{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,16]],"date-time":"2026-05-16T01:48:07Z","timestamp":1778896087613,"version":"3.51.4"},"reference-count":33,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"Progetti di Rilevante Interesse Nazionale (PRIN) 2017 Project RexLearn through the Italian Ministry of Education, University and Research","award":["2017TWNMH2"],"award-info":[{"award-number":["2017TWNMH2"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2021]]},"DOI":"10.1109\/tifs.2021.3082330","type":"journal-article","created":{"date-parts":[[2021,5,20]],"date-time":"2021-05-20T19:27:23Z","timestamp":1621538843000},"page":"3469-3478","source":"Crossref","is-referenced-by-count":139,"title":["Functionality-Preserving Black-Box Optimization of Adversarial Windows Malware"],"prefix":"10.1109","volume":"16","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5104-1476","authenticated-orcid":false,"given":"Luca","family":"Demetrio","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7752-509X","authenticated-orcid":false,"given":"Battista","family":"Biggio","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Giovanni","family":"Lagorio","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Fabio","family":"Roli","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alessandro","family":"Armando","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref33","article-title":"Secml-malware: A Python library for adversarial robustness evaluation of windows malware classifiers","author":"demetrio","year":"2021","journal-title":"arXiv 2104 12848"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24310"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/3365001"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/3375894.3375898"},{"key":"ref10","first-page":"1","article-title":"Explaining vulnerabilities of deep learning to adversarial malware binaries","author":"demetrio","year":"2019","journal-title":"Proc 3rd Italian Conf Cyber Secur (ITASEC)"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.23919\/EUSIPCO.2018.8553214"},{"key":"ref12","article-title":"Adversarial examples on discrete sequences for beating whole-binary malware detection","author":"kreuk","year":"2018","journal-title":"arXiv 1802 04528v1"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/INFOMAN.2019.8714698"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom\/BigDataSE.2019.00040"},{"key":"ref15","article-title":"Evading machine learning malware detection","author":"anderson","year":"2017","journal-title":"Proc BlackHat"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-00470-5_23"},{"key":"ref17","article-title":"Generating adversarial malware examples for black-box attacks based on GAN","author":"hu","year":"2017","journal-title":"arXiv 1702 05983"},{"key":"ref18","first-page":"285","article-title":"Improving robustness of ML classifiers against realizable evasion attacks using conserved features","author":"tong","year":"2019","journal-title":"Proc USENIX Security07"},{"key":"ref19","first-page":"21","article-title":"Automatically evading classifiers","author":"xu","year":"2016","journal-title":"Proc NDSS"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.20"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN.2015.7280815"},{"key":"ref27","first-page":"2672","article-title":"Generative adversarial nets","author":"goodfellow","year":"2014","journal-title":"Proc NIPS"},{"key":"ref3","first-page":"61","article-title":"DL4MD: A deep learning framework for intelligent malware detection","author":"hardy","year":"2016","journal-title":"Proc Int Conf Data Mining"},{"key":"ref6","article-title":"EMBER: An open dataset for training static PE malware machine learning models","author":"anderson","year":"2018","journal-title":"arXiv 1804 04637"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420987"},{"key":"ref5","first-page":"54","article-title":"Adversarially robust malware detection using monotonic classification","author":"romeo","year":"2018","journal-title":"Proc 4th ACM Int Workshop Secur Privacy Anal"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/2046684.2046692"},{"key":"ref7","first-page":"268","article-title":"Malware detection by eating a whole EXE","author":"raff","year":"2018","journal-title":"Proc 32nd AAAI Workshops"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-50127-7_11"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1016\/j.patcog.2018.07.023"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2015.7413680"},{"key":"ref20","first-page":"3146","article-title":"LightGBM: A highly efficient gradient boosting decision tree","author":"ke","year":"2017","journal-title":"Proc NIPS"},{"key":"ref22","article-title":"Adversarial EXEmples: A survey and experimental evaluation of practical attacks on machine learning for windows malware detection","author":"demetrio","year":"2020","journal-title":"arXiv 2008 07125"},{"key":"ref21","first-page":"29","article-title":"Fast learning in multi-resolution hierarchies","author":"moody","year":"1989","journal-title":"Proc NIPS"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/3316415"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2019.00015"},{"key":"ref26","first-page":"2171","article-title":"DEAP: Evolutionary algorithms made easy","volume":"13","author":"fortin","year":"2012","journal-title":"J Mach Lang Res"},{"key":"ref25","first-page":"8026","article-title":"PyTorch: An imperative style, high-performance deep learning library","author":"paszke","year":"2019","journal-title":"Proc NIPS"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/10206\/9151439\/09437194.pdf?arnumber=9437194","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,10]],"date-time":"2022-05-10T14:52:40Z","timestamp":1652194360000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9437194\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"references-count":33,"URL":"https:\/\/doi.org\/10.1109\/tifs.2021.3082330","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"value":"1556-6013","type":"print"},{"value":"1556-6021","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]}}}