{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,3]],"date-time":"2026-04-03T15:05:01Z","timestamp":1775228701060,"version":"3.50.1"},"reference-count":33,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2026,2,2]],"date-time":"2026-02-02T00:00:00Z","timestamp":1769990400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"},{"start":{"date-parts":[[2026,4,3]],"date-time":"2026-04-03T00:00:00Z","timestamp":1775174400000},"content-version":"vor","delay-in-days":60,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["60903220"],"award-info":[{"award-number":["60903220"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J. King Saud Univ. Comput. Inf. Sci."],"published-print":{"date-parts":[[2026,4]]},"DOI":"10.1007\/s44443-026-00521-z","type":"journal-article","created":{"date-parts":[[2026,2,2]],"date-time":"2026-02-02T11:36:23Z","timestamp":1770032183000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Intelligent detection and forensics method for malware based on memory opcode genes"],"prefix":"10.1007","volume":"38","author":[{"given":"Binglong","family":"Li","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6339-4308","authenticated-orcid":false,"given":"Shilong","family":"Yu","sequence":"additional","affiliation":[]},{"given":"Yong","family":"Zhao","sequence":"additional","affiliation":[]},{"given":"Yifeng","family":"Sun","sequence":"additional","affiliation":[]},{"given":"Hongwei","family":"Zhou","sequence":"additional","affiliation":[]},{"given":"Yuchen","family":"Zhang","sequence":"additional","affiliation":[]},{"given":"Chaowen","family":"Chang","sequence":"additional","affiliation":[]},{"given":"Qingxian","family":"Wang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2026,2,2]]},"reference":[{"key":"521_CR1","doi-asserted-by":"publisher","first-page":"9625","DOI":"10.1109\/ACCESS.2021.3049200","volume":"9","author":"C Acarturk","year":"2021","unstructured":"Acarturk C, Sirlanci M, Balikcioglu PG, Demirci D, Sahin N, Kucuk OA (2021) Malicious code detection: Run trace output analysis by lstm. IEEE Access 9:9625\u20139635","journal-title":"IEEE Access"},{"issue":"14","key":"521_CR2","doi-asserted-by":"publisher","first-page":"6507","DOI":"10.3390\/s23146507","volume":"23","author":"BA Alabsi","year":"2023","unstructured":"Alabsi BA, Anbar M, Rihan SDA (2023) Cnn-cnn: dual convolutional neural network approach for feature selection and attack detection on internet of things networks. Sensors 23(14):6507","journal-title":"Sensors"},{"key":"521_CR3","unstructured":"Allen T (2022) Holistic performance analysis and optimization of unified virtual memory"},{"key":"521_CR4","doi-asserted-by":"crossref","unstructured":"Alsadhan AA, Al-Atawi AA, Jameel A, Zada I, Nguyen TN et al (2024) Malware attacks detection in iot using recurrent neural network (rnn). Intell Autom Soft Comput 39(2)","DOI":"10.32604\/iasc.2023.041130"},{"key":"521_CR5","first-page":"301508","volume":"44","author":"A Andreoli","year":"2023","unstructured":"Andreoli A, Lounis A, Debbabi M, Hanna A (2023) On the prevalence of software supply chain attacks: empirical study and investigative framework. Forens Sci Internat Digit Investig 44:301508","journal-title":"Forens Sci Internat Digit Investig"},{"issue":"4","key":"521_CR6","doi-asserted-by":"publisher","first-page":"6672","DOI":"10.1002\/cpe.6672","volume":"34","author":"A Arfeen","year":"2022","unstructured":"Arfeen A, Asim Khan M, Zafar O, Ahsan U (2022) Process based volatile memory forensics for ransomware detection. Concurren Comput Practice Exp 34(4):6672","journal-title":"Concurren Comput Practice Exp"},{"key":"521_CR7","doi-asserted-by":"crossref","unstructured":"Ba\u2019abbad I, Batarfi O (2023) Proactive ransomware detection using extremely fast decision tree (efdt) algorithm: A case study. Computers 12(6):121","DOI":"10.3390\/computers12060121"},{"key":"521_CR8","doi-asserted-by":"crossref","unstructured":"Chen YH, Chen JL, Deng R (2022) Similarity-based malware classification using graph neural networks. Appl Sci","DOI":"10.3390\/app122110837"},{"key":"521_CR9","doi-asserted-by":"crossref","unstructured":"Gu X, Yan J (2024) Hierarchical k-nearest neighbors for ransomware detection using opcode sequences. Authorea Preprints","DOI":"10.36227\/techrxiv.171838524.46252988\/v1"},{"issue":"1","key":"521_CR10","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1109\/TPAMI.2022.3152247","volume":"45","author":"K Han","year":"2022","unstructured":"Han K, Wang Y, Chen H, Chen X, Guo J, Liu Z, Tang Y, Xiao A, Xu C, Xu Y et al (2022) A survey on vision transformer. IEEE Trans Pattern Anal Mach Intell 45(1):87\u2013110","journal-title":"IEEE Trans Pattern Anal Mach Intell"},{"key":"521_CR11","doi-asserted-by":"crossref","unstructured":"Han H, Lim SJ, Suh K, Park S, Park M (2020) Enhanced android malware detection: An svm-based machine learning approach. IEEE","DOI":"10.1109\/BigComp48618.2020.00-96"},{"issue":"3","key":"521_CR12","first-page":"1","volume":"56","author":"R Jiadong","year":"2019","unstructured":"Jiadong R, Xinqian L, Qian W, Haitao H, Xiaolin Z (2019) A multi-layer intrusion detection method based on knn outlier detection and random forest. J Comput Res Devel 56(3):1\u201310","journal-title":"J Comput Res Devel"},{"key":"521_CR13","doi-asserted-by":"publisher","first-page":"119133","DOI":"10.1016\/j.eswa.2022.119133","volume":"214","author":"I Kara","year":"2023","unstructured":"Kara I (2023) Fileless malware threats: Recent advances, analysis approach through memory forensics and research challenges. Expert Syst Appl 214:119133","journal-title":"Expert Syst Appl"},{"key":"521_CR14","doi-asserted-by":"crossref","unstructured":"Kolter JZ, Maloof MA (2006) Learning to detect malicious executables. Adv Inf Knowl Process 47\u201363","DOI":"10.1007\/1-84628-253-5_4"},{"key":"521_CR15","doi-asserted-by":"crossref","unstructured":"Koskinen HMK, Savioja P, Mannonen P, Aikala M (2024) The process is under control! understanding the building blocks of user experience in operator work. In: Proceedings of the 13th nordic conference on human-computer interaction, pp 1\u201312","DOI":"10.1145\/3679318.3685394"},{"issue":"5","key":"521_CR16","doi-asserted-by":"publisher","first-page":"2894","DOI":"10.3390\/app13052894","volume":"13","author":"K Lee","year":"2023","unstructured":"Lee K, Lee J, Yim K (2023) Classification and analysis of malicious code detection techniques based on the apt attack. Appl Sci 13(5):2894","journal-title":"Appl Sci"},{"issue":"1","key":"521_CR17","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1186\/s42400-023-00157-w","volume":"6","author":"J Liu","year":"2023","unstructured":"Liu J, Feng Y, Liu X, Zhao J, Liu Q (2023) Mrm-dldet: a memory-resident malware detection framework based on memory forensics and deep neural network. Cybersecurity 6(1):21","journal-title":"Cybersecurity"},{"key":"521_CR18","doi-asserted-by":"publisher","first-page":"111921","DOI":"10.1016\/j.jss.2023.111921","volume":"209","author":"P Maniriho","year":"2024","unstructured":"Maniriho P, Mahmood AN, Chowdhury MJM (2024) A systematic literature review on windows malware detection: Techniques, research issues, and future directions. J Syst Softw 209:111921","journal-title":"J Syst Softw"},{"key":"521_CR19","doi-asserted-by":"crossref","unstructured":"Mclaughlin N, Doup\u00e9 A, Ahn GJ, Rincon JMD, Zhao Z (2017) Deep android malware detection. ACM","DOI":"10.1145\/3029806.3029823"},{"key":"521_CR20","unstructured":"Mikolov T, Chen K, Corrado G, Dean J (2013) Efficient estimation of word representations in vector space. arXiv:1301.3781"},{"key":"521_CR21","doi-asserted-by":"crossref","unstructured":"Moritaka H, Komuro D (2024) Enhanced ransomware detection using dual-layer random forest on opcode sequences. Authorea Preprints","DOI":"10.22541\/au.172193050.02354794\/v1"},{"key":"521_CR22","doi-asserted-by":"publisher","first-page":"728","DOI":"10.1016\/j.procs.2021.01.061","volume":"179","author":"PF Muhammad","year":"2021","unstructured":"Muhammad PF, Kusumaningrum R, Wibowo A (2021) Sentiment analysis using word2vec and long short-term memory (lstm) for indonesian hotel reviews. Procedia Comput Sci 179:728\u2013735","journal-title":"Procedia Comput Sci"},{"key":"521_CR23","doi-asserted-by":"crossref","unstructured":"Santos I, Sanz B, Laorden C, Brezo F, Bringas PG (2011) Opcode-sequence-based semi-supervised unknown malware detection. In: Computational intelligence in security for information systems-international conference","DOI":"10.1007\/978-3-642-21323-6_7"},{"key":"521_CR24","unstructured":"Shiri FM, Perumal T, Mustapha N, Mohamed R (2023) A comprehensive overview and comparative analysis on deep learning models: Cnn, rnn, lstm, gru. arXiv:2305.17473"},{"key":"521_CR25","doi-asserted-by":"crossref","unstructured":"Taiwo G, Vadera S, Alameer A (2025) Vision transformers for automated detection of pig interactions in groups. Smart Agricult Technol 10:100774","DOI":"10.1016\/j.atech.2025.100774"},{"key":"521_CR26","doi-asserted-by":"crossref","unstructured":"Wagner J, Nissan MI, Rasin A (2023) Database memory forensics: Identifying cache patterns for log verification. Forens Sci Intern Digit Invest 45:301567","DOI":"10.1016\/j.fsidi.2023.301567"},{"key":"521_CR27","doi-asserted-by":"crossref","unstructured":"Wang C, Akinlade O, Ajagbe SA (2025) Dynamic resilience assessment of urban traffic systems based on integrated deep learning. IOS Press Ebooks 70:33\u201342","DOI":"10.3233\/ATDE250238"},{"key":"521_CR28","doi-asserted-by":"crossref","unstructured":"Wu L (2024) A malicious code detection strategy based on feature fusion. In: 2024 IEEE 4th International conference on electronic technology, communication and information (ICETCI), pp 1502\u20131506. IEEE","DOI":"10.1109\/ICETCI61221.2024.10594168"},{"key":"521_CR29","doi-asserted-by":"crossref","unstructured":"Wu Y-c, Chang Y-l (2024) Ransomware detection on linux using machine learning with random forest algorithm. Authorea Preprints","DOI":"10.36227\/techrxiv.171778770.06550236\/v1"},{"key":"521_CR30","doi-asserted-by":"crossref","unstructured":"Yeboah PN, Amuquandoh SK, Musah HBB (2021) Malware detection using ensemble n-gram opcode sequences. Intern J Interact Mobile Technol 15(24)","DOI":"10.3991\/ijim.v15i24.25401"},{"issue":"4","key":"521_CR31","first-page":"1","volume":"42","author":"Z Yuchong","year":"2014","unstructured":"Yuchong Z, Songjie W, Yang L (2014) A data stream encryption judgment algorithm based on information entropy. Comput Digit Eng 42(4):1\u20134","journal-title":"Comput Digit Eng"},{"issue":"3","key":"521_CR32","doi-asserted-by":"publisher","first-page":"758","DOI":"10.3390\/sym15030758","volume":"15","author":"S Zhang","year":"2023","unstructured":"Zhang S, Hu C, Wang L, Mihaljevic MJ, Xu S, Lan T (2023) A malware detection approach based on deep learning and memory forensics. Symmetry 15(3):758","journal-title":"Symmetry"},{"key":"521_CR33","doi-asserted-by":"publisher","first-page":"2193","DOI":"10.7717\/peerj-cs.2193","volume":"10","author":"H Zhang","year":"2024","unstructured":"Zhang H, Li B, Yu S, Chang C, Li J, Yang B (2024) Procgcn: detecting malicious process in memory based on dgcnn. PeerJ Computer Science 10:2193","journal-title":"PeerJ Computer Science"}],"container-title":["Journal of King Saud University Computer and Information Sciences"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s44443-026-00521-z","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s44443-026-00521-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s44443-026-00521-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,3]],"date-time":"2026-04-03T14:18:45Z","timestamp":1775225925000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s44443-026-00521-z"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,2,2]]},"references-count":33,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2026,4]]}},"alternative-id":["521"],"URL":"https:\/\/doi.org\/10.1007\/s44443-026-00521-z","relation":{},"ISSN":["1319-1578","2213-1248"],"issn-type":[{"value":"1319-1578","type":"print"},{"value":"2213-1248","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,2,2]]},"assertion":[{"value":"29 September 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"23 January 2026","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"2 February 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflicts of interest"}},{"value":"Not applicable.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical Approval and consent to participate"}},{"value":"Not applicable.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Consent for publication"}}],"article-number":"109"}}