{"id":"https://openalex.org/W4400853529","doi":"https://doi.org/10.1145/3669901","title":"VeriBin: A Malware Authorship Verification Approach for APT Tracking through Explainable and Functionality-Debiasing Adversarial Representation Learning","display_name":"VeriBin: A Malware Authorship Verification Approach for APT Tracking through Explainable and Functionality-Debiasing Adversarial Representation Learning","publication_year":2024,"publication_date":"2024-07-20","ids":{"openalex":"https://openalex.org/W4400853529","doi":"https://doi.org/10.1145/3669901"},"language":"en","primary_location":{"id":"doi:10.1145/3669901","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3669901","pdf_url":null,"source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5001268150","display_name":"Weihan Ou","orcid":"https://orcid.org/0000-0002-6911-6146"},"institutions":[{"id":"https://openalex.org/I204722609","display_name":"Queen's University","ror":"https://ror.org/02y72wh86","country_code":"CA","type":"education","lineage":["https://openalex.org/I204722609"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Weihan Ou","raw_affiliation_strings":["School of Computing, Queen's University, Kingston, Canada","Queen's University,  Kingston, Canada"],"affiliations":[{"raw_affiliation_string":"School of Computing, Queen's University, Kingston, Canada","institution_ids":["https://openalex.org/I204722609"]},{"raw_affiliation_string":"Queen's University,  Kingston, Canada","institution_ids":["https://openalex.org/I204722609"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5007693994","display_name":"Steven H. H. Ding","orcid":"https://orcid.org/0000-0003-4513-200X"},"institutions":[{"id":"https://openalex.org/I204722609","display_name":"Queen's University","ror":"https://ror.org/02y72wh86","country_code":"CA","type":"education","lineage":["https://openalex.org/I204722609"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Steven Ding","raw_affiliation_strings":["School of Computing, Queen's University, Kingston, Canada","Queen's University,  Kingston, Canada"],"affiliations":[{"raw_affiliation_string":"School of Computing, Queen's University, Kingston, Canada","institution_ids":["https://openalex.org/I204722609"]},{"raw_affiliation_string":"Queen's University,  Kingston, Canada","institution_ids":["https://openalex.org/I204722609"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5005563986","display_name":"Mohammad Zulkernine","orcid":"https://orcid.org/0000-0003-1697-4101"},"institutions":[{"id":"https://openalex.org/I204722609","display_name":"Queen's University","ror":"https://ror.org/02y72wh86","country_code":"CA","type":"education","lineage":["https://openalex.org/I204722609"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Mohammad Zulkernine","raw_affiliation_strings":["School of Computing, Queen's University, Kingston, Canada"],"affiliations":[{"raw_affiliation_string":"School of Computing, Queen's University, Kingston, Canada","institution_ids":["https://openalex.org/I204722609"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090218224","display_name":"Litao Li","orcid":"https://orcid.org/0000-0001-7925-764X"},"institutions":[{"id":"https://openalex.org/I204722609","display_name":"Queen's University","ror":"https://ror.org/02y72wh86","country_code":"CA","type":"education","lineage":["https://openalex.org/I204722609"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Li Tao Li","raw_affiliation_strings":["School of Computing, Queen's University, Kingston, Canada","Queen's University,  Kingston, Canada"],"affiliations":[{"raw_affiliation_string":"School of Computing, Queen's University, Kingston, Canada","institution_ids":["https://openalex.org/I204722609"]},{"raw_affiliation_string":"Queen's University,  Kingston, Canada","institution_ids":["https://openalex.org/I204722609"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5104880431","display_name":"Sarah Labrosse","orcid":"https://orcid.org/0000-0003-3763-8828"},"institutions":[{"id":"https://openalex.org/I204722609","display_name":"Queen's University","ror":"https://ror.org/02y72wh86","country_code":"CA","type":"education","lineage":["https://openalex.org/I204722609"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Sarah Labrosse","raw_affiliation_strings":["School of Computing, Queen's University, Kingston, Canada","Queen's University,  Kingston, Canada"],"affiliations":[{"raw_affiliation_string":"School of Computing, Queen's University, Kingston, Canada","institution_ids":["https://openalex.org/I204722609"]},{"raw_affiliation_string":"Queen's University,  Kingston, Canada","institution_ids":["https://openalex.org/I204722609"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5001268150"],"corresponding_institution_ids":["https://openalex.org/I204722609"],"apc_list":null,"apc_paid":null,"fwci":1.0425,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.8019103,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":97},"biblio":{"volume":"27","issue":"3","first_page":"1","last_page":"37"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12380","display_name":"Authorship Attribution and Profiling","score":0.9957000017166138,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12380","display_name":"Authorship Attribution and Profiling","score":0.9957000017166138,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9807999730110168,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9805999994277954,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/debiasing","display_name":"Debiasing","score":0.9812771081924438},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.7522975206375122},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6962859630584717},{"id":"https://openalex.org/keywords/representation","display_name":"Representation (politics)","score":0.6206110715866089},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.6135656237602234},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4776502847671509},{"id":"https://openalex.org/keywords/tracking","display_name":"Tracking (education)","score":0.4276158809661865},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.3302391469478607},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.30217891931533813},{"id":"https://openalex.org/keywords/psychology","display_name":"Psychology","score":0.17103776335716248},{"id":"https://openalex.org/keywords/cognitive-science","display_name":"Cognitive science","score":0.1693856120109558}],"concepts":[{"id":"https://openalex.org/C2779458634","wikidata":"https://www.wikidata.org/wiki/Q24963715","display_name":"Debiasing","level":2,"score":0.9812771081924438},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.7522975206375122},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6962859630584717},{"id":"https://openalex.org/C2776359362","wikidata":"https://www.wikidata.org/wiki/Q2145286","display_name":"Representation (politics)","level":3,"score":0.6206110715866089},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.6135656237602234},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4776502847671509},{"id":"https://openalex.org/C2775936607","wikidata":"https://www.wikidata.org/wiki/Q466845","display_name":"Tracking (education)","level":2,"score":0.4276158809661865},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3302391469478607},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.30217891931533813},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.17103776335716248},{"id":"https://openalex.org/C188147891","wikidata":"https://www.wikidata.org/wiki/Q147638","display_name":"Cognitive science","level":1,"score":0.1693856120109558},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C94625758","wikidata":"https://www.wikidata.org/wiki/Q7163","display_name":"Politics","level":2,"score":0.0},{"id":"https://openalex.org/C19417346","wikidata":"https://www.wikidata.org/wiki/Q7922","display_name":"Pedagogy","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3669901","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3669901","pdf_url":null,"source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":27,"referenced_works":["https://openalex.org/W54929040","https://openalex.org/W2064675550","https://openalex.org/W2110127053","https://openalex.org/W2129364433","https://openalex.org/W2131774270","https://openalex.org/W2171590421","https://openalex.org/W2250539671","https://openalex.org/W2547213717","https://openalex.org/W2579698096","https://openalex.org/W2742948365","https://openalex.org/W2783268209","https://openalex.org/W2919115771","https://openalex.org/W2941288924","https://openalex.org/W2963250244","https://openalex.org/W2963991316","https://openalex.org/W2975826887","https://openalex.org/W2976414818","https://openalex.org/W3082436168","https://openalex.org/W3096831136","https://openalex.org/W3118919575","https://openalex.org/W3125596609","https://openalex.org/W3158079430","https://openalex.org/W4205550683","https://openalex.org/W4236036072","https://openalex.org/W4240246683","https://openalex.org/W4254621655","https://openalex.org/W4285194931"],"related_works":["https://openalex.org/W4362554880","https://openalex.org/W4281684980","https://openalex.org/W4386875279","https://openalex.org/W2171721708","https://openalex.org/W4390963114","https://openalex.org/W3214527415","https://openalex.org/W4287887864","https://openalex.org/W4221165959","https://openalex.org/W4225810998","https://openalex.org/W4280601492"],"abstract_inverted_index":{"Malware":[0],"attacks":[1,25],"are":[2,91,193],"posing":[3],"a":[4,82,95,129,133,146,168,209,213],"significant":[5],"threat":[6,84,114,149],"to":[7,74,81,94,231,240],"national":[8],"security,":[9],"cooperate":[10],"network,":[11],"and":[12,26,59,99,192,212,243],"public":[13],"endpoint":[14],"security.":[15],"Identifying":[16],"the":[17,24,65,126,160,182,232],"Advanced":[18],"Persistent":[19],"Threat":[20,49],"(APT)":[21],"groups":[22],"behind":[23],"grouping":[27],"their":[28,37,118],"activities":[29,38],"into":[30],"attack":[31,97],"campaigns":[32],"help":[33],"security":[34,42],"investigators":[35],"trace":[36],"thus":[39],"providing":[40],"better":[41],"protections":[43],"against":[44,113,245],"future":[45],"attacks.":[46],"Existing":[47],"Cyber":[48],"Intelligent":[50],"(CTI)":[51],"components":[52],"mainly":[53],"focus":[54],"on":[55,102,117,208],"malware":[56,76,140,246],"family":[57,247],"identification":[58],"behavior":[60,87],"characterization,":[61],"which":[62],"cannot":[63],"solve":[64],"APT":[66,70],"tracking":[67,71],"problem:":[68],"while":[69],"needs":[72],"one":[73],"link":[75],"binaries":[77,141,220],"of":[78,128,221],"multiple":[79],"families":[80],"single":[83],"actor,":[85],"these":[86],"or":[88,235],"function-based":[89],"techniques":[90],"tightened":[92],"up":[93],"specific":[96],"technique":[98],"would":[100],"fail":[101],"connecting":[103],"different":[104],"families.":[105],"Binary":[106,161],"Authorship":[107,162],"Attribution":[108],"(AA)":[109],"solutions":[110,123],"could":[111],"discriminate":[112],"actors":[115],"based":[116],"stylometric":[119],"traits.":[120],"However,":[121,138],"AA":[122],"assume":[124],"that":[125,173],"author":[127,136,234],"binary":[130],"is":[131,167,238],"within":[132],"fixed":[134],"candidate":[135],"set.":[137],"real-world":[139],"may":[142],"be":[143,190],"created":[144],"by":[145],"new":[147],"unknown":[148],"actor.":[150],"To":[151],"address":[152],"this":[153],"research":[154],"gap,":[155],"we":[156],"propose":[157],"VeriBin":[158,166,202,224,237],"for":[159,181],"Verification":[163],"(BAV)":[164],"problem.":[165],"novel":[169],"adversarial":[170],"neural":[171],"network":[172],"extracts":[174],"functionality-agnostic":[175],"style":[176,187,206],"representations":[177,188,207],"from":[178],"assembly":[179],"code":[180],"AV":[183],"task.":[184],"The":[185],"extracted":[186],"can":[189,225],"visualized":[191],"explainable":[194],"with":[195,203],"VeriBin\u2019s":[196],"multi-head":[197],"attention":[198],"mechanism.":[199],"We":[200],"benchmark":[201],"state-of-the-art":[204],"coding":[205],"standard":[210],"dataset":[211],"recent":[214],"malware-APT":[215],"dataset.":[216],"Given":[217],"two":[218],"anonymous":[219],"out-of-sample":[222],"authors,":[223],"accurately":[226],"determine":[227],"whether":[228],"they":[229],"belong":[230],"same":[233],"not.":[236],"resilient":[239],"compiler":[241],"optimizations":[242],"robust":[244],"variants.":[248]},"counts_by_year":[{"year":2025,"cited_by_count":3}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}