{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,4]],"date-time":"2026-03-04T16:39:11Z","timestamp":1772642351731,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":31,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,11,9]],"date-time":"2020-11-09T00:00:00Z","timestamp":1604880000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100003246","name":"Nederlandse Organisatie voor Wetenschappelijk Onderzoek","doi-asserted-by":"publisher","award":["628.009.012"],"award-info":[{"award-number":["628.009.012"]}],"id":[{"id":"10.13039\/501100003246","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,11,13]]},"DOI":"10.1145\/3411508.3421374","type":"proceedings-article","created":{"date-parts":[[2020,11,2]],"date-time":"2020-11-02T21:16:40Z","timestamp":1604351800000},"page":"61-70","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["The Robust Malware Detection Challenge and Greedy Random Accelerated Multi-Bit Search"],"prefix":"10.1145","author":[{"given":"Sicco","family":"Verwer","sequence":"first","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Azqa","family":"Nadeem","sequence":"additional","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christian","family":"Hammerschmidt","sequence":"additional","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Laurens","family":"Bliek","sequence":"additional","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Abdullah","family":"Al-Dujaili","sequence":"additional","affiliation":[{"name":"Analog Devices, Norwood, MA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Una-May","family":"O'Reilly","sequence":"additional","affiliation":[{"name":"Massachusetts Institute of Technology, Cambridge, MA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2020,11,9]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Adversarial Deep Learning for Robust Detection of Binary Encoded Malware. arXiv:1801.02950","author":"Al-Dujaili Abdullah","year":"2018","unstructured":"Abdullah Al-Dujaili , Alex Huang , Erik Hemberg , and Una-May O'Reilly . 2018. Adversarial Deep Learning for Robust Detection of Binary Encoded Malware. arXiv:1801.02950 ( 2018 ). Abdullah Al-Dujaili, Alex Huang, Erik Hemberg, and Una-May O'Reilly. 2018. Adversarial Deep Learning for Robust Detection of Binary Encoded Malware. arXiv:1801.02950 (2018)."},{"key":"e_1_3_2_1_2_1","volume-title":"Evading machine learning malware detection. Black Hat","author":"Anderson Hyrum S","year":"2017","unstructured":"Hyrum S Anderson , Anant Kharkar , Bobby Filar , and Phil Roth . 2017. Evading machine learning malware detection. Black Hat ( 2017 ). Hyrum S Anderson, Anant Kharkar, Bobby Filar, and Phil Roth. 2017. Evading machine learning malware detection. Black Hat (2017)."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.patcog.2018.07.023"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"crossref","unstructured":"Nicholas Carlini and David Wagner. 2017. Adversarial examples are not easily detected: Bypassing ten detection methods. In AISec. 3--14.  Nicholas Carlini and David Wagner. 2017. Adversarial examples are not easily detected: Bypassing ten detection methods. In AISec. 3--14.","DOI":"10.1145\/3128572.3140444"},{"key":"e_1_3_2_1_5_1","volume-title":"Large-scale malware classification using random projections and neural networks","author":"Dahl George E","unstructured":"George E Dahl , Jack W Stokes , Li Deng , and Dong Yu. 2013. Large-scale malware classification using random projections and neural networks . In ICASSP. IEEE , 3422--3426. George E Dahl, Jack W Stokes, Li Deng, and Dong Yu. 2013. Large-scale malware classification using random projections and neural networks. In ICASSP. IEEE, 3422--3426."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"crossref","unstructured":"Hung Dang Yue Huang and Ee-Chien Chang. 2017. Evading classifiers by morphing in the dark. In ACM CCS. 119--133.  Hung Dang Yue Huang and Ee-Chien Chang. 2017. Evading classifiers by morphing in the dark. In ACM CCS. 119--133.","DOI":"10.1145\/3133956.3133978"},{"key":"e_1_3_2_1_7_1","unstructured":"Ambra Demontis Marco Melis Maura Pintor Matthew Jagielski Battista Biggio Alina Oprea Cristina Nita-Rotaru and Fabio Roli. 2019. Why do adversarial attacks transfer? explaining transferability of evasion and poisoning attacks. In {USENIX} Security Symp. 321--338.  Ambra Demontis Marco Melis Maura Pintor Matthew Jagielski Battista Biggio Alina Oprea Cristina Nita-Rotaru and Fabio Roli. 2019. Why do adversarial attacks transfer? explaining transferability of evasion and poisoning attacks. In {USENIX} Security Symp. 321--338."},{"key":"e_1_3_2_1_8_1","unstructured":"Rong Ge Sham M Kakade Rahul Kidambi and Praneeth Netrapalli. 2019. The Step Decay Schedule: A Near Optimal Geometrically Decaying Learning Rate Procedure For Least Squares. In Advances in Neural Information Processing Systems. 14977--14988.  Rong Ge Sham M Kakade Rahul Kidambi and Praneeth Netrapalli. 2019. The Step Decay Schedule: A Near Optimal Geometrically Decaying Learning Rate Procedure For Least Squares. In Advances in Neural Information Processing Systems. 14977--14988."},{"key":"e_1_3_2_1_9_1","unstructured":"Ian J. Goodfellow Jonathon Shlens and Christian Szegedy. 2015. Explaining and Harnessing Adversarial Examples. In ICLR.  Ian J. Goodfellow Jonathon Shlens and Christian Szegedy. 2015. Explaining and Harnessing Adversarial Examples. In ICLR."},{"key":"e_1_3_2_1_10_1","volume-title":"Adversarial examples for malware detection","author":"Grosse Kathrin","unstructured":"Kathrin Grosse , Nicolas Papernot , Praveen Manoharan , Michael Backes , and Patrick McDaniel . 2017. Adversarial examples for malware detection . In ESORICS. Springer , 62--79. Kathrin Grosse, Nicolas Papernot, Praveen Manoharan, Michael Backes, and Patrick McDaniel. 2017. Adversarial examples for malware detection. In ESORICS. Springer, 62--79."},{"key":"e_1_3_2_1_11_1","volume-title":"Big Data","author":"Hsien-De Huang TonTon","unstructured":"TonTon Hsien-De Huang and Hung-Yu Kao . 2018. R2-d2: Color-inspired convolutional neural network (cnn)-based android malware detections . In Big Data . IEEE , 2633--2642. TonTon Hsien-De Huang and Hung-Yu Kao. 2018. R2-d2: Color-inspired convolutional neural network (cnn)-based android malware detections. In Big Data. IEEE, 2633--2642."},{"key":"e_1_3_2_1_12_1","volume-title":"Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN. arXiv:1702.05983","author":"Hu Weiwei","year":"2017","unstructured":"Weiwei Hu and Ying Tan . 2017. Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN. arXiv:1702.05983 ( 2017 ). arxiv: 1702.05983 [cs.LG] Weiwei Hu and Ying Tan. 2017. Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN. arXiv:1702.05983 (2017). arxiv: 1702.05983 [cs.LG]"},{"key":"e_1_3_2_1_13_1","unstructured":"Kevin Jamieson and Ameet Talwalkar. 2016. Non-stochastic best arm identification and hyperparameter optimization. In Artificial Intelligence and Statistics. 240--248.  Kevin Jamieson and Ameet Talwalkar. 2016. Non-stochastic best arm identification and hyperparameter optimization. In Artificial Intelligence and Statistics. 240--248."},{"key":"e_1_3_2_1_14_1","volume-title":"Benjamin IP Rubinstein, and JD Tygar","author":"Joseph Anthony D","year":"2018","unstructured":"Anthony D Joseph , Blaine Nelson , Benjamin IP Rubinstein, and JD Tygar . 2018 . Adversarial Machine Learning. Cambridge University Press . Anthony D Joseph, Blaine Nelson, Benjamin IP Rubinstein, and JD Tygar. 2018. Adversarial Machine Learning. Cambridge University Press."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1017\/S0962492919000060"},{"key":"e_1_3_2_1_16_1","unstructured":"Aleksander Madry Aleksandar Makelov Ludwig Schmidt Dimitris Tsipras and Adrian Vladu. 2018. Towards Deep Learning Models Resistant to Adversarial Attacks. In ICLR.  Aleksander Madry Aleksandar Makelov Ludwig Schmidt Dimitris Tsipras and Adrian Vladu. 2018. Towards Deep Learning Models Resistant to Adversarial Attacks. In ICLR."},{"key":"e_1_3_2_1_17_1","volume-title":"Jong Hwan Ko, and Saibal Mukhopadhyay","author":"Na Taesik","year":"2017","unstructured":"Taesik Na , Jong Hwan Ko, and Saibal Mukhopadhyay . 2017 . Cascade adversarial machine learning regularized with a unified embedding. arXiv:1708.02582 (2017). Taesik Na, Jong Hwan Ko, and Saibal Mukhopadhyay. 2017. Cascade adversarial machine learning regularized with a unified embedding. arXiv:1708.02582 (2017)."},{"key":"e_1_3_2_1_18_1","first-page":"372","article-title":"A method of solving a convex programming problem with convergence rate O(1\/k 2)","volume":"27","author":"Nesterov Y","year":"1983","unstructured":"Y Nesterov . 1983 . A method of solving a convex programming problem with convergence rate O(1\/k 2) . In Soviet Math. Dokl , Vol. 27. 372 -- 376 . Y Nesterov. 1983. A method of solving a convex programming problem with convergence rate O(1\/k 2). In Soviet Math. Dokl, Vol. 27. 372--376.","journal-title":"Soviet Math. Dokl"},{"key":"e_1_3_2_1_19_1","volume-title":"EuroS&P","author":"Papernot Nicolas","unstructured":"Nicolas Papernot , Patrick McDaniel , Somesh Jha , Matt Fredrikson , Z Berkay Celik , and Ananthram Swami . 2016. The limitations of deep learning in adversarial settings . In EuroS&P . IEEE , 372--387. Nicolas Papernot, Patrick McDaniel, Somesh Jha, Matt Fredrikson, Z Berkay Celik, and Ananthram Swami. 2016. The limitations of deep learning in adversarial settings. In EuroS&P. IEEE, 372--387."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00073"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1016\/0041-5553(64)90137-5"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"crossref","unstructured":"Edward Raff Jared Sylvester and Charles Nicholas. 2017. Learning the pe header malware detection with minimal domain knowledge. In AISec. 121--132.  Edward Raff Jared Sylvester and Charles Nicholas. 2017. Learning the pe header malware detection with minimal domain knowledge. In AISec. 121--132.","DOI":"10.1145\/3128572.3140442"},{"key":"e_1_3_2_1_23_1","volume-title":"Generic black-box end-to-end attack against state of the art API call based malware classifiers","author":"Rosenberg Ishai","unstructured":"Ishai Rosenberg , Asaf Shabtai , Lior Rokach , and Yuval Elovici . 2018. Generic black-box end-to-end attack against state of the art API call based malware classifiers . In RAID. Springer , 490--510. Ishai Rosenberg, Asaf Shabtai, Lior Rokach, and Yuval Elovici. 2018. Generic black-box end-to-end attack against state of the art API call based malware classifiers. In RAID. Springer, 490--510."},{"key":"e_1_3_2_1_24_1","volume-title":"Deep neural network based malware detection using two dimensional binary program features","author":"Saxe Joshua","unstructured":"Joshua Saxe and Konstantin Berlin . 2015. Deep neural network based malware detection using two dimensional binary program features . In MALWARE. IEEE , 11--20. Joshua Saxe and Konstantin Berlin. 2015. Deep neural network based malware detection using two dimensional binary program features. In MALWARE. IEEE, 11--20."},{"key":"e_1_3_2_1_25_1","unstructured":"M. G. Schultz E. Eskin F. Zadok and S. J. Stolfo. 2001. Data mining methods for detection of new malicious executables. In S&P. 38--49.  M. G. Schultz E. Eskin F. Zadok and S. J. Stolfo. 2001. Data mining methods for detection of new malicious executables. In S&P. 38--49."},{"key":"e_1_3_2_1_26_1","volume-title":"Intriguing properties of neural networks. arXiv:1312.6199","author":"Szegedy Christian","year":"2013","unstructured":"Christian Szegedy , Wojciech Zaremba , Ilya Sutskever , Joan Bruna , Dumitru Erhan , Ian Goodfellow , and Rob Fergus . 2013. Intriguing properties of neural networks. arXiv:1312.6199 ( 2013 ). Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus. 2013. Intriguing properties of neural networks. arXiv:1312.6199 (2013)."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/586110.586145"},{"key":"e_1_3_2_1_28_1","volume-title":"Automatically Evading Classifiers: A Case Study on PDF Malware Classifiers","author":"Xu Weilin","unstructured":"Weilin Xu , Yanjun Qi , and David Evans . 2016. Automatically Evading Classifiers: A Case Study on PDF Malware Classifiers . In NDSS. Internet Society . Weilin Xu, Yanjun Qi, and David Evans. 2016. Automatically Evading Classifiers: A Case Study on PDF Malware Classifiers. In NDSS. Internet Society."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"crossref","unstructured":"Wei Yang Deguang Kong Tao Xie and Carl A Gunter. 2017. Malware detection in adversarial settings: Exploiting feature evolutions and confusions in android apps. In ACSAC. 288--302.  Wei Yang Deguang Kong Tao Xie and Carl A Gunter. 2017. Malware detection in adversarial settings: Exploiting feature evolutions and confusions in android apps. In ACSAC. 288--302.","DOI":"10.1145\/3134600.3134642"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"crossref","unstructured":"Zhenlong Yuan Yongqiang Lu Zhaoguo Wang and Yibo Xue. 2014. Droid-sec: deep learning in android malware detection. In SIGCOMM. 371--372.  Zhenlong Yuan Yongqiang Lu Zhaoguo Wang and Yibo Xue. 2014. Droid-sec: deep learning in android malware detection. In SIGCOMM. 371--372.","DOI":"10.1145\/2619239.2631434"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"crossref","unstructured":"Valentina Zantedeschi Maria-Irina Nicolae and Ambrish Rawat. 2017. Efficient defenses against adversarial attacks. In AISec. 39--49.  Valentina Zantedeschi Maria-Irina Nicolae and Ambrish Rawat. 2017. Efficient defenses against adversarial attacks. In AISec. 39--49.","DOI":"10.1145\/3128572.3140449"}],"event":{"name":"CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security","location":"Virtual Event USA","acronym":"CCS '20","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 13th ACM Workshop on Artificial Intelligence and Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3411508.3421374","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3411508.3421374","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:02:37Z","timestamp":1750197757000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3411508.3421374"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,11,9]]},"references-count":31,"alternative-id":["10.1145\/3411508.3421374","10.1145\/3411508"],"URL":"https:\/\/doi.org\/10.1145\/3411508.3421374","relation":{},"subject":[],"published":{"date-parts":[[2020,11,9]]},"assertion":[{"value":"2020-11-09","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}