{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,4]],"date-time":"2026-06-04T22:14:51Z","timestamp":1780611291743,"version":"3.54.1"},"reference-count":91,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2022,9,28]],"date-time":"2022-09-28T00:00:00Z","timestamp":1664323200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["JCP"],"abstract":"<jats:p>Monitoring Indicators of Compromise (IOC) leads to malware detection for identifying malicious activity. Malicious activities potentially lead to a system breach or data compromise. Various tools and anti-malware products exist for the detection of malware and cyberattacks utilizing IOCs, but all have several shortcomings. For instance, anti-malware systems make use of malware signatures, requiring a database containing such signatures to be constantly updated. Additionally, this technique does not work for zero-day attacks or variants of existing malware. In the quest to fight zero-day attacks, the research paradigm shifted from primitive methods to classical machine learning-based methods. Primitive methods are limited in catering to anti-analysis techniques against zero-day attacks. Hence, the direction of research moved towards methods utilizing classic machine learning, however, machine learning methods also come with certain limitations. They may include but not limited to the latency\/lag introduced by feature-engineering phase on the entire training dataset as opposed to the real-time analysis requirement. Likewise, additional layers of data engineering to cater to the increasing volume of data introduces further delays. It led to the use of deep learning-based methods for malware detection. With the speedy occurrence of zero-day malware, researchers chose to experiment with few shot learning so that reliable solutions can be produced for malware detection with even a small amount of data at hand for training. In this paper, we surveyed several possible strategies to support the real-time detection of malware and propose a hierarchical model to discover security events or threats in real-time. A key focus in this survey is on the use of Deep Learning-based methods. Deep Learning based methods dominate this research area by providing automatic feature engineering, the capability of dealing with large datasets, enabling the mining of features from limited data samples, and supporting one-shot learning. We compare Deep Learning-based approaches with conventional machine learning based approaches and primitive (statistical analysis based) methods commonly reported in the literature.<\/jats:p>","DOI":"10.3390\/jcp2040041","type":"journal-article","created":{"date-parts":[[2022,9,28]],"date-time":"2022-09-28T22:53:19Z","timestamp":1664405599000},"page":"800-829","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":80,"title":["A Survey of the Recent Trends in Deep Learning Based Malware Detection"],"prefix":"10.3390","volume":"2","author":[{"given":"Umm-e-Hani","family":"Tayyab","sequence":"first","affiliation":[{"name":"CIPMA Lab, DCIS, Pakistan Institute of Engineering & Applied Sciences, Nilore, Islamabad 45650, Pakistan"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6751-8360","authenticated-orcid":false,"given":"Faiza Babar","family":"Khan","sequence":"additional","affiliation":[{"name":"CIPMA Lab, DCIS, Pakistan Institute of Engineering & Applied Sciences, Nilore, Islamabad 45650, Pakistan"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Muhammad Hanif","family":"Durad","sequence":"additional","affiliation":[{"name":"CIPMA Lab, DCIS, Pakistan Institute of Engineering & Applied Sciences, Nilore, Islamabad 45650, Pakistan"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2039-5305","authenticated-orcid":false,"given":"Asifullah","family":"Khan","sequence":"additional","affiliation":[{"name":"Pattern Recognition Lab (PRLab), Department of Computer & Information Sciences, Pakistan Institute of Engineering & Applied Sciences, Nilore, Islamabad 45650, Pakistan"},{"name":"PIEAS Artificial Intelligence Center (PAIC), Pakistan Institute of Engineering & Applied Sciences, Nilore, Islamabad 45650, Pakistan"},{"name":"Deep Learning Lab, Center for Mathematical Sciences (CMS), Pakistan Institute of Engineering & Applied Sciences, Nilore, Islamabad 45650, Pakistan"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yeon Soo","family":"Lee","sequence":"additional","affiliation":[{"name":"Department of Biomedical Engineering, College of Medical Science, Catholic University of Daegu Hayangro, 13-13, Hayang-Eup, Gyoungsan-si 38430, Gyoungsangbuk-do, Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2022,9,28]]},"reference":[{"key":"ref_1","unstructured":"(2018). PandaLabs Annual Report 2018, Panda Security."},{"key":"ref_2","unstructured":"FBI (2022, August 10). Addressing Threats to the Nations Cybersecurity 1. FBI Report, Retrieved 3 August 2022, Available online: https:\/\/www.fbi.gov\/file-repository\/addressing-threats-to-the-nations-cybersecurity-1.pdf\/view."},{"key":"ref_3","first-page":"1","article-title":"A novel approach for ransomware detection based on PE header using graph embedding","volume":"14","author":"Manavi","year":"2022","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Zahoora, U., Rajarajan, M., Pan, Z., and Khan, A. (2022). Zero-day Ransomware Attack Detection using Deep Contractive Autoencoder and Voting based Ensemble Classifier. Appl. Intell., 1\u201320.","DOI":"10.1007\/s10489-022-03244-6"},{"key":"ref_5","first-page":"1938","article-title":"A brief study of Wannacry Threat: Ransomware Attack 2017","volume":"8","author":"Mohurle","year":"2017","journal-title":"Int. J. Adv. Res. Comput. Sci."},{"key":"ref_6","unstructured":"Maria Vergelis, T.S. (2019). Spam and Phishing in Q2 2019, SecureList by Kaspersky."},{"key":"ref_7","unstructured":"(2019). ISTR Internet Security Threat Report, Symantec."},{"key":"ref_8","unstructured":"(2022, March 09). Cyberattacks. Available online: https:\/\/www.cnbc.com\/2019\/10\/13\/cyberattacks-cost-small-companies-200k-putting-many-out-of-business.html."},{"key":"ref_9","unstructured":"Baezner, M., Robin, P., and Wenger, A. (2020, July 05). Stuxnet. Available online: https:\/\/css.ethz.ch\/."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"1396","DOI":"10.1109\/TCST.2013.2280899","article-title":"Detecting integrity attacks on SCADA systems","volume":"22","author":"Mo","year":"2014","journal-title":"IEEE Trans. Control Syst. Technol."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"849","DOI":"10.1109\/TAC.2020.2987002","article-title":"Statistical Approach to Detection of Attacks for Stochastic Cyber-Physical Systems","volume":"66","author":"Marelli","year":"2021","journal-title":"IEEE Trans Autom. Contr"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"637","DOI":"10.1109\/TAC.2020.2987307","article-title":"The Vulnerability of Cyber-Physical System under Stealthy Attacks","volume":"66","author":"Sui","year":"2021","journal-title":"IEEE Trans Autom. Contr"},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"6249","DOI":"10.1109\/ACCESS.2019.2963724","article-title":"A Comprehensive Review on Malware Detection Approaches","volume":"8","author":"Aslan","year":"2020","journal-title":"IEEE Access"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1186\/s13673-018-0125-x","article-title":"A state-of-the-art survey of malware detection approaches using data mining techniques","volume":"8","author":"Souri","year":"2018","journal-title":"Hum. Cent. Comput. Inf. Sci."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"123","DOI":"10.1016\/j.cose.2018.11.001","article-title":"Survey of machine learning techniques for malware analysis","volume":"81","author":"Ucci","year":"2019","journal-title":"Comput. Secur."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"149","DOI":"10.1016\/j.neucom.2019.02.056","article-title":"Application of deep learning to cybersecurity: A survey","volume":"347","author":"Mahdavifar","year":"2019","journal-title":"Neurocomputing"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Berman, D.S., Buczak, A.L., Chavis, J.S., and Corbett, C.L. (2019). A survey of deep learning methods for cyber security. Information, 10.","DOI":"10.3390\/info10040122"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"390","DOI":"10.1080\/19361610.2020.1796162","article-title":"A Survey on Malware Detection and Classification","volume":"16","author":"Komatwar","year":"2021","journal-title":"J. Appl. Secur. Res."},{"key":"ref_19","unstructured":"Christodorescu, M., and Jha, S. (2003, January 4\u20138). Static analysis of executables to detect malicious patterns. Proceedings of the 12th USENIX Security Symposium (USENIX Security 03), Washington, DC, USA."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Santos, I. (2010). Idea: Opcode-sequence-based malware detection. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Springer.","DOI":"10.1007\/978-3-642-11747-3_3"},{"key":"ref_21","unstructured":"Sabbatel, G.B., Korczynski, M., and Duda, A. (2011, January 2\u20133). Architecture of a Platform for Malware Analysis and Confinement. Proceedings of the Proceeding MCSS 2010: Multimedia Communications, Services and Security, Cracow, Poland."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"283","DOI":"10.3844\/ajassp.2012.283.288","article-title":"Malware detection based on hybrid signature behavior application programming interface call graph","volume":"9","author":"Elhadi","year":"2012","journal-title":"Am. J. Appl. Sci."},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Fleck, D., Tokhtabayev, A., Alarif, A., Stavrou, A., and Nykodym, T. (2013, January 2\u20136). PyTrigger: A system to trigger & extract user-activated malware behavior. Proceedings of the 2013 International Conference on Availability, Reliability and Security, Regensburg, Germany.","DOI":"10.1109\/ARES.2013.16"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Berlin, K., Slater, D., and Saxe, J. (2015, January 16). Malicious behavior detection using windows audit logs. Proceedings of the 8th ACM Workshop on Artificial Intelligence and Security, Denver, CO, USA.","DOI":"10.1145\/2808769.2808773"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"8938","DOI":"10.1007\/s11227-020-03196-z","article-title":"MLEsIDSs: Machine learning-based ensembles for intrusion detection systems\u2014A review","volume":"76","author":"Kumar","year":"2020","journal-title":"J. Supercomput."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Chen, L., Li, T., Abdulhayoglu, M., and Ye, Y. (2015, January 7\u20139). Intelligent malware detection based on file relation graphs. Proceedings of the 2015 IEEE 9th International Conference on Semantic Computing (IEEE ICSC 2015), Anaheim, CA, USA.","DOI":"10.1109\/ICOSC.2015.7050784"},{"key":"ref_27","first-page":"29","article-title":"Improving the detection of malware behaviour using simplified data dependent API call graph","volume":"7","author":"Elhadi","year":"2013","journal-title":"Int. J. Secur. Its Appl."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Feng, Z., Xiong, S., Cao, D., Deng, X., Wang, X., Yang, Y., Zhou, X., Huang, Y., and Wu, G. (2015, January 4). HRS: A Hybrid Framework for Malware Detection. Proceedings of the 2015 ACM International Workshop on International Workshop on Security and Privacy Analytics, San Antonio, TX, USA.","DOI":"10.1145\/2713579.2713585"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"111","DOI":"10.1016\/j.engappai.2015.05.008","article-title":"Dynamic VSA: A framework for malware detection based on register contents","volume":"44","author":"Ghiasi","year":"2015","journal-title":"Eng. Appl. Artif. Intell."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Kwon, B.J., and Dumitras, T. (2015, January 12\u201316). The Dropper Effect: Insights into Malware Distribution with Downloader Graph Analytics Categories and Subject Descriptors. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (Ccs\u201915), Denver, CO, USA.","DOI":"10.1145\/2810103.2813724"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Mao, W., Cai, Z., Towsley, D., and Guan, X. (2015). Probabilistic inference on integrity for access behavior based malware detection. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Springer.","DOI":"10.1007\/978-3-319-26362-5_8"},{"key":"ref_32","first-page":"293","article-title":"On the comparison of malware detection methods using data mining with two feature sets","volume":"9","author":"Piyanuntcharatsr","year":"2015","journal-title":"Int. J. Secur. Its Appl."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"W\u00fcchner, T., Ochoa, M., and Pretschner, A. (2015). Robust and effective malware detection through quantitative data flow graph metrics. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Springer.","DOI":"10.1007\/978-3-319-20550-2_6"},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Raff, E., and Nicholas, C. (2017, January 13\u201317). An alternative to NCD for large sequences, lempel-ZiV jaccard distance. Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Halifax, NS, Canada.","DOI":"10.1145\/3097983.3098111"},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Khodamoradi, P., Fazlali, M., Mardukhi, F., and Nosrati, M. (2015, January 7\u20138). Heuristic metamorphic malware detection based on statistics of assembly instructions using classification algorithms. Proceedings of the 18th CSI International Symposium on Computer Architecture and Digital Systems, (CADS 2015), Tehran, Iran.","DOI":"10.1109\/CADS.2015.7377792"},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Upchurch, J., and Zhou, X. (2015, January 20\u201322). Variant: A malware similarity testing framework. Proceedings of the 2015 10th International Conference on Malicious and Unwanted Software (MALWARE), Fajardo, PR, USA.","DOI":"10.1109\/MALWARE.2015.7413682"},{"key":"ref_37","first-page":"291","article-title":"A Behavior-Based Malware Variant Classification Technique","volume":"6","author":"Liang","year":"2016","journal-title":"Int. J. Inf. Educ. Technol."},{"key":"ref_38","unstructured":"Vadrevu, P., and Perdisci, R. (June, January 30). MAXS: Scaling malware execution with sequential multi-hypothesis testing. Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, Xi\u2019an, China."},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Dahl, G.E., Stokes, J.W., Deng, L., and Yu, D. (2013, January 26\u201331). Large-scale malware classification using random projections and neural networks. Proceedings of the 2013 IEEE International Conference on Acoustics, Speech and Signal Processing, Vancouver, BC, Canada.","DOI":"10.1109\/ICASSP.2013.6638293"},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"73","DOI":"10.1016\/j.comcom.2022.08.015","article-title":"A Multi-View attention-based deep learning framework for malware detection in smart healthcare systems","volume":"195","author":"Ravi","year":"2022","journal-title":"Comput. Commun."},{"key":"ref_41","unstructured":"Rama, K., Kumar, P., and Bhasker, B. (2019). Deep Learning to Address Candidate Generation and Cold Start Challenges in Recommender Systems: A Research Survey. arXiv."},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"578","DOI":"10.1016\/j.cose.2018.05.010","article-title":"Early-stage malware prediction using recurrent neural networks","volume":"77","author":"Rhode","year":"2018","journal-title":"Comput Secur"},{"key":"ref_43","doi-asserted-by":"crossref","unstructured":"Kolosnjaji, B., Zarras, A., Webster, G., and Eckert, C. (2016). Deep learning for classification of malware system call sequences. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Springer.","DOI":"10.1007\/978-3-319-50127-7_11"},{"key":"ref_44","unstructured":"Hardy, W., Chen, L., Hou, S., Ye, Y., and Li, X. (2016). DL 4 MD: A Deep Learning Framework for Intelligent Malware Detection, CSREA Press."},{"key":"ref_45","unstructured":"Saxe, J., and Berlin, K. (2017). eXpose: A Character-Level Convolutional Neural Network with Embeddings For Detecting Malicious URLs, File Paths and Registry Keys. arXiv."},{"key":"ref_46","doi-asserted-by":"crossref","first-page":"88","DOI":"10.1109\/TSUSC.2018.2809665","article-title":"Robust Malware Detection for Internet of (Battlefield) Things Devices Using Deep Eigenspace Learning","volume":"4","author":"Azmoodeh","year":"2019","journal-title":"IEEE Trans. Sustain. Comput."},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"3187","DOI":"10.1109\/TII.2018.2822680","article-title":"Detection of Malicious Code Variants Based on Deep Learning","volume":"14","author":"Cui","year":"2018","journal-title":"IEEE Trans Ind. Inf."},{"key":"ref_48","doi-asserted-by":"crossref","first-page":"871","DOI":"10.1016\/j.cose.2018.04.005","article-title":"Malware identification using visualization images and deep learning","volume":"77","author":"Ni","year":"2018","journal-title":"Comput Secur"},{"key":"ref_49","doi-asserted-by":"crossref","unstructured":"Rosenberg, I., Sicard, G., and David, E. (2018). End-to-end deep neural networks and transfer learning for automatic analysis of nation-state malware. Entropy, 20.","DOI":"10.3390\/e20050390"},{"key":"ref_50","doi-asserted-by":"crossref","unstructured":"Kolosnjaji, B., Eraisha, G., Webster, G., Zarras, A., and Eckert, C. (2017, January 14\u201319). Empowering convolutional networks for malware classification and analysis. Proceedings of the International Joint Conference on Neural Networks, Anchorage, AK, USA.","DOI":"10.1109\/IJCNN.2017.7966340"},{"key":"ref_51","doi-asserted-by":"crossref","first-page":"8195395","DOI":"10.1155\/2019\/8195395","article-title":"Malware Detection Based on Deep Learning of Behavior Graphs","volume":"2019","author":"Xiao","year":"2019","journal-title":"Math. Probl. Eng."},{"key":"ref_52","doi-asserted-by":"crossref","unstructured":"Tobiyama, S., Yamaguchi, Y., Shimada, H., Ikuse, T., and Yagi, T. (2016, January 10\u201314). Malware Detection with Deep Neural Network Using Process Behavior. Proceedings of the 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC), Atlanta, GA, USA.","DOI":"10.1109\/COMPSAC.2016.151"},{"key":"ref_53","doi-asserted-by":"crossref","first-page":"46717","DOI":"10.1109\/ACCESS.2019.2906934","article-title":"Robust Intelligent Malware Detection Using Deep Learning","volume":"7","author":"Vinayakumar","year":"2019","journal-title":"IEEE Access"},{"key":"ref_54","doi-asserted-by":"crossref","unstructured":"David, O.E., and Netanyahu, N.S. (2015, January 12\u201317). DeepSign: Deep learning for automatic malware signature generation and classification. Proceedings of the International Joint Conference on Neural Networks, Killarney, Ireland.","DOI":"10.1109\/IJCNN.2015.7280815"},{"key":"ref_55","doi-asserted-by":"crossref","unstructured":"Saxe, J., and Berlin, K. (2015, January 20\u201322). Deep neural network based malware detection using two dimensional binary program features. Proceedings of the 2015 10th International Conference on Malicious and Unwanted Software (MALWARE), Fajardo, PR, USA.","DOI":"10.1109\/MALWARE.2015.7413680"},{"key":"ref_56","doi-asserted-by":"crossref","unstructured":"Tran, T.K., Sato, H., and Kubo, M. (2018, January 25\u201326). One-shot learning approach for unknown malware classification. Proceedings of the 2018 5th Asian Conference on Defense Technology (ACDT), Hanoi, Vietnam.","DOI":"10.1109\/ACDT.2018.8593203"},{"key":"ref_57","doi-asserted-by":"crossref","unstructured":"Raff, E., Sylvester, J., and Nicholas, C. (2017, January 3). Learning the PE header, malware detection with minimal domain knowledge. Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, Dallas, TX, USA.","DOI":"10.1145\/3128572.3140442"},{"key":"ref_58","first-page":"103057","article-title":"Deep multi-task learning for malware image classification","volume":"64","author":"Bensaoud","year":"2022","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_59","first-page":"103063","article-title":"DTMIC: Deep transfer learning for malware image classification","volume":"64","author":"Kumar","year":"2022","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_60","doi-asserted-by":"crossref","unstructured":"Mohammadi, F.G., Amini, M.H., and Arabnia, H.R. (2020). An introduction to advanced machine learning: Meta-learning algorithms, applications, and promises. Advances in Intelligent Systems and Computing, Springer.","DOI":"10.1007\/978-3-030-34094-0_6"},{"key":"ref_61","doi-asserted-by":"crossref","unstructured":"Kadam, S., and Vaidya, V. (2020). Review and analysis of zero, one and few shot learning approaches. Advances in Intelligent Systems and Computing, Springer.","DOI":"10.1007\/978-3-030-16657-1_10"},{"key":"ref_62","doi-asserted-by":"crossref","first-page":"1863","DOI":"10.1016\/j.procs.2019.09.358","article-title":"Malware image classification using one-shot learning with siamese networks","volume":"159","author":"Hsiao","year":"2019","journal-title":"Procedia Comput. Sci."},{"key":"ref_63","doi-asserted-by":"crossref","unstructured":"Tran, T.K., Sato, H., and Kubo, M. (2019, January 26\u201329). Image-based unknown malware classification with few-shot learning models. Proceedings of the 2019 Seventh International Symposium on Computing and Networking Workshops (CANDARW), Nagasaki, Japan.","DOI":"10.1109\/CANDARW.2019.00075"},{"key":"ref_64","doi-asserted-by":"crossref","unstructured":"Tang, Z., Wang, P., and Wang, J. (2020). ConvProtoNet: Deep prototype induction towards better class representation for few-shot malware classification. Appl. Sci., 10.","DOI":"10.3390\/app10082847"},{"key":"ref_65","doi-asserted-by":"crossref","unstructured":"Atapour-Abarghouei, A., Bonner, S., and McGough, A.S. (2019, January 9\u201312). A King\u2019s Ransom for Encryption: Ransomware Classification using Augmented One-Shot Learning and Bayesian Approximation. Proceedings of the 2019 IEEE International Conference on Big Data (Big Data), Los Angeles, CA, USA.","DOI":"10.1109\/BigData47090.2019.9005540"},{"key":"ref_66","doi-asserted-by":"crossref","unstructured":"Lee, J., Jeong, K., and Lee, H. (2010, January 22\u201326). Detecting metamorphic malwares using code graphs. Proceedings of the 2010 ACM Symposium on Applied Computing, Sierre, Switzerland.","DOI":"10.1145\/1774088.1774505"},{"key":"ref_67","doi-asserted-by":"crossref","unstructured":"Santos, I., Devesa, J., Brezo, F., Nieves, J., and Bringas, P.G. (2013). OPEM: A static-dynamic approach for machine-learning-based malware detection. Advances in Intelligent Systems and Computing, Springer.","DOI":"10.1007\/978-3-642-33018-6_28"},{"key":"ref_68","doi-asserted-by":"crossref","first-page":"95","DOI":"10.1007\/s11416-016-0265-3","article-title":"Clustering for malware classification","volume":"13","author":"Pai","year":"2017","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"ref_69","doi-asserted-by":"crossref","unstructured":"Polino, M., Scorti, A., Maggi, F., and Zanero, S. (2015). Jackdaw: Towards automatic reverse engineering of large datasets of binaries. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Springer.","DOI":"10.1007\/978-3-319-20550-2_7"},{"key":"ref_70","doi-asserted-by":"crossref","first-page":"225","DOI":"10.1007\/s11416-015-0258-7","article-title":"Subroutine based detection of APT malware","volume":"12","author":"Sexton","year":"2016","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"ref_71","first-page":"965","article-title":"Feature selection and extraction for malware classification","volume":"31","author":"Lin","year":"2015","journal-title":"J. Inf. Sci. Eng."},{"key":"ref_72","doi-asserted-by":"crossref","first-page":"251","DOI":"10.1016\/j.cose.2015.04.001","article-title":"AMAL: High-fidelity, behavior-based automated malware analysis and classification","volume":"52","author":"Mohaisen","year":"2015","journal-title":"Comput Secur"},{"key":"ref_73","doi-asserted-by":"crossref","unstructured":"Lindorfer, M., Kolbitsch, C., and Milani Comparetti, P. (2011). Detecting environment-sensitive malware. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Springer.","DOI":"10.1007\/978-3-642-23644-0_18"},{"key":"ref_74","doi-asserted-by":"crossref","first-page":"64","DOI":"10.1016\/j.ins.2011.08.020","article-title":"Opcode sequences as representation of executables for data-mining-based unknown malware detection","volume":"231","author":"Santos","year":"2013","journal-title":"Inf. Sci."},{"key":"ref_75","doi-asserted-by":"crossref","unstructured":"Park, Y., Reeves, D., Mulukutla, V., and Sundaravel, B. (2010, January 21\u201323). Fast malware classification by automated behavioral graph matching. Proceedings of the 6th Annual Workshop on Cyber Security and Information Intelligence Research (CSIIRW \u201910), Oak Ridge, TN, USA.","DOI":"10.1145\/1852666.1852716"},{"key":"ref_76","doi-asserted-by":"crossref","first-page":"646","DOI":"10.1016\/j.jnca.2012.10.004","article-title":"Classification of malware based on integrated static and dynamic features","volume":"36","author":"Islam","year":"2013","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_77","doi-asserted-by":"crossref","unstructured":"Nari, S., and Ghorbani, A.A. (2013, January 28\u201331). Automated malware classification based on network behavior. Proceedings of the 2013 International Conference on Computing, Networking and Communications (ICNC), San Diego, CA, USA.","DOI":"10.1109\/ICCNC.2013.6504162"},{"key":"ref_78","doi-asserted-by":"crossref","unstructured":"Kawaguchi, N., and Omote, K. (2015, January 24\u201326). Malware function classification using apis in initial behavior. Proceedings of the 2015 10th Asia Joint Conference on Information Security, Kaohsiung, Taiwan.","DOI":"10.1109\/AsiaJCIS.2015.15"},{"key":"ref_79","doi-asserted-by":"crossref","unstructured":"Gharacheh, M., Derhami, V., Hashemi, S., and Fard, S.M.H. (2015, January 9\u201311). Proposing an HMM-based approach to detect metamorphic malware. Proceedings of the 2015 4th Iranian Joint Congress on Fuzzy and Intelligent Systems (CFIS), Zahedan, Iran.","DOI":"10.1109\/CFIS.2015.7391648"},{"key":"ref_80","unstructured":"Loi, N., Borile, C., and Ucci, D. (2021). Towards an Automated Pipeline for Detecting and Classifying Malware through Machine Learning. arXiv."},{"key":"ref_81","doi-asserted-by":"crossref","unstructured":"Azeez, N.A., Odufuwa, O.E., Misra, S., Oluranti, J., and Dama\u0161evi\u010dius, R. (2021). Windows PE malware detection using ensemble learning. Informatics, 8.","DOI":"10.3390\/informatics8010010"},{"key":"ref_82","doi-asserted-by":"crossref","unstructured":"Dama\u0161evi\u010dius, R., Ven\u010dkauskas, A., Toldinas, J., and Grigali\u016bnas, \u0160. (2021). Ensemble-based classification using neural networks and machine learning models for windows pe malware detection. Electronics, 10.","DOI":"10.3390\/electronics10040485"},{"key":"ref_83","doi-asserted-by":"crossref","first-page":"49","DOI":"10.1109\/MSP.2011.67","article-title":"Stuxnet: Dissecting a cyberwarfare weapon","volume":"9","author":"Langner","year":"2011","journal-title":"IEEE Secur. Priv."},{"key":"ref_84","doi-asserted-by":"crossref","first-page":"206303","DOI":"10.1109\/ACCESS.2020.3036491","article-title":"Intelligent Vision-Based Malware Detection and Classification Using Deep Random Forest Paradigm","volume":"8","author":"Roseline","year":"2020","journal-title":"IEEE Access"},{"key":"ref_85","first-page":"7207","article-title":"Malware detection and evasion with machine learning techniques: A survey","volume":"12","author":"Barriga","year":"2017","journal-title":"Int. J. Appl. Eng. Res."},{"key":"ref_86","doi-asserted-by":"crossref","unstructured":"Kim, K., and Moon, B.R. (2010, January 7\u201311). Malware detection based on dependency graph using hybrid genetic algorithm. Proceedings of the 12th annual conference on Genetic and evolutionary computation, Portland, OR, USA.","DOI":"10.1145\/1830483.1830703"},{"key":"ref_87","doi-asserted-by":"crossref","unstructured":"Sanders, C., and Smith, J. (2014). Applied Network Security Monitoring, Elsevier.","DOI":"10.1016\/B978-0-12-417208-1.00001-5"},{"key":"ref_88","unstructured":"William Stallings, L.B. (2021). Computer Security: Principles and Practice, Pearson. [4th ed.]."},{"key":"ref_89","doi-asserted-by":"crossref","first-page":"5455","DOI":"10.1007\/s10462-020-09825-6","article-title":"A survey of the recent architectures of deep convolutional neural networks","volume":"53","author":"Khan","year":"2020","journal-title":"Artif. Intell. Rev."},{"key":"ref_90","doi-asserted-by":"crossref","first-page":"80","DOI":"10.1007\/s11036-018-1137-5","article-title":"Context-Aware Systems and Applications (ICCASA 2018) and Nature of Computation and Communication (ICTCC 2018)","volume":"24","author":"Vinh","year":"2019","journal-title":"Mob. Netw. Appl."},{"key":"ref_91","doi-asserted-by":"crossref","first-page":"105612","DOI":"10.1016\/j.asoc.2019.105612","article-title":"Network anomaly detection using channel boosted and residual learning based deep convolutional neural network","volume":"83","author":"Chouhan","year":"2019","journal-title":"Appl. Soft Comput. J."}],"container-title":["Journal of Cybersecurity and Privacy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2624-800X\/2\/4\/41\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T00:41:31Z","timestamp":1760143291000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2624-800X\/2\/4\/41"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,9,28]]},"references-count":91,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2022,12]]}},"alternative-id":["jcp2040041"],"URL":"https:\/\/doi.org\/10.3390\/jcp2040041","relation":{},"ISSN":["2624-800X"],"issn-type":[{"value":"2624-800X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,9,28]]}}}