{"id":"https://openalex.org/W7125705434","doi":"https://doi.org/10.1145/3793198","title":"GAEDM: Genetic Algorithm-Enhanced Static Analysis for Detection of API Hashing Obfuscation in Malware","display_name":"GAEDM: Genetic Algorithm-Enhanced Static Analysis for Detection of API Hashing Obfuscation in Malware","publication_year":2026,"publication_date":"2026-01-26","ids":{"openalex":"https://openalex.org/W7125705434","doi":"https://doi.org/10.1145/3793198"},"language":"en","primary_location":{"id":"doi:10.1145/3793198","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3793198","pdf_url":null,"source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://doi.org/10.1145/3793198","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5123837392","display_name":"Yang Lan","orcid":null},"institutions":[{"id":"https://openalex.org/I4210123940","display_name":"Ministry of Education","ror":"https://ror.org/02xv42m49","country_code":"PT","type":"government","lineage":["https://openalex.org/I4210117458","https://openalex.org/I4210123940"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Yang Lan","raw_affiliation_strings":["Key Laboratory of Cyberspace Security, Ministry of Education, China., Key Laboratory of Cyberspace Security, Ministry of Education"],"raw_orcid":"https://orcid.org/0009-0009-3326-6378","affiliations":[{"raw_affiliation_string":"Key Laboratory of Cyberspace Security, Ministry of Education, China., Key Laboratory of Cyberspace Security, Ministry of Education","institution_ids":["https://openalex.org/I4210123940"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5123864136","display_name":"Hui Shu","orcid":null},"institutions":[{"id":"https://openalex.org/I4210123940","display_name":"Ministry of Education","ror":"https://ror.org/02xv42m49","country_code":"PT","type":"government","lineage":["https://openalex.org/I4210117458","https://openalex.org/I4210123940"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Hui Shu","raw_affiliation_strings":["Key Laboratory of Cyberspace Security, Ministry of Education, China., Key Laboratory of Cyberspace Security, Ministry of Education, China"],"raw_orcid":"https://orcid.org/0000-0002-2797-1355","affiliations":[{"raw_affiliation_string":"Key Laboratory of Cyberspace Security, Ministry of Education, China., Key Laboratory of Cyberspace Security, Ministry of Education, China","institution_ids":["https://openalex.org/I4210123940"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5123865216","display_name":"Zihan Sha","orcid":null},"institutions":[{"id":"https://openalex.org/I4210123940","display_name":"Ministry of Education","ror":"https://ror.org/02xv42m49","country_code":"PT","type":"government","lineage":["https://openalex.org/I4210117458","https://openalex.org/I4210123940"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Zihan Sha","raw_affiliation_strings":["Key Laboratory of Cyberspace Security, Ministry of Education, China., Key Laboratory of Cyberspace Security, Ministry of Education, China"],"raw_orcid":"https://orcid.org/0000-0002-1020-9006","affiliations":[{"raw_affiliation_string":"Key Laboratory of Cyberspace Security, Ministry of Education, China., Key Laboratory of Cyberspace Security, Ministry of Education, China","institution_ids":["https://openalex.org/I4210123940"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103088653","display_name":"Fei Kang","orcid":"https://orcid.org/0000-0003-2545-4079"},"institutions":[{"id":"https://openalex.org/I4210123940","display_name":"Ministry of Education","ror":"https://ror.org/02xv42m49","country_code":"PT","type":"government","lineage":["https://openalex.org/I4210117458","https://openalex.org/I4210123940"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Fei Kang","raw_affiliation_strings":["Key Laboratory of Cyberspace Security, Ministry of Education, China., Key Laboratory of Cyberspace Security, Ministry of Education, China"],"raw_orcid":"https://orcid.org/0000-0003-2545-4079","affiliations":[{"raw_affiliation_string":"Key Laboratory of Cyberspace Security, Ministry of Education, China., Key Laboratory of Cyberspace Security, Ministry of Education, China","institution_ids":["https://openalex.org/I4210123940"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5123850343","display_name":"XiaoBing Xiong","orcid":null},"institutions":[{"id":"https://openalex.org/I4210123940","display_name":"Ministry of Education","ror":"https://ror.org/02xv42m49","country_code":"PT","type":"government","lineage":["https://openalex.org/I4210117458","https://openalex.org/I4210123940"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Xiaobing Xiong","raw_affiliation_strings":["Key Laboratory of Cyberspace Security, Ministry of Education, China., Key Laboratory of Cyberspace Security, Ministry of Education, China"],"raw_orcid":"https://orcid.org/0009-0007-4707-2115","affiliations":[{"raw_affiliation_string":"Key Laboratory of Cyberspace Security, Ministry of Education, China., Key Laboratory of Cyberspace Security, Ministry of Education, China","institution_ids":["https://openalex.org/I4210123940"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5123824509","display_name":"JingJing Li","orcid":null},"institutions":[{"id":"https://openalex.org/I918919364","display_name":"Switch","ror":"https://ror.org/02yw51758","country_code":"CH","type":"nonprofit","lineage":["https://openalex.org/I918919364"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Jingjing Li","raw_affiliation_strings":["National Digital Switching System Engineering and Technological Research Center, National Digital Switching System Engineering and Technological Research Center"],"raw_orcid":"https://orcid.org/0000-0002-2947-0239","affiliations":[{"raw_affiliation_string":"National Digital Switching System Engineering and Technological Research Center, National Digital Switching System Engineering and Technological Research Center","institution_ids":["https://openalex.org/I918919364"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.11069718,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"29","issue":"2","first_page":"1","last_page":"31"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9866999983787537,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9866999983787537,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.0035000001080334187,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.003100000089034438,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.8652999997138977},{"id":"https://openalex.org/keywords/hash-function","display_name":"Hash function","score":0.8546000123023987},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.6685000061988831},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.6471999883651733},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.59170001745224},{"id":"https://openalex.org/keywords/function","display_name":"Function (biology)","score":0.43209999799728394},{"id":"https://openalex.org/keywords/security-analysis","display_name":"Security analysis","score":0.41600000858306885},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.3930000066757202}],"concepts":[{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.8652999997138977},{"id":"https://openalex.org/C99138194","wikidata":"https://www.wikidata.org/wiki/Q183427","display_name":"Hash function","level":2,"score":0.8546000123023987},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8446000218391418},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.6685000061988831},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.6471999883651733},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.59170001745224},{"id":"https://openalex.org/C14036430","wikidata":"https://www.wikidata.org/wiki/Q3736076","display_name":"Function (biology)","level":2,"score":0.43209999799728394},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.41600000858306885},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.3930000066757202},{"id":"https://openalex.org/C190157925","wikidata":"https://www.wikidata.org/wiki/Q1968605","display_name":"SHA-2","level":4,"score":0.37630000710487366},{"id":"https://openalex.org/C207850805","wikidata":"https://www.wikidata.org/wiki/Q269608","display_name":"Reverse engineering","level":2,"score":0.36570000648498535},{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.3456000089645386},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3231000006198883},{"id":"https://openalex.org/C67388219","wikidata":"https://www.wikidata.org/wiki/Q207440","display_name":"Hash table","level":3,"score":0.3188999891281128},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.3125999867916107},{"id":"https://openalex.org/C7608002","wikidata":"https://www.wikidata.org/wiki/Q477202","display_name":"Cryptographic hash function","level":3,"score":0.3109000027179718},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.29409998655319214},{"id":"https://openalex.org/C98183937","wikidata":"https://www.wikidata.org/wiki/Q2112188","display_name":"Program analysis","level":2,"score":0.2842000126838684},{"id":"https://openalex.org/C87431388","wikidata":"https://www.wikidata.org/wiki/Q2070573","display_name":"Perfect hash function","level":4,"score":0.2825999855995178},{"id":"https://openalex.org/C137287247","wikidata":"https://www.wikidata.org/wiki/Q1329550","display_name":"Static program analysis","level":4,"score":0.27730000019073486},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.27059999108314514},{"id":"https://openalex.org/C9661340","wikidata":"https://www.wikidata.org/wiki/Q257799","display_name":"Secure Hash Algorithm","level":5,"score":0.267300009727478},{"id":"https://openalex.org/C133667856","wikidata":"https://www.wikidata.org/wiki/Q5439682","display_name":"Feature hashing","level":5,"score":0.26330000162124634},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.2515000104904175}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3793198","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3793198","pdf_url":null,"source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3793198","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3793198","pdf_url":null,"source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9","score":0.6234800219535828}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":5,"referenced_works":["https://openalex.org/W2157768713","https://openalex.org/W2602912125","https://openalex.org/W2903710826","https://openalex.org/W2926178846","https://openalex.org/W4412176814"],"related_works":[],"abstract_inverted_index":{"Malware":[0],"authors":[1],"increasingly":[2],"exploit":[3],"API":[4,44],"Hashing":[5],"to":[6,41,83,152],"create":[7],"\u201cinvisible\u201d":[8],"system":[9],"calls,":[10,45],"replacing":[11],"explicit":[12],"function":[13,127],"names":[14],"with":[15,80,94],"dynamically":[16],"computed":[17,39],"hashes":[18,40],"that":[19,76,101,117,144],"evade":[20,146],"detection":[21,108],"systems.":[22],"This":[23],"sophisticated":[24,141],"obfuscation":[25,112,142],"technique":[26],"poses":[27],"three":[28],"critical":[29],"challenges:":[30],"accurately":[31],"identifying":[32],"hash":[33,52,67,126],"functions":[34],"within":[35],"obfuscated":[36],"code,":[37],"linking":[38],"their":[42],"corresponding":[43],"and":[46,63,122,133,157],"detecting":[47],"the":[48],"growing":[49],"diversity":[50],"of":[51,109,131],"algorithm":[53],"variants.":[54,68],"Existing":[55],"rule-based":[56],"approaches":[57],"fail":[58],"against":[59],"these":[60,85],"adaptive":[61],"threats":[62,156],"cannot":[64],"identify":[65],"modern":[66],"We":[69],"propose":[70],"GAEDM":[71,118,139],",":[72],"a":[73,95],"novel":[74],"framework":[75],"combines":[77],"deep":[78],"learning":[79],"program":[81],"analysis":[82,93],"address":[84],"challenges.":[86],"Our":[87],"key":[88],"innovation":[89],"integrates":[90],"static":[91],"taint":[92],"genetic":[96],"algorithm-enhanced":[97],"assembly":[98],"language":[99],"model":[100],"generates":[102],"diverse":[103],"training":[104],"variants,":[105],"enabling":[106,149],"robust":[107],"previously":[110,154],"unseen":[111],"patterns.":[113],"Experimental":[114],"evaluation":[115],"demonstrates":[116],"achieves":[119],"91.9%":[120],"MRR":[121],"94.6%":[123],"Recall@k":[124],"in":[125],"identification,":[128],"representing":[129],"improvements":[130],"18.4%":[132],"8.2%":[134],"respectively":[135],"over":[136],"state-of-the-art":[137],"methods.":[138],"detects":[140],"patterns":[143],"completely":[145],"existing":[147],"approaches,":[148],"security":[150],"analysts":[151],"uncover":[153],"undetectable":[155],"significantly":[158],"advancing":[159],"malware":[160],"defense":[161],"capabilities.":[162]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-01-27T00:00:00"}