{"id":"https://openalex.org/W2988961468","doi":"https://doi.org/10.1145/3365001","title":"Malware Dynamic Analysis Evasion Techniques","display_name":"Malware Dynamic Analysis Evasion Techniques","publication_year":2019,"publication_date":"2019-11-14","ids":{"openalex":"https://openalex.org/W2988961468","doi":"https://doi.org/10.1145/3365001","mag":"2988961468"},"language":"en","primary_location":{"id":"doi:10.1145/3365001","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3365001","pdf_url":null,"source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"},"type":"review","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5022158124","display_name":"Amir Afianian","orcid":"https://orcid.org/0000-0003-1933-3385"},"institutions":[{"id":"https://openalex.org/I158248296","display_name":"Amirkabir University of Technology","ror":"https://ror.org/04gzbav43","country_code":"IR","type":"education","lineage":["https://openalex.org/I158248296"]}],"countries":["IR"],"is_corresponding":true,"raw_author_name":"Amir Afianian","raw_affiliation_strings":["APA Research Center, Amirkabir University of Technology, Valiasr Square, Tehran, Iran"],"affiliations":[{"raw_affiliation_string":"APA Research Center, Amirkabir University of Technology, Valiasr Square, Tehran, Iran","institution_ids":["https://openalex.org/I158248296"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5025623725","display_name":"Salman Niksefat","orcid":"https://orcid.org/0000-0001-8958-3043"},"institutions":[{"id":"https://openalex.org/I158248296","display_name":"Amirkabir University of Technology","ror":"https://ror.org/04gzbav43","country_code":"IR","type":"education","lineage":["https://openalex.org/I158248296"]}],"countries":["IR"],"is_corresponding":false,"raw_author_name":"Salman Niksefat","raw_affiliation_strings":["APA Research Center, Amirkabir University of Technology, Valiasr Square, Tehran, Iran"],"affiliations":[{"raw_affiliation_string":"APA Research Center, Amirkabir University of Technology, Valiasr Square, Tehran, Iran","institution_ids":["https://openalex.org/I158248296"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101811727","display_name":"Babak Sadeghiyan","orcid":null},"institutions":[{"id":"https://openalex.org/I158248296","display_name":"Amirkabir University of Technology","ror":"https://ror.org/04gzbav43","country_code":"IR","type":"education","lineage":["https://openalex.org/I158248296"]}],"countries":["IR"],"is_corresponding":false,"raw_author_name":"Babak Sadeghiyan","raw_affiliation_strings":["APA Research Center, Amirkabir University of Technology, Valiasr Square, Tehran, Iran"],"affiliations":[{"raw_affiliation_string":"APA Research Center, Amirkabir University of Technology, Valiasr Square, Tehran, Iran","institution_ids":["https://openalex.org/I158248296"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5109400750","display_name":"David A. Baptiste","orcid":null},"institutions":[{"id":"https://openalex.org/I35298706","display_name":"ESIEA University","ror":"https://ror.org/00g6cx256","country_code":"FR","type":"education","lineage":["https://openalex.org/I35298706"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"David Baptiste","raw_affiliation_strings":["ESIEA (C + V)O Lab, Laval, France"],"affiliations":[{"raw_affiliation_string":"ESIEA (C + V)O Lab, Laval, France","institution_ids":["https://openalex.org/I35298706"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5022158124"],"corresponding_institution_ids":["https://openalex.org/I158248296"],"apc_list":null,"apc_paid":null,"fwci":12.0216,"has_fulltext":false,"cited_by_count":182,"citation_normalized_percentile":{"value":0.99172246,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":100},"biblio":{"volume":"52","issue":"6","first_page":"1","last_page":"28"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9970999956130981,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9904000163078308,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/evasion","display_name":"Evasion (ethics)","score":0.9189501404762268},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8783974051475525},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8768481016159058},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7274543046951294},{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.6743776798248291},{"id":"https://openalex.org/keywords/cryptovirology","display_name":"Cryptovirology","score":0.5671583414077759},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.444199800491333},{"id":"https://openalex.org/keywords/android-malware","display_name":"Android malware","score":0.43350106477737427},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.3527997136116028},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.31385108828544617}],"concepts":[{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.9189501404762268},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8783974051475525},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8768481016159058},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7274543046951294},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.6743776798248291},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.5671583414077759},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.444199800491333},{"id":"https://openalex.org/C2989133298","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android malware","level":3,"score":0.43350106477737427},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3527997136116028},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.31385108828544617},{"id":"https://openalex.org/C8891405","wikidata":"https://www.wikidata.org/wiki/Q1059","display_name":"Immune system","level":2,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C203014093","wikidata":"https://www.wikidata.org/wiki/Q101929","display_name":"Immunology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3365001","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3365001","pdf_url":null,"source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.5,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":76,"referenced_works":["https://openalex.org/W7073056","https://openalex.org/W7103708","https://openalex.org/W23711711","https://openalex.org/W24839522","https://openalex.org/W78162143","https://openalex.org/W94275716","https://openalex.org/W172558989","https://openalex.org/W191656338","https://openalex.org/W1492352846","https://openalex.org/W1503224444","https://openalex.org/W1508225132","https://openalex.org/W1515180657","https://openalex.org/W1522250664","https://openalex.org/W1534092936","https://openalex.org/W1903377156","https://openalex.org/W1954816054","https://openalex.org/W1968519345","https://openalex.org/W1968632081","https://openalex.org/W1974737884","https://openalex.org/W1990360323","https://openalex.org/W2000249510","https://openalex.org/W2006942880","https://openalex.org/W2007647094","https://openalex.org/W2024170198","https://openalex.org/W2032151752","https://openalex.org/W2039722366","https://openalex.org/W2046185165","https://openalex.org/W2047181172","https://openalex.org/W2066220442","https://openalex.org/W2075338504","https://openalex.org/W2087740020","https://openalex.org/W2090534521","https://openalex.org/W2098431065","https://openalex.org/W2100002952","https://openalex.org/W2101077503","https://openalex.org/W2102001185","https://openalex.org/W2111038628","https://openalex.org/W2115175195","https://openalex.org/W2117030266","https://openalex.org/W2120297918","https://openalex.org/W2125895608","https://openalex.org/W2126169116","https://openalex.org/W2128212613","https://openalex.org/W2132874238","https://openalex.org/W2136245903","https://openalex.org/W2140807364","https://openalex.org/W2145688371","https://openalex.org/W2150795982","https://openalex.org/W2154871153","https://openalex.org/W2162765234","https://openalex.org/W2163292449","https://openalex.org/W2176830056","https://openalex.org/W2182675423","https://openalex.org/W2243437504","https://openalex.org/W2316461318","https://openalex.org/W2350778671","https://openalex.org/W2405980203","https://openalex.org/W2466394978","https://openalex.org/W2496872468","https://openalex.org/W2505098645","https://openalex.org/W2510612055","https://openalex.org/W2517430515","https://openalex.org/W2560252021","https://openalex.org/W2574215789","https://openalex.org/W2582757025","https://openalex.org/W2586610235","https://openalex.org/W2605860169","https://openalex.org/W2618822292","https://openalex.org/W2712617220","https://openalex.org/W2783112941","https://openalex.org/W2910317047","https://openalex.org/W2961548298","https://openalex.org/W4225935968","https://openalex.org/W4230917866","https://openalex.org/W4235202118","https://openalex.org/W4243560869"],"related_works":["https://openalex.org/W2900526031","https://openalex.org/W4296272594","https://openalex.org/W4360993664","https://openalex.org/W2782775281","https://openalex.org/W2465235098","https://openalex.org/W2470029541","https://openalex.org/W2167003418","https://openalex.org/W2395100307","https://openalex.org/W2470502009","https://openalex.org/W2728713145"],"abstract_inverted_index":{"The":[0,121],"cyber":[1],"world":[2],"is":[3,41,48,113,129],"plagued":[4],"with":[5,116,156,191],"ever-evolving":[6],"malware":[7,31,77,126],"that":[8,110,150,198],"readily":[9,167],"infiltrate":[10],"all":[11,204],"defense":[12],"mechanisms,":[13],"operate":[14],"viciously":[15],"unbeknownst":[16],"to":[17,35,62,159,202],"the":[18,26,151,184,200,205],"user,":[19],"and":[20,58,92,104,118],"surreptitiously":[21],"exfiltrate":[22],"sensitive":[23],"data.":[24],"Understanding":[25],"inner":[27],"workings":[28],"of":[29,89,102,124,186],"such":[30,125,177],"provides":[32],"a":[33,73,86],"leverage":[34],"effectively":[36],"combat":[37],"them.":[38],"This":[39],"understanding":[40],"pursued":[42],"often":[43],"through":[44],"dynamic":[45,78],"analysis":[46,79,105,164],"which":[47,140],"conducted":[49],"manually":[50],"or":[51,64,173],"automatically.":[52],"Malware":[53],"authors":[54],"accordingly,":[55],"have":[56],"devised":[57],"advanced":[59],"evasion":[60,80,175],"techniques":[61,91,172,197],"thwart":[63,203],"evade":[65],"these":[66,90],"analyses.":[67],"In":[68,82],"this":[69],"article,":[70],"we":[71,84,127,147,181],"present":[72],"comprehensive":[74],"survey":[75],"on":[76,194],"techniques.":[81],"addition,":[83],"propose":[85],"detailed":[87],"classification":[88],"further":[93],"demonstrate":[94],"how":[95],"their":[96],"efficacy":[97],"holds":[98],"against":[99],"different":[100],"types":[101],"detection":[103],"approaches.":[106],"Our":[107],"observations":[108],"attest":[109],"evasive":[111,206],"behavior":[112],"mostly":[114],"concerned":[115],"detecting":[117,143],"evading":[119],"sandboxes.":[120],"primary":[122],"tactic":[123,139],"argue":[128],"fingerprinting":[130,171],"followed":[131],"by":[132,169],"new":[133],"trends":[134],"for":[135,161],"reverse":[136],"Turing":[137],"test":[138],"aims":[141],"at":[142],"human":[144],"interaction.":[145],"Furthermore,":[146],"will":[148],"posit":[149],"current":[152],"defensive":[153,189],"strategies,":[154],"beginning":[155],"reactive":[157],"methods":[158],"endeavors":[160],"more":[162,187],"transparent":[163],"systems,":[165],"are":[166],"foiled":[168],"zero-day":[170],"other":[174],"tactics":[176],"as":[178],"stalling.":[179],"Accordingly,":[180],"would":[182],"recommend":[183],"pursuit":[185],"generic":[188],"strategies":[190],"an":[192],"emphasis":[193],"path":[195],"exploration":[196],"has":[199],"potential":[201],"tactics.":[207]},"counts_by_year":[{"year":2026,"cited_by_count":10},{"year":2025,"cited_by_count":35},{"year":2024,"cited_by_count":27},{"year":2023,"cited_by_count":38},{"year":2022,"cited_by_count":33},{"year":2021,"cited_by_count":23},{"year":2020,"cited_by_count":14},{"year":2019,"cited_by_count":2}],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-10-10T00:00:00"}