{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,22]],"date-time":"2026-04-22T16:46:41Z","timestamp":1776876401099,"version":"3.51.2"},"reference-count":62,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T00:00:00Z","timestamp":1782864000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T00:00:00Z","timestamp":1782864000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T00:00:00Z","timestamp":1782864000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-017"},{"start":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T00:00:00Z","timestamp":1782864000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"},{"start":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T00:00:00Z","timestamp":1782864000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-012"},{"start":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T00:00:00Z","timestamp":1782864000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T00:00:00Z","timestamp":1782864000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-004"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U2133208"],"award-info":[{"award-number":["U2133208"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004829","name":"Science and Technology Department of Sichuan Province","doi-asserted-by":"publisher","award":["2023YFG0290"],"award-info":[{"award-number":["2023YFG0290"]}],"id":[{"id":"10.13039\/501100004829","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100010250","name":"Sichuan Province Youth Science and Technology Innovation Team","doi-asserted-by":"publisher","award":["2022JDTD0014"],"award-info":[{"award-number":["2022JDTD0014"]}],"id":[{"id":"10.13039\/501100010250","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Applied Soft Computing"],"published-print":{"date-parts":[[2026,7]]},"DOI":"10.1016\/j.asoc.2026.115186","type":"journal-article","created":{"date-parts":[[2026,4,7]],"date-time":"2026-04-07T16:28:50Z","timestamp":1775579330000},"page":"115186","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"C","title":["OSEAF: A robust one-shot environment-aware framework for malware detection evasion"],"prefix":"10.1016","volume":"197","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-5908-4277","authenticated-orcid":false,"given":"Haoting","family":"Chen","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7550-3970","authenticated-orcid":false,"given":"Jiaxuan","family":"Geng","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0005-3763-874X","authenticated-orcid":false,"given":"Di","family":"Wu","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9680-7313","authenticated-orcid":false,"given":"Wenhan","family":"Ge","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0007-3259-3073","authenticated-orcid":false,"given":"Xiaobo","family":"Bai","sequence":"additional","affiliation":[]},{"given":"Junfeng","family":"Wang","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6502-8053","authenticated-orcid":false,"given":"Zhiyang","family":"Fang","sequence":"additional","affiliation":[]}],"member":"78","reference":[{"key":"10.1016\/j.asoc.2026.115186_bib0010","doi-asserted-by":"crossref","DOI":"10.1016\/j.sysarc.2020.101861","article-title":"A survey on machine learning-based malware detection in executable files","volume":"112","author":"Singh","year":"2021","journal-title":"J. Syst. Archit."},{"issue":"1","key":"10.1016\/j.asoc.2026.115186_bib0015","first-page":"381","article-title":"Limitations of signature-based threat detection","volume":"13","author":"Kothamali","year":"2022","journal-title":"Rev. Intel. Artif. Med."},{"issue":"3","key":"10.1016\/j.asoc.2026.115186_bib0020","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3073559","article-title":"A survey on malware detection using data mining techniques","volume":"50","author":"Ye","year":"2017","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"10.1016\/j.asoc.2026.115186_bib0025","article-title":"A comprehensive survey on deep learning based malware detection techniques","volume":"47","author":"Gopinath","year":"2023","journal-title":"Comput. Sci. Rev."},{"key":"10.1016\/j.asoc.2026.115186_bib0030","doi-asserted-by":"crossref","first-page":"6249","DOI":"10.1109\/ACCESS.2019.2963724","article-title":"A comprehensive review on malware detection approaches","volume":"8","author":"Aslan","year":"2020","journal-title":"IEEE Access"},{"key":"10.1016\/j.asoc.2026.115186_bib0035","doi-asserted-by":"crossref","first-page":"123","DOI":"10.1016\/j.cose.2018.11.001","article-title":"Survey of machine learning techniques for malware analysis","volume":"81","author":"Ucci","year":"2019","journal-title":"Comput. Secur."},{"key":"10.1016\/j.asoc.2026.115186_bib0040","series-title":"Computer Security\u2013ESORICS 2017: 22nd European Symposium on Research in Computer Security, Oslo, Norway, September 11\u201315, 2017, Proceedings, Part II 22","first-page":"62","article-title":"Adversarial examples for malware detection","author":"Grosse","year":"2017"},{"key":"10.1016\/j.asoc.2026.115186_bib0045","series-title":"2019 IEEE Security and Privacy Workshops (SPW)","first-page":"8","article-title":"Exploring adversarial examples in malware detection","author":"Suciu","year":"2019"},{"key":"10.1016\/j.asoc.2026.115186_bib0050","doi-asserted-by":"crossref","DOI":"10.1016\/j.eswa.2023.122223","article-title":"Adversarial examples: a survey of attacks and defenses in deep learning-enabled cybersecurity systems","volume":"238","author":"Macas","year":"2024","journal-title":"Expert Syst. Appl."},{"key":"10.1016\/j.asoc.2026.115186_bib0055","article-title":"A survey on adversarial attacks for malware analysis","volume":"13","author":"Aryal","year":"2024","journal-title":"IEEE Access"},{"key":"10.1016\/j.asoc.2026.115186_bib0060","doi-asserted-by":"crossref","first-page":"3469","DOI":"10.1109\/TIFS.2021.3082330","article-title":"Functionality-preserving black-box optimization of adversarial windows malware","volume":"16","author":"Demetrio","year":"2021","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"10.1016\/j.asoc.2026.115186_bib0065","series-title":"Proceedings of the IEEE\/ACM 46th International Conference on Software Engineering","first-page":"1","article-title":"Malwaretotal: multi-faceted and sequence-aware bypass tactics against static malware detection","author":"He","year":"2024"},{"key":"10.1016\/j.asoc.2026.115186_bib0070","series-title":"International Conference on Intelligent Systems and Machine Learning","first-page":"169","article-title":"Machine learning based malware analysis in digital forensic with IOT devices","author":"Ganachari","year":"2022"},{"issue":"3","key":"10.1016\/j.asoc.2026.115186_bib0075","first-page":"3827","article-title":"Detecting malicious uniform resource locators using an applied intelligence framework","volume":"79","author":"Oprea","year":"2024","journal-title":"Comput. Mater. Contin."},{"key":"10.1016\/j.asoc.2026.115186_bib0080","article-title":"A pe header-based method for malware detection using clustering and deep embedding techniques","volume":"60","author":"Rezaei","year":"2021","journal-title":"J. Inf. Secur. Appl."},{"key":"10.1016\/j.asoc.2026.115186_bib0085","series-title":"2024 12th International Symposium on Digital Forensics and Security (ISDFS)","first-page":"1","article-title":"Identifying malware family with string matching algorithms based on API calls and entire strings","author":"Gundogan","year":"2024"},{"key":"10.1016\/j.asoc.2026.115186_bib0090","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2023.103518","article-title":"Ctimd: cyber threat intelligence enhanced malware detection using API call sequences with parameters","volume":"136","author":"Chen","year":"2024","journal-title":"Comput. Secur."},{"key":"10.1016\/j.asoc.2026.115186_bib0095","doi-asserted-by":"crossref","first-page":"21235","DOI":"10.1109\/ACCESS.2019.2896003","article-title":"A combination method for android malware detection based on control flow graphs and machine learning algorithms","volume":"7","author":"Ma","year":"2019","journal-title":"IEEE Access"},{"issue":"2","key":"10.1016\/j.asoc.2026.115186_bib0100","doi-asserted-by":"crossref","first-page":"438","DOI":"10.1109\/TC.2022.3160357","article-title":"Malware-on-the-brain: illuminating malware byte codes with images for malware classification","volume":"72","author":"Zhong","year":"2022","journal-title":"IEEE Trans. Comput."},{"key":"10.1016\/j.asoc.2026.115186_bib0105","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2021.102247","article-title":"Malware detection employed by visualization and deep neural network","volume":"105","author":"Pinhero","year":"2021","journal-title":"Comput. Secur."},{"key":"10.1016\/j.asoc.2026.115186_bib0110","series-title":"NDSS","first-page":"23","article-title":"Drebin: effective and explainable detection of android malware in your pocket","volume":"vol. 14","author":"Arp","year":"2014"},{"key":"10.1016\/j.asoc.2026.115186_bib0115","series-title":"2016 3rd International Conference on Computing for Sustainable Global Development (INDIACom)","first-page":"1310","article-title":"A review of supervised machine learning algorithms","author":"Singh","year":"2016"},{"key":"10.1016\/j.asoc.2026.115186_bib0120","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2022.102871","article-title":"Efficient and robust malware detection based on control flow traces using deep neural networks","volume":"122","author":"Qiang","year":"2022","journal-title":"Comput. Secur."},{"key":"10.1016\/j.asoc.2026.115186_bib0125","doi-asserted-by":"crossref","DOI":"10.1016\/j.engappai.2023.106030","article-title":"A novel deep learning-based approach for malware detection","volume":"122","author":"Shaukat","year":"2023","journal-title":"Eng. Appl. Artif. Intell."},{"key":"10.1016\/j.asoc.2026.115186_bib0130","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2023.103595","article-title":"A survey of strategy-driven evasion methods for pe malware: transformation, concealment, and attack","volume":"137","author":"Geng","year":"2024","journal-title":"Comput. Secur."},{"issue":"6","key":"10.1016\/j.asoc.2026.115186_bib0135","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3365001","article-title":"Malware dynamic analysis evasion techniques: a survey","volume":"52","author":"Afianian","year":"2019","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"10.1016\/j.asoc.2026.115186_bib0140","article-title":"Optimal feature configuration for dynamic malware detection","volume":"105","author":"Garc\u00eda","year":"2021","journal-title":"Comput. Secur."},{"issue":"1","key":"10.1016\/j.asoc.2026.115186_bib0145","doi-asserted-by":"crossref","first-page":"172","DOI":"10.3390\/app12010172","article-title":"Ransomware detection using the dynamic analysis and machine learning: a survey and research directions","volume":"12","author":"Urooj","year":"2021","journal-title":"Appl. Sci."},{"key":"10.1016\/j.asoc.2026.115186_bib0150","doi-asserted-by":"crossref","first-page":"96899","DOI":"10.1109\/ACCESS.2020.2995887","article-title":"Dynamic analysis for IOT malware detection with convolution neural network model","volume":"8","author":"Jeon","year":"2020","journal-title":"IEEE Access"},{"key":"10.1016\/j.asoc.2026.115186_bib0155","doi-asserted-by":"crossref","first-page":"22","DOI":"10.1016\/j.jpdc.2016.10.012","article-title":"A hybrid approach of mobile malware detection in android","volume":"103","author":"Tong","year":"2017","journal-title":"J. Parallel Distrib. Comput."},{"key":"10.1016\/j.asoc.2026.115186_bib0160","series-title":"IEEE INFOCOM 2018-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)","first-page":"45","article-title":"A hybrid system for malware detection on big data","author":"De Paola","year":"2018"},{"key":"10.1016\/j.asoc.2026.115186_bib0165","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2023.103134","article-title":"Adversarial attacks against windows pe malware detection: a survey of the state-of-the-art","volume":"128","author":"Ling","year":"2023","journal-title":"Comput. Secur."},{"key":"10.1016\/j.asoc.2026.115186_bib0170","series-title":"2018 26th European Signal Processing Conference (EUSIPCO)","first-page":"533","article-title":"Adversarial malware binaries: evading deep learning for malware detection in executables","author":"Kolosnjaji","year":"2018"},{"key":"10.1016\/j.asoc.2026.115186_bib0175","series-title":"International Conference on Wireless Algorithms, Systems, and Applications","first-page":"603","article-title":"Gradient-based adversarial attacks against malware detection by instruction replacement","author":"Zhao","year":"2022"},{"key":"10.1016\/j.asoc.2026.115186_bib0180","series-title":"Proceedings of the 13th ACM Workshop on Artificial Intelligence and Security","first-page":"61","article-title":"The robust malware detection challenge and greedy random accelerated multi-bit search","author":"Verwer","year":"2020"},{"key":"10.1016\/j.asoc.2026.115186_bib0185","series-title":"Proceedings of the International Symposium on Quality of Service","first-page":"1","article-title":"Atmpa: attacking machine learning-based malware visualization detection methods via adversarial examples","author":"Liu","year":"2019"},{"key":"10.1016\/j.asoc.2026.115186_bib0190","series-title":"International Conference on Data Mining and Big Data","first-page":"409","article-title":"Generating adversarial malware examples for black-box attacks based on GAN","author":"Hu","year":"2022"},{"issue":"4","key":"10.1016\/j.asoc.2026.115186_bib0195","doi-asserted-by":"crossref","first-page":"980","DOI":"10.1109\/TC.2023.3236901","article-title":"Malfox: camouflaged adversarial malware example generation based on conv-gans against black-box detectors","volume":"73","author":"Zhong","year":"2023","journal-title":"IEEE Trans. Comput."},{"key":"10.1016\/j.asoc.2026.115186_bib0200","doi-asserted-by":"crossref","first-page":"48867","DOI":"10.1109\/ACCESS.2019.2908033","article-title":"Evading anti-malware engines with deep reinforcement learning","volume":"7","author":"Fang","year":"2019","journal-title":"IEEE Access"},{"key":"10.1016\/j.asoc.2026.115186_bib0205","series-title":"European Symposium on Research in Computer Security","first-page":"44","article-title":"The power of meme: adversarial malware creation with model-based reinforcement learning","author":"Rigaki","year":"2023"},{"key":"10.1016\/j.asoc.2026.115186_bib0210","doi-asserted-by":"crossref","first-page":"1183","DOI":"10.1109\/TIFS.2023.3333567","article-title":"Malpatch: evading dnn-based malware detection with adversarial patches","volume":"19","author":"Zhan","year":"2024","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"10.1016\/j.asoc.2026.115186_bib0215","series-title":"Proceedings of the Thirty-Fourth International Joint Conference on Artificial Intelligence","first-page":"5589","article-title":"Minimal: hard-label adversarial attack against static malware detection with minimal perturbation","author":"Li","year":"2025"},{"key":"10.1016\/j.asoc.2026.115186_bib0220","series-title":"Proceedings of the 36th Annual Computer Security Applications Conference","first-page":"611","article-title":"Query-efficient black-box attack against sequence-based malware classifiers","author":"Rosenberg","year":"2020"},{"key":"10.1016\/j.asoc.2026.115186_bib0225","series-title":"2024 33rd International Conference on Computer Communications and Networks (ICCCN)","first-page":"1","article-title":"Explainability guided adversarial evasion attacks on malware detectors","author":"Aryal","year":"2024"},{"key":"10.1016\/j.asoc.2026.115186_bib0230","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2021.102543","article-title":"Enhancing the insertion of nop instructions to obfuscate malware via deep reinforcement learning","volume":"113","author":"Gibert","year":"2022","journal-title":"Comput. Secur."},{"issue":"1","key":"10.1016\/j.asoc.2026.115186_bib0235","doi-asserted-by":"crossref","first-page":"154","DOI":"10.3390\/electronics11010154","article-title":"An efficient method for generating adversarial malware samples","volume":"11","author":"Ding","year":"2022","journal-title":"Electronics"},{"key":"10.1016\/j.asoc.2026.115186_bib0240","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2022.102643","article-title":"Optimization of code caves in malware binaries to evade machine learning detectors","volume":"116","author":"Yuste","year":"2022","journal-title":"Comput. Secur."},{"key":"10.1016\/j.asoc.2026.115186_bib0275","series-title":"Workshops at the Thirty-Second AAAI Conference on Artificial Intelligence","article-title":"Malware detection by eating a whole exe","author":"Raff","year":"2018"},{"key":"10.1016\/j.asoc.2026.115186_bib0280","author":"Anderson"},{"key":"10.1016\/j.asoc.2026.115186_bib0285","author":"Xiaozhou Wang"},{"key":"10.1016\/j.asoc.2026.115186_bib0290","series-title":"Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy","first-page":"183","article-title":"Novel feature extraction, selection and fusion for effective malware family classification","author":"Ahmadi","year":"2016"},{"issue":"4","key":"10.1016\/j.asoc.2026.115186_bib0300","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3473039","article-title":"Adversarial exemples: a survey and experimental evaluation of practical attacks on machine learning for windows malware detection","volume":"24","author":"Demetrio","year":"2021","journal-title":"ACM Trans. Priv. Secur. (TOPS)"},{"key":"10.1016\/j.asoc.2026.115186_bib0305","doi-asserted-by":"crossref","DOI":"10.1016\/j.asoc.2021.107505","article-title":"A3cmal: generating adversarial samples to force targeted misclassification by reinforcement learning","volume":"109","author":"Fang","year":"2021","journal-title":"Appl. Soft Comput."},{"key":"10.1016\/j.asoc.2026.115186_bib0310","unstructured":"Chronicle, Virustotal: the world\u2019s leading malware analysis platform, https:\/\/www.virustotal.com\/gui\/home\/upload"},{"key":"10.1016\/j.asoc.2026.115186_bib0315","unstructured":"J.F.R. Markus FXJ Oberhumer, M. L\u00e1szl\u00f3, Upx: the ultimate packer for executables, version 4.2.4. https:\/\/upx.github.io\/"},{"key":"10.1016\/j.asoc.2026.115186_bib0320","unstructured":"Oreans Technologies, Themida: advanced windows software protection system, version 3.1.8.0. https:\/\/www.oreans.com\/Themida.php"},{"key":"10.1016\/j.asoc.2026.115186_bib0325","unstructured":"VMPsoft, Vmprotect professional, version 3.8.1. https:\/\/vmpsoft.com\/"},{"key":"10.1016\/j.asoc.2026.115186_bib0330","author":"Demetrio"},{"key":"10.1016\/j.asoc.2026.115186_bib0335","author":"Mnih"},{"key":"10.1016\/j.asoc.2026.115186_bib0340","author":"Anderson"},{"key":"10.1016\/j.asoc.2026.115186_bib0345","author":"Schulman"},{"key":"10.1016\/j.asoc.2026.115186_bib0350","series-title":"Proceedings of the 31st ACM SIGKDD Conference on Knowledge Discovery and Data Mining","first-page":"5516","article-title":"Ember2024: a benchmark dataset for holistic evaluation of malware classifiers","author":"Joyce","year":"2025"}],"container-title":["Applied Soft Computing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S1568494626006344?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S1568494626006344?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,4,22]],"date-time":"2026-04-22T16:02:40Z","timestamp":1776873760000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S1568494626006344"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,7]]},"references-count":62,"alternative-id":["S1568494626006344"],"URL":"https:\/\/doi.org\/10.1016\/j.asoc.2026.115186","relation":{},"ISSN":["1568-4946"],"issn-type":[{"value":"1568-4946","type":"print"}],"subject":[],"published":{"date-parts":[[2026,7]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"OSEAF: A robust one-shot environment-aware framework for malware detection evasion","name":"articletitle","label":"Article Title"},{"value":"Applied Soft Computing","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.asoc.2026.115186","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 Elsevier B.V. All rights are reserved, including those for text and data mining, AI training, and similar technologies.","name":"copyright","label":"Copyright"}],"article-number":"115186"}}