{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,16]],"date-time":"2026-05-16T01:49:01Z","timestamp":1778896141996,"version":"3.51.4"},"publisher-location":"Cham","reference-count":33,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031823619","type":"print"},{"value":"9783031823626","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-82362-6_10","type":"book-chapter","created":{"date-parts":[[2025,4,1]],"date-time":"2025-04-01T09:58:43Z","timestamp":1743501523000},"page":"149-170","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["On the\u00a0Robustness of\u00a0Malware Detectors to\u00a0Adversarial Samples"],"prefix":"10.1007","author":[{"given":"Muhammad","family":"Salman","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Benjamin Zi Hao","family":"Zhao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hassan Jameel","family":"Asghar","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Muhammad","family":"Ikram","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sidharth","family":"Kaushik","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mohamed Ali","family":"Kaafar","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,4,1]]},"reference":[{"key":"10_CR1","doi-asserted-by":"crossref","unstructured":"Carlini, N., Wagner, D.: Towards evaluating the robustness of neural networks. In: IEEE S &P 2017 (2017)","DOI":"10.1109\/SP.2017.49"},{"key":"10_CR2","doi-asserted-by":"crossref","unstructured":"Zhang, W.E., Sheng, Q.Z., Alhazmi, A., Li, C.: Adversarial attacks on deep-learning models in natural language processing: a survey. In: ACM TIST 2020 (2020)","DOI":"10.1145\/3374217"},{"key":"10_CR3","doi-asserted-by":"crossref","unstructured":"Dahl, G.E., Stokes, J.W., Deng, L., Yu, D.: Large-scale malware classification using random projections and neural networks. In: IEEE ICASSP 2013 (2013)","DOI":"10.1109\/ICASSP.2013.6638293"},{"key":"10_CR4","doi-asserted-by":"crossref","unstructured":"Grosse, K., Papernot, N., Manoharan, P., Backes, M., McDaniel, P.: Adversarial perturbations against deep neural networks for malware classification. arXiv preprint arXiv:1606.04435 (2016)","DOI":"10.1109\/SP.2016.41"},{"key":"10_CR5","unstructured":"Tram\u00e8r, F., Papernot, N., Goodfellow, I., Boneh, D., McDaniel, P.: The space of transferable adversarial examples. arXiv preprint arXiv:1704.03453 (2017)"},{"key":"10_CR6","doi-asserted-by":"crossref","unstructured":"Suciu, O., Coull, S.E., Johns, J.: Exploring adversarial examples in malware detection. In: IEEE SPW 2019 (2019)","DOI":"10.1109\/SPW.2019.00015"},{"key":"10_CR7","doi-asserted-by":"crossref","unstructured":"Hu, Y., Wang, N., Chen, Y., Lou, W., Hou, Y.T.: Transferability of adversarial examples in machine learning-based malware detection. In: CNS 2022 (2022)","DOI":"10.1109\/CNS56114.2022.9947226"},{"key":"10_CR8","unstructured":"DinoTools: \u201cssdeep 3.4.\u201d, March 2024. https:\/\/pypi.org\/project\/ssdeep\/"},{"key":"10_CR9","doi-asserted-by":"crossref","unstructured":"Lucas, K., Sharif, M., Bauer, L., Reiter, M.K., Shintre, S.: Malware makeover: breaking ml-based static analysis by modifying executable bytes. In: AsiaCCS 2021 (2021)","DOI":"10.1145\/3433210.3453086"},{"key":"10_CR10","unstructured":"Ebrahimi, M., Zhang, N., Hu, J., Raza, M.T., Chen, H.: Binary black-box evasion attacks against deep learning-based static malware detectors with adversarial byte-level language model. In: RSEML 2021 (2021)"},{"key":"10_CR11","doi-asserted-by":"crossref","unstructured":"Pierazzi, F., Pendlebury, F., Cortellazzi, J., Cavallaro, L.: Intriguing properties of adversarial ml attacks in the problem space. In: IEEE S &P 2020 (2020)","DOI":"10.1109\/SP40000.2020.00073"},{"key":"10_CR12","unstructured":"Anderson, H.S., Kharkar, A., Filar, B., Evans, D., Roth, P.: Learning to evade static PE machine learning malware models via reinforcement learning. arXiv preprint arXiv:1801.08917 (2018)"},{"key":"10_CR13","unstructured":"Raff, E., Barker, J., Sylvester, J., Brandon, R., Catanzaro, B., Nicholas, C.K.: Malware detection by eating a whole exe. In: Workshops at AAAI (2018)"},{"key":"10_CR14","unstructured":"Anderson, H.S., Roth, P.: EMBER: an open dataset for training static PE malware machine learning models. arXiv e-prints (2018)"},{"key":"10_CR15","unstructured":"Thomas, R.: LIEF - library to instrument executable formats, April 2017. https:\/\/lief.quarkslab.com\/"},{"key":"10_CR16","unstructured":"Marcelli, A., Graziano, M., Ugarte-Pedrero, X., Fratantonio, Y., Mansouri, M., Balzarotti, D.: How machine learning is solving the binary function similarity problem. In: USENIX Security 2022 (2022)"},{"key":"10_CR17","doi-asserted-by":"crossref","unstructured":"Yujian, L., Bo, L.: A normalized Levenshtein distance metric. In: TPAML 2007 (2007)","DOI":"10.1109\/TPAMI.2007.1078"},{"key":"10_CR18","doi-asserted-by":"crossref","unstructured":"Pappas, V., Polychronakis, M., Keromytis, A.D.: Smashing the gadgets: hindering return-oriented programming using in-place code randomization. In: IEEE S &P, pp.\u00a0601\u2013615. IEEE (2012)","DOI":"10.1109\/SP.2012.41"},{"key":"10_CR19","doi-asserted-by":"crossref","unstructured":"Koo, H., Polychronakis, M.: Juggling the gadgets: binary-level code randomization using instruction displacement. In: AsiaCCS 2016 (2016)","DOI":"10.1145\/2897845.2897863"},{"key":"10_CR20","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, D.: Semantics-aware malware detection. In: IEEE S &P 2005 (2005)","DOI":"10.1109\/SP.2005.20"},{"key":"10_CR21","unstructured":"keenlooks: Malware Makeover. https:\/\/github.com\/pwwl\/enhanced-binary-diversification. Accessed 13 Mar 2024"},{"key":"10_CR22","unstructured":"Demetrio, L., Biggio, B., Lagorio, G., Roli, F., Armando, A.: Explaining vulnerabilities of deep learning to adversarial malware binaries. arXiv preprint arXiv:1901.03583 (2019)"},{"key":"10_CR23","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1016\/j.diin.2006.06.015","volume":"3","author":"J Kornblum","year":"2006","unstructured":"Kornblum, J.: Identifying almost identical files using context triggered piecewise hashing. Digit. Investig. 3, 91\u201397 (2006)","journal-title":"Digit. Investig."},{"key":"10_CR24","doi-asserted-by":"crossref","unstructured":"Baier, H., Breitinger, F.: Security aspects of piecewise hashing in computer forensics. In: ISIMIF 2011 (2011)","DOI":"10.1109\/IMF.2011.16"},{"key":"10_CR25","unstructured":"Harang, R., Rudd, E.M.: Sorel-20m: a large scale benchmark dataset for malicious PE detection (2020)"},{"key":"10_CR26","unstructured":"Hex Rays: Ida. https:\/\/hex-rays.com\/. Accessed 07 Mar 2024"},{"key":"10_CR27","unstructured":"Elastic Malware Benchmark: Ember. https:\/\/github.com\/elastic\/ember\/blob\/master\/ember\/features.py. Accessed 07 Mar 2024"},{"key":"10_CR28","doi-asserted-by":"crossref","unstructured":"Kurakin, A., Goodfellow, I.J., Bengio, S.: Adversarial examples in the physical world. In: AISS 2018 (2018)","DOI":"10.1201\/9781351251389-8"},{"key":"10_CR29","doi-asserted-by":"crossref","unstructured":"Yuan, X., He, P., Zhu, Q., Li, X.: Adversarial examples: attacks and defenses for deep learning. In: TNNLS 2019 (2019)","DOI":"10.1109\/TNNLS.2018.2886017"},{"key":"10_CR30","unstructured":"Demontis, A., et al.: Why do adversarial attacks transfer? Explaining transferability of evasion and poisoning attacks. In: 28th USENIX security symposium (USENIX security 19), pp.\u00a0321\u2013338 (2019)"},{"key":"10_CR31","doi-asserted-by":"crossref","unstructured":"Zhang, Y., Li, H., Zheng, Y., Yao, S., Jiang, J.: Enhanced DNNs for malware classification with GAN-based adversarial training. In: JCVMT 2021 (2021)","DOI":"10.1007\/s11416-021-00378-y"},{"key":"10_CR32","unstructured":"Lucas, K., Pai, S., Lin, W., Bauer, L., Reiter, M.K., Sharif, M.: Adversarial training for $$\\{$$Raw-Binary$$\\}$$ malware classifiers. In: USENIX Security 2023 (2023)"},{"key":"10_CR33","doi-asserted-by":"crossref","unstructured":"Struppek, L., Hintersdorf, D., Neider, D., Kersting, K.: Learning to break deep perceptual hashing: the use case NeuralHash. In: ACM FAT 2022 (2022)","DOI":"10.1145\/3531146.3533073"}],"container-title":["Lecture Notes in Computer Science","Computer Security. ESORICS 2024 International Workshops"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-82362-6_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,6]],"date-time":"2025-09-06T08:40:39Z","timestamp":1757148039000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-82362-6_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031823619","9783031823626"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-82362-6_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"1 April 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bydgoszcz","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Poland","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 September 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 September 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/esorics2024.org","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}