{"id":"https://openalex.org/W4405182127","doi":"https://doi.org/10.1145/3658644.3670386","title":"Inbox Invasion: Exploiting MIME Ambiguities to Evade Email Attachment Detectors","display_name":"Inbox Invasion: Exploiting MIME Ambiguities to Evade Email Attachment Detectors","publication_year":2024,"publication_date":"2024-12-02","ids":{"openalex":"https://openalex.org/W4405182127","doi":"https://doi.org/10.1145/3658644.3670386"},"language":"en","primary_location":{"id":"doi:10.1145/3658644.3670386","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3670386","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3670386","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3670386","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Jiahe Zhang","orcid":"https://orcid.org/0009-0000-3537-8845"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Jiahe Zhang","raw_affiliation_strings":["Tsinghua University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5041795098","display_name":"Jianjun Chen","orcid":"https://orcid.org/0000-0001-7511-1117"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jianjun Chen","raw_affiliation_strings":["Tsinghua University &amp; Zhongguancun Laboratory, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University &amp; Zhongguancun Laboratory, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Qi Wang","orcid":"https://orcid.org/0009-0008-5707-3223"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qi Wang","raw_affiliation_strings":["Tsinghua University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Hangyu Zhang","orcid":"https://orcid.org/0009-0004-6219-504X"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Hangyu Zhang","raw_affiliation_strings":["Tsinghua University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101494594","display_name":"Chuhan Wang","orcid":"https://orcid.org/0000-0003-4715-4667"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chuhan Wang","raw_affiliation_strings":["Tsinghua University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5112309175","display_name":"Jianwei Zhuge","orcid":"https://orcid.org/0009-0005-9570-3335"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jianwei Zhuge","raw_affiliation_strings":["Tsinghua University &amp; Zhongguancun Laboratory, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University &amp; Zhongguancun Laboratory, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5067799841","display_name":"Haixin Duan","orcid":"https://orcid.org/0000-0003-0083-733X"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Haixin Duan","raw_affiliation_strings":["Tsinghua University &amp; Zhongguancun Laboratory, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University &amp; Zhongguancun Laboratory, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I99065089"],"apc_list":null,"apc_paid":null,"fwci":1.5309,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.88215277,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"467","last_page":"481"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7619625329971313},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6683433055877686},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.665263831615448},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.5330029726028442},{"id":"https://openalex.org/keywords/evasion","display_name":"Evasion (ethics)","score":0.5211313366889954},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.4784712493419647},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.41900426149368286}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7619625329971313},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6683433055877686},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.665263831615448},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.5330029726028442},{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.5211313366889954},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.4784712493419647},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.41900426149368286},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C203014093","wikidata":"https://www.wikidata.org/wiki/Q101929","display_name":"Immunology","level":1,"score":0.0},{"id":"https://openalex.org/C8891405","wikidata":"https://www.wikidata.org/wiki/Q1059","display_name":"Immune system","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3658644.3670386","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3670386","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3670386","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3658644.3670386","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3670386","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3670386","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1108972212","display_name":null,"funder_award_id":"62272265","funder_id":"https://openalex.org/F4320323817","funder_display_name":"Universitas Brawijaya"}],"funders":[{"id":"https://openalex.org/F4320323817","display_name":"Universitas Brawijaya","ror":"https://ror.org/01wk3d929"}],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4405182127.pdf"},"referenced_works_count":20,"referenced_works":["https://openalex.org/W1642192185","https://openalex.org/W1653446932","https://openalex.org/W1727570481","https://openalex.org/W1871873841","https://openalex.org/W1985795489","https://openalex.org/W2054426341","https://openalex.org/W2145945274","https://openalex.org/W2166509025","https://openalex.org/W2288309966","https://openalex.org/W2509375808","https://openalex.org/W2575541032","https://openalex.org/W2579069073","https://openalex.org/W2914692020","https://openalex.org/W2954978134","https://openalex.org/W3211708465","https://openalex.org/W4287849789","https://openalex.org/W4296880930","https://openalex.org/W4298469866","https://openalex.org/W4391724809","https://openalex.org/W4402264565"],"related_works":["https://openalex.org/W1966145327","https://openalex.org/W2783112941","https://openalex.org/W2526398307","https://openalex.org/W2470029541","https://openalex.org/W4387065217","https://openalex.org/W3048799479","https://openalex.org/W4368275542","https://openalex.org/W3006507989","https://openalex.org/W2470502009","https://openalex.org/W2779961139"],"abstract_inverted_index":{"Email":[0],"attachments":[1],"have":[2,138],"become":[3],"a":[4,71],"favored":[5],"delivery":[6],"vector":[7],"for":[8],"malware":[9,135],"campaigns.":[10],"In":[11,52,109],"response,":[12],"email":[13,21,34,62,82,94,103,120],"attachment":[14,63],"detectors":[15,35,91],"are":[16],"widely":[17],"deployed":[18],"to":[19,38,76,144,148],"safeguard":[20],"security.":[22],"However,":[23],"an":[24],"emerging":[25],"threat":[26],"arises":[27],"when":[28],"adversaries":[29],"exploit":[30],"parsing":[31,66],"discrepancies":[32],"between":[33],"and":[36,98,100,107,122,129,156,167],"clients":[37,104],"evade":[39],"detection.":[40],"Currently,":[41],"uncovering":[42],"these":[43,127],"vulnerabilities":[44,80,128,143,155],"still":[45],"depends":[46],"on":[47],"manual,":[48],"ad":[49],"hoc":[50],"methods.":[51],"this":[53],"paper,":[54],"we":[55,111],"perform":[56],"the":[57,145,151],"first":[58],"systematic":[59],"evaluation":[60],"of":[61,92,134,153],"detection":[64],"against":[65,88],"ambiguity":[67],"vulnerabilities.":[68],"We":[69,84,124,137],"propose":[70],"novel":[72],"testing":[73],"methodology,":[74],"MIMEminer,":[75],"systematically":[77],"discover":[78],"evasion":[79,115],"in":[81],"systems.":[83],"evaluated":[85],"our":[86],"methodology":[87],"16":[89],"content":[90],"popular":[93,102],"services":[95,121],"like":[96,105],"Gmail":[97],"iCloud,":[99,163],"7":[101],"Outlook":[106],"Thunderbird.":[108],"total,":[110],"discovered":[112],"19":[113],"new":[114],"methods":[116],"affecting":[117],"all":[118],"tested":[119],"clients.":[123],"further":[125],"analyzed":[126],"identified":[130,142],"three":[131],"primary":[132],"categories":[133],"evasions.":[136],"responsibly":[139],"reported":[140],"those":[141],"affected":[146],"providers":[147],"help":[149],"with":[150],"remediation":[152],"such":[154],"received":[157],"acknowledgments":[158],"from":[159],"Google":[160],"Gmail,":[161],"Apple":[162],"Coremail,":[164],"Tencent,":[165],"Amavis":[166],"Perl":[168],"MIME-tools.":[169]},"counts_by_year":[{"year":2025,"cited_by_count":2}],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-10-10T00:00:00"}