{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,22]],"date-time":"2026-01-22T07:02:41Z","timestamp":1769065361692,"version":"3.49.0"},"reference-count":61,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"Institute of Information Engineering, Chinese Academy of Science","award":["E4V01511G3"],"award-info":[{"award-number":["E4V01511G3"]}]},{"name":"University of Chinese Academy of Science"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2026]]},"DOI":"10.1109\/tifs.2025.3637727","type":"journal-article","created":{"date-parts":[[2025,11,26]],"date-time":"2025-11-26T19:03:07Z","timestamp":1764183787000},"page":"45-60","source":"Crossref","is-referenced-by-count":1,"title":["Mitigating the Impact of Malware Evolution on API Sequence-Based Windows Malware Detectors"],"prefix":"10.1109","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0009-0001-6595-4222","authenticated-orcid":false,"given":"Xingyuan","family":"Wei","sequence":"first","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-2405-8854","authenticated-orcid":false,"given":"Ce","family":"Li","sequence":"additional","affiliation":[{"name":"JIUTIAN Research, China Mobile Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-2640-4056","authenticated-orcid":false,"given":"Qiujian","family":"Lv","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-1851-1672","authenticated-orcid":false,"given":"Ning","family":"Li","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-6408-2032","authenticated-orcid":false,"given":"Degang","family":"Sun","sequence":"additional","affiliation":[{"name":"Computer Network Information Center, Chinese Academy of Sciences, School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-7450-4075","authenticated-orcid":false,"given":"Yan","family":"Wang","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/DSA56465.2022.00067"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2018.11.001"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-50127-7_11"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP.2018.8461583"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102686"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2022.3152360"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.7717\/peerj-cs.285"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427242"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101760"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v34i01.5474"},{"key":"ref11","article-title":"Machine learning for security in hostile environments","author":"Pendlebury","year":"2021"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/SPW53761.2021.00020"},{"key":"ref13","first-page":"729","article-title":"TESSERACT: Eliminating experimental bias in malware classification across space and time","volume-title":"Proc. 28th USENIX Secur. Symp.","author":"Pendlebury"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2019.00014"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/tdsc.2022.3144697"},{"key":"ref16","first-page":"2327","article-title":"CADE: Detecting and explaining concept drift samples for security applications","volume-title":"Proc. 30th USENIX Secur. Symp.","author":"Yang"},{"key":"ref17","first-page":"625","article-title":"Transcend: Detecting concept drift in malware classification models","volume-title":"Proc. 26th USENIX Secur. Symp. (USENIX Secur.)","author":"Jordaney"},{"key":"ref18","doi-asserted-by":"crossref","first-page":"2999","DOI":"10.1109\/TIFS.2024.3516565","article-title":"MalFSCIL: A few-shot class-incremental learning approach for malware detection","volume":"20","author":"Chai","year":"2024","journal-title":"IEEE Trans. Inf. Forensics Security"},{"key":"ref19","article-title":"Leveraging uncertainty for improved static malware detection under extreme false positive constraints","author":"Nguyen","year":"2021","journal-title":"arXiv:2108.04081"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/3488932.3517393"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417291"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2020.3005088"},{"key":"ref23","volume-title":"Zeus: King of the Bots","author":"Falliere","year":"2009"},{"key":"ref24","volume-title":"What is Zeus?","author":"Wyke","year":"2025"},{"key":"ref25","volume-title":"Programming Reference for the Win32 API\u2014Win32 Apps\u2014Learn.microsoft.com","year":"2025"},{"key":"ref26","article-title":"Understanding LSTM\u2014A tutorial into long short-term memory recurrent neural networks","author":"Staudemeyer","year":"2019","journal-title":"arXiv:1909.09586"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.3115\/v1\/d14-1181"},{"key":"ref28","article-title":"Attention is all you need","author":"Vaswani","year":"2017","journal-title":"arXiv:1706.03762"},{"key":"ref29","article-title":"BERT: Pre-training of deep bidirectional transformers for language understanding","author":"Devlin","year":"2018","journal-title":"arXiv:1810.04805"},{"key":"ref30","volume-title":"Spacy\u2014Industrial-Strength Natural Language Processing","year":"2021"},{"key":"ref31","volume-title":"Neuralcoref 4.0: Coreference Resolution in Spacy With Neural Networks","year":"2021"},{"key":"ref32","first-page":"2787","article-title":"Translating embeddings for modeling multi-relational data","volume-title":"Proc. 26th Annu. Conf. Neural Inf. Process. Syst.","author":"Bordes"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v28i1.8870"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v29i1.9491"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1145\/1553374.1553516"},{"key":"ref36","volume-title":"Virusshare Database","year":"2021"},{"key":"ref37","volume-title":"Portableapps.com","year":"2021"},{"key":"ref38","volume-title":"Softonic","year":"2021"},{"key":"ref39","volume-title":"Sourceforge","year":"2021"},{"key":"ref40","volume-title":"Apps for Widnows","year":"2021"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/spw53761.2021.00020"},{"key":"ref42","volume-title":"Virustotal","year":"2021"},{"key":"ref43","first-page":"2361","article-title":"Measuring and modeling the label dynamics of online anti-malware engines","volume-title":"Proc. 29th USENIX Security Symp. (USENIX Security)","author":"Zhu"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40667-1_7"},{"key":"ref45","volume-title":"Cuckoo Sandbox Automated Malware Analysis","year":"2021"},{"key":"ref46","volume-title":"Embedding\u2014PyTorch 2.1 Documentation\u2014Docs.Pytorch.Org","year":"2025"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1016\/S0016-0032(96)00063-4"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102872"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102458"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2024.3422990"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2019.00023"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/IESYS.2017.8233569"},{"key":"ref53","article-title":"Ntmaldetect: A machine learning approach to malware detection using native API system calls","author":"Kim","year":"2018","journal-title":"arXiv:1802.05412"},{"key":"ref54","doi-asserted-by":"crossref","first-page":"1822","DOI":"10.1109\/TIFS.2025.3536280","article-title":"ASDroid: Resisting evolving Android malware with API clusters derived from source code","volume":"20","author":"Hu","year":"2025","journal-title":"IEEE Trans. Inf. Forensics Security"},{"issue":"5","key":"ref55","doi-asserted-by":"crossref","first-page":"1569","DOI":"10.1109\/TSE.2025.3557577","article-title":"Multimodal fusion for Android malware detection based on large pre-trained models","volume":"51","author":"Li","year":"2025","journal-title":"IEEE Trans. Softw. Eng."},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23644-0_18"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.42"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102550"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102613"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2020.2976559"},{"key":"ref61","first-page":"3487","article-title":"When malware changed its mind an empirical study of variable program behaviors in the real world","volume-title":"Proc. 30th USENIX Secur. Symp. (USENIX Secur.)","author":"Avllazagaj"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/10206\/11313711\/11269877.pdf?arnumber=11269877","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,24]],"date-time":"2025-12-24T18:44:56Z","timestamp":1766601896000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11269877\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"references-count":61,"URL":"https:\/\/doi.org\/10.1109\/tifs.2025.3637727","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"value":"1556-6013","type":"print"},{"value":"1556-6021","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]}}}