{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T06:23:32Z","timestamp":1772000612039,"version":"3.50.1"},"reference-count":56,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2023,9,27]],"date-time":"2023-09-27T00:00:00Z","timestamp":1695772800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,9,27]],"date-time":"2023-09-27T00:00:00Z","timestamp":1695772800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Comput Virol Hack Tech"],"DOI":"10.1007\/s11416-023-00498-7","type":"journal-article","created":{"date-parts":[[2023,9,27]],"date-time":"2023-09-27T13:03:11Z","timestamp":1695819791000},"page":"95-111","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":14,"title":["Mal2GCN: a robust malware detection approach using deep graph convolutional networks with non-negative weights"],"prefix":"10.1007","volume":"20","author":[{"given":"Omid","family":"Kargarnovin","sequence":"first","affiliation":[]},{"given":"Amir Mahdi","family":"Sadeghzadeh","sequence":"additional","affiliation":[]},{"given":"Rasool","family":"Jalili","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,9,27]]},"reference":[{"issue":"4","key":"498_CR1","doi-asserted-by":"publisher","first-page":"255","DOI":"10.1016\/j.icte.2018.10.006","volume":"4","author":"R Vinayakumar","year":"2018","unstructured":"Vinayakumar, R., Soman, K.P.: DeepMalNet: evaluating shallow and deep networks for static PE malware detection. ICT Express 4(4), 255\u2013258 (2018)","journal-title":"ICT Express"},{"key":"498_CR2","doi-asserted-by":"crossref","unstructured":"Joshua, S., Berlin, K.: Deep neural network based malware detection using two dimensional binary program features. In: 2015 10th International Conference on Malicious and Unwanted Software (MALWARE), pp. 11\u201320. IEEE (2015)","DOI":"10.1109\/MALWARE.2015.7413680"},{"key":"498_CR3","doi-asserted-by":"crossref","unstructured":"Papernot, N., McDaniel, P., Jha, S., Fredrikson, M., Celik, Z.B., Swami, A.: The limitations of deep learning in adversarial settings. In: 2016 IEEE European Symposium on Security and Privacy (EuroSP), pp. 372\u2013387. IEEE (2016)","DOI":"10.1109\/EuroSP.2016.36"},{"key":"498_CR4","doi-asserted-by":"crossref","unstructured":"Suciu, O., Coull, S.E., Johns, J.: Exploring adversarial examples in malware detection. In: 2019 IEEE Security and Privacy Workshops (SPW), pp. 8\u201314. IEEE (2019)","DOI":"10.1109\/SPW.2019.00015"},{"key":"498_CR5","unstructured":"Hu, W., Tan, Y.: Generating adversarial malware examples for black-box attacks based on GAN. arXiv:1702.05983 (2017)"},{"key":"498_CR6","unstructured":"Anderson, H.S., Kharkar, A., Filar, B., Evans, D., Roth, P.: Learning to evade static pe machine learning malware models via reinforcement learning. arXiv:1801.08917 (2018)"},{"key":"498_CR7","doi-asserted-by":"crossref","unstructured":"Kolosnjaji, B., Demontis, A., Biggio, B., Maiorca, D., Giacinto, G., Eckert, C., Roli, F.: Adversarial malware binaries: Evading deep learning for malware detection in executables. In 2018 26th European signal processing conference (EUSIPCO), pp. 533\u2013537. IEEE (2018)","DOI":"10.23919\/EUSIPCO.2018.8553214"},{"issue":"4","key":"498_CR8","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3473039","volume":"24","author":"L Demetrio","year":"2021","unstructured":"Demetrio, L., Coull, S.E., Biggio, B., Lagorio, G., Armando, A., Roli, F.: Adversarial exemples: a survey and experimental evaluation of practical attacks on machine learning for windows malware detection. ACM Trans. Priv. Secur. (TOPS) 24(4), 1\u201331 (2021)","journal-title":"ACM Trans. Priv. Secur. (TOPS)"},{"key":"498_CR9","doi-asserted-by":"crossref","unstructured":"Al-Dujaili, A., Huang, A., Hemberg, E., O\u2019Reilly, U.M.: Adversarial deep learning for robust detection of binary encoded malware. In: 2018 IEEE Security and Privacy Workshops (SPW), pp. 76\u201382. IEEE (2018)","DOI":"10.1109\/SPW.2018.00020"},{"key":"498_CR10","doi-asserted-by":"crossref","unstructured":"Alasmary, H., Abusnaina, A., Jang, R., Abuhamad, M., Anwar, A., Nyang, D., Mohaisen, D.: Detecting adversarial examples in control flow graph-based malware classifiers. In: 40th IEEE International Conference on Distributed Computing Systems, ICDCS, pp. 1296\u20131305 (2020)","DOI":"10.1109\/ICDCS47774.2020.00089"},{"key":"498_CR11","unstructured":"Fleshman, W., Raff, E., Sylvester, J., Forsyth, S., McLean, M.: Non-negative networks against adversarial attacks. In: AAAI workshop (2019)"},{"key":"498_CR12","doi-asserted-by":"crossref","unstructured":"Ceschin, F., Botacin, M., Gomes, H.M., Oliveira, L.S., Gr\u00e9gio, A.: Shallow security: on the creation of adversarial variants to evade machine learning-based malware detectors. In: Proceedings of the 3rd Reversing and Offensive-oriented Trends Symposium, pp. 1\u20139 (2019)","DOI":"10.1145\/3375894.3375898"},{"key":"498_CR13","doi-asserted-by":"publisher","first-page":"3469","DOI":"10.1109\/TIFS.2021.3082330","volume":"16","author":"L Demetrio","year":"2021","unstructured":"Demetrio, L., Biggio, B., Lagorio, G., Roli, F., Armando, A.: Functionality-preserving black-box optimization of adversarial windows malware. IEEE Trans. Inf. Forensics Secur. 16, 3469\u20133478 (2021)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"498_CR14","unstructured":"Errica, F., Podda, M., Bacciu, D., Micheli, A.: A fair comparison of graph neural networks for graph classification. arXiv:1912.09893 (2019)"},{"key":"498_CR15","unstructured":"Kipf, T.N., Welling, M.: Semi-supervised classification with graph convolutional networks. In: International Conference on Learning Representations (2017)"},{"key":"498_CR16","unstructured":"Raff, E., Barker, J., Sylvester, J., Brandon, R., Catanzaro, B., Nicholas, C.: Malware detection by eating a whole exe. In: Workshops at the Thirty-Second AAAI Conference on Artificial Intelligence (2018)"},{"key":"498_CR17","doi-asserted-by":"crossref","unstructured":"Coull, S.E., Gardner, C.: Activation analysis of a byte-based deep neural network for malware classification. In: 2019 IEEE Security and Privacy Workshops (SPW), pp. 21\u201327. IEEE (2019)","DOI":"10.1109\/SPW.2019.00017"},{"key":"498_CR18","doi-asserted-by":"crossref","unstructured":"Yeboah, P.N., Baz Musah, H.B.: NLP technique for malware detection using 1D CNN fusion model. Secur. Commun. Netw. 2022 (2022)","DOI":"10.1155\/2022\/2957203"},{"issue":"1","key":"498_CR19","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s11416-022-00424-3","volume":"19","author":"AS Kale","year":"2023","unstructured":"Kale, A.S., Pandya, V., Di Troia, F., Stamp, M.: Malware classification with word2vec, hmm2vec, bert, and elmo. J. Comput. Virol. Hack. Tech. 19(1), 1\u201316 (2023)","journal-title":"J. Comput. Virol. Hack. Tech."},{"key":"498_CR20","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2020.106630","volume":"96","author":"A Yazdinejad","year":"2020","unstructured":"Yazdinejad, A., HaddadPajouh, H., Dehghantanha, A., Parizi, R.M., Srivastava, G., Chen, M.Y.: Cryptocurrency malware hunting: a deep recurrent neural network approach. Appl. Soft Comput. 96, 106630 (2020)","journal-title":"Appl. Soft Comput."},{"key":"498_CR21","doi-asserted-by":"crossref","unstructured":"John, T.S., Thomas, T., Emmanuel, S.: Graph convolutional networks for android malware detection with system call graphs. In: 2020 Third ISEA Conference on Security and Privacy (ISEA-ISAP), pp. 162\u2013170. IEEE (2020)","DOI":"10.1109\/ISEA-ISAP49340.2020.235015"},{"key":"498_CR22","doi-asserted-by":"crossref","unstructured":"Yan, J., Yan, G., Jin, D. Classifying malware represented as control flow graphs using deep graph convolutional neural network. In: 2019 49th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 52\u201363. IEEE (2019)","DOI":"10.1109\/DSN.2019.00020"},{"key":"498_CR23","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102513","volume":"112","author":"O Fan","year":"2022","unstructured":"Fan, O., Jian, X.: S3feature: a static sensitive subgraph-based feature for android malware detection. Comput. Secur. 112, 102513 (2022)","journal-title":"Comput. Secur."},{"issue":"4","key":"498_CR24","doi-asserted-by":"publisher","first-page":"285","DOI":"10.1007\/s11416-021-00414-x","volume":"18","author":"F Manavi","year":"2022","unstructured":"Manavi, F., Hamzeh, A.: A novel approach for ransomware detection based on pe header using graph embedding. J. Comput. Virol. Hack. Tech. 18(4), 285\u2013296 (2022)","journal-title":"J. Comput. Virol. Hack. Tech."},{"issue":"1","key":"498_CR25","doi-asserted-by":"publisher","first-page":"29","DOI":"10.1007\/s11416-016-0267-1","volume":"13","author":"D Nikolopoulos Stavros","year":"2017","unstructured":"Nikolopoulos Stavros, D., Iosif, P.: A graph-based model for malware detection and classification using system-call groups. J. Comput. Virol. Hack. Tech. 13(1), 29\u201346 (2017)","journal-title":"J. Comput. Virol. Hack. Tech."},{"issue":"1","key":"498_CR26","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s13677-022-00349-8","volume":"11","author":"F Ullah","year":"2022","unstructured":"Ullah, F., Srivastava, G., Ullah, S.: A malware detection system using a hybrid approach of multi-heads attention-based control flow traces and image visualization. J. Cloud Comput. 11(1), 1\u201321 (2022)","journal-title":"J. Cloud Comput."},{"key":"498_CR27","unstructured":"Xu, K., Hu, W., Leskovec, J., Jegelka, S.: How powerful are graph neural networks? In: International Conference on Learning Representations (2019)"},{"key":"498_CR28","doi-asserted-by":"crossref","unstructured":"Z\u00fcgner, D., G\u00fcnnemann, S.: Adversarial attacks on graph neural networks via meta learning. arXiv:1902.08412 (2019)","DOI":"10.24963\/ijcai.2019\/872"},{"key":"498_CR29","doi-asserted-by":"crossref","unstructured":"Grosse, K., Papernot, N., Manoharan, P., Backes, M., McDaniel, P.: Adversarial examples for malware detection. In: European Symposium on Research in Computer Security, pp. 62\u201379. Springer (2017)","DOI":"10.1007\/978-3-319-66399-9_4"},{"key":"498_CR30","unstructured":"Kreuk, F., Barak, A., Aviv-Reuven, S., Baruch, M., Pinkas, B., Keshet, J.: Deceiving end-to-end deep learning malware detectors using adversarial examples. arXiv:1802.04528 (2018)"},{"key":"498_CR31","doi-asserted-by":"crossref","unstructured":"Rigaki, M., Garcia, S.: Bringing a GAN to a knife-fight: adapting malware communication to avoid detection. In: 2018 IEEE Security and Privacy Workshops (SPW), pp. 70\u201375. IEEE (2018)","DOI":"10.1109\/SPW.2018.00019"},{"key":"498_CR32","doi-asserted-by":"crossref","unstructured":"Kawai, M., Ota, K., Dong, M.: Improved Malgan: avoiding malware detector by leaning cleanware features. In: 2019 International Conference on Artificial Intelligence in Information and Communication (ICAIIC), pp. 040\u2013045. IEEE (2019)","DOI":"10.1109\/ICAIIC.2019.8669079"},{"key":"498_CR33","unstructured":"Vaya, C., IBM\u00a0Security Sen, B.: Malware mutation using deep reinforcement learning and GAN. Hack in the Box (2020)"},{"key":"498_CR34","doi-asserted-by":"crossref","unstructured":"AbAbusnaina, A., Khormali, A., Alasmary, H., Park, J., Anwar, A., Mohaisen, A.: Adversarial learning attacks on graph-based IoT malware detection systems. In: 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS), pp. 1296\u20131305. IEEE (2019)","DOI":"10.1109\/ICDCS.2019.00130"},{"key":"498_CR35","unstructured":"Zhang, H., Chen, H., Song, Z., Boning, D., Dhillon, I.S., Hsieh, C.J.: The limitations of adversarial training and the blind-spot attack. In: International Conference on Learning Representations (2019)"},{"key":"498_CR36","doi-asserted-by":"publisher","first-page":"3109","DOI":"10.1109\/TIFS.2021.3074295","volume":"16","author":"AM Sadeghzadeh","year":"2021","unstructured":"Sadeghzadeh, A.M., Tajali, B., Jalili, R.: AWA: Adversarial website adaptation. IEEE Trans. Inf. Forensics Secur. 16, 3109\u20133122 (2021). https:\/\/doi.org\/10.1109\/TIFS.2021.3074295","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"498_CR37","first-page":"1","volume":"23","author":"H Rathore","year":"2020","unstructured":"Rathore, H., Sahay, S.K., Nikam, P., Sewak, M.: Robust android malware detection system against adversarial attacks using q-learning. Inf. Syst. Front. 23, 1\u201316 (2020)","journal-title":"Inf. Syst. Front."},{"issue":"4","key":"498_CR38","doi-asserted-by":"publisher","first-page":"711","DOI":"10.1109\/TDSC.2017.2700270","volume":"16","author":"A Demontis","year":"2017","unstructured":"Demontis, A., Melis, M., Biggio, B., Maiorca, D., Arp, D., Rieck, K., Corona, I., Giacinto, G., Roli, F.: Yes, machine learning can be more secure! a case study on android malware detection. IEEE Trans. Depend. Secure Comput. 16(4), 711\u2013724 (2017)","journal-title":"IEEE Trans. Depend. Secure Comput."},{"key":"498_CR39","doi-asserted-by":"crossref","unstructured":"Kumar, R., Xiaosong, Z., Khan, R.U., Kumar, J., Ahad, I.: Effective and explainable detection of android malware based on machine learning algorithms. In: Proceedings of the 2018 International Conference on Computing and Artificial Intelligence, pp. 35\u201340 (2018)","DOI":"10.1145\/3194452.3194465"},{"key":"498_CR40","doi-asserted-by":"crossref","unstructured":"Lucas, K., Sharif, M., Bauer, L., Reiter, M.K., Shintre, S.: Malware makeover: breaking ml-based static analysis by modifying executable bytes. In: Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security, pp. 744\u2013758 (2021)","DOI":"10.1145\/3433210.3453086"},{"key":"498_CR41","unstructured":"Ida pro. https:\/\/www.hex-rays.com. Accessed 10 Jun 2023"},{"key":"498_CR42","unstructured":"Anatomy of a .net assembly\u2014methods. https:\/\/www.red-gate.com\/simple-talk\/blogs\/anatomy-of-a-net-assembly-methods. Accessed 10 Jun 2023"},{"key":"498_CR43","volume-title":"Fast Library Identification and Recognition Technology","author":"I Guilfanov","year":"1997","unstructured":"Guilfanov, I.: Fast Library Identification and Recognition Technology. DataRescue, Li\u00e8ge (1997)"},{"key":"498_CR44","volume-title":"Foundations of Statistical Natural Language Processing","author":"C Manning","year":"1999","unstructured":"Manning, C., Schutze, H.: Foundations of Statistical Natural Language Processing. MIT Press, Cambridge (1999)"},{"key":"498_CR45","unstructured":"Lime Crypter. https:\/\/github.com\/NYAN-x-CAT\/Lime-Crypter. Accessed 10 Jun 2023"},{"key":"498_CR46","unstructured":"Virusshare. https:\/\/www.virusshare.com. Accessed 10 Jun 2023"},{"key":"498_CR47","unstructured":"VirusTotal Intelligence Service. https:\/\/www.virustotal.com. Accessed 10 Jun 2023"},{"key":"498_CR48","doi-asserted-by":"crossref","unstructured":"Sebasti\u00e1n, M., Rivera, R., Kotzias, P., Caballero, J.: AVclass: a tool for massive malware labeling. In: International Symposium on Research in Attacks, Intrusions, and Defenses, pp. 230\u2013253. Springer (2016)","DOI":"10.1007\/978-3-319-45719-2_11"},{"key":"498_CR49","unstructured":"Freeware Files. https:\/\/www.freewarefiles.com. Accessed 10 Jun 2023"},{"key":"498_CR50","unstructured":"Inno setup. https:\/\/jrsoftware.org\/isinfo.php. Accessed 10 Jun 2023"},{"key":"498_CR51","unstructured":"UniExtractor. https:\/\/github.com\/Bioruebe\/UniExtract2. Accessed 10 Jun 2023"},{"key":"498_CR52","unstructured":"Hunting Raccoon Stealer: The New Masked Bandit on the Block. https:\/\/www.cybereason.com\/blog\/hunting-raccoon-stealer-the-new-masked-bandit-on-the-block. Accessed 10 Jun 2023"},{"key":"498_CR53","unstructured":"Beek, C., Diwakar, D., Yashashree, G., German, L., Niamh, M., Francisca, M., Eric, P., Thomas, R., et\u00a0al.: Mcafee labs threats report-june 2017 (2018)"},{"key":"498_CR54","unstructured":"Detect it easy. https:\/\/github.com\/horsicq\/Detect-It-Easy. Accessed 10 Jun 2023"},{"key":"498_CR55","unstructured":"Wang, M., Yu, L., Da Zheng, Q.G., Gai, Y., Ye, Z., Li, M., Zhou, J., Huang, Q., Ma, C., et\u00a0al.: Deep graph library: towards efficient and scalable deep learning on graphs (2019)"},{"key":"498_CR56","unstructured":"Swinnen, A., Mesbahi, A.: One packer to rule them all: empirical identification, comparison and circumvention of current antivirus detection techniques. BlackHat USA (2014)"}],"container-title":["Journal of Computer Virology and Hacking Techniques"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-023-00498-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11416-023-00498-7\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-023-00498-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,29]],"date-time":"2024-10-29T08:30:01Z","timestamp":1730190601000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11416-023-00498-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,9,27]]},"references-count":56,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2024,3]]}},"alternative-id":["498"],"URL":"https:\/\/doi.org\/10.1007\/s11416-023-00498-7","relation":{},"ISSN":["2263-8733"],"issn-type":[{"value":"2263-8733","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,9,27]]},"assertion":[{"value":"16 December 2022","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"31 July 2023","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"27 September 2023","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"We confirm that this work is original and has not been published elsewhere, nor is it currently under consideration for publication elsewhere. We have no conflict of interest to disclose. There is no funding to report for this submission","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}]}}