{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,19]],"date-time":"2026-01-19T09:09:34Z","timestamp":1768813774625,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":61,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,12,9]],"date-time":"2019-12-09T00:00:00Z","timestamp":1575849600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,12,9]]},"DOI":"10.1145\/3359789.3359808","type":"proceedings-article","created":{"date-parts":[[2019,11,22]],"date-time":"2019-11-22T18:41:59Z","timestamp":1574448119000},"page":"687-701","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":27,"title":["EIGER"],"prefix":"10.1145","author":[{"given":"Yuma","family":"Kurogome","sequence":"first","affiliation":[{"name":"NTT Secure Platform Laboratories"}]},{"given":"Yuto","family":"Otsuki","sequence":"additional","affiliation":[{"name":"NTT Secure Platform Laboratories"}]},{"given":"Yuhei","family":"Kawakoya","sequence":"additional","affiliation":[{"name":"NTT Secure Platform Laboratories"}]},{"given":"Makoto","family":"Iwamura","sequence":"additional","affiliation":[{"name":"NTT Secure Platform Laboratories"}]},{"given":"Syogo","family":"Hayashi","sequence":"additional","affiliation":[{"name":"NTT Security (Japan) KK"}]},{"given":"Tatsuya","family":"Mori","sequence":"additional","affiliation":[{"name":"Waseda University \/ NICT"}]},{"given":"Koushik","family":"Sen","sequence":"additional","affiliation":[{"name":"University of California"}]}],"member":"320","published-online":{"date-parts":[[2019,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.5555\/645920.672836"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23247"},{"key":"e_1_3_2_1_3_1","volume-title":"Advanced Data Structures (1ed.)","author":"Brass Peter","unstructured":"Peter Brass . 2008. Advanced Data Structures (1ed.) . Cambridge University Press , New York, NY, USA . Peter Brass. 2008. Advanced Data Structures (1ed.). Cambridge University Press, New York, NY, USA."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1010933404324"},{"key":"e_1_3_2_1_5_1","volume-title":"Stone","author":"Breiman Leo","year":"1984","unstructured":"Leo Breiman , Jerome Friedman , R. A. Olshen , and Charles J . Stone . 1984 . Classification and Regression Trees. Wadsworth and Brooks, Monterey, CA. Leo Breiman, Jerome Friedman, R. A. Olshen, and Charles J. Stone. 1984. Classification and Regression Trees. Wadsworth and Brooks, Monterey, CA."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66332-6_4"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2939672.2939785"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1287624.1287628"},{"key":"e_1_3_2_1_9_1","volume-title":"2005 IEEE Symposium on Security and Privacy (S&P'05)","author":"Christodorescu Mihai","unstructured":"Mihai Christodorescu , Somesh Jha , Sanjit A. Seshia , Dawn Song , and Randal E. Bryant . 2005. Semantics-aware malware detection . In 2005 IEEE Symposium on Security and Privacy (S&P'05) . 32--46. Mihai Christodorescu, Somesh Jha, Sanjit A. Seshia, Dawn Song, and Randal E. Bryant. 2005. Semantics-aware malware detection. In 2005 IEEE Symposium on Security and Privacy (S&P'05). 32--46."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274700"},{"key":"e_1_3_2_1_11_1","unstructured":"MITRE Corporation. [n. d.]. CybOX: Cyber Observable eXpression. http:\/\/cyboxproject.github.io.  MITRE Corporation. [n. d.]. CybOX: Cyber Observable eXpression. http:\/\/cyboxproject.github.io."},{"key":"e_1_3_2_1_12_1","volume-title":"d.]","author":"MITRE Corporation","unstructured":"MITRE Corporation . [n. d.] . STIX : Structured Threat Information eXpression. http:\/\/stixproject.github.io. MITRE Corporation. [n. d.]. STIX: Structured Threat Information eXpression. http:\/\/stixproject.github.io."},{"key":"e_1_3_2_1_13_1","volume-title":"Proceedings of the 12th Conference on USENIX Security Symposium (USENIXSecurity'03)","author":"Scott","unstructured":"Scott A. Crosby and Dan S. Wallach. 2003. Denial of Service via Algorithmic Complexity Attacks . In Proceedings of the 12th Conference on USENIX Security Symposium (USENIXSecurity'03) . 3--3. Scott A. Crosby and Dan S. Wallach. 2003. Denial of Service via Algorithmic Complexity Attacks. In Proceedings of the 12th Conference on USENIX Security Symposium (USENIXSecurity'03). 3--3."},{"key":"e_1_3_2_1_14_1","unstructured":"CrowdStrike. [n. d.]. Hybrid Analysis. https:\/\/www.hybrid-analysis.com\/.  CrowdStrike. [n. d.]. Hybrid Analysis. https:\/\/www.hybrid-analysis.com\/."},{"key":"e_1_3_2_1_15_1","unstructured":"AT&T Cybersecurity. [n. d.]. AlienVault - Open Threat Exchange. https:\/\/otx.alienvault.com\/.  AT&T Cybersecurity. [n. d.]. AlienVault - Open Threat Exchange. https:\/\/otx.alienvault.com\/."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.5555\/3001460.3001507"},{"key":"e_1_3_2_1_17_1","volume-title":"Proceedings of the 28th USENIX Security Symposium (USENIXSecurity'19)","author":"Pendlebury Feargus","year":"2019","unstructured":"Feargus Pendlebury , Fabio Pierazzi , Roberto Jordaney , Johannes Kinder , and Lorenzo Cavallaro . 2019 . TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time . In Proceedings of the 28th USENIX Security Symposium (USENIXSecurity'19) . Feargus Pendlebury, Fabio Pierazzi, Roberto Jordaney, Johannes Kinder, and Lorenzo Cavallaro. 2019. TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time. In Proceedings of the 28th USENIX Security Symposium (USENIXSecurity'19)."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1137\/090779346"},{"key":"e_1_3_2_1_19_1","unstructured":"FireEye. [n. d.]. OpenIOC. http:\/\/www.openioc.org.  FireEye. [n. d.]. OpenIOC. http:\/\/www.openioc.org."},{"key":"e_1_3_2_1_20_1","volume-title":"d.]. Top 10 Malware","author":"CIS Center for Internet Security. [n.","year":"2019","unstructured":"CIS Center for Internet Security. [n. d.]. Top 10 Malware January 2019 . https:\/\/www.cisecurity.org\/blog\/top-10-malware-january-2019\/. CIS Center for Internet Security. [n. d.]. Top 10 Malware January 2019. https:\/\/www.cisecurity.org\/blog\/top-10-malware-january-2019\/."},{"key":"e_1_3_2_1_21_1","unstructured":"Cuckoo Foundation. [n. d.]. Cuckoo Sandbox. https:\/\/cuckoosandbox.org.  Cuckoo Foundation. [n. d.]. Cuckoo Sandbox. https:\/\/cuckoosandbox.org."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.11"},{"key":"e_1_3_2_1_23_1","volume-title":"Article 93 (Aug.","author":"Guidotti Riccardo","year":"2018","unstructured":"Riccardo Guidotti , Anna Monreale , Salvatore Ruggieri , Franco Turini , Fosca Giannotti , and Dino Pedreschi . 2018. A Survey of Methods for Explaining Black Box Models. ACM Comput. Surv. 51, 5 , Article 93 (Aug. 2018 ), 42 pages. Riccardo Guidotti, Anna Monreale, Salvatore Ruggieri, Franco Turini, Fosca Giannotti, and Dino Pedreschi. 2018. A Survey of Methods for Explaining Black Box Models. ACM Comput. Surv. 51, 5, Article 93 (Aug. 2018), 42 pages."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243792"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134646"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/331499.331504"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-41284-4_7"},{"key":"e_1_3_2_1_28_1","first-page":"1","article-title":"The Budgeted Maximum Coverage","volume":"70","author":"Khuller Samir","year":"1999","unstructured":"Samir Khuller , Anna Moss , and Joseph (Seffi) Naor . 1999 . The Budgeted Maximum Coverage Problem. Inf. Process. Lett. 70 , 1 (April 1999), 39--45. Samir Khuller, Anna Moss, and Joseph (Seffi) Naor. 1999. The Budgeted Maximum Coverage Problem. Inf. Process. Lett. 70, 1 (April 1999), 39--45.","journal-title":"Problem. Inf. Process. Lett."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.5555\/2070671.2070678"},{"key":"e_1_3_2_1_30_1","volume-title":"Proceedings of the 6th International Conference on Learning Representations (ICLR'15)","author":"Diederik","unstructured":"Diederik P. Kingma and Jimmy Ba. 2015. Adam: A Method for Stochastic Optimization . In Proceedings of the 6th International Conference on Learning Representations (ICLR'15) . Diederik P. Kingma and Jimmy Ba. 2015. Adam: A Method for Stochastic Optimization. In Proceedings of the 6th International Conference on Learning Representations (ICLR'15)."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.5555\/1855768.1855790"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/2939672.2939874"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978315"},{"key":"e_1_3_2_1_35_1","unstructured":"Chronicle LLC. [n. d.]. VirusTotal - Free Online Virus Malware and URL Scanner. https:\/\/www.virustotal.com\/.  Chronicle LLC. [n. d.]. VirusTotal - Free Online Virus Malware and URL Scanner. https:\/\/www.virustotal.com\/."},{"key":"e_1_3_2_1_36_1","first-page":"4765","article-title":"A Unified Approach to Interpreting Model Predictions","volume":"30","author":"Lundberg Scott M.","year":"2017","unstructured":"Scott M. Lundberg and Su-In Lee . 2017 . A Unified Approach to Interpreting Model Predictions . In Advances in Neural Information Processing Systems 30 , 4765 -- 4774 . Scott M. Lundberg and Su-In Lee. 2017. A Unified Approach to Interpreting Model Predictions. In Advances in Neural Information Processing Systems 30, 4765--4774.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_2_1_37_1","volume-title":"d.]","unstructured":"Mandiant. [n. d.] . IOC Editor User Guide ( version 2.2.0.0). https:\/\/www.fireeye.com\/content\/dam\/fireeye-www\/services\/freeware\/ug-ioc-editor.pdf. Mandiant. [n. d.]. IOC Editor User Guide (version 2.2.0.0). https:\/\/www.fireeye.com\/content\/dam\/fireeye-www\/services\/freeware\/ug-ioc-editor.pdf."},{"key":"e_1_3_2_1_38_1","unstructured":"Microsoft. [n. d.]. Run and RunOnce Registry Keys - Windows applications | Microsoft Docs. https:\/\/docs.microsoft.com\/en-us\/windows\/desktop\/setupapi\/run-and-runonce-registry-keys.  Microsoft. [n. d.]. Run and RunOnce Registry Keys - Windows applications | Microsoft Docs. https:\/\/docs.microsoft.com\/en-us\/windows\/desktop\/setupapi\/run-and-runonce-registry-keys."},{"key":"e_1_3_2_1_39_1","volume-title":"Proceedings of the 27th International Conference on International Conference on Machine Learning (ICML'10)","author":"Nair Vinod","unstructured":"Vinod Nair and Geoffrey E. Hinton . 2010. Rectified Linear Units Improve Restricted Boltzmann Machines . In Proceedings of the 27th International Conference on International Conference on Machine Learning (ICML'10) . 807--814. Vinod Nair and Geoffrey E. Hinton. 2010. Rectified Linear Units Improve Restricted Boltzmann Machines. In Proceedings of the 27th International Conference on International Conference on Machine Learning (ICML'10). 807--814."},{"key":"e_1_3_2_1_40_1","volume-title":"Presented as part of the 22nd USENIX Security Symposium (USENIX Security'13). 589--604.","author":"Nelms Terry","unstructured":"Terry Nelms , Roberto Perdisci , and Mustaque Ahamad . 2013. ExecScent: Mining for New C&C Domains in Live Networks with Adaptive Control Protocol Templates . In Presented as part of the 22nd USENIX Security Symposium (USENIX Security'13). 589--604. Terry Nelms, Roberto Perdisci, and Mustaque Ahamad. 2013. ExecScent: Mining for New C&C Domains in Live Networks with Adaptive Control Protocol Templates. In Presented as part of the 22nd USENIX Security Symposium (USENIX Security'13). 589--604."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1007\/BF01588971"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP.2015.7178304"},{"key":"e_1_3_2_1_43_1","volume-title":"Proceedings of the Seventeenth International Conference on Machine Learning (ICML'00)","author":"Pelleg Dan","unstructured":"Dan Pelleg and Andrew W. Moore . 2000. X-means: Extending K-means with Efficient Estimation of the Number of Clusters . In Proceedings of the Seventeenth International Conference on Machine Learning (ICML'00) . 727--734. Dan Pelleg and Andrew W. Moore. 2000. X-means: Extending K-means with Efficient Estimation of the Number of Clusters. In Proceedings of the Seventeenth International Conference on Machine Learning (ICML'00). 727--734."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.5555\/1855711.1855737"},{"key":"e_1_3_2_1_45_1","unstructured":"MISP project. [n. d.]. MISP - Open Source Threat Intelligence Platform & Open Standards For Threat Information Sharing. http:\/\/www.misp-project.org\/.  MISP project. [n. d.]. MISP - Open Source Threat Intelligence Platform & Open Standards For Threat Information Sharing. http:\/\/www.misp-project.org\/."},{"key":"e_1_3_2_1_46_1","unstructured":"YaraRules Project. [n. d.]. YaraRules. https:\/\/yararules.com\/.  YaraRules Project. [n. d.]. YaraRules. https:\/\/yararules.com\/."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897918"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/2939672.2939778"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70542-0_6"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.14"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/1774088.1774303"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1037\/0033-2909.111.2.352"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-45719-2_11"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1093\/biomet\/52.3-4.591"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2016.48"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134604"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.2307\/3001968"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-20550-2_6"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.18"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/3176258.3176335"},{"key":"e_1_3_2_1_61_1","volume-title":"Article 41 (June","author":"Ye Yanfang","year":"2017","unstructured":"Yanfang Ye , Tao Li , Donald Adjeroh , and S. Sitharama Iyengar . 2017. A Survey on Malware Detection Using Data Mining Techniques. ACM Comput. Surv. 50, 3 , Article 41 (June 2017 ), 40 pages. Yanfang Ye, Tao Li, Donald Adjeroh, and S. Sitharama Iyengar. 2017. A Survey on Malware Detection Using Data Mining Techniques. ACM Comput. Surv. 50, 3, Article 41 (June 2017), 40 pages."},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2018.00039"}],"event":{"name":"ACSAC '19: 2019 Annual Computer Security Applications Conference","location":"San Juan Puerto Rico USA","acronym":"ACSAC '19"},"container-title":["Proceedings of the 35th Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3359789.3359808","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3359789.3359808","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:23:07Z","timestamp":1750202587000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3359789.3359808"}},"subtitle":["automated IOC generation for accurate and interpretable endpoint malware detection"],"short-title":[],"issued":{"date-parts":[[2019,12,9]]},"references-count":61,"alternative-id":["10.1145\/3359789.3359808","10.1145\/3359789"],"URL":"https:\/\/doi.org\/10.1145\/3359789.3359808","relation":{},"subject":[],"published":{"date-parts":[[2019,12,9]]},"assertion":[{"value":"2019-12-09","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}