: Robust and effective malware detection through quantitative data flow graph metrics. Comput. Sci. 9148, 98\u2013118 (2015)","journal-title":"Comput. Sci."},{"issue":"2","key":"10_CR28","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2960409","volume":"19","author":"B Rahbarinia","year":"2016","unstructured":"Rahbarinia, B.: Efficient and accurate behavior-based tracking of malware-control domains in large ISP networks. ACM Trans. Priv. Secur. 19(2), 1\u201331 (2016)","journal-title":"ACM Trans. Priv. Secur."},{"key":"10_CR29","doi-asserted-by":"crossref","first-page":"212","DOI":"10.1016\/j.cose.2014.10.011","volume":"48","author":"S Alam","year":"2015","unstructured":"Alam, S., Horspool, R.N., Traore, I., Sogukpinar, I.: A framework for metamorphic malware analysis and real-time detection. Comput. Secur. 48, 212\u2013233 (2015)","journal-title":"Comput. Secur."},{"issue":"C","key":"10_CR30","doi-asserted-by":"crossref","first-page":"180","DOI":"10.1016\/j.cose.2016.01.002","volume":"58","author":"H Zhang","year":"2016","unstructured":"Zhang, H., Yao, D.D., Ramakrishnan, N., Zhang, Z.: Causality reasoning about network events for detecting stealthy malware activities. Comput. Secur. 58(C), 180\u2013198 (2016)","journal-title":"Comput. Secur."},{"key":"10_CR31","doi-asserted-by":"crossref","unstructured":"Zhang, M., Duan, Y., Yin, H., Zhao, Z.: Semantics-aware android malware classification using weighted contextual API dependency graphs. In: ACM SIGSAC Conference on Computer and Communications Security, pp. 1105\u20131116 (2014)","DOI":"10.1145\/2660267.2660359"},{"issue":"12","key":"10_CR32","doi-asserted-by":"crossref","first-page":"2591","DOI":"10.1109\/TIFS.2015.2469253","volume":"10","author":"S Naval","year":"2015","unstructured":"Naval, S., Laxmi, V., Rajarajan, M., Member, S.: Employing program semantics for malware detection. IEEE Trans. Inf. Forensics Secur. 10(12), 2591\u20132604 (2015)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"issue":"1","key":"10_CR33","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1049\/iet-ifs.2012.0289","volume":"8","author":"Z Zhao","year":"2014","unstructured":"Zhao, Z., Wang, J., Bai, J.: Malware detection method based on the control-flow construct feature of software. IET Inf. Secur. 8(1), 18\u201324 (2014)","journal-title":"IET Inf. Secur."},{"key":"10_CR34","doi-asserted-by":"crossref","unstructured":"Moonsamy, V., Tian, R., Batten, L.: Feature reduction to speed up malware classification. In: Nordic Conference on Secure IT Systems, pp. 176\u2013188 (2011)","DOI":"10.1007\/978-3-642-29615-4_13"},{"issue":"2","key":"10_CR35","doi-asserted-by":"crossref","first-page":"192","DOI":"10.1109\/TDSC.2015.2457918","volume":"13","author":"MR Watson","year":"2016","unstructured":"Watson, M.R., Marnerides, A.K., Shirazi, N., Mauthe, A., Hutchison, D.: Malware detection in cloud computing infrastructures. IEEE Trans. Dependable Secure Comput. 13(2), 192\u2013205 (2016)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"10_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"107","DOI":"10.1007\/978-3-319-15087-1_9","volume-title":"Information Security Applications","author":"A Mohaisen","year":"2015","unstructured":"Mohaisen, A., Alrawi, O.: AMAL: high-fidelity, behavior-based automated malware analysis and classification. In: Rhee, K.-H., Yi, J.H. (eds.) WISA 2014. LNCS, vol. 8909, pp. 107\u2013121. Springer, Cham (2015). doi: 10.1007\/978-3-319-15087-1_9"},{"issue":"6","key":"10_CR37","doi-asserted-by":"crossref","first-page":"313","DOI":"10.1049\/iet-ifs.2014.0099","volume":"9","author":"S Yerima","year":"2015","unstructured":"Yerima, S., Sezer, S., Muttik, I.: High accuracy android malware detection using ensemble learning. IET Inf. Secur. 9(6), 313\u2013320 (2015)","journal-title":"IET Inf. Secur."}],"container-title":["Lecture Notes in Computer Science","Information Security and Privacy"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-59870-3_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,9,25]],"date-time":"2019-09-25T06:50:26Z","timestamp":1569394226000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-59870-3_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319598697","9783319598703"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-59870-3_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017]]}}}