乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,3,29]],"date-time":"2024-03-29T01:49:25Z","timestamp":1711676965542},"reference-count":12,"publisher":"Wiley","issue":"11","license":[{"start":{"date-parts":[[2015,1,8]],"date-time":"2015-01-08T00:00:00Z","timestamp":1420675200000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/onlinelibrary.wiley.com\/termsAndConditions#vor"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Security Comm Networks"],"published-print":{"date-parts":[[2015,7,25]]},"abstract":"Abstract<\/jats:title>To improve both accuracy and efficiency in detecting known and even unknown malware, we propose a three\u2010phase behavior\u2010based malware detection and classification approach, with a faster detector in the first phase to filter most samples, a slower detector in the second phase to observe remaining ambiguous samples, and then a classifier in the third phase to recognize their malware type. The faster detector executes programs in a sandbox to extract representative behaviors fed into a trained artificial neural network to evaluate their maliciousness, whereas the slower detector extracts and matches the LCSs of system call sequences fed into a trained Bayesian model to calculate their maliciousness. In the third phase, we define malware behavior vectors and calculate the cosine similarity to classify the malware. The experimental results show that the hybrid two\u2010phase detection scheme outperforms the one\u2010phase schemes and achieves 3.6% in false negative and 6.8% in false positive. The third\u2010phase classifier also distinguishes the known\u2010type malware with an accuracy of 85.8%. Copyright \u00a9 2015 John Wiley & Sons, Ltd.<\/jats:p>","DOI":"10.1002\/sec.1148","type":"journal-article","created":{"date-parts":[[2015,1,8]],"date-time":"2015-01-08T12:48:16Z","timestamp":1420721296000},"page":"2004-2015","source":"Crossref","is-referenced-by-count":10,"title":["Three\u2010phase behavior\u2010based detection and classification of known and unknown malware"],"prefix":"10.1002","volume":"8","author":[{"given":"Ying\u2010Dar","family":"Lin","sequence":"first","affiliation":[{"name":"Department of Computer Science National Chiao Tung University Hsinchu 300 Taiwan"}]},{"given":"Yuan\u2010Cheng","family":"Lai","sequence":"additional","affiliation":[{"name":"Department of Information Management National Taiwan University of Science and Technology Taipei 106 Taiwan"}]},{"given":"Chun\u2010Nan","family":"Lu","sequence":"additional","affiliation":[{"name":"Department of Computer Science National Chiao Tung University Hsinchu 300 Taiwan"}]},{"given":"Peng\u2010Kai","family":"Hsu","sequence":"additional","affiliation":[{"name":"Department of Computer Science National Chiao Tung University Hsinchu 300 Taiwan"}]},{"given":"Chia\u2010Yin","family":"Lee","sequence":"additional","affiliation":[{"name":"Information & Communication Technology Laboratories National Chiao Tung University Hsinchu 300 Taiwan"}]}],"member":"311","published-online":{"date-parts":[[2015,1,8]]},"reference":[{"key":"e_1_2_7_2_1","unstructured":"ForrestS HofmeyrSA ASomayaji LongstaffTA.A Sense of Self for Unix Process Proceedings of the 1996 IEEE Symposium on Security and Privacy Oakland CA USA May1996; pp.\u2009120\u2013128 ."},{"key":"e_1_2_7_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1127345.1127348"},{"key":"e_1_2_7_4_1","unstructured":"WarrenderC ForrestS PearlmutterB.Detecting Intrusions Using System Calls: Alternative Data Models Proceedings of the 1999 IEEE Symposium on Security and Privacy 1999; pp.133\u2013145."},{"key":"e_1_2_7_5_1","doi-asserted-by":"crossref","unstructured":"MehdiSB TanwaniAK FarroqM.IMAD: In\u2010Execution Malware Analysis and Detection Proceedings of the 11thAnnual conference on Genetic and Evolutionary Computation Montreal Canada July2009; pp.\u20091553\u20131560.","DOI":"10.1145\/1569901.1570109"},{"key":"e_1_2_7_6_1","doi-asserted-by":"crossref","unstructured":"RozenbergB GudesE EloviciY FledelY.A Method for Detecting Unknown Malicious Executables Proceedings of the 2011 IEEE 10thInternational Conference on Trust Security and Privacy in Computing and Communications Nov.2011; pp.\u2009190\u2013196.","DOI":"10.1109\/TrustCom.2011.27"},{"key":"e_1_2_7_7_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2013.08.010"},{"issue":"6","key":"e_1_2_7_8_1","first-page":"506","article-title":"Automatic analysis and classification of obfuscated bot binaries","volume":"16","author":"Lin Y\u2010D","year":"2014","journal-title":"International Journal of Network Security"},{"key":"e_1_2_7_9_1","first-page":"39","article-title":"Behavior\u2010based malware analysis and detection","author":"Liu W","year":"2011","journal-title":"Proceedings of International Workshop on Complexity and Data Mining"},{"key":"e_1_2_7_10_1","volume-title":"Master thesis, Institute of Network Engineering College of Computer Science","author":"Tsai HY","year":"2012"},{"key":"e_1_2_7_11_1","doi-asserted-by":"crossref","unstructured":"MoserA KruegelC KirdaE.Exploring multiple execution paths for malware analysis IEEE Symposium on Security and Privacy May2007.","DOI":"10.1109\/SP.2007.17"},{"key":"e_1_2_7_12_1","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511809071"},{"key":"e_1_2_7_13_1","unstructured":"Virus total. [online] Available:http:\/\/www.virustotal.com\/[accessed on March 2013]."}],"container-title":["Security and Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.wiley.com\/onlinelibrary\/tdm\/v1\/articles\/10.1002%2Fsec.1148","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.wiley.com\/onlinelibrary\/tdm\/v1\/articles\/10.1002%2Fsec.1148","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1002\/sec.1148","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,10,5]],"date-time":"2023-10-05T15:46:41Z","timestamp":1696520801000},"score":1,"resource":{"primary":{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/10.1002\/sec.1148"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,1,8]]},"references-count":12,"journal-issue":{"issue":"11","published-print":{"date-parts":[[2015,7,25]]}},"alternative-id":["10.1002\/sec.1148"],"URL":"https:\/\/doi.org\/10.1002\/sec.1148","archive":["Portico"],"relation":{},"ISSN":["1939-0114","1939-0122"],"issn-type":[{"value":"1939-0114","type":"print"},{"value":"1939-0122","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015,1,8]]}}}