RAMD: registry-based anomaly malware detection using one-class ensemble classifiers

Malware is continuously evolving and becoming more sophisticated to avoid detection. Traditionally, the Windows operating system has been the most popular target for malware writers because of its dominance in the market of desktop operating systems. However, despite a large volume of new Windows ma...

Full description

Saved in:
Bibliographic Details
Published inApplied intelligence (Dordrecht, Netherlands) Vol. 49; no. 7; pp. 2641 - 2658
Main Authors Tajoddin, Asghar, Abadi, Mahdi
Format Journal Article
LanguageEnglish
Published New York Springer US 01.07.2019
Springer Nature B.V
Subjects
Artificial Intelligence
Classifiers
Computer Science
False alarms
Machines
Malware
Manufacturing
Mechanical Engineering
Operating systems
Processes
Pruning
Swarm intelligence
Windows (computer programs)
Memetic firefly algorithm
Pruning algorithm
Superincreasing ordered weighted averaging
Aggregation operator
Windows malware
Registry-based malware detection
Ensemble classifier
One-class classification
Online AccessGet full text

Cover

Abstract Malware is continuously evolving and becoming more sophisticated to avoid detection. Traditionally, the Windows operating system has been the most popular target for malware writers because of its dominance in the market of desktop operating systems. However, despite a large volume of new Windows malware samples that are collected daily, there is relatively little research focusing on Windows malware. The Windows Registry, or simply the registry, is very heavily used by programs in Windows, making it a good source for detecting malicious behavior. In this paper, we present RAMD, a novel approach that uses an ensemble classifier consisting of multiple one-class classifiers to detect known and especially unknown malware abusing registry keys and values for malicious intent. RAMD builds a model of registry behavior of benign programs and then uses this model to detect malware by looking for anomalous registry accesses. In detail, it constructs an initial ensemble classifier by training multiple one-class classifiers and then applies a novel swarm intelligence pruning algorithm, called memetic firefly-based ensemble classifier pruning (MFECP), on the ensemble classifier to reduce its size by selecting only a subset of one-class classifiers that are highly accurate and have diversity in their outputs. To combine the outputs of one-class classifiers in the pruned ensemble classifier, RAMD uses a specific aggregation operator, called Fibonacci-based superincreasing ordered weighted averaging (FSOWA). The results of our experiments performed on a dataset of benign and malware samples show that RAMD can achieve about 98.52% detection rate, 2.19% false alarm rate, and 98.43% accuracy.
AbstractList Malware is continuously evolving and becoming more sophisticated to avoid detection. Traditionally, the Windows operating system has been the most popular target for malware writers because of its dominance in the market of desktop operating systems. However, despite a large volume of new Windows malware samples that are collected daily, there is relatively little research focusing on Windows malware. The Windows Registry, or simply the registry, is very heavily used by programs in Windows, making it a good source for detecting malicious behavior. In this paper, we present RAMD, a novel approach that uses an ensemble classifier consisting of multiple one-class classifiers to detect known and especially unknown malware abusing registry keys and values for malicious intent. RAMD builds a model of registry behavior of benign programs and then uses this model to detect malware by looking for anomalous registry accesses. In detail, it constructs an initial ensemble classifier by training multiple one-class classifiers and then applies a novel swarm intelligence pruning algorithm, called memetic firefly-based ensemble classifier pruning (MFECP), on the ensemble classifier to reduce its size by selecting only a subset of one-class classifiers that are highly accurate and have diversity in their outputs. To combine the outputs of one-class classifiers in the pruned ensemble classifier, RAMD uses a specific aggregation operator, called Fibonacci-based superincreasing ordered weighted averaging (FSOWA). The results of our experiments performed on a dataset of benign and malware samples show that RAMD can achieve about 98.52% detection rate, 2.19% false alarm rate, and 98.43% accuracy.
Author Abadi, Mahdi
Tajoddin, Asghar
Author_xml – sequence: 1
  givenname: Asghar
  surname: Tajoddin
  fullname: Tajoddin, Asghar
  organization: School of Electrical and Computer Engineering, Tarbiat Modares University
– sequence: 2
  givenname: Mahdi
  orcidid: 0000-0002-3714-1902
  surname: Abadi
  fullname: Abadi, Mahdi
  email: abadi@modares.ac.ir
  organization: School of Electrical and Computer Engineering, Tarbiat Modares University
BookMark eNp9kEtLAzEQx4NUsFa_gKeA5-jksZvEW6lPqAg-wFvIbmfLlu1uTbZIv71pV_DmYWYY-D_gd0pGbdciIRccrjiAvo4clLEMuEmjIGNwRMY805JpZfWIjMEKxfLcfp6Q0xhXACAl8DF5e50-397QgMs69mHHCh9xQX3brX2zo2l9-4B0gT2Wfd21dBvrdklTOSsbHyPFNuK6aJAe3rqqMcQzclz5JuL5752Qj_u799kjm788PM2mc1ZKbnvmva8QlC5zY42vtMx8ARXYdFWmtMGCK8-5yLI8l2C0MUYUpfFWAFqjcjkhl0PuJnRfW4y9W3Xb0KZKJ7jmxnIhIKnEoCpDF2PAym1CvfZh5zi4PTw3wHMJnjvAc3uTHEwxidslhr_of1w_DkJzEA
CitedBy_id crossref_primary_10_1007_s10489_022_04334_1
crossref_primary_10_1007_s10844_020_00598_6
crossref_primary_10_3233_JIFS_220233
crossref_primary_10_1016_j_ijar_2023_108940
crossref_primary_10_3389_fcomp_2021_567873
crossref_primary_10_1007_s10489_021_03138_z
crossref_primary_10_1016_j_cose_2020_102002
crossref_primary_10_1016_j_knosys_2020_105754
crossref_primary_10_1007_s10489_021_02347_w
crossref_primary_10_1007_s10489_022_03244_6
crossref_primary_10_1016_j_eswa_2022_117056
crossref_primary_10_1080_23742917_2023_2246229
crossref_primary_10_1109_ACCESS_2021_3093366
crossref_primary_10_1016_j_cose_2023_103519
crossref_primary_10_1038_s41598_022_19443_7
crossref_primary_10_1145_3605775
crossref_primary_10_1007_s10489_021_02205_9
Cites_doi 10.1007/s11277-014-2136-x
10.1016/j.inffus.2004.04.004
10.1109/34.709601
10.1109/MSP.2011.98
10.1109/JSTARS.2016.2591004
10.1016/j.neucom.2016.04.070
10.1007/978-3-319-52156-5
10.1109/TSE.2017.2655046
10.1016/j.neucom.2008.05.003
10.1016/j.jss.2017.02.050
10.1007/978-1-4842-0992-9
10.1109/TKDE.2009.187
10.1016/j.knosys.2016.05.054
10.1016/j.cose.2013.08.008
10.1016/j.knosys.2017.03.012
10.1109/COMST.2016.2636078
10.1201/b15236
10.1017/S026988891300043X
10.1504/IJBIC.2010.032124
10.1016/j.eswa.2015.06.024
10.1016/j.asoc.2012.09.024
10.1016/j.jss.2014.10.031
10.1007/s10462-012-9328-0
10.1007/s00500-007-0227-2
10.1016/0165-0114(93)90194-M
10.1145/1541880.1541882 https://doi.org/10.1145/1541880.1541882
10.1016/j.swevo.2011.11.003
10.1016/j.compeleceng.2014.10.010
10.1016/j.cose.2015.03.007
10.1016/j.patcog.2016.07.038
10.1016/j.cose.2017.10.007
10.1109/TSMC.2013.2268735
10.1016/j.knosys.2018.04.033
10.1109/21.87068
10.1023/A:1022859003006
10.1109/TIFS.2015.2469253
10.1016/j.diin.2015.01.002
10.3233/JIFS-169105
10.1016/j.patrec.2016.06.028
10.3233/JCS-2005-13403
10.1016/j.patcog.2018.07.015
10.1007/s10462-009-9124-7
10.1007/s11416-015-0244-0
10.1007/s10207-015-0297-6
10.1016/j.neucom.2015.03.051
10.1109/INFCOM.2013.6567003
10.1145/2810103.2813642
10.1007/3-540-45014-9_2
10.7916/D85M6CFF
10.1109/ICNC.2008.871
10.1109/AISP.2015.7123508
10.1109/IranianCEE.2017.7985436
10.1007/3-540-36084-0_3
10.1109/ICCKE.2015.7365841
10.1109/ICRCICN.2016.7813659
10.1109/ICDM.2002.1183938
ContentType Journal Article
Copyright Springer Science+Business Media, LLC, part of Springer Nature 2019
Applied Intelligence is a copyright of Springer, (2019). All Rights Reserved.
Copyright_xml – notice: Springer Science+Business Media, LLC, part of Springer Nature 2019
– notice: Applied Intelligence is a copyright of Springer, (2019). All Rights Reserved.
DBID AAYXX
CITATION
3V.
7SC
7WY
7WZ
7XB
87Z
8AL
8FD
8FE
8FG
8FK
8FL
ABJCF
ABUWG
AFKRA
ARAPS
AZQEC
BENPR
BEZIV
BGLVJ
CCPQU
DWQXO
FRNLG
F~G
GNUQQ
HCIFZ
JQ2
K60
K6~
K7-
L.-
L6V
L7M
L~C
L~D
M0C
M0N
M7S
P5Z
P62
PQBIZ
PQBZA
PQEST
PQQKQ
PQUKI
PRINS
PSYQQ
PTHSS
Q9U
DOI 10.1007/s10489-018-01405-0
DatabaseName CrossRef
ProQuest Central (Corporate)
Computer and Information Systems Abstracts
ABI/INFORM Collection
ABI/INFORM Global (PDF only)
ProQuest Central (purchase pre-March 2016)
ABI/INFORM Collection
Computing Database (Alumni Edition)
Technology Research Database
ProQuest SciTech Collection
ProQuest Technology Collection
ProQuest Central (Alumni) (purchase pre-March 2016)
ABI/INFORM Collection (Alumni Edition)
Materials Science & Engineering Database (Proquest)
ProQuest Central (Alumni)
ProQuest Central
Advanced Technologies & Aerospace Database‎ (1962 - current)
ProQuest Central Essentials
ProQuest Central
Business Premium Collection
Technology Collection
ProQuest One Community College
ProQuest Central
Business Premium Collection (Alumni)
ABI/INFORM Global (Corporate)
ProQuest Central Student
SciTech Premium Collection
ProQuest Computer Science Collection
ProQuest Business Collection (Alumni Edition)
ProQuest Business Collection
Computer Science Database
ABI/INFORM Professional Advanced
ProQuest Engineering Collection
Advanced Technologies Database with Aerospace
Computer and Information Systems Abstracts – Academic
Computer and Information Systems Abstracts Professional
ABI/INFORM Global
Computing Database
Engineering Database
Advanced Technologies & Aerospace Database
ProQuest Advanced Technologies & Aerospace Collection
ProQuest One Business
ProQuest One Business (Alumni)
ProQuest One Academic Eastern Edition (DO NOT USE)
ProQuest One Academic
ProQuest One Academic UKI Edition
ProQuest Central China
ProQuest One Psychology
Engineering Collection
ProQuest Central Basic
DatabaseTitle CrossRef
ABI/INFORM Global (Corporate)
ProQuest Business Collection (Alumni Edition)
ProQuest One Business
ProQuest One Psychology
Computer Science Database
ProQuest Central Student
Technology Collection
Technology Research Database
Computer and Information Systems Abstracts – Academic
ProQuest Advanced Technologies & Aerospace Collection
ProQuest Central Essentials
ProQuest Computer Science Collection
Computer and Information Systems Abstracts
ProQuest Central (Alumni Edition)
SciTech Premium Collection
ProQuest One Community College
ProQuest Central China
ABI/INFORM Complete
ProQuest Central
ABI/INFORM Professional Advanced
ProQuest Engineering Collection
ProQuest Central Korea
Advanced Technologies Database with Aerospace
ABI/INFORM Complete (Alumni Edition)
Engineering Collection
Advanced Technologies & Aerospace Collection
Business Premium Collection
ABI/INFORM Global
ProQuest Computing
Engineering Database
ABI/INFORM Global (Alumni Edition)
ProQuest Central Basic
ProQuest Computing (Alumni Edition)
ProQuest One Academic Eastern Edition
ProQuest Technology Collection
ProQuest SciTech Collection
ProQuest Business Collection
Computer and Information Systems Abstracts Professional
Advanced Technologies & Aerospace Database
ProQuest One Academic UKI Edition
Materials Science & Engineering Collection
ProQuest One Business (Alumni)
ProQuest One Academic
ProQuest Central (Alumni)
Business Premium Collection (Alumni)
DatabaseTitleList ABI/INFORM Global (Corporate)
Database_xml – sequence: 1
  dbid: 8FG
  name: ProQuest Technology Collection
  url: https://search.proquest.com/technologycollection1
  sourceTypes: Aggregation Database
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
EISSN 1573-7497
EndPage 2658
ExternalDocumentID 10_1007_s10489_018_01405_0
GroupedDBID -4Z
-59
-5G
-BR
-EM
-~C
-~X
.86
.DC
.VR
06D
0R~
0VY
1N0
203
23M
2J2
2JN
2JY
2KG
2LR
2~H
30V
4.4
406
408
409
40D
40E
5GY
5VS
67Z
6NX
77K
7WY
8FE
8FG
8FL
8TC
8UJ
95-
95.
95~
96X
AABHQ
AAFGU
AAHNG
AAIAL
AAJKR
AANZL
AAPBV
AARTL
AATNV
AATVU
AAUYE
AAWCG
AAYFA
AAYIU
AAYQN
ABBBX
ABBXA
ABDZT
ABECU
ABFGW
ABFTV
ABHLI
ABHQN
ABIVO
ABJCF
ABJNI
ABJOX
ABKAS
ABKCH
ABKTR
ABMNI
ABMQK
ABNWP
ABQBU
ABSXP
ABTEG
ABTHY
ABTKH
ABTMW
ABUWG
ABWNU
ABXPI
ACBMV
ACBRV
ACBYP
ACGFS
ACHSB
ACHXU
ACIGE
ACIPQ
ACIWK
ACKNC
ACMDZ
ACMLO
ACOKC
ACOMO
ACSNA
ACTTH
ACVWB
ACWMK
ADHHG
ADHIR
ADIMF
ADINQ
ADKNI
ADKPE
ADMDM
ADOXG
ADRFC
ADTPH
ADURQ
ADYFF
ADZKW
AEFTE
AEGAL
AEGNC
AEJHL
AEJRE
AENEX
AEOHA
AEPYU
AESKC
AESTI
AETLH
AEVLU
AEVTX
AEXYK
AFKRA
AFLOW
AFNRJ
AFQWF
AFWTZ
AFZKB
AGAYW
AGDGC
AGGBP
AGJBK
AGMZJ
AGQMX
AGWIL
AGWZB
AGYKE
AHAVH
AHBYD
AHKAY
AHSBF
AHYZX
AIAKS
AIIXL
AILAN
AIMYW
AITGF
AJDOV
AJRNO
AJZVZ
AKQUC
ALMA_UNASSIGNED_HOLDINGS
ALWAN
AMKLP
AMXSW
AMYLF
AMYQR
AOCGG
ARAPS
ARMRJ
ASPBG
AVWKF
AXYYD
AYJHY
AZFZN
AZQEC
B-.
BA0
BDATZ
BENPR
BEZIV
BGLVJ
BGNMA
BPHCQ
CCPQU
CS3
CSCUP
DDRTE
DL5
DNIVK
DPUIP
DWQXO
EBLON
EBS
EIOEI
EJD
ESBYG
FEDTE
FERAY
FFXSO
FIGPU
FINBP
FNLPD
FRNLG
FRRFC
FSGXE
FWDCC
GGCAI
GGRSB
GJIRD
GNUQQ
GNWQR
GQ6
GQ7
GQ8
GROUPED_ABI_INFORM_COMPLETE
GXS
HCIFZ
HF~
HG5
HG6
HMJXF
HQYDN
HRMNR
HVGLF
HZ~
I09
IHE
IJ-
IKXTQ
ITM
IWAJR
IXC
IZIGR
IZQ
I~X
I~Z
J-C
J0Z
JBSCW
JCJTX
JZLTJ
K60
K6V
K6~
K7-
KDC
KOV
L6V
LAK
LLZTM
M0C
M0N
M4Y
M7S
MA-
N9A
NB0
NPVJJ
NQJWS
NU0
O93
O9G
O9I
O9J
OAM
P19
P2P
P62
P9O
PF0
PQBIZ
PQQKQ
PROAC
PSYQQ
PT4
PT5
PTHSS
Q2X
QOK
QOS
R89
R9I
RHV
RNS
ROL
RPX
RSV
S16
S27
S3B
SAP
SCO
SDH
SDM
SHX
SISQX
SJYHP
SNE
SNPRN
SNX
SOHCF
SOJ
SPISZ
SRMVM
SSLCW
STPWE
SZN
T13
TSG
TSK
TSV
TUC
U2A
UG4
UNUBA
UOJIU
UTJUX
UZXMN
VC2
VFIZW
W23
W48
WK8
YLTOR
Z45
Z5O
Z7R
Z7S
Z7X
Z7Y
Z7Z
Z81
Z83
Z86
Z87
Z88
Z8M
Z8N
Z8R
Z8S
Z8T
Z8U
Z8W
Z91
Z92
ZMTXR
~A9
~EX
-Y2
1SB
2.D
28-
2P1
2VQ
3V.
5QI
AAAVM
AACDK
AAEOY
AAJBT
AAOBN
AARHV
AASML
AAYTO
AAYXX
ABAKF
ABTAH
ABULA
ACAOD
ACBXY
ACDTI
ACZOJ
AEBTG
AEFIE
AEFQL
AEKMD
AEMSY
AFBBN
AFEXP
AFGCZ
AGGDS
AGQEE
AGRTI
AIGIU
AJBLW
BBWZM
CAG
CITATION
COF
H13
KOW
N2Q
NDZJH
O9-
OVD
PQBZA
R4E
RNI
RZC
RZE
RZK
S1Z
S26
S28
SCJ
SCLPG
T16
TEORI
ZY4
7SC
7XB
8AL
8FD
8FK
JQ2
L.-
L7M
L~C
L~D
PQEST
PQUKI
PRINS
Q9U
ID FETCH-LOGICAL-c319t-aaafe047c6898af735ab0f0935a45478eb14a112556630878882bc8a920e98463
IEDL.DBID BENPR
ISSN 0924-669X
IngestDate Thu Oct 10 16:08:42 EDT 2024
Thu Sep 12 16:55:10 EDT 2024
Sat Dec 16 12:00:31 EST 2023
IsPeerReviewed true
IsScholarly true
Issue 7
Keywords Memetic firefly algorithm
Pruning algorithm
Superincreasing ordered weighted averaging
Aggregation operator
Windows malware
Registry-based malware detection
Ensemble classifier
One-class classification
Language English
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c319t-aaafe047c6898af735ab0f0935a45478eb14a112556630878882bc8a920e98463
ORCID 0000-0002-3714-1902
PQID 2171891220
PQPubID 326365
PageCount 18
ParticipantIDs proquest_journals_2171891220
crossref_primary_10_1007_s10489_018_01405_0
springer_journals_10_1007_s10489_018_01405_0
PublicationCentury 2000
PublicationDate 2019-07-01
PublicationDateYYYYMMDD 2019-07-01
PublicationDate_xml – month: 07
  year: 2019
  text: 2019-07-01
  day: 01
PublicationDecade 2010
PublicationPlace New York
PublicationPlace_xml – name: New York
– name: Boston
PublicationSubtitle The International Journal of Research on Intelligent Systems for Real Life Complex Problems
PublicationTitle Applied intelligence (Dordrecht, Netherlands)
PublicationTitleAbbrev Appl Intell
PublicationYear 2019
Publisher Springer US
Springer Nature B.V
Publisher_xml – name: Springer US
– name: Springer Nature B.V
References Khan, Madden (CR30) 2014; 29
Naval, Laxmi, Rajarajan, Gaur, Conti (CR46) 2015; 10
Hosseini Bamakan, Wang, Shi (CR24) 2017; 126
Fattori, Lanzi, Balzarotti, Kirda (CR14) 2015; 52
Galal, Mahdy, Atiea (CR15) 2016; 12
O’Kane, Sezer, Mclaughlin (CR49) 2011; 9
Ding, Yuan, Tang, Xiao, Zhang (CR11) 2013; 39
CR35
CR34
CR33
Lei, Xu, Feng, Zou, van der Heijden, de Ridder, Tax (CR39) 2017
Brown, Wyatt, Harris, Yao (CR5) 2005; 6
Rudd, Rozsa, Günther, Boult (CR53) 2017; 19
Alazab (CR2) 2015; 100
Khreich, Murtaza, Hamou-Lhadj, Talhi (CR32) 2018; 137
CR4
CR3
CR8
Ding, Xia, Chen, Li (CR10) 2018; 73
Xing, Ji (CR61) 2018; 84
Karaboga, Gorkemli, Ozturk, Karaboga (CR28) 2014; 42
Wasikowski, Chen (CR60) 2010; 22
CR43
Miller (CR45) 1997
Kuncheva, Whitaker (CR38) 2003; 51
Stolfo, Apap, Eskin, Heller, Hershkop, Honig, Svore (CR56) 2005; 13
Yager (CR63) 1988; 18
Xing, Wang (CR62) 2017; 61
Hollander, Wolfe, Chicken (CR23) 2014
Krawczyk, Woźniak (CR37) 2016; 107
CR18
Ho (CR22) 1998; 20
CR17
Kramer (CR36) 2017
CR59
CR58
CR13
CR12
CR55
CR54
Rokach (CR52) 2010; 33
Gautam, Tiwari, Leng (CR16) 2017; 261
Demšar (CR9) 2006; 7
Juszczak, Tax, Pekalska, Duin (CR27) 2009; 72
Long, Meesad, Unger (CR41) 2015; 42
Miao, Liu, Cao, Song (CR44) 2016; 15
Gupta, Kumar (CR19) 2015; 81
Nissim, Lapidot, Cohen, Elovici (CR48) 2018; 153
Khatri (CR31) 2015; 12
Parhizkar, Abadi (CR50) 2015; 166
Yager, Grichnik, Yager (CR65) 2014; 44
Yang (CR67) 2010; 2
Liu, Miao, Sun, Song, Quan (CR40) 2016; 80
Reformat, Yager (CR51) 2008; 12
CR26
Carvey (CR6) 2016
CR25
Neri, Cotta (CR47) 2012; 2
CR21
Luo, Ming, Wu, Liu, Zhu (CR42) 2017; 43
Yager (CR64) 1993; 59
Chandola, Banerjee, Kumar (CR7) 2009; 41
Su, Cai, Du (CR57) 2017; 10
Yahyazadeh, Abadi (CR66) 2015; 41
Halsey, Bettany (CR20) 2015
Abbas, Yasin, Ahmed, Sajid, Khan, Ashfaq, Haldar (CR1) 2016; 31
Kazem, Sharifi, Hussain, Saberi, Hussain (CR29) 2013; 13
1405_CR17
1405_CR18
1405_CR13
1405_CR58
1405_CR59
RR Yager (1405_CR65) 2014; 44
1405_CR54
1405_CR55
1405_CR12
C Gautam (1405_CR16) 2017; 261
XS Yang (1405_CR67) 2010; 2
1405_CR8
L Luo (1405_CR42) 2017; 43
1405_CR3
Q Miao (1405_CR44) 2016; 15
HJ Xing (1405_CR62) 2017; 61
1405_CR4
S Naval (1405_CR46) 2015; 10
M Wasikowski (1405_CR60) 2010; 22
SS Khan (1405_CR30) 2014; 29
J Liu (1405_CR40) 2016; 80
1405_CR25
LI Kuncheva (1405_CR38) 2003; 51
1405_CR26
RR Yager (1405_CR64) 1993; 59
M Hollander (1405_CR23) 2014
1405_CR21
HS Galal (1405_CR15) 2016; 12
W Khreich (1405_CR32) 2018; 137
V Chandola (1405_CR7) 2009; 41
J Demšar (1405_CR9) 2006; 7
TK Ho (1405_CR22) 1998; 20
A Kazem (1405_CR29) 2013; 13
B Lei (1405_CR39) 2017
N Nissim (1405_CR48) 2018; 153
S Gupta (1405_CR19) 2015; 81
1405_CR35
Y Khatri (1405_CR31) 2015; 12
M Alazab (1405_CR2) 2015; 100
HJ Xing (1405_CR61) 2018; 84
EM Rudd (1405_CR53) 2017; 19
1405_CR33
1405_CR34
Y Ding (1405_CR10) 2018; 73
M Halsey (1405_CR20) 2015
A Fattori (1405_CR14) 2015; 52
H Carvey (1405_CR6) 2016
L Rokach (1405_CR52) 2010; 33
D Karaboga (1405_CR28) 2014; 42
RR Yager (1405_CR63) 1988; 18
P Juszczak (1405_CR27) 2009; 72
NC Long (1405_CR41) 2015; 42
M Yahyazadeh (1405_CR66) 2015; 41
E Parhizkar (1405_CR50) 2015; 166
M Reformat (1405_CR51) 2008; 12
Y Ding (1405_CR11) 2013; 39
H Abbas (1405_CR1) 2016; 31
B Krawczyk (1405_CR37) 2016; 107
G Brown (1405_CR5) 2005; 6
SM Hosseini Bamakan (1405_CR24) 2017; 126
F Neri (1405_CR47) 2012; 2
1405_CR43
O Kramer (1405_CR36) 2017
RGJr Miller (1405_CR45) 1997
SJ Stolfo (1405_CR56) 2005; 13
P O’Kane (1405_CR49) 2011; 9
H Su (1405_CR57) 2017; 10
References_xml – volume: 81
  start-page: 405
  issue: 1
  year: 2015
  end-page: 425
  ident: CR19
  article-title: An immediate system call sequence based approach for detecting malicious program executions in cloud environment
  publication-title: Wirel Pers Commun
  doi: 10.1007/s11277-014-2136-x
  contributor:
    fullname: Kumar
– volume: 6
  start-page: 5
  issue: 1
  year: 2005
  end-page: 20
  ident: CR5
  article-title: Diversity creation methods: a survey and categorisation
  publication-title: Inf Fusion
  doi: 10.1016/j.inffus.2004.04.004
  contributor:
    fullname: Yao
– volume: 20
  start-page: 832
  issue: 8
  year: 1998
  end-page: 844
  ident: CR22
  article-title: The random subspace method for constructing decision forests
  publication-title: IEEE Trans Pattern Anal Mach Intell
  doi: 10.1109/34.709601
  contributor:
    fullname: Ho
– ident: CR4
– ident: CR12
– volume: 9
  start-page: 41
  issue: 5
  year: 2011
  end-page: 47
  ident: CR49
  article-title: Obfuscation: the hidden malware
  publication-title: IEEE Secur Priv
  doi: 10.1109/MSP.2011.98
  contributor:
    fullname: Mclaughlin
– volume: 10
  start-page: 309
  issue: 1
  year: 2017
  end-page: 320
  ident: CR57
  article-title: Firefly-algorithm-inspired framework with band selection and extreme learning machine for hyperspectral image classification
  publication-title: IEEE J Sel Topics Appl Earth Observations Remote Sens
  doi: 10.1109/JSTARS.2016.2591004
  contributor:
    fullname: Du
– volume: 261
  start-page: 126
  year: 2017
  end-page: 143
  ident: CR16
  article-title: On the construction of extreme learning machine for online and offline one-class classification–an expanded toolbox
  publication-title: Neurocomputing
  doi: 10.1016/j.neucom.2016.04.070
  contributor:
    fullname: Leng
– year: 2017
  ident: CR36
  publication-title: Genetic algorithm essentials. Springer international publishing
  doi: 10.1007/978-3-319-52156-5
  contributor:
    fullname: Kramer
– volume: 43
  start-page: 1157
  issue: 12
  year: 2017
  end-page: 1177
  ident: CR42
  article-title: Semantics-based obfuscation-resilient binary code similarity comparison with applications to software and algorithm plagiarism detection
  publication-title: IEEE Trans Softw Eng
  doi: 10.1109/TSE.2017.2655046
  contributor:
    fullname: Zhu
– volume: 72
  start-page: 1859
  issue: 7–9
  year: 2009
  end-page: 1869
  ident: CR27
  article-title: Minimum spanning tree based one-class classifier
  publication-title: Neurocomputing
  doi: 10.1016/j.neucom.2008.05.003
  contributor:
    fullname: Duin
– volume: 137
  start-page: 415
  year: 2018
  end-page: 429
  ident: CR32
  article-title: Combining heterogeneous anomaly detectors for improved software security
  publication-title: J Syst Softw
  doi: 10.1016/j.jss.2017.02.050
  contributor:
    fullname: Talhi
– ident: CR35
– ident: CR54
– year: 2015
  ident: CR20
  publication-title: Windows Registry troubleshooting
  doi: 10.1007/978-1-4842-0992-9
  contributor:
    fullname: Bettany
– volume: 22
  start-page: 1388
  issue: 10
  year: 2010
  end-page: 1400
  ident: CR60
  article-title: Combating the small sample class imbalance problem using feature selection
  publication-title: IEEE Trans Knowl Data Eng
  doi: 10.1109/TKDE.2009.187
  contributor:
    fullname: Chen
– ident: CR8
– ident: CR58
– volume: 107
  start-page: 43
  year: 2016
  end-page: 53
  ident: CR37
  article-title: Dynamic classifier selection for one-class classification
  publication-title: Knowl-Based Syst
  doi: 10.1016/j.knosys.2016.05.054
  contributor:
    fullname: Woźniak
– ident: CR25
– volume: 39
  start-page: 315
  year: 2013
  end-page: 324
  ident: CR11
  article-title: A fast malware detection algorithm based on objective-oriented association mining
  publication-title: Comput Secur
  doi: 10.1016/j.cose.2013.08.008
  contributor:
    fullname: Zhang
– ident: CR21
– volume: 126
  start-page: 113
  year: 2017
  end-page: 126
  ident: CR24
  article-title: Ramp loss K-support vector classification-regression: a robust and sparse multi-class approach to the intrusion detection problem
  publication-title: Knowl-Based Syst
  doi: 10.1016/j.knosys.2017.03.012
  contributor:
    fullname: Shi
– volume: 19
  start-page: 1145
  issue: 2
  year: 2017
  end-page: 1172
  ident: CR53
  article-title: A survey of stealth malware: attacks, mitigation measures, and steps toward autonomous open world solutions
  publication-title: IEEE Commun Surv Tutorials
  doi: 10.1109/COMST.2016.2636078
  contributor:
    fullname: Boult
– year: 1997
  ident: CR45
  publication-title: Beyond ANOVA: basics of applied statistics
  doi: 10.1201/b15236
  contributor:
    fullname: Miller
– volume: 29
  start-page: 345
  issue: 3
  year: 2014
  end-page: 374
  ident: CR30
  article-title: One-class classification: taxonomy of study and review of techniques
  publication-title: Knowl Eng Rev
  doi: 10.1017/S026988891300043X
  contributor:
    fullname: Madden
– volume: 2
  start-page: 78
  issue: 2
  year: 2010
  end-page: 84
  ident: CR67
  article-title: Firefly algorithm, stochastic test functions and design optimisation
  publication-title: Int J Bio-Inspired Comput
  doi: 10.1504/IJBIC.2010.032124
  contributor:
    fullname: Yang
– volume: 42
  start-page: 8221
  issue: 21
  year: 2015
  end-page: 8231
  ident: CR41
  article-title: A highly accurate firefly based algorithm for heart disease prediction
  publication-title: Expert Syst Appl
  doi: 10.1016/j.eswa.2015.06.024
  contributor:
    fullname: Unger
– volume: 7
  start-page: 1
  year: 2006
  end-page: 30
  ident: CR9
  article-title: Statistical comparisons of classifiers over multiple data sets
  publication-title: J Mach Learn Res
  contributor:
    fullname: Demšar
– volume: 13
  start-page: 947
  issue: 2
  year: 2013
  end-page: 958
  ident: CR29
  article-title: Support vector regression with chaos-based firefly algorithm for stock market price forecasting
  publication-title: Appl Soft Comput
  doi: 10.1016/j.asoc.2012.09.024
  contributor:
    fullname: Hussain
– volume: 100
  start-page: 91
  year: 2015
  end-page: 102
  ident: CR2
  article-title: Profiling and classifying the behavior of malicious codes
  publication-title: J Syst Softw
  doi: 10.1016/j.jss.2014.10.031
  contributor:
    fullname: Alazab
– volume: 42
  start-page: 21
  issue: 1
  year: 2014
  end-page: 57
  ident: CR28
  article-title: A comprehensive survey: artificial bee colony (ABC) algorithm and applications
  publication-title: Artif Intell Rev
  doi: 10.1007/s10462-012-9328-0
  contributor:
    fullname: Karaboga
– year: 2016
  ident: CR6
  publication-title: Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry
  contributor:
    fullname: Carvey
– ident: CR26
– volume: 12
  start-page: 543
  issue: 6
  year: 2008
  end-page: 558
  ident: CR51
  article-title: Building ensemble classifiers using belief functions and OWA operators
  publication-title: Soft Comput
  doi: 10.1007/s00500-007-0227-2
  contributor:
    fullname: Yager
– volume: 59
  start-page: 125
  issue: 2
  year: 1993
  end-page: 148
  ident: CR64
  article-title: Families of OWA operators
  publication-title: Fuzzy Sets Syst
  doi: 10.1016/0165-0114(93)90194-M
  contributor:
    fullname: Yager
– ident: CR18
– ident: CR43
– volume: 41
  start-page: 15:1
  issue: 3
  year: 2009
  end-page: 15:58
  ident: CR7
  article-title: Anomaly detection: a survey
  publication-title: ACM Comput Surv
  doi: 10.1145/1541880.1541882 https://doi.org/10.1145/1541880.1541882
  contributor:
    fullname: Kumar
– volume: 2
  start-page: 1
  year: 2012
  end-page: 14
  ident: CR47
  article-title: Memetic algorithms and memetic computing optimization: a literature review
  publication-title: Swarm Evol Comput
  doi: 10.1016/j.swevo.2011.11.003
  contributor:
    fullname: Cotta
– volume: 41
  start-page: 68
  year: 2015
  end-page: 85
  ident: CR66
  article-title: BotGrab: a negative reputation system for botnet detection
  publication-title: Comput Electr Eng
  doi: 10.1016/j.compeleceng.2014.10.010
  contributor:
    fullname: Abadi
– volume: 52
  start-page: 33
  year: 2015
  end-page: 50
  ident: CR14
  article-title: Hypervisor-based malware protection with AccessMiner
  publication-title: Comput Secur
  doi: 10.1016/j.cose.2015.03.007
  contributor:
    fullname: Kirda
– volume: 61
  start-page: 185
  year: 2017
  end-page: 196
  ident: CR62
  article-title: Selective ensemble of SVDDs with Renyi entropy based diversity measure
  publication-title: Pattern Recogn
  doi: 10.1016/j.patcog.2016.07.038
  contributor:
    fullname: Wang
– volume: 73
  start-page: 73
  year: 2018
  end-page: 86
  ident: CR10
  article-title: A malware detection method based on family behavior graph
  publication-title: Comput Secur
  doi: 10.1016/j.cose.2017.10.007
  contributor:
    fullname: Li
– volume: 44
  start-page: 687
  issue: 6
  year: 2014
  end-page: 691
  ident: CR65
  article-title: A soft computing approach to controlling emissions under imperfect sensors
  publication-title: IEEE Trans Syst Man Cybern
  doi: 10.1109/TSMC.2013.2268735
  contributor:
    fullname: Yager
– year: 2017
  ident: CR39
  publication-title: Classification, parameter estimation and state estimation: an engineering approach using MATLAB
  contributor:
    fullname: Tax
– year: 2014
  ident: CR23
  publication-title: Nonparametric statistical methods
  contributor:
    fullname: Chicken
– ident: CR33
– volume: 153
  start-page: 147
  year: 2018
  end-page: 175
  ident: CR48
  article-title: Trusted system-calls analysis methodology aimed at detection of compromised virtual machines using sequential mining
  publication-title: Knowl-Based Syst
  doi: 10.1016/j.knosys.2018.04.033
  contributor:
    fullname: Elovici
– volume: 18
  start-page: 183
  issue: 1
  year: 1988
  end-page: 190
  ident: CR63
  article-title: On ordered weighted averaging aggregation operators in multicriteria decisionmaking
  publication-title: IEEE Trans Syst Man Cybern
  doi: 10.1109/21.87068
  contributor:
    fullname: Yager
– volume: 51
  start-page: 181
  issue: 2
  year: 2003
  end-page: 207
  ident: CR38
  article-title: Measures of diversity in classifier ensembles and their relationship with the ensemble accuracy
  publication-title: Mach Learn
  doi: 10.1023/A:1022859003006
  contributor:
    fullname: Whitaker
– volume: 10
  start-page: 2591
  issue: 12
  year: 2015
  end-page: 2604
  ident: CR46
  article-title: Employing program semantics for malware detection
  publication-title: IEEE Trans Inf Forensics Secur
  doi: 10.1109/TIFS.2015.2469253
  contributor:
    fullname: Conti
– volume: 12
  start-page: 53
  year: 2015
  end-page: 65
  ident: CR31
  article-title: Forensic implications of System Resource Usage Monitor (SRUM) data in Windows 8
  publication-title: Digit Investig
  doi: 10.1016/j.diin.2015.01.002
  contributor:
    fullname: Khatri
– volume: 31
  start-page: 2645
  issue: 5
  year: 2016
  end-page: 2658
  ident: CR1
  article-title: Forensic artifacts modeling for social media client applications to enhance investigatory learning mechanisms
  publication-title: J Intell Fuzzy Syst
  doi: 10.3233/JIFS-169105
  contributor:
    fullname: Haldar
– ident: CR3
– ident: CR17
– volume: 80
  start-page: 179
  year: 2016
  end-page: 187
  ident: CR40
  article-title: Fast structural ensemble for one-class classification
  publication-title: Pattern Recogn Lett
  doi: 10.1016/j.patrec.2016.06.028
  contributor:
    fullname: Quan
– volume: 13
  start-page: 659
  issue: 4
  year: 2005
  end-page: 693
  ident: CR56
  article-title: A comparative evaluation of two algorithms for Windows Registry anomaly detection
  publication-title: J Comput Secur
  doi: 10.3233/JCS-2005-13403
  contributor:
    fullname: Svore
– ident: CR13
– volume: 84
  start-page: 152
  year: 2018
  end-page: 164
  ident: CR61
  article-title: Robust one-class support vector machine with rescaled hinge loss function
  publication-title: Pattern Recogn
  doi: 10.1016/j.patcog.2018.07.015
  contributor:
    fullname: Ji
– ident: CR34
– volume: 33
  start-page: 1
  issue: 1
  year: 2010
  end-page: 39
  ident: CR52
  article-title: Ensemble-based classifiers
  publication-title: Artif Intell Rev
  doi: 10.1007/s10462-009-9124-7
  contributor:
    fullname: Rokach
– ident: CR55
– volume: 12
  start-page: 59
  issue: 2
  year: 2016
  end-page: 67
  ident: CR15
  article-title: Behavior-based features model for malware detection
  publication-title: J Comput Virol Hacking Techniques
  doi: 10.1007/s11416-015-0244-0
  contributor:
    fullname: Atiea
– ident: CR59
– volume: 15
  start-page: 361
  issue: 4
  year: 2016
  end-page: 379
  ident: CR44
  article-title: Malware detection using bilayer behavior abstraction and improved one-class support vector machines
  publication-title: Int J Inf Secur
  doi: 10.1007/s10207-015-0297-6
  contributor:
    fullname: Song
– volume: 166
  start-page: 367
  year: 2015
  end-page: 381
  ident: CR50
  article-title: BeeOWA: a novel approach based on ABC algorithm and induced OWA operators for constructing one-class classifier ensembles
  publication-title: Neurocomputing
  doi: 10.1016/j.neucom.2015.03.051
  contributor:
    fullname: Abadi
– ident: 1405_CR34
– volume: 52
  start-page: 33
  year: 2015
  ident: 1405_CR14
  publication-title: Comput Secur
  doi: 10.1016/j.cose.2015.03.007
  contributor:
    fullname: A Fattori
– volume-title: Beyond ANOVA: basics of applied statistics
  year: 1997
  ident: 1405_CR45
  doi: 10.1201/b15236
  contributor:
    fullname: RGJr Miller
– volume: 73
  start-page: 73
  year: 2018
  ident: 1405_CR10
  publication-title: Comput Secur
  doi: 10.1016/j.cose.2017.10.007
  contributor:
    fullname: Y Ding
– ident: 1405_CR43
  doi: 10.1109/INFCOM.2013.6567003
– ident: 1405_CR33
  doi: 10.1145/2810103.2813642
– ident: 1405_CR12
  doi: 10.1007/3-540-45014-9_2
– volume: 72
  start-page: 1859
  issue: 7–9
  year: 2009
  ident: 1405_CR27
  publication-title: Neurocomputing
  doi: 10.1016/j.neucom.2008.05.003
  contributor:
    fullname: P Juszczak
– ident: 1405_CR21
  doi: 10.7916/D85M6CFF
– volume: 44
  start-page: 687
  issue: 6
  year: 2014
  ident: 1405_CR65
  publication-title: IEEE Trans Syst Man Cybern
  doi: 10.1109/TSMC.2013.2268735
  contributor:
    fullname: RR Yager
– volume: 19
  start-page: 1145
  issue: 2
  year: 2017
  ident: 1405_CR53
  publication-title: IEEE Commun Surv Tutorials
  doi: 10.1109/COMST.2016.2636078
  contributor:
    fullname: EM Rudd
– volume: 100
  start-page: 91
  year: 2015
  ident: 1405_CR2
  publication-title: J Syst Softw
  doi: 10.1016/j.jss.2014.10.031
  contributor:
    fullname: M Alazab
– volume: 13
  start-page: 947
  issue: 2
  year: 2013
  ident: 1405_CR29
  publication-title: Appl Soft Comput
  doi: 10.1016/j.asoc.2012.09.024
  contributor:
    fullname: A Kazem
– volume: 51
  start-page: 181
  issue: 2
  year: 2003
  ident: 1405_CR38
  publication-title: Mach Learn
  doi: 10.1023/A:1022859003006
  contributor:
    fullname: LI Kuncheva
– volume-title: Windows Registry troubleshooting
  year: 2015
  ident: 1405_CR20
  doi: 10.1007/978-1-4842-0992-9
  contributor:
    fullname: M Halsey
– volume: 39
  start-page: 315
  year: 2013
  ident: 1405_CR11
  publication-title: Comput Secur
  doi: 10.1016/j.cose.2013.08.008
  contributor:
    fullname: Y Ding
– ident: 1405_CR58
– volume: 84
  start-page: 152
  year: 2018
  ident: 1405_CR61
  publication-title: Pattern Recogn
  doi: 10.1016/j.patcog.2018.07.015
  contributor:
    fullname: HJ Xing
– volume: 107
  start-page: 43
  year: 2016
  ident: 1405_CR37
  publication-title: Knowl-Based Syst
  doi: 10.1016/j.knosys.2016.05.054
  contributor:
    fullname: B Krawczyk
– volume: 7
  start-page: 1
  year: 2006
  ident: 1405_CR9
  publication-title: J Mach Learn Res
  contributor:
    fullname: J Demšar
– volume: 20
  start-page: 832
  issue: 8
  year: 1998
  ident: 1405_CR22
  publication-title: IEEE Trans Pattern Anal Mach Intell
  doi: 10.1109/34.709601
  contributor:
    fullname: TK Ho
– volume-title: Genetic algorithm essentials. Springer international publishing
  year: 2017
  ident: 1405_CR36
  doi: 10.1007/978-3-319-52156-5
  contributor:
    fullname: O Kramer
– volume: 18
  start-page: 183
  issue: 1
  year: 1988
  ident: 1405_CR63
  publication-title: IEEE Trans Syst Man Cybern
  doi: 10.1109/21.87068
  contributor:
    fullname: RR Yager
– volume-title: Classification, parameter estimation and state estimation: an engineering approach using MATLAB
  year: 2017
  ident: 1405_CR39
  contributor:
    fullname: B Lei
– volume: 12
  start-page: 59
  issue: 2
  year: 2016
  ident: 1405_CR15
  publication-title: J Comput Virol Hacking Techniques
  doi: 10.1007/s11416-015-0244-0
  contributor:
    fullname: HS Galal
– volume: 80
  start-page: 179
  year: 2016
  ident: 1405_CR40
  publication-title: Pattern Recogn Lett
  doi: 10.1016/j.patrec.2016.06.028
  contributor:
    fullname: J Liu
– volume: 137
  start-page: 415
  year: 2018
  ident: 1405_CR32
  publication-title: J Syst Softw
  doi: 10.1016/j.jss.2017.02.050
  contributor:
    fullname: W Khreich
– volume: 15
  start-page: 361
  issue: 4
  year: 2016
  ident: 1405_CR44
  publication-title: Int J Inf Secur
  doi: 10.1007/s10207-015-0297-6
  contributor:
    fullname: Q Miao
– volume: 12
  start-page: 543
  issue: 6
  year: 2008
  ident: 1405_CR51
  publication-title: Soft Comput
  doi: 10.1007/s00500-007-0227-2
  contributor:
    fullname: M Reformat
– volume: 2
  start-page: 1
  year: 2012
  ident: 1405_CR47
  publication-title: Swarm Evol Comput
  doi: 10.1016/j.swevo.2011.11.003
  contributor:
    fullname: F Neri
– volume: 33
  start-page: 1
  issue: 1
  year: 2010
  ident: 1405_CR52
  publication-title: Artif Intell Rev
  doi: 10.1007/s10462-009-9124-7
  contributor:
    fullname: L Rokach
– volume: 12
  start-page: 53
  year: 2015
  ident: 1405_CR31
  publication-title: Digit Investig
  doi: 10.1016/j.diin.2015.01.002
  contributor:
    fullname: Y Khatri
– volume: 2
  start-page: 78
  issue: 2
  year: 2010
  ident: 1405_CR67
  publication-title: Int J Bio-Inspired Comput
  doi: 10.1504/IJBIC.2010.032124
  contributor:
    fullname: XS Yang
– ident: 1405_CR18
  doi: 10.1109/ICNC.2008.871
– ident: 1405_CR59
– volume: 9
  start-page: 41
  issue: 5
  year: 2011
  ident: 1405_CR49
  publication-title: IEEE Secur Priv
  doi: 10.1109/MSP.2011.98
  contributor:
    fullname: P O’Kane
– ident: 1405_CR8
– volume: 13
  start-page: 659
  issue: 4
  year: 2005
  ident: 1405_CR56
  publication-title: J Comput Secur
  doi: 10.3233/JCS-2005-13403
  contributor:
    fullname: SJ Stolfo
– ident: 1405_CR25
  doi: 10.1109/AISP.2015.7123508
– ident: 1405_CR4
– volume: 42
  start-page: 21
  issue: 1
  year: 2014
  ident: 1405_CR28
  publication-title: Artif Intell Rev
  doi: 10.1007/s10462-012-9328-0
  contributor:
    fullname: D Karaboga
– ident: 1405_CR17
  doi: 10.1109/IranianCEE.2017.7985436
– volume-title: Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry
  year: 2016
  ident: 1405_CR6
  contributor:
    fullname: H Carvey
– volume: 29
  start-page: 345
  issue: 3
  year: 2014
  ident: 1405_CR30
  publication-title: Knowl Eng Rev
  doi: 10.1017/S026988891300043X
  contributor:
    fullname: SS Khan
– volume: 261
  start-page: 126
  year: 2017
  ident: 1405_CR16
  publication-title: Neurocomputing
  doi: 10.1016/j.neucom.2016.04.070
  contributor:
    fullname: C Gautam
– volume: 153
  start-page: 147
  year: 2018
  ident: 1405_CR48
  publication-title: Knowl-Based Syst
  doi: 10.1016/j.knosys.2018.04.033
  contributor:
    fullname: N Nissim
– ident: 1405_CR3
  doi: 10.1007/3-540-36084-0_3
– ident: 1405_CR13
– volume: 22
  start-page: 1388
  issue: 10
  year: 2010
  ident: 1405_CR60
  publication-title: IEEE Trans Knowl Data Eng
  doi: 10.1109/TKDE.2009.187
  contributor:
    fullname: M Wasikowski
– volume: 42
  start-page: 8221
  issue: 21
  year: 2015
  ident: 1405_CR41
  publication-title: Expert Syst Appl
  doi: 10.1016/j.eswa.2015.06.024
  contributor:
    fullname: NC Long
– volume: 43
  start-page: 1157
  issue: 12
  year: 2017
  ident: 1405_CR42
  publication-title: IEEE Trans Softw Eng
  doi: 10.1109/TSE.2017.2655046
  contributor:
    fullname: L Luo
– volume: 126
  start-page: 113
  year: 2017
  ident: 1405_CR24
  publication-title: Knowl-Based Syst
  doi: 10.1016/j.knosys.2017.03.012
  contributor:
    fullname: SM Hosseini Bamakan
– volume: 166
  start-page: 367
  year: 2015
  ident: 1405_CR50
  publication-title: Neurocomputing
  doi: 10.1016/j.neucom.2015.03.051
  contributor:
    fullname: E Parhizkar
– volume: 10
  start-page: 2591
  issue: 12
  year: 2015
  ident: 1405_CR46
  publication-title: IEEE Trans Inf Forensics Secur
  doi: 10.1109/TIFS.2015.2469253
  contributor:
    fullname: S Naval
– volume: 61
  start-page: 185
  year: 2017
  ident: 1405_CR62
  publication-title: Pattern Recogn
  doi: 10.1016/j.patcog.2016.07.038
  contributor:
    fullname: HJ Xing
– volume: 31
  start-page: 2645
  issue: 5
  year: 2016
  ident: 1405_CR1
  publication-title: J Intell Fuzzy Syst
  doi: 10.3233/JIFS-169105
  contributor:
    fullname: H Abbas
– volume: 41
  start-page: 68
  year: 2015
  ident: 1405_CR66
  publication-title: Comput Electr Eng
  doi: 10.1016/j.compeleceng.2014.10.010
  contributor:
    fullname: M Yahyazadeh
– volume: 41
  start-page: 15:1
  issue: 3
  year: 2009
  ident: 1405_CR7
  publication-title: ACM Comput Surv
  doi: 10.1145/1541880.1541882 https://doi.org/10.1145/1541880.1541882
  contributor:
    fullname: V Chandola
– volume-title: Nonparametric statistical methods
  year: 2014
  ident: 1405_CR23
  contributor:
    fullname: M Hollander
– ident: 1405_CR26
  doi: 10.1109/ICCKE.2015.7365841
– volume: 6
  start-page: 5
  issue: 1
  year: 2005
  ident: 1405_CR5
  publication-title: Inf Fusion
  doi: 10.1016/j.inffus.2004.04.004
  contributor:
    fullname: G Brown
– ident: 1405_CR54
  doi: 10.1109/ICRCICN.2016.7813659
– volume: 10
  start-page: 309
  issue: 1
  year: 2017
  ident: 1405_CR57
  publication-title: IEEE J Sel Topics Appl Earth Observations Remote Sens
  doi: 10.1109/JSTARS.2016.2591004
  contributor:
    fullname: H Su
– volume: 81
  start-page: 405
  issue: 1
  year: 2015
  ident: 1405_CR19
  publication-title: Wirel Pers Commun
  doi: 10.1007/s11277-014-2136-x
  contributor:
    fullname: S Gupta
– ident: 1405_CR55
  doi: 10.1109/ICDM.2002.1183938
– volume: 59
  start-page: 125
  issue: 2
  year: 1993
  ident: 1405_CR64
  publication-title: Fuzzy Sets Syst
  doi: 10.1016/0165-0114(93)90194-M
  contributor:
    fullname: RR Yager
– ident: 1405_CR35
SSID ssj0003301
Score 2.3482554
Snippet Malware is continuously evolving and becoming more sophisticated to avoid detection. Traditionally, the Windows operating system has been the most popular...
SourceID proquest
crossref
springer
SourceType Aggregation Database
Publisher
StartPage 2641
SubjectTerms Artificial Intelligence
Classifiers
Computer Science
False alarms
Machines
Malware
Manufacturing
Mechanical Engineering
Operating systems
Processes
Pruning
Swarm intelligence
Windows (computer programs)
SummonAdditionalLinks – databaseName: SpringerLink Journals (ICM)
  dbid: U2A
  link: http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3PS8MwFA46L178LU6n5OBNA2mbNom3oY4hzIM62C2kaSLC1smsiP-9L1lrVfTgpVBSUvja9973yPfeQ-iUpsJImlriTGQJc06TnAvIUphJioQziNG-UHh0mw3H7GaSTto67iB2b04kg6P-UuvGvLon8tor5hVnq2gNyAPzOq5x3P90v5CghzF5kFiQLJOTulLm9z2-R6OWYv44FQ3BZrCFNmqWiPvLz7qNVmy5gzabCQy4NshddH_XH11dYD9dwQ9tIz4mFViX85mevmO4vOmFxYWtguCqxF7l_ojnpSXGs2YMOayd5VOLw-2T83Ox99B4cP1wOST1mARiwH4qorV2ljJuMiGFdjxJdU6dP-DUoVsXeGOmgValwNx8_z_IeePcCC1jaiXQj2QfdUp48wHCrKC04JwbYwFY46SwVmhmYm0iJ1nRRWcNXOp52Q1DtX2PPbgKwFUBXEW7qNcgqmrLeFGQAkVCRnEMy-cNyu3y37sd_u_xI7QO3EYulbU91KkWr_YY-EOVn4T_5QNZertJ
  priority: 102
  providerName: Springer Nature
Title RAMD: registry-based anomaly malware detection using one-class ensemble classifiers
URI https://link.springer.com/article/10.1007/s10489-018-01405-0
https://www.proquest.com/docview/2171891220
Volume 49
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwfV3dS8MwED90e_HFb3F-jDz4psE0S9fEF5m6KYoi6mA-lTRNRJidHxPxv_fSpQ4FfSm0hRQuzd3vcr_cD2CHxdIoFlvqTGSpcE7TLJGYpQjTyluJwBjtDwpfXrXP-uJ8EA_ChttboFVWPrF01PnI-D3yfYTOkVQR5-zw-YV61ShfXQ0SGrNQ55gp8BrUj7pX1zffvhiz9VIzD7MM2m6rQTg2Ew7PCU8XijyZS3gK28_QNMWbv0qkZeTpLcJ8gIykM5njJZixxTIsVHIMJKzOFbi96VyeHBAvteAV3KgPUDnRxehJDz8JXj70qyW5HZfsq4J4yvsDGRWWGg-hCSa09ikbWlLePjovkr0K_V737viMBs0EanAxjanW2lkmEtOWSmqXtGKdMeernbps3YWuWWjEWDHCON8MEBNgnhmpFWdWIRZprUGtwC-vAxE5Y3mSJMZYLqRxSlortTBcm8gpkTdgtzJX-jxpjZFOmyB746Zo3LQ0bsoasFVZNA3L5C2dTmoD9iorT1__PdrG_6NtwhwCGzWh1W5Bbfz6brcRPIyzJszK3mkT6p3T-4tuM_wv-LTPO19QPcOB
link.rule.ids 315,783,787,12779,21402,27938,27939,33387,33758,41095,41537,42164,42606,43614,43819,52125,52248,74371,74638
linkProvider ProQuest
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwfV3PS8MwFA46D3rxtzh_5uBNg2mbrokXEXVO3XbQDXYraZqIoJ26ifjf-16XOhT0UiiFFF6S976XfO99hBzwWBrFY8ucCSwTzmmWJRKyFGGiPEoExGgsFO50G62-uBnEA3_gNvK0ysonlo46Hxo8Iz8G6BxIFYQhP315ZagahberXkJjlsyJCAINVoo3r749MeTqpWIe5Bis0VADXzTjS-cEkoUCpHIJJLD9DExTtPnrgrSMO81lsugBIz2bzPAKmbHFKlmqxBio35tr5P7urHNxQlFoAfXbGIannOpi-KyfPik8PvSbpbkdl9yrgiLh_YEOC8sMAmgK6ax9zp4sLV8fHUpkr5N-87J33mJeMYEZ2EpjprV2lovENKSS2iVRrDPu8K5Tl427wDELDQgrBhCHrQAh_Q0zI7UKuVWARKINUivgz5uEipzzPEkSY2wopHFKWiu1MKE2gVMir5PDylzpy6QxRjptgYzGTcG4aWnclNfJTmXR1G-SUTqd0jo5qqw8_fz3aFv_j7ZP5lu9TjttX3dvt8kCQBw1IdjukNr47d3uAowYZ3vlWvkCDNjBqQ
linkToPdf http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwfV1LSwMxEB60BfHiW6zPHLxpMLvNdhMv4qvUVxEf0NuSzSYitNvaVsR_72SbtSjoZWFZSGAymflm82U-gH0WCS1ZZKjVgaHcWkXTWGCVwnU9q8ccc7S7KHzXbrSe-XUn6nj-08jTKsuYWATqrK_dP_IjhM6BkEEYsiPraRH3F82TwRt1ClLupNXLacxCNeboVRWonl227x--4zJW7oV-HlYctNGQHX-Fxl-k4446FDhiF3d0tp9paoo9fx2XFlmouQQLHj6S08l6L8OMyVdgsZRmIH6nrsLjw-ndxTFxsgtOzY26ZJURlfd7qvtJ8PGhhoZkZlwwsXLi6O8vpJ8bqh2cJljcml7aNaR4fbVOMHsNnpuXT-ct6vUTqMaNNaZKKWsYj3VDSKFsXI9Uyqw7-VRFGy8M01wh3ooQ0rnGgFgMh6kWSobMSMQl9XWo5DjzBhCeMZbFcay1CbnQVgpjhOI6VDqwkmc1OCjNlQwmbTKSaUNkZ9wEjZsUxk1YDbZLiyZ-y4yS6QLX4LC08vTz36Nt_j_aHsyhoyS3V-2bLZhHvCMnbNttqIyH72YHMcU43fXO8gWhbsdM
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=RAMD%3A+registry-based+anomaly+malware+detection+using+one-class+ensemble+classifiers&rft.jtitle=Applied+intelligence+%28Dordrecht%2C+Netherlands%29&rft.au=Tajoddin%2C+Asghar&rft.au=Abadi%2C+Mahdi&rft.date=2019-07-01&rft.pub=Springer+Nature+B.V&rft.issn=0924-669X&rft.eissn=1573-7497&rft.volume=49&rft.issue=7&rft.spage=2641&rft.epage=2658&rft_id=info:doi/10.1007%2Fs10489-018-01405-0&rft.externalDBID=HAS_PDF_LINK
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0924-669X&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0924-669X&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0924-669X&client=summon