{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T12:31:00Z","timestamp":1768393860452,"version":"3.49.0"},"reference-count":65,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,11,4]],"date-time":"2025-11-04T00:00:00Z","timestamp":1762214400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,11,4]],"date-time":"2025-11-04T00:00:00Z","timestamp":1762214400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,11,4]]},"DOI":"10.1109\/ecrime66972.2025.11327982","type":"proceedings-article","created":{"date-parts":[[2026,1,13]],"date-time":"2026-01-13T20:56:22Z","timestamp":1768337782000},"page":"1-15","source":"Crossref","is-referenced-by-count":0,"title":["Beaver: Estimating Future Risks at Scale in Real-World Deployments"],"prefix":"10.1109","author":[{"given":"Marco","family":"Balduzzi","sequence":"first","affiliation":[{"name":"Trend Micro Research"}]},{"given":"Roel","family":"Reyes","sequence":"additional","affiliation":[{"name":"Trend Micro Research"}]},{"given":"Jessica","family":"Balaquit","sequence":"additional","affiliation":[{"name":"Trend Micro Research"}]},{"given":"Ryan","family":"Flores","sequence":"additional","affiliation":[{"name":"Trend Micro Research"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-30215-3_18"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23522"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134022"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00019"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660330"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/2590296.2590347"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/3565362"},{"key":"ref8","article-title":"One size does not fit all: Quantifying the risk of malicious app encounters for different android user profiles","volume-title":"Proc. of USENIX-23","author":"Dambra"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243779"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/2890509"},{"key":"ref11","article-title":"Plug and prey? measuring the commoditization of cybercrime via online anonymous markets","volume-title":"Proc. of USENIX-18","author":"van Wegberg"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00054"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427256"},{"key":"ref14","article-title":"When malware changed its mind: An empirical study of variable program behaviors in the real world","volume-title":"Proc. of USENIX-21","author":"Avllazagaj"},{"key":"ref15","article-title":"Sp 800-30: Guide for conducting risk assessments","year":"2012"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.14236\/ewic\/HCI2017.48"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1136\/bmj.2.4682.739"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/2630069"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00053"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW55150.2022.00021"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2015.2427847"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW51379.2020.00075"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/2746194.2746202"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/3291061"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/3429741"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24475"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-47854-7_2"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133971"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2021.3051804"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/3366423.3380124"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/3210311"},{"key":"ref32","article-title":"Trend micro reports earnings results for q2 2023 marking 99th quarter of profitability","year":"2023"},{"key":"ref33","article-title":"The Average Cost Of Ransomware Attacks (Updated 2025)"},{"key":"ref34","article-title":"Trend micro blocks over 94 billion threats in 2021","year":"2021"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1136\/bmj.i969"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-69094-8_3"},{"key":"ref37","article-title":"Replication: Why we still can\u2019t browse in peace: On the uniqueness and reidentifiability of web browsing histories","volume-title":"Proc. of SOUPS-20","author":"Bird"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1191\/0962280202sm289ra"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.3238\/arztebl.2009.0335"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1145\/1135777.1135853"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2008.52"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70542-0_11"},{"key":"ref43","article-title":"Trend Micro Site Safety Center","year":"2025"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23386"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516747"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24161"},{"key":"ref47","article-title":"Symantec Internet Security Threat Report","volume":"24","year":"2019","journal-title":"Tech. Rep"},{"key":"ref48","article-title":"Wannacry malware profilemitre att&ck tactics","year":"2017"},{"key":"ref49","article-title":"99% false positives: A qualitative study of SOC analysts\u2019 perspectives on security alarms","volume-title":"Proc. of USENIX-22","author":"AlAhmadi"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.48"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2022.3176674"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978313"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382284"},{"key":"ref54","article-title":"Security behavior observatory: Infrastructure for long-term monitoring of client machines","author":"Forget","year":"2014","journal-title":"Tech. Rep. CMU-CyLab-14-009"},{"key":"ref55","first-page":"97","article-title":"Do or do not, there is no try: user engagement may not improve security outcomes","volume-title":"Proc. of SOUPS-16","author":"Forget"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133973"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243779"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1111\/risa.13732"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.33"},{"key":"ref60","article-title":"EDR vs. Antivirus \u2013 Why Traditional Security Isn\u2019t Enough"},{"key":"ref61","article-title":"Introducing GPT-4o: OpenAI\u2019s new flagship multimodal model now in preview on Azure"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2024.3456960"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.29172\/7c2a6982-6d72-4cd8-bba6-2fccb06a7011"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1002\/1097-0142(1950)3:1<32::AID-CNCR2820030106>3.0.CO;2-3"},{"key":"ref65","article-title":"Current Status of the CARO Malware Naming Scheme","author":"Bontchev"}],"event":{"name":"2025 APWG Symposium on Electronic Crime Research (eCrime)","location":"San Diego, CA, USA","start":{"date-parts":[[2025,11,4]]},"end":{"date-parts":[[2025,11,7]]}},"container-title":["2025 APWG Symposium on Electronic Crime Research (eCrime)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11326688\/11327697\/11327982.pdf?arnumber=11327982","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T07:03:11Z","timestamp":1768374191000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11327982\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,4]]},"references-count":65,"URL":"https:\/\/doi.org\/10.1109\/ecrime66972.2025.11327982","relation":{},"subject":[],"published":{"date-parts":[[2025,11,4]]}}}