{"id":"https://openalex.org/W4400222869","doi":"https://doi.org/10.1007/s11416-024-00531-3","title":"Oblivion: an open-source system for large-scale analysis of macro-based office malware","display_name":"Oblivion: an open-source system for large-scale analysis of macro-based office malware","publication_year":2024,"publication_date":"2024-07-02","ids":{"openalex":"https://openalex.org/W4400222869","doi":"https://doi.org/10.1007/s11416-024-00531-3"},"language":"en","primary_location":{"id":"doi:10.1007/s11416-024-00531-3","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s11416-024-00531-3","pdf_url":"https://link.springer.com/content/pdf/10.1007/s11416-024-00531-3.pdf","source":{"id":"https://openalex.org/S2764922190","display_name":"Journal of Computer Virology and Hacking Techniques","issn_l":"2263-8733","issn":["2263-8733"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Virology and Hacking Techniques","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/s11416-024-00531-3.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5103260907","display_name":"Alessandro Sanna","orcid":"https://orcid.org/0000-0002-0610-7736"},"institutions":[{"id":"https://openalex.org/I172446870","display_name":"University of Cagliari","ror":"https://ror.org/003109y17","country_code":"IT","type":"education","lineage":["https://openalex.org/I172446870"]},{"id":"https://openalex.org/I56441308","display_name":"Libera Universit\u00e0 Internazionale degli Studi Sociali Guido Carli","ror":"https://ror.org/01q8b6q23","country_code":"IT","type":"education","lineage":["https://openalex.org/I56441308"]}],"countries":["IT"],"is_corresponding":true,"raw_author_name":"Alessandro Sanna","raw_affiliation_strings":["Abissi S.r.l., Ex SS 131\u00a0KM 10.500, 09028, Sestu, Italy","Department of Electric and Electronic Engineering, Cagliari State University, Via Marengo 2, 09045, Cagliari, Italy"],"affiliations":[{"raw_affiliation_string":"Abissi S.r.l., Ex SS 131\u00a0KM 10.500, 09028, Sestu, Italy","institution_ids":["https://openalex.org/I56441308"]},{"raw_affiliation_string":"Department of Electric and Electronic Engineering, Cagliari State University, Via Marengo 2, 09045, Cagliari, Italy","institution_ids":["https://openalex.org/I172446870"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5055591287","display_name":"Fabrizio Cara","orcid":"https://orcid.org/0000-0002-1702-563X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Fabrizio Cara","raw_affiliation_strings":["Avanade Italy S.r.l., Via del Mulino 11A, 20057, Assago, Italy"],"affiliations":[{"raw_affiliation_string":"Avanade Italy S.r.l., Via del Mulino 11A, 20057, Assago, Italy","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5051452548","display_name":"Davide Maiorca","orcid":"https://orcid.org/0000-0003-2640-4663"},"institutions":[{"id":"https://openalex.org/I172446870","display_name":"University of Cagliari","ror":"https://ror.org/003109y17","country_code":"IT","type":"education","lineage":["https://openalex.org/I172446870"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Davide Maiorca","raw_affiliation_strings":["Department of Electric and Electronic Engineering, Cagliari State University, Via Marengo 2, 09045, Cagliari, Italy"],"affiliations":[{"raw_affiliation_string":"Department of Electric and Electronic Engineering, Cagliari State University, Via Marengo 2, 09045, Cagliari, Italy","institution_ids":["https://openalex.org/I172446870"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5075367917","display_name":"Giorgio Giacinto","orcid":"https://orcid.org/0000-0002-5759-3017"},"institutions":[{"id":"https://openalex.org/I172446870","display_name":"University of Cagliari","ror":"https://ror.org/003109y17","country_code":"IT","type":"education","lineage":["https://openalex.org/I172446870"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Giorgio Giacinto","raw_affiliation_strings":["Department of Electric and Electronic Engineering, Cagliari State University, Via Marengo 2, 09045, Cagliari, Italy"],"affiliations":[{"raw_affiliation_string":"Department of Electric and Electronic Engineering, Cagliari State University, Via Marengo 2, 09045, Cagliari, Italy","institution_ids":["https://openalex.org/I172446870"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5103260907"],"corresponding_institution_ids":["https://openalex.org/I172446870","https://openalex.org/I56441308"],"apc_list":{"value":2390,"currency":"EUR","value_usd":2990},"apc_paid":{"value":2390,"currency":"EUR","value_usd":2990},"fwci":0.3611,"has_fulltext":true,"cited_by_count":1,"citation_normalized_percentile":{"value":0.52494715,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":"20","issue":"4","first_page":"783","last_page":"802"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8989893198013306},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8210907578468323},{"id":"https://openalex.org/keywords/macro","display_name":"Macro","score":0.6914385557174683},{"id":"https://openalex.org/keywords/scale","display_name":"Scale (ratio)","score":0.6025719046592712},{"id":"https://openalex.org/keywords/open-source","display_name":"Open source","score":0.5774990916252136},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.43627840280532837},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4205940365791321},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.41874730587005615},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.1352689564228058},{"id":"https://openalex.org/keywords/cartography","display_name":"Cartography","score":0.08287101984024048},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.07509633898735046}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8989893198013306},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8210907578468323},{"id":"https://openalex.org/C166955791","wikidata":"https://www.wikidata.org/wiki/Q629579","display_name":"Macro","level":2,"score":0.6914385557174683},{"id":"https://openalex.org/C2778755073","wikidata":"https://www.wikidata.org/wiki/Q10858537","display_name":"Scale (ratio)","level":2,"score":0.6025719046592712},{"id":"https://openalex.org/C3018397939","wikidata":"https://www.wikidata.org/wiki/Q3644502","display_name":"Open source","level":3,"score":0.5774990916252136},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.43627840280532837},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4205940365791321},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.41874730587005615},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.1352689564228058},{"id":"https://openalex.org/C58640448","wikidata":"https://www.wikidata.org/wiki/Q42515","display_name":"Cartography","level":1,"score":0.08287101984024048},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.07509633898735046},{"id":"https://openalex.org/C205649164","wikidata":"https://www.wikidata.org/wiki/Q1071","display_name":"Geography","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1007/s11416-024-00531-3","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s11416-024-00531-3","pdf_url":"https://link.springer.com/content/pdf/10.1007/s11416-024-00531-3.pdf","source":{"id":"https://openalex.org/S2764922190","display_name":"Journal of Computer Virology and Hacking Techniques","issn_l":"2263-8733","issn":["2263-8733"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Virology and Hacking Techniques","raw_type":"journal-article"},{"id":"pmh:oai:iris.unica.it:11584/406323","is_oa":true,"landing_page_url":"https://link.springer.com/article/10.1007/s11416-024-00531-3","pdf_url":"https://hdl.handle.net/11584/406323","source":{"id":"https://openalex.org/S4377196293","display_name":"UNICA IRIS Institutional Research Information System (University of Cagliari)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I172446870","host_organization_name":"University of Cagliari","host_organization_lineage":["https://openalex.org/I172446870"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"info:eu-repo/semantics/article"}],"best_oa_location":{"id":"doi:10.1007/s11416-024-00531-3","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s11416-024-00531-3","pdf_url":"https://link.springer.com/content/pdf/10.1007/s11416-024-00531-3.pdf","source":{"id":"https://openalex.org/S2764922190","display_name":"Journal of Computer Virology and Hacking Techniques","issn_l":"2263-8733","issn":["2263-8733"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Virology and Hacking Techniques","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Reduced inequalities","score":0.5699999928474426,"id":"https://metadata.un.org/sdg/10"}],"awards":[{"id":"https://openalex.org/G507880695","display_name":null,"funder_award_id":"PE00000014","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"}],"funders":[{"id":"https://openalex.org/F4320320300","display_name":"European Commission","ror":"https://ror.org/00k4n6c32"}],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4400222869.pdf"},"referenced_works_count":26,"referenced_works":["https://openalex.org/W1515539475","https://openalex.org/W2294586387","https://openalex.org/W2557716486","https://openalex.org/W2765325603","https://openalex.org/W2797678261","https://openalex.org/W2884157903","https://openalex.org/W2896805421","https://openalex.org/W2941205140","https://openalex.org/W2965263711","https://openalex.org/W2968580482","https://openalex.org/W2974989311","https://openalex.org/W2985244210","https://openalex.org/W2990353952","https://openalex.org/W3084472304","https://openalex.org/W3100399179","https://openalex.org/W3111533025","https://openalex.org/W3124033940","https://openalex.org/W4200395040","https://openalex.org/W4211235181","https://openalex.org/W4213012696","https://openalex.org/W4242127608","https://openalex.org/W4288057801","https://openalex.org/W4288104392","https://openalex.org/W4301075642","https://openalex.org/W4311165726","https://openalex.org/W4313121063"],"related_works":["https://openalex.org/W2469507153","https://openalex.org/W2008790809","https://openalex.org/W2768892939","https://openalex.org/W3164408430","https://openalex.org/W4285507391","https://openalex.org/W2397240470","https://openalex.org/W2602767565","https://openalex.org/W170652726","https://openalex.org/W2883822334","https://openalex.org/W2134874482"],"abstract_inverted_index":{"Abstract":[0],"Macro-based":[1],"Office":[2,53,113],"files":[3,54,192],"have":[4],"been":[5],"extensively":[6],"used":[7],"as":[8],"infection":[9],"vectors":[10],"to":[11,25,38,115,132],"embed":[12],"malware.":[13],"In":[14,100],"particular,":[15],"VBA":[16],"macros":[17,124,146,208],"allow":[18],"leveraging":[19],"kernel":[20],"functions":[21],"and":[22,32,51,58,95,125,134,142,152,155,216,251],"system":[23],"routines":[24],"execute":[26],"or":[27],"remotely":[28],"drop":[29],"malicious":[30,50,207],"payloads,":[31],"they":[33],"are":[34,170],"typically":[35],"heavily":[36],"obfuscated":[37,63],"make":[39],"static":[40,57],"analysis":[41,60,79,111,187,229],"unfeasible.":[42],"Current":[43],"state-of-the-art":[44],"approaches":[45],"focus":[46],"on":[47,62,67,238],"discriminating":[48],"between":[49],"benign":[52],"by":[55,147,209,245],"performing":[56],"dynamic":[59],"directly":[61],"macros,":[64,83,114],"focusing":[65],"mainly":[66],"detection":[68],"rather":[69],"than":[70,178,190,233],"reversing.":[71],"Namely,":[72],"the":[73,81,89,92,96,149,157,163,258],"proposed":[74],"methods":[75],"lack":[76],"an":[77,106,228],"in-depth":[78],"of":[80,112,123,166,188,198,214,231],"embedded":[82,93,150],"thus":[84],"losing":[85],"valuable":[86],"information":[87,259],"about":[88],"attack":[90,249],"families,":[91],"scripts,":[94],"contacted":[97],"external":[98],"resources.":[99],"this":[101,118,222],"paper,":[102],"we":[103,169,241],"propose":[104],"Oblivion,":[105],"open-source":[107],"framework":[108],"for":[109],"large-scale":[110,186],"fill":[116],"in":[117,128,173,227],"gap.":[119],"Oblivion":[120,203],"performs":[121],"instrumentation":[122],"executes":[126],"them":[127],"a":[129,185,195,211],"virtualized":[130],"environment":[131],"de-obfuscate":[133,206],"reconstruct":[135],"their":[136],"behavior.":[137,160],"Moreover,":[138,240],"it":[139],"can":[140,224],"automatically":[141],"quickly":[143],"interact":[144],"with":[145,264],"extracting":[148],"PowerShell":[151,215],"non-PowerShell":[153,217],"attacks":[154,244],"reconstructing":[156],"whole":[158],"macro":[159],"This":[161],"is":[162],"main":[164],"scope":[165],"our":[167,262,265],"analysis:":[168],"more":[171,189],"interested":[172],"retrieving":[174],"specific":[175],"behavioural":[176],"patterns":[177,250],"detecting":[179],"maliciousness":[180],"per":[181,236],"se.":[182],"We":[183,219,255],"performed":[184],"30,000":[191],"that":[193,202,221],"constitute":[194],"representative":[196],"corpus":[197,213],"attacks.":[199,218],"Results":[200],"show":[201],"could":[204],"efficiently":[205],"revealing":[210],"large":[212],"measured":[220],"efficiency":[223],"be":[225],"quantified":[226],"time":[230],"less":[232],"1":[234],"min":[235],"sample,":[237],"average.":[239],"characterize":[242],"such":[243],"pointing":[246],"out":[247],"frequent":[248],"employed":[252],"obfuscation":[253],"strategies.":[254],"finally":[256],"release":[257],"obtained":[260],"from":[261],"dataset":[263],"tool.":[266]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2026-03-17T17:19:04.345684","created_date":"2025-10-10T00:00:00"}