{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,17]],"date-time":"2026-02-17T22:20:09Z","timestamp":1771366809381,"version":"3.50.1"},"reference-count":64,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"16","license":[{"start":{"date-parts":[[2025,8,15]],"date-time":"2025-08-15T00:00:00Z","timestamp":1755216000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,8,15]],"date-time":"2025-08-15T00:00:00Z","timestamp":1755216000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,8,15]],"date-time":"2025-08-15T00:00:00Z","timestamp":1755216000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62172308"],"award-info":[{"award-number":["62172308"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62202118"],"award-info":[{"award-number":["62202118"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["72261004"],"award-info":[{"award-number":["72261004"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100018533","name":"Major Scientific and Technological Special Project of Guizhou Province","doi-asserted-by":"publisher","award":["[2024]014"],"award-info":[{"award-number":["[2024]014"]}],"id":[{"id":"10.13039\/501100018533","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Guizhou Provincial Basic Research Program","award":["MS[2025]686"],"award-info":[{"award-number":["MS[2025]686"]}]},{"name":"Guizhou Provincial Key Technology Research and Development Program","award":["PA[2025]004"],"award-info":[{"award-number":["PA[2025]004"]}]},{"name":"Research Project for Recruited Talents at Guizhou University","award":["GDRJH[2024]15"],"award-info":[{"award-number":["GDRJH[2024]15"]}]},{"name":"Scientific and Technological Innovation Talent Team of Guizhou Province for Cybersecurity Protection of Computing Power Network","award":["CXTD[2025]029"],"award-info":[{"award-number":["CXTD[2025]029"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Internet Things J."],"published-print":{"date-parts":[[2025,8,15]]},"DOI":"10.1109\/jiot.2025.3574724","type":"journal-article","created":{"date-parts":[[2025,5,29]],"date-time":"2025-05-29T13:34:03Z","timestamp":1748525643000},"page":"33271-33292","source":"Crossref","is-referenced-by-count":1,"title":["XLM4Detector: Multistage Deobfuscation and Semantic-Driven Excel 4.0 Macro Malware Detection"],"prefix":"10.1109","volume":"12","author":[{"given":"Xiuzhang","family":"Yang","sequence":"first","affiliation":[{"name":"State Key Laboratory of Public Big Data and Guizhou Big Data Academy, Guizhou University, Guiyang, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8674-8356","authenticated-orcid":false,"given":"Yuling","family":"Chen","sequence":"additional","affiliation":[{"name":"State Key Laboratory of Public Big Data and Guizhou Big Data Academy, Guizhou University, Guiyang, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-6966-9863","authenticated-orcid":false,"given":"Chaofan","family":"Chen","sequence":"additional","affiliation":[{"name":"State Key Laboratory of Public Big Data and Guizhou Big Data Academy, Guizhou University, Guiyang, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-8226-2330","authenticated-orcid":false,"given":"Di","family":"Yao","sequence":"additional","affiliation":[{"name":"State Key Laboratory of Public Big Data and Guizhou Big Data Academy, Guizhou University, Guiyang, China"}]},{"given":"Chenguang","family":"Li","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Engineering, Wuhan University, Wuhan, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-2952-5198","authenticated-orcid":false,"given":"Yilin","family":"Zhou","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Engineering, Wuhan University, Wuhan, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9006-6868","authenticated-orcid":false,"given":"Chenyang","family":"Wang","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Engineering, Wuhan University, Wuhan, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0461-8177","authenticated-orcid":false,"given":"Zhi","family":"Ouyang","sequence":"additional","affiliation":[{"name":"State Key Laboratory of Public Big Data and Guizhou Big Data Academy, Guizhou University, Guiyang, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5731-8958","authenticated-orcid":false,"given":"Guojun","family":"Peng","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Engineering, Wuhan University, Wuhan, China"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/3605775"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2023.3318290"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2023.3324053"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/BigData.2017.8258483"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833765"},{"key":"ref6","article-title":"Zscaler ThreatLabz 2023 enterprise IoT and OT threat report","year":"2023"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/3625094"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-26362-5_11"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2018.00057"},{"key":"ref10","volume-title":"Description of behaviors of Auto-Exec and Auto-Open macros in word","year":"2024"},{"key":"ref11","volume-title":"New feature in office 2016 can block macros and help prevent infection","year":"2016"},{"key":"ref12","article-title":"The state of consumer cybersecurity","year":"2022"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/3564625.3567982"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.3390\/app132212101"},{"key":"ref15","volume-title":"What is macro virus?","year":"2024"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.2197\/ipsjjip.28.493"},{"issue":"3","key":"ref17","first-page":"66","article-title":"Automated deobfuscation and family classification system for Excel 4.0 macros","volume":"10","author":"Li","year":"2024","journal-title":"Chin. J. Netw. Inf. Security"},{"key":"ref18","volume-title":"Evolution of Excel 4.0 macro weaponization","author":"Haughom","year":"2020"},{"key":"ref19","volume-title":"Analysis of the attack technique using Excel 4.0 macro to avoid killing software detection","year":"2018"},{"key":"ref20","volume-title":"Olevba","year":"2024"},{"key":"ref21","volume-title":"XLMMacroDeobfuscator","year":"2024"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-99807-7_1"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2016.2631905"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/ISNCC49221.2020.9297272"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2024.3402956"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.23919\/JCC.fa.2022-0509.202311"},{"key":"ref27","volume-title":"XLM +AMSI: New runtime defense against Excel 4.0 macro malware","year":"2021"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2013.106"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2024.107426"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP40776.2020.9054390"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/3658644.3670310"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2023.3252594"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.26599\/TST.2023.9010005"},{"key":"ref34","volume-title":"Cobalt strike adversary simulation and red team operations","year":"2022"},{"key":"ref35","volume-title":"Gophish\u2014Open source phishing framework","year":"2024"},{"key":"ref36","volume-title":"SocialFish","year":"2024"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW61312.2024.00065"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/CSCWD61410.2024.10580719"},{"key":"ref39","volume-title":"Overview of XML in Excel","year":"2024"},{"key":"ref40","volume-title":"File formats that are supported in Excel","year":"2024"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-33-6835-4_22"},{"key":"ref42","volume-title":"APT attacks using malicious word file of a particular thesis","year":"2021"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-023-00736-5"},{"key":"ref44","volume-title":"Overview of formulas in Excel","year":"2024"},{"key":"ref45","first-page":"1","article-title":"Botnet judo: Fighting spam with itself","volume-title":"Proc. Netw. Distrib. Syst. Security (NDSS)","author":"Pitsillidis"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.2197\/ipsjjip.27.555"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/3328778.3372576"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/3154273.3154326"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2023.3339827"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/CANDARW.2018.00085"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-26834-3_10"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1016\/j.gltp.2022.04.004"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-21280-2_16"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2020.102600"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.23919\/WAC50355.2021.9559449"},{"key":"ref56","volume-title":"Ostefano\/xl4samples","author":"Ortolani","year":"2024"},{"key":"ref57","volume-title":"Carbon black TAU Excel 4 macro analysis","year":"2024"},{"key":"ref58","volume-title":"malware-samples\/2020-05-ZLoader-evolution","year":"2020"},{"key":"ref59","volume-title":"MalwareBazaar Malware sample exchange","year":"2024"},{"key":"ref60","volume-title":"Dashboard Triage","year":"2024"},{"key":"ref61","volume-title":"Malicious MS Office documents dataset","author":"Koutsokostas et al","year":"2024"},{"key":"ref62","first-page":"3075","article-title":"Oops... code execution and content spoofing: The first comprehensive analysis of OpenDocument signatures","volume-title":"Proc. 31st USENIX Security Symp.","author":"Rohlmann"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102658"},{"issue":"1","key":"ref64","first-page":"203","article-title":"Survey on attribution and inference research for APT attacks","volume":"36","author":"Yang","year":"2025","journal-title":"J. Softw."}],"container-title":["IEEE Internet of Things Journal"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/6488907\/11121332\/11017638.pdf?arnumber=11017638","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,17]],"date-time":"2026-02-17T21:09:44Z","timestamp":1771362584000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11017638\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,8,15]]},"references-count":64,"journal-issue":{"issue":"16"},"URL":"https:\/\/doi.org\/10.1109\/jiot.2025.3574724","relation":{},"ISSN":["2327-4662","2372-2541"],"issn-type":[{"value":"2327-4662","type":"electronic"},{"value":"2372-2541","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,8,15]]}}}