{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,1]],"date-time":"2026-03-01T11:27:07Z","timestamp":1772364427532,"version":"3.50.1"},"reference-count":42,"publisher":"Wiley","issue":"4","license":[{"start":{"date-parts":[[2022,4,4]],"date-time":"2022-04-04T00:00:00Z","timestamp":1649030400000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/onlinelibrary.wiley.com\/termsAndConditions#vor"}],"funder":[{"DOI":"10.13039\/501100010418","name":"Institute for Information and Communications Technology Promotion","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100010418","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100019065","name":"Tianjin Science and Technology Program","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100019065","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["onlinelibrary.wiley.com"],"crossmark-restriction":true},"short-container-title":["Computational Intelligence"],"published-print":{"date-parts":[[2022,8]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Rapidly evolving malware has become a major cybersecurity threat. Several feature\u2010engineering techniques have been proposed to defend against malware attacks. An entropy is a typical indicator used in identifying malware. Structural entropy is a sequence of entropy values where an entropy of a segment is calculated by the equation of the entropy itself. However, entropy\u2010based features are likely to be abstract and miss important information. This article proposes a feature engineering technique that involves the concept of structural entropy. This technique allows every segment to be represented as 256 entropy values for every byte value, but not as an entropy value. Our research, fine\u2010granularity structural entropy (FiG_SE), incorporates global patterns across all segments, local patterns across adjacent segments, and internal patterns within the segments. To extract higher\u2010level characteristics from our entropy feature, we use a convolutional neural network (CNN) architecture because it is effective for extracting local and global patterns, and especially for shift\u2010invariant patterns. Our malware classification based on CNN with the proposed feature outperforms the previous classification methods that use byte streams, entropy streams, and structural\u2010entropy\u2010based streams as inputs. Moreover, our research combined with CNN is highly resilient to obfuscation techniques and is also well suited to malware detection.<\/jats:p>","DOI":"10.1111\/coin.12521","type":"journal-article","created":{"date-parts":[[2022,4,4]],"date-time":"2022-04-04T07:05:18Z","timestamp":1649055918000},"page":"1536-1558","update-policy":"https:\/\/doi.org\/10.1002\/crossmark_policy","source":"Crossref","is-referenced-by-count":10,"title":["Malware classification using a byte\u2010granularity feature based on structural entropy"],"prefix":"10.1111","volume":"38","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2957-4177","authenticated-orcid":false,"given":"Joon\u2010Young","family":"Paik","sequence":"first","affiliation":[{"name":"School of Software Tiangong University  Tianjin China"}]},{"given":"Rize","family":"Jin","sequence":"additional","affiliation":[{"name":"School of Software Tiangong University  Tianjin China"}]},{"given":"Eun\u2010Sun","family":"Cho","sequence":"additional","affiliation":[{"name":"Department of Computer Science &amp; Engineering Chungnam National University  Daejeon South Korea"}]}],"member":"311","published-online":{"date-parts":[[2022,4,4]]},"reference":[{"key":"e_1_2_12_2_1","unstructured":"Reuters.Malicious cyber activity cost U.S. up to $109 billion in 2016: white house report.https:\/\/www.reuters.com\/article\/us\u2010usa\u2010trump\u2010cyber\u2010idUSKCN1G01XV"},{"key":"e_1_2_12_3_1","unstructured":"CBS News.WannaCry ransomware attack losses could reach $4 billion. 2017;https:\/\/www.cbsnews.com\/news\/wannacry\u2010ransomware\u2010attacks\u2010wannacry\u2010virus\u2010losses"},{"key":"e_1_2_12_4_1","unstructured":"Infosec Institute.Ransomware as a service: 8 known raas threats; 2019.https:\/\/resources.infosecinstitute.com\/topic\/ransomware\u2010as\u2010a\u2010service\u20108\u2010known\u2010raas\u2010threats"},{"key":"e_1_2_12_5_1","doi-asserted-by":"crossref","unstructured":"HuangW StokesJW.MtNet: a multi\u2010task neural network for dynamic malware classification. Proceedings of International Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA); 2016:399\u2010418.","DOI":"10.1007\/978-3-319-40667-1_20"},{"key":"e_1_2_12_6_1","doi-asserted-by":"crossref","unstructured":"ZhangZ QiP WangW.Dynamic malware analysis with feature engineering and feature learning. Proceedings of the 34th AAAI Conference on Artificial Intelligence (AAAI); 2020:1210\u20101217.10.1609\/aaai.v34i01.5474","DOI":"10.1609\/aaai.v34i01.5474"},{"key":"e_1_2_12_7_1","doi-asserted-by":"crossref","unstructured":"TobiyamaS YamaguchiY ShimadaH IkuseT YagiT.Malware detection with deep neural network using process behavior. Proceedings of 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC); 2016:577\u2010582.10.1109\/COMPSAC.2016.151","DOI":"10.1109\/COMPSAC.2016.151"},{"key":"e_1_2_12_8_1","doi-asserted-by":"crossref","unstructured":"SaxeJ BerlinK.Deep neural network based malware detection using two dimensional binary program features. Proceedings of 10th International Conference on Malicious and Unwanted Software (MALWARE); 2015:11\u201020.10.1109\/MALWARE.2015.7413680","DOI":"10.1109\/MALWARE.2015.7413680"},{"key":"e_1_2_12_9_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-016-0283-1"},{"key":"e_1_2_12_10_1","doi-asserted-by":"publisher","DOI":"10.1111\/coin.12314"},{"key":"e_1_2_12_11_1","doi-asserted-by":"crossref","unstructured":"KanZ WangH XuG GuoY ChunX.Towards light\u2010weight deep learning based malware detection. Proceedings of 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC); 2020:600\u2010609.10.1109\/COMPSAC.2018.00092","DOI":"10.1109\/COMPSAC.2018.00092"},{"key":"e_1_2_12_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/584091.584093"},{"key":"e_1_2_12_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2007.48"},{"key":"e_1_2_12_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-011-0153-9"},{"issue":"4","key":"e_1_2_12_15_1","first-page":"79","article-title":"Structural entropy and metamorphic malware","volume":"9","author":"Baysa D","year":"2013","journal-title":"J Comput Virol Hacking Tech"},{"key":"e_1_2_12_16_1","unstructured":"RaffE BarkerJ SylvesterJ BrandonR CatanzaroB NicholasC.Malware detection by eating a whole exe; 2017.https:\/\/arxiv.org\/abs\/1710.09435"},{"key":"e_1_2_12_17_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2018.04.024"},{"key":"e_1_2_12_18_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.patrec.2008.06.016"},{"key":"e_1_2_12_19_1","doi-asserted-by":"crossref","unstructured":"BanT IsawaR YoshiokaK InoueD.A cross\u2010platform study on iot malware. Proceedings of 2018 11th International Conference on Mobile Computing and Ubiquitous Network (ICMU); 2019.10.23919\/ICMU.2018.8653580.","DOI":"10.23919\/ICMU.2018.8653580"},{"key":"e_1_2_12_20_1","doi-asserted-by":"crossref","unstructured":"PascanuR StokesJW SanossianH MarinescuM ThomasA.Malware classification with recurrent networks. Proceedings of 2015 IEEE international conference on acoustics Speech and Signal Processing (ICASSP); 2015:1916\u20101920.10.1109\/ICASSP.2015.7178304","DOI":"10.1109\/ICASSP.2015.7178304"},{"key":"e_1_2_12_21_1","doi-asserted-by":"crossref","unstructured":"AthiwaratkunB StokesJW.Malware classification with lstm and gru language models and a character\u2010level CNN. Proceedings of 2017 IEEE International Conference on Acoustics Speech and Signal Processing (ICASSP); 2017:2482\u20102486.10.1109\/ICASSP.2017.7952603","DOI":"10.1109\/ICASSP.2017.7952603"},{"key":"e_1_2_12_22_1","unstructured":"SchultzMG EskinE ZadokF StolfoSJ.Data mining methods for detection of new malicious executables. Proceedings of 2001 IEEE Symposium on Security and Privacy (S&P); 2001:38\u201049.10.1109\/SECPRI.2001.924286"},{"key":"e_1_2_12_23_1","doi-asserted-by":"crossref","unstructured":"MoskovitchR FeherC TzacharN BergerE GitelmanM DolevS EloviciY.Unknown malcode detection using opcode representation. Proceedings of European Conference on Intelligence and Security Informatics; 2008:204\u2010215.","DOI":"10.1007\/978-3-540-89900-6_21"},{"key":"e_1_2_12_24_1","doi-asserted-by":"publisher","DOI":"10.1186\/2190-8532-1-1"},{"key":"e_1_2_12_25_1","doi-asserted-by":"crossref","unstructured":"HendlerD KelsS RubinA.Detecting malicious PowerShell commands using deep neural networks. Proceedings of the 2018 on Asia Conference on Computer and Communications Security; 2018:187\u2010197.10.1145\/3196494.3196511","DOI":"10.1145\/3196494.3196511"},{"key":"e_1_2_12_26_1","unstructured":"DaubechiesI.Ten lectures on wavelets (CBMS\u2010NSF Regional Conference Series in Applied Mathematics); 2001. Society for Industrial and Applied Mathematics."},{"key":"e_1_2_12_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/321796.321811"},{"key":"e_1_2_12_28_1","unstructured":"WojnowiczM ChisholmG WolffM.Suspiciously structural entropy: wavelet decomposition of software entropy reveals symptoms of malware in the energy spectrum. Proceedings of the 29th International Florida Artificial Intelligence Research Society Conference (FLAIRS); 2016:288\u2010293."},{"key":"e_1_2_12_29_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jides.2016.10.009"},{"key":"e_1_2_12_30_1","unstructured":"GibertD MateuC PlanesJ VicensR.Classification of malware by using structural entropy on convolution neural networks. Proceedings of the 30th AAAI Conference on Innovative Applications of Artificial Intelligence (IAAI\u201018); 2018:7759\u20107764."},{"key":"e_1_2_12_31_1","doi-asserted-by":"crossref","unstructured":"KimY.Convolutional neural networks for sentence classification. Proceedings of the 2014 Conference on Empirical Methods in Natural Language Processing (EMNLP); 2014:1746\u20101751.10.3115\/v1\/D14-1181","DOI":"10.3115\/v1\/D14-1181"},{"key":"e_1_2_12_32_1","unstructured":"Microsoft.Kaggle malware data.https:\/\/www.kaggle.com\/c\/malware\u2010classification\/data."},{"key":"e_1_2_12_33_1","unstructured":"KingmaDP BaJ.ADAM: a method for stochastic optimization. Proceedings of the 3rd International Conference for Learning Representations (ICLR); 2015."},{"key":"e_1_2_12_34_1","unstructured":"RonenR RaduM FeuersteinC Yom\u2010TovE.Microsoft malware classification challengehttps:\/\/arxiv.org\/pdf\/1802.10135.pdf."},{"key":"e_1_2_12_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3082173"},{"key":"e_1_2_12_36_1","unstructured":"Virusshare: malware sharing platform.https:\/\/virusshare.com\/"},{"key":"e_1_2_12_37_1","unstructured":"CNET download.https:\/\/download.cnet.om\/windows"},{"key":"e_1_2_12_38_1","doi-asserted-by":"crossref","unstructured":"FuX CaiH.On the deterioration of learning\u2010based malware detectors for android. Proceedings of the IEEE\/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE\u2010Companion); 2019:272\u2010273.","DOI":"10.1109\/ICSE-Companion.2019.00110"},{"key":"e_1_2_12_39_1","doi-asserted-by":"crossref","unstructured":"ZhangX ZhangY ZhongM et al.Enhancing state\u2010of\u2010the\u2010art classifiers with API semantics to detect evolved android malware. Proceeding of ACM SIGSAC Conference on Computer and Communications Security; 2020:757\u2010770.","DOI":"10.1145\/3372297.3417291"},{"key":"e_1_2_12_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3371924"},{"key":"e_1_2_12_41_1","doi-asserted-by":"crossref","unstructured":"CaiH JenkinsJ.Poster: towards sustainable android malware detection. Proceedings of 2018 ACM\/IEEE 40th International Conference on Software Engineering: Companion Proceedings; 2018:350\u2010351.","DOI":"10.1145\/3183440.3195004"},{"key":"e_1_2_12_42_1","unstructured":"YuK LiY DengRH ChenK XuJ.DroidEvolver: self\u2010evolving android malware detection system. Proceedings of 2019 IEEE European Symposium on Security and Privacy (EuroS&P); 2019:47\u201062."},{"key":"e_1_2_12_43_1","doi-asserted-by":"crossref","unstructured":"LeeS LanS HuangH HsuC ChenY ShiehS.EC\u2010model: an evolvable malware classification model. Proceedings of 2021 IEEE Conference on Dependable and Secure Computing (DSC); 2021.","DOI":"10.1109\/DSC49826.2021.9346248"}],"container-title":["Computational Intelligence"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1111\/coin.12521","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/full-xml\/10.1111\/coin.12521","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1111\/coin.12521","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,6,25]],"date-time":"2024-06-25T01:56:31Z","timestamp":1719280591000},"score":1,"resource":{"primary":{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/10.1111\/coin.12521"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,4,4]]},"references-count":42,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2022,8]]}},"alternative-id":["10.1111\/coin.12521"],"URL":"https:\/\/doi.org\/10.1111\/coin.12521","archive":["Portico"],"relation":{},"ISSN":["0824-7935","1467-8640"],"issn-type":[{"value":"0824-7935","type":"print"},{"value":"1467-8640","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,4,4]]},"assertion":[{"value":"2020-09-27","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-03-16","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-04-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}