TagSeq: Malicious behavior discovery using dynamic analysis
In recent years, studies on malware analysis have noticeably increased in the cybersecurity community. Most recent studies concentrate on malware classification and detection or malicious patterns identification, but as to malware activity, it still relies heavily on manual analysis for high-level s...
Saved in:
| Published in | PloS one Vol. 17; no. 5; p. e0263644 |
|---|---|
| Main Authors | , , |
| Format | Journal Article |
| Language | English |
| Published |
United States
Public Library of Science
16.05.2022
Public Library of Science (PLoS) |
| Subjects | |
| Online Access | Get full text |
Cover
Loading…
| Abstract | In recent years, studies on malware analysis have noticeably increased in the cybersecurity community. Most recent studies concentrate on malware classification and detection or malicious patterns identification, but as to malware activity, it still relies heavily on manual analysis for high-level semantic descriptions. We develop a sequence-to-sequence (seq2seq) neural network, called TagSeq, to investigate a sequence of Windows API calls recorded from malware execution, and produce tags to label their malicious behavior. We propose embedding modules to transform Windows API function parameters, registry, filenames, and URLs into low-dimension vectors, while still preserving the closeness property. Moreover, we utilize an attention mechanism to capture the relations between generated tags and certain API invocation calls. Results show that the most possible malicious actions are identified by TagSeq. Examples and a case study demonstrate that the proposed embedding modules preserve semantic-physical relations and that the predicted tags reflect malicious intentions. We believe this work is suitable as a tool to help security analysts recognize malicious behavior and intent with easy-to-understand tags. |
|---|---|
| AbstractList | In recent years, studies on malware analysis have noticeably increased in the cybersecurity community. Most recent studies concentrate on malware classification and detection or malicious patterns identification, but as to malware activity, it still relies heavily on manual analysis for high-level semantic descriptions. We develop a sequence-to-sequence (seq2seq) neural network, called TagSeq, to investigate a sequence of Windows API calls recorded from malware execution, and produce tags to label their malicious behavior. We propose embedding modules to transform Windows API function parameters, registry, filenames, and URLs into low-dimension vectors, while still preserving the closeness property. Moreover, we utilize an attention mechanism to capture the relations between generated tags and certain API invocation calls. Results show that the most possible malicious actions are identified by TagSeq. Examples and a case study demonstrate that the proposed embedding modules preserve semantic-physical relations and that the predicted tags reflect malicious intentions. We believe this work is suitable as a tool to help security analysts recognize malicious behavior and intent with easy-to-understand tags. In recent years, studies on malware analysis have noticeably increased in the cybersecurity community. Most recent studies concentrate on malware classification and detection or malicious patterns identification, but as to malware activity, it still relies heavily on manual analysis for high-level semantic descriptions. We develop a sequence-to-sequence (seq2seq) neural network, called TagSeq, to investigate a sequence of Windows API calls recorded from malware execution, and produce tags to label their malicious behavior. We propose embedding modules to transform Windows API function parameters, registry, filenames, and URLs into low-dimension vectors, while still preserving the closeness property. Moreover, we utilize an attention mechanism to capture the relations between generated tags and certain API invocation calls. Results show that the most possible malicious actions are identified by TagSeq. Examples and a case study demonstrate that the proposed embedding modules preserve semantic-physical relations and that the predicted tags reflect malicious intentions. We believe this work is suitable as a tool to help security analysts recognize malicious behavior and intent with easy-to-understand tags.In recent years, studies on malware analysis have noticeably increased in the cybersecurity community. Most recent studies concentrate on malware classification and detection or malicious patterns identification, but as to malware activity, it still relies heavily on manual analysis for high-level semantic descriptions. We develop a sequence-to-sequence (seq2seq) neural network, called TagSeq, to investigate a sequence of Windows API calls recorded from malware execution, and produce tags to label their malicious behavior. We propose embedding modules to transform Windows API function parameters, registry, filenames, and URLs into low-dimension vectors, while still preserving the closeness property. Moreover, we utilize an attention mechanism to capture the relations between generated tags and certain API invocation calls. Results show that the most possible malicious actions are identified by TagSeq. Examples and a case study demonstrate that the proposed embedding modules preserve semantic-physical relations and that the predicted tags reflect malicious intentions. We believe this work is suitable as a tool to help security analysts recognize malicious behavior and intent with easy-to-understand tags. |
| Audience | Academic |
| Author | Sun, Yeali S. Chen, Meng Chang Huang, Yi-Ting |
| AuthorAffiliation | 1 Institute of Information Science, Academia Sinica, Taipei, Taiwan 2 Department of Information Management, National Taiwan University, Taipei, Taiwan Politechnika Slaska, POLAND |
| AuthorAffiliation_xml | – name: Politechnika Slaska, POLAND – name: 1 Institute of Information Science, Academia Sinica, Taipei, Taiwan – name: 2 Department of Information Management, National Taiwan University, Taipei, Taiwan |
| Author_xml | – sequence: 1 givenname: Yi-Ting orcidid: 0000-0002-6315-8927 surname: Huang fullname: Huang, Yi-Ting – sequence: 2 givenname: Yeali S. surname: Sun fullname: Sun, Yeali S. – sequence: 3 givenname: Meng Chang surname: Chen fullname: Chen, Meng Chang |
| BackLink | https://www.ncbi.nlm.nih.gov/pubmed/35576222$$D View this record in MEDLINE/PubMed |
| BookMark | eNqNk2tr2zAUhs3oWC_bPxiboTC2D8lk3dXBoJRdAh2FtdtXIcuyo6BYqWSH5d9PWZwRlzKGPlgcP-97dI50TrOj1rcmy14WYFogVrxf-D60yk1XKTwFkCKK8ZPspBAITigE6Ohgf5ydxrgAgCBO6bPsGBHCKITwJPtwp5pbc3-Rf1POauv7mJdmrtbWh7yyUfu1CZu8j7Zt8mrTqqXVuUppN9HG59nTWrloXgzfs-zH5093V18n1zdfZleX1xNNBewmGmkgMNO1KBVGpqwNUkQoUWPGOCYQMVAKqhmrACWVKTXhAiEOWUkIRaBCZ9nrne_K-SiHuqOElFOIOSUsEbMdUXm1kKtglypspFdW_gn40EgVOqudkTXHpoK4UgWk2x3HCDAOtObGGIho8vo4ZOvLpam0abug3Mh0_Ke1c9n4tRQFEAKiZPB2MAj-vjexk8vUSOOcak3qbzo3JQktIE_o-QP08eoGqlGpANvWPuXVW1N5yQASjKMCJGr6CJVWZdKlpUdS2xQfCd6NBInpzK-uUX2Mcnb7_f_Zm59j9s0BOzfKdfPoXd9Z38Yx-Oqw039bvH-dCbjYATr4GIOppbad2vqk0qyTBZDbUdg3TW5HQQ6jkMT4gXjv_0_Zb4JpC1w |
| CitedBy_id | crossref_primary_10_1109_ACCESS_2022_3210386 crossref_primary_10_3390_electronics13173553 |
| Cites_doi | 10.3390/app10072373 10.1109/64.511768 10.1007/978-3-319-40667-1_20 10.1016/j.cose.2019.101592 10.1109/ACCESS.2019.2946392 10.1162/neco.1997.9.8.1735 10.1109/CVPR.2016.319 10.1109/MALWARE.2015.7413680 10.1109/ICASSP.2013.6638293 10.1109/ICASSP.2015.7178304 10.1145/2089125.2089126 10.1007/978-3-030-01234-2_49 10.5120/6194-8715 10.1109/ICASSP.2017.7952603 10.4156/ijipm.vol4.issue5.7 10.1109/ICASSP.2019.8682899 10.3390/electronics10040485 10.18653/v1/D15-1166 10.1109/ICASSP.2017.7953075 10.1007/978-3-319-45719-2_11 10.1016/j.cose.2018.11.001 10.1109/MSR.2017.57 10.1016/j.cose.2020.101760 10.1007/978-3-030-21548-4_38 10.1109/CyberSecPODS.2019.8885196 10.1109/TPAMI.2016.2644615 10.1109/TIFS.2020.2969514 10.1155/2019/2317976 10.23919/EECSI50503.2020.9251304 10.1016/j.cose.2020.101775 10.1198/tech.2003.s783 10.1109/TIFS.2019.2947861 |
| ContentType | Journal Article |
| Copyright | COPYRIGHT 2022 Public Library of Science 2022 Huang et al. This is an open access article distributed under the terms of the Creative Commons Attribution License: http://creativecommons.org/licenses/by/4.0/ (the “License”), which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited. Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License. 2022 Huang et al 2022 Huang et al |
| Copyright_xml | – notice: COPYRIGHT 2022 Public Library of Science – notice: 2022 Huang et al. This is an open access article distributed under the terms of the Creative Commons Attribution License: http://creativecommons.org/licenses/by/4.0/ (the “License”), which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited. Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License. – notice: 2022 Huang et al 2022 Huang et al |
| DBID | AAYXX CITATION NPM IOV ISR 3V. 7QG 7QL 7QO 7RV 7SN 7SS 7T5 7TG 7TM 7U9 7X2 7X7 7XB 88E 8AO 8C1 8FD 8FE 8FG 8FH 8FI 8FJ 8FK ABJCF ABUWG AEUYN AFKRA ARAPS ATCPS AZQEC BBNVY BENPR BGLVJ BHPHI C1K CCPQU D1I DWQXO FR3 FYUFA GHDGH GNUQQ H94 HCIFZ K9. KB. KB0 KL. L6V LK8 M0K M0S M1P M7N M7P M7S NAPCQ P5Z P62 P64 PATMY PDBOC PHGZM PHGZT PIMPY PJZUB PKEHL PPXIY PQEST PQGLB PQQKQ PQUKI PTHSS PYCSY RC3 7X8 5PM DOA |
| DOI | 10.1371/journal.pone.0263644 |
| DatabaseName | CrossRef PubMed Gale In Context: Opposing Viewpoints Gale In Context: Science ProQuest Central (Corporate) Animal Behavior Abstracts Bacteriology Abstracts (Microbiology B) Biotechnology Research Abstracts Nursing & Allied Health Database Ecology Abstracts Entomology Abstracts (Full archive) Immunology Abstracts Meteorological & Geoastrophysical Abstracts Nucleic Acids Abstracts Virology and AIDS Abstracts Agricultural Science Collection Health & Medical Collection ProQuest Central (purchase pre-March 2016) Medical Database (Alumni Edition) ProQuest Pharma Collection Public Health Database Technology Research Database ProQuest SciTech Collection ProQuest Technology Collection ProQuest Natural Science Collection Hospital Premium Collection Hospital Premium Collection (Alumni Edition) ProQuest Central (Alumni) (purchase pre-March 2016) Materials Science & Engineering Collection ProQuest Central (Alumni) ProQuest One Sustainability ProQuest Central UK/Ireland Advanced Technologies & Aerospace Collection Agricultural & Environmental Science Collection ProQuest Central Essentials Biological Science Collection ProQuest Central Technology Collection Natural Science Collection Environmental Sciences and Pollution Management ProQuest One ProQuest Materials Science Collection ProQuest Central Engineering Research Database Proquest Health Research Premium Collection Health Research Premium Collection (Alumni) ProQuest Central Student AIDS and Cancer Research Abstracts SciTech Premium Collection ProQuest Health & Medical Complete (Alumni) Materials Science Database Nursing & Allied Health Database (Alumni Edition) Meteorological & Geoastrophysical Abstracts - Academic ProQuest Engineering Collection ProQuest Biological Science Collection Agriculture Science Database ProQuest Health & Medical Collection Medical Database Algology Mycology and Protozoology Abstracts (Microbiology C) Biological Science Database Engineering Database Nursing & Allied Health Premium Advanced Technologies & Aerospace Database ProQuest Advanced Technologies & Aerospace Collection Biotechnology and BioEngineering Abstracts Environmental Science Database Materials Science Collection ProQuest Central Premium ProQuest One Academic (New) Publicly Available Content Database ProQuest Health & Medical Research Collection ProQuest One Academic Middle East (New) ProQuest One Health & Nursing ProQuest One Academic Eastern Edition (DO NOT USE) ProQuest One Applied & Life Sciences ProQuest One Academic ProQuest One Academic UKI Edition Engineering Collection Environmental Science Collection Genetics Abstracts MEDLINE - Academic PubMed Central (Full Participant titles) Open Access资源_DOAJ |
| DatabaseTitle | CrossRef PubMed Agricultural Science Database Publicly Available Content Database ProQuest Central Student ProQuest Advanced Technologies & Aerospace Collection ProQuest Central Essentials Nucleic Acids Abstracts SciTech Premium Collection Environmental Sciences and Pollution Management ProQuest One Applied & Life Sciences ProQuest One Sustainability Health Research Premium Collection Meteorological & Geoastrophysical Abstracts Natural Science Collection Health & Medical Research Collection Biological Science Collection ProQuest Central (New) ProQuest Medical Library (Alumni) Engineering Collection Advanced Technologies & Aerospace Collection Engineering Database Virology and AIDS Abstracts ProQuest Biological Science Collection ProQuest One Academic Eastern Edition Agricultural Science Collection ProQuest Hospital Collection ProQuest Technology Collection Health Research Premium Collection (Alumni) Biological Science Database Ecology Abstracts ProQuest Hospital Collection (Alumni) Biotechnology and BioEngineering Abstracts Environmental Science Collection Entomology Abstracts Nursing & Allied Health Premium ProQuest Health & Medical Complete ProQuest One Academic UKI Edition Environmental Science Database ProQuest Nursing & Allied Health Source (Alumni) Engineering Research Database ProQuest One Academic Meteorological & Geoastrophysical Abstracts - Academic ProQuest One Academic (New) Technology Collection Technology Research Database ProQuest One Academic Middle East (New) Materials Science Collection ProQuest Health & Medical Complete (Alumni) ProQuest Central (Alumni Edition) ProQuest One Community College ProQuest One Health & Nursing ProQuest Natural Science Collection ProQuest Pharma Collection ProQuest Central ProQuest Health & Medical Research Collection Genetics Abstracts ProQuest Engineering Collection Biotechnology Research Abstracts Health and Medicine Complete (Alumni Edition) ProQuest Central Korea Bacteriology Abstracts (Microbiology B) Algology Mycology and Protozoology Abstracts (Microbiology C) Agricultural & Environmental Science Collection AIDS and Cancer Research Abstracts Materials Science Database ProQuest Materials Science Collection ProQuest Public Health ProQuest Nursing & Allied Health Source ProQuest SciTech Collection Advanced Technologies & Aerospace Database ProQuest Medical Library Animal Behavior Abstracts Materials Science & Engineering Collection Immunology Abstracts ProQuest Central (Alumni) MEDLINE - Academic |
| DatabaseTitleList | CrossRef PubMed Agricultural Science Database MEDLINE - Academic |
| Database_xml | – sequence: 1 dbid: DOA name: 开放获取期刊(Open Access Journals) url: https://www.doaj.org/ sourceTypes: Open Website – sequence: 2 dbid: NPM name: PubMed url: https://proxy.k.utb.cz/login?url=http://www.ncbi.nlm.nih.gov/entrez/query.fcgi?db=PubMed sourceTypes: Index Database – sequence: 3 dbid: 8FG name: ProQuest Technology Collection url: https://search.proquest.com/technologycollection1 sourceTypes: Aggregation Database |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Sciences (General) |
| DocumentTitleAlternate | A malware semantic tagging system |
| EISSN | 1932-6203 |
| ExternalDocumentID | 2686248657 oai_doaj_org_article_f84ed24da1264ed28430780cc8eee236 PMC9109923 A703978310 35576222 10_1371_journal_pone_0263644 |
| Genre | Journal Article |
| GeographicLocations | United States |
| GeographicLocations_xml | – name: United States |
| GrantInformation_xml | – fundername: ; grantid: 109-2221-E-001-010-MY3 – fundername: ; grantid: 108-2218-E-002-045 |
| GroupedDBID | --- 123 29O 2WC 53G 5VS 7RV 7X2 7X7 7XC 88E 8AO 8C1 8CJ 8FE 8FG 8FH 8FI 8FJ A8Z AAFWJ AAUCC AAWOE AAYXX ABDBF ABIVO ABJCF ABUWG ACGFO ACIHN ACIWK ACPRK ACUHS ADBBV AEAQA AENEX AEUYN AFKRA AFPKN AFRAH AHMBA ALIPV ALMA_UNASSIGNED_HOLDINGS AOIJS APEBS ARAPS ATCPS BAWUL BBNVY BCNDV BENPR BGLVJ BHPHI BKEYQ BPHCQ BVXVI BWKFM CCPQU CITATION CS3 D1I D1J D1K DIK DU5 E3Z EAP EAS EBD EMOBN ESX EX3 F5P FPL FYUFA GROUPED_DOAJ GX1 HCIFZ HH5 HMCUK HYE IAO IEA IGS IHR IHW INH INR IOV IPY ISE ISR ITC K6- KB. KQ8 L6V LK5 LK8 M0K M1P M48 M7P M7R M7S M~E NAPCQ O5R O5S OK1 OVT P2P P62 PATMY PDBOC PHGZM PHGZT PIMPY PQQKQ PROAC PSQYO PTHSS PV9 PYCSY RNS RPM RZL SV3 TR2 UKHRP WOQ WOW ~02 ~KM ADRAZ IPNFZ NPM PJZUB PPXIY PQGLB RIG BBORY PMFND 3V. 7QG 7QL 7QO 7SN 7SS 7T5 7TG 7TM 7U9 7XB 8FD 8FK AZQEC C1K DWQXO FR3 GNUQQ H94 K9. KL. M7N P64 PKEHL PQEST PQUKI RC3 7X8 5PM PUEGO - 02 AAPBV ABPTK ADACO BBAFP KM |
| ID | FETCH-LOGICAL-c692t-c3c0947cf9ba43ebfe3a59a9f4778452370b96c77d065debc58933827b55630d3 |
| IEDL.DBID | M48 |
| ISSN | 1932-6203 |
| IngestDate | Sun Jul 31 00:47:56 EDT 2022 Wed Aug 27 01:30:05 EDT 2025 Thu Aug 21 18:26:27 EDT 2025 Fri Jul 11 07:31:44 EDT 2025 Fri Jul 25 11:20:28 EDT 2025 Tue Jun 17 21:04:29 EDT 2025 Tue Jun 10 20:50:31 EDT 2025 Fri Jun 27 03:39:39 EDT 2025 Fri Jun 27 03:39:50 EDT 2025 Thu May 22 21:13:42 EDT 2025 Mon Jul 21 05:46:38 EDT 2025 Tue Jul 01 01:41:54 EDT 2025 Thu Apr 24 23:10:05 EDT 2025 |
| IsDoiOpenAccess | true |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 5 |
| Language | English |
| License | This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited. Creative Commons Attribution License |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c692t-c3c0947cf9ba43ebfe3a59a9f4778452370b96c77d065debc58933827b55630d3 |
| Notes | ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14 content type line 23 Competing Interests: The authors have read the journal’s policy and declare that no competing interests exist. |
| ORCID | 0000-0002-6315-8927 |
| OpenAccessLink | http://journals.scholarsportal.info/openUrl.xqy?doi=10.1371/journal.pone.0263644 |
| PMID | 35576222 |
| PQID | 2686248657 |
| PQPubID | 1436336 |
| PageCount | e0263644 |
| ParticipantIDs | plos_journals_2686248657 doaj_primary_oai_doaj_org_article_f84ed24da1264ed28430780cc8eee236 pubmedcentral_primary_oai_pubmedcentral_nih_gov_9109923 proquest_miscellaneous_2665109128 proquest_journals_2686248657 gale_infotracmisc_A703978310 gale_infotracacademiconefile_A703978310 gale_incontextgauss_ISR_A703978310 gale_incontextgauss_IOV_A703978310 gale_healthsolutions_A703978310 pubmed_primary_35576222 crossref_citationtrail_10_1371_journal_pone_0263644 crossref_primary_10_1371_journal_pone_0263644 |
| ProviderPackageCode | CITATION AAYXX |
| PublicationCentury | 2000 |
| PublicationDate | 20220516 |
| PublicationDateYYYYMMDD | 2022-05-16 |
| PublicationDate_xml | – month: 5 year: 2022 text: 20220516 day: 16 |
| PublicationDecade | 2020 |
| PublicationPlace | United States |
| PublicationPlace_xml | – name: United States – name: San Francisco – name: San Francisco, CA USA |
| PublicationTitle | PloS one |
| PublicationTitleAlternate | PLoS One |
| PublicationYear | 2022 |
| Publisher | Public Library of Science Public Library of Science (PLoS) |
| Publisher_xml | – name: Public Library of Science – name: Public Library of Science (PLoS) |
| References | GJ Tesauro (pone.0263644.ref013) 1996; 11 Y Zhang (pone.0263644.ref019) 2019; 15 D Čeponis (pone.0263644.ref026) 2019; 2019 F Pedregosa (pone.0263644.ref045) 2011; 12 pone.0263644.ref025 pone.0263644.ref024 pone.0263644.ref023 pone.0263644.ref022 pone.0263644.ref020 W Lee (pone.0263644.ref021) 1998 E Gandotra (pone.0263644.ref002) 2014; 2014 S Sebastio (pone.0263644.ref006) 2020; 93 D Ucci (pone.0263644.ref003) 2019; 81 R Damaševičius (pone.0263644.ref028) 2021; 10 H Yakura (pone.0263644.ref011) 2019; 87 pone.0263644.ref017 pone.0263644.ref015 pone.0263644.ref014 pone.0263644.ref012 pone.0263644.ref010 C Ravi (pone.0263644.ref016) 2012; 43 pone.0263644.ref009 pone.0263644.ref008 I Sutskever (pone.0263644.ref034) 2014; 27 S Hochreiter (pone.0263644.ref039) 1997; 9 pone.0263644.ref005 pone.0263644.ref004 pone.0263644.ref047 SW Hsiao (pone.0263644.ref033) 2020; 15 V Badrinarayanan (pone.0263644.ref037) 2017; 39 pone.0263644.ref046 I Jolliffe (pone.0263644.ref048) 2003; 45 pone.0263644.ref044 pone.0263644.ref043 pone.0263644.ref042 pone.0263644.ref041 pone.0263644.ref040 E Amer (pone.0263644.ref007) 2020; 92 O Sornil (pone.0263644.ref018) 2013; 4 J Qiu (pone.0263644.ref029) 2019; 7 L Van der Maaten (pone.0263644.ref049) 2008; 9 M Egele (pone.0263644.ref001) 2008; 44 pone.0263644.ref038 pone.0263644.ref036 pone.0263644.ref035 pone.0263644.ref032 pone.0263644.ref031 pone.0263644.ref030 D Čeponis (pone.0263644.ref027) 2020; 10 |
| References_xml | – volume: 10 start-page: 2373 issue: 7 year: 2020 ident: pone.0263644.ref027 article-title: Investigation of dual-flow deep learning models LSTM-FCN and GRU-FCN efficiency against single-flow CNN models for the host-based intrusion and malware detection task on univariate times series data publication-title: Applied Sciences doi: 10.3390/app10072373 – volume: 27 start-page: 3104 year: 2014 ident: pone.0263644.ref034 article-title: Sequence to Sequence Learning with Neural Networks publication-title: Advances in Neural Information Processing Systems – volume: 11 start-page: 5 issue: 4 year: 1996 ident: pone.0263644.ref013 article-title: Neural networks for computer virus recognition publication-title: IEEE expert doi: 10.1109/64.511768 – ident: pone.0263644.ref008 doi: 10.1007/978-3-319-40667-1_20 – volume: 2014 year: 2014 ident: pone.0263644.ref002 article-title: Malware analysis and classification: A survey publication-title: Journal of Information Security – volume: 87 start-page: 101592 year: 2019 ident: pone.0263644.ref011 article-title: Neural malware analysis with attention mechanism publication-title: Computers & Security doi: 10.1016/j.cose.2019.101592 – volume: 7 start-page: 147156 year: 2019 ident: pone.0263644.ref029 article-title: A3CM: automatic capability annotation for android malware publication-title: IEEE Access doi: 10.1109/ACCESS.2019.2946392 – volume: 9 start-page: 1735 issue: 8 year: 1997 ident: pone.0263644.ref039 article-title: Long short-term memory publication-title: Neural computation doi: 10.1162/neco.1997.9.8.1735 – ident: pone.0263644.ref040 doi: 10.1109/CVPR.2016.319 – ident: pone.0263644.ref009 doi: 10.1109/MALWARE.2015.7413680 – ident: pone.0263644.ref022 doi: 10.1109/ICASSP.2013.6638293 – ident: pone.0263644.ref014 – ident: pone.0263644.ref012 doi: 10.1109/ICASSP.2015.7178304 – volume: 44 start-page: 1 issue: 2 year: 2008 ident: pone.0263644.ref001 article-title: A survey on automated dynamic malware-analysis techniques and tools publication-title: ACM computing surveys (CSUR) doi: 10.1145/2089125.2089126 – ident: pone.0263644.ref038 doi: 10.1007/978-3-030-01234-2_49 – ident: pone.0263644.ref020 – ident: pone.0263644.ref024 – volume: 43 start-page: 12 issue: 17 year: 2012 ident: pone.0263644.ref016 article-title: Malware detection using windows api sequence and machine learning publication-title: International Journal of Computer Applications doi: 10.5120/6194-8715 – ident: pone.0263644.ref043 – ident: pone.0263644.ref010 doi: 10.1109/ICASSP.2017.7952603 – volume: 9 issue: 11 year: 2008 ident: pone.0263644.ref049 article-title: Visualizing data using t-SNE publication-title: Journal of machine learning research – volume: 4 start-page: 59 issue: 5 year: 2013 ident: pone.0263644.ref018 article-title: Malware Classification Using N-grams Sequential Pattern Features publication-title: Journal of Information Processing and Management doi: 10.4156/ijipm.vol4.issue5.7 – ident: pone.0263644.ref025 doi: 10.1109/ICASSP.2019.8682899 – volume: 10 start-page: 485 issue: 4 year: 2021 ident: pone.0263644.ref028 article-title: Ensemble-Based Classification Using Neural Networks and Machine Learning Models for Windows PE Malware Detection publication-title: Electronics doi: 10.3390/electronics10040485 – ident: pone.0263644.ref035 doi: 10.18653/v1/D15-1166 – ident: pone.0263644.ref036 doi: 10.1109/ICASSP.2017.7953075 – ident: pone.0263644.ref004 doi: 10.1007/978-3-319-45719-2_11 – volume: 81 start-page: 123 year: 2019 ident: pone.0263644.ref003 article-title: Survey of machine learning techniques for malware analysis publication-title: Computers & Security doi: 10.1016/j.cose.2018.11.001 – ident: pone.0263644.ref017 – ident: pone.0263644.ref023 – ident: pone.0263644.ref044 – ident: pone.0263644.ref005 doi: 10.1109/MSR.2017.57 – year: 1998 ident: pone.0263644.ref021 publication-title: Data mining approaches for intrusion detection – ident: pone.0263644.ref031 – volume: 12 start-page: 2825 year: 2011 ident: pone.0263644.ref045 article-title: Scikit-learn: Machine Learning in Python publication-title: Journal of Machine Learning Research – ident: pone.0263644.ref041 – volume: 92 start-page: 101760 year: 2020 ident: pone.0263644.ref007 article-title: A dynamic Windows malware detection and prediction method based on contextual understanding of API call sequence publication-title: Computers & Security doi: 10.1016/j.cose.2020.101760 – ident: pone.0263644.ref030 doi: 10.1007/978-3-030-21548-4_38 – ident: pone.0263644.ref046 doi: 10.1109/CyberSecPODS.2019.8885196 – volume: 39 start-page: 2481 issue: 12 year: 2017 ident: pone.0263644.ref037 article-title: Segnet: A deep convolutional encoder-decoder architecture for image segmentation publication-title: IEEE transactions on pattern analysis and machine intelligence doi: 10.1109/TPAMI.2016.2644615 – volume: 15 start-page: 2402 year: 2020 ident: pone.0263644.ref033 article-title: Hardware-Assisted MMU Redirection for In-Guest Monitoring and API Profiling publication-title: IEEE Transactions on Information Forensics and Security doi: 10.1109/TIFS.2020.2969514 – ident: pone.0263644.ref032 – ident: pone.0263644.ref015 – volume: 2019 year: 2019 ident: pone.0263644.ref026 article-title: Evaluation of deep learning methods efficiency for malicious and benign system calls classification on the AWSCTD publication-title: Security and Communication Networks doi: 10.1155/2019/2317976 – ident: pone.0263644.ref047 doi: 10.23919/EECSI50503.2020.9251304 – volume: 93 start-page: 101775 year: 2020 ident: pone.0263644.ref006 article-title: Optimizing symbolic execution for malware behavior classification publication-title: Computers & Security doi: 10.1016/j.cose.2020.101775 – volume: 45 start-page: 276 issue: 3 year: 2003 ident: pone.0263644.ref048 article-title: Principal component analysis publication-title: Technometrics doi: 10.1198/tech.2003.s783 – volume: 15 start-page: 3401 year: 2019 ident: pone.0263644.ref019 article-title: Familial clustering for weakly-labeled android malware using hybrid representation learning publication-title: IEEE Transactions on Information Forensics and Security doi: 10.1109/TIFS.2019.2947861 – ident: pone.0263644.ref042 |
| SSID | ssj0053866 |
| Score | 2.4057488 |
| Snippet | In recent years, studies on malware analysis have noticeably increased in the cybersecurity community. Most recent studies concentrate on malware... |
| SourceID | plos doaj pubmedcentral proquest gale pubmed crossref |
| SourceType | Open Website Open Access Repository Aggregation Database Index Database Enrichment Source |
| StartPage | e0263644 |
| SubjectTerms | Analysis Biology and Life Sciences Computer and Information Sciences Computer security Computer viruses Cybersecurity Embedding Engineering and Technology Internet Malware Modules Neural networks Prevention Safety and security measures Security Semantics Social Sciences Spyware Tags |
| SummonAdditionalLinks | – databaseName: Open Access资源_DOAJ dbid: DOA link: http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrV1Lb9QwELbQnrggyquBAgYhAYe0u7bjB5wKoipIBYm2qDcr8WNBqrIL2R7498w4TtSgSuXAbbWeRLvzsL9JZr4h5IVkUVb45L7W3pTgIaI0XgSIK5zzAIgiJDqGo8_y8FR8OqvOLo36wpqwnh64V9xe1CJ4Jny9gKMbPmkBXqnnzukQAuOJbBvOvCGZ6vdgiGIpc6McV4u9bJfd9aoNu5B1cEABk4Mo8fWPu_Jsfb7qroKcf1dOXjqKDm6TWxlD0v3-t2-RG6G9Q7ZylHb0VaaSfn2XvD2pl8fh5xt6BHDbYbkrHfryKfbjYv3mb4q170vq-9n0tM40JffI6cGHk_eHZR6XUDpp2KZ03EGuplw0TS14aGLgdWVqE4VSWkDCqeaNkU4pD7DDh8ZVgFW4ZqpJJGGe3yezFhS0TaiHSDXO8xgjF3A77ZqqCTKKKAEgyVAQPujOuswljiMtzm16QaYgp-hVYVHjNmu8IOV41brn0rhG_h2aZZRFJuz0BfiHzf5hr_OPgjxFo9q-rXSMZ7sPWx0-9lrMC_I8SSAbRovlNsv6ouvsxy_f_kHo-OtE6GUWiitQh6tziwP8J2TZmkjuTCQhpt1keRtdcNBKZ1lq5NGyUnDl4JZXLz8bl_GmWELXBnAvkJFoVcAjBXnQe_GoWQCdcCgyVhA18e-J6qcr7Y_viYzc4KtVxh_-D1s9IjcZdpcgOa7cIbPNr4vwGDDfpnmSwvsPktpTkA priority: 102 providerName: Directory of Open Access Journals – databaseName: ProQuest Technology Collection dbid: 8FG link: http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1Lb9QwELZguXBBlFdTCqQIiXJIu2s7tgMHVFCXglSQ-kC9WYkfC1KVbJvtgX_PjOMEgirgtlpPot3xzPizPfMNIS8E9SLHk_tS2SIDC-FZYbkDv8I-D4AoXKBjOPwsDk75p7P8LB64tTGtso-JIVDbxuAZ-S4NpQxK5PLt8iLDrlF4uxpbaNwkt2aw0mBKl5p_6CMx-LIQsVyOydlunJ2dZVO7Hdh7MMACo-UosPYPsXmyPG_a64Dnn_mTvy1I87vkTkSS6V439WvkhqvvkbXoq226HQmlX90nb07KxbG7eJ0eAug2mPSa9tX5KVblYhbnjxQz4Bep7TrUp2UkK3lATuf7J-8Pstg0ITOioKvMMAM7Nml8UZWcuco7VuZFWXgupeKw7ZTTqhBGSgvgw7rK5IBYmKKyClRhlj0kkxoUtE5SC_5aGMu894zD65Sp8soJz70AmCRcQlivO20iozg2tjjX4ZpMws6iU4VGjeuo8YRkw1PLjlHjH_LvcFoGWeTDDl80lwsd3Ut7xZ2l3JZgBvhJcYhdamqMcs5RJhLyDCdVd8Wlg1frPQh4ePg1mybkeZBATowak24W5VXb6o9fvv6H0PHRSOhlFPINqMOUsdAB_hNybY0kN0eS4NlmNLyOJthrpdW_fACe7M3y-uGtYRhfiol0tQPzAhmBswqoJCGPOiseNAvQE5ZGShMiR_Y9Uv14pP7-LVCSF3jBStnG33_WY3KbYvUIkt-KTTJZXV65J4DpVtXT4Lg_AVfySww priority: 102 providerName: ProQuest |
| Title | TagSeq: Malicious behavior discovery using dynamic analysis |
| URI | https://www.ncbi.nlm.nih.gov/pubmed/35576222 https://www.proquest.com/docview/2686248657 https://www.proquest.com/docview/2665109128 https://pubmed.ncbi.nlm.nih.gov/PMC9109923 https://doaj.org/article/f84ed24da1264ed28430780cc8eee236 http://dx.doi.org/10.1371/journal.pone.0263644 |
| Volume | 17 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3db9MwELe27oUXxPhatlECQgIeUrW2YycghLapZSB1oG1FfYsSxy6TqrRrOom98Ldz5zgRQUXAi1XVZ0s539k_f9zvCHkhqBEhntynUR4HYCE8iHOuwa8wzwMgCm3pGMZn4nTCP03D6Rapc7Y6BZYbt3aYT2qymve-X9--B4d_Z7M2yEHdqLdcFLoHewoGa_w22YG1SWJOgzFv7hXAu-3tJaKWQNA-c8F0f-qltVhZTv9m5u4s54tyEyz9_XXlL8vV6B6563Cmf1QZxi7Z0sV9sus8ufRfObrp1w_I28t0dqGv3_hjgOQKn8T6dey-jzG7-Mbz1sf38TM_r_LX-6mjMnlIJqPh5clp4FIqBErEdB0opmA_J5WJs5QznRnN0jBOY8OljDhsSmU_i4WSMgdokutMhYBnWERlZonEcvaIdApQ0B7xc_DmWOXMGMM4dBepLMy0MNwIAFFCe4TVukuU4xvHtBfzxF6iSdh3VKpIUOOJ07hHgqbVsuLb-Iv8MQ5LI4ts2faPxWqWOOdLTMR1TnmeDgD-wa-Iw8wW9ZWKtNaUCY88xUFNqtDTxueTI5gO8Whs0PfIcyuBjBkFPsmZpTdlmXz8_PUfhC7OW0IvnZBZgDpU6sIg4JuQiaslediSBL9Xreo9NMFaK2VCbbBPJEIJLWuz3Fz9rKnGTvGZXaHBvEBG4KgCZvHI48qKG80CMIWFk1KPyJZ9t1TfrimuvlnC8hivXynb_8-xPSB3KAabIFeuOCSd9epGPwEIuM66ZFtOJZTRyQDL0Ycu2Tkenn0579pDla71eix_DH8C0vdfOA |
| linkProvider | Scholars Portal |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV3db9MwELdGeYAXxPha2GABgYCHbK3t2AkIofFRWrYOaevQ3kxiO92kkXZLJ9R_ir-Ru8QJBE3Ay96q-hK15_Pvzvbd7wh5ImgmQjy5TyITB2AhPIgNt7CusM8DRBS2pGMY7YrBAf90GB4ukR91LQymVdaYWAK1mWo8I9-kZSlDJEL5ZnYaYNcovF2tW2hUZrFtF99hy1a8Hr6H-X1Kaf_D-N0gcF0FAi1iOg8007ClkTqL04Qzm2aWJWGcxBmXMuKwL5PdNBZaSgPe2dhUh9iRPqIyLbm0DIP3XiFXOQNPjpXp_Y818gN2COHK85jsbTpr2JhNc7sBex0GsUfL_ZVdAhpf0JmdTIuLAt0_8zV_c4D9m-SGi1z9rcrUlsmSzW-RZYcNhf_cEVi_uE1ejZPJvj196Y8gyNeYZOvXbAA-VgFj1ujCx4z7iW8WefLtWPuJI0e5Qw4uRZ13SScHBa0Q3wA-xNqwLMsYh9dFOg1TKzKeCQjLhPUIq3WntGMwx0YaJ6q8lpOwk6lUoVDjymncI0Hz1Kxi8PiH_FuclkYW-bfLL6ZnE-WWs8oibg3lJulBQAmfIg5YGXW1jqy1lAmPrOOkqqqYtUERtQUAi4dtva5HHpcSyMGRY5LPJDkvCjX8_OU_hPb3WkLPnFA2BXXoxBVWwH9Cbq-W5FpLEpBEt4ZX0ARrrRTq15qDJ2uzvHj4UTOML8XEvdyCeYGMwFmFKMgj9yorbjQLoS64Yko9Ilv23VJ9eyQ_Piop0GO80KXs_t9_1jq5NhiPdtTOcHd7lVynWLmCxLtijXTmZ-f2AcST8_RhuYh98vWyUeMnMemHOg |
| linkToPdf | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV3db9MwELdGkRAviPG1wGABgYCHbK3t2AkIobFRrYwNxDa0N5P4o0waabd0Qv3X-Ou4S5xA0AS87K2qL1F7Pv98Z9_9jpDHgjoR48l9lpg0AgvhUWq4hXWFfR7Ao7AVHcPOrtg64O8O48MF8qOphcG0ygYTK6A2E41n5Gu0KmVIBATwzqdFfNwcvp6eRNhBCm9am3YatYls2_l3CN_KV6NNmOsnlA7f7m9sRb7DQKRFSmeRZhrCG6ldmmec2dxZlsVpljouZcIhRpP9PBVaSgM7tbG5jrE7fUJlXvFqGQbvvUQuSyYTXGPJRpteAjgihC_VY3Kw5i1jdTop7CrEPQz8kM5WWHUMaPeF3vR4Up7n9P6Zu_nbZji8Tq55LzZcr81ukSzY4gZZ9DhRhs88mfXzm-Tlfjbesycvwh1w-DUm3IYNM0CIFcGYQToPMft-HJp5kX070mHmiVJukYMLUedt0itAQUskNIAVqTbMOcc4vC7ReZxb4bgT4KIJGxDW6E5pz2aOTTWOVXVFJyGqqVWhUOPKazwgUfvUtGbz-If8G5yWVha5uKsvJqdj5Ze2cgm3hnKTDcC5hE8JB9xM-lon1lrKREBWcFJVXdjaIopaB7DFg7dBPyCPKgnk4yjQssfZWVmq0YfP_yG096kj9NQLuQmoQ2e-yAL-E_J8dSSXO5KAKrozvIQm2GilVL_WHzzZmOX5ww_bYXwpJvEVFswLZATOKnhEAblTW3GrWXB7YVumNCCyY98d1XdHiqOvFR16ipe7lN39-89aIVcAL9T70e72PXKVYhELcvCKZdKbnZ7Z--BazvIH1RoOyZeLBo2fD2qLOw |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=TagSeq%3A+Malicious+behavior+discovery+using+dynamic+analysis&rft.jtitle=PloS+one&rft.au=Huang%2C+Yi-Ting&rft.au=Sun%2C+Yeali+S.&rft.au=Chen%2C+Meng+Chang&rft.date=2022-05-16&rft.issn=1932-6203&rft.eissn=1932-6203&rft.volume=17&rft.issue=5&rft.spage=e0263644&rft_id=info:doi/10.1371%2Fjournal.pone.0263644&rft.externalDBID=n%2Fa&rft.externalDocID=10_1371_journal_pone_0263644 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1932-6203&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1932-6203&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1932-6203&client=summon |