{"id":"https://openalex.org/W4281385582","doi":"https://doi.org/10.1145/3488932.3497768","title":"MAB-Malware","display_name":"MAB-Malware","publication_year":2022,"publication_date":"2022-05-24","ids":{"openalex":"https://openalex.org/W4281385582","doi":"https://doi.org/10.1145/3488932.3497768"},"language":"en","primary_location":{"id":"doi:10.1145/3488932.3497768","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3488932.3497768","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3488932.3497768","source":{"id":"https://openalex.org/S4363609011","display_name":"Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3488932.3497768","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5067090170","display_name":"Wei Song","orcid":"https://orcid.org/0000-0002-5909-9661"},"institutions":[{"id":"https://openalex.org/I103635307","display_name":"University of California, Riverside","ror":"https://ror.org/03nawhv43","country_code":"US","type":"education","lineage":["https://openalex.org/I103635307"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Wei Song","raw_affiliation_strings":["University of California, Riverside, Riverside, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Riverside, Riverside, CA, USA","institution_ids":["https://openalex.org/I103635307"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058972082","display_name":"Xuezixiang Li","orcid":"https://orcid.org/0009-0005-9713-3815"},"institutions":[{"id":"https://openalex.org/I103635307","display_name":"University of California, Riverside","ror":"https://ror.org/03nawhv43","country_code":"US","type":"education","lineage":["https://openalex.org/I103635307"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xuezixiang Li","raw_affiliation_strings":["University of California, Riverside, Riverside, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Riverside, Riverside, CA, USA","institution_ids":["https://openalex.org/I103635307"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5003132155","display_name":"Sadia Afroz","orcid":"https://orcid.org/0000-0002-2485-548X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Sadia Afroz","raw_affiliation_strings":["Avast, ICSI, San Francisco, CA, USA"],"affiliations":[{"raw_affiliation_string":"Avast, ICSI, San Francisco, CA, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001907607","display_name":"Deepali Garg","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Deepali Garg","raw_affiliation_strings":["Avast, Santa Clara, CA, USA"],"affiliations":[{"raw_affiliation_string":"Avast, Santa Clara, CA, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5023325161","display_name":"Dmitry Kuznetsov","orcid":"https://orcid.org/0000-0002-9972-947X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Dmitry Kuznetsov","raw_affiliation_strings":["Avast, Prague, Czech Rep"],"affiliations":[{"raw_affiliation_string":"Avast, Prague, Czech Rep","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5073376805","display_name":"Heng Yin","orcid":"https://orcid.org/0000-0002-8942-7742"},"institutions":[{"id":"https://openalex.org/I103635307","display_name":"University of California, Riverside","ror":"https://ror.org/03nawhv43","country_code":"US","type":"education","lineage":["https://openalex.org/I103635307"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Heng Yin","raw_affiliation_strings":["University of California, Riverside, Riverside, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Riverside, Riverside, CA, USA","institution_ids":["https://openalex.org/I103635307"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5067090170"],"corresponding_institution_ids":["https://openalex.org/I103635307"],"apc_list":null,"apc_paid":null,"fwci":5.5906,"has_fulltext":true,"cited_by_count":48,"citation_normalized_percentile":{"value":0.9732452,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"990","last_page":"1003"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9696000218391418,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7483230233192444},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7280171513557434},{"id":"https://openalex.org/keywords/evasion","display_name":"Evasion (ethics)","score":0.6787095069885254},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.6164058446884155},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5653751492500305},{"id":"https://openalex.org/keywords/reinforcement-learning","display_name":"Reinforcement learning","score":0.5596440434455872},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5488616824150085},{"id":"https://openalex.org/keywords/black-box","display_name":"Black box","score":0.4982717037200928},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.4604746401309967},{"id":"https://openalex.org/keywords/root-cause","display_name":"Root cause","score":0.43537819385528564},{"id":"https://openalex.org/keywords/white-box","display_name":"White box","score":0.424981951713562},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.35704565048217773},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.10776391625404358}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7483230233192444},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7280171513557434},{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.6787095069885254},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.6164058446884155},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5653751492500305},{"id":"https://openalex.org/C97541855","wikidata":"https://www.wikidata.org/wiki/Q830687","display_name":"Reinforcement learning","level":2,"score":0.5596440434455872},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5488616824150085},{"id":"https://openalex.org/C94966114","wikidata":"https://www.wikidata.org/wiki/Q29256","display_name":"Black box","level":2,"score":0.4982717037200928},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.4604746401309967},{"id":"https://openalex.org/C84945661","wikidata":"https://www.wikidata.org/wiki/Q7366567","display_name":"Root cause","level":2,"score":0.43537819385528564},{"id":"https://openalex.org/C180932941","wikidata":"https://www.wikidata.org/wiki/Q997233","display_name":"White box","level":2,"score":0.424981951713562},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.35704565048217773},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.10776391625404358},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0},{"id":"https://openalex.org/C8891405","wikidata":"https://www.wikidata.org/wiki/Q1059","display_name":"Immune system","level":2,"score":0.0},{"id":"https://openalex.org/C200601418","wikidata":"https://www.wikidata.org/wiki/Q2193887","display_name":"Reliability engineering","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C203014093","wikidata":"https://www.wikidata.org/wiki/Q101929","display_name":"Immunology","level":1,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3488932.3497768","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3488932.3497768","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3488932.3497768","source":{"id":"https://openalex.org/S4363609011","display_name":"Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3488932.3497768","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3488932.3497768","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3488932.3497768","source":{"id":"https://openalex.org/S4363609011","display_name":"Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[{"score":0.41999998688697815,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G5972417660","display_name":null,"funder_award_id":"1719175","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G848032724","display_name":null,"funder_award_id":"Science","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4281385582.pdf","grobid_xml":"https://content.openalex.org/works/W4281385582.grobid-xml"},"referenced_works_count":23,"referenced_works":["https://openalex.org/W1893133781","https://openalex.org/W1966948031","https://openalex.org/W2009801020","https://openalex.org/W2167003418","https://openalex.org/W2485666843","https://openalex.org/W2574797807","https://openalex.org/W2775261393","https://openalex.org/W2776884785","https://openalex.org/W2780061022","https://openalex.org/W2949639282","https://openalex.org/W2963165251","https://openalex.org/W2963539830","https://openalex.org/W2964159373","https://openalex.org/W2964262883","https://openalex.org/W2969568306","https://openalex.org/W2970044827","https://openalex.org/W2973628901","https://openalex.org/W2982631433","https://openalex.org/W3006800307","https://openalex.org/W3090219579","https://openalex.org/W3164220323","https://openalex.org/W3168097936","https://openalex.org/W4289038676"],"related_works":["https://openalex.org/W4387298227","https://openalex.org/W2047881532","https://openalex.org/W2526398307","https://openalex.org/W2470029541","https://openalex.org/W2727407240","https://openalex.org/W4387065217","https://openalex.org/W4285357721","https://openalex.org/W4368275542","https://openalex.org/W2470502009","https://openalex.org/W3152957156"],"abstract_inverted_index":{"Modern":[0],"commercial":[1,54,227,254],"antivirus":[2,55],"systems":[3],"increasingly":[4],"rely":[5],"on":[6,174],"machine":[7,25],"learning":[8,26,184],"(ML)":[9],"to":[10,30,44,62,75,99,135,158,177],"keep":[11],"up":[12],"with":[13],"the":[14,45,77,111,127,146,151,164,172,180,189,238],"rampant":[15],"inflation":[16],"of":[17,79,192,240],"new":[18],"malware.":[19],"However,":[20,49],"it":[21,71,210],"is":[22,72,246],"well-known":[23],"that":[24,38,237,249],"models":[27,51,81],"are":[28,42,58],"vulnerable":[29],"adversarial":[31,47,112,241],"examples":[32],"(AEs).":[33],"Previous":[34],"works":[35],"have":[36],"shown":[37],"ML":[39,50,80,219],"malware":[40,104],"classifiers":[41,105,245,252],"fragile":[43],"white-box":[46],"attacks.":[48],"used":[52],"in":[53,85,141,167,182,229],"(AV)":[56],"products":[57],"usually":[59],"not":[60],"available":[61],"attackers":[63],"and":[64,82,106,130,169,221,253],"only":[65],"return":[66],"hard":[67],"classification":[68],"labels.":[69],"Therefore,":[70],"more":[73,132],"practical":[74],"evaluate":[76],"robustness":[78],"real-world":[83],"AVs":[84,228],"a":[86,92,116,155,195,230],"pure":[87,231],"black-box":[88,93,232],"manner.":[89],"We":[90,234],"propose":[91],"Reinforcement":[94],"Learning":[95],"(RL)":[96],"based":[97],"framework":[98,198],"generate":[100],"AEs":[101],"for":[102,216,226],"PE":[103],"AV":[107],"engines.":[108],"It":[109],"regards":[110],"attack":[113],"problem":[114],"as":[115,154],"multi-armed":[117],"bandit":[118],"problem,":[119],"which":[120],"finds":[121],"an":[122],"optimal":[123],"balance":[124],"between":[125,250],"exploiting":[126],"successful":[128,165],"patterns":[129],"exploring":[131],"varieties.":[133],"Compared":[134],"other":[136,205],"frameworks,":[137],"our":[138,197],"improvements":[139],"lie":[140],"three":[142],"points:":[143],"1)":[144],"limiting":[145],"exploration":[147],"space":[148],"by":[149],"modeling":[150],"generation":[152],"process":[153,157],"stateless":[156],"avoid":[159],"combination":[160],"explosions,":[161],"2)":[162],"reusing":[163],"payload":[166],"modeling;":[168],"3)":[170],"minimizing":[171],"changes":[173],"AE":[175],"samples":[176],"correctly":[178],"assign":[179],"rewards":[181],"RL":[183],"(which":[185],"also":[186,235],"helps":[187],"identify":[188],"root":[190],"cause":[191],"evasions).":[193],"As":[194],"result,":[196],"has":[199,211],"much":[200],"higher":[201,247],"evasion":[202,214,224],"rates":[203],"than":[204,248],"off-the-shelf":[206],"frameworks.":[207],"Results":[208],"show":[209],"over":[212,222],"74%--97%":[213],"rate":[215,225],"two":[217],"state-of-the-art":[218],"detectors":[220],"32%--48%":[223],"setting.":[233],"demonstrate":[236],"transferability":[239],"attacks":[242],"among":[243],"ML-based":[244,251],"AVs.":[255]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":14},{"year":2024,"cited_by_count":12},{"year":2023,"cited_by_count":16},{"year":2022,"cited_by_count":4},{"year":2012,"cited_by_count":1}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2022-05-25T00:00:00"}