{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,1]],"date-time":"2025-12-01T11:27:13Z","timestamp":1764588433549},"reference-count":43,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2023,8,14]],"date-time":"2023-08-14T00:00:00Z","timestamp":1691971200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,8,14]],"date-time":"2023-08-14T00:00:00Z","timestamp":1691971200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2024,2]]},"DOI":"10.1007\/s10207-023-00736-5","type":"journal-article","created":{"date-parts":[[2023,8,14]],"date-time":"2023-08-14T20:04:16Z","timestamp":1692043456000},"page":"271-297","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Short- versus long-term performance of detection models for obfuscated MSOffice-embedded malware"],"prefix":"10.1007","volume":"23","author":[{"given":"Silviu","family":"Vi\u0163el","sequence":"first","affiliation":[]},{"given":"Marilena","family":"Lupa\u015fcu","sequence":"additional","affiliation":[]},{"given":"Drago\u015f Teodor","family":"Gavrilu\u0163","sequence":"additional","affiliation":[]},{"given":"Henri","family":"Luchian","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,8,14]]},"reference":[{"key":"736_CR1","doi-asserted-by":"publisher","first-page":"287","DOI":"10.1007\/978-3-031-21280-2_16","volume-title":"Information Security Practice and Experience","author":"S Vi\u0163el","year":"2022","unstructured":"Vi\u0163el, S., Lupa\u015fcu, M., Gavrilu\u0163, D.T., Luchian, H.: Detection of msoffice-embedded malware: Feature mining and short- vs. long-term performance. In: Su, C., Gritzalis, D., Piuri, V. (eds.) Information Security Practice and Experience, pp. 287\u2013305. Springer, Cham (2022)"},{"key":"736_CR2","doi-asserted-by":"publisher","unstructured":"Vi\u0163el, SC., Lupa\u015fcu, M., Gavrilu\u0163, DT., Luchian, H.: Evolution of macro vba obfuscation techniques. In: 2022 15th International Conference on Security of Information and Networks (SIN), pp. 1\u20138 (2022). https:\/\/doi.org\/10.1109\/SIN56466.2022.9970550","DOI":"10.1109\/SIN56466.2022.9970550"},{"key":"736_CR3","doi-asserted-by":"crossref","unstructured":"You, I., Yim, K.: Malware obfuscation techniques: a brief survey. In: 2010 International conference on broadband, wireless computing, communication and applications, pp. 297\u2013300. IEEE (2010)","DOI":"10.1109\/BWCCA.2010.85"},{"key":"736_CR4","unstructured":"Collberg, C., Thomborson, C., Low, D.: A taxonomy of obfuscating transformations. Tech. Rep. 148, Department of Computer Sciences, The University of Auckland (1997). http:\/\/www.cs.auckland.ac.nz\/~\/Research\/Publications\/CollbergThomborsonLow97a\/index.html"},{"key":"736_CR5","unstructured":"Ertaul, L., Venkatesh, S.: Jhide\u2014a tool kit for code obfuscation. In: IASTED Conference on Software Engineering and Applications, pp. 133\u2013138 (2004)"},{"key":"736_CR6","unstructured":"Ertaul, L., Venkatesh, S.: Novel obfuscation algorithms for software security. In: Proceedings of the 2005 International Conference on Software Engineering Research and Practice, SERP, Citeseer, vol.\u00a05 (2005)"},{"key":"736_CR7","doi-asserted-by":"publisher","unstructured":"Xu, W., Zhang, F., Zhu, S.: The power of obfuscation techniques in malicious javascript code: a measurement study. In: 2012 7th International Conference on Malicious and Unwanted Software, pp. 9\u201316 (2012). https:\/\/doi.org\/10.1109\/MALWARE.2012.6461002","DOI":"10.1109\/MALWARE.2012.6461002"},{"key":"736_CR8","unstructured":"Kolisar: Whitespace: A different approach to javascript obfuscation (2008). https:\/\/defcon.org\/images\/defcon-16\/dc16-presentations\/defcon-16-kolisar.pdf"},{"key":"736_CR9","doi-asserted-by":"crossref","unstructured":"Chellapilla, K., Maykov, A.: A taxonomy of javascript redirection spam. In: AIRWeb \u201907 (2007)","DOI":"10.1145\/1244408.1244423"},{"issue":"6","key":"736_CR10","doi-asserted-by":"publisher","first-page":"1092","DOI":"10.1002\/sec.1064","volume":"8","author":"IA AL-Taharwa","year":"2015","unstructured":"AL-Taharwa, I.A., Lee, H.M., Jeng, A.B., Wu, K.P., Ho, C.S., Chen, S.M.: Jsod: Javascript obfuscation detector. Secur. Commun. Netw. 8(6), 1092\u20131107 (2015)","journal-title":"Secur. Commun. Netw."},{"key":"736_CR11","doi-asserted-by":"crossref","unstructured":"Xu, W., Zhang, F., Zhu, S.: Jstill: mostly static detection of obfuscated malicious javascript code. In: Proceedings of the third ACM conference on Data and application security and privacy, pp. 117\u2013128 (2013)","DOI":"10.1145\/2435349.2435364"},{"key":"736_CR12","doi-asserted-by":"publisher","first-page":"160","DOI":"10.1007\/978-3-642-10509-8_19","volume-title":"Future Generation Information Technology","author":"Y Choi","year":"2009","unstructured":"Choi, Y., Kim, T., Choi, S., Lee, C.: Automatic detection for javascript obfuscation attacks in web pages through string pattern analysis. In: \u015alezak, D., Lee, Y., Kim, T., Fang, W. (eds.) Future Generation Information Technology, pp. 160\u2013172. Springer, Berlin (2009)"},{"key":"736_CR13","doi-asserted-by":"crossref","unstructured":"Liu, C., Xia, B., Yu, M., Liu, Y.: Psdem: a feasible de-obfuscation method for malicious powershell detection. In: 2018 IEEE Symposium on Computers and Communications (ISCC), pp 825\u2013831. IEEE (2018)","DOI":"10.1109\/ISCC.2018.8538691"},{"key":"736_CR14","doi-asserted-by":"crossref","unstructured":"Ugarte, D., Maiorca, D., Cara, F., Giacinto, G.: Powerdrive: accurate de-obfuscation and analysis of powershell malware. In: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp 240\u2013259. Springer (2019)","DOI":"10.1007\/978-3-030-22038-9_12"},{"key":"736_CR15","doi-asserted-by":"crossref","unstructured":"Hendler, D., Kels, S., Rubin, A.: Detecting malicious powershell commands using deep neural networks. In: Proceedings of the 2018 on Asia conference on computer and communications security, pp. 187\u2013197 (2018)","DOI":"10.1145\/3196494.3196511"},{"key":"736_CR16","unstructured":"Aboud, E., O\u2019Brien, D.: Detection of malicious VBA macros using machine learning methods (2018)"},{"key":"736_CR17","doi-asserted-by":"crossref","unstructured":"Kim, S., Hong, S., Oh, J., Lee, H.: Obfuscated VBA macro detection using machine learning. In: DSN, IEEE Computer Society, pp. 490\u2013501 (2018)","DOI":"10.1109\/DSN.2018.00057"},{"key":"736_CR18","doi-asserted-by":"crossref","unstructured":"De\u00a0los Santos, S., Torres, J.: Macro malware detection using machine learning techniques\u2014a new approach. In: ICISSP, pp. 295\u2013302 (2017)","DOI":"10.5220\/0006132202950302"},{"key":"736_CR19","doi-asserted-by":"crossref","unstructured":"Bearden, R., Lo, DCT: Automated microsoft office macro malware detection using machine learning. In: 2017 IEEE International Conference on Big Data (2017)","DOI":"10.1109\/BigData.2017.8258483"},{"key":"736_CR20","doi-asserted-by":"crossref","unstructured":"Huneault-Leblanc, S., Talhi, C.: P-code based classification to detect malicious vba macro. In: 2020 International Symposium on Networks. Computers and Communications (ISNCC), pp. 1\u20136. IEEE (2020)","DOI":"10.1109\/ISNCC49221.2020.9297272"},{"key":"736_CR21","first-page":"555","volume":"27","author":"M Mimura","year":"2019","unstructured":"Mimura, M., Miura, H.: Detecting unseen malicious VBA macros with NLP techniques. J. Inf. Process. 27, 555\u2013563 (2019)","journal-title":"J. Inf. Process."},{"key":"736_CR22","doi-asserted-by":"publisher","first-page":"204709","DOI":"10.1109\/ACCESS.2020.3037330","volume":"8","author":"M Mimura","year":"2020","unstructured":"Mimura, M.: An improved method of detecting macro malware on an imbalanced dataset. IEEE Access 8, 204709\u2013204717 (2020)","journal-title":"IEEE Access"},{"key":"736_CR23","doi-asserted-by":"publisher","unstructured":"Mimura, M.: Using sparse composite document vectors to classify VBA macros, pp. 714\u2013720. (2019)https:\/\/doi.org\/10.1007\/978-3-030-36938-5_46","DOI":"10.1007\/978-3-030-36938-5_46"},{"key":"736_CR24","volume":"54","author":"M Mimura","year":"2020","unstructured":"Mimura, M.: Using fake text vectors to improve the sensitivity of minority class for macro malware detection. J. Inf. Secur. Appl. 54, 102600 (2020)","journal-title":"J. Inf. Secur. Appl."},{"key":"736_CR25","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1016\/j.gltp.2022.04.004","volume":"3","author":"V Ravi","year":"2022","unstructured":"Ravi, V., Gururaj, S., Vedamurthy, H., Nirmala, M.: Analysing corpus of office documents for macro-based attacks using machine learning. Glob. Trans. Proc. 3, 20\u201324 (2022)","journal-title":"Glob. Trans. Proc."},{"key":"736_CR26","doi-asserted-by":"publisher","first-page":"631","DOI":"10.1109\/TIFS.2016.2631905","volume":"12","author":"N Nissim","year":"2016","unstructured":"Nissim, N., Cohen, A., Elovici, Y.: Aldocx: detection of unknown malicious microsoft office documents using designated active learning methods based on new structural feature extraction methodology. EEE Trans. Inf. Forensic Secur. 12, 631\u2013646 (2016)","journal-title":"EEE Trans. Inf. Forensic Secur."},{"key":"736_CR27","doi-asserted-by":"publisher","first-page":"324","DOI":"10.1016\/j.eswa.2016.07.010","volume":"63","author":"A Cohen","year":"2016","unstructured":"Cohen, A., Nissim, N., Rokach, L., Elovici, Y.: Sfem: structural feature extraction methodology for the detection of malicious office documents using machine learning methods. Expert Syst. Appl. 63, 324\u2013343 (2016)","journal-title":"Expert Syst. Appl."},{"key":"736_CR28","doi-asserted-by":"crossref","unstructured":"Casino, F., Totosis, N., Apostolopoulos, T., Lykousas, N., Patsakis, C.: Analysis and correlation of visual evidence in campaigns of malicious office documents. Association for Computing Machinery, New York, NY, USA (2022) https:\/\/doi.org\/10.1145\/3513025","DOI":"10.1145\/3513025"},{"key":"736_CR29","doi-asserted-by":"crossref","unstructured":"Rudd, EM., Harang, RE., Saxe, J.: MEADE: towards a malicious email attachment detection engine (2018) CoRR abs\/1804.08162, arXiv:1804.08162","DOI":"10.1109\/THS.2018.8574202"},{"key":"736_CR30","doi-asserted-by":"crossref","unstructured":"Yang, S., Chen, W., Li, S., Xu, Q.: Approach using transforming structural data into image for detection of malicious ms-doc files based on deep learning models. In: 2019 Asia-Pacific Signal and Information Processing Association Annual Summit and Conference (APSIPA ASC), pp. 28\u201332 (2019)","DOI":"10.1109\/APSIPAASC47483.2019.9023208"},{"key":"736_CR31","doi-asserted-by":"publisher","unstructured":"Lu, X., Wang, F., Shu, Z.: Malicious word document detection based on multi-view features learning pp. 1\u20136 (2019) https:\/\/doi.org\/10.1109\/ICCCN.2019.8846940","DOI":"10.1109\/ICCCN.2019.8846940"},{"key":"736_CR32","doi-asserted-by":"crossref","unstructured":"Li, Wj., Stolfo, S., Stavrou, A., Androulaki, E., Keromytis, A.: A study of malcode-bearing documents (2007)","DOI":"10.1007\/978-3-540-73614-1_14"},{"issue":"102","key":"736_CR33","first-page":"582","volume":"114","author":"V Koutsokostas","year":"2022","unstructured":"Koutsokostas, V., Lykousas, N., Apostolopoulos, T., Orazi, G., Ghosal, A., Casino, F., Conti, M., Patsakis, C.: Invoice# 31415 attached: Automated analysis of malicious microsoft office documents. Comput. Secur. 114(102), 582 (2022)","journal-title":"Comput. Secur."},{"key":"736_CR34","doi-asserted-by":"crossref","unstructured":"Tzermias, Z., Sykiotakis, G., Polychronakis, M., Markatos, E.: Combining static and dynamic analysis for the detection of malicious documents (2011)","DOI":"10.1145\/1972551.1972555"},{"key":"736_CR35","doi-asserted-by":"crossref","unstructured":"Yu, M., Jiang, J., Li, G., Li, J., Lou, C., Liu, C., Huang, W., Wang, Y.: A unified malicious documents detection model based on two layers of abstraction (2019)","DOI":"10.1109\/HPCC\/SmartCity\/DSS.2019.00322"},{"key":"736_CR36","doi-asserted-by":"publisher","first-page":"101","DOI":"10.7763\/IJET.2016.V8.866","volume":"8","author":"K Iwamoto","year":"2015","unstructured":"Iwamoto, K., Wasaki, K.: A method for shellcode extraction from malicious document files using entropy and emulation. Int. J. Eng. Technol. 8, 101\u2013106 (2015)","journal-title":"Int. J. Eng. Technol."},{"key":"736_CR37","doi-asserted-by":"crossref","unstructured":"Schreck, T., Berger, S., G\u00f6bel, J.: Bissam: automatic vulnerability identification of office documents (2012)","DOI":"10.1007\/978-3-642-37300-8_12"},{"key":"736_CR38","doi-asserted-by":"crossref","unstructured":"Smutz, C., Stavrou, A.: Preventing exploits in microsoft office documents through content randomization (2015)","DOI":"10.1007\/978-3-319-26362-5_11"},{"key":"736_CR39","unstructured":"Otsubo, Y.: O-checker : Detection of malicious documents through deviation from file format specifications (2016)"},{"key":"736_CR40","doi-asserted-by":"crossref","unstructured":"Moubarak, J., Feghali, T.: Comparing machine learning techniques for malware detection. In: ICISSP (2020)","DOI":"10.5220\/0009373708440851"},{"key":"736_CR41","doi-asserted-by":"crossref","unstructured":"Azeez, N.A., Odufuwa, O.E., Misra, S., Oluranti, J., Dama\u0161evi\u010dius, R.: Windows pe malware detection using ensemble learning. Informatics 8(1), 10 (2021)","DOI":"10.3390\/informatics8010010"},{"key":"736_CR42","doi-asserted-by":"crossref","unstructured":"Szanda\u0142a, T.: Review and comparison of commonly used activation functions for deep neural networks. In: Bio-inspired Neurocomputing, pp. 203\u2013224 (2021)","DOI":"10.1007\/978-981-15-5495-7_11"},{"key":"736_CR43","unstructured":"Gabor, S.: Vba is not dead! Virus Bulletin (2014). https:\/\/www.virusbulletin.com\/virusbulletin\/2014\/07\/vba-not-dead"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-023-00736-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-023-00736-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-023-00736-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,1,23]],"date-time":"2024-01-23T01:07:21Z","timestamp":1705972041000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-023-00736-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,8,14]]},"references-count":43,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2024,2]]}},"alternative-id":["736"],"URL":"https:\/\/doi.org\/10.1007\/s10207-023-00736-5","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,8,14]]},"assertion":[{"value":"18 July 2023","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"14 August 2023","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no conflicts of interest or competing interests regarding the publication of this study.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"This article does not contain any studies involving human participants or animals, performed by any of the authors.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Human participants and animals"}},{"value":"Informed consent was obtained from all individual participants included in the study.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Informed consent"}}]}}