{"id":"https://openalex.org/W7167209688","doi":"https://doi.org/10.1145/3801488.3807898","title":"Detecting Vibe-Coded Malware","display_name":"Detecting Vibe-Coded Malware","publication_year":2026,"publication_date":"2026-05-19","ids":{"openalex":"https://openalex.org/W7167209688","doi":"https://doi.org/10.1145/3801488.3807898"},"language":null,"primary_location":{"id":"doi:10.1145/3801488.3807898","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3801488.3807898","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 23rd ACM International Conference on Computing Frontiers: Workshops and Special Sessions","raw_type":"proceedings-article"},"type":"conference-paper","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3801488.3807898","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5036442254","display_name":"Utz Roedig","orcid":"https://orcid.org/0000-0002-4020-0889"},"institutions":[{"id":"https://openalex.org/I27577105","display_name":"University College Cork","ror":"https://ror.org/03265fv13","country_code":"IE","type":"education","lineage":["https://openalex.org/I27577105"]}],"countries":["IE"],"is_corresponding":false,"raw_author_name":"Utz Roedig","raw_affiliation_strings":["School of Computer Science and Information Technology (CSIT), University College Cork, Cork, Ireland"],"raw_orcid":"https://orcid.org/0000-0002-4020-0889","affiliations":[{"raw_affiliation_string":"School of Computer Science and Information Technology (CSIT), University College Cork, Cork, Ireland","institution_ids":["https://openalex.org/I27577105"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5136332963","display_name":"Se\u00e1n \u00d3g Murphy","orcid":"https://orcid.org/0000-0003-1273-6501"},"institutions":[{"id":"https://openalex.org/I27577105","display_name":"University College Cork","ror":"https://ror.org/03265fv13","country_code":"IE","type":"education","lineage":["https://openalex.org/I27577105"]}],"countries":["IE"],"is_corresponding":false,"raw_author_name":"Se\u00e1n \u00d3g Murphy","raw_affiliation_strings":["School of Computer Science and Information Technology (CSIT), University College Cork, Cork, Ireland"],"raw_orcid":"https://orcid.org/0000-0003-1273-6501","affiliations":[{"raw_affiliation_string":"School of Computer Science and Information Technology (CSIT), University College Cork, Cork, Ireland","institution_ids":["https://openalex.org/I27577105"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5019199193","display_name":"Ita Ryan","orcid":"https://orcid.org/0000-0001-6844-6365"},"institutions":[{"id":"https://openalex.org/I27577105","display_name":"University College Cork","ror":"https://ror.org/03265fv13","country_code":"IE","type":"education","lineage":["https://openalex.org/I27577105"]}],"countries":["IE"],"is_corresponding":false,"raw_author_name":"Ita Ryan","raw_affiliation_strings":["School of Computer Science and Information Technology (CSIT), University College Cork, Cork, Ireland"],"raw_orcid":"https://orcid.org/0000-0001-6844-6365","affiliations":[{"raw_affiliation_string":"School of Computer Science and Information Technology (CSIT), University College Cork, Cork, Ireland","institution_ids":["https://openalex.org/I27577105"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5139093667","display_name":"Cormac Sreenan","orcid":null},"institutions":[{"id":"https://openalex.org/I27577105","display_name":"University College Cork","ror":"https://ror.org/03265fv13","country_code":"IE","type":"education","lineage":["https://openalex.org/I27577105"]}],"countries":["IE"],"is_corresponding":false,"raw_author_name":"Cormac Sreenan","raw_affiliation_strings":["School of Computer Science and Information Technology (CSIT), University College Cork, Cork, Ireland"],"raw_orcid":"https://orcid.org/0000-0002-0767-7888","affiliations":[{"raw_affiliation_string":"School of Computer Science and Information Technology (CSIT), University College Cork, Cork, Ireland","institution_ids":["https://openalex.org/I27577105"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I27577105"],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"57","last_page":"64"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9829999804496765,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9829999804496765,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.0038999998942017555,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.003700000001117587,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8481000065803528},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.6976000070571899},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.5720000267028809},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.5430999994277954},{"id":"https://openalex.org/keywords/static-program-analysis","display_name":"Static program analysis","score":0.47540000081062317},{"id":"https://openalex.org/keywords/focus","display_name":"Focus (optics)","score":0.45730000734329224},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.44999998807907104},{"id":"https://openalex.org/keywords/cryptovirology","display_name":"Cryptovirology","score":0.4341000020503998},{"id":"https://openalex.org/keywords/emulation","display_name":"Emulation","score":0.4172999858856201}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8481000065803528},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7922999858856201},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.6976000070571899},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.5720000267028809},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.5430999994277954},{"id":"https://openalex.org/C137287247","wikidata":"https://www.wikidata.org/wiki/Q1329550","display_name":"Static program analysis","level":4,"score":0.47540000081062317},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.45730000734329224},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.44999998807907104},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.4341000020503998},{"id":"https://openalex.org/C149810388","wikidata":"https://www.wikidata.org/wiki/Q5374873","display_name":"Emulation","level":2,"score":0.4172999858856201},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4140999913215637},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.3959999978542328},{"id":"https://openalex.org/C206588197","wikidata":"https://www.wikidata.org/wiki/Q846574","display_name":"Reuse","level":2,"score":0.39309999346733093},{"id":"https://openalex.org/C2778583558","wikidata":"https://www.wikidata.org/wiki/Q771245","display_name":"Code reuse","level":3,"score":0.37529999017715454},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.3598000109195709},{"id":"https://openalex.org/C2779639559","wikidata":"https://www.wikidata.org/wiki/Q7661178","display_name":"Symbolic execution","level":3,"score":0.3495999872684479},{"id":"https://openalex.org/C2777212361","wikidata":"https://www.wikidata.org/wiki/Q5127848","display_name":"Class (philosophy)","level":2,"score":0.34850001335144043},{"id":"https://openalex.org/C1009929","wikidata":"https://www.wikidata.org/wiki/Q179550","display_name":"Software bug","level":3,"score":0.3434999883174896},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.3140000104904175},{"id":"https://openalex.org/C179518139","wikidata":"https://www.wikidata.org/wiki/Q5140297","display_name":"Coding (social sciences)","level":2,"score":0.29919999837875366},{"id":"https://openalex.org/C19768560","wikidata":"https://www.wikidata.org/wiki/Q320727","display_name":"Dependency (UML)","level":2,"score":0.29420000314712524},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.28540000319480896},{"id":"https://openalex.org/C63116202","wikidata":"https://www.wikidata.org/wiki/Q7676227","display_name":"Taint checking","level":3,"score":0.2551000118255615},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.25029999017715454}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3801488.3807898","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3801488.3807898","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 23rd ACM International Conference on Computing Frontiers: Workshops and Special Sessions","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3801488.3807898","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3801488.3807898","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 23rd ACM International Conference on Computing Frontiers: Workshops and Special Sessions","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Malware":[0],"is":[1,17],"currently":[2],"detected":[3],"using":[4],"predominantly":[5],"static":[6,47,95,165],"analysis":[7,148,166],"techniques":[8,149],"such":[9,132],"as":[10,112,133],"rule-":[11],"and":[12,25,34,64,136,146,167],"signature-based":[13],"frameworks.":[14],"Their":[15],"effectiveness":[16],"largely":[18,102],"due":[19],"to":[20,27,36,67,159],"attackers":[21,66],"reusing":[22],"well-known":[23],"components":[24],"toolchains":[26],"lower":[28],"skill":[29],"requirements,":[30],"reduce":[31],"development":[32],"effort":[33],"time":[35],"deployment.":[37],"As":[38],"a":[39,113],"result,":[40],"malware":[41,91,170],"exhibits":[42],"recognizable":[43],"structural":[44],"patterns":[45],"that":[46,89,144],"detectors":[48],"can":[49,93],"reliably":[50],"identify.":[51],"The":[52],"increasing":[53],"availability":[54],"of":[55,116],"AI-assisted":[56],"coding":[57],"tools":[58],"challenges":[59],"this":[60,85,154],"assumption":[61],"by":[62],"enabling":[63],"emboldening":[65],"generate":[68],"malicious":[69,82,109,119],"software":[70],"from":[71],"scratch,":[72],"producing":[73],"samples":[74],"with":[75],"highly":[76],"variable":[77],"code":[78],"structures":[79],"but":[80],"identical":[81],"intent.":[83],"In":[84],"work,":[86],"we":[87],"demonstrate":[88],"AI-generated":[90],"permutations":[92],"evade":[94],"analysis,":[96],"while":[97],"their":[98],"runtime":[99],"behavior":[100],"remains":[101],"invariant.":[103],"We":[104],"focus":[105],"our":[106],"work":[107],"on":[108,164],"shell":[110,120],"scripts":[111,121],"specific":[114],"class":[115],"malware.":[117],"Such":[118],"are":[122,150],"commonly":[123],"used":[124],"in":[125,153],"attacks":[126],"against":[127],"Linux":[128],"based":[129],"IoT":[130],"devices":[131],"routers,":[134],"cameras,":[135],"smart":[137],"home":[138],"devices.":[139],"Our":[140],"experimental":[141],"results":[142],"show":[143],"dynamic":[145],"behavioral":[147],"more":[151],"robust":[152],"context,":[155],"highlighting":[156],"the":[157,161],"need":[158],"lessen":[160],"prevailing":[162],"dependency":[163],"instead":[168],"shift":[169],"detection":[171],"strategies":[172],"for":[173],"systems":[174],"toward":[175],"behavior-centric":[176],"approaches.":[177]},"counts_by_year":[],"updated_date":"2026-07-14T23:27:15.235271","created_date":"2026-07-04T00:00:00"}
