{"id":"https://openalex.org/W4410114665","doi":"https://doi.org/10.1109/tdsc.2025.3566708","title":"GAME-RL: Generating Adversarial Malware Examples Against API Call Based Detection via Reinforcement Learning","display_name":"GAME-RL: Generating Adversarial Malware Examples Against API Call Based Detection via Reinforcement Learning","publication_year":2025,"publication_date":"2025-05-06","ids":{"openalex":"https://openalex.org/W4410114665","doi":"https://doi.org/10.1109/tdsc.2025.3566708"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2025.3566708","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2025.3566708","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5014299271","display_name":"Dazhi Zhan","orcid":"https://orcid.org/0000-0003-2766-3405"},"institutions":[{"id":"https://openalex.org/I4210163363","display_name":"PLA Army Engineering University","ror":"https://ror.org/05mgp8x93","country_code":"CN","type":"education","lineage":["https://openalex.org/I4210163363"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Dazhi Zhan","raw_affiliation_strings":["Army Engineering University of PLA, Nanjing, China","Army Engineering University of PLA, China"],"affiliations":[{"raw_affiliation_string":"Army Engineering University of PLA, Nanjing, China","institution_ids":["https://openalex.org/I4210163363"]},{"raw_affiliation_string":"Army Engineering University of PLA, China","institution_ids":["https://openalex.org/I4210163363"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100352129","display_name":"Xin Liu","orcid":"https://orcid.org/0000-0001-6653-2390"},"institutions":[{"id":"https://openalex.org/I4210163363","display_name":"PLA Army Engineering University","ror":"https://ror.org/05mgp8x93","country_code":"CN","type":"education","lineage":["https://openalex.org/I4210163363"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xin Liu","raw_affiliation_strings":["Army Engineering University of PLA, Nanjing, China","Army Engineering University of PLA, China"],"affiliations":[{"raw_affiliation_string":"Army Engineering University of PLA, Nanjing, China","institution_ids":["https://openalex.org/I4210163363"]},{"raw_affiliation_string":"Army Engineering University of PLA, China","institution_ids":["https://openalex.org/I4210163363"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029411969","display_name":"Wei Bai","orcid":"https://orcid.org/0000-0001-5850-8825"},"institutions":[{"id":"https://openalex.org/I4210163363","display_name":"PLA Army Engineering University","ror":"https://ror.org/05mgp8x93","country_code":"CN","type":"education","lineage":["https://openalex.org/I4210163363"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wei Bai","raw_affiliation_strings":["Army Engineering University of PLA, Nanjing, China","Army Engineering University of PLA, China"],"affiliations":[{"raw_affiliation_string":"Army Engineering University of PLA, Nanjing, China","institution_ids":["https://openalex.org/I4210163363"]},{"raw_affiliation_string":"Army Engineering University of PLA, China","institution_ids":["https://openalex.org/I4210163363"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101709405","display_name":"Wei Li","orcid":"https://orcid.org/0009-0007-4719-3355"},"institutions":[{"id":"https://openalex.org/I4210158522","display_name":"PLA Academy of Military Science","ror":"https://ror.org/05ct4s596","country_code":"CN","type":"facility","lineage":["https://openalex.org/I4210158522"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wei Li","raw_affiliation_strings":["Army Academy of Armored Forces, Beijing, China","Army Academy of Armored Forces, China"],"affiliations":[{"raw_affiliation_string":"Army Academy of Armored Forces, Beijing, China","institution_ids":["https://openalex.org/I4210158522"]},{"raw_affiliation_string":"Army Academy of Armored Forces, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102312791","display_name":"Shize Guo","orcid":"https://orcid.org/0009-0002-9718-1321"},"institutions":[{"id":"https://openalex.org/I4210163363","display_name":"PLA Army Engineering University","ror":"https://ror.org/05mgp8x93","country_code":"CN","type":"education","lineage":["https://openalex.org/I4210163363"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shize Guo","raw_affiliation_strings":["Army Engineering University of PLA, Nanjing, China","Army Engineering University of PLA, China"],"affiliations":[{"raw_affiliation_string":"Army Engineering University of PLA, Nanjing, China","institution_ids":["https://openalex.org/I4210163363"]},{"raw_affiliation_string":"Army Engineering University of PLA, China","institution_ids":["https://openalex.org/I4210163363"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5037669752","display_name":"Zhisong Pan","orcid":"https://orcid.org/0000-0001-8615-7313"},"institutions":[{"id":"https://openalex.org/I4210163363","display_name":"PLA Army Engineering University","ror":"https://ror.org/05mgp8x93","country_code":"CN","type":"education","lineage":["https://openalex.org/I4210163363"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhisong Pan","raw_affiliation_strings":["Army Engineering University of PLA, Nanjing, China","Army Engineering University of PLA, China"],"affiliations":[{"raw_affiliation_string":"Army Engineering University of PLA, Nanjing, China","institution_ids":["https://openalex.org/I4210163363"]},{"raw_affiliation_string":"Army Engineering University of PLA, China","institution_ids":["https://openalex.org/I4210163363"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5014299271"],"corresponding_institution_ids":["https://openalex.org/I4210163363"],"apc_list":null,"apc_paid":null,"fwci":7.0643,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.9692363,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":95,"max":100},"biblio":{"volume":"22","issue":"5","first_page":"5431","last_page":"5447"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9769999980926514,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8261196613311768},{"id":"https://openalex.org/keywords/reinforcement-learning","display_name":"Reinforcement learning","score":0.7920173406600952},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7187625169754028},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.7116252779960632},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4028233289718628},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.3336009681224823},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.31712692975997925}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8261196613311768},{"id":"https://openalex.org/C97541855","wikidata":"https://www.wikidata.org/wiki/Q830687","display_name":"Reinforcement learning","level":2,"score":0.7920173406600952},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7187625169754028},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.7116252779960632},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4028233289718628},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3336009681224823},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.31712692975997925}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2025.3566708","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2025.3566708","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G4683421875","display_name":null,"funder_award_id":"62076251","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":48,"referenced_works":["https://openalex.org/W1573526548","https://openalex.org/W1966948031","https://openalex.org/W1981738628","https://openalex.org/W2470673105","https://openalex.org/W2557513839","https://openalex.org/W2603766943","https://openalex.org/W2749572357","https://openalex.org/W2756723748","https://openalex.org/W2776884785","https://openalex.org/W2780061022","https://openalex.org/W2792942633","https://openalex.org/W2806076636","https://openalex.org/W2904246096","https://openalex.org/W2905130735","https://openalex.org/W2923951475","https://openalex.org/W2964159373","https://openalex.org/W2964268978","https://openalex.org/W2964301649","https://openalex.org/W2966219705","https://openalex.org/W2969904462","https://openalex.org/W2979750740","https://openalex.org/W2998010923","https://openalex.org/W2999615587","https://openalex.org/W3006837754","https://openalex.org/W3007406851","https://openalex.org/W3015481738","https://openalex.org/W3037164854","https://openalex.org/W3088341230","https://openalex.org/W3102543338","https://openalex.org/W3112173953","https://openalex.org/W3113062381","https://openalex.org/W3164891553","https://openalex.org/W3170962599","https://openalex.org/W3175362003","https://openalex.org/W3182015545","https://openalex.org/W3201016636","https://openalex.org/W3201518827","https://openalex.org/W4214483364","https://openalex.org/W4224263490","https://openalex.org/W4288072399","https://openalex.org/W4312707592","https://openalex.org/W4320147968","https://openalex.org/W4385688977","https://openalex.org/W4387587628","https://openalex.org/W4388726911","https://openalex.org/W4389158416","https://openalex.org/W4389474393","https://openalex.org/W4390045019"],"related_works":["https://openalex.org/W2502115930","https://openalex.org/W2482350142","https://openalex.org/W4246396837","https://openalex.org/W3126451824","https://openalex.org/W1561927205","https://openalex.org/W3191453585","https://openalex.org/W4297672492","https://openalex.org/W4310988119","https://openalex.org/W4285226279","https://openalex.org/W4288019534"],"abstract_inverted_index":{"The":[0,35],"adversarial":[1,51,195],"example":[2],"presents":[3],"new":[4],"security":[5],"threats":[6],"to":[7,31,78],"trustworthy":[8],"detection":[9,17],"systems.":[10],"In":[11],"the":[12,59,65,108,143,147,154,171,187],"context":[13],"of":[14,37,86,149,194],"evading":[15],"dynamic":[16],"based":[18],"on":[19,178],"API":[20,29,39,52,61,88],"call":[21,53],"sequences,":[22],"a":[23,83,96,127],"practical":[24],"approach":[25],"involves":[26],"inserting":[27],"perturbing":[28,109],"calls":[30,40,62],"modify":[32],"these":[33,70],"sequences.":[34],"type":[36],"inserted":[38,60],"and":[41,111,137,152,170],"their":[42,112],"insertion":[43,66,113],"locations":[44],"are":[45],"crucial":[46],"for":[47],"generating":[48],"an":[49,133,138],"effective":[50,162],"sequence.":[54],"Existing":[55],"methods":[56],"either":[57],"optimize":[58],"while":[63,190],"neglecting":[64],"positions":[67],"or":[68],"treat":[69],"optimizations":[71],"as":[72,126],"separate":[73],"processes.":[74],"This":[75],"can":[76],"lead":[77],"inefficient":[79],"attacks":[80],"that":[81,183],"insert":[82],"large":[84],"number":[85],"unnecessary":[87],"calls.":[89],"To":[90],"address":[91],"this":[92],"issue,":[93],"we":[94,116],"propose":[95],"novel":[97],"reinforcement":[98],"learning":[99],"(RL)":[100],"framework,":[101,145],"dubbed":[102],"GAME-RL,":[103],"which":[104],"simultaneously":[105],"optimizes":[106],"both":[107],"APIs":[110],"positions.":[114],"Specifically,":[115],"define":[117],"malware":[118],"modification":[119],"through":[120],"IAT":[121,150],"(Import":[122],"Address":[123],"Table)":[124],"hooking":[125,151],"sequential":[128],"decision-making":[129],"process.":[130],"We":[131,174],"introduce":[132],"invalid":[134],"action":[135],"masking":[136],"auto-regressive":[139],"policy":[140],"head":[141],"within":[142],"RL":[144],"ensuring":[146],"feasibility":[148],"capturing":[153],"inherent":[155],"relationship":[156],"between":[157],"factors.":[158],"GAME-RL":[159,184],"learns":[160],"more":[161],"evasion":[163,188],"strategies,":[164],"taking":[165],"into":[166],"account":[167],"functionality":[168],"preservation":[169],"black-box":[172],"setting.":[173],"conduct":[175],"comprehensive":[176],"experiments":[177],"various":[179],"target":[180],"models,":[181],"demonstrating":[182],"significantly":[185],"improves":[186],"rate":[189],"maintaining":[191],"acceptable":[192],"levels":[193],"overhead.":[196]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":2}],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-10-10T00:00:00"}