{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,3]],"date-time":"2026-03-03T16:23:33Z","timestamp":1772555013899,"version":"3.50.1"},"reference-count":45,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2020,6,16]],"date-time":"2020-06-16T00:00:00Z","timestamp":1592265600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,6,16]],"date-time":"2020-06-16T00:00:00Z","timestamp":1592265600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2021,6]]},"DOI":"10.1007\/s10207-020-00509-4","type":"journal-article","created":{"date-parts":[[2020,6,16]],"date-time":"2020-06-16T10:04:27Z","timestamp":1592301867000},"page":"371-386","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":20,"title":["MalFamAware: automatic family identification and malware classification through online clustering"],"prefix":"10.1007","volume":"20","author":[{"given":"Gregorio","family":"Pitolli","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3763-4598","authenticated-orcid":false,"given":"Giuseppe","family":"Laurenza","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Leonardo","family":"Aniello","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Leonardo","family":"Querzoni","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Roberto","family":"Baldoni","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,6,16]]},"reference":[{"key":"509_CR1","doi-asserted-by":"crossref","unstructured":"Laurenza, G., Ucci, D., Aniello, L., Baldoni, R.: An architecture for semi-automatic collaborative malware analysis for CIS. In: 3rd International Workshop on Reliability and Security Aspects for Critical Infrastructure (2016)","DOI":"10.1109\/DSN-W.2016.40"},{"key":"509_CR2","doi-asserted-by":"crossref","unstructured":"Laurenza, G., Aniello, L., Lazzeretti, R., Baldoni, R.: Malware triage based on static features and public APT reports. In: Proceedings of the First International Conference on Cyber Security Cryptography and Machine Learning, CSCML, pp. 288\u2013305 (2017)","DOI":"10.1007\/978-3-319-60080-2_21"},{"key":"509_CR3","doi-asserted-by":"publisher","first-page":"251","DOI":"10.1016\/j.cose.2015.04.001","volume":"52","author":"A Mohaisen","year":"2015","unstructured":"Mohaisen, A., Alrawi, O., Mohaisen, M.: AMAL: high-fidelity, behavior-based automated malware analysis and classification. Comput. Secur. 52, 251\u2013266 (2015)","journal-title":"Comput. Secur."},{"key":"509_CR4","doi-asserted-by":"crossref","unstructured":"Massarelli, L., Aniello, L., Ciccotelli, C., Querzoni, L., Ucci, D., Baldoni, R.: Android malware family classification based on resource consumption over time. In: 2017 12th International Conference on Malicious and Unwanted Software (MALWARE), pp. 31\u201338 (2017)","DOI":"10.1109\/MALWARE.2017.8323954"},{"issue":"4","key":"509_CR5","doi-asserted-by":"publisher","first-page":"639","DOI":"10.3233\/JCS-2010-0410","volume":"19","author":"K Rieck","year":"2011","unstructured":"Rieck, K., Trinius, P., Willems, C., Holz, T.: Automatic analysis of malware behavior using machine learning. J. Comput. Secur. 19(4), 639\u2013668 (2011)","journal-title":"J. Comput. Secur."},{"key":"509_CR6","doi-asserted-by":"crossref","unstructured":"Zhang, T., Ramakrishnan, R., Livny, M.: BIRCH: an efficient data clustering method for very large databases. In: ACM Sigmod Record, vol. 25, pp. 103\u2013114. ACM","DOI":"10.1145\/235968.233324"},{"key":"509_CR7","doi-asserted-by":"crossref","unstructured":"Pitolli, G., Aniello, L., Laurenza, G., Querzoni, L., Baldoni, R.: Malware family identification with BIRCH clustering. In: Proceedings of the 51st Annual International Carnahan Conference on Security Technology (ICCST), ICCST \u201917 (2017)","DOI":"10.1109\/CCST.2017.8167802"},{"issue":"3","key":"509_CR8","doi-asserted-by":"publisher","first-page":"41:1","DOI":"10.1145\/3073559","volume":"50","author":"Y Ye","year":"2017","unstructured":"Ye, Y., Li, T., Adjeroh, D., Iyengar, S.S.: A survey on malware detection using data mining techniques. ACM Comput. Surv. 50(3), 41:1\u201341:40 (2017)","journal-title":"ACM Comput. Surv."},{"key":"509_CR9","doi-asserted-by":"publisher","first-page":"123","DOI":"10.1016\/j.cose.2018.11.001","volume":"81","author":"D Ucci","year":"2019","unstructured":"Ucci, D., Aniello, L., Baldoni, R.: Survey of machine learning techniques for malware analysis. Comput. Secur. 81, 123\u2013147 (2019)","journal-title":"Comput. Secur."},{"issue":"4","key":"509_CR10","doi-asserted-by":"publisher","first-page":"233","DOI":"10.1007\/s11416-011-0151-y","volume":"7","author":"J Kinable","year":"2011","unstructured":"Kinable, J., Kostakis, O.: Malware classification based on call graph clustering. J. Comput. Virol. 7(4), 233\u2013245 (2011)","journal-title":"J. Comput. Virol."},{"key":"509_CR11","doi-asserted-by":"crossref","unstructured":"Hu, X., Shin, K.G.: Duet: integration of dynamic and static analyses for malware clustering with cluster ensembles. In: Proceedings of the 29th Annual Computer Security Applications Conference, pp. 79\u201388. ACM (2013)","DOI":"10.1145\/2523649.2523677"},{"key":"509_CR12","doi-asserted-by":"crossref","unstructured":"Rafique, M.Z., Caballero, J.: Firma: malware clustering and network signature generation with mixed network behaviors. In: International Workshop on Recent Advances in Intrusion Detection, pp. 144\u2013163. Springer","DOI":"10.1007\/978-3-642-41284-4_8"},{"key":"509_CR13","unstructured":"Bayer, U., Comparetti, P.M., Hlauschek, C., Kruegel, C., Kirda, E.: Scalable, behavior-based malware clustering. In: NDSS, vol.\u00a09, pp. 8\u201311. Citeseer"},{"key":"509_CR14","unstructured":"Jang, J., Brumley, D., Venkataraman, S.: Bitshred: feature hashing malware for scalable triage and semantic analysis. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 309\u2013320. ACM"},{"key":"509_CR15","doi-asserted-by":"crossref","unstructured":"Zhong, Y., Yamaki, H., Yamaguchi, Y., Takakura, H.: Ariguma code analyzer: efficient variant detection by identifying common instruction sequences in malware families. In: Computer Software and Applications Conference (COMPSAC), 2013 IEEE 37th Annual, pp. 11\u201320. IEEE (2013)","DOI":"10.1109\/COMPSAC.2013.6"},{"key":"509_CR16","doi-asserted-by":"crossref","unstructured":"Deshotels, L., Notani, V., Lakhotia, A.: Droidlegacy: automated familial classification of android malware. In: Proceedings of ACM SIGPLAN on Program Protection and Reverse Engineering Workshop 2014, p.\u00a03. ACM (2014)","DOI":"10.1145\/2556464.2556467"},{"issue":"3","key":"509_CR17","first-page":"11","volume":"26","author":"J Garcia","year":"2018","unstructured":"Garcia, J., Hammad, M., Malek, S.: Lightweight, obfuscation-resilient detection and family identification of android malware. ACM Trans. Softw. Eng. Methodol. TOSEM 26(3), 11 (2018)","journal-title":"ACM Trans. Softw. Eng. Methodol. TOSEM"},{"key":"509_CR18","doi-asserted-by":"crossref","unstructured":"Li, Y., Jang, J., Hu, X., Ou, X.: Android malware clustering through malicious payload mining. In: International Symposium on Research in Attacks, Intrusions, and Defenses, pp. 192\u2013214. Springer (2017)","DOI":"10.1007\/978-3-319-66332-6_9"},{"key":"509_CR19","doi-asserted-by":"crossref","unstructured":"Aresu, M., Ariu, D., Ahmadi, M., Maiorca, D., Giacinto, G.: Clustering android malware families by http traffic. In: 2015 10th International Conference on Malicious and Unwanted Software (MALWARE), pp. 128\u2013135. IEEE (2015)","DOI":"10.1109\/MALWARE.2015.7413693"},{"key":"509_CR20","doi-asserted-by":"publisher","unstructured":"Huang, L., Joseph, A.D., Nelson, B., Rubinstein, B.I., Tygar, J.D.: Adversarial machine learning. In: Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence, AISec \u201911, pp. 43\u201358. ACM, New York, NY, USA (2011). https:\/\/doi.org\/10.1145\/2046684.2046692","DOI":"10.1145\/2046684.2046692"},{"key":"509_CR21","unstructured":"Xu, W., Qi, Y., Evans, D.: Automatically evading classifiers. In: Proceedings of the 2016 Network and Distributed Systems Symposium, pp. 21\u201324 (2016)"},{"key":"509_CR22","doi-asserted-by":"publisher","first-page":"113","DOI":"10.1016\/j.eswa.2017.11.032","volume":"95","author":"A Calleja","year":"2018","unstructured":"Calleja, A., Mart\u00edn, A., Men\u00e9ndez, H.D., Tapiador, J., Clark, D.: Picking on the family: disrupting android malware triage by forcing misclassification. Expert Syst. Appl. 95, 113\u2013126 (2018)","journal-title":"Expert Syst. Appl."},{"key":"509_CR23","doi-asserted-by":"publisher","unstructured":"Biggio, B., Pillai, I., Rota Bul\u00f2, S., Ariu, D., Pelillo, M., Roli, F.: Is data clustering in adversarial settings secure? In: Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security, AISec \u201913, pp. 87\u201398. ACM, New York, NY, USA (2013). https:\/\/doi.org\/10.1145\/2517312.2517321","DOI":"10.1145\/2517312.2517321"},{"key":"509_CR24","doi-asserted-by":"publisher","unstructured":"Biggio, B., Rieck, K., Ariu, D., Wressnegger, C., Corona, I., Giacinto, G., Roli, F.: Poisoning behavioral malware clustering. In: Proceedings of the 2014 Workshop on Artificial Intelligent and Security Workshop, AISec \u201914, pp. 27\u201336. ACM, New York, NY, USA (2014). https:\/\/doi.org\/10.1145\/2666652.2666666","DOI":"10.1145\/2666652.2666666"},{"key":"509_CR25","volume-title":"Data Mining: Concepts and Techniques","author":"J Han","year":"2016","unstructured":"Han, J., Pei, J., Kamber, M.: Data Mining: Concepts and Techniques. Elsevier, Amsterdam (2016)"},{"key":"509_CR26","doi-asserted-by":"crossref","unstructured":"Bailey, M., Oberheide, J., Andersen, J., Mao, Z.M., Jahanian, F., Nazario, J.: Automated classification and analysis of internet malware. In: International Workshop on Recent Advances in Intrusion Detection, pp. 178\u2013197. Springer","DOI":"10.1007\/978-3-540-74320-0_10"},{"key":"509_CR27","first-page":"8","volume":"9","author":"G Wicherski","year":"2009","unstructured":"Wicherski, G.: peHash: a novel approach to fast malware clustering. LEET 9, 8 (2009)","journal-title":"LEET"},{"key":"509_CR28","doi-asserted-by":"crossref","unstructured":"Li, P., Liu, L., Gao, D., Reiter, M.K.: On challenges in evaluating malware clustering. In: RAID, vol. 6307, pp. 238\u2013255. Springer (2010)","DOI":"10.1007\/978-3-642-15512-3_13"},{"key":"509_CR29","doi-asserted-by":"crossref","unstructured":"Mohaisen, A., Alrawi, O.: Av-meter: an evaluation of antivirus scans and labels. In: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 112\u2013131. Springer","DOI":"10.1007\/978-3-319-08509-8_7"},{"key":"509_CR30","unstructured":"Harley, D.: The game of the name malware naming, shape shifters and sympathetic magic. In: CEET 3rd International Conference on Cybercrime Forensics Education & Training, San Diego, CA"},{"key":"509_CR31","doi-asserted-by":"crossref","unstructured":"Sebasti\u00e1n, M., Rivera, R., Kotzias, P., Caballero, J.: AVclass: a tool for massive malware labeling. In: International Symposium on Research in Attacks, Intrusions, and Defenses, pp. 230\u2013253. Springer","DOI":"10.1007\/978-3-319-45719-2_11"},{"key":"509_CR32","unstructured":"Kotzias, P., Bilge, L., Caballero, J.: Measuring pup prevalence and pup distribution through pay-per-install services. In: USENIX Security Symposium, pp. 739\u2013756 (2016)"},{"key":"509_CR33","doi-asserted-by":"crossref","unstructured":"Polino, M., Continella, A., Mariani, S., D\u2019Alessio, S., Fontana, L., Gritti, F., Zanero, S.: Measuring and defeating anti-instrumentation-equipped malware. In: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 73\u201396. Springer (2017)","DOI":"10.1007\/978-3-319-60876-1_4"},{"issue":"336","key":"509_CR34","doi-asserted-by":"publisher","first-page":"846","DOI":"10.1080\/01621459.1971.10482356","volume":"66","author":"WM Rand","year":"1971","unstructured":"Rand, W.M.: Objective criteria for the evaluation of clustering methods. J. Am. Stat. Assoc. 66(336), 846\u2013850 (1971)","journal-title":"J. Am. Stat. Assoc."},{"issue":"1","key":"509_CR35","doi-asserted-by":"publisher","first-page":"193","DOI":"10.1007\/BF01908075","volume":"2","author":"L Hubert","year":"1985","unstructured":"Hubert, L., Arabie, P.: Comparing partitions. J. Class. 2(1), 193\u2013218 (1985)","journal-title":"J. Class."},{"issue":"Dec","key":"509_CR36","first-page":"583","volume":"3","author":"A Strehl","year":"2002","unstructured":"Strehl, A., Ghosh, J.: Cluster ensembles\u2014a knowledge reuse framework for combining multiple partitions. J. Mach. Learn. Res. 3(Dec), 583\u2013617 (2002)","journal-title":"J. Mach. Learn. Res."},{"key":"509_CR37","doi-asserted-by":"crossref","unstructured":"Vinh, N.X., Epps, J., Bailey, J.: Information theoretic measures for clusterings comparison: is a correction for chance necessary? In: Proceedings of the 26th Annual International Conference on Machine Learning, ICML \u201909, pp. 1073\u20131080. ACM, New York, NY, USA (2009)","DOI":"10.1145\/1553374.1553511"},{"issue":"383","key":"509_CR38","doi-asserted-by":"publisher","first-page":"553","DOI":"10.1080\/01621459.1983.10478008","volume":"78","author":"EB Fowlkes","year":"1983","unstructured":"Fowlkes, E.B., Mallows, C.L.: A method for comparing two hierarchical clusterings. J. Am. Stat. Assoc. 78(383), 553\u2013569 (1983)","journal-title":"J. Am. Stat. Assoc."},{"key":"509_CR39","first-page":"226","volume":"96","author":"M Ester","year":"1996","unstructured":"Ester, M., Kriegel, H.-P., Sander, J., Xu, X., et al.: A density-based algorithm for discovering clusters in large spatial databases with noise. KDD 96, 226\u2013231 (1996)","journal-title":"KDD"},{"key":"509_CR40","doi-asserted-by":"publisher","DOI":"10.1007\/b107408","volume-title":"Data Mining and Knowledge Discovery Handbook","author":"O Maimon","year":"2005","unstructured":"Maimon, O., Rokach, L.: Data Mining and Knowledge Discovery Handbook, vol. 2. Springer, New York (2005)"},{"key":"509_CR41","unstructured":"MacQueen, J., et al.: Some methods for classification and analysis of multivariate observations In: Proceedings of the Fifth Berkeley Symposium on Mathematical Statistics and Probability, vol. 1, pp. 281\u2013297. Oakland, CA, USA (1967)"},{"key":"509_CR42","doi-asserted-by":"crossref","unstructured":"Sculley, D.: Web-scale k-means clustering. In: Proceedings of the 19th International Conference on World Wide Web. ACM (2010)","DOI":"10.1145\/1772690.1772862"},{"issue":"8","key":"509_CR43","doi-asserted-by":"publisher","first-page":"897","DOI":"10.1038\/nbt1406","volume":"26","author":"CB Do","year":"2008","unstructured":"Do, C.B., Batzoglou, S.: What is the expectation maximization algorithm? Nat. Biotechnol. 26(8), 897\u2013899 (2008)","journal-title":"Nat. Biotechnol."},{"key":"509_CR44","doi-asserted-by":"crossref","unstructured":"Guha, S., Rastogi, R., Shim, K.: Cure: an efficient clustering algorithm for large databases. In: ACM Sigmod Record, vol. 27, pp. 73\u201384. ACM (1998)","DOI":"10.1145\/276305.276312"},{"key":"509_CR45","unstructured":"Steinbach, M., Karypis, G., Kumar, V., et al.: A comparison of document clustering techniques. In: KDD Workshop on Text Mining, Boston, vol. 400, pp. 525\u2013526 (2000)"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-020-00509-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-020-00509-4\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-020-00509-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,6,15]],"date-time":"2021-06-15T23:09:39Z","timestamp":1623798579000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-020-00509-4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,6,16]]},"references-count":45,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2021,6]]}},"alternative-id":["509"],"URL":"https:\/\/doi.org\/10.1007\/s10207-020-00509-4","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,6,16]]},"assertion":[{"value":"16 June 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Compliance with ethical standards"}},{"value":"Gregorio Pitolli, Giuseppe Laurenza, Leonardo Aniello, Leonardo Querzoni, Roberto Baldoni have declared that they have no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"This article does not contain any studies with human participants or animals performed by any of the authors.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical approval"}}]}}