{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,6]],"date-time":"2026-05-06T23:16:37Z","timestamp":1778109397837,"version":"3.51.4"},"publisher-location":"Cham","reference-count":42,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032160911","type":"print"},{"value":"9783032160928","type":"electronic"}],"license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-16092-8_12","type":"book-chapter","created":{"date-parts":[[2026,5,6]],"date-time":"2026-05-06T23:08:19Z","timestamp":1778108899000},"page":"213-232","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Simplicity Performs, But Should It? Evaluating Malware Detection Benchmarks"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-8851-9930","authenticated-orcid":false,"given":"Samy","family":"Bettaieb","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5086-6361","authenticated-orcid":false,"given":"Laurens","family":"D\u2019hooge","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5720-6569","authenticated-orcid":false,"given":"Charles-Henry Bertrand","family":"Van Ouytsel","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Axel","family":"Legay","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4133-394X","authenticated-orcid":false,"given":"Etienne","family":"Rivi\u00e8re","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1781-900X","authenticated-orcid":false,"given":"Miel","family":"Verkerken","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0575-5894","authenticated-orcid":false,"given":"Bruno","family":"Volckaert","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2026,5,1]]},"reference":[{"key":"12_CR1","unstructured":"Chocolatey package manager. https:\/\/chocolatey.org\/"},{"key":"12_CR2","doi-asserted-by":"crossref","unstructured":"Aghakhani, H., et al.: When malware is Packin\u2019 heat; limits of machine learning classifiers based on static analysis features. In: Network and Distributed Systems Security (NDSS) Symposium 2020 (2020)","DOI":"10.14722\/ndss.2020.24310"},{"key":"12_CR3","unstructured":"Anderson, H.S., Roth, P.: Ember: an open dataset for training static PE malware machine learning models. arXiv preprint arXiv:1804.04637 (2018)"},{"key":"12_CR4","unstructured":"Arp, D., et al.: Dos and don\u2019ts of machine learning in computer security. In: 31st USENIX Security Symposium, pp. 3971\u20133988 (2022)"},{"key":"12_CR5","doi-asserted-by":"publisher","unstructured":"Bertrand Van\u00a0Ouytsel, C.H., Legay, A.: Malware analysis with symbolic execution and graph kernel. In: Reiser, H.P., Kyas, M. (eds.) Secure IT Systems. NordSec 2022. LNCS, vol. 13700, pp. 292\u2013310. Springer, Cham (2022). doi: https:\/\/doi.org\/10.1007\/978-3-031-22295-5_16","DOI":"10.1007\/978-3-031-22295-5_16"},{"key":"12_CR6","doi-asserted-by":"crossref","unstructured":"Wu, B., Xu, Y., Zou, F.: Malware classification by learning semantic and structural features of control flow graphs. In: 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 540\u2013547. IEEE (2021)","DOI":"10.1109\/TrustCom53373.2021.00084"},{"key":"12_CR7","doi-asserted-by":"crossref","unstructured":"Carrier, T., Victor, P., Tekeoglu, A., Lashkari, A.H.: Detecting obfuscated malware using memory feature engineering. In: Icissp, pp. 177\u2013188 (2022)","DOI":"10.5220\/0010908200003120"},{"key":"12_CR8","unstructured":"Carrier, T., Victor, P., Tekeoglu, A., Lashkari, A.H., D\u2019hooge, L.: CIC-malmem2022 (2023). https:\/\/www.kaggle.com\/dsv\/6248429"},{"key":"12_CR9","doi-asserted-by":"crossref","unstructured":"Dambra, S., et al.: Decoding the secrets of machine learning in malware classification: a deep dive into datasets, feature extraction, and model performance. In: Proceedings of the 2023 Conference on Computer and Communications Security, pp. 60\u201374 (2023)","DOI":"10.1145\/3576915.3616589"},{"key":"12_CR10","doi-asserted-by":"crossref","unstructured":"Deng, J., Dong, W., Socher, R., Li, L.J., Li, K., Fei-Fei, L.: Imagenet: a large-scale hierarchical image database. In: 2009 IEEE Conference on Computer Vision and Pattern Recognition, pp. 248\u2013255. IEEE (2009)","DOI":"10.1109\/CVPR.2009.5206848"},{"issue":"6","key":"12_CR11","doi-asserted-by":"publisher","first-page":"141","DOI":"10.1109\/MSP.2012.2211477","volume":"29","author":"L Deng","year":"2012","unstructured":"Deng, L.: The MNIST database of handwritten digit images for machine learning research. IEEE Signal Process. Mag. 29(6), 141\u2013142 (2012)","journal-title":"IEEE Signal Process. Mag."},{"key":"12_CR12","doi-asserted-by":"crossref","unstructured":"D\u2019hooge, L., Verkerken, M., Wauters, T., De\u00a0Turck, F., Volckaert, B.: Castles built on sand: Observations from classifying academic cybersecurity datasets with minimalist methods. In: 8th International Conference on Internet of Things, Big Data and Security (IoTBDS), pp. 61\u201372. SCITEPRESS (2023)","DOI":"10.5220\/0011853300003482"},{"key":"12_CR13","doi-asserted-by":"publisher","unstructured":"D\u2019hooge, L., Verkerken, M., Wauters, T., Volckaert, B., De Turck, F.: Hierarchical feature block ranking for data-efficient intrusion detection modeling. Comput. Networks 201, 108613 (2021). https:\/\/doi.org\/10.1016\/j.comnet.2021.108613, https:\/\/www.sciencedirect.com\/science\/article\/pii\/S1389128621005107","DOI":"10.1016\/j.comnet.2021.108613"},{"key":"12_CR14","unstructured":"fastai: Tabular learner - fastai (2023). https:\/\/docs.fast.ai\/tabular.learner.html. Accessed 6 Jan 2025"},{"key":"12_CR15","doi-asserted-by":"crossref","unstructured":"Feng, P., et al.: DawnGNN: Documentation augmented windows malware detection using graph neural network. Comput. Secur. 103788 (2024)","DOI":"10.1016\/j.cose.2024.103788"},{"issue":"771\u2013780","key":"12_CR16","first-page":"1612","volume":"14","author":"Y Freund","year":"1999","unstructured":"Freund, Y., Schapire, R., Abe, N.: A short introduction to boosting. J.-Jpn. Soc. Artif. Intell. 14(771\u2013780), 1612 (1999)","journal-title":"J.-Jpn. Soc. Artif. Intell."},{"issue":"1","key":"12_CR17","doi-asserted-by":"publisher","first-page":"119","DOI":"10.1006\/jcss.1997.1504","volume":"55","author":"Y Freund","year":"1997","unstructured":"Freund, Y., Schapire, R.E.: A decision-theoretic generalization of on-line learning and an application to boosting. J. Comput. Syst. Sci. 55(1), 119\u2013139 (1997)","journal-title":"J. Comput. Syst. Sci."},{"key":"12_CR18","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102399","volume":"110","author":"A Guerra-Manzanares","year":"2021","unstructured":"Guerra-Manzanares, A., Bahsi, H., N\u00f5mm, S.: KronoDroid: time-based hybrid-featured dataset for effective android malware detection and characterization. Comput. Secur. 110, 102399 (2021)","journal-title":"Comput. Secur."},{"key":"12_CR19","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1023\/A:1022631118932","volume":"11","author":"RC Holte","year":"1993","unstructured":"Holte, R.C.: Very simple classification rules perform well on most commonly used datasets. Mach. Learn. 11, 63\u201390 (1993)","journal-title":"Mach. Learn."},{"issue":"2","key":"12_CR20","doi-asserted-by":"publisher","first-page":"108","DOI":"10.3390\/info11020108","volume":"11","author":"J Howard","year":"2020","unstructured":"Howard, J., Gugger, S.: Fastai: a layered API for deep learning. Information 11(2), 108 (2020)","journal-title":"Information"},{"key":"12_CR21","doi-asserted-by":"crossref","unstructured":"Issakhani, M., Victor, P., Tekeoglu, A., Lashkari, A.H.: PDF malware detection based on stacking learning. In: ICISSP, pp. 562\u2013570 (2022)","DOI":"10.5220\/0010908400003120"},{"key":"12_CR22","unstructured":"Issakhani, M., Victor, P., Tekeoglu, A., Lashkari, A.H., D\u2019hooge, L.: CIC-evasive-pdfmal2022 (2022). https:\/\/www.kaggle.com\/dsv\/4059725"},{"issue":"1","key":"12_CR23","doi-asserted-by":"publisher","DOI":"10.1016\/j.tbench.2023.100106","volume":"3","author":"L Jia","year":"2023","unstructured":"Jia, L., Yang, Y., Tang, B., Jiang, Z.: ERMDS: a obfuscation dataset for evaluating robustness of learning-based malware detection system. BenchCouncil Trans. Benchmarks Stand. Eval. 3(1), 100106 (2023)","journal-title":"BenchCouncil Trans. Benchmarks Stand. Eval."},{"key":"12_CR24","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2024.103706","volume":"139","author":"Y Jiang","year":"2024","unstructured":"Jiang, Y., Li, G., Li, S., Guo, Y.: BenchMFC: a benchmark dataset for trustworthy malware family classification under concept drift. Comput. Secur. 139, 103706 (2024)","journal-title":"Comput. Secur."},{"key":"12_CR25","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102921","volume":"124","author":"RJ Joyce","year":"2023","unstructured":"Joyce, R.J., Amlani, D., Nicholas, C., Raff, E.: MOTIF: a malware reference dataset with ground truth family labels. Comput. Secur. 124, 102921 (2023)","journal-title":"Comput. Secur."},{"key":"12_CR26","unstructured":"Ke, G., et al.: LightGBM: a highly efficient gradient boosting decision tree. In: Advances in Neural Information Processing Systems, vol. 30 (2017)"},{"key":"12_CR27","doi-asserted-by":"crossref","unstructured":"Keyes, D.S., Li, B., Kaur, G., Lashkari, A.H., Gagnon, F., Massicotte, F.: EntropLyzer: android malware classification and characterization using entropy analysis of dynamic characteristics. In: 2021 Reconciling Data Analytics, Automation, Privacy, and Security: A Big Data Challenge (RDAAPS), pp. 1\u201312. IEEE (2021)","DOI":"10.1109\/RDAAPS48126.2021.9452002"},{"key":"12_CR28","unstructured":"Keyes, D.S., et al.: CCCS-CIC-andmal-2020 (2022). https:\/\/www.kaggle.com\/dsv\/4177444"},{"key":"12_CR29","unstructured":"Krizhevsky, A., Hinton, G., et\u00a0al.: Learning multiple layers of features from tiny images (2009)"},{"key":"12_CR30","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102872","volume":"122","author":"C Li","year":"2022","unstructured":"Li, C., et al.: DMalNet: dynamic malware analysis based on API feature engineering and graph learning. Comput. Secur. 122, 102872 (2022)","journal-title":"Comput. Secur."},{"key":"12_CR31","doi-asserted-by":"crossref","unstructured":"Ling, X., et al.: Malgraph: hierarchical graph neural networks for robust windows malware detection. In: IEEE INFOCOM 2022-IEEE Conference on Computer Communications, pp. 1998\u20132007. IEEE (2022)","DOI":"10.1109\/INFOCOM48880.2022.9796786"},{"key":"12_CR32","unstructured":"Pendlebury, F., Pierazzi, F., Jordaney, R., Kinder, J., Cavallaro, L.: TESSERACT: eliminating experimental bias in malware classification across space and time. In: 28th USENIX Security Symposium, pp. 729\u2013746 (2019)"},{"key":"12_CR33","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2024.104264","volume":"150","author":"A Ponte","year":"2025","unstructured":"Ponte, A., Trizna, D., Demetrio, L., Biggio, B., Ogbu, I.T., Roli, F.: SLIFER: investigating performance and robustness of malware detection pipelines. Comput. Secur. 150, 104264 (2025)","journal-title":"Comput. Secur."},{"key":"12_CR34","unstructured":"Raff, E., Barker, J., Sylvester, J., Brandon, R., Catanzaro, B., Nicholas, C.K.: Malware detection by eating a whole exe. In: Workshops at the Thirty-Second AAAI Conference on Artificial Intelligence (2018)"},{"key":"12_CR35","doi-asserted-by":"crossref","unstructured":"Rahali, A., Lashkari, A.H., Kaur, G., Taheri, L., Gagnon, F., Massicotte, F.: DIDroid: android malware classification and characterization using deep image learning. In: Proceedings of the 2020 10th International Conference on Communication and Network Security, pp. 70\u201382 (2020)","DOI":"10.1145\/3442520.3442522"},{"key":"12_CR36","doi-asserted-by":"publisher","first-page":"84","DOI":"10.1016\/j.inffus.2021.11.011","volume":"81","author":"R Shwartz-Ziv","year":"2022","unstructured":"Shwartz-Ziv, R., Armon, A.: Tabular data: deep learning is not all you need. Inf. Fusion 81, 84\u201390 (2022)","journal-title":"Inf. Fusion"},{"key":"12_CR37","doi-asserted-by":"crossref","unstructured":"Smith, L.N., Topin, N.: Super-convergence: very fast training of residual networks using large learning rates (2018). https:\/\/openreview.net\/forum?id=H1A5ztj3b","DOI":"10.1117\/12.2520589"},{"key":"12_CR38","doi-asserted-by":"crossref","unstructured":"Smith, M.R., et al.: Mind the gap: on bridging the semantic gap between machine learning and malware analysis. In: 13th ACM Workshop on Artificial Intelligence and Security, pp. 49\u201360 (2020)","DOI":"10.1145\/3411508.3421373"},{"key":"12_CR39","unstructured":"S\u00e9bastien, C.: Portable freeware dataset. https:\/\/doi.org\/10.5281\/zenodo.2528209"},{"key":"12_CR40","doi-asserted-by":"crossref","unstructured":"Weinberger, K., Dasgupta, A., Langford, J., Smola, A., Attenberg, J.: Feature hashing for large scale multitask learning. In: Proceedings of the 26th Annual International Conference on Machine Learning, pp. 1113\u20131120 (2009)","DOI":"10.1145\/1553374.1553516"},{"key":"12_CR41","doi-asserted-by":"crossref","unstructured":"Yang, L., Ciptadi, A., Laziuk, I., Ahmadzadeh, A., Wang, G.: BodMas: an open dataset for learning based temporal analysis of PE malware. In: 4th Deep Learning and Security Workshop (2021)","DOI":"10.1109\/SPW53761.2021.00020"},{"issue":"18","key":"12_CR42","doi-asserted-by":"publisher","first-page":"5975","DOI":"10.3390\/s24185975","volume":"24","author":"S Zhou","year":"2024","unstructured":"Zhou, S., Li, H., Fu, X., Han, D., He, X.: Novel multi-classification dynamic detection model for android malware based on improved zebra optimization algorithm and LightGBM. Sensors (Basel, Switzerland) 24(18), 5975 (2024)","journal-title":"Sensors (Basel, Switzerland)"}],"container-title":["Lecture Notes in Computer Science","Computer Security. ESORICS 2025 International Workshops"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-16092-8_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,5,6]],"date-time":"2026-05-06T23:08:23Z","timestamp":1778108903000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-16092-8_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"ISBN":["9783032160911","9783032160928"],"references-count":42,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-16092-8_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]},"assertion":[{"value":"1 May 2026","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Toulouse","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 September 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 September 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.esorics2025.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}