{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,24]],"date-time":"2026-01-24T16:38:45Z","timestamp":1769272725244,"version":"3.49.0"},"reference-count":26,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2024]]},"DOI":"10.1109\/access.2024.3392391","type":"journal-article","created":{"date-parts":[[2024,4,22]],"date-time":"2024-04-22T17:41:12Z","timestamp":1713807672000},"page":"61152-61162","source":"Crossref","is-referenced-by-count":8,"title":["Adversarial Robustness of Deep Learning-Based Malware Detectors via (De)Randomized Smoothing"],"prefix":"10.1109","volume":"12","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2448-1297","authenticated-orcid":false,"given":"Daniel","family":"Gibert","sequence":"first","affiliation":[{"name":"CeADAR, University College Dublin, Dublin, Ireland"}]},{"given":"Giulio","family":"Zizzo","sequence":"additional","affiliation":[{"name":"IBM Research Europe, Dublin, Ireland"}]},{"given":"Quan","family":"Le","sequence":"additional","affiliation":[{"name":"CeADAR, University College Dublin, Dublin, Ireland"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1861-9736","authenticated-orcid":false,"given":"Jordi","family":"Planes","sequence":"additional","affiliation":[{"name":"Department of Computer Engineering and Digital Design, University of Lleida, Lleida, Spain"}]}],"member":"263","reference":[{"key":"ref1","article-title":"EMBER: An open dataset for training static PE malware machine learning models","author":"Anderson","year":"2018","journal-title":"arXiv:1804.04637"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/cac59555.2023.10450537"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/eurospw59978.2023.00052"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.23919\/ICITST51030.2020.9351333"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2022.117957"},{"key":"ref6","first-page":"1","article-title":"Deep convolutional malware classifiers can learn from raw executables and labels only","volume-title":"Proc. 6th Int. Conf. Learn. Represent.","author":"Krc\u00e1l"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/spw.2019.00015"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/tifs.2021.3082330"},{"key":"ref9","article-title":"Deceiving end-to-end deep learning malware detectors using adversarial examples","author":"Kreuk","year":"2018","journal-title":"arXiv:1802.04528"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/3473039"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102643"},{"key":"ref12","first-page":"1","article-title":"Derandomized smoothing for certifiable defense against patch attacks","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","author":"Levine"},{"key":"ref13","article-title":"Intriguing properties of neural networks","author":"Szegedy","year":"2013","journal-title":"arXiv:1312.6199"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40994-3_25"},{"key":"ref15","article-title":"Explaining and harnessing adversarial examples","author":"Goodfellow","year":"2014","journal-title":"arXiv:1412.6572"},{"key":"ref16","article-title":"Non-negative networks against adversarial attacks","author":"Fleshman","year":"2018","journal-title":"arXiv:1806.06108"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/TNNLS.2014.2310059"},{"key":"ref18","first-page":"1163","article-title":"Adversarial training for raw-binary malware classifiers","volume-title":"Proc. 32nd USENIX Secur. Symp.","author":"Lucas"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/3433210.3453086"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-54129-2_40"},{"key":"ref21","first-page":"1310","article-title":"Certified adversarial robustness via randomized smoothing","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Cohen"},{"key":"ref22","first-page":"8024","article-title":"PyTorch: An imperative style, high-performance deep learning library","volume-title":"Advances in Neural Information Processing Systems 32","author":"Paszke","year":"2019"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/SPW53761.2021.00020"},{"key":"ref24","article-title":"Secml-malware: A Python library for adversarial robustness evaluation of windows malware classifiers","author":"Demetrio","year":"2021","journal-title":"arXiv:2104.12848"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.23919\/eusipco.2018.8553214"},{"key":"ref26","article-title":"Explaining vulnerabilities of deep learning to adversarial malware binaries","author":"Demetrio","year":"2019","journal-title":"arXiv:1901.03583"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6287639\/10380310\/10506708.pdf?arnumber=10506708","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,5,3]],"date-time":"2024-05-03T18:59:22Z","timestamp":1714762762000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10506708\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"references-count":26,"URL":"https:\/\/doi.org\/10.1109\/access.2024.3392391","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024]]}}}