{"id":"https://openalex.org/W2963539830","doi":"https://doi.org/10.1109/milcom.2018.8599855","title":"Attack and Defense of Dynamic Analysis-Based, Adversarial Neural Malware Detection Models","display_name":"Attack and Defense of Dynamic Analysis-Based, Adversarial Neural Malware Detection Models","publication_year":2018,"publication_date":"2018-10-01","ids":{"openalex":"https://openalex.org/W2963539830","doi":"https://doi.org/10.1109/milcom.2018.8599855","mag":"2963539830"},"language":"en","primary_location":{"id":"doi:10.1109/milcom.2018.8599855","is_oa":false,"landing_page_url":"https://doi.org/10.1109/milcom.2018.8599855","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5059859993","display_name":"Jack W. Stokes","orcid":null},"institutions":[{"id":"https://openalex.org/I1290206253","display_name":"Microsoft (United States)","ror":"https://ror.org/00d0nc645","country_code":"US","type":"company","lineage":["https://openalex.org/I1290206253"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Jack W. Stokes","raw_affiliation_strings":["Microsoft Research, One Microsoft Way, Redmond, WA, USA"],"affiliations":[{"raw_affiliation_string":"Microsoft Research, One Microsoft Way, Redmond, WA, USA","institution_ids":["https://openalex.org/I1290206253"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102730633","display_name":"Wang De","orcid":null},"institutions":[{"id":"https://openalex.org/I189196454","display_name":"The University of Texas at Arlington","ror":"https://ror.org/019kgqr73","country_code":"US","type":"education","lineage":["https://openalex.org/I189196454"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"De Wang","raw_affiliation_strings":["University of Texas at Arlington, Arlington, TX, USA"],"affiliations":[{"raw_affiliation_string":"University of Texas at Arlington, Arlington, TX, USA","institution_ids":["https://openalex.org/I189196454"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029654238","display_name":"Mady Marinescu","orcid":null},"institutions":[{"id":"https://openalex.org/I1290206253","display_name":"Microsoft (United States)","ror":"https://ror.org/00d0nc645","country_code":"US","type":"company","lineage":["https://openalex.org/I1290206253"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mady Marinescu","raw_affiliation_strings":["Microsoft Corp., One Microsoft Way, Redmond, WA, USA"],"affiliations":[{"raw_affiliation_string":"Microsoft Corp., One Microsoft Way, Redmond, WA, USA","institution_ids":["https://openalex.org/I1290206253"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028168081","display_name":"Marc Marino","orcid":"https://orcid.org/0009-0003-1448-072X"},"institutions":[{"id":"https://openalex.org/I1290206253","display_name":"Microsoft (United States)","ror":"https://ror.org/00d0nc645","country_code":"US","type":"company","lineage":["https://openalex.org/I1290206253"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Marc Marino","raw_affiliation_strings":["Microsoft Corp., One Microsoft Way, Redmond, WA, USA"],"affiliations":[{"raw_affiliation_string":"Microsoft Corp., One Microsoft Way, Redmond, WA, USA","institution_ids":["https://openalex.org/I1290206253"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5057711999","display_name":"Brian Bussone","orcid":null},"institutions":[{"id":"https://openalex.org/I1290206253","display_name":"Microsoft (United States)","ror":"https://ror.org/00d0nc645","country_code":"US","type":"company","lineage":["https://openalex.org/I1290206253"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Brian Bussone","raw_affiliation_strings":["Microsoft Corp., One Microsoft Way, Redmond, WA, USA"],"affiliations":[{"raw_affiliation_string":"Microsoft Corp., One Microsoft Way, Redmond, WA, USA","institution_ids":["https://openalex.org/I1290206253"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5059859993"],"corresponding_institution_ids":["https://openalex.org/I1290206253"],"apc_list":null,"apc_paid":null,"fwci":2.312,"has_fulltext":false,"cited_by_count":31,"citation_normalized_percentile":{"value":0.89889279,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"8"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.9851999878883362,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.931312620639801},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.821624755859375},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.7490308880805969},{"id":"https://openalex.org/keywords/unpacking","display_name":"Unpacking","score":0.6344415545463562},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.6179668307304382},{"id":"https://openalex.org/keywords/adversarial-machine-learning","display_name":"Adversarial machine learning","score":0.5841548442840576},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5549740791320801},{"id":"https://openalex.org/keywords/cryptovirology","display_name":"Cryptovirology","score":0.5108594298362732},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.4887270927429199},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.4536137878894806},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.42094895243644714},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.39270728826522827},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.37689074873924255}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.931312620639801},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.821624755859375},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.7490308880805969},{"id":"https://openalex.org/C2777256151","wikidata":"https://www.wikidata.org/wiki/Q7897273","display_name":"Unpacking","level":2,"score":0.6344415545463562},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.6179668307304382},{"id":"https://openalex.org/C2778403875","wikidata":"https://www.wikidata.org/wiki/Q20312394","display_name":"Adversarial machine learning","level":3,"score":0.5841548442840576},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5549740791320801},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.5108594298362732},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.4887270927429199},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.4536137878894806},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.42094895243644714},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.39270728826522827},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.37689074873924255},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/milcom.2018.8599855","is_oa":false,"landing_page_url":"https://doi.org/10.1109/milcom.2018.8599855","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.6399999856948853}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":54,"referenced_works":["https://openalex.org/W142212369","https://openalex.org/W1522301498","https://openalex.org/W1532325895","https://openalex.org/W1545528966","https://openalex.org/W1821462560","https://openalex.org/W1893133781","https://openalex.org/W1932198206","https://openalex.org/W1945616565","https://openalex.org/W1966948031","https://openalex.org/W2041836310","https://openalex.org/W2082190528","https://openalex.org/W2095705004","https://openalex.org/W2122672392","https://openalex.org/W2180612164","https://openalex.org/W2271334188","https://openalex.org/W2274565976","https://openalex.org/W2275975620","https://openalex.org/W2401293755","https://openalex.org/W2432142698","https://openalex.org/W2476429474","https://openalex.org/W2513383847","https://openalex.org/W2557513839","https://openalex.org/W2574797807","https://openalex.org/W2590523583","https://openalex.org/W2607219512","https://openalex.org/W2616028256","https://openalex.org/W2632775315","https://openalex.org/W2808665446","https://openalex.org/W2962777143","https://openalex.org/W2963207607","https://openalex.org/W2963744840","https://openalex.org/W2963857521","https://openalex.org/W2964082701","https://openalex.org/W2964121744","https://openalex.org/W2964318098","https://openalex.org/W3102720581","https://openalex.org/W4297573953","https://openalex.org/W4320147968","https://openalex.org/W6631190155","https://openalex.org/W6638523607","https://openalex.org/W6640425456","https://openalex.org/W6674330103","https://openalex.org/W6685736903","https://openalex.org/W6685800298","https://openalex.org/W6694469416","https://openalex.org/W6694611762","https://openalex.org/W6695159855","https://openalex.org/W6713000815","https://openalex.org/W6717848421","https://openalex.org/W6718639682","https://openalex.org/W6733645847","https://openalex.org/W6734028196","https://openalex.org/W6738693630","https://openalex.org/W6752360385"],"related_works":["https://openalex.org/W2617210477","https://openalex.org/W4298031928","https://openalex.org/W4381279634","https://openalex.org/W2962734793","https://openalex.org/W2566565745","https://openalex.org/W3216063557","https://openalex.org/W4312707592","https://openalex.org/W3197643498","https://openalex.org/W2963539830","https://openalex.org/W2780484784"],"abstract_inverted_index":{"Recently":[0],"researchers":[1],"have":[2],"proposed":[3,167],"using":[4],"deep":[5,13],"learning-based":[6,21],"systems":[7,16],"for":[8,139,233],"malware":[9,52,70,76,123,253],"detection.":[10],"Unfortunately,":[11],"all":[12],"learning":[14],"classification":[15,33,77,231,254],"are":[17],"vulnerable":[18],"to":[19,84,151,206,220,245,263],"adversarial":[20,24,47,137,172,201,221,264],"attacks,":[22,25],"or":[23,74,108,126],"where":[26],"miscreants":[27],"can":[28],"avoid":[29],"detection":[30],"by":[31,100],"the":[32,40,57,60,67,105,119,122,162,175,185,196,213,217,226,230,252,260],"algorithm":[34],"with":[35,192],"very":[36],"few":[37],"perturbations":[38],"of":[39,59,69,88,121,135,164,198,225],"input":[41],"data.":[42],"Previous":[43],"work":[44],"has":[45],"studied":[46],"attacks":[48],"against":[49,170],"static":[50,80],"analysis-based":[51],"classifiers":[53],"which":[54],"only":[55],"classify":[56],"content":[58],"unknown":[61],"file":[62,103],"without":[63],"execution.":[64],"However,":[65],"since":[66],"majority":[68],"is":[71,203,216],"either":[72],"packed":[73],"encrypted,":[75],"based":[78],"on":[79,145],"analysis":[81,99,120],"often":[82],"fails":[83],"detect":[85],"these":[86,193],"types":[87],"files.":[89],"To":[90],"overcome":[91],"this":[92,129],"limitation,":[93],"anti-malware":[94,106],"companies":[95],"typically":[96],"perform":[97],"dynamic":[98,140],"emulating":[101],"each":[102],"in":[104,112,149,157],"engine":[107],"performing":[109],"in-depth":[110],"scanning":[111],"a":[113],"virtual":[114],"machine.":[115],"These":[116,142],"strategies":[117,134,143],"allow":[118],"after":[124],"unpacking":[125],"decryption.":[127],"In":[128,211],"work,":[130],"we":[131,237],"study":[132,161],"different":[133],"crafting":[136],"samples":[138,173,202],"analysis.":[141],"operate":[144],"sparse,":[146],"binary":[147],"inputs":[148,153],"contrast":[150],"continuous":[152],"such":[154],"as":[155],"pixels":[156],"images.":[158],"We":[159,180],"then":[160],"effects":[163],"two,":[165],"previously":[166],"defensive":[168],"mechanisms":[169],"crafted":[171,200],"including":[174],"distillation":[176],"and":[177,183],"ensemble":[178,214],"defenses.":[179],"also":[181],"propose":[182],"evaluate":[184],"weight":[186],"decay":[187],"defense.":[188],"Experiments":[189],"show":[190,238],"that":[191,239],"three":[194],"defenses,":[195],"number":[197],"successfully":[199],"reduced":[204],"compared":[205],"an":[207],"unprotected":[208],"baseline":[209],"system.":[210],"particular,":[212],"defense":[215],"most":[218],"resilient":[219],"attacks.":[222,265],"Importantly,":[223],"none":[224],"defenses":[227],"significantly":[228,250,258],"reduce":[229],"accuracy":[232],"detecting":[234],"malware.":[235],"Finally,":[236],"while":[240],"adding":[241],"additional":[242],"hidden":[243],"layers":[244],"neural":[246],"models":[247],"does":[248,257],"not":[249],"improve":[251],"accuracy,":[255],"it":[256],"increase":[259],"classifier's":[261],"robustness":[262]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":6},{"year":2021,"cited_by_count":6},{"year":2020,"cited_by_count":5},{"year":2019,"cited_by_count":3}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}