{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,2]],"date-time":"2026-03-02T23:45:59Z","timestamp":1772495159036,"version":"3.50.1"},"reference-count":290,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2024,3,1]],"date-time":"2024-03-01T00:00:00Z","timestamp":1709251200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2024,3,1]],"date-time":"2024-03-01T00:00:00Z","timestamp":1709251200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2023,12,15]],"date-time":"2023-12-15T00:00:00Z","timestamp":1702598400000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Journal of Systems and Software"],"published-print":{"date-parts":[[2024,3]]},"DOI":"10.1016\/j.jss.2023.111921","type":"journal-article","created":{"date-parts":[[2023,12,16]],"date-time":"2023-12-16T11:08:18Z","timestamp":1702724898000},"page":"111921","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":25,"special_numbering":"C","title":["A systematic literature review on Windows malware detection: Techniques, research issues, and future directions"],"prefix":"10.1016","volume":"209","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7232-909X","authenticated-orcid":false,"given":"Pascal","family":"Maniriho","sequence":"first","affiliation":[]},{"given":"Abdun Naser","family":"Mahmood","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4476-8882","authenticated-orcid":false,"given":"Mohammad Jabed Morshed","family":"Chowdhury","sequence":"additional","affiliation":[]}],"member":"78","reference":[{"key":"10.1016\/j.jss.2023.111921_b1","doi-asserted-by":"crossref","DOI":"10.1016\/j.asoc.2022.108744","article-title":"Behavior-based ransomware classification: A particle swarm optimization wrapper-based approach for feature selection","volume":"121","author":"Abbasi","year":"2022","journal-title":"Appl. Soft Comput."},{"key":"10.1016\/j.jss.2023.111921_b2","article-title":"Banach Wasserstein gan","volume":"31","author":"Adler","year":"2018","journal-title":"Adv. Neural Inf. Process. Syst."},{"key":"10.1016\/j.jss.2023.111921_b3","doi-asserted-by":"crossref","DOI":"10.1016\/j.jnca.2020.102753","article-title":"A system call refinement-based enhanced minimum redundancy maximum relevance method for ransomware early detection","volume":"167","author":"Ahmed","year":"2020","journal-title":"J. Netw. Comput. Appl."},{"key":"10.1016\/j.jss.2023.111921_b4","doi-asserted-by":"crossref","DOI":"10.1016\/j.compeleceng.2022.107903","article-title":"Mitigating adversarial evasion attacks of ransomware using ensemble learning","volume":"100","author":"Ahmed","year":"2022","journal-title":"Comput. Electr. Eng."},{"key":"10.1016\/j.jss.2023.111921_b5","doi-asserted-by":"crossref","unstructured":"Akhtar, N., Liu, J., Mian, A., 2018. Defense against universal adversarial perturbations. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. pp. 3389\u20133398.","DOI":"10.1109\/CVPR.2018.00357"},{"key":"10.1016\/j.jss.2023.111921_b6","doi-asserted-by":"crossref","DOI":"10.1016\/j.asoc.2022.109756","article-title":"Parallel deep learning with a hybrid BP-PSO framework for feature extraction and malware classification","volume":"131","author":"Al-Andoli","year":"2022","journal-title":"Appl. Soft Comput."},{"issue":"6","key":"10.1016\/j.jss.2023.111921_b7","doi-asserted-by":"crossref","first-page":"82","DOI":"10.30880\/ijie.2018.10.06.011","article-title":"Zero-day aware decision fusion-based model for crypto-ransomware early detection","volume":"10","author":"Al-rimy","year":"2018","journal-title":"Int. J. Integr. Eng."},{"key":"10.1016\/j.jss.2023.111921_b8","series-title":"International Conference on Information Security","first-page":"290","article-title":"EarlyCrow: Detecting APT malware command and control over HTTP (S) using contextual summaries","author":"Alageel","year":"2022"},{"key":"10.1016\/j.jss.2023.111921_b9","unstructured":"Alahmadi, B.A., Axon, L., Martinovic, I., 2022. 99% False Positives: A Qualitative Study of {SOC} Analysts\u2019 Perspectives on Security Alarms. In: 31st USENIX Security Symposium. USENIX Security 22, pp. 2783\u20132800."},{"key":"10.1016\/j.jss.2023.111921_b10","doi-asserted-by":"crossref","first-page":"91","DOI":"10.1016\/j.jss.2014.10.031","article-title":"Profiling and classifying the behavior of malicious codes","volume":"100","author":"Alazab","year":"2015","journal-title":"J. Syst. Softw."},{"key":"10.1016\/j.jss.2023.111921_b11","series-title":"Windows PE API calls for malicious and benigin programs","author":"Allan","year":"2021"},{"key":"10.1016\/j.jss.2023.111921_b12","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2022.102860","article-title":"MFMCNS: A multi-feature and multi-classifier network-based system for ransomworm detection","volume":"121","author":"Almashhadani","year":"2022","journal-title":"Comput. Secur."},{"key":"10.1016\/j.jss.2023.111921_b13","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2020.101760","article-title":"A dynamic Windows malware detection and prediction method based on contextual understanding of API call sequence","volume":"92","author":"Amer","year":"2020","journal-title":"Comput. Secur."},{"key":"10.1016\/j.jss.2023.111921_b14","series-title":"Learning to evade static PE machine learning malware models via reinforcement learning","author":"Anderson","year":"2018"},{"key":"10.1016\/j.jss.2023.111921_b15","series-title":"Ember: An open dataset for training static pe malware machine learning models","author":"Anderson","year":"2018"},{"issue":"2","key":"10.1016\/j.jss.2023.111921_b16","doi-asserted-by":"crossref","first-page":"59","DOI":"10.1007\/s11416-014-0215-x","article-title":"Hidden Markov models for malware classification","volume":"11","author":"Annachhatre","year":"2015","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"10.1016\/j.jss.2023.111921_b17","series-title":"5 types of cyber attacks that you are likely to face in 2021 - amvion labs","author":"Anon","year":"2021"},{"key":"10.1016\/j.jss.2023.111921_b18","series-title":"Free software downloads and reviews for Windows, Android, Mac, and iOS \u2013 CNET download","author":"Anon","year":"2021"},{"key":"10.1016\/j.jss.2023.111921_b19","series-title":"GitHub - fabriciojoc\/Brazilian-malware-dataset: Dataset containing thousands of malware and goodware collected in the Brazilian cyberspace over years","author":"Anon","year":"2021"},{"key":"10.1016\/j.jss.2023.111921_b20","series-title":"GitHub - leocsato\/detector_mw: Optimizer for malware detection. Api calls sequence of benign files are provided.","author":"Anon","year":"2021"},{"key":"10.1016\/j.jss.2023.111921_b21","series-title":"Microsoft windows defender antivirus \u2014 insightidr documentation","author":"Anon","year":"2021"},{"key":"10.1016\/j.jss.2023.111921_b22","series-title":"What is a Trojan Virus \u2014 Trojan Virus definition \u2014 Kaspersky","author":"Anon","year":"2021"},{"key":"10.1016\/j.jss.2023.111921_b23","series-title":"AZSecure-data.org","author":"Anon","year":"2022"},{"key":"10.1016\/j.jss.2023.111921_b24","series-title":"Classification of malwares (CLaMP) \u2014 Kaggle","author":"Anon","year":"2022"},{"key":"10.1016\/j.jss.2023.111921_b25","series-title":"MaleVis dataset home page","author":"Anon","year":"2022"},{"key":"10.1016\/j.jss.2023.111921_b26","series-title":"Ransomware dataset \u2013 RISS","author":"Anon","year":"2022"},{"key":"10.1016\/j.jss.2023.111921_b27","series-title":"Signal processing for malware analysis \u2014 Vision Research Lab","author":"Anon","year":"2022"},{"key":"10.1016\/j.jss.2023.111921_b28","series-title":"Skylight cyber \u2014 cylance, I kill you!","author":"Anon","year":"2022"},{"key":"10.1016\/j.jss.2023.111921_b29","series-title":"Operating globalsystem market share","author":"Anon","year":"2023"},{"key":"10.1016\/j.jss.2023.111921_b30","doi-asserted-by":"crossref","unstructured":"Arp, D., Quiring, E., Pendlebury, F., Warnecke, A., Pierazzi, F., Wressnegger, C., Cavallaro, L., Rieck, K., 2022. Dos and don\u2019ts of machine learning in computer security. In: Proc. of the USENIX Security Symposium.","DOI":"10.1109\/MSEC.2023.3287207"},{"issue":"3","key":"10.1016\/j.jss.2023.111921_b31","doi-asserted-by":"crossref","first-page":"1","DOI":"10.24018\/ejeng.2021.6.3.2372","article-title":"A review of cloud-based malware detection system: Opportunities, advances and challenges","volume":"6","author":"Aslan","year":"2021","journal-title":"Eur. J. Eng. Technol. Res."},{"key":"10.1016\/j.jss.2023.111921_b32","doi-asserted-by":"crossref","first-page":"87936","DOI":"10.1109\/ACCESS.2021.3089586","article-title":"A new malware classification framework based on deep learning algorithms","volume":"9","author":"Aslan","year":"2021","journal-title":"IEEE Access"},{"key":"10.1016\/j.jss.2023.111921_b33","doi-asserted-by":"crossref","unstructured":"Athiwaratkun, B., Stokes, J.W., 2017. Malware classification with LSTM and GRU language models and a character-level CNN. In: 2017 IEEE International Conference on Acoustics, Speech and Signal Processing. ICASSP, pp. 2482\u20132486.","DOI":"10.1109\/ICASSP.2017.7952603"},{"issue":"2","key":"10.1016\/j.jss.2023.111921_b34","doi-asserted-by":"crossref","first-page":"151","DOI":"10.1007\/s11416-008-0105-1","article-title":"Profile hidden Markov models and metamorphic virus detection","volume":"5","author":"Attaluri","year":"2009","journal-title":"J. Comput. Virol."},{"key":"10.1016\/j.jss.2023.111921_b35","doi-asserted-by":"crossref","unstructured":"AviraT, 2021. Q4 and 2020 Malware Threat Report. Tech. Rep..","DOI":"10.1016\/S1361-3723(20)30015-4"},{"key":"10.1016\/j.jss.2023.111921_b36","unstructured":"Avllazagaj, E., Zhu, Z., Bilge, L., Balzarotti, D., Dumitra\u015f, T., 2021. When Malware Changed Its Mind: An Empirical Study of Variable Program Behaviors in the Real World. In: 30th USENIX Security Symposium. USENIX Security 21, pp. 3487\u20133504."},{"key":"10.1016\/j.jss.2023.111921_b37","first-page":"10","article-title":"Windows PE malware detection using ensemble learning","volume":"vol. 8","author":"Azeez","year":"2021"},{"key":"10.1016\/j.jss.2023.111921_b38","doi-asserted-by":"crossref","unstructured":"Bagane, P., Joseph, S.G., Singh, A., Shrivastava, A., Prabha, B., Shrivastava, A., 2021. Classification of Malware using Deep Learning Techniques. In: 2021 9th International Conference on Cyber and IT Service Management. CITSM, pp. 1\u20137.","DOI":"10.1109\/CITSM52892.2021.9588795"},{"key":"10.1016\/j.jss.2023.111921_b39","series-title":"Cyber Threat Intelligence","first-page":"107","article-title":"Leveraging support vector machine for opcode density based detection of crypto-ransomware","author":"Baldwin","year":"2018"},{"key":"10.1016\/j.jss.2023.111921_b40","series-title":"2022 IEEE Symposium on Security and Privacy","first-page":"805","article-title":"Transcending TRANSCEND: Revisiting malware classification in the presence of concept drift","author":"Barbero","year":"2022"},{"issue":"4","key":"10.1016\/j.jss.2023.111921_b41","doi-asserted-by":"crossref","first-page":"179","DOI":"10.1007\/s11416-013-0185-4","article-title":"Structural entropy and metamorphic malware","volume":"9","author":"Baysa","year":"2013","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"10.1016\/j.jss.2023.111921_b42","doi-asserted-by":"crossref","first-page":"65658","DOI":"10.1109\/ACCESS.2020.2984187","article-title":"Open repository for the evaluation of ransomware detection tools","volume":"8","author":"Berrueta","year":"2020","journal-title":"IEEE Access"},{"key":"10.1016\/j.jss.2023.111921_b43","doi-asserted-by":"crossref","first-page":"57","DOI":"10.1016\/j.engappai.2016.12.008","article-title":"PbMMD: A novel policy based multi-process malware detection","volume":"60","author":"Bidoki","year":"2017","journal-title":"Eng. Appl. Artif. Intell."},{"issue":"4","key":"10.1016\/j.jss.2023.111921_b44","doi-asserted-by":"crossref","first-page":"571","DOI":"10.1016\/j.jss.2006.07.009","article-title":"Lessons from applying the systematic literature review process within the software engineering domain","volume":"80","author":"Brereton","year":"2007","journal-title":"J. Syst. Software"},{"key":"10.1016\/j.jss.2023.111921_b45","series-title":"Overfitting and underfitting with machine learning algorithms","author":"Brownlee","year":"2022"},{"key":"10.1016\/j.jss.2023.111921_b46","doi-asserted-by":"crossref","first-page":"138","DOI":"10.1016\/j.cose.2019.04.018","article-title":"A cost analysis of machine learning using dynamic runtime opcodes for malware detection","volume":"85","author":"Carlin","year":"2019","journal-title":"Comput. Secur."},{"key":"10.1016\/j.jss.2023.111921_b47","series-title":"2017 Ieee Symposium on Security and Privacy","first-page":"39","article-title":"Towards evaluating the robustness of neural networks","author":"Carlini","year":"2017"},{"key":"10.1016\/j.jss.2023.111921_b48","doi-asserted-by":"crossref","unstructured":"Carrier, T., Victor, P., Tekeoglu, A., Lashkari, A.H., 2022. Detecting Obfuscated Malware using Memory Feature Engineering.. In: ICISSP. pp. 177\u2013188.","DOI":"10.5220\/0010908200003120"},{"key":"10.1016\/j.jss.2023.111921_b49","doi-asserted-by":"crossref","DOI":"10.7717\/peerj-cs.285","article-title":"Deep learning based sequential model for malware analysis using windows exe API calls","volume":"6","author":"Catak","year":"2020","journal-title":"PeerJ Comput. Sci."},{"key":"10.1016\/j.jss.2023.111921_b50","doi-asserted-by":"crossref","DOI":"10.1016\/j.compind.2022.103751","article-title":"Deceiving AI-based malware detection through polymorphic attacks","volume":"143","author":"Catalano","year":"2022","journal-title":"Comput. Ind."},{"issue":"6","key":"10.1016\/j.jss.2023.111921_b51","doi-asserted-by":"crossref","first-page":"1193","DOI":"10.1109\/TC.2012.65","article-title":"Malwise\u2014An effective and efficient classification system for packed and polymorphic malware","volume":"62","author":"Cesare","year":"2013","journal-title":"IEEE Trans. Comput."},{"issue":"6","key":"10.1016\/j.jss.2023.111921_b52","doi-asserted-by":"crossref","first-page":"31","DOI":"10.1109\/MSEC.2018.2875369","article-title":"The need for speed: An analysis of Brazilian malware classifiers","volume":"16","author":"Ceschin","year":"2018","journal-title":"IEEE Secur. Privacy"},{"key":"10.1016\/j.jss.2023.111921_b53","article-title":"Image-based malware representation approach with EfficientNet convolutional neural networks for effective malware classification","volume":"69","author":"Chaganti","year":"2022","journal-title":"J. Inf. Secur. Appl."},{"key":"10.1016\/j.jss.2023.111921_b54","doi-asserted-by":"crossref","DOI":"10.1109\/TKDE.2022.3142820","article-title":"Dynamic prototype network based on sample adaptation for few-shot malware detection","author":"Chai","year":"2022","journal-title":"IEEE Trans. Knowl. Data Eng."},{"key":"10.1016\/j.jss.2023.111921_b55","doi-asserted-by":"crossref","unstructured":"Chang, K., Zhao, N., Kou, L., 2022. A Survey on Malware Detection based on API Calls. In: 2022 9th International Conference on Dependable Systems and their Applications. DSA, pp. 464\u2013471.","DOI":"10.1109\/DSA56465.2022.00067"},{"key":"10.1016\/j.jss.2023.111921_b56","series-title":"Global analysis of top malicious file types","author":"Checkpoint","year":"2023"},{"key":"10.1016\/j.jss.2023.111921_b57","doi-asserted-by":"crossref","first-page":"788","DOI":"10.1109\/TIFS.2022.3152360","article-title":"CruParamer: Learning on parameter-augmented API sequences for malware detection","volume":"17","author":"Chen","year":"2022","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"10.1016\/j.jss.2023.111921_b58","doi-asserted-by":"crossref","unstructured":"Chen, Z.-G., Kang, H.-S., Yin, S.-N., Kim, S.-R., 2017a. Automatic ransomware detection and analysis based on dynamic API calls flow graph. In: Proceedings of the International Conference on Research in Adaptive and Convergent Systems. pp. 196\u2013201.","DOI":"10.1145\/3129676.3129704"},{"issue":"7","key":"10.1016\/j.jss.2023.111921_b59","doi-asserted-by":"crossref","first-page":"1650","DOI":"10.1016\/j.jss.2012.02.015","article-title":"Malware characteristics and threats on the internet ecosystem","volume":"85","author":"Chen","year":"2012","journal-title":"J. Syst. Softw."},{"key":"10.1016\/j.jss.2023.111921_b60","series-title":"2017 European Intelligence and Security Informatics Conference","first-page":"99","article-title":"Adversarial machine learning in malware detection: Arms race between evasion attack and defense","author":"Chen","year":"2017"},{"key":"10.1016\/j.jss.2023.111921_b61","doi-asserted-by":"crossref","unstructured":"Chen, P.-Y., Zhang, H., Sharma, Y., Yi, J., Hsieh, C.-J., 2017c. Zoo: Zeroth order optimization based black-box attacks to deep neural networks without training substitute models. In: Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security. pp. 15\u201326.","DOI":"10.1145\/3128572.3140448"},{"key":"10.1016\/j.jss.2023.111921_b62","unstructured":"Cisco-Secure, 2021. Cyber Security Threat Trends: Phishing, Crypto Top the List. Tech. Rep.."},{"key":"10.1016\/j.jss.2023.111921_b63","series-title":"Artificial Intelligence & Cybersecurity for Dummies","author":"Coombs","year":"2018"},{"key":"10.1016\/j.jss.2023.111921_b64","unstructured":"CyberEdge Group, 2021. Cyberthreat Defense Report."},{"key":"10.1016\/j.jss.2023.111921_b65","doi-asserted-by":"crossref","unstructured":"Dai, S.-Y., Kuo, S.-Y., 2007. MAPMon: A Host-Based Malware Detection Tool. In: 13th Pacific Rim International Symposium on Dependable Computing. PRDC 2007, pp. 349\u2013356.","DOI":"10.1109\/PRDC.2007.23"},{"issue":"1","key":"10.1016\/j.jss.2023.111921_b66","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s11416-015-0261-z","article-title":"A comparison of static, dynamic, and hybrid analysis for malware detection","volume":"13","author":"Damodaran","year":"2017","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"10.1016\/j.jss.2023.111921_b67","doi-asserted-by":"crossref","first-page":"314","DOI":"10.1016\/j.future.2021.06.032","article-title":"Visualization and deep-learning-based malware variant detection using opcode-level features","volume":"125","author":"Darem","year":"2021","journal-title":"Future Gener. Comput. Syst."},{"key":"10.1016\/j.jss.2023.111921_b68","doi-asserted-by":"crossref","first-page":"97180","DOI":"10.1109\/ACCESS.2021.3093366","article-title":"An adaptive behavioral-based incremental batch learning malware variants detection model using concept drift detection and sequential deep learning","volume":"9","author":"Darem","year":"2021","journal-title":"IEEE Access"},{"key":"10.1016\/j.jss.2023.111921_b69","doi-asserted-by":"crossref","unstructured":"De Paola, A., Gaglio, S., Re, G.L., Morana, M., 2018. A hybrid system for malware detection on big data. In: IEEE INFOCOM 2018 - IEEE Conference on Computer Communications Workshops. INFOCOM WKSHPS, pp. 45\u201350.","DOI":"10.1109\/INFCOMW.2018.8406963"},{"issue":"5","key":"10.1016\/j.jss.2023.111921_b70","doi-asserted-by":"crossref","first-page":"77","DOI":"10.1109\/MSEC.2022.3182356","article-title":"Practical attacks on machine learning: A case study on adversarial windows malware","volume":"20","author":"Demetrio","year":"2022","journal-title":"IEEE Secur. Privacy"},{"key":"10.1016\/j.jss.2023.111921_b71","doi-asserted-by":"crossref","DOI":"10.1109\/ACCESS.2022.3179384","article-title":"Static malware detection using stacked BiLSTM and GPT-2","author":"Dem\u0131rc\u0131","year":"2022","journal-title":"IEEE Access"},{"key":"10.1016\/j.jss.2023.111921_b72","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2022.102846","article-title":"An ensemble of pre-trained transformer models for imbalanced multiclass malware classification","volume":"121","author":"Demirk\u0131ran","year":"2022","journal-title":"Comput. Secur."},{"key":"10.1016\/j.jss.2023.111921_b73","article-title":"Deep learning algorithms for cybersecurity applications: A technological and status review","volume":"39","author":"Dixit","year":"2021","journal-title":"Comp. Sci. Rev."},{"key":"10.1016\/j.jss.2023.111921_b74","first-page":"1","article-title":"A new approach for APT malware detection based on deep graph network for endpoint systems","author":"Do Xuan","year":"2022","journal-title":"Appl. Intell."},{"key":"10.1016\/j.jss.2023.111921_b75","unstructured":"Esentire, 2021. Six Ransomware Gangs Claim 290+ New Victims in 2021, Potentially Reaping $45 Million for the Hackers. Tech. Rep.."},{"issue":"2","key":"10.1016\/j.jss.2023.111921_b76","doi-asserted-by":"crossref","first-page":"77","DOI":"10.1007\/s11416-013-0181-8","article-title":"HDM-analyser: A hybrid analysis approach based on data mining techniques for malware detection","volume":"9","author":"Eskandari","year":"2013","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"10.1016\/j.jss.2023.111921_b77","doi-asserted-by":"crossref","first-page":"76796","DOI":"10.1109\/ACCESS.2020.2986014","article-title":"Comparative analysis of low-dimensional features and tree-based ensembles for malware detection systems","volume":"8","author":"Euh","year":"2020","journal-title":"IEEE Access"},{"key":"10.1016\/j.jss.2023.111921_b78","doi-asserted-by":"crossref","DOI":"10.1016\/j.jksuci.2022.02.026","article-title":"Mal-detect: An intelligent visualization approach for malware detection","author":"Falana","year":"2022","journal-title":"J. King Saud Univ.-Comput. Inf. Sci."},{"key":"10.1016\/j.jss.2023.111921_b79","doi-asserted-by":"crossref","first-page":"16","DOI":"10.1016\/j.eswa.2016.01.002","article-title":"Malicious sequential pattern mining for automatic malware detection","volume":"52","author":"Fan","year":"2016","journal-title":"Expert Syst. Appl."},{"key":"10.1016\/j.jss.2023.111921_b80","article-title":"Disarming visualization-based approaches in malware detection systems","author":"Fasc\u00ed","year":"2022","journal-title":"Comput. Secur."},{"key":"10.1016\/j.jss.2023.111921_b81","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2022.102659","article-title":"FeSA: Feature selection architecture for ransomware detection under concept drift","volume":"116","author":"Fernando","year":"2022","journal-title":"Comput. Secur."},{"key":"10.1016\/j.jss.2023.111921_b82","doi-asserted-by":"crossref","DOI":"10.1016\/j.knosys.2022.108266","article-title":"Time-interval temporal patterns can beat and explain the malware","volume":"241","author":"Finder","year":"2022","journal-title":"Knowl.-Based Syst."},{"issue":"4","key":"10.1016\/j.jss.2023.111921_b83","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2523813","article-title":"A survey on concept drift adaptation","volume":"46","author":"Gama","year":"2014","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"10.1016\/j.jss.2023.111921_b84","doi-asserted-by":"crossref","first-page":"111830","DOI":"10.1109\/ACCESS.2022.3215267","article-title":"Malware detection by control-flow graph level representation learning with graph isomorphism network","volume":"10","author":"Gao","year":"2022","journal-title":"IEEE Access"},{"key":"10.1016\/j.jss.2023.111921_b85","doi-asserted-by":"crossref","first-page":"47792","DOI":"10.1109\/ACCESS.2022.3171912","article-title":"Malware detection using LightGBM with a custom logistic loss function","volume":"10","author":"Gao","year":"2022","journal-title":"IEEE Access"},{"key":"10.1016\/j.jss.2023.111921_b86","article-title":"Malware classification for the cloud via semi-supervised transfer learning","volume":"55","author":"Gao","year":"2020","journal-title":"J. Inf. Secur. Appl."},{"key":"10.1016\/j.jss.2023.111921_b87","article-title":"An effectiveness analysis of transfer learning for the concept drift problem in malware detection","volume":"212","author":"Garc\u00eda","year":"2023","journal-title":"Expert Syst. Appl."},{"key":"10.1016\/j.jss.2023.111921_b88","series-title":"2012 14th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing","first-page":"247","article-title":"Optimized zero false positives perceptron training for malware detection","author":"Gavrilut","year":"2012"},{"issue":"1","key":"10.1016\/j.jss.2023.111921_b89","doi-asserted-by":"crossref","first-page":"15","DOI":"10.1007\/s11416-018-0323-0","article-title":"Using convolutional neural networks for classification of malware represented as images","volume":"15","author":"Gibert","year":"2019","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"10.1016\/j.jss.2023.111921_b90","doi-asserted-by":"crossref","DOI":"10.1016\/j.eswa.2022.117957","article-title":"Fusing feature engineering and deep learning: A case study for malware classification","author":"Gibert","year":"2022","journal-title":"Expert Syst. Appl."},{"key":"10.1016\/j.jss.2023.111921_b91","series-title":"Deep Learning","author":"Goodfellow","year":"2016"},{"issue":"11","key":"10.1016\/j.jss.2023.111921_b92","doi-asserted-by":"crossref","first-page":"139","DOI":"10.1145\/3422622","article-title":"Generative adversarial networks","volume":"63","author":"Goodfellow","year":"2020","journal-title":"Commun. ACM"},{"key":"10.1016\/j.jss.2023.111921_b93","series-title":"Explaining and harnessing adversarial examples","author":"Goodfellow","year":"2014"},{"key":"10.1016\/j.jss.2023.111921_b94","series-title":"International Visual Informatics Conference","first-page":"469","article-title":"A recent research on malware detection using machine learning algorithm: Current challenges and future works","author":"Gorment","year":"2021"},{"key":"10.1016\/j.jss.2023.111921_b95","series-title":"Security conference ranking and statistic","author":"Gu","year":"2022"},{"key":"10.1016\/j.jss.2023.111921_b96","series-title":"5th IEEE International Conference OnParallel, Distributed and Grid Computing","first-page":"115","article-title":"ULBP-RF: A hybrid approach for malware image classification","author":"Gupta","year":"2018"},{"key":"10.1016\/j.jss.2023.111921_b97","doi-asserted-by":"crossref","first-page":"208","DOI":"10.1016\/j.cose.2019.02.007","article-title":"MalDAE: Detecting and explaining malware based on correlation and fusion of static and dynamic characteristics","volume":"83","author":"Han","year":"2019","journal-title":"Comput. Secur."},{"key":"10.1016\/j.jss.2023.111921_b98","doi-asserted-by":"crossref","unstructured":"Hansen, S.S., Larsen, T.M.T., Stevanovic, M., Pedersen, J.M., 2016. An approach for detection and family classification of malware based on behavioral analysis. In: 2016 International Conference on Computing, Networking and Communications. ICNC, pp. 1\u20135.","DOI":"10.1109\/ICCNC.2016.7440587"},{"key":"10.1016\/j.jss.2023.111921_b99","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2022.102905","article-title":"EII-MBS: Malware family classification via enhanced adversarial instruction behavior semantic learning","volume":"122","author":"Hao","year":"2022","journal-title":"Comput. Secur."},{"issue":"3","key":"10.1016\/j.jss.2023.111921_b100","doi-asserted-by":"crossref","first-page":"344","DOI":"10.3390\/e23030344","article-title":"An efficient densenet-based deep learning model for malware detection","volume":"23","author":"Hemalatha","year":"2021","journal-title":"Entropy"},{"key":"10.1016\/j.jss.2023.111921_b101","article-title":"RanSAP: An open dataset of ransomware storage access patterns for training machine learning models","volume":"40","author":"Hirano","year":"2022","journal-title":"Forensic Sci. Int.: Digit. Invest."},{"key":"10.1016\/j.jss.2023.111921_b102","series-title":"Generating adversarial malware examples for black-box attacks based on GAN","author":"Hu","year":"2017"},{"key":"10.1016\/j.jss.2023.111921_b103","series-title":"The rise of deep learning for detection and classification of malware \u2014 McAfee blogs","author":"Huang","year":"2022"},{"issue":"2","key":"10.1016\/j.jss.2023.111921_b104","doi-asserted-by":"crossref","first-page":"265","DOI":"10.1007\/s11265-020-01588-1","article-title":"A method for windows malware detection based on deep learning","volume":"93","author":"Huang","year":"2021","journal-title":"J. Signal Process. Syst."},{"key":"10.1016\/j.jss.2023.111921_b105","doi-asserted-by":"crossref","unstructured":"Huang, Y., Verma, U., Fralick, C., Infantec-Lopez, G., Kumar, B., Woodward, C., 2019. Malware Evasion Attack and Defense. In: 2019 49th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks Workshops. DSN-W, pp. 34\u201338.","DOI":"10.1109\/DSN-W.2019.00014"},{"issue":"23","key":"10.1016\/j.jss.2023.111921_b106","doi-asserted-by":"crossref","DOI":"10.1002\/cpe.3912","article-title":"A fast malware feature selection approach using a hybrid of multi-linear and stepwise binary logistic regression","volume":"29","author":"Huda","year":"2017","journal-title":"Concurr. Comput.: Pract. Exper."},{"key":"10.1016\/j.jss.2023.111921_b107","doi-asserted-by":"crossref","first-page":"376","DOI":"10.1016\/j.future.2014.06.001","article-title":"Hybrids of support vector machine wrapper and filter based framework for malware detection","volume":"55","author":"Huda","year":"2016","journal-title":"Future Gener. Comput. Syst."},{"key":"10.1016\/j.jss.2023.111921_b108","doi-asserted-by":"crossref","unstructured":"Huo, D., Li, X., Li, L., Gao, Y., Li, X., Yuan, J., 2022. The Application of 1D-CNN in Microsoft Malware Detection. In: 2022 7th International Conference on Big Data Analytics. ICBDA, pp. 181\u2013187.","DOI":"10.1109\/ICBDA55095.2022.9760349"},{"key":"10.1016\/j.jss.2023.111921_b109","series-title":"Security information and event management (SIEM)? \u2014 IBM","author":"IBM","year":"2021"},{"key":"10.1016\/j.jss.2023.111921_b110","series-title":"Underfitting: earn how to avoid underfitting, so that you can generalize data outside of your model accurately","author":"IBM","year":"2022"},{"key":"10.1016\/j.jss.2023.111921_b111","doi-asserted-by":"crossref","unstructured":"Ijaz, M., Durad, M.H., Ismail, M., 2019. Static and Dynamic Malware Analysis Using Machine Learning. In: 2019 16th International Bhurban Conference on Applied Sciences and Technology. IBCAST, pp. 687\u2013691.","DOI":"10.1109\/IBCAST.2019.8667136"},{"key":"10.1016\/j.jss.2023.111921_b112","doi-asserted-by":"crossref","unstructured":"Inayat, U., Zia, M.F., Ali, F., Ali, S.M., Khan, H.M.A., Noor, W., 2021. Comprehensive Review of Malware Detection Techniques. In: 2021 International Conference on Innovative Computing. ICIC, pp. 1\u20136.","DOI":"10.1109\/ICIC53490.2021.9693072"},{"issue":"3","key":"10.1016\/j.jss.2023.111921_b113","doi-asserted-by":"crossref","first-page":"229","DOI":"10.1007\/s11416-020-00354-y","article-title":"Convolutional neural networks and extreme learning machines for malware classification","volume":"16","author":"Jain","year":"2020","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"10.1016\/j.jss.2023.111921_b114","series-title":"Second International Conference on Networks and Advances in Computational Technologies","first-page":"1","article-title":"Malware attacks: A survey on mitigation measures","author":"James","year":"2021"},{"key":"10.1016\/j.jss.2023.111921_b115","series-title":"The pros, cons and limitations of AI and machine learning in antivirus software - Emsisoft \u2014 security blog","author":"JARETH","year":"2022"},{"key":"10.1016\/j.jss.2023.111921_b116","doi-asserted-by":"crossref","first-page":"96899","DOI":"10.1109\/ACCESS.2020.2995887","article-title":"Dynamic analysis for IoT malware detection with convolution neural network model","volume":"8","author":"Jeon","year":"2020","journal-title":"IEEE Access"},{"issue":"1","key":"10.1016\/j.jss.2023.111921_b117","doi-asserted-by":"crossref","first-page":"45","DOI":"10.1080\/19361610.2018.1387734","article-title":"A new malware detection system using machine learning techniques for API call sequences","volume":"13","author":"Jerlin","year":"2018","journal-title":"J. Appl. Secur. Res."},{"key":"10.1016\/j.jss.2023.111921_b118","doi-asserted-by":"crossref","first-page":"193","DOI":"10.1016\/j.future.2021.12.013","article-title":"Ensemble dynamic behavior detection method for adversarial malware","volume":"130","author":"Jing","year":"2022","journal-title":"Future Gener. Comput. Syst."},{"key":"10.1016\/j.jss.2023.111921_b119","series-title":"95% of new malware threats target windows OS","author":"John","year":"2022"},{"key":"10.1016\/j.jss.2023.111921_b120","unstructured":"Jordaney, R., Sharad, K., Dash, S.K., Wang, Z., Papini, D., Nouretdinov, I., Cavallaro, L., 2017. Transcend: Detecting concept drift in malware classification models. In: 26th USENIX Security Symposium. USENIX Security 17, pp. 625\u2013642."},{"key":"10.1016\/j.jss.2023.111921_b121","doi-asserted-by":"crossref","DOI":"10.1016\/j.compeleceng.2022.107703","article-title":"Sequential opcode embedding-based malware detection method","volume":"98","author":"Kakisim","year":"2022","journal-title":"Comput. Electr. Eng."},{"key":"10.1016\/j.jss.2023.111921_b122","article-title":"Detection of malware in downloaded files using various machine learning models","author":"Kamboj","year":"2022","journal-title":"Egypt. Inf. J."},{"key":"10.1016\/j.jss.2023.111921_b123","doi-asserted-by":"crossref","unstructured":"Kan, Z., Wang, H., Xu, G., Guo, Y., Chen, X., 2018. Towards Light-Weight Deep Learning Based Malware Detection. In: 2018 IEEE 42nd Annual Computer Software and Applications Conference, Vol. 01. COMPSAC, pp. 600\u2013609.","DOI":"10.1109\/COMPSAC.2018.00092"},{"key":"10.1016\/j.jss.2023.111921_b124","doi-asserted-by":"crossref","first-page":"S77","DOI":"10.1016\/j.diin.2019.01.017","article-title":"MalDy: Portable, data-driven malware detection using natural language processing and machine learning techniques on behavioral analysis reports","volume":"28","author":"Karbab","year":"2019","journal-title":"Digit. Invest."},{"key":"10.1016\/j.jss.2023.111921_b125","doi-asserted-by":"crossref","unstructured":"Kavitha, P., Muruganantham, B., 2020. A study on deep learning approaches over Malware detection. In: 2020 IEEE International Conference on Advances and Developments in Electrical and Electronics Engineering. ICADEE, pp. 1\u20135.","DOI":"10.1109\/ICADEE51157.2020.9368924"},{"issue":"6","key":"10.1016\/j.jss.2023.111921_b126","doi-asserted-by":"crossref","DOI":"10.1155\/2015\/659101","article-title":"A novel approach to detect malware based on API call sequence analysis","volume":"11","author":"Ki","year":"2015","journal-title":"Int. J. Distrib. Sens. Netw."},{"key":"10.1016\/j.jss.2023.111921_b127","doi-asserted-by":"crossref","unstructured":"Kianpour, M., Wen, S.-F., 2019. Timing Attacks on Machine Learning: State of the Art. In: Proceedings of SAI Intelligent Systems Conference. pp. 111\u2013125.","DOI":"10.1007\/978-3-030-29516-5_10"},{"key":"10.1016\/j.jss.2023.111921_b128","series-title":"Ntmaldetect: A machine learning approach to malware detection using native api system calls","author":"Kim","year":"2018"},{"key":"10.1016\/j.jss.2023.111921_b129","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2021.102501","article-title":"Obfuscated malware detection using deep generative model based on global\/local features","volume":"112","author":"Kim","year":"2022","journal-title":"Comput. Secur."},{"issue":"1","key":"10.1016\/j.jss.2023.111921_b130","doi-asserted-by":"crossref","first-page":"7","DOI":"10.1016\/j.infsof.2008.09.009","article-title":"Systematic literature reviews in software engineering\u2013A systematic literature review","volume":"51","author":"Kitchenham","year":"2009","journal-title":"Inf. Softw. Technol."},{"key":"10.1016\/j.jss.2023.111921_b131","first-page":"351","article-title":"Effective and efficient malware detection at the end host","volume":"vol. 4","author":"Kolbitsch","year":"2009"},{"key":"10.1016\/j.jss.2023.111921_b132","doi-asserted-by":"crossref","unstructured":"Kolosnjaji, B., Demontis, A., Biggio, B., Maiorca, D., Giacinto, G., Eckert, C., Roli, F., 2018. Adversarial Malware Binaries: Evading Deep Learning for Malware Detection in Executables. In: 2018 26th European Signal Processing Conference. EUSIPCO, pp. 533\u2013537.","DOI":"10.23919\/EUSIPCO.2018.8553214"},{"key":"10.1016\/j.jss.2023.111921_b133","article-title":"Can artificial intelligence power future malware","author":"Kubovi\u010d","year":"2018","journal-title":"ESET White Pap."},{"key":"10.1016\/j.jss.2023.111921_b134","article-title":"DTMIC: Deep transfer learning for malware image classification","volume":"64","author":"Kumar","year":"2022","journal-title":"J. Inf. Secur. Appl."},{"key":"10.1016\/j.jss.2023.111921_b135","doi-asserted-by":"crossref","DOI":"10.1016\/j.eswa.2022.118073","article-title":"Identification of malware families using stacking of textural features and machine learning","author":"Kumar","year":"2022","journal-title":"Expert Syst. Appl."},{"issue":"2","key":"10.1016\/j.jss.2023.111921_b136","doi-asserted-by":"crossref","first-page":"252","DOI":"10.1016\/j.jksuci.2017.01.003","article-title":"A learning model to detect maliciousness of portable executable using integrated feature set","volume":"31","author":"Kumar","year":"2019","journal-title":"J. King Saud Univ.-Comput. Inf. Sci."},{"issue":"1","key":"10.1016\/j.jss.2023.111921_b137","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1186\/s42400-019-0043-x","article-title":"An emerging threat fileless malware: A survey and research challenges","volume":"3","author":"Kumar","year":"2020","journal-title":"Cybersecurity"},{"key":"10.1016\/j.jss.2023.111921_b138","doi-asserted-by":"crossref","unstructured":"Kundu, P.P., Anatharaman, L., Truong-Huu, T., 2021. An Empirical Evaluation of Automated Machine Learning Techniques for Malware Detection. In: Proceedings of the 2021 ACM Workshop on Security and Privacy Analytics. pp. 75\u201381.","DOI":"10.1145\/3445970.3451155"},{"key":"10.1016\/j.jss.2023.111921_b139","doi-asserted-by":"crossref","DOI":"10.1016\/j.compeleceng.2022.108239","article-title":"Learn to adapt: Robust drift detection in security domain","volume":"102","author":"Kuppa","year":"2022","journal-title":"Comput. Electr. Eng."},{"key":"10.1016\/j.jss.2023.111921_b140","article-title":"Malware visual resemblance analysis with minimum losses using siamese neural networks","author":"Lakshmi","year":"2022","journal-title":"Theoret. Comput. Sci."},{"key":"10.1016\/j.jss.2023.111921_b141","doi-asserted-by":"crossref","first-page":"648","DOI":"10.1016\/j.neunet.2021.09.019","article-title":"Deep-Hook: A trusted deep learning-based framework for unknown malware detection and classification in Linux cloud environments","volume":"144","author":"Landman","year":"2021","journal-title":"Neural Netw."},{"key":"10.1016\/j.jss.2023.111921_b142","doi-asserted-by":"crossref","first-page":"67","DOI":"10.1016\/j.infsof.2017.04.001","article-title":"Static analysis of android apps: A systematic literature review","volume":"88","author":"Li","year":"2017","journal-title":"Inf. Softw. Technol."},{"key":"10.1016\/j.jss.2023.111921_b143","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2022.102872","article-title":"DMalNet: Dynamic malware analysis based on API feature engineering and graph learning","volume":"122","author":"Li","year":"2022","journal-title":"Comput. Secur."},{"key":"10.1016\/j.jss.2023.111921_b144","doi-asserted-by":"crossref","unstructured":"Li, X., Li, X., Wang, F., Li, W., Li, A., 2021. A Malware Detection Method Based on Machine Learning and Ensemble of Regression Trees. In: 2021 2nd International Conference on Artificial Intelligence and Information Systems. pp. 1\u20136.","DOI":"10.1145\/3469213.3470713"},{"key":"10.1016\/j.jss.2023.111921_b145","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2022.102686","article-title":"A novel deep framework for dynamic malware detection based on API sequence intrinsic features","volume":"116","author":"Li","year":"2022","journal-title":"Comput. Secur."},{"key":"10.1016\/j.jss.2023.111921_b146","first-page":"617","article-title":"API call-based malware classification using recurrent neural networks","author":"Li","year":"2021","journal-title":"J. Cyber Secur. Mobil."},{"issue":"3","key":"10.1016\/j.jss.2023.111921_b147","doi-asserted-by":"crossref","first-page":"4182","DOI":"10.1007\/s11227-021-04020-y","article-title":"Intelligent malware detection based on graph convolutional network","volume":"78","author":"Li","year":"2022","journal-title":"J. Supercomput."},{"key":"10.1016\/j.jss.2023.111921_b148","article-title":"Structural features with nonnegative matrix factorization for metamorphic malware detection","volume":"104","author":"Ling","year":"2021","journal-title":"Comput. Secur."},{"key":"10.1016\/j.jss.2023.111921_b149","series-title":"Adversarial attacks against windows PE malware detection: A survey of the state-of-the-art","author":"Ling","year":"2021"},{"key":"10.1016\/j.jss.2023.111921_b150","series-title":"International Conference on Machine Learning","first-page":"3122","article-title":"Detecting and correcting for label shift with black box predictors","author":"Lipton","year":"2018"},{"key":"10.1016\/j.jss.2023.111921_b151","series-title":"2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference","first-page":"1456","article-title":"A robust malware detection system using deep learning on API calls","author":"Liu","year":"2019"},{"issue":"9","key":"10.1016\/j.jss.2023.111921_b152","doi-asserted-by":"crossref","first-page":"1336","DOI":"10.1631\/FITEE.1601325","article-title":"Automatic malware classification and new malware detection using machine learning","volume":"18","author":"Liu","year":"2017","journal-title":"Front. Inf. Technol. Electron. Eng."},{"key":"10.1016\/j.jss.2023.111921_b153","series-title":"International Conference on Artificial Intelligence and Security","first-page":"85","article-title":"Imbalance malware classification by decoupling representation and classifier","author":"Liu","year":"2021"},{"key":"10.1016\/j.jss.2023.111921_b154","first-page":"1","article-title":"ConRec: Malware classification using convolutional recurrence","author":"Mallik","year":"2022","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"10.1016\/j.jss.2023.111921_b155","series-title":"Soft Computing for Security Applications: Proceedings of ICSCS 2021","first-page":"255","article-title":"Review of malware detection using deep learning","author":"Mane","year":"2022"},{"key":"10.1016\/j.jss.2023.111921_b156","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.future.2021.11.030","article-title":"A study on malicious software behaviour analysis and detection techniques: Taxonomy, current trends and challenges","volume":"130","author":"Maniriho","year":"2021","journal-title":"Future Gener. Comput. Syst."},{"key":"10.1016\/j.jss.2023.111921_b157","series-title":"MalDetConv: Automated behaviour-based malware detection framework based on natural language processing and deep learning techniques","author":"Maniriho","year":"2022"},{"key":"10.1016\/j.jss.2023.111921_b158","doi-asserted-by":"crossref","DOI":"10.1016\/j.jnca.2023.103704","article-title":"API-MalDetect: Automated malware detection framework for windows based on API calls and deep learning techniques","author":"Maniriho","year":"2023","journal-title":"J. Netw. Comput. Appl."},{"key":"10.1016\/j.jss.2023.111921_b159","series-title":"Cyber kill chain\u00ae \u2014 lockheed Martin","author":"Martin","year":"2021"},{"key":"10.1016\/j.jss.2023.111921_b160","doi-asserted-by":"crossref","first-page":"35403","DOI":"10.1109\/ACCESS.2020.2974752","article-title":"Adversarial machine learning applied to intrusion and malware scenarios: A systematic review","volume":"8","author":"Martins","year":"2020","journal-title":"IEEE Access"},{"key":"10.1016\/j.jss.2023.111921_b161","series-title":"International Symposium on Research in Attacks, Intrusions, and Defenses","first-page":"114","article-title":"Rwguard: A real-time detection system against cryptographic ransomware","author":"Mehnaz","year":"2018"},{"issue":"1","key":"10.1016\/j.jss.2023.111921_b162","doi-asserted-by":"crossref","DOI":"10.1080\/08839514.2021.2007327","article-title":"A systematic overview of android malware detection","volume":"36","author":"Meijin","year":"2022","journal-title":"Appl. Artif. Intell."},{"key":"10.1016\/j.jss.2023.111921_b163","doi-asserted-by":"crossref","unstructured":"Meng, D., Chen, H., 2017. Magnet: A two-pronged defense against adversarial examples. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. pp. 135\u2013147.","DOI":"10.1145\/3133956.3134057"},{"key":"10.1016\/j.jss.2023.111921_b164","series-title":"Address false positives\/negatives in Microsoft defender for endpoint \u2014 Microsoft learn","author":"Microsoft","year":"2023"},{"key":"10.1016\/j.jss.2023.111921_b165","doi-asserted-by":"crossref","DOI":"10.1016\/j.eswa.2022.118630","article-title":"Impact of benign sample size on binary classification accuracy","volume":"211","author":"Mimura","year":"2023","journal-title":"Expert Syst. Appl."},{"issue":"2","key":"10.1016\/j.jss.2023.111921_b166","doi-asserted-by":"crossref","first-page":"279","DOI":"10.1007\/s10207-021-00553-8","article-title":"Applying NLP techniques to malware detection in a practical environment","volume":"21","author":"Mimura","year":"2022","journal-title":"Int. J. Inf. Secur."},{"key":"10.1016\/j.jss.2023.111921_b167","doi-asserted-by":"crossref","unstructured":"Mira, F., 2019. A Review Paper of Malware Detection Using API Call Sequences. In: 2019 2nd International Conference on Computer Applications & Information Security. ICCAIS, pp. 1\u20136.","DOI":"10.1109\/CAIS.2019.8769564"},{"key":"10.1016\/j.jss.2023.111921_b168","doi-asserted-by":"crossref","first-page":"251","DOI":"10.1016\/j.cose.2015.04.001","article-title":"AMAL: High-fidelity, behavior-based automated malware analysis and classification","volume":"52","author":"Mohaisen","year":"2015","journal-title":"Comput. Secur."},{"key":"10.1016\/j.jss.2023.111921_b169","doi-asserted-by":"crossref","unstructured":"Moosavi-Dezfooli, S.-M., Fawzi, A., Frossard, P., 2016. Deepfool: A simple and accurate method to fool deep neural networks. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. pp. 2574\u20132582.","DOI":"10.1109\/CVPR.2016.282"},{"issue":"6","key":"10.1016\/j.jss.2023.111921_b170","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3453153","article-title":"A survey on windows-based ransomware taxonomy and detection mechanisms","volume":"54","author":"Moussaileb","year":"2021","journal-title":"ACM Comput. Surv."},{"key":"10.1016\/j.jss.2023.111921_b171","doi-asserted-by":"crossref","unstructured":"Nappa, A., Rafique, M.Z., Caballero, J., 2013. Driving in the Cloud: An Analysis of Drive-by Download Operations and Abuse Reporting. In: Proceedings of the 10th Conference on Detection of Intrusions and Malware & Vulnerability Assessment.","DOI":"10.1007\/978-3-642-39235-1_1"},{"key":"10.1016\/j.jss.2023.111921_b172","doi-asserted-by":"crossref","unstructured":"Nataraj, L., Karthikeyan, S., Jacob, G., Manjunath, B.S., 2011. Malware images: Visualization and automatic classification. In: Proceedings of the 8th International Symposium on Visualization for Cyber Security. pp. 1\u20137.","DOI":"10.1145\/2016904.2016908"},{"key":"10.1016\/j.jss.2023.111921_b173","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2022.102741","article-title":"MalSPM: Metamorphic malware behavior analysis and classification using sequential pattern mining","volume":"118","author":"Nawaz","year":"2022","journal-title":"Comput. Secur."},{"key":"10.1016\/j.jss.2023.111921_b174","doi-asserted-by":"crossref","first-page":"871","DOI":"10.1016\/j.cose.2018.04.005","article-title":"Malware identification using visualization images and deep learning","volume":"77","author":"Ni","year":"2018","journal-title":"Comput. Secur."},{"issue":"13","key":"10.1016\/j.jss.2023.111921_b175","doi-asserted-by":"crossref","first-page":"5843","DOI":"10.1016\/j.eswa.2014.02.053","article-title":"Novel active learning methods for enhanced PC malware detection in windows OS","volume":"41","author":"Nissim","year":"2014","journal-title":"Expert Syst. Appl."},{"key":"10.1016\/j.jss.2023.111921_b176","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2022.102809","article-title":"Uncovering APT malware traffic using deep learning combined with time sequence and association analysis","volume":"120","author":"Niu","year":"2022","journal-title":"Comput. Secur."},{"key":"10.1016\/j.jss.2023.111921_b177","series-title":"Dynamic malware analysis kernel and user-level calls \u2014 Zenodo","author":"Nunes","year":"2022"},{"key":"10.1016\/j.jss.2023.111921_b178","doi-asserted-by":"crossref","DOI":"10.1109\/TC.2022.3173149","article-title":"Deepware: Imaging performance counters with deep learning to detect ransomware","author":"Olani","year":"2022","journal-title":"IEEE Trans. Comput."},{"key":"10.1016\/j.jss.2023.111921_b179","series-title":"Malware analysis datasets: PE section headers \u2014 IEEE DataPort","author":"Oliveira","year":"2019"},{"key":"10.1016\/j.jss.2023.111921_b180","series-title":"Malware analysis datasets: Raw PE as image \u2014 Kaggle","author":"Oliveira","year":"2019"},{"key":"10.1016\/j.jss.2023.111921_b181","series-title":"Behavioral malware detection using deep graph convolutional neural networks","author":"Oliveira","year":"2019"},{"key":"10.1016\/j.jss.2023.111921_b182","series-title":"Malware analysis datasets: API call sequences \u2014 IEEE DataPort","author":"Oliveira","year":"2019"},{"key":"10.1016\/j.jss.2023.111921_b183","series-title":"How to Interpret Network-Based Malware Detection-The Impact of Malware Acquisition and Processing on Network Detection and Threat Classification Systems","author":"Ollmann","year":"2020"},{"key":"10.1016\/j.jss.2023.111921_b184","doi-asserted-by":"crossref","unstructured":"Or-Meir, O., Cohen, A., Elovici, Y., Rokach, L., Nissim, N., 2021. Pay Attention: Improving Classification of PE Malware Using Attention Mechanisms Based on System Call Analysis. In: 2021 International Joint Conference on Neural Networks. IJCNN, pp. 1\u20138.","DOI":"10.1109\/IJCNN52387.2021.9533481"},{"issue":"5","key":"10.1016\/j.jss.2023.111921_b185","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3329786","article-title":"Dynamic malware analysis in the modern era\u2014A state of the art survey","volume":"52","author":"Or-Meir","year":"2019","journal-title":"ACM Comput. Surv."},{"key":"10.1016\/j.jss.2023.111921_b186","series-title":"A survey on ransomware: Evolution, taxonomy, and defense solutions","author":"Oz","year":"2021"},{"key":"10.1016\/j.jss.2023.111921_b187","series-title":"2021 2nd International Conference on Smart Electronics and Communication","first-page":"1207","article-title":"A comprehensive survey on identification of malware types and malware classification using machine learning techniques","author":"Pachhala","year":"2021"},{"key":"10.1016\/j.jss.2023.111921_b188","series-title":"2016 IEEE European Symposium on Security and Privacy (EuroS&P)","first-page":"372","article-title":"The limitations of deep learning in adversarial settings","author":"Papernot","year":"2016"},{"key":"10.1016\/j.jss.2023.111921_b189","series-title":"2016 IEEE Symposium on Security and Privacy","first-page":"582","article-title":"Distillation as a defense to adversarial perturbations against deep neural networks","author":"Papernot","year":"2016"},{"issue":"1","key":"10.1016\/j.jss.2023.111921_b190","doi-asserted-by":"crossref","first-page":"tyz003","DOI":"10.1093\/cybsec\/tyz003","article-title":"Ransomware payments in the bitcoin ecosystem","volume":"5","author":"Paquet-Clouston","year":"2019","journal-title":"J. Cybersecur."},{"key":"10.1016\/j.jss.2023.111921_b191","series-title":"International Conference on Artificial Evolution (Evolution Artificielle)","first-page":"267","article-title":"Exploring overfitting in genetic programming","author":"Paris","year":"2003"},{"key":"10.1016\/j.jss.2023.111921_b192","doi-asserted-by":"crossref","first-page":"124821","DOI":"10.1109\/ACCESS.2022.3225223","article-title":"HMLET: Hunt malware using wavelet transform on cross-platform","volume":"10","author":"Park","year":"2022","journal-title":"IEEE Access"},{"key":"10.1016\/j.jss.2023.111921_b193","unstructured":"Pendlebury, F., Pierazzi, F., Jordaney, R., Kinder, J., Cavallaro, L., 2019. {TESSERACT}: Eliminating experimental bias in malware classification across space and time. In: 28th USENIX Security Symposium. USENIX Security 19, pp. 729\u2013746."},{"key":"10.1016\/j.jss.2023.111921_b194","doi-asserted-by":"crossref","unstructured":"Pirscoveanu, R.S., Hansen, S.S., Larsen, T.M.T., Stevanovic, M., Pedersen, J.M., Czech, A., 2015. Analysis of Malware Behavior: Type Classification using Machine Learning. In: 2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment. CyberSA.","DOI":"10.1109\/CyberSA.2015.7166115"},{"key":"10.1016\/j.jss.2023.111921_b195","article-title":"A taxonomy and survey of attacks against machine learning","volume":"34","author":"Pitropakis","year":"2019","journal-title":"Comp. Sci. Rev."},{"key":"10.1016\/j.jss.2023.111921_b196","doi-asserted-by":"crossref","unstructured":"Pluskal, O., 2015. Behavioural malware detection using efficient SVM implementation. In: Proceedings of the 2015 Conference on Research in Adaptive and Convergent Systems. pp. 296\u2013301.","DOI":"10.1145\/2811411.2811516"},{"key":"10.1016\/j.jss.2023.111921_b197","doi-asserted-by":"crossref","unstructured":"Poudyal, S., Subedi, K.P., Dasgupta, D., 2018. A Framework for Analyzing Ransomware using Machine Learning. In: 2018 IEEE Symposium Series on Computational Intelligence. SSCI, pp. 1692\u20131699.","DOI":"10.1109\/SSCI.2018.8628743"},{"key":"10.1016\/j.jss.2023.111921_b198","doi-asserted-by":"crossref","unstructured":"Priyadarshan, P., Sarangi, P., Rath, A., Panda, G., 2021. Machine Learning Based Improved Malware Detection Schemes. In: 2021 11th International Conference on Cloud Computing, Data Science Engineering (Confluence). pp. 925\u2013931.","DOI":"10.1109\/Confluence51648.2021.9377123"},{"key":"10.1016\/j.jss.2023.111921_b199","doi-asserted-by":"crossref","first-page":"887","DOI":"10.1016\/j.future.2019.03.007","article-title":"Mobile malware attacks: Review, taxonomy & future directions","volume":"97","author":"Qamar","year":"2019","journal-title":"Future Gener. Comput. Syst."},{"key":"10.1016\/j.jss.2023.111921_b200","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2022.102871","article-title":"Efficient and robust malware detection based on control flow traces using deep neural networks","author":"Qiang","year":"2022","journal-title":"Comput. Secur."},{"key":"10.1016\/j.jss.2023.111921_b201","series-title":"Dataset Shift in Machine Learning","author":"Quinonero-Candela","year":"2022"},{"key":"10.1016\/j.jss.2023.111921_b202","series-title":"Against all odds: Winning the defense challenge in an evasion competition with diversification","author":"Quiring","year":"2020"},{"key":"10.1016\/j.jss.2023.111921_b203","doi-asserted-by":"crossref","unstructured":"Rabadi, D., Teo, S.G., 2020. Advanced windows methods on malware detection and classification. In: Annual Computer Security Applications Conference. pp. 54\u201368.","DOI":"10.1145\/3427228.3427242"},{"key":"10.1016\/j.jss.2023.111921_b204","series-title":"Malware detection by eating a whole exe","author":"Raff","year":"2017"},{"key":"10.1016\/j.jss.2023.111921_b205","doi-asserted-by":"crossref","first-page":"34","DOI":"10.1016\/j.diin.2017.12.004","article-title":"Lempel-Ziv Jaccard distance, an effective alternative to ssdeep and sdhash","volume":"24","author":"Raff","year":"2018","journal-title":"Digit. Investig."},{"key":"10.1016\/j.jss.2023.111921_b206","doi-asserted-by":"crossref","unstructured":"Ramteke, R., Padhye, A., Dutt, A.S., Dholay, S., 2021. Malware Detection in Banking and Financial Sector using Light Gradient Boosting Model. In: 2021 International Conference on Communication Information and Computing Technology. ICCICT, pp. 1\u20138.","DOI":"10.1109\/ICCICT50803.2021.9510083"},{"key":"10.1016\/j.jss.2023.111921_b207","series-title":"Deep reinforcement learning based evasion generative adversarial network for botnet detection","author":"Randhawa","year":"2022"},{"key":"10.1016\/j.jss.2023.111921_b208","series-title":"International Conference on Big Data Analytics","first-page":"402","article-title":"Malware detection using machine learning and deep learning","author":"Rathore","year":"2018"},{"key":"10.1016\/j.jss.2023.111921_b209","doi-asserted-by":"crossref","first-page":"73","DOI":"10.1016\/j.comcom.2022.08.015","article-title":"A multi-view attention-based deep learning framework for malware detection in smart healthcare systems","volume":"195","author":"Ravi","year":"2022","journal-title":"Comput. Commun."},{"issue":"17","key":"10.1016\/j.jss.2023.111921_b210","first-page":"12","article-title":"Malware detection using windows api sequence and machine learning","volume":"43","author":"Ravi","year":"2012","journal-title":"Int. J. Comput. Appl."},{"issue":"2","key":"10.1016\/j.jss.2023.111921_b211","article-title":"Information security breaches due to ransomware attacks - A systematic literature review","volume":"1","author":"Reshmi","year":"2021","journal-title":"Int. J. Inf. Manag. Data Insights"},{"key":"10.1016\/j.jss.2023.111921_b212","series-title":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","first-page":"108","article-title":"Learning and classification of malware behavior","author":"Rieck","year":"2008"},{"issue":"1","key":"10.1016\/j.jss.2023.111921_b213","doi-asserted-by":"crossref","first-page":"673","DOI":"10.1007\/s40747-021-00560-1","article-title":"PROUD-MAL: Static analysis-based progressive framework for deep unsupervised malware classification of windows portable executable","volume":"8","author":"Rizvi","year":"2022","journal-title":"Complex Intell. Syst."},{"key":"10.1016\/j.jss.2023.111921_b214","series-title":"Microsoft malware classification challenge","author":"Ronen","year":"2018"},{"key":"10.1016\/j.jss.2023.111921_b215","series-title":"2012 IEEE Symposium on Security and Privacy","first-page":"65","article-title":"Prudent practices for designing malware experiments: Status quo and outlook","author":"Rossow","year":"2012"},{"key":"10.1016\/j.jss.2023.111921_b216","series-title":"Malware executable detection \u2014 Kaggle","author":"Rumao","year":"2022"},{"issue":"1","key":"10.1016\/j.jss.2023.111921_b217","doi-asserted-by":"crossref","first-page":"37","DOI":"10.1007\/s11416-012-0160-5","article-title":"Opcode graph similarity and metamorphic detection","volume":"8","author":"Runwal","year":"2012","journal-title":"J. Comput. Virol."},{"key":"10.1016\/j.jss.2023.111921_b218","series-title":"International Conference on Information Security Practice and Experience","first-page":"113","article-title":"Jsless: A tale of a fileless javascript memory-resident malware","author":"Saad","year":"2019"},{"key":"10.1016\/j.jss.2023.111921_b219","doi-asserted-by":"crossref","unstructured":"Sahin, M., Bahtiyar, S., 2020. A Survey on Malware Detection with Deep Learning. In: 13th International Conference on Security of Information and Networks. pp. 1\u20136.","DOI":"10.1145\/3433174.3433609"},{"key":"10.1016\/j.jss.2023.111921_b220","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1016\/j.engappai.2016.12.016","article-title":"MAAR: Robust features to detect malicious activity based on API calls, their arguments and return values","volume":"59","author":"Salehi","year":"2017","journal-title":"Eng. Appl. Artif. Intell."},{"key":"10.1016\/j.jss.2023.111921_b221","doi-asserted-by":"crossref","unstructured":"Sami, A., Yadegari, B., Rahimi, H., Peiravian, N., Hashemi, S., Hamze, A., 2010. Malware detection based on mining API calls. In: SAC \u201910: Proceedings of the 2010 ACM Symposium on Applied Computing. pp. 1020\u20131025.","DOI":"10.1145\/1774088.1774303"},{"key":"10.1016\/j.jss.2023.111921_b222","doi-asserted-by":"crossref","first-page":"64","DOI":"10.1016\/j.ins.2011.08.020","article-title":"Opcode sequences as representation of executables for data-mining-based unknown malware detection","volume":"231","author":"Santos","year":"2013","journal-title":"Inform. Sci."},{"key":"10.1016\/j.jss.2023.111921_b223","doi-asserted-by":"crossref","unstructured":"Santos, I., Devesa, J., Brezo, F., Nieves, J., Bringas, P.G., 2013b. Opem: A static-dynamic approach for machine-learning-based malware detection. In: International Joint Conference CISIS\u201912-ICEUTE 12-SOCO 12 Special Sessions. pp. 271\u2013280.","DOI":"10.1007\/978-3-642-33018-6_28"},{"key":"10.1016\/j.jss.2023.111921_b224","series-title":"48,240 Malware samples and binary visualisation images for machine learning anomaly detection","author":"Saridou","year":"2021"},{"key":"10.1016\/j.jss.2023.111921_b225","doi-asserted-by":"crossref","unstructured":"Saxe, J., Berlin, K., 2015. Deep neural network based malware detection using two dimensional binary program features. In: 2015 10th International Conference on Malicious and Unwanted Software. MALWARE, pp. 11\u201320.","DOI":"10.1109\/MALWARE.2015.7413680"},{"issue":"4","key":"10.1016\/j.jss.2023.111921_b226","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s12046-022-01980-6","article-title":"Defense against adversarial malware using robust classifier: DAM-ROC","volume":"47","author":"Selvaganapathy","year":"2022","journal-title":"S\u0101dhan\u0101"},{"key":"10.1016\/j.jss.2023.111921_b227","series-title":"2021 International Joint Conference on Neural Networks","first-page":"1","article-title":"LSTM hyper-parameter selection for malware detection: Interaction effects and hierarchical selection approach","author":"Sewak","year":"2021"},{"key":"10.1016\/j.jss.2023.111921_b228","series-title":"Automated dynamic analysis of ransomware: Benefits, limitations and use for detection","author":"Sgandurra","year":"2016"},{"issue":"1","key":"10.1016\/j.jss.2023.111921_b229","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1186\/2190-8532-1-1","article-title":"Detecting unknown malicious code by applying classification techniques on opcode patterns","volume":"1","author":"Shabtai","year":"2012","journal-title":"Secur. Inform."},{"key":"10.1016\/j.jss.2023.111921_b230","series-title":"Proceedings of the 2015 International Conference on Green Computing and Internet of Things","first-page":"495","article-title":"A survey on data mining approaches for dynamic analysis of malwares","author":"Shah","year":"2015"},{"key":"10.1016\/j.jss.2023.111921_b231","series-title":"2022 6th International Conference on Intelligent Computing and Control Systems","first-page":"851","article-title":"Deep learning based residual attention network for malware detection in CyberSecurity","author":"Sharma","year":"2022"},{"key":"10.1016\/j.jss.2023.111921_b232","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2022.102627","article-title":"Orchestration of APT malware evasive manoeuvers employed for eluding anti-virus and sandbox defense","volume":"115","author":"Sharma","year":"2022","journal-title":"Comput. Secur."},{"key":"10.1016\/j.jss.2023.111921_b233","doi-asserted-by":"crossref","unstructured":"Sharma, A., Malacaria, P., Khouzani, M., 2019. Malware Detection Using 1-Dimensional Convolutional Neural Networks. In: 2019 IEEE European Symposium on Security and Privacy Workshops. EuroS PW, pp. 247\u2013256.","DOI":"10.1109\/EuroSPW.2019.00034"},{"key":"10.1016\/j.jss.2023.111921_b234","doi-asserted-by":"crossref","DOI":"10.1016\/j.engappai.2022.105461","article-title":"A novel method for improving the robustness of deep learning-based malware detectors against adversarial attacks","volume":"116","author":"Shaukat","year":"2022","journal-title":"Eng. Appl. Artif. Intell."},{"key":"10.1016\/j.jss.2023.111921_b235","doi-asserted-by":"crossref","unstructured":"Shaukat, S.K., Ribeiro, V.J., 2018. RansomWall: A layered defense system against cryptographic ransomware attacks using machine learning. In: 2018 10th International Conference on Communication Systems Networks. COMSNETS, pp. 356\u2013363.","DOI":"10.1109\/COMSNETS.2018.8328219"},{"key":"10.1016\/j.jss.2023.111921_b236","doi-asserted-by":"crossref","first-page":"804","DOI":"10.1016\/j.procs.2015.02.149","article-title":"Integrated static and dynamic analysis for malware detection","volume":"46","author":"Shijo","year":"2015","journal-title":"Procedia Comput. Sci."},{"issue":"1","key":"10.1016\/j.jss.2023.111921_b237","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1186\/s40537-019-0197-0","article-title":"A survey on image data augmentation for deep learning","volume":"6","author":"Shorten","year":"2019","journal-title":"J. Big Data"},{"issue":"2","key":"10.1016\/j.jss.2023.111921_b238","doi-asserted-by":"crossref","first-page":"2301","DOI":"10.32604\/cmc.2021.014510","article-title":"An effective memory analysis for malware detection and classification","volume":"67","author":"Sihwail","year":"2021","journal-title":"CMC-Comput. Mater. Continua"},{"issue":"18","key":"10.1016\/j.jss.2023.111921_b239","doi-asserted-by":"crossref","DOI":"10.3390\/app9183680","article-title":"Malware detection approach based on artifacts in memory image and dynamic analysis","volume":"9","author":"Sihwail","year":"2019","journal-title":"Appl. Sci."},{"key":"10.1016\/j.jss.2023.111921_b240","series-title":"Practical Malware Analysis: The Hands-on Guide To Dissecting Malicious Software","author":"Sikorski","year":"2012"},{"issue":"4","key":"10.1016\/j.jss.2023.111921_b241","doi-asserted-by":"crossref","first-page":"203","DOI":"10.1007\/s11416-015-0252-0","article-title":"Support vector machines and malware detection","volume":"12","author":"Singh","year":"2016","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"10.1016\/j.jss.2023.111921_b242","series-title":"Ransomware detection using process memory","author":"Singh","year":"2022"},{"key":"10.1016\/j.jss.2023.111921_b243","doi-asserted-by":"crossref","DOI":"10.1016\/j.infsof.2020.106273","article-title":"Detection of malicious software by analyzing the behavioral artifacts using machine learning algorithms","volume":"121","author":"Singh","year":"2020","journal-title":"Inf. Softw. Technol."},{"key":"10.1016\/j.jss.2023.111921_b244","doi-asserted-by":"crossref","DOI":"10.1016\/j.sysarc.2020.101861","article-title":"A survey on machine learning-based malware detection in executable files","volume":"112","author":"Singh","year":"2021","journal-title":"J. Syst. Archit."},{"key":"10.1016\/j.jss.2023.111921_b245","doi-asserted-by":"crossref","unstructured":"Solairaj, A., Prabanand, S.C., Mathalairaj, J., Prathap, C., Vignesh, L.S., 2016. Keyloggers software detection techniques. In: 2016 10th International Conference on Intelligent Systems and Control. ISCO, pp. 1\u20136.","DOI":"10.1109\/ISCO.2016.7726880"},{"key":"10.1016\/j.jss.2023.111921_b246","series-title":"2010 IEEE Symposium on Security and Privacy","first-page":"305","article-title":"Outside the closed world: On using machine learning for network intrusion detection","author":"Sommer","year":"2010"},{"key":"10.1016\/j.jss.2023.111921_b247","unstructured":"SOPHOS, 2021a. Threat Report: Navigating Cybersecurity in an Uncertain World. Tech. Rep.."},{"key":"10.1016\/j.jss.2023.111921_b248","unstructured":"SOPHOS, 2021b. Security Report: The State of Ransomware. Tech. Rep.."},{"key":"10.1016\/j.jss.2023.111921_b249","unstructured":"SOPHOS, 2021c. Threat Report: Navigating Cybersecurity in an Uncertain World. Tech. Rep.."},{"key":"10.1016\/j.jss.2023.111921_b250","doi-asserted-by":"crossref","first-page":"346","DOI":"10.1016\/j.eswa.2017.10.036","article-title":"Multiple instance learning for malware classification","volume":"93","author":"Stiborek","year":"2018","journal-title":"Expert Syst. Appl."},{"issue":"2","key":"10.1016\/j.jss.2023.111921_b251","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3379499","article-title":"A taxonomy of supervised learning for idss in scada environments","volume":"53","author":"Suaboot","year":"2020","journal-title":"ACM Comput. Surv."},{"key":"10.1016\/j.jss.2023.111921_b252","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.cose.2020.101773","article-title":"Sub-curve HMM: A malware detection approach based on partial analysis of API call sequences","volume":"92","author":"Suaboot","year":"2020","journal-title":"Comput. Secur."},{"key":"10.1016\/j.jss.2023.111921_b253","doi-asserted-by":"crossref","unstructured":"Sun, Z., Rao, Z., Chen, J., Xu, R., He, D., Yang, H., Liu, J., 2019. An Opcode sequences analysis method for unknown malware detection. In: Proceedings of the 2019 2nd International Conference on Geoinformatics and Data Analysis. pp. 15\u201319.","DOI":"10.1145\/3318236.3318255"},{"key":"10.1016\/j.jss.2023.111921_b254","doi-asserted-by":"crossref","unstructured":"Susanto, A., Munawar, A.Z., 2016. AHMDS: Advanced Hybrid Malware Detector System. In: 2016 International Conference on Data and Software Engineering. ICoDSE, pp. 1\u20136.","DOI":"10.1109\/ICODSE.2016.7936148"},{"key":"10.1016\/j.jss.2023.111921_b255","series-title":"Intriguing properties of neural networks","author":"Szegedy","year":"2013"},{"key":"10.1016\/j.jss.2023.111921_b256","series-title":"Hunting for ghosts in fileless attacks \u2014 SANS institute","author":"Tancio","year":"2019"},{"key":"10.1016\/j.jss.2023.111921_b257","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2021.102515","article-title":"A novel malware classification and augmentation model based on convolutional neural network","volume":"112","author":"Tekerek","year":"2022","journal-title":"Comput. Secur."},{"key":"10.1016\/j.jss.2023.111921_b258","doi-asserted-by":"crossref","DOI":"10.1016\/j.comnet.2021.108394","article-title":"MDCHD: A novel malware detection method in cloud using hardware trace and deep learning","volume":"198","author":"Tian","year":"2021","journal-title":"Comput. Netw."},{"key":"10.1016\/j.jss.2023.111921_b259","doi-asserted-by":"crossref","first-page":"2401","DOI":"10.1016\/j.neucom.2017.11.018","article-title":"A LSTM based framework for handling multiclass imbalance in DGA botnet detection","volume":"275","author":"Tran","year":"2018","journal-title":"Neurocomputing"},{"key":"10.1016\/j.jss.2023.111921_b260","series-title":"1.55M API import dataset for malware analysis \u2014 IEEE DataPort","author":"Trinh","year":"2021"},{"key":"10.1016\/j.jss.2023.111921_b261","doi-asserted-by":"crossref","first-page":"189","DOI":"10.1016\/j.compag.2018.12.044","article-title":"Obstacles and features of farm management information systems: A systematic literature review","volume":"157","author":"Tummers","year":"2019","journal-title":"Comput. Electron. Agric."},{"key":"10.1016\/j.jss.2023.111921_b262","doi-asserted-by":"crossref","unstructured":"Tuscano, A., Koshy, T.S., 2021. Types of Keyloggers Technologies\u2013Survey. In: ICCCE 2020.ICCCE 2020. Lecture Notes in Electrical Engineering, vol. 698. pp. 11\u201322.","DOI":"10.1007\/978-981-15-7961-5_2"},{"key":"10.1016\/j.jss.2023.111921_b263","doi-asserted-by":"crossref","first-page":"123","DOI":"10.1016\/j.cose.2018.11.001","article-title":"Survey of machine learning techniques for malware analysis","volume":"81","author":"Ucci","year":"2019","journal-title":"Comput. Secur."},{"key":"10.1016\/j.jss.2023.111921_b264","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1016\/j.jnca.2017.10.016","article-title":"Data exfiltration: A review of external attack vectors and countermeasures","volume":"101","author":"Ullah","year":"2018","journal-title":"J. Netw. Comput. Appl."},{"key":"10.1016\/j.jss.2023.111921_b265","doi-asserted-by":"crossref","first-page":"124","DOI":"10.1016\/j.future.2021.01.004","article-title":"Intelligent dynamic malware detection using machine learning in IP reputation for forensics data analytics","volume":"118","author":"Usman","year":"2021","journal-title":"Future Gener. Comput. Syst."},{"key":"10.1016\/j.jss.2023.111921_b266","doi-asserted-by":"crossref","DOI":"10.1016\/j.comnet.2020.107138","article-title":"IMCFN: Image-based malware classification using fine-tuned convolutional neural network architecture","volume":"171","author":"Vasan","year":"2020","journal-title":"Comput. Netw."},{"key":"10.1016\/j.jss.2023.111921_b267","doi-asserted-by":"crossref","unstructured":"Vemparala, S., Di Troia, F., Corrado, V.A., Austin, T.H., Stamo, M., 2016. Malware detection using dynamic birthmarks. In: Proceedings of the 2016 ACM on International Workshop on Security and Privacy Analytics. pp. 41\u201346.","DOI":"10.1145\/2875475.2875476"},{"key":"10.1016\/j.jss.2023.111921_b268","series-title":"Security, Privacy and Data Analytics","first-page":"103","article-title":"Detecting stegomalware: Malicious image steganography and its intrusion in Windows","author":"Verma","year":"2022"},{"key":"10.1016\/j.jss.2023.111921_b269","doi-asserted-by":"crossref","unstructured":"Verma, A.K., Sharma, S.K., 2021. Malware Detection Approaches using Machine Learning Techniques- Strategic Survey. In: 2021 3rd International Conference on Advances in Computing, Communication Control and Networking. ICAC3N, pp. 1958\u20131962.","DOI":"10.1109\/ICAC3N53548.2021.9725369"},{"key":"10.1016\/j.jss.2023.111921_b270","doi-asserted-by":"crossref","first-page":"46717","DOI":"10.1109\/ACCESS.2019.2906934","article-title":"Robust intelligent malware detection using deep learning","volume":"7","author":"Vinayakumar","year":"2019","journal-title":"IEEE Access"},{"key":"10.1016\/j.jss.2023.111921_b271","doi-asserted-by":"crossref","unstructured":"Vu, D.-L., Nguyen, T.-K., Nguyen, T.V., Nguyen, T.N., Massacci, F., Phung, P.H., 2019. A Convolutional Transformation Network for Malware Classification. In: 2019 6th NAFOSTED Conference on Information and Computer Science. NICS, pp. 234\u2013239.","DOI":"10.1109\/NICS48868.2019.9023876"},{"key":"10.1016\/j.jss.2023.111921_b272","doi-asserted-by":"crossref","unstructured":"Walker, A., Sengupta, S., 2019. Insights into Malware Detection via Behavioral Frequency Analysis Using Machine Learning. In: MILCOM 2019 - 2019 IEEE Military Communications Conference. MILCOM, pp. 1\u20136.","DOI":"10.1109\/MILCOM47813.2019.9021034"},{"key":"10.1016\/j.jss.2023.111921_b273","doi-asserted-by":"crossref","first-page":"91512","DOI":"10.1109\/ACCESS.2021.3090464","article-title":"Deep learning and regularization algorithms for malicious code classification","volume":"9","author":"Wang","year":"2021","journal-title":"IEEE Access"},{"key":"10.1016\/j.jss.2023.111921_b274","article-title":"Malicious code classification based on opcode sequences and textCNN network","volume":"67","author":"Wang","year":"2022","journal-title":"J. Inf. Secur. Appl."},{"key":"10.1016\/j.jss.2023.111921_b275","series-title":"What are denial of service (DoS) attacks? DoS attacks explained","author":"Weisman","year":"2021"},{"issue":"7","key":"10.1016\/j.jss.2023.111921_b276","doi-asserted-by":"crossref","first-page":"1341","DOI":"10.1162\/neco.1996.8.7.1341","article-title":"The lack of a priori distinctions between learning algorithms","volume":"8","author":"Wolpert","year":"1996","journal-title":"Neural Comput."},{"key":"10.1016\/j.jss.2023.111921_b277","first-page":"1","article-title":"PlausMal-GAN: Plausible malware training based on generative adversarial networks for analogous zero-day malware detection","author":"Won","year":"2022","journal-title":"IEEE Trans. Emerg. Top. Comput."},{"key":"10.1016\/j.jss.2023.111921_b278","series-title":"Feature squeezing: Detecting adversarial examples in deep neural networks","author":"Xu","year":"2017"},{"key":"10.1016\/j.jss.2023.111921_b279","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1016\/j.cose.2018.12.005","article-title":"Effective analysis of malware detection in cloud computing","volume":"83","author":"Yadav","year":"2019","journal-title":"Comput. Secur."},{"key":"10.1016\/j.jss.2023.111921_b280","series-title":"ICCCE 2021","first-page":"1215","article-title":"Malware techniques and its effect: A survey","author":"Yadav","year":"2022"},{"key":"10.1016\/j.jss.2023.111921_b281","doi-asserted-by":"crossref","unstructured":"Yang, L., Ciptadi, A., Laziuk, I., Ahmadzadeh, A., Wang, G., 2021a. BODMAS: An Open Dataset for Learning based Temporal Analysis of PE Malware. In: 2021 IEEE Security and Privacy Workshops. SPW, pp. 78\u201384.","DOI":"10.1109\/SPW53761.2021.00020"},{"key":"10.1016\/j.jss.2023.111921_b282","unstructured":"Yang, L., Guo, W., Hao, Q., Ciptadi, A., Ahmadzadeh, A., Xing, X., Wang, G., 2021b. {CADE}: Detecting and explaining concept drift samples for security applications. In: 30th USENIX Security Symposium. USENIX Security 21, pp. 2327\u20132344."},{"issue":"3","key":"10.1016\/j.jss.2023.111921_b283","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3073559","article-title":"A survey on malware detection using data mining techniques","volume":"50","author":"Ye","year":"2017","journal-title":"ACM Comput. Surv."},{"issue":"3","key":"10.1016\/j.jss.2023.111921_b284","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3073559","article-title":"A survey on malware detection using data mining techniques","volume":"50","author":"Ye","year":"2017","journal-title":"ACM Comput. Surv."},{"issue":"2","key":"10.1016\/j.jss.2023.111921_b285","article-title":"An overview of overfitting and its solutions","volume":"1168","author":"Ying","year":"2019","journal-title":"J. Phys.: Conf. Ser."},{"key":"10.1016\/j.jss.2023.111921_b286","doi-asserted-by":"crossref","first-page":"420","DOI":"10.1016\/j.ins.2020.08.082","article-title":"AI-HydRa: Advanced hybrid approach using random forest and deep learning for malware classification","volume":"546","author":"Yoo","year":"2021","journal-title":"Inform. Sci."},{"key":"10.1016\/j.jss.2023.111921_b287","article-title":"Towards time evolved malware identification using two-head neural network","volume":"65","author":"Yuan","year":"2022","journal-title":"J. Inf. Secur. Appl."},{"key":"10.1016\/j.jss.2023.111921_b288","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2022.102691","article-title":"A few-shot meta-learning based siamese neural network using entropy features for ransomware classification","volume":"117","author":"Zhu","year":"2022","journal-title":"Comput. Secur."},{"key":"10.1016\/j.jss.2023.111921_b289","unstructured":"Zhu, S., Shi, J., Yang, L., Qin, B., Zhang, Z., Song, L., Wang, G., 2020. Measuring and Modeling the Label Dynamics of Online {Anti-Malware} Engines. In: 29th USENIX Security Symposium. USENIX Security 20, pp. 2361\u20132378."},{"key":"10.1016\/j.jss.2023.111921_b290","article-title":"IMCLNet: A lightweight deep neural network for image-based malware classification","volume":"70","author":"Zou","year":"2022","journal-title":"J. Inf. Secur. Appl."}],"container-title":["Journal of Systems and Software"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0164121223003163?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0164121223003163?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,9,27]],"date-time":"2025-09-27T23:39:17Z","timestamp":1759016357000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0164121223003163"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,3]]},"references-count":290,"alternative-id":["S0164121223003163"],"URL":"https:\/\/doi.org\/10.1016\/j.jss.2023.111921","relation":{},"ISSN":["0164-1212"],"issn-type":[{"value":"0164-1212","type":"print"}],"subject":[],"published":{"date-parts":[[2024,3]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"A systematic literature review on Windows malware detection: Techniques, research issues, and future directions","name":"articletitle","label":"Article Title"},{"value":"Journal of Systems and Software","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.jss.2023.111921","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2023 The Author(s). Published by Elsevier Inc.","name":"copyright","label":"Copyright"}],"article-number":"111921"}}