{"id":"https://openalex.org/W4292002665","doi":"https://doi.org/10.1109/csr54599.2022.9850345","title":"H4rm0ny: A Competitive Zero-Sum Two-Player Markov Game for Multi-Agent Learning on Evasive Malware Generation and Detection","display_name":"H4rm0ny: A Competitive Zero-Sum Two-Player Markov Game for Multi-Agent Learning on Evasive Malware Generation and Detection","publication_year":2022,"publication_date":"2022-07-27","ids":{"openalex":"https://openalex.org/W4292002665","doi":"https://doi.org/10.1109/csr54599.2022.9850345"},"language":"en","primary_location":{"id":"doi:10.1109/csr54599.2022.9850345","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csr54599.2022.9850345","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE International Conference on Cyber Security and Resilience (CSR)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5083877100","display_name":"Christopher Molloy","orcid":"https://orcid.org/0000-0003-2950-7158"},"institutions":[{"id":"https://openalex.org/I204722609","display_name":"Queen's University","ror":"https://ror.org/02y72wh86","country_code":"CA","type":"education","lineage":["https://openalex.org/I204722609"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Christopher Molloy","raw_affiliation_strings":["Queen's University,School of Computing,Kingston,Canada","School of Computing, Queen's University, Kingston, Canada"],"affiliations":[{"raw_affiliation_string":"Queen's University,School of Computing,Kingston,Canada","institution_ids":["https://openalex.org/I204722609"]},{"raw_affiliation_string":"School of Computing, Queen's University, Kingston, Canada","institution_ids":["https://openalex.org/I204722609"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5007693994","display_name":"Steven H. H. Ding","orcid":"https://orcid.org/0000-0003-4513-200X"},"institutions":[{"id":"https://openalex.org/I204722609","display_name":"Queen's University","ror":"https://ror.org/02y72wh86","country_code":"CA","type":"education","lineage":["https://openalex.org/I204722609"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Steven H. H. Ding","raw_affiliation_strings":["Queen's University,School of Computing,Kingston,Canada","School of Computing, Queen's University, Kingston, Canada"],"affiliations":[{"raw_affiliation_string":"Queen's University,School of Computing,Kingston,Canada","institution_ids":["https://openalex.org/I204722609"]},{"raw_affiliation_string":"School of Computing, Queen's University, Kingston, Canada","institution_ids":["https://openalex.org/I204722609"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5021788449","display_name":"Benjamin C. M. Fung","orcid":"https://orcid.org/0000-0001-8423-2906"},"institutions":[{"id":"https://openalex.org/I5023651","display_name":"McGill University","ror":"https://ror.org/01pxwe438","country_code":"CA","type":"education","lineage":["https://openalex.org/I5023651"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Benjamin C. M. Fung","raw_affiliation_strings":["McGill University,School of Information Studies,Montreal,Canada","School of Information Studies, McGill University, Montreal, Canada"],"affiliations":[{"raw_affiliation_string":"McGill University,School of Information Studies,Montreal,Canada","institution_ids":["https://openalex.org/I5023651"]},{"raw_affiliation_string":"School of Information Studies, McGill University, Montreal, Canada","institution_ids":["https://openalex.org/I5023651"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5052958340","display_name":"Philippe Charland","orcid":"https://orcid.org/0000-0003-4051-9942"},"institutions":[{"id":"https://openalex.org/I1297460800","display_name":"Defence Research and Development Canada","ror":"https://ror.org/00hgy8d33","country_code":"CA","type":"funder","lineage":["https://openalex.org/I1297460800","https://openalex.org/I1336338359","https://openalex.org/I2802286613"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Philippe Charland","raw_affiliation_strings":["Defence R&amp;D Canada - Valcartier,Mission Critical Cyber Security Section,Quebec,QC,Canada","Mission Critical Cyber Security Section, Defence R&D Canada - Valcartier, Quebec, QC, Canada"],"affiliations":[{"raw_affiliation_string":"Defence R&amp;D Canada - Valcartier,Mission Critical Cyber Security Section,Quebec,QC,Canada","institution_ids":["https://openalex.org/I1297460800"]},{"raw_affiliation_string":"Mission Critical Cyber Security Section, Defence R&D Canada - Valcartier, Quebec, QC, Canada","institution_ids":["https://openalex.org/I1297460800"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5083877100"],"corresponding_institution_ids":["https://openalex.org/I204722609"],"apc_list":null,"apc_paid":null,"fwci":0.4462,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.57778527,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"22","last_page":"29"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9947999715805054,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.9248963594436646},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8128362894058228},{"id":"https://openalex.org/keywords/reinforcement-learning","display_name":"Reinforcement learning","score":0.684099555015564},{"id":"https://openalex.org/keywords/cryptovirology","display_name":"Cryptovirology","score":0.6741403341293335},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.5533539652824402},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5410510301589966},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5400190949440002},{"id":"https://openalex.org/keywords/evasion","display_name":"Evasion (ethics)","score":0.4981527328491211},{"id":"https://openalex.org/keywords/signature","display_name":"Signature (topology)","score":0.4875137507915497},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.4513106942176819},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.43553197383880615},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.14404815435409546},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.1145637035369873}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.9248963594436646},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8128362894058228},{"id":"https://openalex.org/C97541855","wikidata":"https://www.wikidata.org/wiki/Q830687","display_name":"Reinforcement learning","level":2,"score":0.684099555015564},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.6741403341293335},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.5533539652824402},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5410510301589966},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5400190949440002},{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.4981527328491211},{"id":"https://openalex.org/C2779696439","wikidata":"https://www.wikidata.org/wiki/Q7512811","display_name":"Signature (topology)","level":2,"score":0.4875137507915497},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.4513106942176819},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.43553197383880615},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.14404815435409546},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.1145637035369873},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C203014093","wikidata":"https://www.wikidata.org/wiki/Q101929","display_name":"Immunology","level":1,"score":0.0},{"id":"https://openalex.org/C8891405","wikidata":"https://www.wikidata.org/wiki/Q1059","display_name":"Immune system","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/csr54599.2022.9850345","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csr54599.2022.9850345","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE International Conference on Cyber Security and Resilience (CSR)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.6800000071525574}],"awards":[],"funders":[{"id":"https://openalex.org/F4320313286","display_name":"Defence Research and Development Canada","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":27,"referenced_works":["https://openalex.org/W2141559645","https://openalex.org/W2144112223","https://openalex.org/W2156737235","https://openalex.org/W2215378786","https://openalex.org/W2746553466","https://openalex.org/W2768348081","https://openalex.org/W2784452215","https://openalex.org/W2792991556","https://openalex.org/W2896528354","https://openalex.org/W3009299257","https://openalex.org/W3015481738","https://openalex.org/W3034758058","https://openalex.org/W3085581910","https://openalex.org/W4297747285","https://openalex.org/W4300687693","https://openalex.org/W4320147968","https://openalex.org/W6683195989","https://openalex.org/W6734028196","https://openalex.org/W6745609711","https://openalex.org/W6745899033","https://openalex.org/W6748325151","https://openalex.org/W6750318962","https://openalex.org/W6755868333","https://openalex.org/W6773424267","https://openalex.org/W6774680895","https://openalex.org/W6782998109","https://openalex.org/W7007943406"],"related_works":["https://openalex.org/W2929621094","https://openalex.org/W1996006176","https://openalex.org/W4285325964","https://openalex.org/W4256304280","https://openalex.org/W2783112941","https://openalex.org/W4249009605","https://openalex.org/W2470029541","https://openalex.org/W4387065217","https://openalex.org/W2160606508","https://openalex.org/W2470502009"],"abstract_inverted_index":{"To":[0],"combat":[1],"the":[2,20,82,94,102,114,128,140],"increasingly":[3],"versatile":[4],"and":[5,16,27,57,75,85,111,155],"mutable":[6],"modern":[7],"malware,":[8],"Machine":[9],"Learning":[10,51,118],"(ML)":[11],"is":[12,31,133,145],"now":[13],"a":[14,33,77,89],"popular":[15],"effective":[17],"complement":[18],"to":[19,54,147],"existing":[21],"signature-based":[22,58],"techniques":[23,53],"for":[24,37,107],"malware":[25,44,109,125,130,142],"triage":[26],"identification.":[28],"However,":[29],"ML":[30],"also":[32],"readily":[34],"available":[35],"tool":[36],"adversaries.":[38],"Recent":[39],"studies":[40,68],"have":[41],"shown":[42],"that":[43,127],"can":[45],"be":[46],"modified":[47],"by":[48],"deep":[49],"Reinforcement":[50,117],"(RL)":[52],"bypass":[55],"AI-based":[56,154],"anti-virus":[59],"systems":[60],"without":[61],"altering":[62],"their":[63],"original":[64],"malicious":[65],"functionalities.":[66],"These":[67],"only":[69],"focus":[70],"on":[71,123],"generating":[72],"evasive":[73,108,150],"samples":[74,151],"assume":[76],"static":[78],"detection":[79,84,110,131],"system":[80],"as":[81],"enemy.Malware":[83],"evasion":[86],"essentially":[87],"form":[88],"two-party":[90],"cat-and-mouse":[91],"game.":[92],"Simulating":[93],"real-life":[95],"scenarios,":[96],"in":[97],"this":[98],"paper":[99],"we":[100],"present":[101],"first":[103],"two-player":[104],"competitive":[105],"game":[106],"generation,":[112],"following":[113],"zero-sum":[115],"Multi-Agent":[116],"(MARL)":[119],"paradigm.":[120],"Our":[121],"experiments":[122],"recent":[124],"show":[126],"produced":[129,141],"agent":[132,144],"more":[134,149],"robust":[135],"against":[136],"adversarial":[137],"attacks.":[138],"Also,":[139],"modification":[143],"able":[146],"generate":[148],"fooling":[152],"both":[153],"other":[156],"anti-malware":[157],"techniques.":[158]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}