{"id":"https://openalex.org/W7131292442","doi":"https://doi.org/10.1109/acsac67867.2025.00100","title":"Fooling Machine's Eyes: Unicode Modifier Letter Evasion Attack","display_name":"Fooling Machine's Eyes: Unicode Modifier Letter Evasion Attack","publication_year":2025,"publication_date":"2025-12-08","ids":{"openalex":"https://openalex.org/W7131292442","doi":"https://doi.org/10.1109/acsac67867.2025.00100"},"language":null,"primary_location":{"id":"doi:10.1109/acsac67867.2025.00100","is_oa":false,"landing_page_url":"https://doi.org/10.1109/acsac67867.2025.00100","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE Annual Computer Security Applications Conference (ACSAC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5126675247","display_name":"Chao Gao","orcid":null},"institutions":[{"id":"https://openalex.org/I100188998","display_name":"Harbin University of Science and Technology","ror":"https://ror.org/04e6y1282","country_code":"CN","type":"education","lineage":["https://openalex.org/I100188998"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Chao Gao","raw_affiliation_strings":["Harbin University of Science and Technology,China"],"affiliations":[{"raw_affiliation_string":"Harbin University of Science and Technology,China","institution_ids":["https://openalex.org/I100188998"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5126738607","display_name":"Guanglu Sun","orcid":null},"institutions":[{"id":"https://openalex.org/I100188998","display_name":"Harbin University of Science and Technology","ror":"https://ror.org/04e6y1282","country_code":"CN","type":"education","lineage":["https://openalex.org/I100188998"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Guanglu Sun","raw_affiliation_strings":["Harbin University of Science and Technology,China"],"affiliations":[{"raw_affiliation_string":"Harbin University of Science and Technology,China","institution_ids":["https://openalex.org/I100188998"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100697068","display_name":"Xiaohu Liu","orcid":"https://orcid.org/0000-0002-8973-438X"},"institutions":[{"id":"https://openalex.org/I100188998","display_name":"Harbin University of Science and Technology","ror":"https://ror.org/04e6y1282","country_code":"CN","type":"education","lineage":["https://openalex.org/I100188998"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xin Liu","raw_affiliation_strings":["Harbin University of Science and Technology,China"],"affiliations":[{"raw_affiliation_string":"Harbin University of Science and Technology,China","institution_ids":["https://openalex.org/I100188998"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5126711846","display_name":"Feiyan Liu","orcid":null},"institutions":[{"id":"https://openalex.org/I100188998","display_name":"Harbin University of Science and Technology","ror":"https://ror.org/04e6y1282","country_code":"CN","type":"education","lineage":["https://openalex.org/I100188998"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Feiyan Liu","raw_affiliation_strings":["Harbin University of Science and Technology,China"],"affiliations":[{"raw_affiliation_string":"Harbin University of Science and Technology,China","institution_ids":["https://openalex.org/I100188998"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5126675247"],"corresponding_institution_ids":["https://openalex.org/I100188998"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.88342071,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1288","last_page":"1302"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.3603000044822693,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.3603000044822693,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.195700004696846,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.08169999718666077,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/evasion","display_name":"Evasion (ethics)","score":0.8765000104904175},{"id":"https://openalex.org/keywords/executable","display_name":"Executable","score":0.6471999883651733},{"id":"https://openalex.org/keywords/construct","display_name":"Construct (python library)","score":0.5544000267982483},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.49050000309944153},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.45509999990463257},{"id":"https://openalex.org/keywords/heuristics","display_name":"Heuristics","score":0.4357999861240387},{"id":"https://openalex.org/keywords/unicode","display_name":"Unicode","score":0.424699991941452},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.4244000017642975},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.42260000109672546},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.41670000553131104}],"concepts":[{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.8765000104904175},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7685999870300293},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6653000116348267},{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.6471999883651733},{"id":"https://openalex.org/C2780801425","wikidata":"https://www.wikidata.org/wiki/Q5164392","display_name":"Construct (python library)","level":2,"score":0.5544000267982483},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.49050000309944153},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.45509999990463257},{"id":"https://openalex.org/C127705205","wikidata":"https://www.wikidata.org/wiki/Q5748245","display_name":"Heuristics","level":2,"score":0.4357999861240387},{"id":"https://openalex.org/C500551929","wikidata":"https://www.wikidata.org/wiki/Q8819","display_name":"Unicode","level":2,"score":0.424699991941452},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.4244000017642975},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.42260000109672546},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.41670000553131104},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.41190001368522644},{"id":"https://openalex.org/C147494362","wikidata":"https://www.wikidata.org/wiki/Q2078905","display_name":"Troubleshooting","level":2,"score":0.4074000120162964},{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.399399995803833},{"id":"https://openalex.org/C2779662365","wikidata":"https://www.wikidata.org/wiki/Q5416694","display_name":"Event (particle physics)","level":2,"score":0.3637000024318695},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.3370000123977661},{"id":"https://openalex.org/C2779338814","wikidata":"https://www.wikidata.org/wiki/Q5179285","display_name":"Covert","level":2,"score":0.32839998602867126},{"id":"https://openalex.org/C2778717966","wikidata":"https://www.wikidata.org/wiki/Q4189076","display_name":"Protection mechanism","level":3,"score":0.32760000228881836},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.31520000100135803},{"id":"https://openalex.org/C2780264999","wikidata":"https://www.wikidata.org/wiki/Q7445032","display_name":"Security domain","level":2,"score":0.30379998683929443},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.29350000619888306},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.2921999990940094},{"id":"https://openalex.org/C2777548347","wikidata":"https://www.wikidata.org/wiki/Q5456937","display_name":"Flagging","level":2,"score":0.2840000092983246},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.27970001101493835},{"id":"https://openalex.org/C168167062","wikidata":"https://www.wikidata.org/wiki/Q1117970","display_name":"Component (thermodynamics)","level":2,"score":0.27549999952316284},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.27379998564720154},{"id":"https://openalex.org/C84945661","wikidata":"https://www.wikidata.org/wiki/Q7366567","display_name":"Root cause","level":2,"score":0.2734000086784363},{"id":"https://openalex.org/C112968700","wikidata":"https://www.wikidata.org/wiki/Q11368","display_name":"Unix","level":3,"score":0.27309998869895935},{"id":"https://openalex.org/C22111027","wikidata":"https://www.wikidata.org/wiki/Q1070427","display_name":"Internet security","level":4,"score":0.26159998774528503},{"id":"https://openalex.org/C171078966","wikidata":"https://www.wikidata.org/wiki/Q111029","display_name":"Root (linguistics)","level":2,"score":0.25360000133514404},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.2533999979496002},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.25130000710487366}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/acsac67867.2025.00100","is_oa":false,"landing_page_url":"https://doi.org/10.1109/acsac67867.2025.00100","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE Annual Computer Security Applications Conference (ACSAC)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":17,"referenced_works":["https://openalex.org/W42110184","https://openalex.org/W1985902740","https://openalex.org/W2077121139","https://openalex.org/W2083055907","https://openalex.org/W2126050324","https://openalex.org/W2712617220","https://openalex.org/W2761942534","https://openalex.org/W2763806200","https://openalex.org/W3015650867","https://openalex.org/W3036847733","https://openalex.org/W3111749540","https://openalex.org/W3139374167","https://openalex.org/W3152957156","https://openalex.org/W3176393001","https://openalex.org/W3209506041","https://openalex.org/W4296351595","https://openalex.org/W4385372663"],"related_works":[],"abstract_inverted_index":{"By":[0],"analyzing":[1],"command-line":[2,146],"arguments":[3,95],"during":[4],"process":[5],"execution,":[6],"Endpoint":[7],"Detection":[8],"and":[9,12,15,25,38,71,153,169,185],"Response":[10],"(EDR)":[11],"Security":[13],"Information":[14],"Event":[16],"Management":[17],"(SIEM)":[18],"tools":[19],"can":[20,44,164],"detect":[21],"potential":[22],"malicious":[23],"commands":[24,49,140],"identify":[26,67],"Advanced":[27],"Persistent":[28],"Threats":[29],"(APT).":[30],"In":[31],"practice,":[32],"most":[33],"implementations":[34],"rely":[35],"on":[36,118],"heuristics":[37],"regular":[39],"expression":[40],"matching.":[41],"However,":[42],"attackers":[43,136],"bypass":[45,165],"detection":[46,179],"by":[47],"obfuscating":[48],"using":[50],"Unicode":[51],"modifier":[52,101,124],"letters.":[53,102],"This":[54],"paper":[55],"investigates":[56],"the":[57,68],"mechanism":[58],"behind":[59],"this":[60,174],"evasion":[61,126,139,151],"technique.":[62],"Through":[63],"reverse":[64],"engineering,":[65],"we":[66,121,149,176],"root":[69],"cause":[70],"discover":[72],"an":[73],"internationalization":[74],"API":[75],"vulnerability":[76],"in":[77],"Windows.":[78],"The":[79],"impact":[80],"assessment":[81],"reveals":[82],"that":[83,141,161],"424":[84],"system":[85],"programs":[86],"are":[87],"potentially":[88],"at":[89],"risk.":[90],"We":[91,128],"further":[92],"examine":[93],"command":[94],"containing":[96],"internationalized":[97],"domain":[98],"names":[99],"with":[100],"Code":[103],"analysis":[104],"traces":[105],"how":[106],"these":[107,119],"domains":[108],"resolve":[109],"across":[110],"operating":[111],"systems,":[112],"exposing":[113],"additional":[114],"attack":[115],"surfaces.":[116],"Based":[117],"findings,":[120],"formally":[122],"define":[123],"letter":[125],"attacks.":[127],"then":[129],"propose":[130,177],"a":[131,178,182],"threat":[132],"model,":[133],"which":[134],"allows":[135],"to":[137],"construct":[138],"remain":[142],"executable":[143],"while":[144],"bypassing":[145],"detection.":[147],"Furthermore,":[148],"design":[150],"cases":[152,163],"validate":[154],"them":[155],"through":[156],"proof-of-concept":[157],"experiments.":[158],"Results":[159],"show":[160],"high-risk":[162],"certain":[166],"leading":[167],"EDR":[168],"SIEM":[170],"tools.":[171],"To":[172],"mitigate":[173],"attack,":[175],"approach,":[180],"develop":[181],"corresponding":[183],"tool,":[184],"suggest":[186],"defense":[187],"measures.":[188]},"counts_by_year":[],"updated_date":"2026-02-25T21:11:00.739837","created_date":"2026-02-25T00:00:00"}