{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,8]],"date-time":"2026-04-08T20:33:18Z","timestamp":1775680398131,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":18,"publisher":"ACM","license":[{"start":{"date-parts":[[2009,11,9]],"date-time":"2009-11-09T00:00:00Z","timestamp":1257724800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2009,11,9]]},"DOI":"10.1145\/1654988.1655003","type":"proceedings-article","created":{"date-parts":[[2009,11,17]],"date-time":"2009-11-17T13:30:15Z","timestamp":1258464615000},"page":"55-62","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":107,"title":["Using spatio-temporal information in API calls with machine learning algorithms for malware detection"],"prefix":"10.1145","author":[{"given":"Faraz","family":"Ahmed","sequence":"first","affiliation":[{"name":"FAST National University of Computer &amp; Emerging Sciences (FAST-NUCES), Islamabad, Pakistan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Haider","family":"Hameed","sequence":"additional","affiliation":[{"name":"FAST National University of Computer &amp; Emerging Sciences (FAST-NUCES), Islamabad, Pakistan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"M. Zubair","family":"Shafiq","sequence":"additional","affiliation":[{"name":"FAST National University of Computer &amp; Emerging Sciences (FAST-NUCES), Islamabad, Pakistan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Muddassar","family":"Farooq","sequence":"additional","affiliation":[{"name":"FAST National University of Computer &amp; Emerging Sciences (FAST-NUCES), Islamabad, Pakistan"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2009,11,9]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"API Monitor -- Spy and display API calls made by Win32 applications available at http:\/\/www.apimonitor.com.  API Monitor -- Spy and display API calls made by Win32 applications available at http:\/\/www.apimonitor.com."},{"key":"e_1_3_2_1_2_1","unstructured":"Overview of the Windows API available at http:\/\/msdn.microsoft.com\/en-us\/library\/aa383723(VS.85).aspx.  Overview of the Windows API available at http:\/\/msdn.microsoft.com\/en-us\/library\/aa383723(VS.85).aspx."},{"key":"e_1_3_2_1_3_1","unstructured":"VX Heavens Virus Collection VX Heavens http:\/\/vx.netlux.org\/.  VX Heavens Virus Collection VX Heavens http:\/\/vx.netlux.org\/."},{"key":"e_1_3_2_1_4_1","volume-title":"Technical Report, TR-nexGINRC-2009-42","author":"Ahmed F.","year":"2009","unstructured":"F. Ahmed , H. Hameed , M.Z. Shafiq , M. Farooq , \" Using Spatio-Temporal Information in API Calls with Machine Learning Algorithms for Malware Detection and Analysis\" , Technical Report, TR-nexGINRC-2009-42 , 2009 , available at http:\/\/www.nexginrc.org\/papers\/tr42-faraz.pdf F. Ahmed, H. Hameed, M.Z. Shafiq, M. Farooq, \"Using Spatio-Temporal Information in API Calls with Machine Learning Algorithms for Malware Detection and Analysis\", Technical Report, TR-nexGINRC-2009-42, 2009, available at http:\/\/www.nexginrc.org\/papers\/tr42-faraz.pdf"},{"key":"e_1_3_2_1_5_1","volume-title":"International Workshop on the Theory of Computer Viruses (TCV)","author":"Marion P. Beaucamps J.-Y.","year":"2008","unstructured":"P. Beaucamps J.-Y. Marion , \"Optimized control flow graph construction for malware detection \", International Workshop on the Theory of Computer Viruses (TCV) , France , 2008 . P. Beaucamps J.-Y. Marion, \"Optimized control flow graph construction for malware detection\", International Workshop on the Theory of Computer Viruses (TCV), France, 2008."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2005.20"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"crossref","unstructured":"T. M. Cover J. A. Thomas \"Elements of Information Theory\" Wiley-Interscience 1991.   T. M. Cover J. A. Thomas \"Elements of Information Theory\" Wiley-Interscience 1991.","DOI":"10.1002\/0471200611"},{"key":"e_1_3_2_1_8_1","first-page":"4","article-title":"ROC Graphs: Notes and Practical Considerations for Researchers","author":"Fawcett T.","year":"2003","unstructured":"T. Fawcett , \" ROC Graphs: Notes and Practical Considerations for Researchers \", Techincal Report, HP Labs, CA , 2003 -- 4 , USA, 2003. T. Fawcett, \"ROC Graphs: Notes and Practical Considerations for Researchers\", Techincal Report, HP Labs, CA, 2003--4, USA, 2003.","journal-title":"Techincal Report, HP Labs, CA"},{"key":"e_1_3_2_1_9_1","first-page":"120","volume-title":"IEEE Symposium on Security and Privacy (S&P), IEEE Press","author":"Forrest S.","year":"1996","unstructured":"S. Forrest , S.A. Hofmeyr , A. Somayaji , T.A. Longstaff , \" A Sense of Self for Unix Processes\" , IEEE Symposium on Security and Privacy (S&P), IEEE Press , pp. 120 -- 128 , USA, 1996 S. Forrest, S.A. Hofmeyr, A. Somayaji, T.A. Longstaff, \"A Sense of Self for Unix Processes\", IEEE Symposium on Security and Privacy (S&P), IEEE Press, pp. 120--128, USA, 1996"},{"key":"e_1_3_2_1_10_1","volume-title":"Morgan Kaufmann","author":"Han J.","year":"2000","unstructured":"J. Han , M. Kamber , \" Data Mining : Concepts and Techniques \", Morgan Kaufmann , 2000 . J. Han, M. Kamber, \"Data Mining: Concepts and Techniques\", Morgan Kaufmann, 2000."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1127345.1127348"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1368310.1368334"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70542-0_5"},{"key":"e_1_3_2_1_14_1","first-page":"20","volume-title":"ICDM Workshop on Data Mining for Computer Security (DMSEC)","author":"Tandon G.","year":"2003","unstructured":"G. Tandon , P. Chan , \" Learning Rules from System Call Arguments and Sequences for Anomaly Detection\" , ICDM Workshop on Data Mining for Computer Security (DMSEC) , pp. 20 -- 29 , IEEE Press, USA , 2003 . G. Tandon, P. Chan, \"Learning Rules from System Call Arguments and Sequences for Anomaly Detection\", ICDM Workshop on Data Mining for Computer Security (DMSEC), pp. 20--29, IEEE Press, USA, 2003."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/586110.586145"},{"key":"e_1_3_2_1_16_1","first-page":"133","volume-title":"IEEE Symposium on Security and Privacy (S&P)","author":"Warrender C.","year":"1999","unstructured":"C. Warrender , S. Forrest , B. Pearlmutter , \" Detecting Intrusions Using System Calls : Alternative Data Models \", IEEE Symposium on Security and Privacy (S&P) , pp. 133 -- 145 , IEEE Press, USA , 1999 . C. Warrender, S. Forrest, B. Pearlmutter, \"Detecting Intrusions Using System Calls: Alternative Data Models\", IEEE Symposium on Security and Privacy (S&P), pp. 133--145, IEEE Press, USA, 1999."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.5555\/645838.670723"},{"key":"e_1_3_2_1_18_1","volume-title":"Morgan Kaufmann","author":"Witten I.H.","year":"2005","unstructured":"I.H. Witten , E. Frank , \" Data mining : Practical machine learning tools and techniques \", Morgan Kaufmann , 2 nd edition, USA , 2005 . I.H. Witten, E. Frank, \"Data mining: Practical machine learning tools and techniques\", Morgan Kaufmann, 2nd edition, USA, 2005.","edition":"2"}],"event":{"name":"CCS '09: 16th ACM Conference on Computer and Communications Security 2009","location":"Chicago Illinois USA","acronym":"CCS '09","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2nd ACM workshop on Security and artificial intelligence"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1654988.1655003","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1654988.1655003","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T12:41:00Z","timestamp":1750250460000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1654988.1655003"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009,11,9]]},"references-count":18,"alternative-id":["10.1145\/1654988.1655003","10.1145\/1654988"],"URL":"https:\/\/doi.org\/10.1145\/1654988.1655003","relation":{},"subject":[],"published":{"date-parts":[[2009,11,9]]},"assertion":[{"value":"2009-11-09","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}