{"id":"https://openalex.org/W3090219579","doi":"https://doi.org/10.1109/tifs.2021.3082330","title":"Functionality-Preserving Black-Box Optimization of Adversarial Windows Malware","display_name":"Functionality-Preserving Black-Box Optimization of Adversarial Windows Malware","publication_year":2021,"publication_date":"2021-01-01","ids":{"openalex":"https://openalex.org/W3090219579","doi":"https://doi.org/10.1109/tifs.2021.3082330","mag":"3090219579"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2021.3082330","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2021.3082330","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2003.13526","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Luca Demetrio","orcid":"https://orcid.org/0000-0001-5104-1476"},"institutions":[{"id":"https://openalex.org/I172446870","display_name":"University of Cagliari","ror":"https://ror.org/003109y17","country_code":"IT","type":"education","lineage":["https://openalex.org/I172446870"]}],"countries":["IT"],"is_corresponding":true,"raw_author_name":"Luca Demetrio","raw_affiliation_strings":["PRA Lab, University of Cagliari, Cagliari, Italy"],"raw_orcid":"https://orcid.org/0000-0001-5104-1476","affiliations":[{"raw_affiliation_string":"PRA Lab, University of Cagliari, Cagliari, Italy","institution_ids":["https://openalex.org/I172446870"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Battista Biggio","orcid":"https://orcid.org/0000-0001-7752-509X"},"institutions":[{"id":"https://openalex.org/I172446870","display_name":"University of Cagliari","ror":"https://ror.org/003109y17","country_code":"IT","type":"education","lineage":["https://openalex.org/I172446870"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Battista Biggio","raw_affiliation_strings":["PRA Lab, University of Cagliari, Cagliari, Italy","Pluribus One, Cagliari, Italy"],"raw_orcid":"https://orcid.org/0000-0001-7752-509X","affiliations":[{"raw_affiliation_string":"PRA Lab, University of Cagliari, Cagliari, Italy","institution_ids":["https://openalex.org/I172446870"]},{"raw_affiliation_string":"Pluribus One, Cagliari, Italy","institution_ids":[]}]},{"author_position":"middle","author":{"id":null,"display_name":"Giovanni Lagorio","orcid":null},"institutions":[{"id":"https://openalex.org/I83816512","display_name":"University of Genoa","ror":"https://ror.org/0107c5v14","country_code":"IT","type":"education","lineage":["https://openalex.org/I83816512"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Giovanni Lagorio","raw_affiliation_strings":["Computer Security Laboratory (CSecLab), University of Genoa, Genoa, Italy"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Computer Security Laboratory (CSecLab), University of Genoa, Genoa, Italy","institution_ids":["https://openalex.org/I83816512"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Fabio Roli","orcid":null},"institutions":[{"id":"https://openalex.org/I172446870","display_name":"University of Cagliari","ror":"https://ror.org/003109y17","country_code":"IT","type":"education","lineage":["https://openalex.org/I172446870"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Fabio Roli","raw_affiliation_strings":["PRA Lab, University of Cagliari, Cagliari, Italy","Pluribus One, Cagliari, Italy"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"PRA Lab, University of Cagliari, Cagliari, Italy","institution_ids":["https://openalex.org/I172446870"]},{"raw_affiliation_string":"Pluribus One, Cagliari, Italy","institution_ids":[]}]},{"author_position":"last","author":{"id":null,"display_name":"Alessandro Armando","orcid":null},"institutions":[{"id":"https://openalex.org/I83816512","display_name":"University of Genoa","ror":"https://ror.org/0107c5v14","country_code":"IT","type":"education","lineage":["https://openalex.org/I83816512"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Alessandro Armando","raw_affiliation_strings":["Computer Security Laboratory (CSecLab), University of Genoa, Genoa, Italy"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Computer Security Laboratory (CSecLab), University of Genoa, Genoa, Italy","institution_ids":["https://openalex.org/I83816512"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I172446870"],"apc_list":null,"apc_paid":null,"fwci":15.1294,"has_fulltext":false,"cited_by_count":140,"citation_normalized_percentile":{"value":0.99517814,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":100},"biblio":{"volume":"16","issue":null,"first_page":"3469","last_page":"3478"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.7093999981880188,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.7093999981880188,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.12489999830722809,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.08309999853372574,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8190000057220459},{"id":"https://openalex.org/keywords/sandbox","display_name":"Sandbox (software development)","score":0.7263000011444092},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.646399974822998},{"id":"https://openalex.org/keywords/minification","display_name":"Minification","score":0.43059998750686646},{"id":"https://openalex.org/keywords/adversarial-machine-learning","display_name":"Adversarial machine learning","score":0.4025000035762787}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8916000127792358},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8190000057220459},{"id":"https://openalex.org/C167981075","wikidata":"https://www.wikidata.org/wiki/Q2667186","display_name":"Sandbox (software development)","level":2,"score":0.7263000011444092},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.646399974822998},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.49059998989105225},{"id":"https://openalex.org/C147764199","wikidata":"https://www.wikidata.org/wiki/Q6865248","display_name":"Minification","level":2,"score":0.43059998750686646},{"id":"https://openalex.org/C2778403875","wikidata":"https://www.wikidata.org/wiki/Q20312394","display_name":"Adversarial machine learning","level":3,"score":0.4025000035762787},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.31369999051094055},{"id":"https://openalex.org/C137836250","wikidata":"https://www.wikidata.org/wiki/Q984063","display_name":"Optimization problem","level":2,"score":0.29249998927116394},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.28220000863075256},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.27880001068115234}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1109/tifs.2021.3082330","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2021.3082330","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},{"id":"pmh:oai:arXiv.org:2003.13526","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2003.13526","pdf_url":"https://arxiv.org/pdf/2003.13526","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"pmh:oai:iris.unica.it:11584/314304","is_oa":true,"landing_page_url":"https://hdl.handle.net/11584/314304","pdf_url":null,"source":{"id":"https://openalex.org/S4377196293","display_name":"UNICA IRIS Institutional Research Information System (University of Cagliari)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I172446870","host_organization_name":"University of Cagliari","host_organization_lineage":["https://openalex.org/I172446870"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/article"},{"id":"pmh:oai:iris.unige.it:11567/1083650","is_oa":true,"landing_page_url":"https://hdl.handle.net/11567/1083650","pdf_url":null,"source":{"id":"https://openalex.org/S4377196291","display_name":"CINECA IRIS Institutial Research Information System (University of Genoa)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I83816512","host_organization_name":"University of Genoa","host_organization_lineage":["https://openalex.org/I83816512"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"info:eu-repo/semantics/article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2003.13526","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2003.13526","pdf_url":"https://arxiv.org/pdf/2003.13526","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G321951265","display_name":null,"funder_award_id":"2017TWNMH2","funder_id":"https://openalex.org/F4320321873","funder_display_name":"Ministero dell\u2019Istruzione, dell\u2019Universit\u00e0 e della Ricerca"}],"funders":[{"id":"https://openalex.org/F4320321873","display_name":"Ministero dell\u2019Istruzione, dell\u2019Universit\u00e0 e della Ricerca","ror":"https://ror.org/0166hxq48"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":29,"referenced_works":["https://openalex.org/W1666731339","https://openalex.org/W1893133781","https://openalex.org/W2038296020","https://openalex.org/W2082190528","https://openalex.org/W2095577883","https://openalex.org/W2557513839","https://openalex.org/W2776884785","https://openalex.org/W2946661411","https://openalex.org/W2951450826","https://openalex.org/W2963165251","https://openalex.org/W2973628901","https://openalex.org/W2982631433","https://openalex.org/W2988961468","https://openalex.org/W3006800307","https://openalex.org/W3007070494","https://openalex.org/W4247200422","https://openalex.org/W6676279030","https://openalex.org/W6679172241","https://openalex.org/W6734028196","https://openalex.org/W6745609711","https://openalex.org/W6745899033","https://openalex.org/W6748365352","https://openalex.org/W6749652745","https://openalex.org/W6750318962","https://openalex.org/W6758125152","https://openalex.org/W6760203611","https://openalex.org/W6766978945","https://openalex.org/W6781817299","https://openalex.org/W6794667201"],"related_works":[],"abstract_inverted_index":{"Windows":[0,164],"malware":[1,60,165,234],"detectors":[2],"based":[3,236],"on":[4,41,103,160,210,237],"machine":[5],"learning":[6],"are":[7,36,95,129],"vulnerable":[8],"to":[9,22,46,71,198,232],"adversarial":[10,59],"examples,":[11],"even":[12,183],"if":[13],"the":[14,23,47,58,68,104,116,119,140,143,149,152,188,222],"attacker":[15],"is":[16,31,77],"only":[17,177,186],"given":[18],"black-box":[19,92,171],"query":[20],"access":[21],"model.":[24],"The":[25],"main":[26],"drawback":[27],"of":[28,67,91,106,118,145,151,224],"these":[29,84],"attacks":[30,93,128,172,196],"that:":[32],"(":[33,51],"i)":[34],"they":[35,39,53,101,185,207],"query-inefficient,":[37],"as":[38,100,131],"rely":[40,102],"iteratively":[42],"applying":[43],"random":[44],"transformations":[45],"input":[48],"malware;":[49],"and":[50,98,148,167,180,203,227],"ii)":[52],"may":[54],"also":[55,137,192],"require":[56],"executing":[57],"in":[61],"a":[62,88,132],"sandbox":[63],"at":[64,115],"each":[65],"iteration":[66],"optimization":[69],"process,":[70],"ensure":[72],"that":[73,94,169,206],"its":[74,228],"intrusive":[75],"functionality":[76],"preserved.":[78],"In":[79],"this":[80,158],"paper,":[81],"we":[82],"overcome":[83],"issues":[85],"by":[86,220],"presenting":[87],"novel":[89],"family":[90],"both":[96],"query-efficient":[97],"functionality-preserving,":[99],"injection":[105],"benign":[107],"content":[108],"(which":[109],"will":[110],"never":[111],"be":[112],"executed)":[113],"either":[114],"end":[117],"malicious":[120],"file,":[121],"or":[122],"within":[123],"some":[124],"newly-created":[125],"sections.":[126],"Our":[127],"formalized":[130],"constrained":[133],"minimization":[134],"problem":[135],"which":[136],"enables":[138],"optimizing":[139],"trade-off":[141,159],"between":[142],"probability":[144],"evading":[146],"detection":[147],"size":[150],"injected":[153],"payload.":[154],"We":[155,191,218],"empirically":[156],"investigate":[157],"two":[161],"popular":[162],"static":[163],"detectors,":[166],"show":[168],"our":[170,195,225],"can":[173,208],"bypass":[174],"them":[175],"with":[176],"few":[178],"queries":[179],"small":[181],"payloads,":[182],"when":[184],"return":[187],"predicted":[189],"labels.":[190],"evaluate":[193],"whether":[194],"transfer":[197],"other":[199],"commercial":[200,215],"antivirus":[201,216],"solutions,":[202],"surprisingly":[204],"find":[205],"evade,":[209],"average,":[211],"more":[212],"than":[213],"12":[214],"engines.":[217],"conclude":[219],"discussing":[221],"limitations":[223],"approach,":[226],"possible":[229],"future":[230],"extensions":[231],"target":[233],"classifiers":[235],"dynamic":[238],"analysis.":[239]},"counts_by_year":[{"year":2026,"cited_by_count":9},{"year":2025,"cited_by_count":32},{"year":2024,"cited_by_count":31},{"year":2023,"cited_by_count":32},{"year":2022,"cited_by_count":28},{"year":2021,"cited_by_count":7},{"year":2012,"cited_by_count":1}],"updated_date":"2026-05-16T08:24:45.110214","created_date":"2020-10-08T00:00:00"}