{"id":"https://openalex.org/W4308562609","doi":"https://doi.org/10.1145/3560835.3564550","title":"Exorcist","display_name":"Exorcist","publication_year":2022,"publication_date":"2022-11-08","ids":{"openalex":"https://openalex.org/W4308562609","doi":"https://doi.org/10.1145/3560835.3564550"},"language":"en","primary_location":{"id":"doi:10.1145/3560835.3564550","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3560835.3564550","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5110752242","display_name":"Frederick Barr-Smith","orcid":null},"institutions":[{"id":"https://openalex.org/I40120149","display_name":"University of Oxford","ror":"https://ror.org/052gg0110","country_code":"GB","type":"education","lineage":["https://openalex.org/I40120149"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Frederick Barr-Smith","raw_affiliation_strings":["University of Oxford, Oxford, United Kingdom"],"affiliations":[{"raw_affiliation_string":"University of Oxford, Oxford, United Kingdom","institution_ids":["https://openalex.org/I40120149"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5011772097","display_name":"Tim Blazytko","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Tim Blazytko","raw_affiliation_strings":["Emproof B.V., Eindhoven, Netherlands"],"affiliations":[{"raw_affiliation_string":"Emproof B.V., Eindhoven, Netherlands","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101669063","display_name":"Richard Baker","orcid":"https://orcid.org/0000-0001-8215-1053"},"institutions":[{"id":"https://openalex.org/I40120149","display_name":"University of Oxford","ror":"https://ror.org/052gg0110","country_code":"GB","type":"education","lineage":["https://openalex.org/I40120149"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Richard Baker","raw_affiliation_strings":["University of Oxford, Oxford, United Kingdom"],"affiliations":[{"raw_affiliation_string":"University of Oxford, Oxford, United Kingdom","institution_ids":["https://openalex.org/I40120149"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5033928805","display_name":"Ivan Martinovi\u0107","orcid":"https://orcid.org/0000-0003-2340-3040"},"institutions":[{"id":"https://openalex.org/I40120149","display_name":"University of Oxford","ror":"https://ror.org/052gg0110","country_code":"GB","type":"education","lineage":["https://openalex.org/I40120149"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Ivan Martinovic","raw_affiliation_strings":["University of Oxford, Oxford, United Kingdom"],"affiliations":[{"raw_affiliation_string":"University of Oxford, Oxford, United Kingdom","institution_ids":["https://openalex.org/I40120149"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5110752242"],"corresponding_institution_ids":["https://openalex.org/I40120149"],"apc_list":null,"apc_paid":null,"fwci":1.7848,"has_fulltext":false,"cited_by_count":12,"citation_normalized_percentile":{"value":0.8492331,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"51","last_page":"61"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9951000213623047,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/supply-chain","display_name":"Supply chain","score":0.7830413579940796},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.7716000080108643},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.719895601272583},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.6377856731414795},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5100398659706116},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.3031809329986572},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.2294139862060547},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.07931026816368103}],"concepts":[{"id":"https://openalex.org/C108713360","wikidata":"https://www.wikidata.org/wiki/Q1824206","display_name":"Supply chain","level":2,"score":0.7830413579940796},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.7716000080108643},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.719895601272583},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.6377856731414795},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5100398659706116},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3031809329986572},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.2294139862060547},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.07931026816368103},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3560835.3564550","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3560835.3564550","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G8467514335","display_name":"Cyber Security CDT Phase Two (University of Oxford)","funder_award_id":"EP/P00881X/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"}],"funders":[{"id":"https://openalex.org/F4320334627","display_name":"Engineering and Physical Sciences Research Council","ror":"https://ror.org/0439y7842"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":28,"referenced_works":["https://openalex.org/W1892063863","https://openalex.org/W1968549720","https://openalex.org/W2069268700","https://openalex.org/W2077667328","https://openalex.org/W2091939272","https://openalex.org/W2093668291","https://openalex.org/W2132874238","https://openalex.org/W2150423842","https://openalex.org/W2160597734","https://openalex.org/W2532945044","https://openalex.org/W2560252021","https://openalex.org/W2601591992","https://openalex.org/W2766980353","https://openalex.org/W2768096314","https://openalex.org/W2773100910","https://openalex.org/W2797678261","https://openalex.org/W2890434219","https://openalex.org/W2914982603","https://openalex.org/W2968580482","https://openalex.org/W3006711782","https://openalex.org/W3007070494","https://openalex.org/W3015650867","https://openalex.org/W3032626790","https://openalex.org/W3081194266","https://openalex.org/W3137262157","https://openalex.org/W3152957156","https://openalex.org/W3205566425","https://openalex.org/W4220682629"],"related_works":["https://openalex.org/W2899084033","https://openalex.org/W2770234245","https://openalex.org/W96612179","https://openalex.org/W4229499248","https://openalex.org/W2566006169","https://openalex.org/W1567818861","https://openalex.org/W2987774938","https://openalex.org/W4256492088","https://openalex.org/W632915154","https://openalex.org/W2055733372"],"abstract_inverted_index":{"The":[0],"insertion":[1,66],"of":[2,13,51,67,76,95,103,131],"trojanised":[3,133],"binaries":[4,134],"into":[5],"supply":[6,41,71,138,156],"chains":[7,72],"are":[8],"a":[9,17,36,52,88,104,119],"particularly":[10],"subtle":[11],"form":[12],"cyber-attack":[14],"that":[15,122],"require":[16],"multi-staged":[18],"and":[19,25,127],"complex":[20],"deployment":[21],"methodology":[22],"to":[23,45,63,108],"implement":[24],"execute.":[26],"In":[27,140],"the":[28,65,154],"years":[29],"preceding":[30],"this":[31,56,99,115,142],"research":[32],"there":[33],"has":[34,84],"been":[35,85],"spike":[37],"in":[38,70,87,135],"closed-source":[39],"software":[40,137,155],"chain":[42],"attacks":[43,151],"used":[44],"attack":[46,57],"downstream":[47],"clients":[48],"or":[49],"users":[50],"company.":[53],"To":[54,113],"detect":[55],"type,":[58],"we":[59,117,123,144],"present":[60,118],"an":[61],"approach":[62,79,116],"detecting":[64,132],"malicious":[68,82,111],"functionality":[69,83],"via":[73,100,153],"differential":[74],"analysis":[75],"binaries.":[77],"This":[78],"determines":[80],"whether":[81],"inserted":[86],"particular":[89],"build":[90,107],"by":[91],"looking":[92],"for":[93],"indicators":[94],"maliciousness.":[96],"We":[97],"accomplish":[98],"automated":[101],"comparison":[102],"known":[105],"benign":[106],"successive":[109],"potentially":[110],"versions.":[112],"substantiate":[114],"system,":[120],"Exorcist,":[121],"have":[124],"designed,":[125],"developed":[126],"evaluated":[128],"as":[129],"capable":[130],"Windows":[136],"chains.":[139],"evaluating":[141],"system":[143],"analyse":[145],"12":[146],"samples":[147],"from":[148],"high-profile":[149],"APT":[150],"conducted":[152],"chain.":[157]},"counts_by_year":[{"year":2025,"cited_by_count":7},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2022-11-12T00:00:00"}