{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T06:49:51Z","timestamp":1773470991297,"version":"3.50.1"},"reference-count":71,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"DOI":"10.13039\/501100003725","name":"National Research Foundation of Korea","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100003725","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Korean Government","award":["NRF-2022R1C1C1010494"],"award-info":[{"award-number":["NRF-2022R1C1C1010494"]}]},{"DOI":"10.13039\/501100010418","name":"Ministry of Science, ICT (MSIT), Korea, under the High-Potential Individuals Global Training Program","doi-asserted-by":"publisher","award":["IITP-2021-0-02104"],"award-info":[{"award-number":["IITP-2021-0-02104"]}],"id":[{"id":"10.13039\/501100010418","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2022]]},"DOI":"10.1109\/access.2022.3171226","type":"journal-article","created":{"date-parts":[[2022,4,29]],"date-time":"2022-04-29T19:54:52Z","timestamp":1651262092000},"page":"49566-49584","source":"Crossref","is-referenced-by-count":11,"title":["A Comprehensive Analysis of Today\u2019s Malware and Its Distribution Network: Common Adversary Strategies and Implications"],"prefix":"10.1109","volume":"10","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0430-3004","authenticated-orcid":false,"given":"Siwon","family":"Huh","sequence":"first","affiliation":[{"name":"Department of Computer Science and Engineering, Sungkyunkwan University, Jangan-gu, Suwon-si, Republic of Korea"}]},{"given":"Seonghwan","family":"Cho","sequence":"additional","affiliation":[{"name":"Graduate School of Information Security, School of Computing, Korea Advanced Institute of Science and Technology (KAIST), Yuseong-gu, Daejeon, South Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0260-1865","authenticated-orcid":false,"given":"Jinho","family":"Choi","sequence":"additional","affiliation":[{"name":"Graduate School of Information Security, School of Computing, Korea Advanced Institute of Science and Technology (KAIST), Yuseong-gu, Daejeon, South Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1077-5606","authenticated-orcid":false,"given":"Seungwon","family":"Shin","sequence":"additional","affiliation":[{"name":"School of Electrical Engineering, Korea Advanced Institute of Science and Technology (KAIST), Yuseong-gu, Daejeon, South Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5344-6266","authenticated-orcid":false,"given":"Hojoon","family":"Lee","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, Sungkyunkwan University, Jangan-gu, Suwon-si, Republic of Korea"}]}],"member":"263","reference":[{"key":"ref1","first-page":"1","article-title":"Measuring pay-per-install: The commoditization of malware distribution","volume-title":"Proc. USENIX Secur. Symp.","volume":"13","author":"Caballero"},{"key":"ref2","first-page":"721","article-title":"Investigating commercial pay-per-install and the distribution of unwanted software","volume-title":"Proc. 25th USENIX Secur. Symp. (USENIX Secur.)","author":"Thomas"},{"key":"ref3","first-page":"739","article-title":"Measuring PUP prevalence and PUP distribution through pay-per-install services","volume-title":"Proc. 25th USENIX Secur. Symp. (USENIX Secur.)","author":"Kotzias"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/3321705.3329807"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813724"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/3291061"},{"key":"ref7","first-page":"3505","article-title":"The circle of life: A large-scale study of the IoT malware lifecycle","volume-title":"Proc. 30th USENIX Secur. Symp. (USENIX Secur.)","author":"Alrawi"},{"key":"ref8","first-page":"187","article-title":"MutantX-S: Scalable malware clustering based on static features","volume-title":"Proc. USENIX Annu. Tech. Conf. (USENIX ATC)","author":"Hu"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1016\/j.jocs.2017.05.027"},{"key":"ref10","first-page":"1","article-title":"Experimental study of fuzzy hashing in malware clustering analysis","volume-title":"Proc. 8th Workshop Cyber Secur. Experimentation Test (CSET)","author":"Li"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66332-6_9"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2017.2739145"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pone.0155781"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2017.2762418"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1016\/j.neucom.2012.11.050"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/TSG.2017.2703842"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.4108\/eai.3-12-2015.2262516"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-46675-0_53"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3118642"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/CISDA.2009.5356528"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23247"},{"key":"ref22","article-title":"Microsoft malware classification challenge","author":"Ronen","year":"2018","journal-title":"arXiv:1802.10135"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/PST.2017.00035"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/CCCS.2019.8888147"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(00)00139-0"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2011.12.012"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2014.6997492"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/CCST.2018.8585560"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2019.102419"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1007\/s12083-017-0630-0"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1016\/j.neucom.2019.02.056"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.3390\/info10040122"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2021.3100755"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1016\/j.phycom.2020.101157"},{"key":"ref35","first-page":"352","article-title":"Line-speed and scalable intrusion detection at the network edge via federated learning","volume-title":"Proc. IFIP Netw. Conf. (Networking)","author":"Qin"},{"key":"ref36","volume-title":"URLHaus Malware URL Exchange","year":"2020"},{"key":"ref37","volume-title":"VxVault","year":"2020"},{"key":"ref38","volume-title":"Virustotal","year":"2020"},{"key":"ref39","volume-title":"Hybrid Analysis Free Automated Malware Analysis Service"},{"key":"ref40","volume-title":"Joe Sandbox Automated Malware Analysis","year":"2020"},{"key":"ref41","volume-title":"ANY.RUN Interactive Online Malware Sandbox","year":"2020"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.21236\/ADA465464"},{"key":"ref43","first-page":"2361","article-title":"Measuring and modeling the label dynamics of online anti-malware engines","volume-title":"Proc. 29th USENIX Secur. Symp. (USENIX Secur.)","author":"Zhu"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-45719-2_11"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/CCST.2017.8167802"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-020-00509-4"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-13-2203-7_21"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2019.01.018"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.5555\/3241189.3241275"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2815660"},{"key":"ref51","article-title":"IoT malware: Comprehensive survey, analysis framework and case studies","author":"Costin","year":"2018","journal-title":"BlackHat USA"},{"key":"ref52","volume-title":"Old Malware Tricks to Bypass Detection in the Age of Big Data","author":"Ishimaru","year":"2017"},{"key":"ref53","volume-title":"Process Injection: Process Hollowing","year":"2020"},{"key":"ref54","volume-title":"Authorities Break Up Imminent Monitor Spyware Organization","author":"Seals","year":"2019"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-15512-3_13"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1109\/CTC.2013.9"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1145\/3176258.3176306"},{"key":"ref58","volume-title":"Notorious Trojan Emotet Attacks Indian Firms Daily","author":"Ahaskar","year":"2019"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-86365-4_11"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom50675.2020.00106"},{"key":"ref61","first-page":"8","article-title":"Scalable, behavior-based malware clustering","volume-title":"Proc. NDSS","volume":"9","author":"Bayer"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-05149-9_15"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-08509-8_7"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.7717\/peerj.12661\/fig-5"},{"key":"ref65","volume-title":"Malware Attribute Enumeration and Characterization (MAEC)","year":"2020"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70542-0_6"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-2010-0410"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP.2013.6638293"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897918"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1109\/ICEEM52022.2021.9480648"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1007\/s12046-020-01392-4"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6287639\/9668973\/09765474.pdf?arnumber=9765474","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,1,22]],"date-time":"2024-01-22T21:58:52Z","timestamp":1705960732000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9765474\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"references-count":71,"URL":"https:\/\/doi.org\/10.1109\/access.2022.3171226","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022]]}}}