{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,2]],"date-time":"2026-05-02T06:50:36Z","timestamp":1777704636209,"version":"3.51.4"},"reference-count":34,"publisher":"SAGE Publications","issue":"6","license":[{"start":{"date-parts":[[2018,7,20]],"date-time":"2018-07-20T00:00:00Z","timestamp":1532044800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Journal of Intelligent &amp; Fuzzy Systems"],"published-print":{"date-parts":[[2018,12,24]]},"abstract":"<jats:p>Recent research in the computer security sector has primarily been qualitative, focusing on detection aspects where malware has already infected the target. Challenges for security vendors include developing better techniques for early detection of malware attacks before they can do malicious damage. Malware prediction models are needed that can describe and predict malware generation processes. In this study, we address the feasibility of quantitative characterization of malware in security assessment, we propose a model with aim to explain the mechanism behind malware generation which contributes to estimating malware discovery. Although several malware modeling systems have been proposed, such models have shortcomings in related to historical data and do not consider malware data as a time series. Using time series analysis, we provide predictive neural network models for five datasets from Symantec and Malwr. The models explore the structures of malware data along with leveraging non-linear and linear properties to predict the number of future malware. Our examination also reveals that it is possible to model the malware discovery process using a neural network based non-linear model. In addition, our analysis provides insights into understanding the mechanisms that generate malware data series. This information can be useful for intelligence services and vital to threat assessment.<\/jats:p>","DOI":"10.3233\/jifs-169849","type":"journal-article","created":{"date-parts":[[2018,7,24]],"date-time":"2018-07-24T17:14:11Z","timestamp":1532452451000},"page":"6089-6100","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":5,"title":["An efficient neural network model for time series forecasting of malware"],"prefix":"10.1177","volume":"35","author":[{"given":"Trong-Kha","family":"Nguyen","sequence":"first","affiliation":[{"name":"Department of Electronics and Computer Engineering, Hongik University, Sejong, Korea"}]},{"given":"Vu Duc","family":"Ly","sequence":"additional","affiliation":[{"name":"Department of Electronics and Computer Engineering, Hongik University, Sejong, Korea"}]},{"given":"Seong Oun","family":"Hwang","sequence":"additional","affiliation":[{"name":"Department of Software and Communications Engineering, Hongik University, Sejong, Korea"}]}],"member":"179","published-online":{"date-parts":[[2018,7,20]]},"reference":[{"key":"e_1_3_2_2_2","unstructured":"AbadiM. AgarwalA. BarhamP. BrevdoE. ChenZ. CitroC. CorradoG. S. DsA. DeanJ. DevinM. GhemawatS. GoodfellowI. HarpA. IrvingG. IsardM. JiaY. JozefowiczR. KaiserL. KudlurM. LevenbergJ. Man\u00e9D. MongaR. MooreS. MurrayD. OlahC. SchusterM. ShlensJ. SteinerB. SutskeverI. TalwarK. TuckerP. VanhouckeV. VasudevanV. Vi\u00e9gasF. VinyalsO. WardenP. WattenbergM. WickeM. YuY. and ZhengX. TensorFlow: Large-scale machine learning on heterogeneous systems 2015. Software available from tensorflow.org."},{"key":"e_1_3_2_3_2","unstructured":"AlhazmiO.H. and MalaiyaY.K. Quantitative vulnerability assessment of systems software In Reliability and Maintainability Symposium 2005 Proceedings Annual IEEE 2005 pp. 615\u2013620."},{"key":"e_1_3_2_4_2","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2008.916872"},{"key":"e_1_3_2_5_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2013.03.045"},{"key":"e_1_3_2_6_2","doi-asserted-by":"publisher","DOI":"10.1016\/S0167-7012(00)00201-3"},{"key":"e_1_3_2_7_2","unstructured":"BayerU. HabibiI. BalzarottiD. KirdaE. and KruegelC. A view on current malware beavihors In LEET2009."},{"key":"e_1_3_2_8_2","doi-asserted-by":"crossref","unstructured":"BishopC.M. Neural networks for pattern recognition 1995\u2013Oxford University Press.","DOI":"10.1093\/oso\/9780198538493.001.0001"},{"key":"e_1_3_2_9_2","unstructured":"BoxG.E. JenkinsG.M. ReinselG.C. and LjungG.M. Time series analysis: Forecasting and control John Wiley & Sons2015."},{"key":"e_1_3_2_10_2","volume-title":"The analysis of time series: An introduction","author":"Chatfield C.","year":"2016","unstructured":"ChatfieldC.The analysis of time series: An introduction, CRC Press, 2016."},{"key":"e_1_3_2_11_2","doi-asserted-by":"crossref","unstructured":"CondonE. HeA. and CukierM. Analysis of computer security incident data using time series models In 2008 19th International Symposium on Software Reliability Engineering (ISSRE) IEEE 2008 pp. 77\u201386.","DOI":"10.1109\/ISSRE.2008.39"},{"key":"e_1_3_2_12_2","unstructured":"DavisA.J.J. and van RossumG. Web crawler 2016."},{"key":"e_1_3_2_13_2","doi-asserted-by":"publisher","DOI":"10.1016\/S0169-2070(99)00007-2"},{"key":"e_1_3_2_14_2","first-page":"1057","volume-title":"24th USENIX Security Symposium (USENIX Security 15)","author":"Graziano M.","year":"2015","unstructured":"GrazianoM., CanaliD., BilgeL., LanziA. and BalzarottiD., Needles in a haystack: Mining information from public dynamic analysis sandboxes for malware intelligence, In 24th USENIX Security Symposium (USENIX Security 15), Washington. D.C., 2015, pp. 1057\u20131072. USENIX Association."},{"key":"e_1_3_2_15_2","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-008-0100-6"},{"key":"e_1_3_2_16_2","unstructured":"JangJ. WooM. and BrumleyD. Towards automatic software lineage inference In USENIX Security (2013). pp. 81\u201396."},{"key":"e_1_3_2_17_2","doi-asserted-by":"publisher","DOI":"10.1016\/0925-2312(95)00039-9"},{"key":"e_1_3_2_18_2","doi-asserted-by":"crossref","unstructured":"KangC. ParkN. PrakashB.A. SerraE. and SubrahmanianV.S. Enble models for data-driven prediction of malware infections Proceedings of the Ninth ACM International Conference on Web Search and Data Mining WSDM \u201916New York NY USA 2016 pp. 583\u2013592. ACM.","DOI":"10.1145\/2835776.2835834"},{"key":"e_1_3_2_19_2","doi-asserted-by":"crossref","unstructured":"KimK.-H. and ChoiM.-J. Android malware detection using multivariate time-series technique In Network Operations and Management Symposium (APNOMS) 2015 17th Asia-Pacific IEEE 2015 pp. 198\u2013202.","DOI":"10.1109\/APNOMS.2015.7275426"},{"key":"e_1_3_2_20_2","unstructured":"KingmaD. and BaJ. Adam: A method for stochastic optimization arXiv preprint arXiv: 1412.6980 2014."},{"key":"e_1_3_2_21_2","doi-asserted-by":"publisher","DOI":"10.1002\/for.3980140405"},{"key":"e_1_3_2_22_2","doi-asserted-by":"publisher","DOI":"10.1093\/rfs\/1.1.41"},{"key":"e_1_3_2_23_2","doi-asserted-by":"publisher","DOI":"10.1016\/S0169-2070(00)00057-1"},{"key":"e_1_3_2_24_2","unstructured":"MatalucciR.V. Risk assessment methodology for dams (ramd sm) 2002."},{"key":"e_1_3_2_25_2","unstructured":"MoteffJ. Risk management and critical infrastructure protection: Assessing integrating and managing threats vulnerabilities and consequences Library of Congress Washington DC Congressional Research Service 2005."},{"key":"e_1_3_2_26_2","doi-asserted-by":"publisher","DOI":"10.1109\/LCOMM.2016.2517622"},{"key":"e_1_3_2_27_2","doi-asserted-by":"publisher","DOI":"10.1109\/LCOMM.2016.2517622"},{"key":"e_1_3_2_28_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2015.03.003"},{"key":"e_1_3_2_29_2","doi-asserted-by":"publisher","DOI":"10.21236\/ADA164453"},{"key":"e_1_3_2_30_2","unstructured":"SchultzM. EskinE. ZadokE. BhattacharyyaM. and SalvatoreS. System and methods for detection of new malicious executables (2003) US Patent App. 10\/208432."},{"key":"e_1_3_2_31_2","doi-asserted-by":"publisher","DOI":"10.1002\/sec.528"},{"key":"e_1_3_2_32_2","first-page":"13","article-title":"An analysis of the vulnerability discovery process in web browsers","volume":"6","author":"Woo S.-W.","year":"2006","unstructured":"WooS.-W., AlhazmiO.H. and MalaiyaY.K., An analysis of the vulnerability discovery process in web browsers, Proc of 10th IASTED SEA6 (2006). 13\u201315.","journal-title":"Proc of 10th IASTED SEA"},{"key":"e_1_3_2_33_2","unstructured":"ZeilerM.D. Adadelta: An adaptive learning rate method arXiv preprint arXiv:1212.5701 2012."},{"key":"e_1_3_2_34_2","doi-asserted-by":"publisher","DOI":"10.1016\/S0169-2070(97)00044-7"},{"key":"e_1_3_2_35_2","unstructured":"ZhangG.P. Neural Networks for Time-Series Forecasting Springer Berlin Heidelberg. Berlin. Heidelberg 2012 pp. 461\u201377."}],"container-title":["Journal of Intelligent &amp; Fuzzy Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JIFS-169849","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.3233\/JIFS-169849","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JIFS-169849","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T09:41:40Z","timestamp":1777455700000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.3233\/JIFS-169849"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,7,20]]},"references-count":34,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2018,12,24]]}},"alternative-id":["10.3233\/JIFS-169849"],"URL":"https:\/\/doi.org\/10.3233\/jifs-169849","relation":{},"ISSN":["1064-1246","1875-8967"],"issn-type":[{"value":"1064-1246","type":"print"},{"value":"1875-8967","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,7,20]]}}}