{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,12]],"date-time":"2025-12-12T13:10:05Z","timestamp":1765545005656,"version":"3.33.0"},"reference-count":58,"publisher":"IEEE","license":[{"start":{"date-parts":[[2024,12,15]],"date-time":"2024-12-15T00:00:00Z","timestamp":1734220800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,12,15]],"date-time":"2024-12-15T00:00:00Z","timestamp":1734220800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024,12,15]]},"DOI":"10.1109\/bigdata62323.2024.10825735","type":"proceedings-article","created":{"date-parts":[[2025,1,16]],"date-time":"2025-01-16T18:31:23Z","timestamp":1737052283000},"page":"2624-2634","source":"Crossref","is-referenced-by-count":1,"title":["Living off the Analyst: Harvesting Features from Yara Rules for Malware Detection"],"prefix":"10.1109","author":[{"given":"Siddhant","family":"Gupta","sequence":"first","affiliation":[{"name":"University of Maryland"}]},{"given":"Fred","family":"Lu","sequence":"additional","affiliation":[{"name":"University of Maryland"}]},{"given":"Andrew","family":"Barlow","sequence":"additional","affiliation":[{"name":"University of Maryland"}]},{"given":"Edward","family":"Raff","sequence":"additional","affiliation":[{"name":"University of Maryland"}]},{"given":"Francis","family":"Ferraro","sequence":"additional","affiliation":[{"name":"University of Maryland"}]},{"given":"Cynthia","family":"Matuszek","sequence":"additional","affiliation":[{"name":"University of Maryland"}]},{"given":"Charles","family":"Nicholas","sequence":"additional","affiliation":[{"name":"University of Maryland"}]},{"given":"James","family":"Holt","sequence":"additional","affiliation":[{"name":"Laboratory of Physical Sciences"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24310"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/3292500.3330701"},{"journal-title":"Yara: The pattern matching swiss knife for malware researchers (and everyone else)","year":"2013","author":"Alvarez","key":"ref3"},{"article-title":"Ember: an open dataset for training static pe malware machine learning models","year":"2018","author":"Anderson","key":"ref4"},{"article-title":"Humans vs. Machines in Malware Classification","year":"2023","author":"Aonzo","key":"ref5"},{"key":"ref6","article-title":"Automatisierte Signaturgenerierung f\u00fcr Malware-St\u00e4mme","volume-title":"PhD thesis","author":"Blichmann","year":"2008"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102287"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102500"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-017-0292-8"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.29172\/7c2a6982-6d72-4cd8-bba6-2fccb06a7011"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2018.2885512"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-64881-7_7"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/2939672.2939785"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2023.3294059"},{"key":"ref15","article-title":"Adversarial Robustness with Non-uniform Perturbations","volume-title":"Advances in Neural Information Processing Systems.","volume":"34","author":"Erdemir","year":"2021"},{"key":"ref16","article-title":"LIBLINEAR: A library for large linear classification","volume":"9","author":"Fan","year":"2008","journal-title":"the Journal of machine Learning research"},{"article-title":"Non-Negative Networks Against Adversarial Attacks","volume-title":"AAAI-2019 Workshop on Artificial Intelligence for Cyber Security","author":"Fleshman","key":"ref17"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04342-0_6"},{"key":"ref19","article-title":"RS-Del: Edit Distance Robustness Certificates for Sequence Classifiers via Randomized Deletion","volume-title":"Advances in Neural Information Processing Systems.","volume":"36","author":"Huang","year":"2023"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/3180445.3180449"},{"article-title":"Transcend: Detecting Concept Drift in Malware Classification Models","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Jordaney","key":"ref21"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/3474369.3486867"},{"article-title":"Rank-1 Similarity Matrix Decomposition For Modeling Changes in Antivirus Consensus Through Time","volume-title":"Proceedings of the Conference on Applied Machine Learning for Information Security","author":"Joyce","key":"ref23"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.5555\/3294996.3295070"},{"key":"ref25","article-title":"Autograph: toward automated, distributed worm signature detection","volume-title":"Proceedings of the 13th conference on USENIX Security Symposium","volume":"13","author":"Kim"},{"article-title":"The Dropper Effect: Insights into Malware Distribution with Downloader Graph Analytics","volume-title":"Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security","author":"Jun Kwon","key":"ref26"},{"key":"ref27","article-title":"Learning from Context : Exploiting and Interpreting File Path Information for Better Malware Detection","author":"Kyadige","year":"2019","journal-title":"ArXiv e-prints"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.67"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/3029806.3029815"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/3670105.3670209"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3616625"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/3637528.3672038"},{"journal-title":"Optimizing the Optimal Weighted Average: Efficient Distributed Sparse Classification.","year":"2024","author":"Lu","key":"ref33"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1007\/11856214_5"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2005.15"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v36i7.20757"},{"article-title":"Leveraging Uncertainty for Improved Static Malware Detection Under Extreme False Positive Constraints","volume-title":"IJCAI-21 1st International Workshop on Adaptive Cyber Defense","author":"Nguyen","key":"ref37"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/BigData47090.2019.9006132"},{"article-title":"Small Effect Sizes in Malware Detection? Make Harder Train\/Test Splits!","volume-title":"Proceedings of the Conference on Applied Machine Learning in Information Security","author":"Patel","key":"ref39"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.1201.0490"},{"article-title":"TESSER-ACT: Eliminating Experimental Bias in Malware Classification across Space and Time","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Pendlebury","key":"ref41"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.26"},{"article-title":"Asymmetric Certified Robustness via Feature-Convex Neural Networks","volume-title":"Thirty-seventh Conference on Neural Information Processing Systems","author":"Pfrommer","key":"ref43"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/ICDMW51313.2020.00074"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.2307\/j.ctv1ntg8v.80"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/BigData.2018.8622043"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/3209280.3229085"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-016-0283-1"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/3411508.3421372"},{"journal-title":"yarGen.","year":"2013","author":"Roth","key":"ref50"},{"article-title":"Is Function Similarity Over-Engineered? Building a Benchmark","volume-title":"The Thirty-eight Conference on Neural Information Processing Systems Datasets and Benchmarks Track","author":"Saul","key":"ref51"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1145\/2381896.2381910"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1145\/2623330.2623342"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/3291061"},{"article-title":"An Observational Investigation of Reverse Engineers \u2019 Processes","volume-title":"USENIX Security Symposium","author":"Votipka","key":"ref55"},{"article-title":"Stabilizing Linear Passive-Aggressive Online Learning with Weighted Reservoir Sampling","volume-title":"The Thirty-eighth Annual Conference on Neural Information Processing Systems","author":"Wu","key":"ref56"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1145\/2020408.2020448"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484759"}],"event":{"name":"2024 IEEE International Conference on Big Data (BigData)","start":{"date-parts":[[2024,12,15]]},"location":"Washington, DC, USA","end":{"date-parts":[[2024,12,18]]}},"container-title":["2024 IEEE International Conference on Big Data (BigData)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/10824975\/10824942\/10825735.pdf?arnumber=10825735","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,17]],"date-time":"2025-01-17T07:48:06Z","timestamp":1737100086000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10825735\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,15]]},"references-count":58,"URL":"https:\/\/doi.org\/10.1109\/bigdata62323.2024.10825735","relation":{},"subject":[],"published":{"date-parts":[[2024,12,15]]}}}