{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,15]],"date-time":"2026-01-15T09:18:44Z","timestamp":1768468724053,"version":"3.49.0"},"reference-count":64,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,11,4]],"date-time":"2025-11-04T00:00:00Z","timestamp":1762214400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,11,4]],"date-time":"2025-11-04T00:00:00Z","timestamp":1762214400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,11,4]]},"DOI":"10.1109\/ecrime66972.2025.11327864","type":"proceedings-article","created":{"date-parts":[[2026,1,13]],"date-time":"2026-01-13T20:56:22Z","timestamp":1768337782000},"page":"1-13","source":"Crossref","is-referenced-by-count":0,"title":["Family Ties: A Close Look at the Influence of Static Features on the Precision of Malware Family Clustering"],"prefix":"10.1109","author":[{"given":"Antonino","family":"Vitale","sequence":"first","affiliation":[{"name":"EURECOM"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kevin van","family":"Liebergen","sequence":"additional","affiliation":[{"name":"IMDEA Software Institute"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Juan","family":"Caballero","sequence":"additional","affiliation":[{"name":"IMDEA Software Institute"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Savino","family":"Dambra","sequence":"additional","affiliation":[{"name":"Gen Digital"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Platon","family":"Kotzias","sequence":"additional","affiliation":[{"name":"BforeAI"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Simone","family":"Aonzo","sequence":"additional","affiliation":[{"name":"EURECOM"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Davide","family":"Balzarotti","sequence":"additional","affiliation":[{"name":"EURECOM"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","volume-title":"Tracking malware with import hashing"},{"key":"ref2","volume-title":"Pe identifier (peid)","year":"2024"},{"key":"ref3","volume-title":"Hash and family of each sample"},{"key":"ref4","volume-title":"MOTIF Dataset"},{"key":"ref5","volume-title":"How to make a self extracting archive that runs your setup.exe with 7zip-sfx switch","year":"2015"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/ISI49825.2020.9280546"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/2381896.2381900"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-74320-0_10"},{"key":"ref9","article-title":"Scalable, Behavior-Based Malware Clustering","author":"Bayer","year":"2009","journal-title":"Network and Distributed System Security Symposium"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1016\/j.fsidi.2021.301220"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/W-FiCloud.2018.00035"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00054"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3616589"},{"key":"ref14","article-title":"2 fuzzy hashing techniques in applied malware analysis","volume":"2","author":"French","year":"2012","journal-title":"Results of SEI Line-Funded Exploratory New Starts Projects"},{"key":"ref15","article-title":"An automated virus classification system","volume-title":"Virus bulletin conference","author":"Gheorghescu"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-018-0323-0"},{"key":"ref17","first-page":"387","article-title":"MalDA: Robust malware detection using attention-based graph neural networks","volume-title":"Proceedings of the 27th ACM Conference on Computer and Communications Security (CCS)","author":"Han"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2018.07.012"},{"key":"ref19","volume-title":"horsicq: Detect It Easy","year":"2025"},{"key":"ref20","article-title":"MutantX-S: Scalable Malware Clustering Based on Static Features","volume-title":"USENIX Annual Technical Conference","author":"Hu"},{"key":"ref21","article-title":"A Framework for the Analysis of File Infection Malware","volume-title":"Master\u2019s thesis","author":"Ippolito","year":"2024"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046742"},{"key":"ref23","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2022.102921","article-title":"MOTIF: A large malware reference dataset with ground truth family labels","volume-title":"Workshop on Artificial Intelligence for Cyber Security","author":"Joyce"},{"key":"ref24","author":"Joyce","year":"2019","journal-title":"Malware attribution using the rich header"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427273"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133958"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/ICTC49870.2020.9289501"},{"key":"ref28","first-page":"61","article-title":"Deep learning for classification of malware system call sequences","volume-title":"9th International Conference on Malicious and Unwanted Software (MALWARE)","author":"Kolosnjaji"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2006.06.015"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813665"},{"key":"ref31","article-title":"Static Disassembly of Obfuscated Binaries","author":"Kruegel","year":"2004","journal-title":"USENIX Security Symposium"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-15512-3_13"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3616625"},{"key":"ref34","article-title":"Experimental study of fuzzy hashing in malware clustering analysis","volume-title":"8th workshop on cyber security experimentation and test (cset 15)","author":"Li"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24297"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-15087-1_9"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1007\/s40747-020-00233-5"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/SSCI47803.2020.9308189"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2019.04.044"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-014-0248-7"},{"key":"ref41","first-page":"1","article-title":"Malware images: Visualization and automatic classification","volume-title":"Proceedings of the 8th International Symposium on Visualization for Cyber Security (VizSec)","author":"Nataraj"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/COINS49042.2020.9191381"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/CTC.2013.9"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/3176258.3176306"},{"key":"ref45","article-title":"Behavioral Clustering of HTTP-Based Malware and Signature Generation Using Malicious Network Traces","volume-title":"USENIX Symposium on Networked Systems Design and Implementation","author":"Perdisci"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420999"},{"key":"ref47","article-title":"Rich headers: Leveraging this mysterious artifact of the pe format","author":"Poslu\u0161n\u1ef3","year":"2019","journal-title":"Virus Bulletin"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-41284-4_8"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-2010-0410"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-45719-2_11"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427261"},{"key":"ref52","volume-title":"ssdeep - Fuzzy hashing program"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.46"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/3291061"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1145\/3446371"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2019.06.006"},{"key":"ref57","volume-title":"VirusTotal"},{"key":"ref59","volume-title":"Automating The Analysis Of An AutoIT Script That Wraps A Remcos RAT","author":"Wageh","year":"2022"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-60876-1_6"},{"key":"ref61","article-title":"pehash: A novel approach to fast malware clustering","volume-title":"2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET)","author":"Wicherski"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1016\/j.jpdc.2020.03.012"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1155\/2018\/7247095"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103177"},{"issue":"2","key":"ref65","first-page":"173","article-title":"Image-based malware classification using 2d convolutional neural networks and transfer learning","volume-title":"Journal of Computer Virology and Hacking Techniques","volume":"16","author":"Zhu","year":"2020"}],"event":{"name":"2025 APWG Symposium on Electronic Crime Research (eCrime)","location":"San Diego, CA, USA","start":{"date-parts":[[2025,11,4]]},"end":{"date-parts":[[2025,11,7]]}},"container-title":["2025 APWG Symposium on Electronic Crime Research (eCrime)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11326688\/11327697\/11327864.pdf?arnumber=11327864","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T20:38:53Z","timestamp":1768423133000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11327864\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,4]]},"references-count":64,"URL":"https:\/\/doi.org\/10.1109\/ecrime66972.2025.11327864","relation":{},"subject":[],"published":{"date-parts":[[2025,11,4]]}}}