{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T20:54:28Z","timestamp":1768424068586,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":37,"publisher":"ACM","license":[{"start":{"date-parts":[[2018,12,3]],"date-time":"2018-12-03T00:00:00Z","timestamp":1543795200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2018,12,3]]},"DOI":"10.1145\/3274694.3274700","type":"proceedings-article","created":{"date-parts":[[2018,12,4]],"date-time":"2018-12-04T13:07:01Z","timestamp":1543928821000},"page":"101-111","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["Accurate Malware Detection by Extreme Abstraction"],"prefix":"10.1145","author":[{"given":"Fady","family":"Copty","sequence":"first","affiliation":[{"name":"IBM Research - Haifa, Haifa, Israel"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Matan","family":"Danos","sequence":"additional","affiliation":[{"name":"IBM Research - Haifa, Haifa, Israel"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Orit","family":"Edelstein","sequence":"additional","affiliation":[{"name":"IBM Research - Haifa, Haifa, Israel"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Cindy","family":"Eisner","sequence":"additional","affiliation":[{"name":"IBM Research - Haifa, Haifa, Israel"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dov","family":"Murik","sequence":"additional","affiliation":[{"name":"IBM Research - Haifa, Haifa, Israel"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Benjamin","family":"Zeltser","sequence":"additional","affiliation":[{"name":"IBM Research - Haifa, Haifa, Israel"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2018,12,3]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991114"},{"key":"e_1_3_2_1_2_1","volume-title":"Handbook of Satisfiability","author":"Barrett Clark W.","unstructured":"Clark W. Barrett , Roberto Sebastiani , Sanjit A. Seshia , and Cesare Tinelli . 2009. Satisfiability Modulo Theories . In Handbook of Satisfiability . IOS Press , Amsterdam , 825--885. Clark W. Barrett, Roberto Sebastiani, Sanjit A. Seshia, and Cesare Tinelli. 2009. Satisfiability Modulo Theories. In Handbook of Satisfiability. IOS Press, Amsterdam, 825--885."},{"key":"e_1_3_2_1_3_1","volume-title":"Behavior Abstraction in Malware Analysis","author":"Beaucamps Philippe","unstructured":"Philippe Beaucamps , Isabelle Gnaedig , and Jean-Yves Marion . 2010. Behavior Abstraction in Malware Analysis . In Runtime Verification, Howard Barringer, Ylies Falcone, Bernd Finkbeiner, Klaus Havelund, Insup Lee, Gordon Pace, Grigore Ro\u015fu, Oleg Sokolsky, and Nikolai Tillmann (Eds.). Springer , Berlin Heidelberg New York, 168--182. Philippe Beaucamps, Isabelle Gnaedig, and Jean-Yves Marion. 2010. Behavior Abstraction in Malware Analysis. In Runtime Verification, Howard Barringer, Ylies Falcone, Bernd Finkbeiner, Klaus Havelund, Insup Lee, Gordon Pace, Grigore Ro\u015fu, Oleg Sokolsky, and Nikolai Tillmann (Eds.). Springer, Berlin Heidelberg New York, 168--182."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1010933404324"},{"key":"e_1_3_2_1_5_1","volume-title":"Classification and regression trees. Wadsworth & Brooks","author":"Breiman L","unstructured":"L Breiman , JH Friedman , RA Olshen , and CJ Stone . 1984. Classification and regression trees. Wadsworth & Brooks , Monterey, CA . L Breiman, JH Friedman, RA Olshen, and CJ Stone. 1984. Classification and regression trees. Wadsworth & Brooks, Monterey, CA."},{"key":"e_1_3_2_1_6_1","volume-title":"Speech and Signal Processing (ICASSP), 2013 IEEE International Conference on. IEEE, 3422--3426","author":"Dahl George E","year":"2013","unstructured":"George E Dahl , Jack W Stokes , Li Deng , and Dong Yu . 2013 . Large-scale malware classification using random projections and neural networks. In Acoustics , Speech and Signal Processing (ICASSP), 2013 IEEE International Conference on. IEEE, 3422--3426 . George E Dahl, Jack W Stokes, Li Deng, and Dong Yu. 2013. Large-scale malware classification using random projections and neural networks. In Acoustics, Speech and Signal Processing (ICASSP), 2013 IEEE International Conference on. IEEE, 3422--3426."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN.2015.7280815"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/321033.321034"},{"key":"e_1_3_2_1_9_1","volume-title":"Theory and Applications of Satisfiability Testing- SAT 2017 - 20th International Conference, Melbourne, VIC, Australia, August 28 - September 1, 2017, Proceedings. Lecture Notes in Computer Science","volume":"10491","author":"Gaspers Serge","year":"2017","unstructured":"Serge Gaspers and Toby Walsh ( Eds .). 2017 . Theory and Applications of Satisfiability Testing- SAT 2017 - 20th International Conference, Melbourne, VIC, Australia, August 28 - September 1, 2017, Proceedings. Lecture Notes in Computer Science , Vol. 10491 . Springer. Serge Gaspers and Toby Walsh (Eds.). 2017. Theory and Applications of Satisfiability Testing- SAT 2017 - 20th International Conference, Melbourne, VIC, Australia, August 28 - September 1, 2017, Proceedings. Lecture Notes in Computer Science, Vol. 10491. Springer."},{"key":"e_1_3_2_1_10_1","volume-title":"Proceedings of the International Conference on Data Mining (DMIN). The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp), 61","author":"Hardy William","year":"2016","unstructured":"William Hardy , Lingwei Chen , Shifu Hou , Yanfang Ye , and Xin Li . 2016 . DL4MD: A deep learning framework for intelligent malware detection . In Proceedings of the International Conference on Data Mining (DMIN). The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp), 61 . William Hardy, Lingwei Chen, Shifu Hou, Yanfang Ye, and Xin Li. 2016. DL4MD: A deep learning framework for intelligent malware detection. In Proceedings of the International Conference on Data Mining (DMIN). The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp), 61."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04342-0_5"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1093\/biomet\/70.1.163"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/360248.360252"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.48"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-50127-7_11"},{"key":"e_1_3_2_1_16_1","volume-title":"Full system emulation: Achieving successful automated dynamic analysis of evasive malware. (August","author":"Kruegel Christopher","year":"2014","unstructured":"Christopher Kruegel . 2014. Full system emulation: Achieving successful automated dynamic analysis of evasive malware. (August 2014 ). Christopher Kruegel. 2014. Full system emulation: Achieving successful automated dynamic analysis of evasive malware. (August 2014)."},{"key":"e_1_3_2_1_17_1","unstructured":"John Leitch. {n. d.}. Process hollowing. www.autosectools.com\/process-hollowing.pdf. ({n. d.}).  John Leitch. {n. d.}. Process hollowing. www.autosectools.com\/process-hollowing.pdf. ({n. d.})."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664252"},{"key":"e_1_3_2_1_19_1","volume-title":"Limits of Static Analysis for Malware Detection. In 23rd Annual Computer Security Applications Conference (ACSAC 2007","author":"Moser Andreas","year":"2007","unstructured":"Andreas Moser , Christopher Kruegel , and Engin Kirda . 2007 . Limits of Static Analysis for Malware Detection. In 23rd Annual Computer Security Applications Conference (ACSAC 2007 ), December 10 --14 , 2007, Miami Beach, Florida, USA. IEEE Computer Society, Washington, DC, USA, 421--430. Andreas Moser, Christopher Kruegel, and Engin Kirda. 2007. Limits of Static Analysis for Malware Detection. In 23rd Annual Computer Security Applications Conference (ACSAC 2007), December 10--14, 2007, Miami Beach, Florida, USA. IEEE Computer Society, Washington, DC, USA, 421--430."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.17"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-89900-6_21"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP.2015.7178304"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.5555\/1953048.2078195"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom.2013.36"},{"key":"e_1_3_2_1_26_1","volume-title":"Malware Detection by Eating a Whole EXE. arXiv preprint arXiv:1710.09435","author":"Raff Edward","year":"2017","unstructured":"Edward Raff , Jon Barker , Jared Sylvester , Robert Brandon , Bryan Catanzaro , and Charles Nicholas . 2017. Malware Detection by Eating a Whole EXE. arXiv preprint arXiv:1710.09435 ( 2017 ). Edward Raff, Jon Barker, Jared Sylvester, Robert Brandon, Bryan Catanzaro, and Charles Nicholas. 2017. Malware Detection by Eating a Whole EXE. arXiv preprint arXiv:1710.09435 (2017)."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2015.7413680"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.26"},{"key":"e_1_3_2_1_29_1","volume-title":"RAID 2016, Paris, France, September 19--21, 2016, Proceedings (Lecture Notes in Computer Science)","volume":"9854","author":"Sebasti\u00e1n Marcos","year":"2016","unstructured":"Marcos Sebasti\u00e1n , Richard Rivera , Platon Kotzias , and Juan Caballero . 2016 . AV-Class: A Tool for Massive Malware Labeling. In Research in Attacks, Intrusions, and Defenses - 19th International Symposium , RAID 2016, Paris, France, September 19--21, 2016, Proceedings (Lecture Notes in Computer Science) , Vol. 9854 . Springer, Berlin Heidelberg New York, 230--253. Marcos Sebasti\u00e1n, Richard Rivera, Platon Kotzias, and Juan Caballero. 2016. AV-Class: A Tool for Massive Malware Labeling. In Research in Attacks, Intrusions, and Defenses - 19th International Symposium, RAID 2016, Paris, France, September 19--21, 2016, Proceedings (Lecture Notes in Computer Science), Vol. 9854. Springer, Berlin Heidelberg New York, 230--253."},{"key":"e_1_3_2_1_30_1","volume-title":"Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software","author":"Sikorski Michael","unstructured":"Michael Sikorski and Andrew Honig . 2012. Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software ( 1 st ed.). No Starch Press, San Francisco, CA, USA . Michael Sikorski and Andrew Honig. 2012. Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software (1st ed.). No Starch Press, San Francisco, CA, USA.","edition":"1"},{"key":"e_1_3_2_1_31_1","unstructured":"Themida {n. d.}. www.oreans.com\/themida.php. ({n. d.}).  Themida {n. d.}. www.oreans.com\/themida.php. ({n. d.})."},{"key":"e_1_3_2_1_32_1","unstructured":"UPX {n. d.}. upx.github.io. ({n. d.}).  UPX {n. d.}. upx.github.io. ({n. d.})."},{"key":"e_1_3_2_1_33_1","unstructured":"VirusSign {n. d.}. www.virussign.com. ({n. d.}).  VirusSign {n. d.}. www.virussign.com. ({n. d.})."},{"key":"e_1_3_2_1_34_1","unstructured":"VirusTotal {n. d.}. www.virustotal.com. ({n. d.}).  VirusTotal {n. d.}. www.virustotal.com. ({n. d.})."},{"key":"e_1_3_2_1_35_1","unstructured":"VMProtect {n. d.}. vmpsoft.com. ({n. d.}).  VMProtect {n. d.}. vmpsoft.com. ({n. d.})."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/1553374.1553516"},{"key":"e_1_3_2_1_37_1","volume-title":"10th International Symposium, RAID 2007, Gold Goast, Australia, September 5--7, 2007, Proceedings (Lecture Notes in Computer Science)","volume":"4637","author":"Wilhelm Jeffrey","year":"2007","unstructured":"Jeffrey Wilhelm and Tzi-cker Chiueh. 2007 . A Forced Sampled Execution Approach to Kernel Rootkit Identification. In Recent Advances in Intrusion Detection , 10th International Symposium, RAID 2007, Gold Goast, Australia, September 5--7, 2007, Proceedings (Lecture Notes in Computer Science) , Vol. 4637 . Springer, Berlin Heidelberg New York, 219--235. Jeffrey Wilhelm and Tzi-cker Chiueh. 2007. A Forced Sampled Execution Approach to Kernel Rootkit Identification. In Recent Advances in Intrusion Detection, 10th International Symposium, RAID 2007, Gold Goast, Australia, September 5--7, 2007, Proceedings (Lecture Notes in Computer Science), Vol. 4637. Springer, Berlin Heidelberg New York, 219--235."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813663"}],"event":{"name":"ACSAC '18: 2018 Annual Computer Security Applications Conference","location":"San Juan PR USA","acronym":"ACSAC '18","sponsor":["ACSA Applied Computing Security Assoc"]},"container-title":["Proceedings of the 34th Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3274694.3274700","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3274694.3274700","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T00:57:56Z","timestamp":1750208276000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3274694.3274700"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,12,3]]},"references-count":37,"alternative-id":["10.1145\/3274694.3274700","10.1145\/3274694"],"URL":"https:\/\/doi.org\/10.1145\/3274694.3274700","relation":{},"subject":[],"published":{"date-parts":[[2018,12,3]]},"assertion":[{"value":"2018-12-03","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}