{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,16]],"date-time":"2025-05-16T04:07:21Z","timestamp":1747368441711,"version":"3.40.5"},"publisher-location":"Cham","reference-count":40,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031928819","type":"print"},{"value":"9783031928826","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-92882-6_5","type":"book-chapter","created":{"date-parts":[[2025,5,15]],"date-time":"2025-05-15T14:33:42Z","timestamp":1747319622000},"page":"61-75","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Facing the\u00a0Challenge of\u00a0Leveraging Untrained Humans in\u00a0Malware Analysis"],"prefix":"10.1007","author":[{"given":"Benjamin Zi Hao","family":"Zhao","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hassan Jameel","family":"Asghar","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Muhammad","family":"Ikram","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mohamed Ali","family":"Kaafar","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sean","family":"Lamont","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Daniel","family":"Coscia","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,5,16]]},"reference":[{"key":"5_CR1","unstructured":"Anderson, H.S., Roth, P.: EMBER: an open dataset for training static PE malware machine learning models. arXiv preprint arXiv:1804.04637 (2018)"},{"key":"5_CR2","doi-asserted-by":"crossref","unstructured":"Busch, J., Kocheturov, A., Tresp, V., Seidl, T.: NF-GNN: network flow graph neural networks for malware detection and classification. In: 33rd International Conference on Scientific and Statistical Database Management, pp. 121\u2013132 (2021)","DOI":"10.1145\/3468791.3468814"},{"issue":"342","key":"5_CR3","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1080\/01621459.1973.10482434","volume":"68","author":"H Chernoff","year":"1973","unstructured":"Chernoff, H.: The use of faces to represent points in k-dimensional space graphically. J. Am. Stat. Assoc. 68(342), 361\u2013368 (1973)","journal-title":"J. Am. Stat. Assoc."},{"key":"5_CR4","doi-asserted-by":"crossref","unstructured":"Choi, Y., Uh, Y., Yoo, J., Ha, J.W.: StarGAN v2: diverse image synthesis for multiple domains. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 8188\u20138197 (2020)","DOI":"10.1109\/CVPR42600.2020.00821"},{"issue":"1","key":"5_CR5","doi-asserted-by":"publisher","first-page":"22","DOI":"10.1016\/0167-4048(87)90122-2","volume":"6","author":"F Cohen","year":"1987","unstructured":"Cohen, F.: Computer viruses: theory and experiments. Comput. Secur. 6(1), 22\u201335 (1987)","journal-title":"Comput. Secur."},{"key":"5_CR6","unstructured":"CrowdStrike: Crowdstrike 2023 global threat Report (2023). https:\/\/www.crowdstrike.com\/global-threat-report\/"},{"key":"5_CR7","doi-asserted-by":"crossref","unstructured":"Crowston, K.: Amazon mechanical turk: a research tool for organizations and information systems scholars. In: Shaping the Future of ICT Research. Methods and Approaches: IFIP WG 8.2, Working Conference, Tampa, FL, USA, 13\u201314 December 2012. Proceedings, pp. 210\u2013221. Springer (2012)","DOI":"10.1007\/978-3-642-35142-6_14"},{"key":"5_CR8","doi-asserted-by":"crossref","unstructured":"Dong, X., Shen, J.: Triplet loss in Siamese network for object tracking. In: Proceedings of the European Conference on Computer Vision (ECCV) (2018)","DOI":"10.1007\/978-3-030-01261-8_28"},{"key":"5_CR9","doi-asserted-by":"crossref","unstructured":"Flury, B., Riedwyl, H.: Graphical representation of multivariate data by means of asymmetrical faces. J. Am. Stat. Assoc. (1981)","DOI":"10.2307\/2287565"},{"issue":"11","key":"5_CR10","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1145\/3422622","volume":"63","author":"I Goodfellow","year":"2020","unstructured":"Goodfellow, I., et al.: Generative adversarial networks. Commun. ACM 63(11), 139\u2013144 (2020)","journal-title":"Commun. ACM"},{"key":"5_CR11","doi-asserted-by":"publisher","first-page":"100529","DOI":"10.1016\/j.cosrev.2022.100529","volume":"47","author":"M Gopinath","year":"2023","unstructured":"Gopinath, M., Sethuraman, S.C.: A comprehensive survey on deep learning based malware detection techniques. Comput. Sci. Rev. 47, 100529 (2023)","journal-title":"Comput. Sci. Rev."},{"key":"5_CR12","unstructured":"Harang, R., Rudd, E.M.: SOREL-20M: a large scale benchmark dataset for malicious PE detection (2020)"},{"key":"5_CR13","unstructured":"ISC$$^{2}$$: (ISC) $$^{2}$$ 2022 cybersecurity workforce study (2022)"},{"key":"5_CR14","doi-asserted-by":"crossref","unstructured":"Jindal, C., Salls, C., Aghakhani, H., Long, K., Kruegel, C., Vigna, G.: Neurlux: dynamic malware analysis without feature engineering. In: Proceedings of the 35th Annual Computer Security Applications Conference, pp. 444\u2013455 (2019)","DOI":"10.1145\/3359789.3359835"},{"key":"5_CR15","first-page":"12104","volume":"33","author":"T Karras","year":"2020","unstructured":"Karras, T., Aittala, M., Hellsten, J., Laine, S., Lehtinen, J., Aila, T.: Training generative adversarial networks with limited data. Adv. Neural. Inf. Process. Syst. 33, 12104\u201312114 (2020)","journal-title":"Adv. Neural. Inf. Process. Syst."},{"key":"5_CR16","unstructured":"Karras, T., et al.: Alias-free generative adversarial networks. In: Proceeding Neural Information Processing System (2021)"},{"key":"5_CR17","doi-asserted-by":"crossref","unstructured":"Karras, T., Laine, S., Aila, T.: A style-based generator architecture for generative adversarial networks. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 4401\u20134410 (2019)","DOI":"10.1109\/CVPR.2019.00453"},{"key":"5_CR18","doi-asserted-by":"crossref","unstructured":"Karras, T., Laine, S., Aittala, M., Hellsten, J., Lehtinen, J., Aila, T.: Analyzing and improving the image quality of StyleGAN. In: Proceedings of the IEEE\/CVF conference on computer vision and pattern recognition (2020)","DOI":"10.1109\/CVPR42600.2020.00813"},{"issue":"4","key":"5_CR19","doi-asserted-by":"publisher","first-page":"764","DOI":"10.1016\/j.jesp.2013.03.013","volume":"49","author":"C Leys","year":"2013","unstructured":"Leys, C., Ley, C., Klein, O., Bernard, P., Licata, L.: Detecting outliers: do not use standard deviation around the mean, use absolute deviation around the median. J. Exp. Soc. Psychol. 49(4), 764\u2013766 (2013)","journal-title":"J. Exp. Soc. Psychol."},{"key":"5_CR20","unstructured":"Van\u00a0der Maaten, L., Hinton, G.: Visualizing data using t-SNE. J. Mach. Learn. Res. 9(11) (2008)"},{"key":"5_CR21","doi-asserted-by":"crossref","unstructured":"McInnes, L., Healy, J., Melville, J.: UMAP: uniform manifold approximation and projection for dimension reduction. arXiv preprint arXiv:1802.03426 (2018)","DOI":"10.21105\/joss.00861"},{"key":"5_CR22","unstructured":"National Security Agency: ghidra. https:\/\/github.com\/NationalSecurityAgency\/ghidra"},{"key":"5_CR23","doi-asserted-by":"publisher","first-page":"871","DOI":"10.1016\/j.cose.2018.04.005","volume":"77","author":"S Ni","year":"2018","unstructured":"Ni, S., Qian, Q., Zhang, R.: Malware identification using visualization images and deep learning. Comput. Secur. 77, 871\u2013885 (2018)","journal-title":"Comput. Secur."},{"key":"5_CR24","doi-asserted-by":"crossref","unstructured":"Norris, J.R.: Markov Chains, vol.\u00a02. Cambridge University Press (1998)","DOI":"10.1017\/CBO9780511810633"},{"key":"5_CR25","doi-asserted-by":"crossref","unstructured":"Or-Meir, O., Nissim, N., Elovici, Y., Rokach, L.: Dynamic malware analysis in the modern era\u2014a state of the art survey. ACM Comput. Surv. (CSUR) (2019)","DOI":"10.1145\/3329786"},{"key":"5_CR26","unstructured":"Rays, H.: Idapro. https:\/\/hex-rays.com\/ida-pro\/"},{"key":"5_CR27","doi-asserted-by":"crossref","unstructured":"Saxe, J., Berlin, K.: Deep neural network based malware detection using two dimensional binary program features. In: 2015 10th International Conference on Malicious and Unwanted Software (MALWARE), pp. 11\u201320. IEEE (2015)","DOI":"10.1109\/MALWARE.2015.7413680"},{"key":"5_CR28","doi-asserted-by":"crossref","unstructured":"Schultz, M.G., Eskin, E., Zadok, F., Stolfo, S.J.: Data mining methods for detection of new malicious executables. In: Proceedings 2001 IEEE Symposium on Security and Privacy, S and P 2001, pp. 38\u201349. IEEE (2000)","DOI":"10.1109\/SECPRI.2001.924286"},{"key":"5_CR29","doi-asserted-by":"crossref","unstructured":"Shafiq, M.Z., Tabish, S.M., Mirza, F., Farooq, M.: A framework for efficient mining of structural information to detect zero-day malicious portable executables. 1Next Generation Intelligent Networks Research Center (nexGIN RC), Technical report (2009)","DOI":"10.1007\/978-3-642-04342-0_7"},{"key":"5_CR30","unstructured":"Sugiyama, M.: Dimensionality reduction of multimodal labeled data by local fisher discriminant analysis. J. Mach. Learn. Res. 8(5) (2007)"},{"issue":"1","key":"5_CR31","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1109\/MPRV.2022.3218773","volume":"22","author":"B Tag","year":"2023","unstructured":"Tag, B., et al.: DDoD: dual denial of decision attacks on human-AI teams. IEEE Pervasive Comput. 22(1), 77\u201384 (2023)","journal-title":"IEEE Pervasive Comput."},{"key":"5_CR32","unstructured":"Thomas, R.: LIEF - library to instrument executable formats (2017). https:\/\/lief.quarkslab.com\/"},{"key":"5_CR33","unstructured":"Total, V.: Virus total. https:\/\/www.virustotal.com"},{"key":"5_CR34","doi-asserted-by":"crossref","unstructured":"VanHoudnos, N., et al.: This malware looks familiar: laymen identify malware run-time similarity with Chernoff faces and stick figures. In: 10th EAI International Conference on Bio-inspired Information and Communications Technologies (2017)","DOI":"10.4108\/eai.22-3-2017.152417"},{"key":"5_CR35","doi-asserted-by":"publisher","first-page":"107138","DOI":"10.1016\/j.comnet.2020.107138","volume":"171","author":"D Vasan","year":"2020","unstructured":"Vasan, D., Alazab, M., Wassan, S., Naeem, H., Safaei, B., Zheng, Q.: IMCFN: image-based malware classification using fine-tuned convolutional neural network architecture. Comput. Netw. 171, 107138 (2020)","journal-title":"Comput. Netw."},{"key":"5_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"294","DOI":"10.1007\/3-540-39200-9_18","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2003","author":"L von Ahn","year":"2003","unstructured":"von Ahn, L., Blum, M., Hopper, N.J., Langford, J.: CAPTCHA: using hard AI problems for security. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 294\u2013311. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/3-540-39200-9_18"},{"issue":"1\u20133","key":"5_CR37","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1016\/0169-7439(87)80084-9","volume":"2","author":"S Wold","year":"1987","unstructured":"Wold, S., Esbensen, K., Geladi, P.: Principal component analysis. Chemom. Intell. Lab. Syst. 2(1\u20133), 37\u201352 (1987)","journal-title":"Chemom. Intell. Lab. Syst."},{"key":"5_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"127","DOI":"10.1007\/978-3-030-86365-4_11","volume-title":"Artificial Neural Networks and Machine Learning \u2013 ICANN 2021","author":"P Xu","year":"2021","unstructured":"Xu, P., Zhang, Y., Eckert, C., Zarras, A.: HawkEye: cross-platform malware detection with representation learning on graphs. In: Farka\u0161, I., Masulli, P., Otte, S., Wermter, S. (eds.) ICANN 2021. LNCS, vol. 12893, pp. 127\u2013138. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-86365-4_11"},{"key":"5_CR39","doi-asserted-by":"crossref","unstructured":"Yakdan, K., Dechand, S., Gerhards-Padilla, E., Smith, M.: Helping Johnny to analyze malware: a usability-optimized decompiler and malware analysis user study. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 158\u2013177. IEEE (2016)","DOI":"10.1109\/SP.2016.18"},{"key":"5_CR40","doi-asserted-by":"crossref","unstructured":"Yuan, B., Wang, J., Liu, D., Guo, W., Wu, P., Bao, X.: Byte-level malware classification based on Markov images and deep learning. Comput. Secur. (2020)","DOI":"10.1016\/j.cose.2020.101740"}],"container-title":["IFIP Advances in Information and Communication Technology","ICT Systems Security and Privacy Protection"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-92882-6_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,15]],"date-time":"2025-05-15T14:33:57Z","timestamp":1747319637000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-92882-6_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031928819","9783031928826"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-92882-6_5","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"value":"1868-4238","type":"print"},{"value":"1868-422X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"16 May 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SEC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on ICT Systems Security and Privacy Protection","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Maribor","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Slovenia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 May 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 May 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"40","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"sec2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/sec2025.um.si\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}