{"id":"https://openalex.org/W4401751497","doi":"https://doi.org/10.1109/icccn61486.2024.10637577","title":"Explainability Guided Adversarial Evasion Attacks on Malware Detectors","display_name":"Explainability Guided Adversarial Evasion Attacks on Malware Detectors","publication_year":2024,"publication_date":"2024-07-29","ids":{"openalex":"https://openalex.org/W4401751497","doi":"https://doi.org/10.1109/icccn61486.2024.10637577"},"language":"en","primary_location":{"id":"doi:10.1109/icccn61486.2024.10637577","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icccn61486.2024.10637577","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 33rd International Conference on Computer Communications and Networks (ICCCN)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5005398538","display_name":"Kshitiz Aryal","orcid":"https://orcid.org/0000-0001-8000-1086"},"institutions":[{"id":"https://openalex.org/I63920570","display_name":"Tennessee Technological University","ror":"https://ror.org/05drmrq39","country_code":"US","type":"education","lineage":["https://openalex.org/I63920570"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Kshitiz Aryal","raw_affiliation_strings":["Tennessee Tech University,Department of Computer Science,Cookeville,USA"],"affiliations":[{"raw_affiliation_string":"Tennessee Tech University,Department of Computer Science,Cookeville,USA","institution_ids":["https://openalex.org/I63920570"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047952246","display_name":"Maanak Gupta","orcid":"https://orcid.org/0000-0001-9189-2478"},"institutions":[{"id":"https://openalex.org/I63920570","display_name":"Tennessee Technological University","ror":"https://ror.org/05drmrq39","country_code":"US","type":"education","lineage":["https://openalex.org/I63920570"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Maanak Gupta","raw_affiliation_strings":["Tennessee Tech University,Department of Computer Science,Cookeville,USA"],"affiliations":[{"raw_affiliation_string":"Tennessee Tech University,Department of Computer Science,Cookeville,USA","institution_ids":["https://openalex.org/I63920570"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5006682340","display_name":"Mahmoud Abdelsalam","orcid":"https://orcid.org/0000-0002-6879-1107"},"institutions":[{"id":"https://openalex.org/I35777872","display_name":"North Carolina Agricultural and Technical State University","ror":"https://ror.org/02aze4h65","country_code":"US","type":"education","lineage":["https://openalex.org/I35777872"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mahmoud Abdelsalam","raw_affiliation_strings":["North Carolina A&#x0026;T State University,Department of Computer Science,Greensboro,USA"],"affiliations":[{"raw_affiliation_string":"North Carolina A&#x0026;T State University,Department of Computer Science,Greensboro,USA","institution_ids":["https://openalex.org/I35777872"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5046123556","display_name":"Moustafa Saleh","orcid":"https://orcid.org/0000-0003-1916-3275"},"institutions":[{"id":"https://openalex.org/I58610484","display_name":"Seattle University","ror":"https://ror.org/02jqc0m91","country_code":"US","type":"education","lineage":["https://openalex.org/I58610484"]},{"id":"https://openalex.org/I1342911587","display_name":"Oracle (United States)","ror":"https://ror.org/006c77m33","country_code":"US","type":"company","lineage":["https://openalex.org/I1342911587"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Moustafa Saleh","raw_affiliation_strings":["Oracle,Oracle Cloud Infrastructure,Seattle,USA"],"affiliations":[{"raw_affiliation_string":"Oracle,Oracle Cloud Infrastructure,Seattle,USA","institution_ids":["https://openalex.org/I1342911587","https://openalex.org/I58610484"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5005398538"],"corresponding_institution_ids":["https://openalex.org/I63920570"],"apc_list":null,"apc_paid":null,"fwci":1.8185,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.87309662,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"9"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9965999722480774,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.982200026512146,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/evasion","display_name":"Evasion (ethics)","score":0.8368792533874512},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.7816921472549438},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7720557451248169},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7016370296478271},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6486636996269226},{"id":"https://openalex.org/keywords/detector","display_name":"Detector","score":0.5283834338188171},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.3641422688961029},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.2225639522075653},{"id":"https://openalex.org/keywords/telecommunications","display_name":"Telecommunications","score":0.07916295528411865}],"concepts":[{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.8368792533874512},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.7816921472549438},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7720557451248169},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7016370296478271},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6486636996269226},{"id":"https://openalex.org/C94915269","wikidata":"https://www.wikidata.org/wiki/Q1834857","display_name":"Detector","level":2,"score":0.5283834338188171},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.3641422688961029},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2225639522075653},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.07916295528411865},{"id":"https://openalex.org/C203014093","wikidata":"https://www.wikidata.org/wiki/Q101929","display_name":"Immunology","level":1,"score":0.0},{"id":"https://openalex.org/C8891405","wikidata":"https://www.wikidata.org/wiki/Q1059","display_name":"Immune system","level":2,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icccn61486.2024.10637577","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icccn61486.2024.10637577","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 33rd International Conference on Computer Communications and Networks (ICCCN)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":25,"referenced_works":["https://openalex.org/W2487898712","https://openalex.org/W2784452215","https://openalex.org/W2799420851","https://openalex.org/W2942795289","https://openalex.org/W2963165251","https://openalex.org/W2973628901","https://openalex.org/W3090952333","https://openalex.org/W3094828954","https://openalex.org/W3205566425","https://openalex.org/W4210864560","https://openalex.org/W4226036144","https://openalex.org/W4288072399","https://openalex.org/W4288638181","https://openalex.org/W4318148078","https://openalex.org/W4323767268","https://openalex.org/W4385412351","https://openalex.org/W4392735891","https://openalex.org/W6736518430","https://openalex.org/W6738397735","https://openalex.org/W6745899033","https://openalex.org/W6748325151","https://openalex.org/W6751070894","https://openalex.org/W6758125152","https://openalex.org/W6804094839","https://openalex.org/W6862529458"],"related_works":["https://openalex.org/W2502115930","https://openalex.org/W2482350142","https://openalex.org/W2783112941","https://openalex.org/W2526398307","https://openalex.org/W2470029541","https://openalex.org/W4387065217","https://openalex.org/W4368275542","https://openalex.org/W2470502009","https://openalex.org/W3152957156","https://openalex.org/W4285357721"],"abstract_inverted_index":{"As":[0],"the":[1,25,35,59,74,82,87,97,105,113,123,128,136,146,151,156,159,169,194,220,226,254,260,264,270,298,302,307,318,328],"focus":[2],"on":[3,13,34,53,63,86,119,122,297,301,335],"security":[4],"of":[5,39,76,90,130,158,171,179,187,196,199,234,263,272,284,306,322],"Artificial":[6],"Intelligence":[7],"(AI)":[8],"is":[9],"becoming":[10],"paramount,":[11],"research":[12],"crafting":[14,175],"and":[15,37,95,155,216,259,320],"inserting":[16],"optimal":[17,137],"adversarial":[18,29,60,106,177,228,265,294,323],"perturbations":[19],"has":[20],"become":[21],"increasingly":[22],"critical.":[23],"In":[24],"malware":[26,68,78,93,115,124,152,161,201,208,222,236,332],"domain,":[27],"this":[28],"sample":[30,178],"generation":[31],"relies":[32],"heavily":[33],"accuracy":[36],"placement":[38],"crafted":[40],"perturbation":[41,107,140,229,329],"with":[42],"a":[43,47,64,91,206,244,276,314],"goal":[44],"to":[45,57,103,202,252,339],"evade":[46],"trained":[48],"classifier.":[49],"This":[50,248],"work":[51],"focuses":[52],"applying":[54],"explainability":[55],"techniques":[56],"enhance":[58],"evasion":[61,261,295,324],"attack":[62,296],"machine-learning-based":[65],"Windows":[66,180,285],"PE":[67,77,114,160,181,200,235,286,331,341],"detector.":[69],"The":[70,142,211],"explainable":[71,172],"tool":[72],"identifies":[73],"regions":[75,99,117,233],"files":[79],"that":[80,166],"have":[81],"most":[83],"significant":[84,315],"impact":[85,121],"decision-making":[88],"process":[89],"given":[92,221],"detector,":[94,209],"therefore,":[96],"same":[98],"can":[100],"be":[101],"leveraged":[102],"inject":[104],"for":[108,134,139,192,219],"maximum":[109],"efficiency.":[110],"Profiling":[111],"all":[112],"file":[116],"based":[118,300,334],"their":[120],"detector's":[125,153],"decision":[126,154],"enables":[127],"derivation":[129],"an":[131,176,293],"efficient":[132],"strategy":[133,143],"identifying":[135],"location":[138],"injection.":[141],"should":[144],"incorporate":[145],"region's":[147],"significance":[148,271],"in":[149,174,231,243,317,330],"influencing":[150],"sensitivity":[157],"file's":[162],"integrity":[163],"towards":[164],"modifying":[165],"region.To":[167],"assess":[168],"utility":[170],"AI":[173],"malware,":[182],"we":[183,268],"utilize":[184],"DeepExplainer":[185],"module":[186],"SHAP":[188,257,273,304,336],"(SHapley":[189],"Additive":[190],"exPlanations)":[191],"determining":[193],"contribution":[195],"each":[197,282],"region":[198],"its":[203],"detection":[204],"by":[205,280],"CNN-based":[207],"MalConv.":[210],"analysis":[212],"includes":[213],"both":[214],"local":[215],"global":[217],"explanations":[218],"samples.":[223],"We":[224,290],"performed":[225,292],"functionality-preserving":[227],"injection":[230],"different":[232],"wherever":[237],"possible":[238],"while":[239],"performing":[240],"non-functionality-preserving":[241],"operations":[242],"few":[245],"remaining":[246],"regions.":[247],"approach":[249],"allows":[250],"us":[251],"examine":[253],"relationship":[255],"between":[256],"values":[258,274,305,337],"rate":[262],"attack.":[266],"Furthermore,":[267],"analyzed":[269],"at":[275],"more":[277],"granular":[278],"level":[279],"subdividing":[281],"section":[283],"into":[287],"small":[288],"subsections.":[289],"then":[291],"subsections":[299],"corresponding":[303],"byte":[308],"sequences.":[309],"Our":[310],"experimental":[311],"evaluation":[312],"shows":[313],"improvement":[316],"success":[319],"efficiency":[321],"attacks":[325],"when":[326],"injecting":[327],"locations":[333],"compared":[338],"random":[340],"locations.":[342]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":2}],"updated_date":"2025-12-26T23:08:49.675405","created_date":"2025-10-10T00:00:00"}