{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T15:17:22Z","timestamp":1778167042753,"version":"3.51.4"},"reference-count":33,"publisher":"Oxford University Press (OUP)","issue":"12","license":[{"start":{"date-parts":[[2019,6,4]],"date-time":"2019-06-04T00:00:00Z","timestamp":1559606400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/academic.oup.com\/journals\/pages\/open_access\/funder_policies\/chorus\/standard_publication_model"}],"funder":[{"name":"Natural Science Foundation of Hubei Province of China","award":["2017CFB307"],"award-info":[{"award-number":["2017CFB307"]}]},{"name":"Natural Science Foundation of Hubei Province of China","award":["2018CFB709"],"award-info":[{"award-number":["2018CFB709"]}]},{"name":"Natural Science Foundation of Hubei Province of China","award":["2018CFB550"],"award-info":[{"award-number":["2018CFB550"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019,12,10]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>Malware brings a big security threat on the Internet today. With the great increasing malware attacks. Behavior-based detection approaches are one of the major method to detect zero-day malware. Such approaches often use API calls to represent the behavior of malware. Unfortunately, behavior-based approaches suffer from behavior obfuscation attacks. In this paper, we propose a novel malware detection approach that is both effective and efficient. First, we abstract the API call to object operation. And then we generate the object operation dependency graph based on these object operations. Our approach use dependency graph to represent the behavior of malware. The evaluation results show that our approach can provide a complete resistance to all types of behavior obfuscation attacks, and outperforms existing behavior-based approaches in terms of better effectiveness and efficiency.<\/jats:p>","DOI":"10.1093\/comjnl\/bxz033","type":"journal-article","created":{"date-parts":[[2019,5,26]],"date-time":"2019-05-26T11:07:31Z","timestamp":1558868851000},"page":"1734-1747","source":"Crossref","is-referenced-by-count":3,"title":["Behavior-Obfuscation Resistance Malware Detection"],"prefix":"10.1093","volume":"62","author":[{"given":"Binlin","family":"Cheng","sequence":"first","affiliation":[{"name":"College of Computer and Information Engineering, Hubei Normal University, China,435002"}]},{"given":"Jinjun","family":"Liu","sequence":"additional","affiliation":[{"name":"College of Computer and Information Engineering, Hubei Normal University, China,435002"}]},{"given":"Jiejie","family":"Chen","sequence":"additional","affiliation":[{"name":"College of Computer and Information Engineering, Hubei Normal University, China,435002"}]},{"given":"Shudong","family":"Shi","sequence":"additional","affiliation":[{"name":"College of Computer and Information Engineering, Hubei Normal University, China,435002"}]},{"given":"Xufu","family":"Peng","sequence":"additional","affiliation":[{"name":"College of Computer and Information Engineering, Hubei Normal University, China,435002"}]},{"given":"Xingwen","family":"Zhang","sequence":"additional","affiliation":[{"name":"College of Computer and Information Engineering, Hubei Normal University, China,435002"}]},{"given":"Haiqing","family":"Hai","sequence":"additional","affiliation":[{"name":"School of Mathematics and Physics, Hubei Polytechnic University, China 435003"}]}],"member":"286","published-online":{"date-parts":[[2019,6,4]]},"reference":[{"key":"2021030703591986300_bxz033C1","author":"Kharraz","year":"2015"},{"key":"2021030703591986300_bxz033C2","author":"Korczynski","year":"2017"},{"key":"2021030703591986300_bxz033C3","author":"Griffin","year":"2009"},{"key":"2021030703591986300_bxz033C4","doi-asserted-by":"crossref","first-page":"251","DOI":"10.1016\/j.cose.2015.04.001","article-title":"Amal: high-fidelity, behavior-based automated malware analysis and classification","volume":"52","author":"Mohaisen","year":"2015","journal-title":"Comput. Secur."},{"key":"2021030703591986300_bxz033C5","doi-asserted-by":"crossref","first-page":"289","DOI":"10.1109\/TIFS.2015.2491300","article-title":"Semantics-based online malware detection: towards efficient real-time protection against malware","volume":"11","author":"Das","year":"2016","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"2021030703591986300_bxz033C6","doi-asserted-by":"crossref","first-page":"340","DOI":"10.1016\/j.cose.2013.08.010","article-title":"Identifying android malicious repackaged applications by thread-grained system call sequences","volume":"39","author":"Lin","year":"2013","journal-title":"Comput. Secur."},{"key":"2021030703591986300_bxz033C7","doi-asserted-by":"crossref","first-page":"2591","DOI":"10.1109\/TIFS.2015.2469253","article-title":"Employing program semantics for malware detection","volume":"10","author":"Naval","year":"2015","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"2021030703591986300_bxz033C8","doi-asserted-by":"crossref","first-page":"419","DOI":"10.1016\/j.cose.2013.09.006","article-title":"Deriving common malware behavior through graph clustering","volume":"39","author":"Park","year":"2013","journal-title":"Comput. Secur."},{"key":"2021030703591986300_bxz033C9","doi-asserted-by":"crossref","first-page":"62","DOI":"10.1016\/j.cose.2014.07.004","article-title":"Enhancing the detection of metamorphic malware using call graphs","volume":"46","author":"Elhadi","year":"2014","journal-title":"Comput. Secur."},{"key":"2021030703591986300_bxz033C10","author":"W\u00fcchner","year":"2015"},{"key":"2021030703591986300_bxz033C11","doi-asserted-by":"crossref","first-page":"47","DOI":"10.1016\/j.cose.2017.02.009","article-title":"Security importance assessment for system objects and malware detection","volume":"68","author":"Mao","year":"2017","journal-title":"Comput. Secur."},{"key":"2021030703591986300_bxz033C12","author":"Canali","year":"2012"},{"key":"2021030703591986300_bxz033C13","author":"Wu","year":"2010"},{"key":"2021030703591986300_bxz033C14","author":"Chandramohan","year":"201"},{"key":"2021030703591986300_bxz033C15","author":"Kaspersky"},{"key":"2021030703591986300_bxz033C16","author":"TrendMicro"},{"key":"2021030703591986300_bxz033C17","doi-asserted-by":"crossref","first-page":"377","DOI":"10.1145\/1190215.1190270","article-title":"A semantics-based approach to malware detection","volume":"42","author":"Preda","year":"2007","journal-title":"ACM SIGPLAN Notices"},{"key":"2021030703591986300_bxz033C18","doi-asserted-by":"crossref","first-page":"25","DOI":"10.1145\/1387673.1387674","article-title":"A semantics-based approach to malware detection","volume":"30","author":"Preda","year":"2008","journal-title":"ACM Trans. Program. Lang. Syst."},{"key":"2021030703591986300_bxz033C19","author":"Banescu","year":"2015"},{"key":"2021030703591986300_bxz033C20","author":"Bayer","year":"2009"},{"key":"2021030703591986300_bxz033C21","first-page":"291","article-title":"Leveraging compression-based graph mining for behavior-based malware detection","volume":"10","author":"Wuechner","year":"2017","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"2021030703591986300_bxz033C22","author":"Christodorescu","year":"2005"},{"key":"2021030703591986300_bxz033C23","author":"Christodorescu","year":"2007"},{"key":"2021030703591986300_bxz033C24","author":"Bunke","year":"2003"},{"key":"2021030703591986300_bxz033C25","doi-asserted-by":"crossref","first-page":"23","DOI":"10.1002\/spe.4380120103","article-title":"Backtrack search algorithms and the maximal common subgraph problem","volume":"12","author":"McGregor","year":"1982","journal-title":"Softw. Practice Exp."},{"key":"2021030703591986300_bxz033C26","doi-asserted-by":"crossref","first-page":"255","DOI":"10.1016\/S0167-8655(97)00179-7","article-title":"A graph distance metric based on the maximal common subgraph","volume":"19","author":"Bunke","year":"1998","journal-title":"Pattern Recogn. Lett."},{"key":"2021030703591986300_bxz033C27","author":"Riesen","year":"2013"},{"key":"2021030703591986300_bxz033C28","author":"Nappa","year":"2013"},{"key":"2021030703591986300_bxz033C29","author":"Banescu","year":"2015"},{"key":"2021030703591986300_bxz033C30","author":"Kharraz","year":"2016"},{"key":"2021030703591986300_bxz033C31","author":"Carlini","year":"2015"},{"key":"2021030703591986300_bxz033C32","doi-asserted-by":"crossref","first-page":"55","DOI":"10.1145\/2716260","article-title":"Taxonomy and survey of collaborative intrusion detection","volume":"47","author":"Vasilomanolakis","year":"2015","journal-title":"ACM Comput. Surv."},{"key":"2021030703591986300_bxz033C33","author":"Gascon","year":"2013"}],"container-title":["The Computer Journal"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/academic.oup.com\/comjnl\/article-pdf\/62\/12\/1734\/36429238\/bxz033.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"http:\/\/academic.oup.com\/comjnl\/article-pdf\/62\/12\/1734\/36429238\/bxz033.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,3,7]],"date-time":"2021-03-07T03:59:37Z","timestamp":1615089577000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/comjnl\/article\/62\/12\/1734\/5510727"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,6,4]]},"references-count":33,"journal-issue":{"issue":"12","published-online":{"date-parts":[[2019,6,4]]},"published-print":{"date-parts":[[2019,12,10]]}},"URL":"https:\/\/doi.org\/10.1093\/comjnl\/bxz033","relation":{},"ISSN":["0010-4620","1460-2067"],"issn-type":[{"value":"0010-4620","type":"print"},{"value":"1460-2067","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2019,12]]},"published":{"date-parts":[[2019,6,4]]}}}