{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,9]],"date-time":"2026-03-09T21:00:59Z","timestamp":1773090059815,"version":"3.50.1"},"reference-count":36,"publisher":"Springer Science and Business Media LLC","issue":"23","license":[{"start":{"date-parts":[[2023,10,21]],"date-time":"2023-10-21T00:00:00Z","timestamp":1697846400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,10,21]],"date-time":"2023-10-21T00:00:00Z","timestamp":1697846400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Appl Intell"],"published-print":{"date-parts":[[2023,12]]},"DOI":"10.1007\/s10489-023-05086-2","type":"journal-article","created":{"date-parts":[[2023,10,21]],"date-time":"2023-10-21T03:16:57Z","timestamp":1697858217000},"page":"29094-29108","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["Feature mining and classifier selection for API calls-based malware detection"],"prefix":"10.1007","volume":"53","author":[{"ORCID":"https:\/\/orcid.org\/0009-0001-0138-8604","authenticated-orcid":false,"given":"Gheorghe","family":"Balan","sequence":"first","affiliation":[]},{"given":"Ciprian-Alin","family":"Simion","sequence":"additional","affiliation":[]},{"given":"Drago\u015f Teodor","family":"Gavrilu\u0163","sequence":"additional","affiliation":[]},{"given":"Henri","family":"Luchian","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,10,21]]},"reference":[{"key":"5086_CR1","doi-asserted-by":"crossref","unstructured":"Balan G, Gavrilu\u0162 DT, Luchian H (2022) Using api calls for sequence-pattern feature mining-based malware detection. In: Information security practice and experience, pp 233\u2013251","DOI":"10.1007\/978-3-031-21280-2_13"},{"key":"5086_CR2","doi-asserted-by":"publisher","DOI":"10.1016\/j.compind.2022.103751","volume":"143","author":"C Catalano","year":"2022","unstructured":"Catalano C, Chezzi A, Angelelli M, Tommasi F (2022) Deceiving ai-based malware detection through polymorphic attacks. Comput Ind 143:103751. https:\/\/doi.org\/10.1016\/j.compind.2022.103751","journal-title":"Comput Ind"},{"key":"5086_CR3","doi-asserted-by":"publisher","unstructured":"Alhashmi AA, Darem AA, Alashjaee AM, Alanazi SM, Alkhaldi TM, Ebad SA, Ghaleb FA, Almadani AM (2023) Similarity-based hybrid malware detection model using api calls. Mathematics 11(13). https:\/\/doi.org\/10.3390\/math11132944","DOI":"10.3390\/math11132944"},{"key":"5086_CR4","doi-asserted-by":"publisher","unstructured":"Pascanu R, Stokes J, Sanossian H, Marinescu M, Thomas A (2015) Malware classification with recurrent networks, pp 1916\u20131920. https:\/\/doi.org\/10.1109\/ICASSP.2015.7178304","DOI":"10.1109\/ICASSP.2015.7178304"},{"key":"5086_CR5","doi-asserted-by":"publisher","unstructured":"Athiwaratkun B, Stokes J (2017) Malware classification with lstm and gru language models and a character-level cnn, pp 2482\u20132486. https:\/\/doi.org\/10.1109\/ICASSP.2017.7952603","DOI":"10.1109\/ICASSP.2017.7952603"},{"key":"5086_CR6","doi-asserted-by":"publisher","unstructured":"Rabadi D, Teo S (2020) Advanced windows methods on malware detection and classification, pp 54\u201368. https:\/\/doi.org\/10.1145\/3427228.3427242","DOI":"10.1145\/3427228.3427242"},{"key":"5086_CR7","doi-asserted-by":"publisher","unstructured":"Amer E, Zelinka I (2020) A dynamic windows malware detection and prediction method based on contextual understanding of api call sequence. Comput Secur. https:\/\/doi.org\/10.1016\/j.cose.2020.101760","DOI":"10.1016\/j.cose.2020.101760"},{"key":"5086_CR8","doi-asserted-by":"publisher","unstructured":"Amer E, El-Sappagh S, Hu J (2020) Contextual identification of windows malware through semantic interpretation of api call sequence. Appl Sci 10. https:\/\/doi.org\/10.3390\/app10217673","DOI":"10.3390\/app10217673"},{"key":"5086_CR9","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102872","volume":"122","author":"C Li","year":"2022","unstructured":"Li C, Cheng Z, Zhu H, Wang L, Lv Q, Wang Y, Li N, Sun D (2022) Dmalnet: Dynamic malware analysis based on api feature engineering and graph learning. Comput Secur 122:102872. https:\/\/doi.org\/10.1016\/j.cose.2022.102872","journal-title":"Comput Secur"},{"key":"5086_CR10","unstructured":"Lin C-T, Wang N-J, Xiao H, Eckert C (2015) Feature selection and extraction for malware classification"},{"key":"5086_CR11","doi-asserted-by":"publisher","unstructured":"Xu K, Li Y, Deng R, Chen K, Xu J (2019) Droidevolver: Self-evolving android malware detection system. https:\/\/doi.org\/10.1109\/EuroSP.2019.00014","DOI":"10.1109\/EuroSP.2019.00014"},{"key":"5086_CR12","doi-asserted-by":"publisher","unstructured":"Kim H, Kim J, Kim Y, Kim I, Kim K, Kim H (2019) Improvement of malware detection and classification using api call sequence alignment and visualization. Clust Comput 22. https:\/\/doi.org\/10.1007\/s10586-017-1110-2","DOI":"10.1007\/s10586-017-1110-2"},{"key":"5086_CR13","doi-asserted-by":"publisher","unstructured":"Uppal D, Sinha R, Mehra V, Jain V (2014) Malware detection and classification based on extraction of api sequences, pp 2337\u20132342. https:\/\/doi.org\/10.1109\/ICACCI.2014.6968547","DOI":"10.1109\/ICACCI.2014.6968547"},{"key":"5086_CR14","doi-asserted-by":"publisher","unstructured":"Choi S, Bae J, Lee C, Kim Y, Kim J (2020). Attention-based automated feature extraction for malware analysis. https:\/\/doi.org\/10.3390\/s20102893","DOI":"10.3390\/s20102893"},{"key":"5086_CR15","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2021.107443","volume":"232","author":"X Wang","year":"2021","unstructured":"Wang X, Wu P, Xu Q, Zeng Z, Xie Y (2021) Joint image clustering and feature selection with auto-adjoined learning for high-dimensional data. Knowl-Based Syst 232:107443. https:\/\/doi.org\/10.1016\/j.knosys.2021.107443","journal-title":"Knowl-Based Syst"},{"key":"5086_CR16","doi-asserted-by":"publisher","first-page":"20","DOI":"10.5815\/ijeme.2018.02.03","volume":"8","author":"R Tahir","year":"2018","unstructured":"Tahir R (2018) A study on malware and malware detection techniques. Int J Educ Manag Eng 8:20\u201330. https:\/\/doi.org\/10.5815\/ijeme.2018.02.03","journal-title":"Int J Educ Manag Eng"},{"key":"5086_CR17","unstructured":"Anderson H (2017) Evading machine learning malware detection"},{"key":"5086_CR18","unstructured":"Anderson H, Kharkar A, Filar B, Evans D, Roth P (2018) Learning to evade static pe machine learning malware models via reinforcement learning"},{"key":"5086_CR19","unstructured":"TrendMicro (2023) DARKCOMET. https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/DARKCOMET. Accessed 2023-07-31"},{"key":"5086_CR20","unstructured":"Sentinel H (2023) HD Sentinel. https:\/\/www.hdsentinel.com\/download.php. Accessed 2023-07-31"},{"key":"5086_CR21","unstructured":"Virustotal (2023) DarkComet. https:\/\/www.virustotal.com\/gui\/file\/707d4a225237425bb60718dd0b914cba. Accessed 2023-07-31"},{"key":"5086_CR22","doi-asserted-by":"publisher","unstructured":"Lita C, Cosovan D, Gavrilut D (2018). Anti-emulation trends in modern packers: a survey on the evolution of anti-emulation techniques in upa packers. https:\/\/doi.org\/10.1007\/s11416-017-0291-9","DOI":"10.1007\/s11416-017-0291-9"},{"key":"5086_CR23","doi-asserted-by":"publisher","unstructured":"Sundarkumar G, Vadlamani R, Nwogu I, Govindaraju V (2015) Malware detection via api calls, topic models and machine learning, pp 1212\u20131217. https:\/\/doi.org\/10.1109\/CoASE.2015.7294263","DOI":"10.1109\/CoASE.2015.7294263"},{"key":"5086_CR24","doi-asserted-by":"publisher","unstructured":"Alazab M, Venkatraman S, Watters P (2010). Towards understanding malware behaviour by the extraction of api calls. https:\/\/doi.org\/10.1109\/CTC.2010.8","DOI":"10.1109\/CTC.2010.8"},{"key":"5086_CR25","doi-asserted-by":"publisher","unstructured":"Elhadi A, Maarof M, Barry B (2013) Improving the detection of malware behaviour using simplified data dependent api call graph. Int J Secur its Appl 7:29\u201342. https:\/\/doi.org\/10.14257\/ijsia.2013.7.5.03","DOI":"10.14257\/ijsia.2013.7.5.03"},{"key":"5086_CR26","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1155\/2015\/659101","volume":"2015","author":"Y Ki","year":"2015","unstructured":"Ki Y, Kim E, Kim HK (2015) A novel approach to detect malware based on api call sequence analysis. Int J Distrib Sens Netw 2015:1\u20139. https:\/\/doi.org\/10.1155\/2015\/659101","journal-title":"Int J Distrib Sens Netw"},{"key":"5086_CR27","doi-asserted-by":"publisher","unstructured":"Gavrilut D, Cimpoesu M, Anton D, Ciortuz L (2009) Malware detection using perceptrons and support vector machines, pp 283\u2013288. https:\/\/doi.org\/10.1109\/ComputationWorld.2009.85","DOI":"10.1109\/ComputationWorld.2009.85"},{"key":"5086_CR28","doi-asserted-by":"publisher","unstructured":"Balan G, Popescu A (2018) Detecting java compiled malware using machine learning techniques, pp 435\u2013439. https:\/\/doi.org\/10.1109\/SYNASC.2018.00073","DOI":"10.1109\/SYNASC.2018.00073"},{"key":"5086_CR29","doi-asserted-by":"publisher","unstructured":"Gavrilut D, Benchea R, Vatamanu C (2012) Optimized zero false positives perceptron training for malware detection, pp 247\u2013253. https:\/\/doi.org\/10.1109\/SYNASC.2012.34","DOI":"10.1109\/SYNASC.2012.34"},{"key":"5086_CR30","doi-asserted-by":"publisher","unstructured":"Kurbiel T, Khaleghian S (2017) Training of deep neural networks based on distance measures using RMSProp. https:\/\/doi.org\/10.48550\/ARXIV.1708.01911","DOI":"10.48550\/ARXIV.1708.01911"},{"key":"5086_CR31","doi-asserted-by":"crossref","unstructured":"Zhao M, Ge F, Zhang T, Yuan Z (2011) Antimaldroid: An efficient svm-based malware detection framework for android. In: Liu C, Chang J, Yang A (eds.) Information computing and applications","DOI":"10.1007\/978-3-642-27503-6_22"},{"key":"5086_CR32","doi-asserted-by":"publisher","unstructured":"Sanjaa B, Chuluun E (2013) Malware detection using linear svm. In: Ifost. https:\/\/doi.org\/10.1109\/IFOST.2013.6616872","DOI":"10.1109\/IFOST.2013.6616872"},{"key":"5086_CR33","doi-asserted-by":"publisher","unstructured":"Abu Al-Haija Q, Odeh A, Qattous H (2022) Pdf malware detection based on optimizable decision trees 11(19). https:\/\/doi.org\/10.3390\/electronics11193142","DOI":"10.3390\/electronics11193142"},{"key":"5086_CR34","unstructured":"Garcia FCC, II FPM (2016) Random forest for malware classification. CoRR arXiv:1609.07770"},{"key":"5086_CR35","doi-asserted-by":"publisher","unstructured":"Artur M (2021) Review the performance of the bernoulli naive bayes classifier in intrusion detection systems using recursive feature elimination with cross-validated selection of the best number of features. Procedia Comput Sci. https:\/\/doi.org\/10.1016\/j.procs.2021.06.066","DOI":"10.1016\/j.procs.2021.06.066"},{"key":"5086_CR36","doi-asserted-by":"publisher","unstructured":"Gavrilut DT, Anton DG, Popoiu G (2017) Machine learning based malware detection - how to balance memory footprint with model accuracy. In: 2017 19th International symposium on symbolic and numeric algorithms for scientific computing (SYNASC), pp 232\u2013238. https:\/\/doi.org\/10.1109\/SYNASC.2017.00045","DOI":"10.1109\/SYNASC.2017.00045"}],"container-title":["Applied Intelligence"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10489-023-05086-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10489-023-05086-2\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10489-023-05086-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,11,29]],"date-time":"2023-11-29T14:25:26Z","timestamp":1701267926000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10489-023-05086-2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,10,21]]},"references-count":36,"journal-issue":{"issue":"23","published-print":{"date-parts":[[2023,12]]}},"alternative-id":["5086"],"URL":"https:\/\/doi.org\/10.1007\/s10489-023-05086-2","relation":{},"ISSN":["0924-669X","1573-7497"],"issn-type":[{"value":"0924-669X","type":"print"},{"value":"1573-7497","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,10,21]]},"assertion":[{"value":"5 October 2023","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"21 October 2023","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no conflicts of interest or competing interests regarding the publication of this study.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflicts of interest"}},{"value":"All authors of this paper made substantial contributions to the conception and design of the work, drafted the work or revised it critically for important intellectual content, approved the version to be published and agree to be accountable for all aspects of the work in ensuring that questions related to the accuracy or integrity of any part of the work are appropriately investigated and resolved.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Consent to participate \/ for publication"}}]}}