{"id":"https://openalex.org/W4388886524","doi":"https://doi.org/10.1145/3605764.3623914","title":"Certified Robustness of Static Deep Learning-based Malware Detectors against Patch and Append Attacks","display_name":"Certified Robustness of Static Deep Learning-based Malware Detectors against Patch and Append Attacks","publication_year":2023,"publication_date":"2023-11-21","ids":{"openalex":"https://openalex.org/W4388886524","doi":"https://doi.org/10.1145/3605764.3623914"},"language":"en","primary_location":{"id":"doi:10.1145/3605764.3623914","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3605764.3623914","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3605764.3623914","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 16th ACM Workshop on Artificial Intelligence and Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3605764.3623914","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5061428004","display_name":"Daniel Gibert","orcid":"https://orcid.org/0000-0002-2448-1297"},"institutions":[{"id":"https://openalex.org/I100930933","display_name":"University College Dublin","ror":"https://ror.org/05m7pjf47","country_code":"IE","type":"education","lineage":["https://openalex.org/I100930933"]}],"countries":["IE"],"is_corresponding":true,"raw_author_name":"Daniel Gibert","raw_affiliation_strings":["University College Dublin, Dublin, Ireland"],"affiliations":[{"raw_affiliation_string":"University College Dublin, Dublin, Ireland","institution_ids":["https://openalex.org/I100930933"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082574744","display_name":"Giulio Zizzo","orcid":"https://orcid.org/0009-0004-5750-5744"},"institutions":[{"id":"https://openalex.org/I4210145784","display_name":"IBM Research - Ireland","ror":"https://ror.org/04jnxr720","country_code":"IE","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210114115","https://openalex.org/I4210145784"]}],"countries":["IE"],"is_corresponding":false,"raw_author_name":"Giulio Zizzo","raw_affiliation_strings":["IBM Research Europe, Dublin, Ireland"],"affiliations":[{"raw_affiliation_string":"IBM Research Europe, Dublin, Ireland","institution_ids":["https://openalex.org/I4210145784"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5077768209","display_name":"Quan Le","orcid":"https://orcid.org/0000-0001-6513-8340"},"institutions":[{"id":"https://openalex.org/I100930933","display_name":"University College Dublin","ror":"https://ror.org/05m7pjf47","country_code":"IE","type":"education","lineage":["https://openalex.org/I100930933"]}],"countries":["IE"],"is_corresponding":false,"raw_author_name":"Quan Le","raw_affiliation_strings":["University College Dublin, Dublin, Ireland"],"affiliations":[{"raw_affiliation_string":"University College Dublin, Dublin, Ireland","institution_ids":["https://openalex.org/I100930933"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5061428004"],"corresponding_institution_ids":["https://openalex.org/I100930933"],"apc_list":null,"apc_paid":null,"fwci":1.0784,"has_fulltext":true,"cited_by_count":6,"citation_normalized_percentile":{"value":0.82172204,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"173","last_page":"184"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.989799976348877,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/append","display_name":"Append","score":0.854239821434021},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8533600568771362},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.74745774269104},{"id":"https://openalex.org/keywords/executable","display_name":"Executable","score":0.662264883518219},{"id":"https://openalex.org/keywords/byte","display_name":"Byte","score":0.6311514973640442},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.5753690004348755},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5216082334518433},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5050378441810608},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.4916291832923889},{"id":"https://openalex.org/keywords/smoothing","display_name":"Smoothing","score":0.45181021094322205},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.4393021762371063},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.33516424894332886},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.29524677991867065},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.22002381086349487},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.20592129230499268}],"concepts":[{"id":"https://openalex.org/C2777998813","wikidata":"https://www.wikidata.org/wiki/Q16869124","display_name":"Append","level":2,"score":0.854239821434021},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8533600568771362},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.74745774269104},{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.662264883518219},{"id":"https://openalex.org/C43364308","wikidata":"https://www.wikidata.org/wiki/Q8799","display_name":"Byte","level":2,"score":0.6311514973640442},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.5753690004348755},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5216082334518433},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5050378441810608},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.4916291832923889},{"id":"https://openalex.org/C3770464","wikidata":"https://www.wikidata.org/wiki/Q775963","display_name":"Smoothing","level":2,"score":0.45181021094322205},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.4393021762371063},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.33516424894332886},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.29524677991867065},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.22002381086349487},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.20592129230499268},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0},{"id":"https://openalex.org/C31972630","wikidata":"https://www.wikidata.org/wiki/Q844240","display_name":"Computer vision","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3605764.3623914","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3605764.3623914","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3605764.3623914","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 16th ACM Workshop on Artificial Intelligence and Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3605764.3623914","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3605764.3623914","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3605764.3623914","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 16th ACM Workshop on Artificial Intelligence and Security","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.8100000023841858}],"awards":[{"id":"https://openalex.org/G2689612763","display_name":null,"funder_award_id":"Marie","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G3514550006","display_name":null,"funder_award_id":"Centre","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G8051717526","display_name":null,"funder_award_id":"Grant","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G8318064016","display_name":null,"funder_award_id":"Horizon","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"}],"funders":[{"id":"https://openalex.org/F4320320300","display_name":"European Commission","ror":"https://ror.org/00k4n6c32"},{"id":"https://openalex.org/F4320320858","display_name":"University College Dublin","ror":"https://ror.org/05m7pjf47"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4388886524.pdf","grobid_xml":"https://content.openalex.org/works/W4388886524.grobid-xml"},"referenced_works_count":11,"referenced_works":["https://openalex.org/W2267635142","https://openalex.org/W2963165251","https://openalex.org/W2973628901","https://openalex.org/W3025067198","https://openalex.org/W3090219579","https://openalex.org/W3164220323","https://openalex.org/W3175941285","https://openalex.org/W3178593045","https://openalex.org/W4210864560","https://openalex.org/W4288072399","https://openalex.org/W4385412213"],"related_works":["https://openalex.org/W2182311571","https://openalex.org/W2088586339","https://openalex.org/W2322447839","https://openalex.org/W1497439325","https://openalex.org/W2316107800","https://openalex.org/W2091059593","https://openalex.org/W1995118279","https://openalex.org/W4240624848","https://openalex.org/W3184389706","https://openalex.org/W2145181146"],"abstract_inverted_index":{"Machine":[0],"learning-based":[1],"(ML)":[2],"malware":[3,13,42],"detectors":[4,21],"have":[5,194],"been":[6],"shown":[7],"to":[8,11,22,112,228],"be":[9],"susceptible":[10],"adversarial":[12],"examples.":[14],"Given":[15],"the":[16,26,49,89,104,147,151,155,159,162,188,203,209,218],"vulnerability":[17],"of":[18,51,78,118,123,139,158,175,190],"deep":[19],"learning":[20],"small":[23],"changes":[24],"on":[25,41,60,76,115,202],"input":[27],"file,":[28],"we":[29,64,177,193],"propose":[30],"a":[31,54,69,85,107,116,172,196,229],"practical":[32],"and":[33,38,94,142,166,222],"certifiable":[34,55],"defense":[35,45,56],"against":[36,57,91,183,217],"patch":[37,58,92,165],"append":[39,95,167],"attacks":[40,59,93,168,225],"detection.":[43],"Our":[44,97],"is":[46,110,134,214],"inspired":[47],"by":[48],"concept":[50],"(de)randomized":[52],"smoothing,":[53],"image":[61],"classifiers,":[62],"which":[63],"adapt":[65],"by:":[66],"(1)":[67],"presenting":[68],"novel":[70],"chunk-based":[71,200,211],"smoothing":[72],"scheme":[73,201],"that":[74,87,164,208],"operates":[75],"subsequences":[77],"bytes":[79,120,124],"within":[80],"an":[81,126,132],"executable;":[82,127],"(2)":[83],"deriving":[84],"certificate":[86],"measures":[88],"robustness":[90,181],"attacks.":[96,185],"approach":[98,192],"works":[99],"as":[100,150],"follows:":[101],"(i)":[102],"during":[103],"training":[105],"phase,":[106],"base":[108],"classifier":[109,197,213],"trained":[111,195],"make":[113],"classifications":[114],"subset":[117],"continguous":[119],"or":[121],"chunk":[122],"from":[125],"(ii)":[128],"at":[129],"test":[130],"time,":[131],"executable":[133,149],"divided":[135],"into":[136],"non-overlapping":[137],"chunks":[138],"fixed":[140],"size":[141],"our":[143,191,199],"detection":[144],"system":[145],"classifies":[146],"original":[148],"majority":[152],"vote":[153],"over":[154],"predicted":[156],"classes":[157],"chunks.":[160],"Leveraging":[161],"fact":[163],"can":[169],"only":[170],"influence":[171],"certain":[173],"number":[174],"chunks,":[176],"derive":[178],"meaningful":[179],"large":[180],"certificates":[182],"both":[184],"To":[186],"demonstrate":[187],"suitability":[189],"with":[198],"BODMAS":[204],"dataset.":[205],"We":[206],"show":[207],"proposed":[210],"smoothed":[212],"more":[215],"robust":[216],"benign":[219],"injection":[220],"attack":[221],"state-of-the-art":[223],"evasion":[224],"in":[226],"comparison":[227],"non-smoothed":[230],"classifier.":[231]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":3}],"updated_date":"2026-03-11T14:59:36.786465","created_date":"2025-10-10T00:00:00"}