{"id":"https://openalex.org/W4288072399","doi":"https://doi.org/10.1145/3473039","title":"Adversarial EXEmples","display_name":"Adversarial EXEmples","publication_year":2021,"publication_date":"2021-09-02","ids":{"openalex":"https://openalex.org/W4288072399","doi":"https://doi.org/10.1145/3473039"},"language":"en","primary_location":{"id":"doi:10.1145/3473039","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3473039","pdf_url":null,"source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://hdl.handle.net/11584/320602","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5069663380","display_name":"Luca Demetrio","orcid":"https://orcid.org/0000-0001-5104-1476"},"institutions":[{"id":"https://openalex.org/I172446870","display_name":"University of Cagliari","ror":"https://ror.org/003109y17","country_code":"IT","type":"education","lineage":["https://openalex.org/I172446870"]}],"countries":["IT"],"is_corresponding":true,"raw_author_name":"Luca Demetrio","raw_affiliation_strings":["Universit\u00c3 degli studi di Cagliari, ITA, Cagliari, Italy"],"affiliations":[{"raw_affiliation_string":"Universit\u00c3 degli studi di Cagliari, ITA, Cagliari, Italy","institution_ids":["https://openalex.org/I172446870"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5027501147","display_name":"Scott E. Coull","orcid":"https://orcid.org/0009-0003-6921-1842"},"institutions":[{"id":"https://openalex.org/I4210128452","display_name":"FireEye (United States)","ror":"https://ror.org/03dnqre85","country_code":"US","type":"company","lineage":["https://openalex.org/I4210128452"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Scott E. Coull","raw_affiliation_strings":["FireEye, Inc., Milpitas, CA"],"affiliations":[{"raw_affiliation_string":"FireEye, Inc., Milpitas, CA","institution_ids":["https://openalex.org/I4210128452"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5008367647","display_name":"Battista Biggio","orcid":"https://orcid.org/0000-0001-7752-509X"},"institutions":[{"id":"https://openalex.org/I172446870","display_name":"University of Cagliari","ror":"https://ror.org/003109y17","country_code":"IT","type":"education","lineage":["https://openalex.org/I172446870"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Battista Biggio","raw_affiliation_strings":["Universit\u00c3 degli studi di Cagliari, ITA and Pluribus One, ITA, Cagliari, Italy"],"affiliations":[{"raw_affiliation_string":"Universit\u00c3 degli studi di Cagliari, ITA and Pluribus One, ITA, Cagliari, Italy","institution_ids":["https://openalex.org/I172446870"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5039372480","display_name":"Giovanni Lagorio","orcid":"https://orcid.org/0000-0002-6632-1523"},"institutions":[{"id":"https://openalex.org/I83816512","display_name":"University of Genoa","ror":"https://ror.org/0107c5v14","country_code":"IT","type":"education","lineage":["https://openalex.org/I83816512"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Giovanni Lagorio","raw_affiliation_strings":["Universit\u00c3 degli Studi di Genova, ITA"],"affiliations":[{"raw_affiliation_string":"Universit\u00c3 degli Studi di Genova, ITA","institution_ids":["https://openalex.org/I83816512"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5039827178","display_name":"Alessandro Armando","orcid":"https://orcid.org/0000-0002-5246-2157"},"institutions":[{"id":"https://openalex.org/I83816512","display_name":"University of Genoa","ror":"https://ror.org/0107c5v14","country_code":"IT","type":"education","lineage":["https://openalex.org/I83816512"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Alessandro Armando","raw_affiliation_strings":["Universit\u00c3 degli Studi di Genova, ITA"],"affiliations":[{"raw_affiliation_string":"Universit\u00c3 degli Studi di Genova, ITA","institution_ids":["https://openalex.org/I83816512"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5065359946","display_name":"Fabio Roli","orcid":"https://orcid.org/0000-0003-4103-9190"},"institutions":[{"id":"https://openalex.org/I172446870","display_name":"University of Cagliari","ror":"https://ror.org/003109y17","country_code":"IT","type":"education","lineage":["https://openalex.org/I172446870"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Fabio Roli","raw_affiliation_strings":["Universit\u00e0 degli Studi di Cagliari, ITA and Pluribus One, ITA, Cagliari, Italy"],"affiliations":[{"raw_affiliation_string":"Universit\u00e0 degli Studi di Cagliari, ITA and Pluribus One, ITA, Cagliari, Italy","institution_ids":["https://openalex.org/I172446870"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5069663380"],"corresponding_institution_ids":["https://openalex.org/I172446870"],"apc_list":null,"apc_paid":null,"fwci":13.0812,"has_fulltext":false,"cited_by_count":109,"citation_normalized_percentile":{"value":0.9936917,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":100},"biblio":{"volume":"24","issue":"4","first_page":"1","last_page":"31"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9905999898910522,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.824000358581543},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7448655366897583},{"id":"https://openalex.org/keywords/executable","display_name":"Executable","score":0.6175707578659058},{"id":"https://openalex.org/keywords/byte","display_name":"Byte","score":0.5732554793357849},{"id":"https://openalex.org/keywords/evasion","display_name":"Evasion (ethics)","score":0.5654852390289307},{"id":"https://openalex.org/keywords/plug-in","display_name":"Plug-in","score":0.5517532229423523},{"id":"https://openalex.org/keywords/python","display_name":"Python (programming language)","score":0.5224617719650269},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.48351672291755676},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.46607017517089844},{"id":"https://openalex.org/keywords/payload","display_name":"Payload (computing)","score":0.4500541687011719},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.4408319592475891},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4216362535953522},{"id":"https://openalex.org/keywords/header","display_name":"Header","score":0.41420724987983704},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.33417004346847534},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3202928900718689}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.824000358581543},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7448655366897583},{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.6175707578659058},{"id":"https://openalex.org/C43364308","wikidata":"https://www.wikidata.org/wiki/Q8799","display_name":"Byte","level":2,"score":0.5732554793357849},{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.5654852390289307},{"id":"https://openalex.org/C4924752","wikidata":"https://www.wikidata.org/wiki/Q184148","display_name":"Plug-in","level":2,"score":0.5517532229423523},{"id":"https://openalex.org/C519991488","wikidata":"https://www.wikidata.org/wiki/Q28865","display_name":"Python (programming language)","level":2,"score":0.5224617719650269},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.48351672291755676},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.46607017517089844},{"id":"https://openalex.org/C134066672","wikidata":"https://www.wikidata.org/wiki/Q1424639","display_name":"Payload (computing)","level":3,"score":0.4500541687011719},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.4408319592475891},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4216362535953522},{"id":"https://openalex.org/C48105269","wikidata":"https://www.wikidata.org/wiki/Q1141160","display_name":"Header","level":2,"score":0.41420724987983704},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.33417004346847534},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3202928900718689},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C8891405","wikidata":"https://www.wikidata.org/wiki/Q1059","display_name":"Immune system","level":2,"score":0.0},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.0},{"id":"https://openalex.org/C203014093","wikidata":"https://www.wikidata.org/wiki/Q101929","display_name":"Immunology","level":1,"score":0.0},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/3473039","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3473039","pdf_url":null,"source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},{"id":"pmh:oai:iris.unica.it:11584/320602","is_oa":true,"landing_page_url":"https://hdl.handle.net/11584/320602","pdf_url":null,"source":{"id":"https://openalex.org/S4377196293","display_name":"UNICA IRIS Institutional Research Information System (University of Cagliari)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I172446870","host_organization_name":"University of Cagliari","host_organization_lineage":["https://openalex.org/I172446870"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/article"},{"id":"pmh:oai:iris.unige.it:11567/1083646","is_oa":false,"landing_page_url":"https://hdl.handle.net/11567/1083646","pdf_url":null,"source":{"id":"https://openalex.org/S4377196291","display_name":"CINECA IRIS Institutial Research Information System (University of Genoa)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I83816512","host_organization_name":"University of Genoa","host_organization_lineage":["https://openalex.org/I83816512"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"info:eu-repo/semantics/article"}],"best_oa_location":{"id":"pmh:oai:iris.unica.it:11584/320602","is_oa":true,"landing_page_url":"https://hdl.handle.net/11584/320602","pdf_url":null,"source":{"id":"https://openalex.org/S4377196293","display_name":"UNICA IRIS Institutional Research Information System (University of Cagliari)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I172446870","host_organization_name":"University of Cagliari","host_organization_lineage":["https://openalex.org/I172446870"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.44999998807907104}],"awards":[],"funders":[{"id":"https://openalex.org/F4320321873","display_name":"Ministero dell\u2019Istruzione, dell\u2019Universit\u00e0 e della Ricerca","ror":"https://ror.org/0166hxq48"},{"id":"https://openalex.org/F4320332999","display_name":"Horizon 2020 Framework Programme","ror":"https://ror.org/00k4n6c32"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":40,"referenced_works":["https://openalex.org/W9657784","https://openalex.org/W1666731339","https://openalex.org/W1673923490","https://openalex.org/W1893133781","https://openalex.org/W1945616565","https://openalex.org/W2095577883","https://openalex.org/W2144906988","https://openalex.org/W2408141691","https://openalex.org/W2557513839","https://openalex.org/W2560674852","https://openalex.org/W2603766943","https://openalex.org/W2746600820","https://openalex.org/W2792991556","https://openalex.org/W2793931959","https://openalex.org/W2799420851","https://openalex.org/W2904109097","https://openalex.org/W2951450826","https://openalex.org/W2963062382","https://openalex.org/W2963165251","https://openalex.org/W2963454111","https://openalex.org/W2963857521","https://openalex.org/W2973628901","https://openalex.org/W2974865449","https://openalex.org/W2982631433","https://openalex.org/W2995277535","https://openalex.org/W2996382967","https://openalex.org/W3007070494","https://openalex.org/W3007384386","https://openalex.org/W3009299257","https://openalex.org/W3015481738","https://openalex.org/W3033833039","https://openalex.org/W3090219579","https://openalex.org/W3103836116","https://openalex.org/W3106412272","https://openalex.org/W3111818035","https://openalex.org/W3164220323","https://openalex.org/W4288638181","https://openalex.org/W4289549047","https://openalex.org/W4297747285","https://openalex.org/W4300687693"],"related_works":["https://openalex.org/W2171597999","https://openalex.org/W2189136227","https://openalex.org/W1866537546","https://openalex.org/W630850086","https://openalex.org/W3200508093","https://openalex.org/W171785150","https://openalex.org/W4233480150","https://openalex.org/W1565224167","https://openalex.org/W4238950177","https://openalex.org/W744635822"],"abstract_inverted_index":{"Recent":[0],"work":[1,218],"has":[2],"shown":[3,184],"that":[4,63,83,148,181],"adversarial":[5,11,126],"Windows":[6,108],"malware":[7,61,227],"samples\u2014referred":[8],"to":[9,41,59,106,185,188],"as":[10,208],"EXE":[12],"mples":[13],"in":[14,68,154,164],"this":[15,72,217],"article\u2014can":[16],"bypass":[17],"machine":[18,225],"learning-based":[19,226],"detection":[20],"relying":[21],"on":[22,102,235],"static":[23],"code":[24],"analysis":[25],"by":[26,78,128,219],"perturbing":[27],"relatively":[28],"few":[29],"input":[30],"bytes.":[31],"To":[32,191],"preserve":[33],"malicious":[34],"functionality,":[35],"previous":[36,90,189],"attacks":[37,91,100,150],"either":[38],"add":[39],"bytes":[40],"existing":[42,152],"non-functional":[43],"areas":[44],"of":[45,140,166,171,179,194,210,223],"the":[46,107,125,131,138,141,172,204,211,221,245],"file,":[47],"potentially":[48],"limiting":[49],"their":[50],"effectiveness,":[51],"or":[52],"require":[53],"running":[54],"computationally":[55],"demanding":[56],"validation":[57],"steps":[58],"discard":[60],"variants":[62],"do":[64],"not":[65,85],"correctly":[66],"execute":[67],"sandbox":[69],"environments.":[70],"In":[71],"work,":[73],"we":[74,197],"overcome":[75],"these":[76,149],"limitations":[77,222],"developing":[79],"a":[80,161],"unifying":[81],"framework":[82,201],"does":[84],"only":[86],"encompass":[87],"and":[88,121,136,157,169,202],"generalize":[89],"against":[92],"machine-learning":[93],"models,":[94],"but":[95],"also":[96,176],"includes":[97],"three":[98],"novel":[99],"based":[101,234],"practical,":[103],"functionality-preserving":[104],"manipulations":[105],"Portable":[109],"Executable":[110],"file":[111],"format.":[112],"These":[113],"attacks,":[114],"named":[115],"Full":[116],"DOS":[117,132],",":[118,120,123],"Extend":[119],"Shift":[122],"inject":[124],"payload":[127],"respectively":[129],"manipulating":[130],"header,":[133],"extending":[134],"it,":[135],"shifting":[137],"content":[139],"first":[142],"section.":[143],"Our":[144],"experimental":[145],"results":[146],"show":[147],"outperform":[151],"ones":[153],"both":[155],"white-box":[156],"black-box":[158],"scenarios,":[159],"achieving":[160],"better":[162],"tradeoff":[163],"terms":[165],"evasion":[167,178],"rate":[168],"size":[170],"injected":[173],"payload,":[174],"while":[175],"enabling":[177],"models":[180],"have":[182],"been":[183],"be":[186],"robust":[187],"attacks.":[190],"facilitate":[192],"reproducibility":[193],"our":[195,200],"findings,":[196],"open":[198],"source":[199],"all":[203],"corresponding":[205],"attack":[206],"implementations":[207],"part":[209],"secml-malware":[212],"Python":[213],"library.":[214],"We":[215],"conclude":[216],"discussing":[220],"current":[224],"detectors,":[228],"along":[229],"with":[230],"potential":[231],"mitigation":[232],"strategies":[233],"embedding":[236],"domain":[237],"knowledge":[238],"coming":[239],"from":[240],"subject-matter":[241],"experts":[242],"directly":[243],"into":[244],"learning":[246],"process.":[247]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":21},{"year":2024,"cited_by_count":28},{"year":2023,"cited_by_count":37},{"year":2022,"cited_by_count":16},{"year":2021,"cited_by_count":4}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2022-07-28T00:00:00"}