{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T02:19:14Z","timestamp":1760149154093,"version":"build-2065373602"},"reference-count":41,"publisher":"MDPI AG","issue":"7","license":[{"start":{"date-parts":[[2023,7,11]],"date-time":"2023-07-11T00:00:00Z","timestamp":1689033600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Center of Excellence in Scientific Computing (CoE-SciCo) Universidad Nacional de Colombia"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Computation"],"abstract":"<jats:p>Since its introduction, researching malware has had two main goals. On the one hand, malware writers have been focused on developing software that can cause more damage to a targeted host for as long as possible. On the other hand, malware analysts have as one of their main purposes the development of tools such as malware detection systems (MDS) or network intrusion detection systems (NIDS) to prevent and detect possible threats to the informatic systems. Obfuscation techniques, such as the encryption of the virus\u2019s code lines, have been developed to avoid their detection. In contrast, shallow machine learning and deep learning algorithms have recently been introduced to detect them. This paper is devoted to some theoretical implications derived from these investigations. We prove that hidden algebraic structures as equipped posets and their categories of representations are behind the research of some infections. Properties of these categories are given to provide a better understanding of different infection techniques.<\/jats:p>","DOI":"10.3390\/computation11070140","type":"journal-article","created":{"date-parts":[[2023,7,12]],"date-time":"2023-07-12T00:50:41Z","timestamp":1689123041000},"page":"140","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Algebraic Structures Induced by the Insertion and Detection of Malware"],"prefix":"10.3390","volume":"11","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6812-5131","authenticated-orcid":false,"given":"Agust\u00edn Moreno","family":"Ca\u00f1adas","sequence":"first","affiliation":[{"name":"Departamento de Matem\u00e1ticas, Universidad Nacional de Colombia, Edificio Yu Takeuchi 404, Kra 30 No. 45-03, Bogot\u00e1 11001000, Colombia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3953-2381","authenticated-orcid":false,"given":"Odette M.","family":"Mendez","sequence":"additional","affiliation":[{"name":"Departamento de Matem\u00e1ticas, Universidad Nacional de Colombia, La Nubia, Manizales 170003, Colombia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2475-6227","authenticated-orcid":false,"given":"Juan David Camacho","family":"Vega","sequence":"additional","affiliation":[{"name":"Departamento de Matem\u00e1ticas, Universidad Nacional de Colombia, Edificio Yu Takeuchi 404, Kra 30 No. 45-03, Bogot\u00e1 11001000, Colombia"}]}],"member":"1968","published-online":{"date-parts":[[2023,7,11]]},"reference":[{"key":"ref_1","unstructured":"Szor, P. (2005). The Art of Computer; Virus Research and Defense, Pearson Education Inc."},{"key":"ref_2","unstructured":"Venkatachalam, S. (2010). Detecting Undetectable Computer Viruses. [Master\u2019s Thesis, San Jos\u00e9 State University]."},{"key":"ref_3","unstructured":"Alzarooni, K.M.A.Y. (2012). Malware Variant Detection. [Ph.D. Thesis, University College London]."},{"key":"ref_4","unstructured":"Konstantinou, E. (2008). Metamorphic Virus: Analysis and Detection, Royal Holloway, University of London. Technical Report."},{"key":"ref_5","unstructured":"Cohen, F.B. (1994). A Short Course on Computer Viruses, Wiley Professional Computing."},{"key":"ref_6","first-page":"1","article-title":"Stuxnet under the microscope","volume":"6","author":"Matrosov","year":"2010","journal-title":"ESET LLC"},{"key":"ref_7","first-page":"1","article-title":"Analysis of encryption schemes in modern ransomware","volume":"25","author":"Ploszek","year":"2021","journal-title":"Rad Hazu Maemati\u010dke Znanosti"},{"key":"ref_8","unstructured":"Cannarile, A., Carrera, F., Galantucci, S., Iannacone, A., and Pirlo, G. (2022, January 20\u201323). A study on malware detection and classification using the analysis of API calls sequences through shallow learning and recurrent neural networks. Proceedings of the TASEC\u201922: Italian Conference on Cybersecurity, Rome, Italy."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.cose.2020.101760","article-title":"A dynamic Windows malware detection and prediction method based on contextual understanding of API call sequence","volume":"92","author":"Amer","year":"2020","journal-title":"Comput. Secur."},{"key":"ref_10","unstructured":"Hu, W., and Tang, Y. (2018, January 2\u20137). Black-box attacks against RNN based malware detection algorithms. Proceedings of the AAAI Workshops, New Orleans, LA, USA."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"He, K. (2018). Malware Detection with Malware Images using Deep Learning Techniques. [Bachelor\u2019s Thesis, University of Canterbury].","DOI":"10.1109\/TrustCom\/BigDataSE.2019.00022"},{"key":"ref_12","unstructured":"Nataraj, L., Karthikeyan, S., Jacob, G., and Manjunath, B.S. (2011). VizSec \u201911: Proceedings of the 8th International Symposium on Visualization for Cyber Security, ACM."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Iglesias Perez, S., and Criado, R. (2023). Increasing the effectiveness of network intrusion detection systems (NIDSs) by using multiplex networks and visibility graphs. Mathematics, 11.","DOI":"10.3390\/math11010107"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Kumar, J., and Subbiah, G. (2022). Zero-day malware detection and effective malware analysis using shapley ensemble boosting and bagging approach. Sensors, 22.","DOI":"10.3390\/s22072798"},{"key":"ref_15","unstructured":"Kaspersky Enterprise Cybersecurity (2023, June 07). Machine Learning for Malware Detection. Available online: media.kaspersky.com."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"800","DOI":"10.3390\/jcp2040041","article-title":"A Survey of the Recent Trends in Deep Learning Based Malware Detection","volume":"2","author":"Tayyab","year":"2022","journal-title":"J. Cybersecur. Priv."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1109\/ACCESS.2019.2963724","article-title":"A comprehensive review on malware detection approaches","volume":"8","author":"Aslan","year":"2020","journal-title":"IEEE Access"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"221","DOI":"10.1007\/s11416-008-0094-0","article-title":"Detection of metamorphic and virtualization-based malware using algebraic specification","volume":"5","author":"Webster","year":"2009","journal-title":"J. Comp. Virol."},{"key":"ref_19","first-page":"413","article-title":"On Two Point Differentiation and its Generalization","volume":"376","author":"Zavadskij","year":"2005","journal-title":"Algebr. Struct. Their Represent. AMS Contemp. Math. Ser."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"389","DOI":"10.1016\/S0024-3795(02)00412-3","article-title":"Tame equipped posets","volume":"365","author":"Zavadskij","year":"2003","journal-title":"Linear Algebra Appl."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"38","DOI":"10.12958\/adm1647","article-title":"Categorical Properties of Some Algorithms of Differentiation for Equipped Posets","volume":"33","author":"Gaviria","year":"2022","journal-title":"Algebra Discret. Math."},{"key":"ref_22","first-page":"249","article-title":"On the apparatus of differentiation DI-DV for posets","volume":"9","author":"Vargas","year":"2019","journal-title":"S\u00e3o Paulo J. Math. Sci."},{"key":"ref_23","unstructured":"Mantovani, A., Aonzo, S., Ugarte-Pedrero, X., Merlo, A., and Balzarotti, D. (2020). Network and Distributed Systems Security (NDSS) Symposium, NDSS."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1109\/MSP.2007.48","article-title":"Using entropy analysis to find encrypted and packed malware","volume":"5","author":"Lyda","year":"2007","journal-title":"IEEE Secur. Priv."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"110205","DOI":"10.1109\/ACCESS.2019.2931136","article-title":"Machine learning based file entropy Analysis for ransomware detection in backup systems","volume":"7","author":"Lee","year":"2019","journal-title":"IEEE Access"},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"1941","DOI":"10.1016\/j.patrec.2008.06.016","article-title":"Classification of packed executables for accurate computer virus detection","volume":"29","author":"Perdisci","year":"2008","journal-title":"Pattern Recognit. Lett."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Ugarte-Pedrero, X., Santos, I., Sanz, B., Laorden, C., and Bringas, P.G. (2012, January 14\u201317). Countering entropy measure attacks on packed software detection. Proceedings of the Consumer Communications and Networking Conference (CCNC), Las Vegas, NV, USA.","DOI":"10.1109\/CCNC.2012.6181079"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Raphel, J., and Vinod, P. (2015, January 8\u201310). Information theoretic method for classification of packed and encoded files. Proceedings of the 8th International Conference on Security of Information and Networks, SIN\u201915, Sochi, Russia.","DOI":"10.1145\/2799979.2800015"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"83","DOI":"10.1016\/j.diin.2019.01.004","article-title":"Mal-flux: Rendering hidden code of packed binary executable","volume":"28","author":"Lim","year":"2019","journal-title":"Digit. Investig."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"246","DOI":"10.1016\/j.eswa.2018.10.011","article-title":"The arms race: Adversarial search defeats entropy used to detect malware","volume":"118","author":"Bhattacharya","year":"2019","journal-title":"Expert Syst. Appl."},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Men\u00e9ndez, H.D., and Llorente, J.L. (2019). Mimicking anti-viruses with machine learning and entropy profiles. Entropy, 21.","DOI":"10.3390\/e21050513"},{"key":"ref_32","first-page":"4","article-title":"An experience in enhancing machine learning classifier against low-entropy packed malwares","volume":"11","author":"Chen","year":"2021","journal-title":"Comput. Sci. Inf. Technol."},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"465","DOI":"10.46586\/tches.v2021.i3.465-495","article-title":"Leakages in code-based masking: A unified quantification approach","volume":"2021","author":"Cheng","year":"2021","journal-title":"Iacr Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"4466","DOI":"10.1109\/TIFS.2021.3096130","article-title":"Analysis of multiplicative low entropy masking schemes against correlation power attack","volume":"16","author":"Li","year":"2021","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"3018","DOI":"10.1109\/TIFS.2023.3273169","article-title":"A guessing entropy-based framework for deep learning-assisted side-channel analysis","volume":"18","author":"Zhang","year":"2023","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_36","unstructured":"Fr, A., and Rohatgi, P. (2014). Smart Card Research and Advanced Applications, Springer. CARDIS, 2013; Lecture Notes in Computer Science."},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Ye, X., and Eisenbarth, T. (2013, January 27\u201329). On the vulnerability of low entropy masking schemes. Proceedings of the Smart Card Research and Advanced Application Conference, Berlin, Germany.","DOI":"10.1007\/978-3-319-08302-5_4"},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1016\/j.vlsi.2020.02.007","article-title":"Improving power analysis attack resistance using intrinsic noise in 3D ICs","volume":"73","author":"Zhang","year":"2020","journal-title":"Integration"},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"1029","DOI":"10.1109\/TIFS.2020.3013093","article-title":"Flow misleading: Worm-hole attack in software-defined networking via building in-band covert channel","volume":"16","author":"Hua","year":"2021","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"943","DOI":"10.1109\/TIFS.2019.2922398","article-title":"ADVoIP: Adversarial detection of encrypted and concealed VoIP","volume":"15","author":"Adesso","year":"2020","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"605","DOI":"10.1109\/TIFS.2017.2762826","article-title":"Capacity of the EM covert\/side-channel created by the execution of instructions in a processor","volume":"13","author":"Yilmaz","year":"2018","journal-title":"IEEE Trans. Inf. Forensics Secur."}],"container-title":["Computation"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2079-3197\/11\/7\/140\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T20:10:28Z","timestamp":1760127028000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2079-3197\/11\/7\/140"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,7,11]]},"references-count":41,"journal-issue":{"issue":"7","published-online":{"date-parts":[[2023,7]]}},"alternative-id":["computation11070140"],"URL":"https:\/\/doi.org\/10.3390\/computation11070140","relation":{},"ISSN":["2079-3197"],"issn-type":[{"type":"electronic","value":"2079-3197"}],"subject":[],"published":{"date-parts":[[2023,7,11]]}}}