{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T17:58:46Z","timestamp":1742925526565,"version":"3.40.3"},"publisher-location":"Cham","reference-count":28,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031541285"},{"type":"electronic","value":"9783031541292"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-54129-2_40","type":"book-chapter","created":{"date-parts":[[2024,3,11]],"date-time":"2024-03-11T22:03:15Z","timestamp":1710194595000},"page":"683-699","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Towards a\u00a0Practical Defense Against Adversarial Attacks on\u00a0Deep Learning-Based Malware Detectors via\u00a0Randomized Smoothing"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2448-1297","authenticated-orcid":false,"given":"Daniel","family":"Gibert","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Giulio","family":"Zizzo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Quan","family":"Le","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,3,12]]},"reference":[{"key":"40_CR1","doi-asserted-by":"publisher","unstructured":"Ahmadi, M., Ulyanov, D., Semenov, S., Trofimov, M., Giacinto, G.: Novel feature extraction, selection and fusion for effective malware family classification. In: Bertino, E., Sandhu, R.S., Pretschner, A. (eds.) Proceedings of the Sixth ACM on Conference on Data and Application Security and Privacy, CODASPY 2016, New Orleans, LA, USA, March 9\u201311, 2016, pp. 183\u2013194. ACM (2016). https:\/\/doi.org\/10.1145\/2857705.2857713","DOI":"10.1145\/2857705.2857713"},{"key":"40_CR2","unstructured":"Anderson, H.S., Roth, P.: EMBER: An Open Dataset for Training Static PE Malware Machine Learning Models. ArXiv e-prints (2018)"},{"key":"40_CR3","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"387","DOI":"10.1007\/978-3-642-40994-3_25","volume-title":"Machine Learning and Knowledge Discovery in Databases","author":"B Biggio","year":"2013","unstructured":"Biggio, B., et al.: Evasion attacks against machine learning at test time. In: Blockeel, H., Kersting, K., Nijssen, S., \u017delezn\u00fd, F. (eds.) ECML PKDD 2013. LNCS (LNAI), vol. 8190, pp. 387\u2013402. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40994-3_25"},{"key":"40_CR4","unstructured":"Cohen, J.M., Rosenfeld, E., Kolter, J.Z.: Certified adversarial robustness via randomized smoothing. In: Chaudhuri, K., Salakhutdinov, R. (eds.) Proceedings of the 36th International Conference on Machine Learning, ICML 2019, 9\u201315 June 2019, Long Beach, California, USA. Proceedings of Machine Learning Research, vol. 97, pp. 1310\u20131320. PMLR (2019). http:\/\/proceedings.mlr.press\/v97\/cohen19c.html"},{"key":"40_CR5","doi-asserted-by":"publisher","unstructured":"Demetrio, L., Biggio, B., Lagorio, G., Roli, F., Armando, A.: Functionality-preserving black-box optimization of adversarial windows malware. IEEE Trans. Inf. Forensics Secur. 16, 3469\u20133478 (2021). https:\/\/doi.org\/10.1109\/TIFS.2021.3082330","DOI":"10.1109\/TIFS.2021.3082330"},{"key":"40_CR6","doi-asserted-by":"crossref","unstructured":"Demetrio, L., Biggio, B., Lagorio, G., Roli, F., Armando, A.: Functionality-preserving black-box optimization of adversarial windows malware. IEEE Trans. Inf. Forensics Secur. 16, 3469\u20133478 (2021)","DOI":"10.1109\/TIFS.2021.3082330"},{"key":"40_CR7","doi-asserted-by":"crossref","unstructured":"Demetrio, L., Coull, S.E., Biggio, B., Lagorio, G., Armando, A., Roli, F.: Adversarial examples: a survey and experimental evaluation of practical attacks on machine learning for windows malware detection. ACM Trans. Priv. Secur. 27, 1\u201331 (2021)","DOI":"10.1145\/3473039"},{"key":"40_CR8","doi-asserted-by":"publisher","unstructured":"Gibert, D., B\u00e9jar, J., Mateu, C., Planes, J., Solis, D., Vicens, R.: Convolutional neural networks for classification of malware assembly code. In: Aguil\u00f3, I., Alqu\u00e9zar, R., Angulo, C., Ortiz, A., Torrens, J. (eds.) Recent Advances in Artificial Intelligence Research and Development - Proceedings of the 20th International Conference of the Catalan Association for Artificial Intelligence, Deltebre, Terres de l\u2019Ebre, Spain, October 25\u201327, 2017. Frontiers in Artificial Intelligence and Applications, vol. 300, pp. 221\u2013226. IOS Press (2017). https:\/\/doi.org\/10.3233\/978-1-61499-806-8-221","DOI":"10.3233\/978-1-61499-806-8-221"},{"key":"40_CR9","doi-asserted-by":"publisher","unstructured":"Gibert, D., Planes, J., Mateu, C., Le, Q.: Fusing feature engineering and deep learning: a case study for malware classification. Expert Syst. Appl. 207, 117957 (2022). https:\/\/doi.org\/10.1016\/j.eswa.2022.117957, https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0957417422011927","DOI":"10.1016\/j.eswa.2022.117957"},{"key":"40_CR10","unstructured":"Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. In: Bengio, Y., LeCun, Y. (eds.) 3rd International Conference on Learning Representations, ICLR 2015, San Diego, CA, USA, May 7\u20139, 2015, Conference Track Proceedings (2015). http:\/\/arxiv.org\/abs\/1412.6572"},{"key":"40_CR11","doi-asserted-by":"publisher","unstructured":"Kolosnjaji, B., et al.: Adversarial malware binaries: Evading deep learning for malware detection in executables. In: 26th European Signal Processing Conference, EUSIPCO 2018, Roma, Italy, September 3\u20137, 2018, pp. 533\u2013537. IEEE (2018). https:\/\/doi.org\/10.23919\/EUSIPCO.2018.8553214","DOI":"10.23919\/EUSIPCO.2018.8553214"},{"key":"40_CR12","unstructured":"Kreuk, F., Barak, A., Aviv-Reuven, S., Baruch, M., Pinkas, B., Keshet, J.: Adversarial examples on discrete sequences for beating whole-binary malware detection. CoRR abs\/1802.04528 (2018). http:\/\/arxiv.org\/abs\/1802.04528"},{"key":"40_CR13","unstructured":"Kr\u010d\u00e1l, M., \u0160vec, O., B\u00e1lek, M., Ja\u0161ek, O.: Deep convolutional malware classifiers can learn from raw executables and labels only (2018). https:\/\/openreview.net\/pdf?id=HkHrmM1PM"},{"key":"40_CR14","doi-asserted-by":"publisher","unstructured":"L\u00e9cuyer, M., Atlidakis, V., Geambasu, R., Hsu, D., Jana, S.: Certified robustness to adversarial examples with differential privacy. In: 2019 IEEE Symposium on Security and Privacy, SP 2019, San Francisco, CA, USA, May 19\u201323, 2019, pp. 656\u2013672. IEEE (2019). https:\/\/doi.org\/10.1109\/SP.2019.00044","DOI":"10.1109\/SP.2019.00044"},{"key":"40_CR15","unstructured":"Li, B., Chen, C., Wang, W., Carin, L.: Certified adversarial robustness with additive noise. In: Wallach, H.M., Larochelle, H., Beygelzimer, A., d\u2019Alch\u00e9-Buc, F., Fox, E.B., Garnett, R. (eds.) Advances in Neural Information Processing Systems 32: Annual Conference on Neural Information Processing Systems 2019, NeurIPS 2019(December), pp. 8\u201314, 2019. Vancouver, BC, Canada, pp. 9459\u20139469 (2019), https:\/\/proceedings.neurips.cc\/paper\/2019\/hash\/335cd1b90bfa4ee70b39d08a4ae0cf2d-Abstract.html"},{"issue":"1","key":"40_CR16","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3484491","volume":"55","author":"D Li","year":"2021","unstructured":"Li, D., Li, Q., Ye, Y., Xu, S.: Arms race in adversarial malware detection: a survey. ACM Comput. Surv. (CSUR) 55(1), 1\u201335 (2021). https:\/\/doi.org\/10.1145\/3484491","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"40_CR17","unstructured":"Lucas, K., Pai, S., Lin, W., Bauer, L., Reiter, M.K., Sharif, M.: Adversarial training for raw-binary malware classifiers. In: Proceedings of the 32nd USENIX Security Symposium. USENIX (2023). to appear"},{"key":"40_CR18","doi-asserted-by":"publisher","unstructured":"Lucas, K., Sharif, M., Bauer, L., Reiter, M.K., Shintre, S.: Malware makeover: breaking ml-based static analysis by modifying executable bytes. In: Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security, pp. 744\u2013758. ASIA CCS 2021, Association for Computing Machinery, New York, NY, USA (2021). https:\/\/doi.org\/10.1145\/3433210.3453086","DOI":"10.1145\/3433210.3453086"},{"key":"40_CR19","unstructured":"Paszke, A., et al.: PyTorch: an imperative style, high-performance deep learning library. In: Wallach, H., Larochelle, H., Beygelzimer, A., d\u2019Alch\u00e9-Buc, F., Fox, E., Garnett, R. (eds.) Advances in Neural Information Processing Systems, vol. 32, pp. 8024\u20138035. Curran Associates, Inc. (2019). http:\/\/papers.neurips.cc\/paper\/9015-pytorch-an-imperative-style-high-performance-deep-learning-library.pdf"},{"key":"40_CR20","unstructured":"Raff, E., Barker, J., Sylvester, J., Brandon, R., Catanzaro, B., Nicholas, C.K.: Malware detection by eating a whole EXE. In: The Workshops of the The Thirty-Second AAAI Conference on Artificial Intelligence, New Orleans, Louisiana, USA, February 2\u20137, 2018. AAAI Technical Report, vol. WS-18, pp. 268\u2013276. AAAI Press (2018). https:\/\/aaai.org\/ocs\/index.php\/WS\/AAAIW18\/paper\/view\/16422"},{"key":"40_CR21","unstructured":"Rudd, E.M., Ducau, F.N., Wild, C., Berlin, K., Harang, R.: ALOHA: auxiliary loss optimization for hypothesis augmentation. In: 28th USENIX Security Symposium (USENIX Security 19), pp. 303\u2013320. USENIX Association, Santa Clara, CA (2019). https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/rudd"},{"key":"40_CR22","doi-asserted-by":"publisher","unstructured":"Saxe, J., Berlin, K.: Deep neural network based malware detection using two dimensional binary program features. In: 10th International Conference on Malicious and Unwanted Software, MALWARE 2015, Fajardo, PR, USA, October 20\u201322, 2015, pp. 11\u201320. IEEE Computer Society (2015). https:\/\/doi.org\/10.1109\/MALWARE.2015.7413680","DOI":"10.1109\/MALWARE.2015.7413680"},{"key":"40_CR23","doi-asserted-by":"publisher","unstructured":"Suciu, O., Coull, S.E., Johns, J.: Exploring adversarial examples in malware detection. In: 2019 IEEE Security and Privacy Workshops, SP Workshops 2019, San Francisco, CA, USA, May 19\u201323, 2019, pp. 8\u201314. IEEE (2019). https:\/\/doi.org\/10.1109\/SPW.2019.00015","DOI":"10.1109\/SPW.2019.00015"},{"key":"40_CR24","unstructured":"Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I.J., Fergus, R.: Intriguing properties of neural networks. In: Bengio, Y., LeCun, Y. (eds.) 2nd International Conference on Learning Representations, ICLR 2014, Banff, AB, Canada, April 14\u201316, 2014, Conference Track Proceedings (2014). http:\/\/arxiv.org\/abs\/1312.6199"},{"key":"40_CR25","doi-asserted-by":"publisher","unstructured":"Wu, H., Wang, C., Tyshetskiy, Y., Docherty, A., Lu, K., Zhu, L.: Adversarial examples for graph data: deep insights into attack and defense. In: Proceedings of the Twenty-Eighth International Joint Conference on Artificial Intelligence, IJCAI-19, pp. 4816\u20134823. International Joint Conferences on Artificial Intelligence Organization (2019). https:\/\/doi.org\/10.24963\/ijcai.2019\/669","DOI":"10.24963\/ijcai.2019\/669"},{"key":"40_CR26","doi-asserted-by":"crossref","unstructured":"Yang, L., Ciptadi, A., Laziuk, I., Ahmadzadeh, A., Wang, G.: BODMAS: an open dataset for learning based temporal analysis of PE malware. In: 4th Deep Learning and Security Workshop (2021)","DOI":"10.1109\/SPW53761.2021.00020"},{"key":"40_CR27","unstructured":"Yang, P., Chen, J., Hsieh, C.J., Wang, J.L., Jordan, M.I.: Greedy attack and Gumbel attack: generating adversarial examples for discrete data. J. Mach. Learn. Res. 21(1), 1613\u20131648 (2020)"},{"key":"40_CR28","doi-asserted-by":"publisher","unstructured":"Yuste, J., Pardo, E.G., Tapiador, J.: Optimization of code caves in malware binaries to evade machine learning detectors. Comput. Secur. 116, 102643 (2022). https:\/\/doi.org\/10.1016\/j.cose.2022.102643, https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0167404822000426","DOI":"10.1016\/j.cose.2022.102643"}],"container-title":["Lecture Notes in Computer Science","Computer Security. ESORICS 2023 International Workshops"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-54129-2_40","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,11]],"date-time":"2024-03-11T22:08:45Z","timestamp":1710194925000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-54129-2_40"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031541285","9783031541292"],"references-count":28,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-54129-2_40","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"12 March 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"The BODMAS dataset is available to the public and the source code of our approach is available under the MIT License at the following repository .","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Data and Code Availability"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"The Hague","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"The Netherlands","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 September 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 September 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/esorics2023.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"478","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"93","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"19% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3-4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"10","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}