{"id":"https://openalex.org/W3094103292","doi":"https://doi.org/10.1109/icdmw51313.2020.00074","title":"Getting Passive Aggressive About False Positives: Patching Deployed Malware Detectors","display_name":"Getting Passive Aggressive About False Positives: Patching Deployed Malware Detectors","publication_year":2020,"publication_date":"2020-11-01","ids":{"openalex":"https://openalex.org/W3094103292","doi":"https://doi.org/10.1109/icdmw51313.2020.00074","mag":"3094103292"},"language":"en","primary_location":{"id":"doi:10.1109/icdmw51313.2020.00074","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icdmw51313.2020.00074","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 International Conference on Data Mining Workshops (ICDMW)","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2010.12080","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5068036546","display_name":"Edward Raff","orcid":"https://orcid.org/0000-0002-9900-1972"},"institutions":[{"id":"https://openalex.org/I1322124587","display_name":"Booz Allen Hamilton (United States)","ror":"https://ror.org/051rcp357","country_code":"US","type":"company","lineage":["https://openalex.org/I1322124587"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Edward Raff","raw_affiliation_strings":["Booz Allen Hamilton","Booz, Allen, Hamilton#TAB#"],"affiliations":[{"raw_affiliation_string":"Booz Allen Hamilton","institution_ids":["https://openalex.org/I1322124587"]},{"raw_affiliation_string":"Booz, Allen, Hamilton#TAB#","institution_ids":["https://openalex.org/I1322124587"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069030737","display_name":"Bobby Filar","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Bobby Filar","raw_affiliation_strings":["Elastic"],"affiliations":[{"raw_affiliation_string":"Elastic","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5071742303","display_name":"James Holt","orcid":"https://orcid.org/0000-0001-6411-9236"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"James Holt","raw_affiliation_strings":["Laboratory for Physical Sciences"],"affiliations":[{"raw_affiliation_string":"Laboratory for Physical Sciences","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5068036546"],"corresponding_institution_ids":["https://openalex.org/I1322124587"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.12123593,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"506","last_page":"515"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.8786574602127075},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7193244695663452},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.6988739967346191},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6102522611618042},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4028024673461914},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.3744935393333435}],"concepts":[{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.8786574602127075},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7193244695663452},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.6988739967346191},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6102522611618042},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4028024673461914},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3744935393333435}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1109/icdmw51313.2020.00074","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icdmw51313.2020.00074","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 International Conference on Data Mining Workshops (ICDMW)","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2010.12080","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2010.12080","pdf_url":"https://arxiv.org/pdf/2010.12080","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"doi:10.48550/arxiv.2010.12080","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2010.12080","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"},{"id":"mag:3094103292","is_oa":false,"landing_page_url":null,"pdf_url":null,"source":null,"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":null}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2010.12080","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2010.12080","pdf_url":"https://arxiv.org/pdf/2010.12080","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[{"score":0.4699999988079071,"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3094103292.pdf","grobid_xml":"https://content.openalex.org/works/W3094103292.grobid-xml"},"referenced_works_count":52,"referenced_works":["https://openalex.org/W58852127","https://openalex.org/W1558357780","https://openalex.org/W1577823635","https://openalex.org/W1956767865","https://openalex.org/W1966150547","https://openalex.org/W1966948031","https://openalex.org/W1975357770","https://openalex.org/W2010657328","https://openalex.org/W2018175892","https://openalex.org/W2068714596","https://openalex.org/W2143537651","https://openalex.org/W2144902422","https://openalex.org/W2159187228","https://openalex.org/W2160218441","https://openalex.org/W2601450892","https://openalex.org/W2603093875","https://openalex.org/W2773446523","https://openalex.org/W2785844809","https://openalex.org/W2786672974","https://openalex.org/W2792991556","https://openalex.org/W2808195131","https://openalex.org/W2907890159","https://openalex.org/W2963106521","https://openalex.org/W2963165251","https://openalex.org/W2963562762","https://openalex.org/W2963579187","https://openalex.org/W2963583660","https://openalex.org/W2963767972","https://openalex.org/W2963777745","https://openalex.org/W2964262883","https://openalex.org/W2973628901","https://openalex.org/W2981091784","https://openalex.org/W2986291326","https://openalex.org/W3007070494","https://openalex.org/W3023980642","https://openalex.org/W3029868457","https://openalex.org/W3046522182","https://openalex.org/W4247200422","https://openalex.org/W6602413418","https://openalex.org/W6640826072","https://openalex.org/W6681093246","https://openalex.org/W6681302627","https://openalex.org/W6683167515","https://openalex.org/W6683584131","https://openalex.org/W6735236233","https://openalex.org/W6737181878","https://openalex.org/W6745899033","https://openalex.org/W6752705692","https://openalex.org/W6758125152","https://openalex.org/W6778140923","https://openalex.org/W6781000163","https://openalex.org/W7007943406"],"related_works":["https://openalex.org/W3129214326","https://openalex.org/W2887952551","https://openalex.org/W2591538843","https://openalex.org/W139862744","https://openalex.org/W2566870381","https://openalex.org/W2925690972","https://openalex.org/W2326091346","https://openalex.org/W2384091034","https://openalex.org/W2768003418","https://openalex.org/W2559583410","https://openalex.org/W2766667285","https://openalex.org/W3127116069","https://openalex.org/W2612832310","https://openalex.org/W1544878956","https://openalex.org/W2897464020","https://openalex.org/W1493633851","https://openalex.org/W1539956343","https://openalex.org/W2473128072","https://openalex.org/W2340186839","https://openalex.org/W2519312445"],"abstract_inverted_index":{"False":[0],"positives":[1,139,197,220],"(FPs)":[2],"have":[3,89],"been":[4,147],"an":[5,192,239],"issue":[6],"of":[7,33,47,60,106,119,216,235,241],"extreme":[8],"importance":[9],"for":[10,14,72,136],"anti-virus":[11],"(AV)":[12],"systems":[13,114],"decades.":[15],"As":[16],"more":[17],"security":[18,64],"vendors":[19,76],"turn":[20],"to":[21,82,92,94,100,128,156,185,191,208,212],"machine":[22],"learning,":[23],"alert":[24],"deluge":[25],"has":[26,53,145,154],"hit":[27],"critical":[28],"mass":[29],"with":[30,160],"over":[31],"20%":[32],"all":[34,48,86],"alerts":[35,49,237],"resulting":[36],"in":[37,40,55,140],"FPs":[38,73,129],"and,":[39,58],"some":[41],"organizations,":[42],"the":[43,117,152,227,232],"number":[44,234],"reaches":[45],"half":[46],"[1].":[50],"This":[51,98],"increase":[52],"resulted":[54],"fatigue,":[56],"frustration,":[57],"worst":[59],"all,":[61],"neglect":[62],"from":[63,221],"workers":[65],"on":[66],"SOC":[67],"teams.":[68],"A":[69],"foundational":[70],"cause":[71],"is":[74,173],"that":[75,126],"must":[77],"build":[78],"one":[79],"global":[80],"system":[81],"try":[83],"and":[84,130,162,168],"satisfy":[85],"customers,":[87],"but":[88],"no":[90,174],"method":[91],"adjust":[93],"individual":[95],"local":[96,121],"environments.":[97],"leads":[99],"outrageous,":[101],"albeit":[102],"technically":[103],"correct,":[104],"characterization":[105],"their":[107],"platforms":[108],"being":[109],"99.9%":[110],"effective.":[111],"Once":[112],"these":[113,158],"are":[115],"deployed":[116],"idiosyncrasies":[118],"individual,":[120],"environments":[122],"expose":[123],"blind":[124],"spots":[125],"lead":[127],"uncertainty.":[131],"We":[132,177,204],"propose":[133,178],"a":[134,143,180,187,214,222],"strategy":[135],"fixing":[137],"false":[138,196,219],"production":[141,223],"after":[142],"model":[144,170,190],"already":[146],"deployed.":[148],"For":[149],"too":[150],"long":[151],"industry":[153],"tried":[155],"combat":[157],"problems":[159],"inefficient,":[161],"at":[163],"times,":[164],"dangerous":[165],"allowlist":[166],"techniques":[167],"excessive":[169],"retraining":[171],"which":[172],"longer":[175],"enough.":[176],"using":[179],"technique":[181],"called":[182],"passive-aggressive":[183,210],"learning":[184,211],"alter":[186],"malware":[188,228],"detection":[189],"individual's":[193],"environment,":[194],"eliminating":[195],"without":[198,225],"sharing":[199],"any":[200],"customer":[201],"sensitive":[202],"information.":[203],"will":[205],"show":[206],"how":[207],"use":[209],"solve":[213],"collection":[215],"notoriously":[217],"difficult":[218],"environment":[224],"compromising":[226],"model's":[229],"accuracy,":[230],"reducing":[231],"total":[233],"FP":[236],"by":[238],"average":[240],"23x.":[242]},"counts_by_year":[],"updated_date":"2026-03-10T16:38:18.471706","created_date":"2025-10-10T00:00:00"}