{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,21]],"date-time":"2026-01-21T19:20:04Z","timestamp":1769023204505,"version":"3.49.0"},"reference-count":35,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2019,4,26]],"date-time":"2019-04-26T00:00:00Z","timestamp":1556236800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"funder":[{"DOI":"10.13039\/501100004530","name":"Universiti Putra Malaysia","doi-asserted-by":"publisher","award":["GP\/2018\/9621600"],"award-info":[{"award-number":["GP\/2018\/9621600"]}],"id":[{"id":"10.13039\/501100004530","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Comput Virol Hack Tech"],"published-print":{"date-parts":[[2019,9]]},"DOI":"10.1007\/s11416-019-00331-0","type":"journal-article","created":{"date-parts":[[2019,4,26]],"date-time":"2019-04-26T06:04:29Z","timestamp":1556258669000},"page":"195-208","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":13,"title":["Nonnegative matrix factorization and metamorphic malware detection"],"prefix":"10.1007","volume":"15","author":[{"given":"Yeong Tyng","family":"Ling","sequence":"first","affiliation":[]},{"given":"Nor Fazlida Mohd","family":"Sani","sequence":"additional","affiliation":[]},{"given":"Mohd Taufik","family":"Abdullah","sequence":"additional","affiliation":[]},{"given":"Nor Asilah Wati Abdul","family":"Hamid","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,4,26]]},"reference":[{"key":"331_CR1","unstructured":"2018 Internet Security Threat Report: \n                    https:\/\/resource.elq.symantec.com\/LP=5840?cid=70138000000rm1eAAA\n                    \n                   (2018)"},{"key":"331_CR2","doi-asserted-by":"publisher","first-page":"212","DOI":"10.1016\/j.cose.2014.10.011","volume":"48","author":"S Alam","year":"2015","unstructured":"Alam, S., Horspool, R.N., Traore, I., Sogukpinar, I.: A framework for metamorphic malware analysis and real-time detection. Comput. Secur. 48, 212\u2013233 (2015)","journal-title":"Comput. Secur."},{"key":"331_CR3","unstructured":"Alshahwan, N., Barr, E.T., Clark, D., Danezis, G.: Detecting malware with information complexity. \n                    arXiv:1502.07661\n                    \n                   (2015)"},{"key":"331_CR4","doi-asserted-by":"crossref","unstructured":"Austin, T.H., Filiol, E., Josse, S., Stamp, M.: Exploring hidden markov models for virus analysis: a semantic approach. In: 2013 46th Hawaii International Conference on System Sciences (HICSS), pp. 5039\u20135048. IEEE (2013)","DOI":"10.1109\/HICSS.2013.217"},{"issue":"4","key":"331_CR5","doi-asserted-by":"publisher","first-page":"179","DOI":"10.1007\/s11416-013-0185-4","volume":"9","author":"D Baysa","year":"2013","unstructured":"Baysa, D., Low, R.M., Stamp, M.: Structural entropy and metamorphic malware. J. Comput. Virol. Hacking Tech. 9(4), 179\u2013192 (2013)","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"331_CR6","unstructured":"Bhattacharya, S., Men\u00e9ndez, H.D., Barr, E., Clark, D.: Itect: scalable information theoretic similarity for malware detection. \n                    arXiv:1609.02404\n                    \n                   (2016)"},{"issue":"3","key":"331_CR7","doi-asserted-by":"publisher","first-page":"211","DOI":"10.1007\/s11416-008-0084-2","volume":"4","author":"JM Borello","year":"2008","unstructured":"Borello, J.M., M\u00e9, L.: Code obfuscation techniques for metamorphic viruses. J. Comput. Virol. 4(3), 211\u2013220 (2008)","journal-title":"J. Comput. Virol."},{"key":"331_CR8","volume-title":"Elements of Information Theory","author":"TM Cover","year":"2006","unstructured":"Cover, T.M., Thomas, J.A.: Elements of Information Theory, 2nd edn. Wiley, Hoboken (2006)","edition":"2"},{"key":"331_CR9","unstructured":"Cygwin: Cygwin get that linux feeling\u2014on windows. \n                    http:\/\/www.cygwin.com\/\n                    \n                  . Accessed 23 July 2018"},{"issue":"1","key":"331_CR10","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1007\/s11416-013-0193-4","volume":"10","author":"S Deshpande","year":"2014","unstructured":"Deshpande, S., Park, Y., Stamp, M.: Eigenvalue analysis for metamorphic detection. J. Comput. Virol. Hacking Tech. 10(1), 53\u201365 (2014)","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"331_CR11","doi-asserted-by":"publisher","unstructured":"Ekhtoom, D., Al-Ayyoub, M., Al-Saleh, M., Alsmirat, M., Hmeidi, I.: A compression-based technique to classify metamorphic malware. In: 2016 IEEE\/ACS 13th International Conference of Computer Systems and Applications (AICCSA), pp. 1\u20136 (2016). \n                    https:\/\/doi.org\/10.1109\/AICCSA.2016.7945801","DOI":"10.1109\/AICCSA.2016.7945801"},{"issue":"12","key":"331_CR12","doi-asserted-by":"publisher","first-page":"3736","DOI":"10.1109\/TIP.2006.881969","volume":"15","author":"M Elad","year":"2006","unstructured":"Elad, M., Aharon, M.: Image denoising via sparse and redundant representations over learned dictionaries. IEEE Trans. Image Process. 15(12), 3736\u20133745 (2006)","journal-title":"IEEE Trans. Image Process."},{"key":"331_CR13","unstructured":"http:\/\/vxheaven.org\/lib\/vzo21.html\n                    \n                   (2001)"},{"issue":"4","key":"331_CR14","doi-asserted-by":"publisher","first-page":"203","DOI":"10.1007\/s11416-014-0220-0","volume":"11","author":"RK Jidigam","year":"2015","unstructured":"Jidigam, R.K., Austin, T.H., Stamp, M.: Singular value decomposition and metamorphic detection. J. Comput. Virol. Hacking Tech. 11(4), 203\u2013216 (2015)","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"331_CR15","unstructured":"Kaggle: Microsoft malware classification challenge (big 2015). \n                    http:\/\/arxiv.org\/abs\/1802.10135\n                    \n                   (2016). Accessed 23 July 2018"},{"issue":"3","key":"331_CR16","doi-asserted-by":"publisher","first-page":"1157","DOI":"10.12928\/telkomnika.v14i3.3850","volume":"14","author":"BM Khammas","year":"2016","unstructured":"Khammas, B.M., Monemi, A., Ismail, I., Nor, S.M., Marsono, M.: Metamorphic malware detection based on support vector machine classification of malware sub-signatures. TELKOMNIKA (Telecommun. Comput. Electron. Control) 14(3), 1157\u20131165 (2016)","journal-title":"TELKOMNIKA (Telecommun. Comput. Electron. Control)"},{"issue":"6755","key":"331_CR17","doi-asserted-by":"publisher","first-page":"788","DOI":"10.1038\/44565","volume":"401","author":"DD Lee","year":"1999","unstructured":"Lee, D.D., Seung, H.S.: Learning the parts of objects by non-negative matrix factorization. Nature 401(6755), 788 (1999)","journal-title":"Nature"},{"key":"331_CR18","unstructured":"Lee, D.D., Seung, H.S.: Algorithms for non-negative matrix factorization. In: Advances in Neural Information Processing Systems, pp. 556\u2013562 (2001)"},{"issue":"2","key":"331_CR19","doi-asserted-by":"publisher","first-page":"124","DOI":"10.1504\/IJSN.2015.070426","volume":"10","author":"J Lee","year":"2015","unstructured":"Lee, J., Austin, T.H., Stamp, M.: Compression-based analysis of metamorphic malware. Int. J. Secur. Netw. 10(2), 124\u2013136 (2015)","journal-title":"Int. J. Secur. Netw."},{"key":"331_CR20","doi-asserted-by":"crossref","unstructured":"Li, Y., Ngom, A.: Non-negative matrix and tensor factorization based classification of clinical microarray gene expression data. In: 2010 IEEE International Conference on Bioinformatics and Biomedicine (BIBM), pp. 438\u2013443. IEEE (2010)","DOI":"10.1109\/BIBM.2010.5706606"},{"issue":"2","key":"331_CR21","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1109\/MSP.2007.48","volume":"5","author":"R Lyda","year":"2007","unstructured":"Lyda, R., Hamrock, J.: Using entropy analysis to find encrypted and packed malware. IEEE Secur. Priv. 5(2), 40\u201345 (2007)","journal-title":"IEEE Secur. Priv."},{"key":"331_CR22","unstructured":"Microsoft: Windows defender security intelligence. \n                    https:\/\/www.microsoft.com\/en-us\/wdsi\/threats\/malware-encyclopedia-description?Name=Win32%2FVundo\n                    \n                   (2012). Accessed 16 May 2016"},{"key":"331_CR23","first-page":"77","volume":"12","author":"V Mohan","year":"2012","unstructured":"Mohan, V., Hamlen, K.W.: Frankenstein: stitching malware from benign binaries. WOOT 12, 77\u201384 (2012)","journal-title":"WOOT"},{"issue":"2","key":"331_CR24","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1002\/env.3170050203","volume":"5","author":"P Paatero","year":"1994","unstructured":"Paatero, P., Tapper, U.: Positive matrix factorization: a non-negative factor model with optimal utilization of error estimates of data values. Environmetrics 5(2), 111\u2013126 (1994)","journal-title":"Environmetrics"},{"key":"331_CR25","doi-asserted-by":"crossref","unstructured":"Radkani, E., Hashemi, S., Keshavarz-Haddad, A., Haeri, M.A.: An entropy-based distance measure for analyzing and detecting metamorphic malware. Appl. Intell., 1\u201311 (2017)","DOI":"10.1007\/s10489-017-1045-6"},{"issue":"3","key":"331_CR26","doi-asserted-by":"publisher","first-page":"e0118432","DOI":"10.1371\/journal.pone.0118432","volume":"10","author":"T Saito","year":"2015","unstructured":"Saito, T., Rehmsmeier, M.: The precision-recall plot is more informative than the roc plot when evaluating binary classifiers on imbalanced datasets. PloS ONE 10(3), e0118432 (2015)","journal-title":"PloS ONE"},{"issue":"4","key":"331_CR27","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1049\/iet-ifs.2010.0136","volume":"5","author":"ME Saleh","year":"2011","unstructured":"Saleh, M.E., Mohamed, A.B., Nabi, A.A.: Eigenviruses for metamorphic virus recognition. IET Inf. Secur. 5(4), 191\u2013198 (2011)","journal-title":"IET Inf. Secur."},{"key":"331_CR28","unstructured":"Snort: Snort. \n                    https:\/\/www.snort.org\/"},{"issue":"2","key":"331_CR29","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1007\/s11416-012-0174-z","volume":"9","author":"SM Sridhara","year":"2013","unstructured":"Sridhara, S.M., Stamp, M.: Metamorphic worm that carries its own morphing engine. J. Comput. Virol. Hacking Tech. 9(2), 49\u201358 (2013)","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"331_CR30","unstructured":"Support for Gzip Files: \n                    https:\/\/docs.python.org\/2\/library\/gzip.html\/\n                    \n                   (2017). Accessed 28 Nov 2017"},{"key":"331_CR31","unstructured":"SysTutorials: xxd (1)\u2014linux man pages. \n                    https:\/\/www.systutorials.com\/docs\/linux\/man\/1-xxd\/"},{"key":"331_CR32","unstructured":"Szor, P., Ferrie, P.: Hunting for metamorphic, symantec security response. \n                    https:\/\/www.symantec.com\/avcenter\/reference\/hunting.for.metamorphic.pdf\n                    \n                   (2003)"},{"issue":"2","key":"331_CR33","doi-asserted-by":"publisher","first-page":"130","DOI":"10.1016\/j.jides.2016.10.009","volume":"3","author":"M Wojnowicz","year":"2016","unstructured":"Wojnowicz, M., Chisholm, G., Wolff, M., Zhao, X.: Wavelet decomposition of software entropy reveals symptoms of malicious code. J. Innov. Digit. Ecosyst. 3(2), 130\u2013140 (2016)","journal-title":"J. Innov. Digit. Ecosyst."},{"key":"331_CR34","unstructured":"Wong, W.: Analysis and detection of metamorphic computer viruses. Ph.D. thesis, San Jose State University (2006)"},{"key":"331_CR35","doi-asserted-by":"crossref","unstructured":"You, I., Yim, K.: Malware obfuscation techniques: a brief survey. In: 2010 International Conference on Broadband, Wireless Computing, Communication and Applications (BWCCA), pp. 297\u2013300. IEEE (2010)","DOI":"10.1109\/BWCCA.2010.85"}],"container-title":["Journal of Computer Virology and Hacking Techniques"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-019-00331-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s11416-019-00331-0\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-019-00331-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,4,24]],"date-time":"2020-04-24T23:21:00Z","timestamp":1587770460000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s11416-019-00331-0"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,4,26]]},"references-count":35,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2019,9]]}},"alternative-id":["331"],"URL":"https:\/\/doi.org\/10.1007\/s11416-019-00331-0","relation":{},"ISSN":["2263-8733"],"issn-type":[{"value":"2263-8733","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,4,26]]},"assertion":[{"value":"5 August 2018","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 March 2019","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"26 April 2019","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}