{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,22]],"date-time":"2026-01-22T17:31:11Z","timestamp":1769103071765,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":29,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,10,30]],"date-time":"2017-10-30T00:00:00Z","timestamp":1509321600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"National Research Foundation Singapore"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,10,30]]},"DOI":"10.1145\/3133956.3133978","type":"proceedings-article","created":{"date-parts":[[2017,10,27]],"date-time":"2017-10-27T12:48:18Z","timestamp":1509108498000},"page":"119-133","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":77,"title":["Evading Classifiers by Morphing in the Dark"],"prefix":"10.1145","author":[{"given":"Hung","family":"Dang","sequence":"first","affiliation":[{"name":"National University of Singapore, Singapore, Singapore"}]},{"given":"Yue","family":"Huang","sequence":"additional","affiliation":[{"name":"National University of Singapore, Singapore, Singapore"}]},{"given":"Ee-Chien","family":"Chang","sequence":"additional","affiliation":[{"name":"National University of Singapore, Singapore, Singapore"}]}],"member":"320","published-online":{"date-parts":[[2017,10,30]]},"reference":[{"key":"e_1_3_2_2_1_1","volume-title":"The security of machine learning. Machine Learning","author":"Barreno Marco","year":"2010","unstructured":"Marco Barreno, Blaine Nelson, Anthony D Joseph, and JD Tygar 2010. The security of machine learning. Machine Learning (2010)."},{"key":"e_1_3_2_2_2_1","volume":"200","author":"Barreno Marco","unstructured":"Marco Barreno, Blaine Nelson, Russell Sears, Anthony D Joseph, and J Doug Tygar 2006. Can machine learning be secure?. In ASIACCS.","journal-title":"J Doug Tygar"},{"key":"e_1_3_2_2_3_1","volume-title":"Pavel Laskov, Giorgio Giacinto, and Fabio Roli.","author":"Biggio Battista","year":"2013","unstructured":"Battista Biggio, Igino Corona, Davide Maiorca, Blaine Nelson, Nedim vSrndi\u0107, Pavel Laskov, Giorgio Giacinto, and Fabio Roli. 2013. Evasion attacks against machine learning at test time ECML-PKDD."},{"key":"e_1_3_2_2_4_1","doi-asserted-by":"crossref","unstructured":"Battista Biggio Giorgio Fumera and Fabio Roli. 2009. Multiple classifier systems for adversarial classification tasks MCS.","DOI":"10.1007\/978-3-642-02326-2_14"},{"key":"e_1_3_2_2_5_1","volume-title":"Poisoning attacks against support vector machines. arXiv preprint arXiv:1206.6389","author":"Biggio Battista","year":"2012","unstructured":"Battista Biggio, Blaine Nelson, and Pavel Laskov. 2012. Poisoning attacks against support vector machines. arXiv preprint arXiv:1206.6389 (2012)."},{"key":"e_1_3_2_2_6_1","volume-title":"Static prediction games for adversarial learning problems. Journal of Machine Learning Research","author":"Br\u00fcckner Michael","year":"2012","unstructured":"Michael Br\u00fcckner, Christian Kanzow, and Tobias Scheffer. 2012. Static prediction games for adversarial learning problems. Journal of Machine Learning Research (2012)."},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"crossref","unstructured":"Marco Cova Christopher Kruegel and Giovanni Vigna. 2010. Detection and analysis of drive-by-download attacks and malicious JavaScript code WWW.","DOI":"10.1145\/1772690.1772720"},{"key":"e_1_3_2_2_8_1","volume-title":"Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572","author":"Goodfellow Ian J","year":"2014","unstructured":"Ian J Goodfellow, Jonathon Shlens, and Christian Szegedy. 2014. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014)."},{"key":"e_1_3_2_2_9_1","unstructured":"Kaiming He Xiangyu Zhang Shaoqing Ren and Jian Sun. 2015. Delving deep into rectifiers: Surpassing human-level performance on imagenet classification. In ICCV."},{"key":"e_1_3_2_2_10_1","volume-title":"PDF Reference","author":"Incorporated Adobe Systems","year":"2006","unstructured":"Adobe Systems Incorporated. 2006. PDF Reference, Sixth edition, version 1.23. (2006)."},{"key":"e_1_3_2_2_11_1","volume-title":"Introduction to modern cryptography","author":"Katz Jonathan","unstructured":"Jonathan Katz and Yehuda Lindell 2014. Introduction to modern cryptography. CRC Press."},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"crossref","unstructured":"Pavel Laskov and Nedim vSrndi\u0107 2011. Static detection of malicious JavaScript-bearing PDF documents ACSAC.","DOI":"10.1145\/2076732.2076785"},{"key":"e_1_3_2_2_13_1","unstructured":"Kyumin Lee James Caverlee and Steve Webb. 2010. Uncovering social spammers: social honeypots machine learning SIGIR."},{"key":"e_1_3_2_2_14_1","unstructured":"Qiming Li and Ee-Chien Chang 2002. Security of public watermarking schemes for binary sequences Information Hiding."},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"crossref","unstructured":"Nicolas Papernot Patrick McDaniel Ian Goodfellow Somesh Jha Z Berkay Celik and Ananthram Swami. 2017. Practical Black-Box Attacks against Machine Learning ASIACCS.","DOI":"10.1145\/3052973.3053009"},{"key":"e_1_3_2_2_16_1","volume-title":"Automatic analysis of malware behavior using machine learning. Journal of Computer Security","author":"Rieck Konrad","year":"2011","unstructured":"Konrad Rieck, Philipp Trinius, Carsten Willems, and Thorsten Holz 2011. Automatic analysis of malware behavior using machine learning. Journal of Computer Security (2011)."},{"key":"e_1_3_2_2_17_1","unstructured":"Karthik Selvaraj and Nino Fred Gutierres. The rise of PDF malware."},{"key":"e_1_3_2_2_18_1","doi-asserted-by":"crossref","unstructured":"Mahmood Sharif Sruti Bhagavatula Lujo Bauer and Michael K Reiter 2016. Accessorize to a crime: Real and stealthy attacks on state-of-the-art face recognition CCS.","DOI":"10.1145\/2976749.2978392"},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"crossref","unstructured":"Reza Shokri Marco Stronati and Vitaly Shmatikov. 2017. Membership inference attacks against machine learning models IEEE S&P.","DOI":"10.1109\/SP.2017.41"},{"key":"e_1_3_2_2_20_1","volume-title":"mbox","author":"David Silver","year":"2016","unstructured":"David Silver et almbox. 2016. Mastering the game of Go with deep neural networks and tree search. Nature (2016)."},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"crossref","unstructured":"Charles Smutz and Angelos Stavrou 2012. Malicious PDF detection using metadata and structural features ACSAC.","DOI":"10.1145\/2420950.2420987"},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"crossref","unstructured":"Robin Sommer and Vern Paxson 2010. Outside the closed world: On using machine learning for network intrusion detection IEEE S&P.","DOI":"10.1109\/SP.2010.25"},{"key":"e_1_3_2_2_23_1","unstructured":"Nedim vSrndi\u0107 and Pavel Laskov 2013. Detection of malicious pdf files based on hierarchical document structure NDSS."},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"crossref","unstructured":"Nedim vSrndi\u0107 and Pavel Laskov 2014. Practical evasion of a learning-based classifier: A case study IEEE S&P.","DOI":"10.1109\/SP.2014.20"},{"key":"e_1_3_2_2_25_1","volume-title":"Deepface: Closing the gap to human-level performance in face verification CVPR.","author":"Taigman Yaniv","year":"2014","unstructured":"Yaniv Taigman, Ming Yang, Marc'Aurelio Ranzato, and Lior Wolf. 2014. Deepface: Closing the gap to human-level performance in face verification CVPR."},{"key":"e_1_3_2_2_26_1","unstructured":"Florian Tram\u00e8r Fan Zhang Ari Juels Michael K Reiter and Thomas Ristenpart 2016. Stealing machine learning models via prediction apis USENIX Security."},{"key":"e_1_3_2_2_27_1","unstructured":"Oriol Vinyals \u0141ukasz Kaiser Terry Koo Slav Petrov Ilya Sutskever and Geoffrey Hinton. 2015. Grammar as a foreign language. In NIPS."},{"key":"e_1_3_2_2_28_1","unstructured":"Weilin Xu Yanjun Qi and David Evans 2016. Automatically evading classifiers. In NDSS."},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2013.2267732"}],"event":{"name":"CCS '17: 2017 ACM SIGSAC Conference on Computer and Communications Security","location":"Dallas Texas USA","acronym":"CCS '17","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3133956.3133978","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3133956.3133978","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:13:26Z","timestamp":1750212806000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3133956.3133978"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,10,30]]},"references-count":29,"alternative-id":["10.1145\/3133956.3133978","10.1145\/3133956"],"URL":"https:\/\/doi.org\/10.1145\/3133956.3133978","relation":{},"subject":[],"published":{"date-parts":[[2017,10,30]]},"assertion":[{"value":"2017-10-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}