{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,8]],"date-time":"2026-05-08T03:35:58Z","timestamp":1778211358697,"version":"3.51.4"},"publisher-location":"Cham","reference-count":39,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319663982","type":"print"},{"value":"9783319663999","type":"electronic"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-66399-9_4","type":"book-chapter","created":{"date-parts":[[2017,8,11]],"date-time":"2017-08-11T14:03:24Z","timestamp":1502460204000},"page":"62-79","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":329,"title":["Adversarial Examples for Malware Detection"],"prefix":"10.1007","author":[{"given":"Kathrin","family":"Grosse","sequence":"first","affiliation":[]},{"given":"Nicolas","family":"Papernot","sequence":"additional","affiliation":[]},{"given":"Praveen","family":"Manoharan","sequence":"additional","affiliation":[]},{"given":"Michael","family":"Backes","sequence":"additional","affiliation":[]},{"given":"Patrick","family":"McDaniel","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,8,12]]},"reference":[{"key":"4_CR1","unstructured":"Androutsopoulos, I., Koutsias, J., Chandrinos, K.V., Paliouras, G., Spyropoulos, C.D.: An evaluation of naive Bayesian anti-spam filtering. arXiv preprint arXiv:cs\/0006013 (2000)"},{"key":"4_CR2","doi-asserted-by":"crossref","unstructured":"Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K.: DREBIN: effective and explainable detection of android malware in your pocket. In: Proceedings of NDSS (2014)","DOI":"10.14722\/ndss.2014.23247"},{"issue":"2","key":"4_CR3","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1007\/s10994-010-5188-5","volume":"81","author":"M Barreno","year":"2010","unstructured":"Barreno, M., Nelson, B., Joseph, A.D., Tygar, J.D.: The security of machine learning. Mach. Learn. 81(2), 121\u2013148 (2010)","journal-title":"Mach. Learn."},{"key":"4_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"387","DOI":"10.1007\/978-3-642-40994-3_25","volume-title":"Machine Learning and Knowledge Discovery in Databases","author":"B Biggio","year":"2013","unstructured":"Biggio, B., Corona, I., Maiorca, D., Nelson, B., \u0160rndi\u0107, N., Laskov, P., Giacinto, G., Roli, F.: Evasion attacks against machine learning at test time. In: Blockeel, H., Kersting, K., Nijssen, S., \u017delezn\u00fd, F. (eds.) ECML PKDD 2013. LNCS, vol. 8190, pp. 387\u2013402. Springer, Heidelberg (2013). doi:10.1007\/978-3-642-40994-3_25"},{"key":"4_CR5","unstructured":"Bojarski, M., Del Testa, D., Dworakowski, D., Firner, B., Flepp, B., Goyal, P., Jackel, L.D., Monfort, M., Muller, U., Zhang, J., et al.: End to end learning for self-driving cars. arXiv preprint arXiv:1604.07316 (2016)"},{"key":"4_CR6","doi-asserted-by":"crossref","unstructured":"Dahl, G.E., Stokes, J.W., Deng, L., Yu, D.: Large-scale malware classification using random projections and neural networks. In: Proceedings of the 2013 IEEE ICASSP, pp. 3422\u20133426 (2013)","DOI":"10.1109\/ICASSP.2013.6638293"},{"key":"4_CR7","unstructured":"Gong, Z., Wang, W., Ku, W.-S.: Adversarial and clean data are not twins. arXiv e-prints, April 2017"},{"key":"4_CR8","volume-title":"Deep Learning","author":"I Goodfellow","year":"2016","unstructured":"Goodfellow, I., Bengio, Y., Courville, A.: Deep Learning. MIT Press, Cambridge (2016)"},{"key":"4_CR9","unstructured":"Goodfellow, I.J., et al.: Explaining and harnessing adversarial examples. In: Proceedings of ICLR 2015 (2015)"},{"key":"4_CR10","unstructured":"Grosse, K., Manoharan, P., Papernot, N., Backes, M., McDaniel, P.: On the (statistical) detection of adversarial examples. arXiv e-prints, February 2017"},{"key":"4_CR11","unstructured":"Gu, S., Rigazio, L.: Towards deep neural network architectures robust to adversarial examples. CoRR, abs\/1412.5068 (2014)"},{"key":"4_CR12","unstructured":"Hinton, G., Vinyals, O., Dean, J.: Distilling the knowledge in a neural network. arXiv e-prints (2015)"},{"key":"4_CR13","unstructured":"Hosseini, H., Chen, Y., Kannan, S., Zhang, B., Poovendran, R.: Blocking transferability of adversarial examples in black-box learning systems. arXiv e-prints, March 2017"},{"key":"4_CR14","unstructured":"Hu, W., Tan, Y.: Generating adversarial malware examples for black-box attacks based on GAN. arXiv e-prints, February 2017"},{"key":"4_CR15","unstructured":"Alexander, G., Ororbia, I.I., Giles, C.L., Kifer, D.: Unifying adversarial training algorithms with flexible deep data gradient regularization. CoRR, abs\/1601.07213 (2016)"},{"key":"4_CR16","unstructured":"Krizhevsky, A., Sutskever, I., Hinton, G.E.: Imagenet classification with deep convolutional neural networks. In: NIPS, pp. 1097\u20131105 (2012)"},{"key":"4_CR17","doi-asserted-by":"crossref","unstructured":"Krotov, D., Hopfield, J.J.: Dense associative memory is robust to adversarial inputs. arXiv e-prints, January 2017","DOI":"10.1162\/neco_a_01143"},{"key":"4_CR18","doi-asserted-by":"crossref","unstructured":"Laskov, P., et al.: Practical evasion of a learning-based classifier: a case study. In: Proceedings of the 36th IEEE S&P, pp. 197\u2013211 (2014)","DOI":"10.1109\/SP.2014.20"},{"key":"4_CR19","doi-asserted-by":"crossref","unstructured":"Li, X., Li, F.: Adversarial examples detection in deep networks with convolutional filter statistics. CoRR, abs\/1612.07767 (2016)","DOI":"10.1109\/ICCV.2017.615"},{"key":"4_CR20","doi-asserted-by":"crossref","unstructured":"Lindorfer, M., Neugschwandtner, M., Platzer, C.: Marvin: efficient and comprehensive mobile app classification through static and dynamic analysis. In: Proceedings of the 39th Annual International Computers, Software and Applications Conference (COMPSAC) (2015)","DOI":"10.1109\/COMPSAC.2015.103"},{"key":"4_CR21","unstructured":"Liu, Y., Chen, X., Liu, C., Song, D.: Delving into transferable adversarial examples and black-box attacks. CoRR, abs\/1611.02770 (2016)"},{"key":"4_CR22","unstructured":"Metzen, J.H., Genewein, T., Fischer, V., Bischoff, B.: On detecting adversarial perturbations. CoRR, abs\/1702.04267 (2017)"},{"key":"4_CR23","unstructured":"Miyato, T., Dai, A.M., Goodfellow, I.J.: Virtual adversarial training for semi-supervised text classification. CoRR, abs\/1605.07725 (2016)"},{"key":"4_CR24","doi-asserted-by":"crossref","unstructured":"Papernot, N., McDaniel, P., Goodfellow, I., Jha, S., et al.: Practical black-box attacks against deep learning systems using adversarial examples. arXiv preprint arXiv:1602.02697 (2016)","DOI":"10.1145\/3052973.3053009"},{"key":"4_CR25","doi-asserted-by":"crossref","unstructured":"Papernot, N., McDaniel, P., Jha, S., Fredrikson, M., Celik, Z.B., Swami, A.: The limitations of deep learning in adversarial settings. In: Proceedings of IEEE EuroS&P (2016)","DOI":"10.1109\/EuroSP.2016.36"},{"key":"4_CR26","unstructured":"Papernot, N., McDaniel, P., Sinha, A., Wellman, M.: Towards the science of security and privacy in machine learning. arXiv preprint arXiv:1611.03814 (2016)"},{"key":"4_CR27","doi-asserted-by":"crossref","unstructured":"Papernot, N., McDaniel, P., Wu, X., Jha, S., Swami, A.: Distillation as a defense to adversarial perturbations against deep neural networks. In: Proceedings of IEEE S&P (2015)","DOI":"10.1109\/SP.2016.41"},{"key":"4_CR28","unstructured":"Shintre, S., Gardner, A.B., Feinman, R., Curtin, R.R.: Detecting adversarial samples from artifacts. CoRR, abs\/1703.00410 (2017)"},{"issue":"4","key":"4_CR29","doi-asserted-by":"publisher","first-page":"639","DOI":"10.3233\/JCS-2010-0410","volume":"19","author":"K Rieck","year":"2011","unstructured":"Rieck, K., Trinius, P., Willems, C., Holz, T.: Automatic analysis of malware behavior using machine learning. J. Comput. Secur. 19(4), 639\u2013668 (2011)","journal-title":"J. Comput. Secur."},{"key":"4_CR30","doi-asserted-by":"crossref","unstructured":"Rozsa, A., G\u00fcnther, M., Boult, T.E.: Are accuracy and robustness correlated? arXiv e-prints, October 2016","DOI":"10.1109\/ICMLA.2016.0045"},{"key":"4_CR31","doi-asserted-by":"crossref","unstructured":"Saxe, J., Berlin, K.: Deep neural network based malware detection using two dimensional binary program features. In: 10th International Conference on Malicious and Unwanted Software, MALWARE, pp. 11\u201320 (2015)","DOI":"10.1109\/MALWARE.2015.7413680"},{"key":"4_CR32","doi-asserted-by":"crossref","unstructured":"Sayfullina, L., Eirola, E., Komashinsky, D., Palumbo, P., Mich\u00e9, Y., Lendasse, A., Karhunen, J.: Efficient detection of zero-day android malware using normalized Bernoulli naive Bayes. In: Proceedings of IEEE TrustCom, pp. 198\u2013205 (2015)","DOI":"10.1109\/Trustcom.2015.375"},{"key":"4_CR33","doi-asserted-by":"crossref","unstructured":"Shabtai, A., Fledel, Y., Elovici, Y.: Automated static code analysis for classifying android applications using machine learning. In: CIS, pp. 329\u2013333. IEEE (2010)","DOI":"10.1109\/CIS.2010.77"},{"issue":"7587","key":"4_CR34","doi-asserted-by":"publisher","first-page":"484","DOI":"10.1038\/nature16961","volume":"529","author":"D Silver","year":"2016","unstructured":"Silver, D., Huang, A., Maddison, C.J., Guez, A., Sifre, L., Van Den Driessche, G., Schrittwieser, J., Antonoglou, I., Panneershelvam, V., Lanctot, M., et al.: Mastering the game of go with deep neural networks and tree search. Nature 529(7587), 484\u2013489 (2016)","journal-title":"Nature"},{"key":"4_CR35","doi-asserted-by":"crossref","unstructured":"Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: 2010 IEEE S&P, pp. 305\u2013316. IEEE (2010)","DOI":"10.1109\/SP.2010.25"},{"key":"4_CR36","unstructured":"Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., Fergus, R.: Intriguing properties of neural networks. In: Proceedings of ICLR. Computational and Biological Learning Society (2014)"},{"key":"4_CR37","unstructured":"Wang, Q., Guo, W., Alexander, G., Ororbia, I. I., Xing, X., Lin, L., Giles, C.L., Liu, X., Liu, P., Xiong, G.: Using non-invertible data transformations to build adversary-resistant deep neural networks. CoRR, abs\/1610.01934 (2016)"},{"key":"4_CR38","doi-asserted-by":"crossref","unstructured":"Warde-Farley, D., Goodfellow, I.: Adversarial perturbations of deep neural networks. In: Hazan, T., Papandreou, G., Tarlow, D. (eds.) Advanced Structured Prediction (2016)","DOI":"10.7551\/mitpress\/10761.003.0012"},{"key":"4_CR39","doi-asserted-by":"crossref","unstructured":"Zhu, Z., Dumitras, T.: Featuresmith: automatically engineering features for malware detection by mining the security literature. In: Proceedings of ACM SIGSAC, pp. 767\u2013778 (2016)","DOI":"10.1145\/2976749.2978304"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2017"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-66399-9_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,24]],"date-time":"2025-06-24T22:00:17Z","timestamp":1750802417000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-66399-9_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319663982","9783319663999"],"references-count":39,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-66399-9_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"12 August 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Oslo","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Norway","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 September 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15 September 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/deic.uab.cat\/conferences\/dpm\/dpm2017\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}