{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T15:48:44Z","timestamp":1778168924602,"version":"3.51.4"},"reference-count":50,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2025,1,10]],"date-time":"2025-01-10T00:00:00Z","timestamp":1736467200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,10]],"date-time":"2025-01-10T00:00:00Z","timestamp":1736467200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"DOI":"10.13039\/501100015501","name":"Qu\u1ef9 \u0110\u1ed5i m\u1edbi s\u00e1ng t\u1ea1o Vingroup","doi-asserted-by":"crossref","award":["VINIF.2023.ThS.091"],"award-info":[{"award-number":["VINIF.2023.ThS.091"]}],"id":[{"id":"10.13039\/501100015501","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/501100010712","name":"Viet Nam National University Ho Chi Minh City","doi-asserted-by":"crossref","award":["C2023-26-09"],"award-info":[{"award-number":["C2023-26-09"]}],"id":[{"id":"10.13039\/501100010712","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2025,2]]},"DOI":"10.1007\/s10207-024-00969-y","type":"journal-article","created":{"date-parts":[[2025,1,10]],"date-time":"2025-01-10T04:58:40Z","timestamp":1736485120000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["On the effectiveness of adversarial samples against ensemble learning-based windows PE malware detectors"],"prefix":"10.1007","volume":"24","author":[{"given":"Trong-Nghia","family":"To","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Danh Le","family":"Kim","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Do Thi Thu","family":"Hien","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nghi Hoang","family":"Khoa","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hien Do","family":"Hoang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Phan The","family":"Duy","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Van-Hau","family":"Pham","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,1,10]]},"reference":[{"key":"969_CR1","doi-asserted-by":"crossref","unstructured":"Azeez, N.A., Odufuwa, O.E., Misra, S., Oluranti, J., Dama\u0161evi\u010dius, R.: Windows PE malware detection using ensemble learning. In: Informatics, vol. 8, p. 10 (2021). Multidisciplinary Digital Publishing Institute","DOI":"10.3390\/informatics8010010"},{"key":"969_CR2","unstructured":"Ling, X., Wu, L., Zhang, J., Qu, Z., Deng, W., Chen, X., Wu, C., Ji, S., Luo, T., Wu, J., et al.: Adversarial attacks against windows PE malware detection: a survey of the state-of-the-Art. arXiv:2112.12310 (2021)"},{"key":"969_CR3","unstructured":"Goodfellow, I., Pouget-Abadie, J., Mirza, M., Xu, B., Warde-Farley, D., Ozair, S., Courville, A., Bengio, Y.: Generative adversarial nets. Advances in neural information processing systems 27 (2014)"},{"key":"969_CR4","doi-asserted-by":"crossref","unstructured":"Kawai, M., Ota, K., Dong, M.: Improved MalGAN: Avoiding malware detector by leaning cleanware features. In: 2019 International conference on artificial intelligence in information and communication (ICAIIC), pp. 040\u2013045 (2019). IEEE","DOI":"10.1109\/ICAIIC.2019.8669079"},{"key":"969_CR5","unstructured":"Yuan, J., Zhou, S., Lin, L., Wang, F., Cui, J.: Black-box adversarial attacks against deep learning based malware binaries detection with GAN. In: ECAI 2020, pp. 2536\u20132542. IOS Press (2020)"},{"key":"969_CR6","unstructured":"Anderson, H.S., Kharkar, A., Filar, B., Evans, D., Roth, P.: Learning to evade static PE machine learning malware models via reinforcement learning. arXiv:1801.08917 (2018)"},{"key":"969_CR7","doi-asserted-by":"publisher","first-page":"48867","DOI":"10.1109\/ACCESS.2019.2908033","volume":"7","author":"Z Fang","year":"2019","unstructured":"Fang, Z., Wang, J., Li, B., Wu, S., Zhou, Y., Huang, H.: Evading anti-malware engines with deep reinforcement learning. IEEE Access 7, 48867\u201348879 (2019)","journal-title":"IEEE Access"},{"key":"969_CR8","doi-asserted-by":"crossref","unstructured":"Labaca-Castro, R., Franz, S., Rodosek, G.D.: AIMED-RL: exploring adversarial malware examples with reinforcement learning. In: Joint European conference on machine learning and knowledge discovery in databases, pp. 37\u201352 (2021). Springer","DOI":"10.1007\/978-3-030-86514-6_3"},{"issue":"4","key":"969_CR9","doi-asserted-by":"publisher","first-page":"485","DOI":"10.3390\/electronics10040485","volume":"10","author":"R Dama\u0161evi\u010dius","year":"2021","unstructured":"Dama\u0161evi\u010dius, R., Ven\u010dkauskas, A., Toldinas, J., Grigali\u016bnas, \u0160: Ensemble-based classification using neural networks and machine learning models for Windows PE malware detection. Electronics 10(4), 485 (2021)","journal-title":"Electronics"},{"key":"969_CR10","doi-asserted-by":"publisher","first-page":"3886","DOI":"10.1109\/TIFS.2020.3003571","volume":"15","author":"D Li","year":"2020","unstructured":"Li, D., Li, Q.: Adversarial deep ensemble: evasion attacks and defenses for malware detection. IEEE Trans. Inf. Forensics Secur. 15, 3886\u20133900 (2020)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"969_CR11","unstructured":"Tramer, F., Boneh, D.: Adversarial training and robustness for multiple perturbations. Advances in Neural Information Processing Systems 32 (2019)"},{"key":"969_CR12","unstructured":"Liu, Y., Chen, X., Liu, C., Song, D.: Delving into transferable adversarial examples and black-box attacks. arXiv:1611.02770 (2016)"},{"key":"969_CR13","doi-asserted-by":"crossref","unstructured":"Caforio, F.P., Andresini, G., Vessio, G., Appice, A., Malerba, D.: Leveraging grad-cam to improve the accuracy of network intrusion detection systems. In: Discovery Science: 24th International Conference, DS 2021, Halifax, NS, Canada, October 11\u201313, 2021, Proceedings 24, pp. 385\u2013400 (2021). Springer","DOI":"10.1007\/978-3-030-88942-5_30"},{"key":"969_CR14","doi-asserted-by":"crossref","unstructured":"Alenezi, R., Ludwig, S.A.: Explainability of cybersecurity threats data using shap. In: 2021 IEEE symposium series on computational intelligence (SSCI), pp. 01\u201310 (2021). IEEE","DOI":"10.1109\/SSCI50451.2021.9659888"},{"key":"969_CR15","unstructured":"Hu, W., Tan, Y.: Generating adversarial malware examples for black-box attacks based on GAN. arXiv:1702.05983 (2017)"},{"key":"969_CR16","unstructured":"Cortes, C., Jackel, L.D., Chiang, W.-P.: Limits on learning machine accuracy imposed by data quality. Advances in Neural Information Processing Systems 7 (1994)"},{"key":"969_CR17","unstructured":"Forensics, C.: VirusShare.com\u2014Because Sharing is Caring. https:\/\/virusshare.com\/"},{"key":"969_CR18","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-84858-7","volume-title":"The Elements of Statistical Learning: Data Mining, Inference, and Prediction","author":"T Hastie","year":"2009","unstructured":"Hastie, T., Tibshirani, R., Friedman, J.H., Friedman, J.H.: The Elements of Statistical Learning: Data Mining, Inference, and Prediction. Springer (2009)"},{"key":"969_CR19","unstructured":"abuse.ch: MalwareBazaar database. https:\/\/bazaar.abuse.ch\/"},{"key":"969_CR20","doi-asserted-by":"crossref","unstructured":"Kantchelian, A., Tschantz, M.C., Afroz, S., Miller, B., Shankar, V., Bachwani, R., Joseph, A.D., Tygar, J.D.: Better malware ground truth: Techniques for weighting anti-virus vendor labels. In: Proceedings of the 8th ACM workshop on artificial intelligence and security. pp. 45\u201356 (2015)","DOI":"10.1145\/2808769.2808780"},{"key":"969_CR21","doi-asserted-by":"crossref","unstructured":"Sebasti\u00e1n, M., Rivera, R., Kotzias, P., Caballero, J.: Avclass: A tool for massive malware labeling. In: International symposium on research in attacks, intrusions, and defenses. pp. 230\u2013253 (2016). Springer","DOI":"10.1007\/978-3-319-45719-2_11"},{"key":"969_CR22","doi-asserted-by":"crossref","unstructured":"Sebasti\u00e1n, S., Caballero, J.: Avclass2: Massive malware tag extraction from AV labels. In: Annual computer security applications conference, pp. 42\u201353 (2020)","DOI":"10.1145\/3427228.3427261"},{"key":"969_CR23","doi-asserted-by":"crossref","unstructured":"Zhu, S., Zhang, Z., Yang, L., Song, L., Wang, G.: Benchmarking Label Dynamics of VirusTotal Engines. In: Proceedings of the 2020 ACM SIGSAC conference on computer and communications security, pp. 2081\u20132083 (2020)","DOI":"10.1145\/3372297.3420013"},{"key":"969_CR24","unstructured":"Ceschin, F., Gomes, H.M., Botacin, M., Bifet, A., Pfahringer, B., Oliveira, L.S., Gr\u00e9gio, A.: Machine learning (in) security: a stream of problems. arXiv:2010.16045 (2020)"},{"key":"969_CR25","unstructured":"Raff, E., Nicholas, C.: A survey of machine learning methods and challenges for Windows malware classification. arXiv:2006.09271 (2020)"},{"issue":"3","key":"969_CR26","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3073559","volume":"50","author":"Y Ye","year":"2017","unstructured":"Ye, Y., Li, T., Adjeroh, D., Iyengar, S.S.: A survey on malware detection using data mining techniques. ACM Comput. Surv. 50(3), 1\u201340 (2017)","journal-title":"ACM Comput. Surv."},{"issue":"5","key":"969_CR27","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3447571","volume":"15","author":"X Ling","year":"2021","unstructured":"Ling, X., Wu, L., Wang, S., Pan, G., Ma, T., Xu, F., Liu, A.X., Wu, C., Ji, S.: Deep graph matching and searching for semantic code retrieval. ACM Trans. Knowl. Discov. Data 15(5), 1\u201321 (2021)","journal-title":"ACM Trans. Knowl. Discov. Data"},{"key":"969_CR28","doi-asserted-by":"crossref","unstructured":"Li, Z., Zou, D., Xu, S., Ou, X., Jin, H., Wang, S., Deng, Z., Zhong, Y.: Vuldeepecker: A deep learning-based system for vulnerability detection. arXiv:1801.01681 (2018)","DOI":"10.14722\/ndss.2018.23158"},{"key":"969_CR29","doi-asserted-by":"publisher","DOI":"10.1201\/b12207","volume-title":"Ensemble Methods: Foundations and Algorithms","author":"Z-H Zhou","year":"2012","unstructured":"Zhou, Z.-H.: Ensemble Methods: Foundations and Algorithms. CRC Press (2012)"},{"key":"969_CR30","doi-asserted-by":"crossref","unstructured":"Dietterich, T.G.: Ensemble methods in machine learning. In: International workshop on multiple classifier systems, pp. 1\u201315 (2000). Springer","DOI":"10.1007\/3-540-45014-9_1"},{"key":"969_CR31","doi-asserted-by":"publisher","DOI":"10.1201\/9781420067194","volume-title":"Machine Learning: An Algorithmic Perspective","author":"S Marsland","year":"2011","unstructured":"Marsland, S.: Machine Learning: An Algorithmic Perspective. Chapman and Hall\/CRC (2011)"},{"issue":"4","key":"969_CR32","doi-asserted-by":"publisher","first-page":"1249","DOI":"10.1002\/widm.1249","volume":"8","author":"O Sagi","year":"2018","unstructured":"Sagi, O., Rokach, L.: Ensemble learning: a survey. Wiley Interdiscip. Rev. Data Min. Knowl. Disc. 8(4), 1249 (2018)","journal-title":"Wiley Interdiscip. Rev. Data Min. Knowl. Disc."},{"issue":"4","key":"969_CR33","doi-asserted-by":"publisher","first-page":"584","DOI":"10.1016\/j.ijar.2011.12.011","volume":"53","author":"Y Bi","year":"2012","unstructured":"Bi, Y.: The impact of diversity on the accuracy of evidential classifier ensembles. Int. J. Approxim. Reason. 53(4), 584\u2013607 (2012)","journal-title":"Int. J. Approxim. Reason."},{"issue":"3","key":"969_CR34","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3003816","volume":"49","author":"J Gardiner","year":"2016","unstructured":"Gardiner, J., Nagaraja, S.: On the security of machine learning in malware c &c detection: a survey. ACM Comput. Surv. 49(3), 1\u201339 (2016)","journal-title":"ACM Comput. Surv."},{"issue":"1","key":"969_CR35","doi-asserted-by":"publisher","first-page":"127","DOI":"10.3905\/jfds.2020.1.047","volume":"3","author":"X Man","year":"2021","unstructured":"Man, X., Chan, E.P.: The best way to select features? Comparing MDA, LIME, and SHAP. J. Financ. Data Sci. 3(1), 127\u2013139 (2021)","journal-title":"J. Financ. Data Sci."},{"key":"969_CR36","doi-asserted-by":"publisher","first-page":"154","DOI":"10.1016\/j.inffus.2022.11.013","volume":"92","author":"L Weber","year":"2023","unstructured":"Weber, L., Lapuschkin, S., Binder, A., Samek, W.: Beyond explaining: opportunities and challenges of XAI-based model improvement. Inf. Fusion 92, 154\u2013176 (2023)","journal-title":"Inf. Fusion"},{"key":"969_CR37","doi-asserted-by":"publisher","DOI":"10.1016\/j.inffus.2023.101805","volume":"99","author":"S Ali","year":"2023","unstructured":"Ali, S., Abuhmed, T., El-Sappagh, S., Muhammad, K., Alonso-Moral, J.M., Confalonieri, R., Guidotti, R., Del Ser, J., D\u00edaz-Rodr\u00edguez, N., Herrera, F.: Explainable artificial intelligence (XAI): what we know and what is left to attain trustworthy artificial intelligence. Inf. Fusion 99, 101805 (2023)","journal-title":"Inf. Fusion"},{"issue":"1","key":"969_CR38","doi-asserted-by":"publisher","first-page":"154","DOI":"10.3390\/electronics11010154","volume":"11","author":"Y Ding","year":"2022","unstructured":"Ding, Y., Shao, M., Nie, C., Fu, K.: An efficient method for generating adversarial malware samples. Electronics 11(1), 154 (2022)","journal-title":"Electronics"},{"key":"969_CR39","doi-asserted-by":"crossref","unstructured":"Liu, X., Zhang, J., Lin, Y., Li, H.: ATMPA: attacking machine learning-based malware visualization detection methods via adversarial examples. In: 2019 IEEE\/ACM 27th international symposium on quality of service (IWQoS), pp. 1\u201310 (2019). IEEE","DOI":"10.1145\/3326285.3329073"},{"key":"969_CR40","doi-asserted-by":"crossref","unstructured":"Rosenberg, I., Shabtai, A., Elovici, Y., Rokach, L.: Query-efficient black-box attack against sequence-based malware classifiers. In: Annual Computer Security Applications Conference, pp. 611\u2013626 (2020)","DOI":"10.1145\/3427228.3427230"},{"key":"969_CR41","doi-asserted-by":"publisher","unstructured":"Lucas, K., Sharif, M., Bauer, L., Reiter, M.K., Shintre, S.: Malware Makeover: Breaking ML-Based Static Analysis by Modifying Executable Bytes. In: Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security. ASIA CCS \u201921, pp. 744\u2013758. Association for Computing Machinery, New York, NY, USA (2021). https:\/\/doi.org\/10.1145\/3433210.3453086","DOI":"10.1145\/3433210.3453086"},{"key":"969_CR42","doi-asserted-by":"crossref","unstructured":"Ebrahimi, M., Pacheco, J., Li, W., Hu, J.L., Chen, H.: Binary black-box attacks against static malware detectors with reinforcement learning in discrete action spaces. In: 2021 IEEE Security and Privacy Workshops (SPW), pp. 85\u201391 (2021). IEEE","DOI":"10.1109\/SPW53761.2021.00021"},{"key":"969_CR43","unstructured":"Lester, M.: PE Malware machine learning dataset (2021). https:\/\/practicalsecurityanalytics.com\/pe-malware-machine-learning-dataset\/"},{"issue":"3","key":"969_CR44","doi-asserted-by":"publisher","first-page":"1221","DOI":"10.1007\/s10044-018-0697-0","volume":"22","author":"PI W\u00f3jcik","year":"2019","unstructured":"W\u00f3jcik, P.I., Kurdziel, M.: Training neural networks on high-dimensional data using random projection. Pattern Anal. Appl. 22(3), 1221\u20131231 (2019)","journal-title":"Pattern Anal. Appl."},{"key":"969_CR45","unstructured":"Quiring, E., Maier, A., Rieck, K.: Misleading authorship attribution of source code using adversarial learning. In: 28th USENIX Security Symposium (USENIX Security 19), pp. 479\u2013496 (2019)"},{"key":"969_CR46","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102762","author":"Y Qiao","year":"2022","unstructured":"Qiao, Y., Zhang, W., Tian, Z., Yang, L.T., Liu, Y., Alazab, M.: Adversarial malware sample generation method based on the prototype of deep learning detector. Comput. Secur. (2022). https:\/\/doi.org\/10.1016\/j.cose.2022.102762","journal-title":"Comput. Secur."},{"issue":"4","key":"969_CR47","doi-asserted-by":"publisher","first-page":"980","DOI":"10.1109\/TC.2023.3236901","volume":"73","author":"F Zhong","year":"2024","unstructured":"Zhong, F., Cheng, X., Yu, D., Gong, B., Song, S., Yu, J.: MalFox: Camouflaged adversarial malware example generation based on conv-GANs against black-box detectors. IEEE Trans. Comput. 73(4), 980\u2013993 (2024). https:\/\/doi.org\/10.1109\/TC.2023.3236901","journal-title":"IEEE Trans. Comput."},{"key":"969_CR48","unstructured":"Anderson, H.S., Kharkar, A., Filar, B., Roth, P.: Evading machine learning malware detection. black Hat 2017 (2017)"},{"key":"969_CR49","doi-asserted-by":"publisher","unstructured":"Do\u00a0Thi\u00a0Thu, H., Phan, T.D., Le\u00a0Anh, H., Nguyen\u00a0Duy, L., Nghi\u00a0Hoang, K., Pham, V.-H.: A method of mutating windows malware using reinforcement learning with functionality preservation. In: Proceedings of the 11th international symposium on information and communication technology, pp. 142\u2013149 (2022). https:\/\/doi.org\/10.1145\/3568562.3568631","DOI":"10.1145\/3568562.3568631"},{"issue":"5","key":"969_CR50","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1109\/MSEC.2022.3182356","volume":"20","author":"L Demetrio","year":"2022","unstructured":"Demetrio, L., Biggio, B., Roli, F.: Practical attacks on machine learning: a case study on adversarial windows malware. IEEE Secur. Privacy 20(5), 77\u201385 (2022). https:\/\/doi.org\/10.1109\/MSEC.2022.3182356","journal-title":"IEEE Secur. Privacy"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-024-00969-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-024-00969-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-024-00969-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,12]],"date-time":"2025-02-12T05:20:30Z","timestamp":1739337630000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-024-00969-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,1,10]]},"references-count":50,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2025,2]]}},"alternative-id":["969"],"URL":"https:\/\/doi.org\/10.1007\/s10207-024-00969-y","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,1,10]]},"assertion":[{"value":"10 January 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no Conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"Not available.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethial approval and consent to participate"}},{"value":"Not available.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Consent for publication"}}],"article-number":"60"}}