{"id":"https://openalex.org/W4389208975","doi":"https://doi.org/10.1145/3611643.3616309","title":"Mate! Are You Really Aware? An Explainability-Guided Testing Framework for Robustness of Malware Detectors","display_name":"Mate! Are You Really Aware? An Explainability-Guided Testing Framework for Robustness of Malware Detectors","publication_year":2023,"publication_date":"2023-11-30","ids":{"openalex":"https://openalex.org/W4389208975","doi":"https://doi.org/10.1145/3611643.3616309"},"language":"en","primary_location":{"id":"doi:10.1145/3611643.3616309","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3611643.3616309","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5023380459","display_name":"Ruoxi Sun","orcid":"https://orcid.org/0000-0001-5404-8550"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Ruoxi Sun","raw_affiliation_strings":["CSIRO's Data61, Adelaide, Australia"],"raw_orcid":"https://orcid.org/0000-0001-5404-8550","affiliations":[{"raw_affiliation_string":"CSIRO's Data61, Adelaide, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5009850797","display_name":"Minhui Xue","orcid":"https://orcid.org/0000-0002-9172-4252"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Minhui Xue","raw_affiliation_strings":["CSIRO's Data61, Sydney, Australia / Cybersecurity CRC, Sydney, Australia"],"raw_orcid":"https://orcid.org/0000-0002-9172-4252","affiliations":[{"raw_affiliation_string":"CSIRO's Data61, Sydney, Australia / Cybersecurity CRC, Sydney, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5023313904","display_name":"Gareth Tyson","orcid":"https://orcid.org/0000-0003-3010-791X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Gareth Tyson","raw_affiliation_strings":["Hong Kong University of Science and Technology (GZ), Guangzhou, China"],"raw_orcid":"https://orcid.org/0000-0003-3010-791X","affiliations":[{"raw_affiliation_string":"Hong Kong University of Science and Technology (GZ), Guangzhou, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5114546944","display_name":"Tian Dong","orcid":"https://orcid.org/0009-0004-6442-8716"},"institutions":[{"id":"https://openalex.org/I183067930","display_name":"Shanghai Jiao Tong University","ror":"https://ror.org/0220qvk04","country_code":"CN","type":"education","lineage":["https://openalex.org/I183067930"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Tian Dong","raw_affiliation_strings":["Shanghai Jiao Tong University, Shanghai, China"],"raw_orcid":"https://orcid.org/0009-0004-6442-8716","affiliations":[{"raw_affiliation_string":"Shanghai Jiao Tong University, Shanghai, China","institution_ids":["https://openalex.org/I183067930"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101513174","display_name":"Shaofeng Li","orcid":"https://orcid.org/0000-0002-1491-4319"},"institutions":[{"id":"https://openalex.org/I4210136793","display_name":"Peng Cheng Laboratory","ror":"https://ror.org/03qdqbt06","country_code":"CN","type":"facility","lineage":["https://openalex.org/I4210136793"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shaofeng Li","raw_affiliation_strings":["Peng Cheng Laboratory, Shenzhen, China"],"raw_orcid":"https://orcid.org/0000-0002-1491-4319","affiliations":[{"raw_affiliation_string":"Peng Cheng Laboratory, Shenzhen, China","institution_ids":["https://openalex.org/I4210136793"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100400133","display_name":"Shuo Wang","orcid":"https://orcid.org/0000-0001-8938-2364"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Shuo Wang","raw_affiliation_strings":["CSIRO's Data61, Sydney, Australia / Cybersecurity CRC, Sydney, Australia"],"raw_orcid":"https://orcid.org/0000-0001-8938-2364","affiliations":[{"raw_affiliation_string":"CSIRO's Data61, Sydney, Australia / Cybersecurity CRC, Sydney, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5039106671","display_name":"Haojin Zhu","orcid":"https://orcid.org/0000-0001-5079-4556"},"institutions":[{"id":"https://openalex.org/I183067930","display_name":"Shanghai Jiao Tong University","ror":"https://ror.org/0220qvk04","country_code":"CN","type":"education","lineage":["https://openalex.org/I183067930"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Haojin Zhu","raw_affiliation_strings":["Shanghai Jiao Tong University, Shanghai, China"],"raw_orcid":"https://orcid.org/0000-0001-5079-4556","affiliations":[{"raw_affiliation_string":"Shanghai Jiao Tong University, Shanghai, China","institution_ids":["https://openalex.org/I183067930"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084022157","display_name":"Seyit Camtepe","orcid":"https://orcid.org/0000-0001-6353-8359"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Seyit Camtepe","raw_affiliation_strings":["CSIRO's Data61, Sydney, Australia / Cybersecurity CRC, Sydney, Australia"],"raw_orcid":"https://orcid.org/0000-0001-6353-8359","affiliations":[{"raw_affiliation_string":"CSIRO's Data61, Sydney, Australia / Cybersecurity CRC, Sydney, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5082256444","display_name":"\u202aSurya Nepal\u202c","orcid":"https://orcid.org/0000-0002-3289-6599"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Surya Nepal","raw_affiliation_strings":["CSIRO's Data61, Sydney, Australia / Cybersecurity CRC, Sydney, Australia"],"raw_orcid":"https://orcid.org/0000-0002-3289-6599","affiliations":[{"raw_affiliation_string":"CSIRO's Data61, Sydney, Australia / Cybersecurity CRC, Sydney, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":9,"corresponding_author_ids":["https://openalex.org/A5023380459"],"corresponding_institution_ids":["https://openalex.org/I1292875679","https://openalex.org/I42894916"],"apc_list":null,"apc_paid":null,"fwci":2.4946,"has_fulltext":false,"cited_by_count":13,"citation_normalized_percentile":{"value":0.90578768,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1573","last_page":"1585"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.994700014591217,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.9156280159950256},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.8177688121795654},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7730690240859985},{"id":"https://openalex.org/keywords/detector","display_name":"Detector","score":0.7105557322502136},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.49217692017555237},{"id":"https://openalex.org/keywords/transferability","display_name":"Transferability","score":0.44401097297668457},{"id":"https://openalex.org/keywords/android-malware","display_name":"Android malware","score":0.4227389693260193},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.41217565536499023},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4061250388622284},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.3866180181503296}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.9156280159950256},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.8177688121795654},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7730690240859985},{"id":"https://openalex.org/C94915269","wikidata":"https://www.wikidata.org/wiki/Q1834857","display_name":"Detector","level":2,"score":0.7105557322502136},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.49217692017555237},{"id":"https://openalex.org/C61272859","wikidata":"https://www.wikidata.org/wiki/Q7834031","display_name":"Transferability","level":3,"score":0.44401097297668457},{"id":"https://openalex.org/C2989133298","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android malware","level":3,"score":0.4227389693260193},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.41217565536499023},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4061250388622284},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3866180181503296},{"id":"https://openalex.org/C140331021","wikidata":"https://www.wikidata.org/wiki/Q1868104","display_name":"Logit","level":2,"score":0.0},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/3611643.3616309","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3611643.3616309","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering","raw_type":"proceedings-article"},{"id":"pmh:oai:repository.hkust.edu.hk:1783.1-136648","is_oa":false,"landing_page_url":"http://repository.hkust.edu.hk/ir/Record/1783.1-136648","pdf_url":null,"source":{"id":"https://openalex.org/S4306401796","display_name":"Rare & Special e-Zone (The Hong Kong University of Science and Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I200769079","host_organization_name":"Hong Kong University of Science and Technology","host_organization_lineage":["https://openalex.org/I200769079"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Conference paper"},{"id":"pmh:oai:qmro.qmul.ac.uk:123456789/94619","is_oa":false,"landing_page_url":"https://qmro.qmul.ac.uk/xmlui/handle/123456789/94619","pdf_url":null,"source":{"id":"https://openalex.org/S4306400530","display_name":"Queen Mary Research Online (Queen Mary University of London)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I166337079","host_organization_name":"Queen Mary University of London","host_organization_lineage":["https://openalex.org/I166337079"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Conference Proceeding"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.7300000190734863,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320315885","display_name":"Australian Government","ror":"https://ror.org/0314h5y94"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":30,"referenced_works":["https://openalex.org/W1892063863","https://openalex.org/W2046185165","https://openalex.org/W2122672392","https://openalex.org/W2167003418","https://openalex.org/W2282821441","https://openalex.org/W2308726246","https://openalex.org/W2473418344","https://openalex.org/W2611170103","https://openalex.org/W2744095836","https://openalex.org/W2752929869","https://openalex.org/W2783327762","https://openalex.org/W2794652108","https://openalex.org/W2798302089","https://openalex.org/W2804093830","https://openalex.org/W2849849680","https://openalex.org/W2885070483","https://openalex.org/W2932089240","https://openalex.org/W2934018981","https://openalex.org/W2963857521","https://openalex.org/W2963952467","https://openalex.org/W2964136807","https://openalex.org/W3014290757","https://openalex.org/W3015481738","https://openalex.org/W3016369654","https://openalex.org/W3090219579","https://openalex.org/W3164220323","https://openalex.org/W3198941561","https://openalex.org/W4281385582","https://openalex.org/W4302442766","https://openalex.org/W4385080387"],"related_works":["https://openalex.org/W4288055406","https://openalex.org/W4200630034","https://openalex.org/W3137894200","https://openalex.org/W3092178728","https://openalex.org/W4226402597","https://openalex.org/W3132910851","https://openalex.org/W4377864639","https://openalex.org/W4392340763","https://openalex.org/W4283325551","https://openalex.org/W4403006689"],"abstract_inverted_index":{"Numerous":[0],"open-source":[1],"and":[2,35,136,156],"commercial":[3,94],"malware":[4,18,42,62,83,109,161,175],"detectors":[5,43,162],"are":[6,97],"available.":[7],"However,":[8],"their":[9],"efficacy":[10],"is":[11],"threatened":[12],"by":[13,24,117],"new":[14],"adversarial":[15,47],"attacks,":[16],"whereby":[17],"attempts":[19],"to":[20,59,67,79,86,99,114,151],"evade":[21,115],"detection,":[22],"e.g.,":[23],"performing":[25],"feature-space":[26,149],"manipulation.":[27],"In":[28],"this":[29,77],"work,":[30],"we":[31],"propose":[32],"an":[33],"explainability-guided":[34],"model-agnostic":[36],"testing":[37],"framework":[38,50,78],"for":[39],"robustness":[40,159],"of":[41,54,71,106,126,144,148,160,173],"when":[44],"confronted":[45],"with":[46,128],"attacks.":[48,165],"The":[49],"introduces":[51],"the":[52,69,104,124,133,142,153,158,171],"concept":[53],"Accrued":[55],"Malicious":[56],"Magnitude":[57],"(AMM)":[58],"identify":[60],"which":[61],"features":[63,127,145],"could":[64],"be":[65,183],"manipulated":[66,88,108],"maximize":[68],"likelihood":[70],"evading":[72],"detection.":[73],"We":[74,90],"then":[75],"use":[76],"test":[80,101],"several":[81],"state-of-the-art":[82],"detectors'":[84],"ability":[85,105],"detect":[87],"malware.":[89],"find":[91],"that":[92],"(i)":[93],"antivirus":[95],"engines":[96],"vulnerable":[98],"AMM-guided":[100],"cases;":[102],"(ii)":[103],"a":[107],"generated":[110],"using":[111],"one":[112],"detector":[113,119],"detection":[116],"another":[118],"(i.e.,":[120,146],"transferability)":[121],"depends":[122],"on":[123,170],"overlap":[125],"large":[129],"AMM":[130,138],"values":[131,139],"between":[132],"different":[134],"detectors;":[135],"(iii)":[137],"effectively":[140],"measure":[141],"fragility":[143],"capability":[147],"manipulation":[150],"flip":[152],"prediction":[154],"results)":[155],"explain":[157],"facing":[163],"evasion":[164],"Our":[166],"findings":[167],"shed":[168],"light":[169],"limitations":[172],"current":[174],"detectors,":[176],"as":[177,179],"well":[178],"how":[180],"they":[181],"can":[182],"improved.":[184]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":1}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}