{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,12]],"date-time":"2025-12-12T13:06:05Z","timestamp":1765544765930,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":34,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,11,9]],"date-time":"2020-11-09T00:00:00Z","timestamp":1604880000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,11,13]]},"DOI":"10.1145\/3411508.3421372","type":"proceedings-article","created":{"date-parts":[[2020,11,2]],"date-time":"2020-11-02T21:16:40Z","timestamp":1604351800000},"page":"71-82","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":23,"title":["Automatic Yara Rule Generation Using Biclustering"],"prefix":"10.1145","author":[{"given":"Edward","family":"Raff","sequence":"first","affiliation":[{"name":"Booz Allen Hamilton, Columbia, MD, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Richard","family":"Zak","sequence":"additional","affiliation":[{"name":"Booz Allen Hamilton, Columbia, MD, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gary","family":"Lopez Munoz","sequence":"additional","affiliation":[{"name":"Booz Allen Hamilton, Columbia, MD, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"William","family":"Fleming","sequence":"additional","affiliation":[{"name":"U.S. Navy, Columbia, MD, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hyrum S.","family":"Anderson","sequence":"additional","affiliation":[{"name":"Microsoft, Boise, ID, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bobby","family":"Filar","sequence":"additional","affiliation":[{"name":"Elastic NV, District of Columbia, DC, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Charles","family":"Nicholas","sequence":"additional","affiliation":[{"name":"University of Maryland, Baltimore County, Catonsville, MD, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"James","family":"Holt","sequence":"additional","affiliation":[{"name":"Laboratory for Physical Sciences, Catonsville, MD, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2020,11,9]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2018. VirusTotal-Free online virus malware and URL scanner. https:\/\/www. virustotal.com  2018. VirusTotal-Free online virus malware and URL scanner. https:\/\/www. virustotal.com"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-014-9352-6"},{"key":"e_1_3_2_1_3_1","volume-title":"Yara: The pattern matching swiss knife for malware researchers (and everyone else). https:\/\/doi.org\/yara\/","author":"Alvarez Victor M.","year":"2013","unstructured":"Victor M. Alvarez . 2013 . Yara: The pattern matching swiss knife for malware researchers (and everyone else). https:\/\/doi.org\/yara\/ Victor M. Alvarez. 2013. Yara: The pattern matching swiss knife for malware researchers (and everyone else). https:\/\/doi.org\/yara\/"},{"key":"e_1_3_2_1_4_1","volume-title":"Anderson and Phil Roth","author":"Hyrum","year":"2018","unstructured":"Hyrum S. Anderson and Phil Roth . 2018 . EMBER : An Open Dataset for Training Static PE Malware Machine Learning Models. ArXiv e-prints (2018). http:\/\/arxiv.org\/abs\/1804.04637 Hyrum S. Anderson and Phil Roth. 2018. EMBER: An Open Dataset for Training Static PE Malware Machine Learning Models. ArXiv e-prints (2018). http:\/\/arxiv.org\/abs\/1804.04637"},{"key":"e_1_3_2_1_6_1","volume-title":"Proceedings Eighth International Conference on Artificial Intelligence and Statistics. Morgan Kaufmann, 27--34","author":"Corduneanu A","year":"2001","unstructured":"A Corduneanu and Christopher M Bishop . 2001 . Variational Bayesian Model Selection for Mixture Distributions . In Proceedings Eighth International Conference on Artificial Intelligence and Statistics. Morgan Kaufmann, 27--34 . http:\/\/research.microsoft.com\/apps\/pubs\/default.aspx?id=67239 A Corduneanu and Christopher M Bishop. 2001. Variational Bayesian Model Selection for Mixture Distributions. In Proceedings Eighth International Conference on Artificial Intelligence and Statistics. Morgan Kaufmann, 27--34. http:\/\/research.microsoft.com\/apps\/pubs\/default.aspx?id=67239"},{"key":"e_1_3_2_1_7_1","volume-title":"2015 International Joint Conference on Neural Networks (IJCNN). IEEE, 1--8. https:\/\/doi.org\/10","author":"Omid","year":"2015","unstructured":"Omid E. David and Nathan S. Netanyahu. 2015. DeepSign: Deep learning for automatic malware signature generation and classification . In 2015 International Joint Conference on Neural Networks (IJCNN). IEEE, 1--8. https:\/\/doi.org\/10 .1109\/IJCNN. 2015 .7280815 10.1109\/IJCNN.2015.7280815 Omid E. David and Nathan S. Netanyahu. 2015. DeepSign: Deep learning for automatic malware signature generation and classification. In 2015 International Joint Conference on Neural Networks (IJCNN). IEEE, 1--8. https:\/\/doi.org\/10.1109\/IJCNN.2015.7280815"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/502512.502550"},{"key":"#cr-split#-e_1_3_2_1_9_1.1","doi-asserted-by":"crossref","unstructured":"Kent Griffin Scott Schneider Xin Hu and Tzi-cker Chiueh. 2009. Automatic Generation of String Signatures for Malware Detection. In Recent Advances in Intrusion Detection (RAID). 101--120. https:\/\/doi.org\/10.1007\/978-3-642-04342-0_6 10.1007\/978-3-642-04342-0_6","DOI":"10.1007\/978-3-642-04342-0_6"},{"key":"#cr-split#-e_1_3_2_1_9_1.2","doi-asserted-by":"crossref","unstructured":"Kent Griffin Scott Schneider Xin Hu and Tzi-cker Chiueh. 2009. Automatic Generation of String Signatures for Malware Detection. In Recent Advances in Intrusion Detection (RAID). 101--120. https:\/\/doi.org\/10.1007\/978-3-642-04342-0_6","DOI":"10.1007\/978-3-642-04342-0_6"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1080\/01621459.1972.10481214"},{"key":"e_1_3_2_1_11_1","volume-title":"Proceedings of the 13th conference on USENIX Security Symposium -","volume":"13","author":"Kim Hyang-Ah","year":"2004","unstructured":"Hyang-Ah Kim and Brad Karp . 2004 . Autograph: toward automated, distributed worm signature detection . In Proceedings of the 13th conference on USENIX Security Symposium - Volume 13 . 19. https:\/\/doi.org\/10.1.1.94.5342 Hyang-Ah Kim and Brad Karp. 2004. Autograph: toward automated, distributed worm signature detection. In Proceedings of the 13th conference on USENIX Security Symposium - Volume 13. 19. https:\/\/doi.org\/10.1.1.94.5342"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1101\/gr.648603"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2006.06.015"},{"key":"e_1_3_2_1_14_1","volume-title":"Towards Robust Detection of Adversarial Infection Vectors: Lessons Learned in PDF Malware. arXiv preprint","author":"Maiorca Davide","year":"2018","unstructured":"Davide Maiorca , Battista Biggio , and Giorgio Giacinto . 2018. Towards Robust Detection of Adversarial Infection Vectors: Lessons Learned in PDF Malware. arXiv preprint ( 2018 ). Davide Maiorca, Battista Biggio, and Giorgio Giacinto. 2018. Towards Robust Detection of Adversarial Infection Vectors: Lessons Learned in PDF Malware. arXiv preprint (2018)."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2005.15"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1007\/11856214_5"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/BigData47090.2019.9006132"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.26"},{"key":"e_1_3_2_1_19_1","first-page":"1","article-title":"JSAT: Java Statistical Analysis Tool, a Library for Machine Learning","volume":"18","author":"Raff Edward","year":"2017","unstructured":"Edward Raff . 2017 . JSAT: Java Statistical Analysis Tool, a Library for Machine Learning . Journal of Machine Learning Research , Vol. 18 , 23 (2017), 1 -- 5 . http:\/\/jmlr.org\/papers\/v18\/16--131.html Edward Raff. 2017. JSAT: Java Statistical Analysis Tool, a Library for Machine Learning. Journal of Machine Learning Research, Vol. 18, 23 (2017), 1--5. http:\/\/jmlr.org\/papers\/v18\/16--131.html","journal-title":"Journal of Machine Learning Research"},{"key":"e_1_3_2_1_20_1","volume-title":"Proceedings of KDD 2019 Workshop on Learning and Mining for Cybersecurity (LEMINCS'19)","author":"Raff Edward","year":"2019","unstructured":"Edward Raff , William Fleming , Richard Zak , Hyrum Anderson , Bill Finlayson , Charles K. Nicholas , and Mark Mclean . 2019 . KiloGrams: Very Large N-Grams for Malware Classification . In Proceedings of KDD 2019 Workshop on Learning and Mining for Cybersecurity (LEMINCS'19) . https:\/\/arxiv.org\/abs\/1908.00200 Edward Raff, William Fleming, Richard Zak, Hyrum Anderson, Bill Finlayson, Charles K. Nicholas, and Mark Mclean. 2019. KiloGrams: Very Large N-Grams for Malware Classification. In Proceedings of KDD 2019 Workshop on Learning and Mining for Cybersecurity (LEMINCS'19). https:\/\/arxiv.org\/abs\/1908.00200"},{"key":"e_1_3_2_1_21_1","volume-title":"Hash-Grams On Many-Cores and Skewed Distributions. In 2018 IEEE International Conference on Big Data (Big Data). IEEE, 158--165","author":"Raff Edward","year":"2018","unstructured":"Edward Raff and Mark McLean . 2018 . Hash-Grams On Many-Cores and Skewed Distributions. In 2018 IEEE International Conference on Big Data (Big Data). IEEE, 158--165 . https:\/\/doi.org\/10.1109\/BigData.2018.8622043 10.1109\/BigData.2018.8622043 Edward Raff and Mark McLean. 2018. Hash-Grams On Many-Cores and Skewed Distributions. In 2018 IEEE International Conference on Big Data (Big Data). IEEE, 158--165. https:\/\/doi.org\/10.1109\/BigData.2018.8622043"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3128572.3140446"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3209280.3229085"},{"key":"e_1_3_2_1_24_1","unstructured":"Edward Raff and Charles Nicholas. 2020. A Survey of Machine Learning Methods and Challenges for Windows Malware Classification. arxiv: cs.CR\/2006.09271  Edward Raff and Charles Nicholas. 2020. A Survey of Machine Learning Methods and Challenges for Windows Malware Classification. arxiv: cs.CR\/2006.09271"},{"key":"e_1_3_2_1_25_1","first-page":"554","article-title":"The Infinite Gaussian Mixture Model","volume":"12","author":"Rasmussen Carl E.","year":"2000","unstructured":"Carl E. Rasmussen . 2000 . The Infinite Gaussian Mixture Model . Advances in Neural Information Processing Systems 12 (2000), 554 -- 560 . http:\/\/papers.nips.cc\/paper\/1745-the-infinite-gaussian-mixture-model.pdf Carl E. Rasmussen. 2000. The Infinite Gaussian Mixture Model. Advances in Neural Information Processing Systems 12 (2000), 554--560. http:\/\/papers.nips.cc\/paper\/1745-the-infinite-gaussian-mixture-model.pdf","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_2_1_26_1","unstructured":"J-Michael Roberts. 2011. Virus Share. https:\/\/virusshare.com\/  J-Michael Roberts. 2011. Virus Share. https:\/\/virusshare.com\/"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.18637\/jss.v088.i07"},{"key":"e_1_3_2_1_28_1","volume-title":"Prudent Practices for Designing Malware Experiments: Status Quo and Outlook. In 2012 IEEE Symposium on Security and Privacy. IEEE, 65--79","author":"Rossow Christian","year":"2012","unstructured":"Christian Rossow , Christian J. Dietrich , Chris Grier , Christian Kreibich , Vern Paxson , Norbert Pohlmann , Herbert Bos , and Maarten van Steen . 2012 . Prudent Practices for Designing Malware Experiments: Status Quo and Outlook. In 2012 IEEE Symposium on Security and Privacy. IEEE, 65--79 . https:\/\/doi.org\/10.1109\/SP.2012.14 10.1109\/SP.2012.14 Christian Rossow, Christian J. Dietrich, Chris Grier, Christian Kreibich, Vern Paxson, Norbert Pohlmann, Herbert Bos, and Maarten van Steen. 2012. Prudent Practices for Designing Malware Experiments: Status Quo and Outlook. In 2012 IEEE Symposium on Security and Privacy. IEEE, 65--79. https:\/\/doi.org\/10.1109\/SP.2012.14"},{"key":"e_1_3_2_1_29_1","unstructured":"Florian Roth. 2013. yarGen. https:\/\/github.com\/Neo23x0\/yarGen  Florian Roth. 2013. yarGen. https:\/\/github.com\/Neo23x0\/yarGen"},{"key":"e_1_3_2_1_30_1","volume-title":"Research in Attacks, Intrusions, and Defenses: 19th International Symposium, RAID","author":"Marcos Sebasti\u00e1","year":"2016","unstructured":"Marcos Sebasti\u00e1 n, Richard Rivera , Platon Kotzias , and Juan Caballero . 2016. AVclass: A Tool for Massive Malware Labeling . In Research in Attacks, Intrusions, and Defenses: 19th International Symposium, RAID 2016 ,, Fabian Monrose, Marc Dacier , Gregory Blanc, and Joaquin Garcia-Alfaro (Eds.). Springer International Publishing , Paris, France, 230--253. https:\/\/doi.org\/10.1007\/978-3-319-45719-2_11 10.1007\/978-3-319-45719-2_11 Marcos Sebasti\u00e1 n, Richard Rivera, Platon Kotzias, and Juan Caballero. 2016. AVclass: A Tool for Massive Malware Labeling. In Research in Attacks, Intrusions, and Defenses: 19th International Symposium, RAID 2016,, Fabian Monrose, Marc Dacier, Gregory Blanc, and Joaquin Garcia-Alfaro (Eds.). Springer International Publishing, Paris, France, 230--253. https:\/\/doi.org\/10.1007\/978-3-319-45719-2_11"},{"volume-title":"BSidesLV.","author":"Seymour John","key":"e_1_3_2_1_31_1","unstructured":"John Seymour and Charles Nicholas . 2016. Labeling the VirusShare Corpus: Lessons Learned . In BSidesLV. Las Vegas, NV . John Seymour and Charles Nicholas. 2016. Labeling the VirusShare Corpus: Lessons Learned. In BSidesLV. Las Vegas, NV."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315312"},{"volume-title":"An Observational Investigation of Reverse Engineers' Processes. In USENIX Security Symposium.","author":"Votipka Daniel","key":"e_1_3_2_1_33_1","unstructured":"Daniel Votipka , Seth M. Rabin , Kristopher Micinski , Jeffrey S. Foster , and Michelle M. Mazurek . 2019 . An Observational Investigation of Reverse Engineers' Processes. In USENIX Security Symposium. Daniel Votipka, Seth M. Rabin, Kristopher Micinski, Jeffrey S. Foster, and Michelle M. Mazurek. 2019. An Observational Investigation of Reverse Engineers' Processes. In USENIX Security Symposium."},{"key":"e_1_3_2_1_34_1","volume-title":"Proceedings of the 14th Conference on USENIX Security Symposium -","volume":"14","author":"Yegneswaran Vinod","year":"2005","unstructured":"Vinod Yegneswaran , Jonathon T Giffin , Paul Barford , and Somesh Jha . 2005 . An Architecture for Generating Semantics-aware Signatures . In Proceedings of the 14th Conference on USENIX Security Symposium - Volume 14 (SSYM'05). USENIX Association, Berkeley, CA, USA, 7. http:\/\/dl.acm.org\/citation.cfm?id=1251398.1251405 Vinod Yegneswaran, Jonathon T Giffin, Paul Barford, and Somesh Jha. 2005. An Architecture for Generating Semantics-aware Signatures. In Proceedings of the 14th Conference on USENIX Security Symposium - Volume 14 (SSYM'05). USENIX Association, Berkeley, CA, USA, 7. http:\/\/dl.acm.org\/citation.cfm?id=1251398.1251405"}],"event":{"name":"CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Virtual Event USA","acronym":"CCS '20"},"container-title":["Proceedings of the 13th ACM Workshop on Artificial Intelligence and Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3411508.3421372","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3411508.3421372","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:02:37Z","timestamp":1750197757000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3411508.3421372"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,11,9]]},"references-count":34,"alternative-id":["10.1145\/3411508.3421372","10.1145\/3411508"],"URL":"https:\/\/doi.org\/10.1145\/3411508.3421372","relation":{},"subject":[],"published":{"date-parts":[[2020,11,9]]},"assertion":[{"value":"2020-11-09","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}