{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,8]],"date-time":"2025-09-08T06:03:51Z","timestamp":1757311431074,"version":"3.37.3"},"reference-count":51,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2021,10,31]],"date-time":"2021-10-31T00:00:00Z","timestamp":1635638400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,10,31]],"date-time":"2021-10-31T00:00:00Z","timestamp":1635638400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Comput Virol Hack Tech"],"published-print":{"date-parts":[[2022,9]]},"DOI":"10.1007\/s11416-021-00404-z","type":"journal-article","created":{"date-parts":[[2021,11,1]],"date-time":"2021-11-01T10:05:53Z","timestamp":1635761153000},"page":"183-203","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Metamorphic malware detection using structural features and nonnegative matrix factorization with hidden markov model"],"prefix":"10.1007","volume":"18","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4266-6188","authenticated-orcid":false,"given":"Yeong Tyng","family":"Ling","sequence":"first","affiliation":[]},{"given":"Nor Fazlida Mohd","family":"Sani","sequence":"additional","affiliation":[]},{"given":"Mohd Taufik","family":"Abdullah","sequence":"additional","affiliation":[]},{"given":"Nor Asilah Wati Abdul","family":"Hamid","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,10,31]]},"reference":[{"issue":"2","key":"404_CR1","doi-asserted-by":"publisher","first-page":"59","DOI":"10.1007\/s11416-014-0215-x","volume":"11","author":"C Annachhatre","year":"2015","unstructured":"Annachhatre, C., Austin, T.H., Stamp, M.: Hidden markov models for malware classification. J. Comput. Virol. Hack. Tech. 11(2), 59\u201373 (2015)","journal-title":"J. Comput. Virol. Hack. Tech."},{"key":"404_CR2","doi-asserted-by":"crossref","unstructured":"Austin, T.H., Filiol, E., Josse, S., Stamp, M.: Exploring hidden markov models for virus analysis: a semantic approach. In: System Sciences (HICSS), 2013 46th Hawaii International Conference on, IEEE, pp 5039\u20135048 (2013)","DOI":"10.1109\/HICSS.2013.217"},{"key":"404_CR3","doi-asserted-by":"crossref","unstructured":"Baldangombo, U., Jambaljav, N., Horng, S.J.: A static malware detection system using data mining methods. arXiv preprint arXiv:1308.2831 (2013)","DOI":"10.5121\/ijaia.2013.4411"},{"key":"404_CR4","doi-asserted-by":"crossref","unstructured":"Basole, S., Di\u00a0Troia, F., Stamp, M.: Multifamily malware models. J. Comput. Virol. Hack. Tech., pp. 1\u201314 (2020)","DOI":"10.1007\/s11416-019-00345-8"},{"issue":"1","key":"404_CR5","doi-asserted-by":"publisher","first-page":"164","DOI":"10.1214\/aoms\/1177697196","volume":"41","author":"LE Baum","year":"1970","unstructured":"Baum, L.E., Petrie, T., Soules, G., Weiss, N.: A maximization technique occurring in the statistical analysis of probabilistic functions of Markov chains. Ann. Math. Stat. 41(1), 164\u2013171 (1970)","journal-title":"Ann. Math. Stat."},{"issue":"4","key":"404_CR6","doi-asserted-by":"publisher","first-page":"179","DOI":"10.1007\/s11416-013-0185-4","volume":"9","author":"D Baysa","year":"2013","unstructured":"Baysa, D., Low, R.M., Stamp, M.: Structural entropy and metamorphic malware. J. Comput. Virol. Hack. Tech. 9(4), 179\u2013192 (2013)","journal-title":"J. Comput. Virol. Hack. Tech."},{"issue":"3","key":"404_CR7","first-page":"57","volume":"23","author":"G Canfora","year":"2014","unstructured":"Canfora, G., Mercaldo, F., Visaggio, C.A., Di Notte, P.: Metamorphic malware detection using code metrics. Inf. Secur. J.: Glob. Perspect. 23(3), 57\u201367 (2014)","journal-title":"Inf. Secur. J.: Glob. Perspect."},{"key":"404_CR8","doi-asserted-by":"crossref","unstructured":"Cesare, S., Xiang, Y.: Software Similarity and Classification. Springer, Berlin (2012)","DOI":"10.1007\/978-1-4471-2909-7"},{"key":"404_CR9","volume-title":"Elements of Information Theory","author":"TM Cover","year":"2006","unstructured":"Cover, T.M., Thomas, J.A.: Elements of Information Theory. Wiley, London (2006)"},{"issue":"1","key":"404_CR10","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1007\/s11416-013-0193-4","volume":"10","author":"S Deshpande","year":"2014","unstructured":"Deshpande, S., Park, Y., Stamp, M.: Eigenvalue analysis for metamorphic detection. J. Comput. Virol. Hack. Tech. 10(1), 53\u201365 (2014)","journal-title":"J. Comput. Virol. Hack. Tech."},{"key":"404_CR11","doi-asserted-by":"crossref","unstructured":"Gharacheh, M., Derhami, V., Hashemi, S., Fard, S.M.H.: Detection of metamorphic malware based on hmm: a hierarchical approach. Int. J. Intell. Syst. Appl. 8(4) (2016)","DOI":"10.5815\/ijisa.2016.04.02"},{"key":"404_CR12","doi-asserted-by":"crossref","unstructured":"Gibert, D., Mateu, C., Planes, J., Vicens, R.: Classification of malware by using structural entropy on convolutional neural networks. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol.\u00a032 (2018)","DOI":"10.1609\/aaai.v32i1.11409"},{"key":"404_CR13","doi-asserted-by":"crossref","unstructured":"Gibert, D., Mateu, C., Planes, J.: A hierarchical convolutional neural network for malware classification. In: 2019 International Joint Conference on Neural Networks (IJCNN), IEEE, pp. 1\u20138 (2019)","DOI":"10.1109\/IJCNN.2019.8852469"},{"key":"404_CR14","unstructured":"Gingrich, P.: Introductory Statistics for the Social Sciences. University of Regina, Department of Sociology and Social Sciences (1992)"},{"issue":"1","key":"404_CR15","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1016\/j.jnca.2008.04.006","volume":"32","author":"X Guan","year":"2009","unstructured":"Guan, X., Wang, W., Zhang, X.: Fast intrusion detection based on a non-negative matrix factorization model. J. Netw. Comput. Appl. 32(1), 31\u201344 (2009)","journal-title":"J. Netw. Comput. Appl."},{"key":"404_CR16","doi-asserted-by":"crossref","unstructured":"Guillamet, D., Schiele, B., Vitria, J.: Analyzing non-negative matrix factorization for image classification. In: Object Recognition Supported by User Interaction for Service Robots, IEEE 2, 116\u2013119 (2002)","DOI":"10.1109\/ICPR.2002.1048251"},{"key":"404_CR17","doi-asserted-by":"crossref","unstructured":"Hamon, R., Borgnat, P., Flandrin, P., Robardet, C.: Nonnegative matrix factorization to find features in temporal networks. In: 2014 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), IEEE, pp. 1065\u20131069 (2014)","DOI":"10.1109\/ICASSP.2014.6853760"},{"key":"404_CR18","doi-asserted-by":"crossref","unstructured":"Imran, M., Afzal, M.T., Qadir, M.A.: Using hidden markov model for dynamic malware analysis: first impressions. In: Fuzzy Systems and Knowledge Discovery (FSKD), 2015 12th International Conference on, IEEE, pp. 816\u2013821 (2015)","DOI":"10.1109\/FSKD.2015.7382048"},{"issue":"4","key":"404_CR19","doi-asserted-by":"publisher","first-page":"203","DOI":"10.1007\/s11416-014-0220-0","volume":"11","author":"RK Jidigam","year":"2015","unstructured":"Jidigam, R.K., Austin, T.H., Stamp, M.: Singular value decomposition and metamorphic detection. J. Comput. Virol. Hack. Tech. 11(4), 203\u2013216 (2015)","journal-title":"J. Comput. Virol. Hack. Tech."},{"key":"404_CR20","doi-asserted-by":"crossref","unstructured":"Kakisim, A.G., Nar, M., Sogukpinar, I.: Metamorphic malware identification using engine-specific patterns based on co-opcode graphs. Comput. Standards Interfaces, p. 103443 (2020)","DOI":"10.1016\/j.csi.2020.103443"},{"issue":"2","key":"404_CR21","doi-asserted-by":"publisher","first-page":"103","DOI":"10.1007\/s11416-014-0232-9","volume":"11","author":"A Kalbhor","year":"2015","unstructured":"Kalbhor, A., Austin, T.H., Filiol, E., Josse, S., Stamp, M.: Dueling hidden Markov models for virus analysis. J. Comput. Virol. Hack. Tech. 11(2), 103\u2013118 (2015)","journal-title":"J. Comput. Virol. Hack. Tech."},{"issue":"6755","key":"404_CR22","doi-asserted-by":"publisher","first-page":"788","DOI":"10.1038\/44565","volume":"401","author":"DD Lee","year":"1999","unstructured":"Lee, D.D., Seung, H.S.: Learning the parts of objects by non-negative matrix factorization. Nature 401(6755), 788\u2013791 (1999)","journal-title":"Nature"},{"issue":"2","key":"404_CR23","doi-asserted-by":"publisher","first-page":"124","DOI":"10.1504\/IJSN.2015.070426","volume":"10","author":"J Lee","year":"2015","unstructured":"Lee, J., Austin, T.H., Stamp, M.: Compression-based analysis of metamorphic malware. Int. J. Secure Netw. 10(2), 124\u2013136 (2015)","journal-title":"Int. J. Secure Netw."},{"key":"404_CR24","doi-asserted-by":"crossref","unstructured":"Li, Y., Ngom, A,: Non-negative matrix and tensor factorization based classification of clinical microarray gene expression data. In: Bioinformatics and Biomedicine (BIBM), 2010 IEEE International Conference on, IEEE, pp 438\u2013443 (2010)","DOI":"10.1109\/BIBM.2010.5706606"},{"key":"404_CR25","doi-asserted-by":"publisher","first-page":"102216","DOI":"10.1016\/j.cose.2021.102216","volume":"104","author":"YT Ling","year":"2021","unstructured":"Ling, Y.T., Sani, N.F.M., Abdullah, M.T., Hamid, N.A.W.A.: Structural features with nonnegative matrix factorization for metamorphic malware detection. Comput. Secur. 104, 102216 (2021)","journal-title":"Comput. Secur."},{"issue":"2","key":"404_CR26","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1109\/TIT.1982.1056489","volume":"28","author":"S Lloyd","year":"1982","unstructured":"Lloyd, S.: Least squares quantization in pcm. IEEE Trans. Inf. Theory 28(2), 129\u2013137 (1982)","journal-title":"IEEE Trans. Inf. Theory"},{"key":"404_CR27","doi-asserted-by":"crossref","unstructured":"Lyda, R., Hamrock, J.: Using entropy analysis to find encrypted and packed malware. IEEE Security Privacy 5(2) (2007)","DOI":"10.1109\/MSP.2007.48"},{"key":"404_CR28","unstructured":"McCune, B., Grace, J.B.: Analysis of Ecological Communities. Mjm Software Design (2002)"},{"key":"404_CR29","doi-asserted-by":"publisher","first-page":"246","DOI":"10.1016\/j.eswa.2018.10.011","volume":"118","author":"HD Men\u00e9ndez","year":"2019","unstructured":"Men\u00e9ndez, H.D., Bhattacharya, S., Clark, D., Barr, E.T.: The arms race: adversarial search defeats entropy used to detect malware. Expert Syst. Appl. 118, 246\u2013260 (2019)","journal-title":"Expert Syst. Appl."},{"issue":"1","key":"404_CR30","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1007\/s10207-014-0248-7","volume":"14","author":"A Nappa","year":"2015","unstructured":"Nappa, A., Rafique, M.Z., Caballero, J.: The malicia dataset: identification and analysis of drive-by download operations. Int. J. Inf. Secur. 14(1), 15\u201333 (2015)","journal-title":"Int. J. Inf. Secur."},{"key":"404_CR31","doi-asserted-by":"crossref","unstructured":"Patri, O., Wojnowicz, M., Wolff, M.: Discovering malware with time series shapelets. In: Proceedings of the 50th Hawaii International Conference on System Sciences (2017)","DOI":"10.24251\/HICSS.2017.734"},{"issue":"2","key":"404_CR32","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1109\/5.18626","volume":"77","author":"LR Rabiner","year":"1989","unstructured":"Rabiner, L.R.: A tutorial on hidden markov models and selected applications in speech recognition. Proc. IEEE 77(2), 257\u2013286 (1989)","journal-title":"Proc. IEEE"},{"key":"404_CR33","doi-asserted-by":"crossref","unstructured":"Radkani, E., Hashemi, S., Keshavarz-Haddad, A., Haeri, M.A.: An entropy-based distance measure for analyzing and detecting metamorphic malware. Appl. Intell., pp. 1\u201311 (2017)","DOI":"10.1007\/s10489-017-1045-6"},{"key":"404_CR34","doi-asserted-by":"crossref","unstructured":"Raff, E., Nicholas, C.: An alternative to ncd for large sequences, lempel-ziv jaccard distance. In: Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1007\u20131015 (2017)","DOI":"10.1145\/3097983.3098111"},{"key":"404_CR35","doi-asserted-by":"crossref","unstructured":"Rezaei, F., Hamedi-Hamzehkolaie, M., Rezaei, S., Payandeh, A.: Metamorphic viruses detection by hidden markov models. In: Telecommunications (IST), 2014 7th International Symposium on, IEEE, pp. 821\u2013826 (2014a)","DOI":"10.1109\/ISTEL.2014.7000817"},{"key":"404_CR36","doi-asserted-by":"crossref","unstructured":"Rezaei, F., Nezhad, M.K., Rezaei, S., Payandeh, A.: Detecting encrypted metamorphic viruses by hidden markov models. In: Fuzzy Systems and Knowledge Discovery (FSKD), 2014 11th International Conference on, IEEE, pp. 973\u2013977 (2014b)","DOI":"10.1109\/FSKD.2014.6980971"},{"issue":"1\u20132","key":"404_CR37","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1007\/s11416-012-0160-5","volume":"8","author":"N Runwal","year":"2012","unstructured":"Runwal, N., Low, R.M., Stamp, M.: Opcode graph similarity and metamorphic detection. J. Comput. Virol. 8(1\u20132), 37\u201352 (2012)","journal-title":"J. Comput. Virol."},{"issue":"4","key":"404_CR38","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1049\/iet-ifs.2010.0136","volume":"5","author":"ME Saleh","year":"2011","unstructured":"Saleh, M.E., Mohamed, A.B., Nabi, A.A.: Eigenviruses for metamorphic virus recognition. IET Inf. Secur. 5(4), 191\u2013198 (2011)","journal-title":"IET Inf. Secur."},{"issue":"3","key":"404_CR39","doi-asserted-by":"publisher","first-page":"379","DOI":"10.1002\/j.1538-7305.1948.tb01338.x","volume":"27","author":"CE Shannon","year":"1948","unstructured":"Shannon, C.E.: A mathematical theory of communication. Bell Syst. Tech. J. 27(3), 379\u2013423 (1948)","journal-title":"Bell Syst. Tech. J."},{"issue":"4","key":"404_CR40","doi-asserted-by":"publisher","first-page":"259","DOI":"10.1007\/s11416-011-0153-9","volume":"7","author":"I Sorokin","year":"2011","unstructured":"Sorokin, I.: Comparing files using structural entropy. J. Comput. Virol. 7(4), 259\u2013265 (2011)","journal-title":"J. Comput. Virol."},{"issue":"2","key":"404_CR41","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1007\/s11416-012-0174-z","volume":"9","author":"SM Sridhara","year":"2013","unstructured":"Sridhara, S.M., Stamp, M.: Metamorphic worm that carries its own morphing engine. J Comput. Virol. Hack. Tech. 9(2), 49\u201358 (2013)","journal-title":"J Comput. Virol. Hack. Tech."},{"key":"404_CR42","doi-asserted-by":"crossref","unstructured":"Thunga, S.P., Neelisetti, R.K.: Identifying metamorphic virus using n-grams and hidden markov model. In: Advances in Computing, Communications and Informatics (ICACCI), 2015 International Conference on, IEEE, pp. 2016\u20132022 (2015)","DOI":"10.1109\/ICACCI.2015.7275913"},{"issue":"1","key":"404_CR43","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s11416-012-0171-2","volume":"9","author":"AH Toderici","year":"2013","unstructured":"Toderici, A.H., Stamp, M.: Chi-squared distance and metamorphic virus detection. J. Comput. Virol. Hack. Tech. 9(1), 1\u201314 (2013)","journal-title":"J. Comput. Virol. Hack. Tech."},{"key":"404_CR44","doi-asserted-by":"crossref","unstructured":"Vemparala, S., Di\u00a0Troia, F., Corrado, V.A., Austin, T.H., Stamo, M.: Malware detection using dynamic birthmarks. In: Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics, ACM, pp. 41\u201346 (2016)","DOI":"10.1145\/2875475.2875476"},{"key":"404_CR45","doi-asserted-by":"crossref","unstructured":"Wartell, R., Zhou, Y., Hamlen, K.W., Kantarcioglu, M., Thuraisingham ,B.:Differentiating code from data in x86 binaries. In: Joint European Conference on Machine Learning and Knowledge Discovery in Databases, Springer, Berlin, pp. 522\u2013536 (2011)","DOI":"10.1007\/978-3-642-23808-6_34"},{"issue":"2","key":"404_CR46","doi-asserted-by":"publisher","first-page":"130","DOI":"10.1016\/j.jides.2016.10.009","volume":"3","author":"M Wojnowicz","year":"2016","unstructured":"Wojnowicz, M., Chisholm, G., Wolff, M., Zhao, X.: Wavelet decomposition of software entropy reveals symptoms of malicious code. J. Innov. Digit. Ecosyst. 3(2), 130\u2013140 (2016)","journal-title":"J. Innov. Digit. Ecosyst."},{"issue":"3","key":"404_CR47","doi-asserted-by":"publisher","first-page":"211","DOI":"10.1007\/s11416-006-0028-7","volume":"2","author":"W Wong","year":"2006","unstructured":"Wong, W., Stamp, M.: Hunting for metamorphic engines. J. Comput. Virol. 2(3), 211\u2013229 (2006)","journal-title":"J. Comput. Virol."},{"key":"404_CR48","doi-asserted-by":"crossref","unstructured":"Zdunek, R., Phan ,A.H., Cichocki, A.: Image classification with nonnegative matrix factorization based on spectral projected gradient. In: Artificial Neural Networks, Springer, Berlin, pp. 31\u201350 (2015)","DOI":"10.1007\/978-3-319-09903-3_2"},{"key":"404_CR49","unstructured":"Zhang, J.: Machine learning with feature selection using principal component analysis for malware detection: a case study. arXiv preprint arXiv:1902.03639 (2019)"},{"key":"404_CR50","doi-asserted-by":"crossref","unstructured":"Zhang, Q., Reeves, D.S., (2007) Metaaware: Identifying metamorphic malware. In: Computer Security Applications Conference: ACSAC 2007, pp. 411\u2013420. Twenty-Third Annual, IEEE (2007)","DOI":"10.1109\/ACSAC.2007.9"},{"issue":"3","key":"404_CR51","doi-asserted-by":"publisher","first-page":"337","DOI":"10.1109\/TIT.1977.1055714","volume":"23","author":"J Ziv","year":"1977","unstructured":"Ziv, J., Lempel, A.: A universal algorithm for sequential data compression. IEEE Trans. Inf. Theory 23(3), 337\u2013343 (1977)","journal-title":"IEEE Trans. Inf. Theory"}],"container-title":["Journal of Computer Virology and Hacking Techniques"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-021-00404-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11416-021-00404-z\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-021-00404-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,1,14]],"date-time":"2023-01-14T07:16:17Z","timestamp":1673680577000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11416-021-00404-z"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,10,31]]},"references-count":51,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2022,9]]}},"alternative-id":["404"],"URL":"https:\/\/doi.org\/10.1007\/s11416-021-00404-z","relation":{},"ISSN":["2263-8733"],"issn-type":[{"type":"electronic","value":"2263-8733"}],"subject":[],"published":{"date-parts":[[2021,10,31]]},"assertion":[{"value":"23 April 2021","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"13 September 2021","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"31 October 2021","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no known conflict interests that could have appeared to influence the work reported in this paper.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}]}}