{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,16]],"date-time":"2026-05-16T01:48:37Z","timestamp":1778896117387,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":34,"publisher":"ACM","license":[{"start":{"date-parts":[[2018,3,21]],"date-time":"2018-03-21T00:00:00Z","timestamp":1521590400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Center for Long-Term Cybersecurity"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2018,3,21]]},"DOI":"10.1145\/3180445.3180449","type":"proceedings-article","created":{"date-parts":[[2018,3,15]],"date-time":"2018-03-15T13:22:14Z","timestamp":1521120134000},"page":"54-63","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":22,"title":["Adversarially Robust Malware Detection Using Monotonic Classification"],"prefix":"10.1145","author":[{"given":"\u00cd\u00f1igo","family":"\u00cdncer Romeo","sequence":"first","affiliation":[{"name":"University of California, Berkeley, Berkeley, CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michael","family":"Theodorides","sequence":"additional","affiliation":[{"name":"University of California, Berkeley, Berkeley, CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sadia","family":"Afroz","sequence":"additional","affiliation":[{"name":"University of California, Berkeley & International Computer Science Institute, Berkeley, CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"David","family":"Wagner","sequence":"additional","affiliation":[{"name":"University of California, Berkeley, Berkeley, CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2018,3,21]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2661829.2662047"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1111\/j.1540-5915.1993.tb00462.x"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1022655006810"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2008.08.021"},{"key":"e_1_3_2_1_5_1","unstructured":"Arjun Nitin Bhagoji Daniel Cullina and Prateek Mittal. 2017. Dimensionality Reduction as a Defense against Evasion Attacks on Machine Learning Classifiers. arXiv preprint arXiv:1704.02654 (2017).  Arjun Nitin Bhagoji Daniel Cullina and Prateek Mittal. 2017. Dimensionality Reduction as a Defense against Evasion Attacks on Machine Learning Classifiers. arXiv preprint arXiv:1704.02654 (2017)."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"crossref","unstructured":"Nicholas Carlini and David Wagner. 2017. Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods. arXiv preprint arXiv:1705.07263 (2017).  Nicholas Carlini and David Wagner. 2017. Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods. arXiv preprint arXiv:1705.07263 (2017).","DOI":"10.1145\/3128572.3140444"},{"key":"e_1_3_2_1_7_1","volume-title":"Towards Evaluating the Robustness of Neural Networks IEEE Symposium on Security and Privacy.","author":"Carlini Nicholas","year":"2017"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2939672.2939785"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNN.2010.2044803"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"crossref","unstructured":"Wouter Duivesteijn and Ad Feelders. 2008. Nearest neighbour classification with monotonicity constraints. Machine Learning and Knowledge Discovery in Databases (2008) 301--316.  Wouter Duivesteijn and Ad Feelders. 2008. Nearest neighbour classification with monotonicity constraints. Machine Learning and Knowledge Discovery in Databases (2008) 301--316.","DOI":"10.1007\/978-3-540-87479-9_38"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDM.2010.92"},{"key":"e_1_3_2_1_12_1","unstructured":"Zhitao Gong Wenlu Wang and Wei-Shinn Ku. 2017. Adversarial and Clean Data Are Not Twins. arXiv preprint arXiv:1704.04960 (2017).  Zhitao Gong Wenlu Wang and Wei-Shinn Ku. 2017. Adversarial and Clean Data Are Not Twins. arXiv preprint arXiv:1704.04960 (2017)."},{"key":"e_1_3_2_1_13_1","unstructured":"Ian J Goodfellow Jonathon Shlens and Christian Szegedy. 2015. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2015).  Ian J Goodfellow Jonathon Shlens and Christian Szegedy. 2015. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2015)."},{"key":"e_1_3_2_1_14_1","unstructured":"Kathrin Grosse Praveen Manoharan Nicolas Papernot Michael Backes and Patrick McDaniel. 2017. On the (statistical) detection of adversarial examples. arXiv preprint arXiv:1702.06280 (2017).  Kathrin Grosse Praveen Manoharan Nicolas Papernot Michael Backes and Patrick McDaniel. 2017. On the (statistical) detection of adversarial examples. arXiv preprint arXiv:1702.06280 (2017)."},{"key":"e_1_3_2_1_15_1","unstructured":"Kathrin Grosse Nicolas Papernot Praveen Manoharan Michael Backes and Patrick McDaniel. 2016. Adversarial perturbations against deep neural networks for malware classification. arXiv preprint arXiv:1606.04435 (2016).  Kathrin Grosse Nicolas Papernot Praveen Manoharan Michael Backes and Patrick McDaniel. 2016. Adversarial perturbations against deep neural networks for malware classification. arXiv preprint arXiv:1606.04435 (2016)."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.5555\/2946645.3007062"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"crossref","unstructured":"Trevor Hastie Robert Tibshirani and Jerome Friedman. 2009. Boosting and Additive Trees. Springer New York New York NY 337--387.  Trevor Hastie Robert Tibshirani and Jerome Friedman. 2009. Boosting and Additive Trees. Springer New York New York NY 337--387.","DOI":"10.1007\/978-0-387-84858-7_10"},{"key":"e_1_3_2_1_18_1","unstructured":"Dan Hendrycks and Kevin Gimpel. 2017. Early Methods for Detecting Adversarial Images. (2017).  Dan Hendrycks and Kevin Gimpel. 2017. Early Methods for Detecting Adversarial Images. (2017)."},{"key":"e_1_3_2_1_19_1","unstructured":"Weiwei Hu and Ying Tan. 2017. Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN. arXiv preprint arXiv:1702.05983 (2017).  Weiwei Hu and Ying Tan. 2017. Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN. arXiv preprint arXiv:1702.05983 (2017)."},{"key":"e_1_3_2_1_20_1","unstructured":"Nwokedi Idika and Aditya P Mathur. 2007. A survey of malware detection techniques. Purdue University Vol. 48 (2007).  Nwokedi Idika and Aditya P Mathur. 2007. A survey of malware detection techniques. Purdue University Vol. 48 (2007)."},{"key":"e_1_3_2_1_21_1","unstructured":"Jonghoon Jin Aysegul Dundar and Eugenio Culurciello. 2015. Robust convolutional neural networks under adversarial noise. arXiv preprint arXiv:1511.06306 (2015).  Jonghoon Jin Aysegul Dundar and Eugenio Culurciello. 2015. Robust convolutional neural networks under adversarial noise. arXiv preprint arXiv:1511.06306 (2015)."},{"key":"e_1_3_2_1_22_1","unstructured":"Alex Kantchelian JD Tygar and Anthony D Joseph. 2016. Evasion and hardening of tree ensemble classifiers. 33rd ICML Vol. 48 (2016) 2387--2396.   Alex Kantchelian JD Tygar and Anthony D Joseph. 2016. Evasion and hardening of tree ensemble classifiers. 33rd ICML Vol. 48 (2016) 2387--2396."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1002\/aic.690461211"},{"key":"e_1_3_2_1_24_1","unstructured":"Jan Hendrik Metzen Tim Genewein Volker Fischer and Bastian Bischoff. 2017. On detecting adversarial perturbations. arXiv preprint arXiv:1702.04267 (2017).  Jan Hendrik Metzen Tim Genewein Volker Fischer and Bastian Bischoff. 2017. On detecting adversarial perturbations. arXiv preprint arXiv:1702.04267 (2017)."},{"key":"e_1_3_2_1_25_1","unstructured":"Bradley Miller. 2015. Scalable Platform for Malicious Content Detection Integrating Machine Learning and Manual Review. Ph.D. Dissertation. EECS Department University of California Berkeley. http:\/\/www2.eecs.berkeley.edu\/Pubs\/TechRpts\/2015\/EECS-2015--194.html  Bradley Miller. 2015. Scalable Platform for Malicious Content Detection Integrating Machine Learning and Manual Review. Ph.D. Dissertation. EECS Department University of California Berkeley. http:\/\/www2.eecs.berkeley.edu\/Pubs\/TechRpts\/2015\/EECS-2015--194.html"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40667-1_7"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1080\/01621459.1994.10476447"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.25"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.20"},{"key":"e_1_3_2_1_30_1","volume-title":"Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks. arXiv preprint arXiv:1704.01155","author":"Xu Weilin","year":"2017"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23115"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/BWCCA.2010.85"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"crossref","unstructured":"Fei Zhang Patrick PK Chan Battista Biggio Daniel S Yeung and Fabio Roli. 2016. Adversarial feature selection against evasion attacks. IEEE transactions on cybernetics Vol. 46 3 (2016) 766--777.  Fei Zhang Patrick PK Chan Battista Biggio Daniel S Yeung and Fabio Roli. 2016. Adversarial feature selection against evasion attacks. IEEE transactions on cybernetics Vol. 46 3 (2016) 766--777.","DOI":"10.1109\/TCYB.2015.2415032"},{"key":"e_1_3_2_1_34_1","unstructured":"Qi Zhong Alex Kantchelian Sadia Afroz Doug Tygar and Anthony D. Joseph. 2017. Hardening Malware Pipeline Against Evasion Attacks. (May. 2017). Research presentation.  Qi Zhong Alex Kantchelian Sadia Afroz Doug Tygar and Anthony D. Joseph. 2017. Hardening Malware Pipeline Against Evasion Attacks. (May. 2017). Research presentation."}],"event":{"name":"CODASPY '18: Eighth ACM Conference on Data and Application Security and Privacy","location":"Tempe AZ USA","acronym":"CODASPY '18","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3180445.3180449","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3180445.3180449","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:26:52Z","timestamp":1750213612000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3180445.3180449"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,3,21]]},"references-count":34,"alternative-id":["10.1145\/3180445.3180449","10.1145\/3180445"],"URL":"https:\/\/doi.org\/10.1145\/3180445.3180449","relation":{},"subject":[],"published":{"date-parts":[[2018,3,21]]},"assertion":[{"value":"2018-03-21","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}