{"id":"https://openalex.org/W1969414390","doi":"https://doi.org/10.1145/2810103.2813665","title":"Certified PUP","display_name":"Certified PUP","publication_year":2015,"publication_date":"2015-10-06","ids":{"openalex":"https://openalex.org/W1969414390","doi":"https://doi.org/10.1145/2810103.2813665","mag":"1969414390"},"language":"en","primary_location":{"id":"doi:10.1145/2810103.2813665","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2810103.2813665","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5046448226","display_name":"Platon Kotzias","orcid":"https://orcid.org/0000-0003-3375-6069"},"institutions":[{"id":"https://openalex.org/I4210162154","display_name":"IMDEA Software","ror":"https://ror.org/04xvfkh51","country_code":"ES","type":"facility","lineage":["https://openalex.org/I105140100","https://openalex.org/I4210162154"]},{"id":"https://openalex.org/I88060688","display_name":"Universidad Polit\u00e9cnica de Madrid","ror":"https://ror.org/03n6nwv02","country_code":"ES","type":"education","lineage":["https://openalex.org/I88060688"]}],"countries":["ES"],"is_corresponding":true,"raw_author_name":"Platon Kotzias","raw_affiliation_strings":["IMDEA Software Institute &amp; Universidad Polit\u00e9cnica de Madrid, Madrid, Spain"],"affiliations":[{"raw_affiliation_string":"IMDEA Software Institute &amp; Universidad Polit\u00e9cnica de Madrid, Madrid, Spain","institution_ids":["https://openalex.org/I4210162154","https://openalex.org/I88060688"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5079790457","display_name":"Srdjan Matic","orcid":"https://orcid.org/0000-0003-2822-3970"},"institutions":[{"id":"https://openalex.org/I189158943","display_name":"University of Milan","ror":"https://ror.org/00wjc7c48","country_code":"IT","type":"education","lineage":["https://openalex.org/I189158943"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Srdjan Matic","raw_affiliation_strings":["Universita degli Studi di Milano, Milan, Italy"],"affiliations":[{"raw_affiliation_string":"Universita degli Studi di Milano, Milan, Italy","institution_ids":["https://openalex.org/I189158943"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5064303801","display_name":"Richard Rivera","orcid":"https://orcid.org/0000-0002-5702-4965"},"institutions":[{"id":"https://openalex.org/I4210162154","display_name":"IMDEA Software","ror":"https://ror.org/04xvfkh51","country_code":"ES","type":"facility","lineage":["https://openalex.org/I105140100","https://openalex.org/I4210162154"]},{"id":"https://openalex.org/I88060688","display_name":"Universidad Polit\u00e9cnica de Madrid","ror":"https://ror.org/03n6nwv02","country_code":"ES","type":"education","lineage":["https://openalex.org/I88060688"]}],"countries":["ES"],"is_corresponding":false,"raw_author_name":"Richard Rivera","raw_affiliation_strings":["IMDEA Software Institute &amp; Universidad Polit\u00e9cnica de Madrid, Madrid, Spain"],"affiliations":[{"raw_affiliation_string":"IMDEA Software Institute &amp; Universidad Polit\u00e9cnica de Madrid, Madrid, Spain","institution_ids":["https://openalex.org/I4210162154","https://openalex.org/I88060688"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101938709","display_name":"Juan Caballero","orcid":"https://orcid.org/0000-0003-2962-1348"},"institutions":[{"id":"https://openalex.org/I4210162154","display_name":"IMDEA Software","ror":"https://ror.org/04xvfkh51","country_code":"ES","type":"facility","lineage":["https://openalex.org/I105140100","https://openalex.org/I4210162154"]},{"id":"https://openalex.org/I105140100","display_name":"Madrid Institute for Advanced Studies","ror":"https://ror.org/027pk6j83","country_code":"ES","type":"education","lineage":["https://openalex.org/I105140100"]}],"countries":["ES"],"is_corresponding":false,"raw_author_name":"Juan Caballero","raw_affiliation_strings":["IMDEA Software Institute, Madrid, Spain","IMDEA Software Institute, Madrid, Spain#TAB#"],"affiliations":[{"raw_affiliation_string":"IMDEA Software Institute, Madrid, Spain","institution_ids":["https://openalex.org/I4210162154"]},{"raw_affiliation_string":"IMDEA Software Institute, Madrid, Spain#TAB#","institution_ids":["https://openalex.org/I105140100"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5046448226"],"corresponding_institution_ids":["https://openalex.org/I4210162154","https://openalex.org/I88060688"],"apc_list":null,"apc_paid":null,"fwci":3.7333,"has_fulltext":false,"cited_by_count":40,"citation_normalized_percentile":{"value":0.93854586,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":91,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"465","last_page":"478"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9977999925613403,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8458857536315918},{"id":"https://openalex.org/keywords/revocation","display_name":"Revocation","score":0.7926713228225708},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7372145056724548},{"id":"https://openalex.org/keywords/blacklist","display_name":"Blacklist","score":0.7302977442741394},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6993472576141357},{"id":"https://openalex.org/keywords/certificate","display_name":"Certificate","score":0.6632586121559143},{"id":"https://openalex.org/keywords/revocation-list","display_name":"Revocation list","score":0.6148774027824402},{"id":"https://openalex.org/keywords/certification","display_name":"Certification","score":0.5122520327568054},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.4506226181983948},{"id":"https://openalex.org/keywords/certificate-authority","display_name":"Certificate authority","score":0.3821110725402832},{"id":"https://openalex.org/keywords/public-key-cryptography","display_name":"Public-key cryptography","score":0.24391373991966248},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.1974063515663147},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.17085397243499756},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.16527089476585388},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.10404890775680542}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8458857536315918},{"id":"https://openalex.org/C2775892892","wikidata":"https://www.wikidata.org/wiki/Q6509517","display_name":"Revocation","level":3,"score":0.7926713228225708},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7372145056724548},{"id":"https://openalex.org/C2781345505","wikidata":"https://www.wikidata.org/wiki/Q2535979","display_name":"Blacklist","level":2,"score":0.7302977442741394},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6993472576141357},{"id":"https://openalex.org/C96865113","wikidata":"https://www.wikidata.org/wiki/Q2946816","display_name":"Certificate","level":2,"score":0.6632586121559143},{"id":"https://openalex.org/C147296133","wikidata":"https://www.wikidata.org/wiki/Q196765","display_name":"Revocation list","level":5,"score":0.6148774027824402},{"id":"https://openalex.org/C46304622","wikidata":"https://www.wikidata.org/wiki/Q374814","display_name":"Certification","level":2,"score":0.5122520327568054},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.4506226181983948},{"id":"https://openalex.org/C93636275","wikidata":"https://www.wikidata.org/wiki/Q196776","display_name":"Certificate authority","level":4,"score":0.3821110725402832},{"id":"https://openalex.org/C203062551","wikidata":"https://www.wikidata.org/wiki/Q201339","display_name":"Public-key cryptography","level":3,"score":0.24391373991966248},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.1974063515663147},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.17085397243499756},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.16527089476585388},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.10404890775680542},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2810103.2813665","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2810103.2813665","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9","score":0.5600000023841858}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":15,"referenced_works":["https://openalex.org/W94487276","https://openalex.org/W152854583","https://openalex.org/W1976919795","https://openalex.org/W2011291101","https://openalex.org/W2037109870","https://openalex.org/W2094609823","https://openalex.org/W2104899073","https://openalex.org/W2105992533","https://openalex.org/W2116876232","https://openalex.org/W2118698746","https://openalex.org/W2138644293","https://openalex.org/W2143251458","https://openalex.org/W2145994642","https://openalex.org/W2187211701","https://openalex.org/W2294157280"],"related_works":["https://openalex.org/W2152646546","https://openalex.org/W2892927944","https://openalex.org/W4389077034","https://openalex.org/W2389225248","https://openalex.org/W2168592352","https://openalex.org/W37565775","https://openalex.org/W4283656462","https://openalex.org/W1517811384","https://openalex.org/W1738323469","https://openalex.org/W791333163"],"abstract_inverted_index":{"Code":[0],"signing":[1,40,71,202],"is":[2,133],"a":[3,33,53,78,106,232],"solution":[4],"to":[5,27,113],"verify":[6],"the":[7,43,66,150,200,205],"integrity":[8],"of":[9,36,45,68,152,164,169,178,183,204,222],"software":[10],"and":[11,22,104,130,159,167,175,181,216,219],"its":[12],"publisher's":[13],"identity,":[14],"but":[15],"it":[16],"can":[17],"be":[18],"abused":[19],"by":[20,48],"malware":[21,61,132,171,179],"potentially":[23,87],"unwanted":[24],"programs":[25],"(PUP)":[26],"look":[28],"benign.":[29],"This":[30],"work":[31],"performs":[32],"systematic":[34],"analysis":[35,121],"Windows":[37],"Authenticode":[38,57],"code":[39,70,201],"abuse,":[41],"evaluating":[42],"effectiveness":[44,151],"existing":[46],"defenses":[47,154],"certification":[49],"authorities.":[50],"We":[51,73,80,109,138,148,189,198],"identify":[52],"problematic":[54],"scenario":[55],"in":[56,145],"where":[58],"timestamped":[59],"signed":[60,125,136,165,170],"successfully":[62],"validates":[63],"even":[64],"after":[65],"revocation":[67,196],"their":[69],"certificate.":[72],"propose":[74],"hard":[75],"revocations":[76,192],"as":[77,156],"solution.":[79],"build":[81],"an":[82,194],"infrastructure":[83,112,203,229],"that":[84,123,131,162,211,220],"automatically":[85],"analyzes":[86],"malicious":[88],"executables,":[89],"selects":[90],"those":[91],"signed,":[92],"clusters":[93],"them":[94,223],"into":[95],"operations,":[96],"determines":[97],"if":[98],"they":[99,212],"are":[100,127],"PUP":[101,128,140,166,184,208],"or":[102],"malware,":[103],"produces":[105],"certificate":[107,217,233],"blacklist.":[108],"use":[110,172,214],"our":[111,146],"evaluate":[114],"356":[115],"K":[116],"samples":[117,126],"from":[118],"2006-2015.":[119],"Our":[120,228],"shows":[122],"most":[124,191],"(88%-95%)":[129],"not":[134],"commonly":[135],"(5%-12%).":[137],"observe":[139,190],"rapidly":[141],"increasing":[142],"over":[143],"time":[144],"corpus.":[147],"measure":[149],"CA":[153],"such":[155],"identity":[157],"checks":[158],"revocation,":[160],"finding":[161],"99.8%":[163],"37%":[168],"CA-issued":[173],"certificates":[174,180,185,226],"only":[176],"17%":[177],"15%":[182],"have":[186,224],"been":[187],"revoked.":[188,227],"lack":[193],"accurate":[195],"reason.":[197],"analyze":[199],"10":[206],"largest":[207],"operations":[209],"exposing":[210],"heavily":[213],"file":[215],"polymorphism":[218],"7":[221],"multiple":[225],"also":[230],"generates":[231],"blacklist":[234],"9x":[235],"larger":[236],"than":[237],"current":[238],"ones.":[239]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":7},{"year":2020,"cited_by_count":8},{"year":2019,"cited_by_count":4},{"year":2018,"cited_by_count":5},{"year":2017,"cited_by_count":4},{"year":2016,"cited_by_count":4}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2016-06-24T00:00:00"}