{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T04:31:51Z","timestamp":1754109111436,"version":"3.28.0"},"reference-count":32,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018,10]]},"DOI":"10.1109\/milcom.2018.8599855","type":"proceedings-article","created":{"date-parts":[[2019,1,3]],"date-time":"2019-01-03T18:10:39Z","timestamp":1546539039000},"page":"1-8","source":"Crossref","is-referenced-by-count":21,"title":["Attack and Defense of Dynamic Analysis-Based, Adversarial Neural Malware Detection Models"],"prefix":"10.1109","author":[{"given":"Jack W.","family":"Stokes","sequence":"first","affiliation":[]},{"given":"De","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Mady","family":"Marinescu","sequence":"additional","affiliation":[]},{"given":"Marc","family":"Marino","sequence":"additional","affiliation":[]},{"given":"Brian","family":"Bussone","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref32","article-title":"Detection of malicious pdf files based on hierarchical document structure","author":"srndic","year":"2013","journal-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS)"},{"doi-asserted-by":"publisher","key":"ref31","DOI":"10.1145\/2420950.2420987"},{"doi-asserted-by":"publisher","key":"ref30","DOI":"10.1109\/SP.2017.49"},{"key":"ref10","doi-asserted-by":"crossref","DOI":"10.14722\/ndss.2016.23115","article-title":"Automatically evading classifiers","author":"xu","year":"2016","journal-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS)"},{"key":"ref11","article-title":"Distillation as a defense to adversarial perturbations against deep neural networks","author":"papernot","year":"2015","journal-title":"Proceedings of the IEEE Symposium on Security and Privacy"},{"key":"ref12","article-title":"Evasion and hardening of tree ensemble classifiers","author":"kantchelian","year":"2016","journal-title":"Proceedings of the International Conference on Machine Learning (ICML)"},{"key":"ref13","article-title":"Stealing machine learning models via prediction apis","author":"tramer","year":"2016","journal-title":"Proceedings of the USENIX Security Symposium"},{"key":"ref14","article-title":"Ensemble robustness of deep learning algorithms","author":"feng","year":"2016","journal-title":"Arxiv preprint arXiv"},{"key":"ref15","article-title":"Ensemble adversarial training: Attacks and defenses","author":"tramer","year":"2018","journal-title":"Proc of the Int Conf on Learning Representations (ICLR)"},{"key":"ref16","doi-asserted-by":"crossref","DOI":"10.14722\/ndss.2018.23198","article-title":"Feature squeezing: Detecting adversarial examples in deep neural networks","author":"xu","year":"2018","journal-title":"Proceedings of the Network and Distributed Systems Security Symposium (NDSS)"},{"key":"ref17","article-title":"A framework for validating models of evasion attacks on machine learning, with application to pdf malware detection","author":"tong","year":"2017","journal-title":"Arxiv preprint arXiv"},{"key":"ref18","article-title":"Generating adversarial malware examples for black-box attacks based on gan","author":"hu","year":"0","journal-title":"ArXiv Preprint"},{"doi-asserted-by":"publisher","key":"ref19","DOI":"10.14722\/ndss.2014.23247"},{"doi-asserted-by":"publisher","key":"ref28","DOI":"10.1145\/2939672.2945397"},{"key":"ref4","doi-asserted-by":"crossref","first-page":"399","DOI":"10.1007\/978-3-319-40667-1_20","article-title":"Mtnet: A multi-task neural network for dynamic malware classfication","author":"huang","year":"2016","journal-title":"Proc Int'l Conf Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA)"},{"key":"ref27","article-title":"Distilling the knowledge in a neural network","author":"hinton","year":"2014","journal-title":"Neural Information Processing Systems (NIPS) Deep Learning Workshop"},{"doi-asserted-by":"publisher","key":"ref3","DOI":"10.1109\/ICASSP.2015.7178304"},{"doi-asserted-by":"publisher","key":"ref6","DOI":"10.1007\/978-3-319-50127-7_11"},{"key":"ref29","article-title":"Adam: A method for stochastic optimization","author":"kingma","year":"2015","journal-title":"Proc of the Int Conf on Learning Representations (ICLR)"},{"doi-asserted-by":"publisher","key":"ref5","DOI":"10.1109\/ICASSP.2017.7952603"},{"key":"ref8","article-title":"Explaining and harnessing adversarial examples","author":"goodfellow","year":"2015","journal-title":"Proceedings of the International Conference on Learning Representations (ICML)"},{"key":"ref7","article-title":"Practical black-box attacks against deep learning systems using adversarial examples","author":"papernot","year":"2017","journal-title":"Proceedings of the ACM Asia Conference on Computer and Communications Security"},{"doi-asserted-by":"publisher","key":"ref2","DOI":"10.1109\/MALWARE.2015.7413680"},{"doi-asserted-by":"publisher","key":"ref9","DOI":"10.1109\/CVPR.2015.7298640"},{"doi-asserted-by":"publisher","key":"ref1","DOI":"10.1109\/ICASSP.2013.6638293"},{"key":"ref20","article-title":"Adversarial perturbations against deep neural networks for malware classification","author":"grosse","year":"2017","journal-title":"Proc Ninth European Symp Research Computer Security (ESORICS)"},{"key":"ref22","article-title":"On the (statistical) detection of adversarial examples","author":"grosse","year":"2017","journal-title":"Arxiv preprint arXiv"},{"doi-asserted-by":"publisher","key":"ref21","DOI":"10.1145\/3132747.3132785"},{"doi-asserted-by":"publisher","key":"ref24","DOI":"10.1145\/1150402.1150436"},{"year":"2009","author":"manning","journal-title":"An Introduction to Information Retrieval","key":"ref23"},{"key":"ref26","article-title":"The limitations of deep learning in adversarial settings","author":"papernot","year":"2015","journal-title":"Proc 1st IEEE European Symp Security and Privacy"},{"key":"ref25","first-page":"1929","article-title":"Dropout: A simple way to prevent neural networks from overfitting","volume":"15","author":"srivastava","year":"2014","journal-title":"J Mach Learn Res"}],"event":{"name":"MILCOM 2018 - IEEE Military Communications Conference","start":{"date-parts":[[2018,10,29]]},"location":"Los Angeles, CA","end":{"date-parts":[[2018,10,31]]}},"container-title":["MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8580348\/8599678\/08599855.pdf?arnumber=8599855","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,1,25]],"date-time":"2022-01-25T20:57:07Z","timestamp":1643144227000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8599855\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,10]]},"references-count":32,"URL":"https:\/\/doi.org\/10.1109\/milcom.2018.8599855","relation":{},"subject":[],"published":{"date-parts":[[2018,10]]}}}