{"id":"https://openalex.org/W4405181213","doi":"https://doi.org/10.1145/3658644.3690208","title":"Training Robust ML-based Raw-Binary Malware Detectors in Hours, not Months","display_name":"Training Robust ML-based Raw-Binary Malware Detectors in Hours, not Months","publication_year":2024,"publication_date":"2024-12-02","ids":{"openalex":"https://openalex.org/W4405181213","doi":"https://doi.org/10.1145/3658644.3690208"},"language":"en","primary_location":{"id":"doi:10.1145/3658644.3690208","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690208","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690208","source":null,"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690208","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5055066834","display_name":"Keane Lucas","orcid":"https://orcid.org/0000-0002-4705-3412"},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Keane Lucas","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, Pennsylvania, United States"],"raw_orcid":"https://orcid.org/0000-0002-4705-3412","affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, Pennsylvania, United States","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102490009","display_name":"Weiran Lin","orcid":null},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Weiran Lin","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, Pennsylvania, USA"],"raw_orcid":"https://orcid.org/0009-0005-6759-6499","affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, Pennsylvania, USA","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5002939847","display_name":"Lujo Bauer","orcid":"https://orcid.org/0000-0002-8209-6792"},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Lujo Bauer","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, Pennsylvania, USA"],"raw_orcid":"https://orcid.org/0000-0002-8209-6792","affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, Pennsylvania, USA","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5074117167","display_name":"Michael K. Reiter","orcid":"https://orcid.org/0000-0001-7007-8274"},"institutions":[{"id":"https://openalex.org/I170897317","display_name":"Duke University","ror":"https://ror.org/00py81415","country_code":"US","type":"education","lineage":["https://openalex.org/I170897317"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Michael K. Reiter","raw_affiliation_strings":["Duke University, Durham, North Carolina, USA"],"raw_orcid":"https://orcid.org/0000-0001-7007-8274","affiliations":[{"raw_affiliation_string":"Duke University, Durham, North Carolina, USA","institution_ids":["https://openalex.org/I170897317"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101501539","display_name":"Mahmood Sharif","orcid":"https://orcid.org/0000-0001-7661-2220"},"institutions":[{"id":"https://openalex.org/I16391192","display_name":"Tel Aviv University","ror":"https://ror.org/04mhzgx49","country_code":"IL","type":"education","lineage":["https://openalex.org/I16391192"]}],"countries":["IL"],"is_corresponding":false,"raw_author_name":"Mahmood Sharif","raw_affiliation_strings":["Tel Aviv University, Tel Aviv, Israel"],"raw_orcid":"https://orcid.org/0000-0001-7661-2220","affiliations":[{"raw_affiliation_string":"Tel Aviv University, Tel Aviv, Israel","institution_ids":["https://openalex.org/I16391192"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.6114,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.68042822,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"124","last_page":"138"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.9700999855995178,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.8272218704223633},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7843139171600342},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.7749857902526855},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.6838169693946838},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.6204374432563782},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5452010631561279},{"id":"https://openalex.org/keywords/detector","display_name":"Detector","score":0.4777314364910126},{"id":"https://openalex.org/keywords/training-set","display_name":"Training set","score":0.45066818594932556},{"id":"https://openalex.org/keywords/binary-classification","display_name":"Binary classification","score":0.4398497939109802},{"id":"https://openalex.org/keywords/binary-number","display_name":"Binary number","score":0.43584150075912476},{"id":"https://openalex.org/keywords/training","display_name":"Training (meteorology)","score":0.41024187207221985},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2873413562774658},{"id":"https://openalex.org/keywords/support-vector-machine","display_name":"Support vector machine","score":0.11396118998527527},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.10104241967201233}],"concepts":[{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.8272218704223633},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7843139171600342},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.7749857902526855},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.6838169693946838},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.6204374432563782},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5452010631561279},{"id":"https://openalex.org/C94915269","wikidata":"https://www.wikidata.org/wiki/Q1834857","display_name":"Detector","level":2,"score":0.4777314364910126},{"id":"https://openalex.org/C51632099","wikidata":"https://www.wikidata.org/wiki/Q3985153","display_name":"Training set","level":2,"score":0.45066818594932556},{"id":"https://openalex.org/C66905080","wikidata":"https://www.wikidata.org/wiki/Q17005494","display_name":"Binary classification","level":3,"score":0.4398497939109802},{"id":"https://openalex.org/C48372109","wikidata":"https://www.wikidata.org/wiki/Q3913","display_name":"Binary number","level":2,"score":0.43584150075912476},{"id":"https://openalex.org/C2777211547","wikidata":"https://www.wikidata.org/wiki/Q17141490","display_name":"Training (meteorology)","level":2,"score":0.41024187207221985},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2873413562774658},{"id":"https://openalex.org/C12267149","wikidata":"https://www.wikidata.org/wiki/Q282453","display_name":"Support vector machine","level":2,"score":0.11396118998527527},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.10104241967201233},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C153294291","wikidata":"https://www.wikidata.org/wiki/Q25261","display_name":"Meteorology","level":1,"score":0.0},{"id":"https://openalex.org/C94375191","wikidata":"https://www.wikidata.org/wiki/Q11205","display_name":"Arithmetic","level":1,"score":0.0},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3658644.3690208","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690208","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690208","source":null,"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3658644.3690208","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690208","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690208","source":null,"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[{"display_name":"Decent work and economic growth","id":"https://metadata.un.org/sdg/8","score":0.4399999976158142}],"awards":[{"id":"https://openalex.org/G3674108369","display_name":null,"funder_award_id":"2338301 and 2338302","funder_id":"https://openalex.org/F4320323817","funder_display_name":"Universitas Brawijaya"},{"id":"https://openalex.org/G5379498792","display_name":null,"funder_award_id":"MURI grant W911NF2110317","funder_id":"https://openalex.org/F4320323817","funder_display_name":"Universitas Brawijaya"},{"id":"https://openalex.org/G937402423","display_name":null,"funder_award_id":"2023641","funder_id":"https://openalex.org/F4320323817","funder_display_name":"Universitas Brawijaya"}],"funders":[{"id":"https://openalex.org/F4320323817","display_name":"Universitas Brawijaya","ror":"https://ror.org/01wk3d929"}],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4405181213.pdf"},"referenced_works_count":44,"referenced_works":["https://openalex.org/W9657784","https://openalex.org/W1559923427","https://openalex.org/W1945616565","https://openalex.org/W2009801020","https://openalex.org/W2080157505","https://openalex.org/W2121749752","https://openalex.org/W2122672392","https://openalex.org/W2144112223","https://openalex.org/W2169393322","https://openalex.org/W2180612164","https://openalex.org/W2394950416","https://openalex.org/W2604147826","https://openalex.org/W2640329709","https://openalex.org/W2785844809","https://openalex.org/W2805757971","https://openalex.org/W2896732478","https://openalex.org/W2904109097","https://openalex.org/W2906432502","https://openalex.org/W2909060985","https://openalex.org/W2913039310","https://openalex.org/W2921494018","https://openalex.org/W2963165251","https://openalex.org/W2963857521","https://openalex.org/W2996564870","https://openalex.org/W2997591727","https://openalex.org/W3013371788","https://openalex.org/W3015481738","https://openalex.org/W3035183563","https://openalex.org/W3103836116","https://openalex.org/W3133702157","https://openalex.org/W3168097936","https://openalex.org/W3194306843","https://openalex.org/W3202158018","https://openalex.org/W3210668028","https://openalex.org/W4247200422","https://openalex.org/W4319323649","https://openalex.org/W4382318785","https://openalex.org/W4389208975","https://openalex.org/W6637162671","https://openalex.org/W6734194636","https://openalex.org/W6745899033","https://openalex.org/W6756943956","https://openalex.org/W6849826978","https://openalex.org/W7007943406"],"related_works":["https://openalex.org/W2502115930","https://openalex.org/W2482350142","https://openalex.org/W4246396837","https://openalex.org/W3126451824","https://openalex.org/W3211393740","https://openalex.org/W3208049411","https://openalex.org/W3022908591","https://openalex.org/W4285706568","https://openalex.org/W2964083560","https://openalex.org/W3117807895"],"abstract_inverted_index":{"Machine-learning":[0],"(ML)":[1],"classifiers":[2],"are":[3,232,255],"increasingly":[4],"used":[5,226],"to":[6,209,228,234,244,257],"distinguish":[7],"malware":[8,85,138,196,217],"from":[9],"benign":[10],"binaries.":[11],"Recent":[12],"work":[13,65,120],"has":[14],"shown":[15],"that":[16,27,67,74,128,174,284],"ML-based":[17,215],"detectors":[18,197,218,243,254,276],"can":[19,176,224,266],"be":[20,225,235,287],"evaded":[21],"by":[22,219],"adversarial":[23,35,38,57,77,100,142,151,160,169],"examples,":[24,78,163],"but":[25,144],"also":[26,104,145,206],"one":[28],"may":[29],"defend":[30],"against":[31],"such":[32],"attacks":[33],"via":[34],"training.":[36,152,170,259],"However,":[37,87],"training,":[39,101,143],"and":[40,62,102,189],"subsequent":[41],"robustness":[42,95,136,213,221],"evaluation,":[43],"is":[44,165],"computationally":[45],"expensive":[46,99,247],"in":[47,82,93,137,251,272],"the":[48,97,112,212,236,268,282],"raw-binary":[49,216],"malware-detection":[50],"domain":[51],"because":[52],"it":[53,103,155],"requires":[54],"producing":[55,83],"many":[56],"examples":[58],"for":[59],"both":[60],"training":[61,72],"evaluation.":[63],"Prior":[64],"found":[66],"Greedy-training,":[68],"a":[69,273],"faster":[70,116,167,202,210],"robust":[71,84,179,270],"technique":[73],"forgoes":[75],"using":[76,278],"showed":[79],"some":[80],"promise":[81],"detectors.":[86],"Greedy-training":[88,127],"was":[89],"far":[90],"less":[91],"effective":[92],"inducing":[94],"than":[96,150,168,198],"more":[98,178,183,190],"severely":[105],"hurt":[106],"natural":[107,147],"accuracy":[108,110,148],"(i.e.,":[109],"on":[111,181,187],"original":[113],"data).":[114],"To":[115,201],"train":[117],"models,":[118,204],"this":[119],"presents":[121],"GreedyBlock-training,":[122],"an":[123],"enhanced":[124],"version":[125],"of":[126,214,275,281],"we":[129,172,205,261],"empirically":[130],"show":[131,173,262],"achieves":[132],"not":[133,157],"only":[134,279],"state-of-the-art":[135],"detectors,":[139],"exceeding":[140],"even":[141],"retains":[146],"better":[149],"Furthermore,":[153],"as":[154],"does":[156],"require":[158],"creating":[159],"(or":[161],"functional)":[162],"GreedyBlock-training":[164,175],"significantly":[166],"Specifically,":[171],"produce":[177],"(+54%":[180],"average),":[182,188],"naturally":[184],"accurate":[185],"(+7%":[186],"efficiently":[191],"trained":[192],"(-91%":[193],"average":[194],"computation)":[195],"prior":[199],"work.":[200],"evaluate":[203,245],"develop":[207],"methods":[208],"gauge":[211],"introducing":[220],"proxies,":[222],"which":[223,230,242,253],"either":[227],"predict":[229],"models":[231],"likely":[233],"most":[237,269],"robust,":[238],"thus":[239],"helping":[240],"prioritize":[241],"with":[246],"attacks,":[248],"or":[249],"aiding":[250],"deciding":[252],"worthwhile":[256],"continue":[258],"Experimentally,":[260],"these":[263],"proxy":[264],"measures":[265],"find":[267],"detector":[271],"pool":[274],"while":[277],"~20-50%":[280],"computation":[283],"would":[285],"otherwise":[286],"required.":[288]},"counts_by_year":[{"year":2025,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}