{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,17]],"date-time":"2026-03-17T08:03:58Z","timestamp":1773734638437,"version":"3.50.1"},"reference-count":48,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"name":"Fondo Regional para la Innovaci\u00f3n Digital en Am\u00e9rica Latina y el Caribe"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Open J. Commun. Soc."],"published-print":{"date-parts":[[2026]]},"DOI":"10.1109\/ojcoms.2026.3667851","type":"journal-article","created":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T20:59:22Z","timestamp":1772053162000},"page":"2385-2399","source":"Crossref","is-referenced-by-count":0,"title":["Extending Memory-Based Obfuscated Malware Detection With Network Behavior"],"prefix":"10.1109","volume":"7","author":[{"ORCID":"https:\/\/orcid.org\/0009-0000-4867-4352","authenticated-orcid":false,"given":"Jhon F.","family":"Mercado","sequence":"first","affiliation":[{"name":"Electronics Engineering Department, GITA-Lab, Universidad de Antioquia, Medellin, Antioquia, Colombia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8343-4530","authenticated-orcid":false,"given":"Josue","family":"Genaro Almaraz-Rivera","sequence":"additional","affiliation":[{"name":"School of Engineering and Sciences, Tecnologico de Monterrey, Monterrey, Nuevo Leon, Mexico"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2880-4601","authenticated-orcid":false,"given":"Sergio","family":"Armando Gutierrez","sequence":"additional","affiliation":[{"name":"Electronics Engineering Department, GITA-Lab, Universidad de Antioquia, Medellin, Antioquia, Colombia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7678-5487","authenticated-orcid":false,"given":"Jesus Arturo","family":"Perez-Diaz","sequence":"additional","affiliation":[{"name":"School of Engineering and Sciences, Tecnologico de Monterrey, Monterrey, Nuevo Leon, Mexico"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1294-137X","authenticated-orcid":false,"given":"Luis A.","family":"Fletscher","sequence":"additional","affiliation":[{"name":"Electronics Engineering Department, GITA-Lab, Universidad de Antioquia, Medellin, Antioquia, Colombia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5597-939X","authenticated-orcid":false,"given":"Jose Antonio","family":"Cantoral-Ceballos","sequence":"additional","affiliation":[{"name":"School of Engineering and Sciences, Tecnologico de Monterrey, Monterrey, Nuevo Leon, Mexico"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7072-8924","authenticated-orcid":false,"given":"Juan Felipe","family":"Botero","sequence":"additional","affiliation":[{"name":"Electronics Engineering Department, GITA-Lab, Universidad de Antioquia, Medellin, Antioquia, Colombia"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2963724"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1186\/s42400-019-0043-x"},{"key":"ref3","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2023.103653","article-title":"A survey on the evolution of fileless attacks and detection techniques","volume":"137","author":"Liu","year":"2024","journal-title":"Comput. Secur."},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.3390\/sym15030758"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2013.101613.00077"},{"key":"ref6","volume-title":"An obfuscated malware detection system based on memory analysis and self-supervised tabular learning","author":"Almaraz-Rivera","year":"2025"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1016\/j.fsidi.2023.301561"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/ICUMT57764.2022.9943443"},{"issue":"9","key":"ref9","doi-asserted-by":"crossref","first-page":"332","DOI":"10.3390\/a15090332","article-title":"Tree-based classifier ensembles for PE malware analysis: A performance revisit","volume":"15","author":"Louk","year":"2022","journal-title":"Algorithms"},{"key":"ref10","doi-asserted-by":"crossref","DOI":"10.1016\/j.eswa.2023.119952","article-title":"Development of a deep stacked ensemble with process based volatile memory forensics for platform independent malware detection and classification","volume":"223","author":"Naeem","year":"2023","journal-title":"Expert Syst. Appl."},{"key":"ref11","doi-asserted-by":"crossref","DOI":"10.1016\/j.compeleceng.2025.110107","article-title":"Leveraging memory forensic features for explainable obfuscated malware detection with isolated family distinction paradigm","volume":"123","author":"Sharmila","year":"2025","journal-title":"Comput. Electr. Eng."},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.5220\/0010908200003120"},{"key":"ref13","article-title":"Winmal25 dataset","author":"Almaraz-Rivera","year":"2025"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1007\/s00500-022-07447-4"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2024.3358840"},{"key":"ref16","article-title":"Detecting new obfuscated malware variants: A lightweight and interpretable machine learning approach","volume":"25","author":"Madamidola","year":"2025","journal-title":"Intell. Syst. Appl."},{"issue":"11","key":"ref17","doi-asserted-by":"crossref","first-page":"5348","DOI":"10.3390\/s23115348","article-title":"Obfuscated memory malware detection in resource-constrained IoT devices for smart city applications","volume":"23","author":"Shafin","year":"2023","journal-title":"Sensors"},{"issue":"1","key":"ref18","doi-asserted-by":"crossref","first-page":"4","DOI":"10.3390\/jcp5010004","article-title":"Detecting malware C&C communication traffic using artificial intelligence techniques","volume":"5","author":"Kazi","year":"2025","journal-title":"J. Cybersecurity Privacy"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-16837-7_8"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.2988877"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/ICSP51882.2021.9408973"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2025.3580395"},{"issue":"17","key":"ref23","doi-asserted-by":"crossref","first-page":"8604","DOI":"10.3390\/app12178604","article-title":"Malware detection using memory analysis data in big data environment","volume":"12","author":"Dener","year":"2022","journal-title":"Appl. Sci."},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/3764580"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/RDAAPS48126.2021.9452028"},{"key":"ref26","first-page":"93","article-title":"Comparison of LSTM architecture for malware classification","volume-title":"Proc. Int. Conf. Informat., Multimedia, Cyber Inf. Syst. (ICIMCIS)","author":"Setiawan"},{"key":"ref27","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2023.103409","article-title":"XMal: A lightweight memory-based explainable obfuscated-malware detector","volume":"133","author":"Alani","year":"2023","journal-title":"Comput. Secur."},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/3677374"},{"key":"ref29","article-title":"A unified approach to interpreting model predictions","author":"Lundberg","year":"2017","journal-title":"arXiv:1705.07874"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/2939672.2939778"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1002\/aisy.202400304"},{"key":"ref32","first-page":"507","article-title":"Why do tree-based models still outperform deep learning on typical tabular data?","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","author":"Grinsztajn"},{"key":"ref33","doi-asserted-by":"crossref","first-page":"84","DOI":"10.1016\/j.inffus.2021.11.011","article-title":"Tabular data: Deep learning is not all you need","volume":"81","author":"Shwartz-Ziv","year":"2022","journal-title":"Inf. Fusion"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1080\/01621459.2023.2197686"},{"key":"ref35","article-title":"Nested cross-validation when selecting classifiers is overzealous for most practical applications","author":"Wainer","year":"2018","journal-title":"arXiv:1809.09446"},{"key":"ref36","article-title":"Evaluation: From precision, recall and F-measure to ROC, informedness, markedness and correlation","author":"Powers","year":"2020","journal-title":"arXiv:2010.16061"},{"issue":"4","key":"ref37","doi-asserted-by":"crossref","first-page":"427","DOI":"10.1016\/j.ipm.2009.03.002","article-title":"A systematic analysis of performance measures for classification tasks","volume":"45","author":"Sokolova","year":"2009","journal-title":"Inf. Process. Manage."},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2008.239"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.5555\/1248547.1248548"},{"key":"ref40","article-title":"Explainable AI for trees: From local explanations to global understanding","author":"Lundberg","year":"2019","journal-title":"arXiv:1905.04610"},{"issue":"86","key":"ref41","first-page":"2579","article-title":"Visualizing data using t-SNE","volume":"9","author":"Maaten","year":"2008","journal-title":"J. Mach. Learn. Res."},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1145\/2089125.2089126"},{"issue":"10","key":"ref43","doi-asserted-by":"crossref","first-page":"2044","DOI":"10.1016\/j.ins.2009.12.010","article-title":"Advanced nonparametric tests for multiple comparisons in the design of experiments in computational intelligence and data mining: Experimental analysis of power","volume":"180","author":"Garc\u00eda","year":"2010","journal-title":"Inf. Sci."},{"key":"ref44","article-title":"Distribution-free multiple comparisons","author":"Nemenyi","year":"1963"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511921803"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1016\/j.sysarc.2020.101861"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/TBDATA.2025.3600034"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2025.3549628"}],"container-title":["IEEE Open Journal of the Communications Society"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/8782661\/11343983\/11411856.pdf?arnumber=11411856","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,17]],"date-time":"2026-03-17T05:45:56Z","timestamp":1773726356000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11411856\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"references-count":48,"URL":"https:\/\/doi.org\/10.1109\/ojcoms.2026.3667851","relation":{},"ISSN":["2644-125X"],"issn-type":[{"value":"2644-125X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]}}}