{"id":"https://openalex.org/W7131819406","doi":"https://doi.org/10.1145/3779208.3785392","title":"The Role of Domain-Specific Features in Malware Detection: A macOS Case Study","display_name":"The Role of Domain-Specific Features in Malware Detection: A macOS Case Study","publication_year":2026,"publication_date":"2026-06-01","ids":{"openalex":"https://openalex.org/W7131819406","doi":"https://doi.org/10.1145/3779208.3785392"},"language":"en","primary_location":{"id":"doi:10.1145/3779208.3785392","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3779208.3785392","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3779208.3785392","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5127192817","display_name":"Biagio Montaruli","orcid":null},"institutions":[{"id":"https://openalex.org/I1902872","display_name":"EURECOM","ror":"https://ror.org/00sse7z02","country_code":"FR","type":"education","lineage":["https://openalex.org/I1902872","https://openalex.org/I205703379"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Biagio Montaruli","raw_affiliation_strings":["SAP Security Research, SAP Labs France, EURECOM, Biot, France"],"raw_orcid":"https://orcid.org/0009-0002-6870-8075","affiliations":[{"raw_affiliation_string":"SAP Security Research, SAP Labs France, EURECOM, Biot, France","institution_ids":["https://openalex.org/I1902872"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5068913678","display_name":"Andrea Oliveri","orcid":"https://orcid.org/0000-0001-7820-1927"},"institutions":[{"id":"https://openalex.org/I1902872","display_name":"EURECOM","ror":"https://ror.org/00sse7z02","country_code":"FR","type":"education","lineage":["https://openalex.org/I1902872","https://openalex.org/I205703379"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Andrea Oliveri","raw_affiliation_strings":["EURECOM, Biot, France"],"raw_orcid":"https://orcid.org/0000-0001-7820-1927","affiliations":[{"raw_affiliation_string":"EURECOM, Biot, France","institution_ids":["https://openalex.org/I1902872"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5127030462","display_name":"Savino Dambra","orcid":null},"institutions":[{"id":"https://openalex.org/I36326968","display_name":"InterDigital (United States)","ror":"https://ror.org/02w335z67","country_code":"US","type":"company","lineage":["https://openalex.org/I36326968"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Savino Dambra","raw_affiliation_strings":["GenDigital, Biot, France"],"raw_orcid":"https://orcid.org/0000-0002-0988-9366","affiliations":[{"raw_affiliation_string":"GenDigital, Biot, France","institution_ids":["https://openalex.org/I36326968"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5002025561","display_name":"Davide Balzarotti","orcid":"https://orcid.org/0000-0001-5957-6213"},"institutions":[{"id":"https://openalex.org/I1902872","display_name":"EURECOM","ror":"https://ror.org/00sse7z02","country_code":"FR","type":"education","lineage":["https://openalex.org/I1902872","https://openalex.org/I205703379"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Davide Balzarotti","raw_affiliation_strings":["EURECOM, Biot, France"],"raw_orcid":"https://orcid.org/0000-0001-5957-6213","affiliations":[{"raw_affiliation_string":"EURECOM, Biot, France","institution_ids":["https://openalex.org/I1902872"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.24250853,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1555","last_page":"1569"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9718999862670898,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9718999862670898,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.00430000014603138,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.002400000113993883,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.39739999175071716},{"id":"https://openalex.org/keywords/mobile-device","display_name":"Mobile device","score":0.33739998936653137},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.290800005197525},{"id":"https://openalex.org/keywords/government","display_name":"Government (linguistics)","score":0.26460000872612},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.2621000111103058}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5583999752998352},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.39899998903274536},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.39739999175071716},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.39410001039505005},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3537999987602234},{"id":"https://openalex.org/C186967261","wikidata":"https://www.wikidata.org/wiki/Q5082128","display_name":"Mobile device","level":2,"score":0.33739998936653137},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.290800005197525},{"id":"https://openalex.org/C2778137410","wikidata":"https://www.wikidata.org/wiki/Q2732820","display_name":"Government (linguistics)","level":2,"score":0.26460000872612},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.2621000111103058},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.2590999901294708}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/3779208.3785392","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3779208.3785392","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2606.03218","is_oa":true,"landing_page_url":"https://arxiv.org/abs/2606.03218","pdf_url":"https://arxiv.org/pdf/2606.03218","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"pmh:oai:HAL:hal-05507286v1","is_oa":true,"landing_page_url":"https://hal.science/hal-05507286","pdf_url":"https://hal.science/hal-05507286v1/file/publi-8523_1.pdf","source":{"id":"https://openalex.org/S4306402512","display_name":"HAL (Le Centre pour la Communication Scientifique Directe)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1294671590","host_organization_name":"Centre National de la Recherche Scientifique","host_organization_lineage":["https://openalex.org/I1294671590"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"ASIACCS 2026, 21st ACM ASIA Conference on Computer and Communications Security, ACM, Jun 2026, Bangalore, India. &#x27E8;10.1145/3779208.3785392&#x27E9;","raw_type":"Conference papers"}],"best_oa_location":{"id":"doi:10.1145/3779208.3785392","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3779208.3785392","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1154298555","display_name":null,"funder_award_id":"ANR-22-PECY-0007","funder_id":"https://openalex.org/F4320320883","funder_display_name":"Agence Nationale de la Recherche"}],"funders":[{"id":"https://openalex.org/F4320320883","display_name":"Agence Nationale de la Recherche","ror":"https://ror.org/00rbzpz17"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Despite":[0],"the":[1,24,33,36,40,44,54,61,68,72,156,159,168,177,215,221,250],"growing":[2],"popularity":[3],"of":[4,26,35,43,56,114,142,146,155,158,180,194],"macOS":[5,27,84,197],"among":[6],"end":[7],"users":[8],"and":[9,19,39,93,120,124,219],"enterprise":[10],"systems,":[11,22],"malware":[12,28,102,230],"research":[13,251],"has":[14],"primarily":[15],"focused":[16],"on":[17,110,190],"Windows":[18],"Android":[20],"operating":[21,37],"leaving":[23],"problem":[25],"detection":[29,62,131,147,210,241],"relatively":[30],"unexplored.":[31],"Indeed,":[32],"specificity":[34],"system":[38,95],"unique":[41],"characteristics":[42],"Mach-O":[45],"file":[46],"format":[47],"can":[48],"play":[49],"a":[50,99,106,111,187,191,207,237],"fundamental":[51],"role":[52],"in":[53,71,144,173,240],"classification":[55],"unknown":[57],"samples,":[58,116,231],"drastically":[59],"increasing":[60],"rate.":[63,148],"In":[64],"this":[65],"work,":[66],"for":[67,226],"first":[69],"time":[70],"literature,":[73],"we":[74,185,244],"employ":[75],"new":[76,169,192],"domain-specific":[77,170,222],"features,":[78,161],"i.e.,":[79],"static":[80],"features":[81,223],"specific":[82],"to":[83,97,175,228,236,249],"binaries,":[85],"such":[86],"as":[87,232],"embedded":[88],"certificates,":[89],"entitlements,":[90],"persistence":[91],"techniques":[92],"key":[94],"APIs,":[96],"train":[98],"machine":[100],"learning":[101],"detector.":[103],"We":[104,149],"perform":[105,186],"comprehensive":[107],"experimental":[108],"evaluation":[109,189],"novel":[112,229],"dataset":[113,193,248],"41,129":[115],"comprising":[117],"11,413":[118],"benign":[119],"29,716":[121],"malicious":[122],"executables,":[123],"demonstrate":[125],"that":[126,163,202],"our":[127,164,181,204,247],"solution":[128],"achieves":[129],"state-of-the-art":[130,216],"performance":[132],"(98.50%),":[133],"outperforming":[134],"all":[135],"existing":[136],"approaches,":[137],"with":[138],"an":[139,152],"average":[140],"improvement":[141],"16%":[143],"terms":[145],"also":[150,245],"provide":[151],"in-depth":[153],"analysis":[154],"importance":[157],"individual":[160],"showing":[162],"detector":[165,182,205],"effectively":[166],"leverages":[167],"features.":[171],"Then,":[172],"order":[174],"evaluate":[176],"generalization":[178],"capabilities":[179],"over":[183],"time,":[184],"real-world":[188],"9,000":[195],"fresh":[196],"executables.":[198],"The":[199],"results":[200],"show":[201],"(i)":[203],"maintains":[206],"very":[208],"high":[209],"rate":[211],"(99.50%),":[212],"(ii)":[213],"outperforms":[214],"by":[217],"50%,":[218],"(iii)":[220],"are":[224],"crucial":[225],"generalizing":[227],"their":[233],"removal":[234],"leads":[235],"15.92%":[238],"drop":[239],"performance.":[242],"Finally,":[243],"release":[246],"community.":[252]},"counts_by_year":[],"updated_date":"2026-06-17T08:01:34.144755","created_date":"2026-02-28T00:00:00"}