{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,25]],"date-time":"2026-03-25T14:40:54Z","timestamp":1774449654337,"version":"3.50.1"},"reference-count":37,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2024,11,26]],"date-time":"2024-11-26T00:00:00Z","timestamp":1732579200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"},{"start":{"date-parts":[[2024,11,26]],"date-time":"2024-11-26T00:00:00Z","timestamp":1732579200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"}],"funder":[{"DOI":"10.13039\/501100001691","name":"Japan Society for the Promotion of Science","doi-asserted-by":"publisher","award":["21K11898"],"award-info":[{"award-number":["21K11898"]}],"id":[{"id":"10.13039\/501100001691","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cluster Comput"],"published-print":{"date-parts":[[2025,4]]},"DOI":"10.1007\/s10586-024-04825-5","type":"journal-article","created":{"date-parts":[[2024,11,26]],"date-time":"2024-11-26T19:18:28Z","timestamp":1732648708000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Practical evasion attack against neural network-based macro-malware detection method"],"prefix":"10.1007","volume":"28","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4323-9911","authenticated-orcid":false,"given":"Mamoru","family":"Mimura","sequence":"first","affiliation":[]},{"given":"Kazuyuki","family":"Kurashina","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,11,26]]},"reference":[{"key":"4825_CR1","doi-asserted-by":"publisher","first-page":"6249","DOI":"10.1109\/ACCESS.2019.2963724","volume":"8","author":"\u00c3A Aslan","year":"2020","unstructured":"Aslan, \u00c3.A., Samet, R.: A comprehensive review on malware detection approaches. IEEE Access 8, 6249\u20136271 (2020). https:\/\/doi.org\/10.1109\/ACCESS.2019.2963724","journal-title":"IEEE Access"},{"key":"4825_CR2","doi-asserted-by":"publisher","first-page":"324","DOI":"10.1016\/j.eswa.2016.07.010","volume":"63","author":"A Cohen","year":"2016","unstructured":"Cohen, A., Nissim, N., Rokach, L., Elovici, Y.: SFEM: structural feature extraction methodology for the detection of malicious office documents using machine learning methods. Expert Syst. Appl. 63, 324\u2013343 (2016)","journal-title":"Expert Syst. Appl."},{"issue":"3","key":"4825_CR3","doi-asserted-by":"publisher","first-page":"631","DOI":"10.1109\/TIFS.2016.2631905","volume":"12","author":"N Nissim","year":"2017","unstructured":"Nissim, N., Cohen, A., Elovici, Y.: ALDOCX: detection of unknown malicious Microsoft office documents using designated active learning methods based on new structural feature extraction methodology. IEEE Trans. Inf. Forensics Secur. 12(3), 631\u2013646 (2017). https:\/\/doi.org\/10.1109\/TIFS.2016.2631905","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"4825_CR4","doi-asserted-by":"publisher","unstructured":"Bearden, R., Lo, D.C.T.: Automated Microsoft office macro malware detection using machine learning. In: IEEE International Conference on Big Data, pp. 4448\u20134452 (2017). https:\/\/doi.org\/10.1109\/BigData.2017.8258483","DOI":"10.1109\/BigData.2017.8258483"},{"key":"4825_CR5","doi-asserted-by":"crossref","unstructured":"Mimura, M., Ohminami, T.: Towards efficient detection of malicious VBA macros with LSI. In: Advances in Information and Computer Security, pp. 168\u2013185 (2019)","DOI":"10.1007\/978-3-030-26834-3_10"},{"key":"4825_CR6","doi-asserted-by":"crossref","unstructured":"Mimura, M.: Using sparse composite document vectors to classify VBA macros. In: Network and System Security, pp. 714\u2013720 (2019)","DOI":"10.1007\/978-3-030-36938-5_46"},{"key":"4825_CR7","doi-asserted-by":"publisher","unstructured":"Yan, J., Wan, M., Jia, X., Ying, L., Su, P., Wang, Z.: DitDetector: bimodal learning based on deceptive image and text for macro malware detection. In: 38th Annual Computer Security Applications Conference, pp. 227\u2013239 (2022). https:\/\/doi.org\/10.1145\/3564625.3567982","DOI":"10.1145\/3564625.3567982"},{"key":"4825_CR8","doi-asserted-by":"publisher","DOI":"10.1145\/3513025","author":"F Casino","year":"2023","unstructured":"Casino, F., Totosis, N., Apostolopoulos, T., Lykousas, N., Patsakis, C.: Analysis and correlation of visual evidence in campaigns of malicious office documents. Digit. Threats Res. Pract. (2023). https:\/\/doi.org\/10.1145\/3513025","journal-title":"Digit. Threats Res. Pract."},{"key":"4825_CR9","doi-asserted-by":"publisher","unstructured":"Kim, S., Hong, S., Oh, J., Lee, H.: Obfuscated VBA macro detection using machine learning. In: IEEE\/IFIP International Conference on Dependable Systems and Networks, pp. 490\u2013501 (2018). https:\/\/doi.org\/10.1109\/DSN.2018.00057","DOI":"10.1109\/DSN.2018.00057"},{"key":"4825_CR10","doi-asserted-by":"publisher","DOI":"10.3390\/app132212101","author":"X Chen","year":"2023","unstructured":"Chen, X., Wang, W., Han, W.: Malicious office macro detection: combined features with obfuscation and suspicious keywords. Appl. Sci. (2023). https:\/\/doi.org\/10.3390\/app132212101","journal-title":"Appl. Sci."},{"key":"4825_CR11","doi-asserted-by":"publisher","first-page":"102582","DOI":"10.1016\/j.cose.2021.102582","volume":"114","author":"V Koutsokostas","year":"2022","unstructured":"Koutsokostas, V., Lykousas, N., Apostolopoulos, T., Orazi, G., Ghosal, A., Casino, F., Conti, M., Patsakis, C.: Invoice #31415 attached: automated analysis of malicious Microsoft office documents. Comput. Secur. 114, 102582 (2022). https:\/\/doi.org\/10.1016\/j.cose.2021.102582","journal-title":"Comput. Secur."},{"issue":"1","key":"4825_CR12","doi-asserted-by":"publisher","first-page":"271","DOI":"10.1007\/s10207-023-00736-5","volume":"23","author":"S Vi\u0163el","year":"2024","unstructured":"Vi\u0163el, S., Lupa\u015fcu, M., Gavrilu\u0163, D.T., Luchian, H.: Short- versus long-term performance of detection models for obfuscated MSOffice-embedded malware. Int. J. Inf. Secur. 23(1), 271\u2013297 (2024). https:\/\/doi.org\/10.1007\/s10207-023-00736-5","journal-title":"Int. J. Inf. Secur."},{"key":"4825_CR13","doi-asserted-by":"publisher","first-page":"102600","DOI":"10.1016\/j.jisa.2020.102600","volume":"54","author":"M Mimura","year":"2020","unstructured":"Mimura, M.: Using fake text vectors to improve the sensitivity of minority class for macro malware detection. J. Inf. Secur. Appl. 54, 102600 (2020). https:\/\/doi.org\/10.1016\/j.jisa.2020.102600","journal-title":"J. Inf. Secur. Appl."},{"key":"4825_CR14","doi-asserted-by":"publisher","DOI":"10.3390\/app13042079","author":"B Xuan","year":"2023","unstructured":"Xuan, B., Li, J., Song, Y.: SFCWGAN-BiTCN with sequential features for malware detection. Appl. Sci. (2023). https:\/\/doi.org\/10.3390\/app13042079","journal-title":"Appl. Sci."},{"key":"4825_CR15","doi-asserted-by":"crossref","unstructured":"Grosse, K., Papernot, N., Manoharan, P., Backes, M., McDaniel, P.: Adversarial examples for malware detection. In: European Symposium on Research in Computer Security, pp. 62\u201379 (2017)","DOI":"10.1007\/978-3-319-66399-9_4"},{"key":"4825_CR16","doi-asserted-by":"crossref","unstructured":"Chen, L., Hou, S., Ye, Y., Chen, L.: An adversarial machine learning model against android malware evasion attacks. In: Web and Big Data, pp. 43\u201355 (2017)","DOI":"10.1007\/978-3-319-69781-9_5"},{"key":"4825_CR17","doi-asserted-by":"publisher","first-page":"301511","DOI":"10.1016\/J.FSIDI.2023.301511","volume":"44","author":"H Rathore","year":"2023","unstructured":"Rathore, H., Nandanwar, A., Sahay, S.K., Sewak, M.: Adversarial superiority in android malware detection: lessons from reinforcement learning based evasion attacks and defenses. Forensic Sci. Int. Digit. Investig. 44, 301511 (2023). https:\/\/doi.org\/10.1016\/J.FSIDI.2023.301511","journal-title":"Forensic Sci. Int. Digit. Investig."},{"key":"4825_CR18","doi-asserted-by":"publisher","unstructured":"Huang, Y., Verma, U., Fralick, C., Infantec-Lopez, G., Kumar, B., Woodward, C.: Malware evasion attack and defense. In: IEEE\/IFIP International Conference on Dependable Systems and Networks Workshops, pp. 34\u201338 (2019). https:\/\/doi.org\/10.1109\/DSN-W.2019.00014","DOI":"10.1109\/DSN-W.2019.00014"},{"key":"4825_CR19","doi-asserted-by":"publisher","first-page":"102762","DOI":"10.1016\/j.cose.2022.102762","volume":"119","author":"Y Qiao","year":"2022","unstructured":"Qiao, Y., Zhang, W., Tian, Z., Yang, L.T., Liu, Y., Alazab, M.: Adversarial malware sample generation method based on the prototype of deep learning detector. Comput. Secur. 119, 102762 (2022). https:\/\/doi.org\/10.1016\/j.cose.2022.102762","journal-title":"Comput. Secur."},{"key":"4825_CR20","doi-asserted-by":"publisher","first-page":"133717","DOI":"10.1109\/ACCESS.2023.3334645","volume":"11","author":"RM Arif","year":"2023","unstructured":"Arif, R.M., Aslam, M., Al-Otaibi, S., Martinez-Enriquez, A.M., Saba, T., Bahaj, S.A., Rehman, A.: A deep reinforcement learning framework to evade black-box machine learning based IoT malware detectors using GAN-generated influential features. IEEE Access 11, 133717\u2013133729 (2023). https:\/\/doi.org\/10.1109\/ACCESS.2023.3334645","journal-title":"IEEE Access"},{"key":"4825_CR21","doi-asserted-by":"crossref","unstructured":"Biggio, B., Corona, I., Maiorca, D., Nelson, B., \u0160rndi\u0107, N., Laskov, P., Giacinto, G., Roli, F.: Evasion attacks against machine learning at test time. In: Machine Learning and Knowledge Discovery in Databases, pp. 387\u2013402 (2013)","DOI":"10.1007\/978-3-642-40994-3_25"},{"key":"4825_CR22","doi-asserted-by":"publisher","unstructured":"Srndic, N., Laskov, P.: Practical evasion of a learning-based classifier: a case study. In: IEEE Symposium on Security and Privacy, pp. 197\u2013211 (2014). https:\/\/doi.org\/10.1109\/SP.2014.20","DOI":"10.1109\/SP.2014.20"},{"key":"4825_CR23","doi-asserted-by":"crossref","unstructured":"Xu, W., Qi, Y., Evans, D.: Automatically evading classifiers: a case study on PDF malware classifiers. In: Network and Distributed System Security Symposium. The Internet Society (2016). http:\/\/wp.internetsociety.org\/ndss\/wp-content\/uploads\/sites\/25\/2017\/09\/automatically-evading-classifiers.pdf","DOI":"10.14722\/ndss.2016.23115"},{"key":"4825_CR24","doi-asserted-by":"publisher","unstructured":"Abusnaina, A., Khormali, A., Alasmary, H., Park, J., Anwar, A., Mohaisen, A.: Adversarial learning attacks on graph-based IoT malware detection systems. In: International Conference on Distributed Computing Systems, pp. 1296\u20131305 (2019). https:\/\/doi.org\/10.1109\/ICDCS.2019.00130","DOI":"10.1109\/ICDCS.2019.00130"},{"key":"4825_CR25","doi-asserted-by":"publisher","first-page":"138336","DOI":"10.1109\/ACCESS.2023.3339827","volume":"11","author":"M Mimura","year":"2023","unstructured":"Mimura, M., Yamamoto, R.: A feasibility study on evasion attacks against NLP-based macro malware detection algorithms. IEEE Access 11, 138336\u2013138346 (2023). https:\/\/doi.org\/10.1109\/ACCESS.2023.3339827","journal-title":"IEEE Access"},{"key":"4825_CR26","doi-asserted-by":"publisher","unstructured":"Papernot, N., McDaniel, P., Swami, A., Harang, R.: Crafting adversarial input sequences for recurrent neural networks. In: IEEE Military Communications Conference, pp. 49\u201354 (2016). https:\/\/doi.org\/10.1109\/MILCOM.2016.7795300","DOI":"10.1109\/MILCOM.2016.7795300"},{"key":"4825_CR27","unstructured":"Hu, W., Tan, Y.: Black-box attacks against RNN based malware detection algorithms. In: AAAI Conference on Artificial Intelligence, pp. 245\u2013251 (2018). https:\/\/aaai.org\/ocs\/index.php\/WS\/AAAIW18\/paper\/view\/16594"},{"key":"4825_CR28","doi-asserted-by":"publisher","first-page":"102037","DOI":"10.1016\/j.cose.2020.102037","volume":"99","author":"S Jha","year":"2020","unstructured":"Jha, S., Prashar, D., Long, H.V., Taniar, D.: Recurrent neural network for detecting malware. Comput. Secur. 99, 102037 (2020). https:\/\/doi.org\/10.1016\/j.cose.2020.102037","journal-title":"Comput. Secur."},{"key":"4825_CR29","doi-asserted-by":"crossref","unstructured":"Rosenberg, I., Shabtai, A., Rokach, L., Elovici, Y.: Generic black-box end-to-end attack against state of the art API call based malware classifiers. In: Research in Attacks, Intrusions, and Defenses, pp. 490\u2013510 (2018)","DOI":"10.1007\/978-3-030-00470-5_23"},{"key":"4825_CR30","doi-asserted-by":"crossref","unstructured":"Vassilev, A., Oprea, A., Fordyce, A., Andersen, H.: Adversarial machine learning: a taxonomy and terminology of attacks and mitigations. National Institute of Standards and Technology Artificial Intelligence Report 100-2e2023 (2024)","DOI":"10.6028\/NIST.AI.100-2e2023"},{"key":"4825_CR31","unstructured":"Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. In: International Conference on Learning Representations (2015). http:\/\/arxiv.org\/abs\/1412.6572"},{"key":"4825_CR32","doi-asserted-by":"publisher","unstructured":"Papernot, N., McDaniel, P., Jha, S., Fredrikson, M., Celik, Z.B., Swami, A.: The limitations of deep learning in adversarial settings. In: IEEE European Symposium on Security and Privacy, pp. 372\u2013387 (2016). https:\/\/doi.org\/10.1109\/EuroSP.2016.36","DOI":"10.1109\/EuroSP.2016.36"},{"issue":"2s","key":"4825_CR33","doi-asserted-by":"publisher","first-page":"122:1","DOI":"10.1145\/3536425","volume":"18","author":"M Golmaryami","year":"2022","unstructured":"Golmaryami, M., Taheri, R., Pooranian, Z., Shojafar, M., Xiao, P.: SETTI: a self-supervised adversarial malware detection architecture in an IoT environment. ACM Trans. Multimed. Comput. Commun. Appl. 18(2s), 122:1 (2022). https:\/\/doi.org\/10.1145\/3536425","journal-title":"ACM Trans. Multimed. Comput. Commun. Appl."},{"key":"4825_CR34","doi-asserted-by":"publisher","first-page":"326","DOI":"10.1016\/J.COSE.2017.11.007","volume":"73","author":"S Chen","year":"2018","unstructured":"Chen, S., Xue, M., Fan, L., Hao, S., Xu, L., Zhu, H., Li, B.: Automated poisoning attacks and defenses in malware detection systems: an adversarial machine learning approach. Comput. Secur. 73, 326\u2013344 (2018). https:\/\/doi.org\/10.1016\/J.COSE.2017.11.007","journal-title":"Comput. Secur."},{"key":"4825_CR35","doi-asserted-by":"publisher","unstructured":"Biggio, B., Rieck, K., Ariu, D., Wressnegger, C., Corona, I., Giacinto, G., Roli, F.: Poisoning behavioral malware clustering. In: Dimitrakakis, C., Mitrokotsa, A., Rubinstein, B.I.P., Ahn, G. (eds.) Proceedings of the 2014 Workshop on Artificial Intelligent and Security Workshop, AISec 2014, Scottsdale, AZ, USA, November 7, 2014, pp. 27\u201336. ACM (2014). https:\/\/doi.org\/10.1145\/2666652.2666666","DOI":"10.1145\/2666652.2666666"},{"key":"4825_CR36","doi-asserted-by":"publisher","unstructured":"Aryal, K., Gupta, M., Abdelsalam, M.: Analysis of label-flip poisoning attack on machine learning based malware detector. In: Tsumoto, S., Ohsawa, Y., Chen, L., den Poel, D.V., Hu, X., Motomura, Y., Takagi, T., Wu, L., Xie, Y., Abe, A., Raghavan, V. (eds.) IEEE International Conference on Big Data, Big Data 2022, Osaka, Japan, December 17-20, 2022, pp. 4236\u20134245. IEEE (2022). https:\/\/doi.org\/10.1109\/BIGDATA55660.2022.10020528","DOI":"10.1109\/BIGDATA55660.2022.10020528"},{"issue":"18","key":"4825_CR37","doi-asserted-by":"publisher","first-page":"14781","DOI":"10.1007\/S00521-020-04831-9","volume":"32","author":"R Taheri","year":"2020","unstructured":"Taheri, R., Javidan, R., Shojafar, M., Pooranian, Z., Miri, A., Conti, M.: On defending against label flipping attacks on malware detection systems. Neural Comput. Appl. 32(18), 14781\u201314800 (2020). https:\/\/doi.org\/10.1007\/S00521-020-04831-9","journal-title":"Neural Comput. Appl."}],"container-title":["Cluster Computing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10586-024-04825-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10586-024-04825-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10586-024-04825-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,30]],"date-time":"2025-03-30T16:33:46Z","timestamp":1743352426000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10586-024-04825-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,26]]},"references-count":37,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2025,4]]}},"alternative-id":["4825"],"URL":"https:\/\/doi.org\/10.1007\/s10586-024-04825-5","relation":{},"ISSN":["1386-7857","1573-7543"],"issn-type":[{"value":"1386-7857","type":"print"},{"value":"1573-7543","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,11,26]]},"assertion":[{"value":"9 April 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"1 October 2024","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"16 October 2024","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"26 November 2024","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"This article does not contain any studies with human participants or animals performed by any of the authors.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical approval"}}],"article-number":"113"}}