{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,24]],"date-time":"2026-01-24T19:24:02Z","timestamp":1769282642542,"version":"3.49.0"},"reference-count":43,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2015,8,9]],"date-time":"2015-08-09T00:00:00Z","timestamp":1439078400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundations of China","doi-asserted-by":"crossref","award":["61472302, 61272280, U1404620, 41271447, 61272195"],"award-info":[{"award-number":["61472302, 61272280, U1404620, 41271447, 61272195"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]},{"name":"The Program for New Century Excellent Talents in University","award":["NCET-12-0919"],"award-info":[{"award-number":["NCET-12-0919"]}]},{"name":"The Fundamental Research Funds for the Central Universities","award":["K5051203020, K5051303018, JB150313, BDY081422"],"award-info":[{"award-number":["K5051203020, K5051303018, JB150313, BDY081422"]}]},{"DOI":"10.13039\/501100007128","name":"Natural Science Foundation of Shaanxi Province","doi-asserted-by":"crossref","award":["2014JM8310"],"award-info":[{"award-number":["2014JM8310"]}],"id":[{"id":"10.13039\/501100007128","id-type":"DOI","asserted-by":"crossref"}]},{"name":"The Creative Project of the Science and Technology State of Xi\u2019an","award":["CXY1440(1)"],"award-info":[{"award-number":["CXY1440(1)"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2016,8]]},"DOI":"10.1007\/s10207-015-0297-6","type":"journal-article","created":{"date-parts":[[2015,8,8]],"date-time":"2015-08-08T07:53:49Z","timestamp":1439020429000},"page":"361-379","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":29,"title":["Malware detection using bilayer behavior abstraction and improved one-class support vector machines"],"prefix":"10.1007","volume":"15","author":[{"given":"Qiguang","family":"Miao","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jiachen","family":"Liu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ying","family":"Cao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jianfeng","family":"Song","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2015,8,9]]},"reference":[{"key":"297_CR1","unstructured":"Fossi, M., Egan, G., Haley, K., Johnson, E., Mack, T., Adams, T., Blackbird, J., Low, M.K., Mazurek, D., Kinney, D.: Symantec internet security threat report, vol. 16. Symantec Corporation (2011)"},{"key":"297_CR2","unstructured":"Wood, P., Egan, G., Haley, K., Tran, T., Cox, O., Lau, H., Wueest, C., McKinney, D., Millington, T., Nahorney, B., Mulcahy, J.: Symantec internet security threat report, vol. 17. Symantec Corporation (2012)"},{"issue":"2","key":"297_CR3","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2089125.2089126","volume":"44","author":"M Egele","year":"2012","unstructured":"Egele, M., Scholte, T., Kirda, E., Kruegel, C.: A survey on automated dynamic malware-analysis techniques and tools. ACM Comput. Surv. 44(2), 1\u201349 (2012)","journal-title":"ACM Comput. Surv."},{"key":"297_CR4","doi-asserted-by":"crossref","unstructured":"Wang, X., Yu, W., Champion, A., Fu, X., Xuan, D.: Detecting worms via mining dynamic program execution. In: Proceedings of the 3rd International Conference on Security and Privacy in Communications Networks, pp. 412\u2013421 (2007)","DOI":"10.1109\/SECCOM.2007.4550362"},{"issue":"4","key":"297_CR5","doi-asserted-by":"crossref","first-page":"639","DOI":"10.3233\/JCS-2010-0410","volume":"19","author":"K Rieck","year":"2011","unstructured":"Rieck, K., Trinius, P., Willems, C., Holz, T.: Automatic analysis of malware behavior using machine learning. J. Comput. Sec. 19(4), 639\u2013668 (2011)","journal-title":"J. Comput. Sec."},{"key":"297_CR6","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Jha, S., Kruegel, C.: Mining specifications of malicious behavior. In: Proceedings of the 1st India Software Engineering Conference, pp. 5\u201314 (2008)","DOI":"10.1145\/1342211.1342215"},{"key":"297_CR7","doi-asserted-by":"crossref","unstructured":"Martignoni, L., Stinson, E., Fredrikson, M., Jha, S., Mitchell, J.: A layered architecture for detecting malicious behaviors. In: Proceedings of the 11th International Symposium on Recent Advances in Intrusion Detection, pp. 78\u201397 (2008)","DOI":"10.1007\/978-3-540-87403-4_5"},{"issue":"1","key":"297_CR8","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s10844-009-0086-7","volume":"35","author":"Y Ye","year":"2010","unstructured":"Ye, Y., Li, T., Huang, K., Jiang, Q., Chen, Y.: Hierarchical associative classifier (HAC) for malware detection from the large and imbalanced gray list. J. Intell. Inf. Syst. 35(1), 1\u201320 (2010)","journal-title":"J. Intell. Inf. Syst."},{"key":"297_CR9","doi-asserted-by":"crossref","unstructured":"Firdausi, I., Lim, C., Erwin, A., Nugroho, A.S.: Analysis of machine learning techniques used in behavior-based malware detection. In: Proceedings of the 2nd International Conference on Advances in Computing, Control and Telecommunication Technologies, pp. 201\u2013203 (2010)","DOI":"10.1109\/ACT.2010.33"},{"key":"297_CR10","doi-asserted-by":"crossref","unstructured":"Abou-Assaleh, T., Cercone, N., Keselj, V., Sweidan, R.: N-gram-based detection of new malicious code. In: Proceedings of the 28th Annual International Computer Software and Applications Conference, pp. 41\u201342 (2004)","DOI":"10.1109\/CMPSAC.2004.1342667"},{"key":"297_CR11","first-page":"2721","volume":"7","author":"JZ Kolter","year":"2006","unstructured":"Kolter, J.Z., Maloof, M.A.: Learning to detect and classify malicious executables in the wild. J. Mach. Learn. Res. 7, 2721\u20132744 (2006)","journal-title":"J. Mach. Learn. Res."},{"key":"297_CR12","doi-asserted-by":"crossref","unstructured":"Perdisci, R., Lanzi, A., Lee, W.: McBoost: Boosting scalability in malware collection and analysis using statistical classification of executables. In: Proceedings of the 24th Annual Computer Security Applications Conference, pp. 301\u2013310 (2008)","DOI":"10.1109\/ACSAC.2008.22"},{"key":"297_CR13","first-page":"949","volume":"13","author":"G Tahan","year":"2012","unstructured":"Tahan, G., Rokach, L., Shahar, Y.: Mal-ID: automatic malware detection using common segment analysis and meta-features. J. Mach. Learn. Res. 13, 949\u2013979 (2012)","journal-title":"J. Mach. Learn. Res."},{"key":"297_CR14","doi-asserted-by":"crossref","unstructured":"Moskovitch, R., Feher, C., Tzachar, N., Berger, E., Gitelman, M., Dolev, S., Elovici, Y.: Unknown malcode detection using opcode representation. In: Daniel O., Henrik L, Daniel Z, David H, Gerhard W. (eds.) Intelligence and Security Informatics. pp. 204\u2013215 (2008)","DOI":"10.1007\/978-3-540-89900-6_21"},{"key":"297_CR15","doi-asserted-by":"crossref","unstructured":"Adkins, F., Jones, L., Carlisle, M., Upchurch, J.: Heuristic malware detection via basic block comparison. In: Proceedings of 8th International Conference on Malicious and Unwanted Software, pp. 11\u201318 (2013)","DOI":"10.1109\/MALWARE.2013.6703680"},{"issue":"10","key":"297_CR16","doi-asserted-by":"crossref","first-page":"64","DOI":"10.1016\/j.ins.2011.08.020","volume":"231","author":"I Santos","year":"2013","unstructured":"Santos, I., Brezo, F., Ugarte-Pedrero, X., Bringas, P.G.: Opcode sequences as representation of executables for data-mining-based unknown malware detection. Inform. Sci. 231(10), 64\u201382 (2013)","journal-title":"Inform. Sci."},{"issue":"3","key":"297_CR17","first-page":"109","volume":"9","author":"A Lakhotia","year":"2013","unstructured":"Lakhotia, A., Walenstein, A., Miles, C., Singh, A.: VILO: a rapid learning nearest-neighbor classifier for malware triage. J. Comput. Virol. 9(3), 109\u2013123 (2013)","journal-title":"J. Comput. Virol."},{"key":"297_CR18","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2014.06.001","author":"S Huda","year":"2014","unstructured":"Huda, S., Abawajy, J., Alazab, M., Abdollalihian, M., Islam, R., Yearwood, J.: Hybrids of support vector machine wrapper and filter based framework for malware detection. Future Gener. Comput. Syst. (2014). doi: 10.1016\/j.future.2014.06.001","journal-title":"Future Gener. Comput. Syst."},{"key":"297_CR19","doi-asserted-by":"crossref","unstructured":"Park, Y., Reeves, D., Mulukutla, V., Sundaravel, B.: Fast malware classification by automated behavioral graph matching. In: Proceedings of the 6th Annual Workshop on Cyber Security and Information Intelligence Research, pp. 1\u20134 (2010)","DOI":"10.1145\/1852666.1852716"},{"key":"297_CR20","doi-asserted-by":"crossref","unstructured":"Hu, X., Chiueh, T., Shin, K.G.: Large-scale malware indexing using function-call graphs. In: Proceedings of the 16th ACM Conference on Computer and Communications security, pp. 611\u2013620 (2009)","DOI":"10.1145\/1653662.1653736"},{"key":"297_CR21","unstructured":"Kolbitsch, C., Comparetti, P.M., Kruegel, C., Kirda, E., Zhou, X., Wang, X.F.: Effective and efficient malware detection at the end host. In: Proceedings of the 18th Conference on USENIX Security Symposium, pp. 351\u2013366 (2009)"},{"issue":"4","key":"297_CR22","first-page":"193","volume":"9","author":"Y Cao","year":"2013","unstructured":"Cao, Y., Miao, Q., Liu, J., Gao, L.: Abstracting minimal security-relevant behaviors for malware analysis. J. Comput. Virol. 9(4), 193\u2013204 (2013)","journal-title":"J. Comput. Virol."},{"key":"297_CR23","unstructured":"Alazab, M., Venkatraman, S., Watters, P., Alazab, M.: Zero-day malware detection based on supervised learning algorithms of API call signatures. In: Proceedings of the 9th Australasian Data Mining Conference, pp. 171\u2013182 (2011)"},{"key":"297_CR24","doi-asserted-by":"crossref","unstructured":"Firdausi, I., Lim, C., Erwin, A., Nugroho, A.S.: Analysis of machine learning techniques used in behavior-based malware detection. In: Proceedings of 2nd International Conference on Advances in Computing, Control and Telecommunication Technologies, pp. 201\u2013203 (2010)","DOI":"10.1109\/ACT.2010.33"},{"key":"297_CR25","doi-asserted-by":"crossref","unstructured":"Natani, P., Vidyarthi, D.: Malware detection using API function frequency with ensemble based classifier. In: Proceedings of International Symposium on Security in Computing and Communications, pp. 378\u2013388 (2013)","DOI":"10.1007\/978-3-642-40576-1_37"},{"issue":"14","key":"297_CR26","doi-asserted-by":"crossref","first-page":"1679","DOI":"10.1016\/j.patrec.2013.05.006","volume":"34","author":"S Sheen","year":"2013","unstructured":"Sheen, S., Anitha, R., Sirisha, P.: Malware detection by pruning of parallel ensembles using harmony search. Pattern Recognit. Lett. 34(14), 1679\u20131686 (2013)","journal-title":"Pattern Recognit. Lett."},{"key":"297_CR27","doi-asserted-by":"crossref","unstructured":"Uppal, D., Sinha, R., Mehra, V., Jain, V.: Malware detection and classification based on extraction of API sequences. In: Proceedings of 3rd International Conference on Advances in Computing, Communications and Informatics, pp. 2337\u20132342 (2014)","DOI":"10.1109\/ICACCI.2014.6968547"},{"key":"297_CR28","doi-asserted-by":"crossref","unstructured":"Cheng, J.Y., Tsai, T., Yang, C.: An information retrieval approach for malware classification based on Windows API calls. In: Proceedings of 5th International Conference on Machine Learning and Cybernetics, pp. 1678\u20131683 (2013)","DOI":"10.1109\/ICMLC.2013.6890868"},{"key":"297_CR29","doi-asserted-by":"crossref","unstructured":"Gavrilut, D., Benchea, R., Vatamanu, C.: Optimized zero false positives perceptron training for malware detection. In: Proceedings of the 14th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing, pp. 247\u2013253 (2012)","DOI":"10.1109\/SYNASC.2012.34"},{"issue":"2","key":"297_CR30","doi-asserted-by":"crossref","first-page":"646","DOI":"10.1016\/j.jnca.2012.10.004","volume":"34","author":"R Islam","year":"2013","unstructured":"Islam, R., Tian, R., Batten, L.M., Versteeg, S.: Classification of malware based on integrated static and dynamic features. J Netw. Comput. Appl. 34(2), 646\u2013656 (2013)","journal-title":"J Netw. Comput. Appl."},{"key":"297_CR31","doi-asserted-by":"crossref","unstructured":"Santos, I., Devesa, J., Brezo, F., Nieves, J., Bringas, P.G.: OPEM: a static-dynamic approach for machine-learning-based malware detection. In: Proceedings of International Joint Conference CISIS\u201912-ICEUTE\u201912-SOCO\u201912, pp. 271\u2013280 (2012)","DOI":"10.1007\/978-3-642-33018-6_28"},{"key":"297_CR32","doi-asserted-by":"crossref","unstructured":"Anderson, B., Storlie, C., Lane, T.: Improving malware classification: bridging the static\/dynamic gap. In: Proceedings of 5th ACM Workshop on Security and Artificial Intelligence, pp. 3\u201314 (2012)","DOI":"10.1145\/2381896.2381900"},{"key":"297_CR33","doi-asserted-by":"crossref","unstructured":"Liu, J., Song, J., Miao, Q., Cao, Y.: FENOC: an ensemble one-class learning framework for malware detection. In: Proceedings of 9th International Conference on Computational Intelligence and Security, pp. 523\u2013527 (2013)","DOI":"10.1109\/CIS.2013.116"},{"key":"297_CR34","doi-asserted-by":"crossref","unstructured":"Kong, D., Yan, G.: Discriminant malware distance learning on structural information for automated malware classification. In: Proceedings of 19th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1357\u20131365 (2013)","DOI":"10.1145\/2487575.2488219"},{"key":"297_CR35","unstructured":"Kolbitsch, C., Comparetti, P.M., Kruegel, C., Kirda, E., Zhou, X., Wang, X.F.: Effective and efficient malware detection at the end host. In: Proceedings of 18th Conference on USENIX Security Symposium, pp. 351\u2013366 (2009)"},{"key":"297_CR36","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Jha, S., Kruegel, C.: Mining specifications of malicious behavior. In: Proceedings of 1st India Software Engineering Conference, pp. 5\u201314 (2008)","DOI":"10.1145\/1342211.1342215"},{"key":"297_CR37","doi-asserted-by":"publisher","DOI":"10.1155\/2013\/402438","author":"Y Cao","year":"2013","unstructured":"Cao, Y., Miao, Q., Liu, J., Li, W.: Osiris: a malware behavior capturing system implemented at virtual machine monitor layer. Math. Probl. Eng. (2013). doi: 10.1155\/2013\/402438","journal-title":"Math. Probl. Eng."},{"issue":"1","key":"297_CR38","doi-asserted-by":"crossref","first-page":"20","DOI":"10.1145\/1007730.1007735","volume":"6","author":"GE Batista","year":"2004","unstructured":"Batista, G.E., Prati, R.C., Monard, M.C.: A study of the behavior of several methods for balancing machine learning training data. ACM SIGKDD Explor. Newsl. 6(1), 20\u201329 (2004)","journal-title":"ACM SIGKDD Explor. Newsl."},{"key":"297_CR39","unstructured":"Tax, D.M.J.: One-class classification. Ph.D. dissertation, Delft University of Technology (2001)"},{"issue":"1","key":"297_CR40","doi-asserted-by":"crossref","first-page":"35","DOI":"10.1016\/j.cose.2009.07.008","volume":"29","author":"GP Spathoulas","year":"2010","unstructured":"Spathoulas, G.P., Katsikas, S.K.: Reducing false positives in intrusion detection systems. Comput. Secur. 29(1), 35\u201344 (2010)","journal-title":"Comput. Secur."},{"issue":"7","key":"297_CR41","doi-asserted-by":"crossref","first-page":"1443","DOI":"10.1162\/089976601750264965","volume":"13","author":"B Sch\u00f6lkopf","year":"2001","unstructured":"Sch\u00f6lkopf, B., Platt, J.C., Shawe-Taylor, J., Smola, A.J., Williamson, R.C.: Estimating the support of a high-dimensional distribution. Neural Comput. 13(7), 1443\u20131471 (2001)","journal-title":"Neural Comput."},{"key":"297_CR42","unstructured":"Bernhard, S., Platt, J.C., Smola, A.J.: Kernel method for percentile feature extraction. Microsoft technical report, pp. 2000\u20132022 (2000)"},{"key":"297_CR43","doi-asserted-by":"crossref","unstructured":"Dinaburg, A., Royal, P., Sharif, M., Lee, W.: Ether: malware analysis via hardware virtualization extensions. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 51\u201362 (2008)","DOI":"10.1145\/1455770.1455779"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-015-0297-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10207-015-0297-6\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-015-0297-6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,29]],"date-time":"2025-05-29T22:53:44Z","timestamp":1748559224000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10207-015-0297-6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,8,9]]},"references-count":43,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2016,8]]}},"alternative-id":["297"],"URL":"https:\/\/doi.org\/10.1007\/s10207-015-0297-6","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015,8,9]]}}}