{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,4]],"date-time":"2026-02-04T17:00:41Z","timestamp":1770224441360,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":48,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,12,7]],"date-time":"2020-12-07T00:00:00Z","timestamp":1607299200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,12,7]]},"DOI":"10.1145\/3427228.3427230","type":"proceedings-article","created":{"date-parts":[[2020,12,9]],"date-time":"2020-12-09T22:20:18Z","timestamp":1607552418000},"page":"611-626","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":38,"title":["Query-Efficient Black-Box Attack Against Sequence-Based Malware Classifiers"],"prefix":"10.1145","author":[{"given":"Ishai","family":"Rosenberg","sequence":"first","affiliation":[{"name":"Ben-Gurion University of the Negev, Israel"}]},{"given":"Asaf","family":"Shabtai","sequence":"additional","affiliation":[{"name":"Ben-Gurion University of the Negev"}]},{"given":"Yuval","family":"Elovici","sequence":"additional","affiliation":[{"name":"Ben Gurion University of the Negev"}]},{"given":"Lior","family":"Rokach","sequence":"additional","affiliation":[{"name":"Ben-Gurion University of the Negev"}]}],"member":"320","published-online":{"date-parts":[[2020,12,8]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"2019. Amazon Machine Learning. https:\/\/aws.amazon.com\/machine-learning. Accessed: 2019-09-26.  2019. Amazon Machine Learning. https:\/\/aws.amazon.com\/machine-learning. Accessed: 2019-09-26."},{"key":"e_1_3_2_2_2_1","unstructured":"2019. Cuckoo Sandbox Hooked APIs and Categories. https:\/\/github.com\/cuckoosandbox\/cuckoo\/wiki\/Hooked-APIs-and-Categories. Accessed: 2019-08-24.  2019. Cuckoo Sandbox Hooked APIs and Categories. https:\/\/github.com\/cuckoosandbox\/cuckoo\/wiki\/Hooked-APIs-and-Categories. Accessed: 2019-08-24."},{"key":"e_1_3_2_2_3_1","unstructured":"2019. Cylance I Kill You!https:\/\/skylightcyber.com\/2019\/07\/18\/cylance-i-kill-you. Accessed: 2019-08-24.  2019. Cylance I Kill You!https:\/\/skylightcyber.com\/2019\/07\/18\/cylance-i-kill-you. Accessed: 2019-08-24."},{"key":"e_1_3_2_2_4_1","unstructured":"2019. Deploy trained Keras or TensorFlow models using Amazon SageMaker. https:\/\/aws.amazon.com\/blogs\/machine-learning\/deploy-trained-keras-or-tensorflow-models-using-amazon-sagemaker\/. Accessed: 2019-12-14.  2019. Deploy trained Keras or TensorFlow models using Amazon SageMaker. https:\/\/aws.amazon.com\/blogs\/machine-learning\/deploy-trained-keras-or-tensorflow-models-using-amazon-sagemaker\/. Accessed: 2019-12-14."},{"key":"e_1_3_2_2_5_1","unstructured":"2019. Google Cloud Prediction. https:\/\/cloud.google.com\/prediction\/. Accessed: 2019-09-26.  2019. Google Cloud Prediction. https:\/\/cloud.google.com\/prediction\/. Accessed: 2019-09-26."},{"key":"e_1_3_2_2_6_1","unstructured":"2019. Joe Sandbox ML. https:\/\/www.joesecurity.org\/joe-sandbox-ML. Accessed: 2019-09-26.  2019. Joe Sandbox ML. https:\/\/www.joesecurity.org\/joe-sandbox-ML. Accessed: 2019-09-26."},{"key":"e_1_3_2_2_7_1","unstructured":"2019. Keras. https:\/\/keras.io\/. Accessed: 2019-09-26.  2019. Keras. https:\/\/keras.io\/. Accessed: 2019-09-26."},{"key":"e_1_3_2_2_8_1","unstructured":"2019. Microsoft ATP. https:\/\/www.microsoft.com\/security\/blog\/2018\/02\/14\/how-artificial-intelligence-stopped-an-emotet-outbreak\/. Accessed: 2019-09-26.  2019. Microsoft ATP. https:\/\/www.microsoft.com\/security\/blog\/2018\/02\/14\/how-artificial-intelligence-stopped-an-emotet-outbreak\/. Accessed: 2019-09-26."},{"key":"e_1_3_2_2_9_1","unstructured":"2019. SciKit Learn. http:\/\/scikit-learn.org\/stable\/. Accessed: 2019-09-26.  2019. SciKit Learn. http:\/\/scikit-learn.org\/stable\/. Accessed: 2019-09-26."},{"key":"e_1_3_2_2_10_1","unstructured":"2019. Scikit Learn Decision Tree Categorial Variable. https:\/\/roamanalytics.com\/2016\/10\/28\/are-categorical-variables-getting-lost-in-your-random-forests\/. Accessed: 2019-09-26.  2019. Scikit Learn Decision Tree Categorial Variable. https:\/\/roamanalytics.com\/2016\/10\/28\/are-categorical-variables-getting-lost-in-your-random-forests\/. Accessed: 2019-09-26."},{"key":"e_1_3_2_2_11_1","unstructured":"2019. SentinelOne. https:\/\/www.sentinelone.com\/insights\/endpoint-protection-platform-datasheet\/. Accessed: 2019-09-26.  2019. SentinelOne. https:\/\/www.sentinelone.com\/insights\/endpoint-protection-platform-datasheet\/. Accessed: 2019-09-26."},{"key":"e_1_3_2_2_12_1","unstructured":"2019. VirusTotal. https:\/\/www.virustotal.com\/. Accessed: 2019-09-26.  2019. VirusTotal. https:\/\/www.virustotal.com\/. Accessed: 2019-09-26."},{"key":"e_1_3_2_2_13_1","unstructured":"2019. XGBoost. https:\/\/github.com\/dmlc\/xgboost\/. Accessed: 2019-09-26.  2019. XGBoost. https:\/\/github.com\/dmlc\/xgboost\/. Accessed: 2019-09-26."},{"key":"e_1_3_2_2_14_1","unstructured":"2019. Yara Rules. https:\/\/github.com\/Yara-Rules\/rules. Accessed: 2019-09-26.  2019. Yara Rules. https:\/\/github.com\/Yara-Rules\/rules. Accessed: 2019-09-26."},{"key":"e_1_3_2_2_15_1","unstructured":"Rakshit Agrawal Jack\u00a0W. Stokes Mady Marinescu and Karthik Selvaraj. 2018. Robust Neural Malware Detection Models for Emulation Sequence Learning. CoRR abs\/1806.10741(2018). arxiv:1806.10741http:\/\/arxiv.org\/abs\/1806.10741  Rakshit Agrawal Jack\u00a0W. Stokes Mady Marinescu and Karthik Selvaraj. 2018. Robust Neural Malware Detection Models for Emulation Sequence Learning. CoRR abs\/1806.10741(2018). arxiv:1806.10741http:\/\/arxiv.org\/abs\/1806.10741"},{"key":"e_1_3_2_2_16_1","unstructured":"Moustafa Alzantot Yash Sharma Supriyo Chakraborty and Mani\u00a0B. Srivastava. 2018. GenAttack: Practical Black-box Attacks with Gradient-Free Optimization. CoRR abs\/1805.11090(2018). arxiv:1805.11090http:\/\/arxiv.org\/abs\/1805.11090  Moustafa Alzantot Yash Sharma Supriyo Chakraborty and Mani\u00a0B. Srivastava. 2018. GenAttack: Practical Black-box Attacks with Gradient-Free Optimization. CoRR abs\/1805.11090(2018). arxiv:1805.11090http:\/\/arxiv.org\/abs\/1805.11090"},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/D18-1316"},{"key":"e_1_3_2_2_18_1","volume-title":"Anderson and Phil Roth","author":"S.","year":"2018"},{"key":"e_1_3_2_2_19_1","volume-title":"Polonium: Tera-scale graph mining for malware detection. In Acm sigkdd conference on knowledge discovery and data mining.","author":"Chau Duen\u00a0Horng","year":"2010"},{"key":"e_1_3_2_2_20_1","unstructured":"Tong Che Yanran Li Ruixiang Zhang R.\u00a0Devon Hjelm Wenjie Li Yangqiu Song and Yoshua Bengio. 2017. Maximum-Likelihood Augmented Discrete Generative Adversarial Networks. CoRR abs\/1702.07983(2017). arxiv:1702.07983http:\/\/arxiv.org\/abs\/1702.07983  Tong Che Yanran Li Ruixiang Zhang R.\u00a0Devon Hjelm Wenjie Li Yangqiu Song and Yoshua Bengio. 2017. Maximum-Likelihood Augmented Discrete Generative Adversarial Networks. CoRR abs\/1702.07983(2017). arxiv:1702.07983http:\/\/arxiv.org\/abs\/1702.07983"},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3128572.3140448"},{"key":"e_1_3_2_2_22_1","unstructured":"Steven Chen Nicholas Carlini and David Wagner. 2019. Stateful Detection of Black-Box Adversarial Attacks. arxiv:1907.05587\u00a0[cs.CR]  Steven Chen Nicholas Carlini and David Wagner. 2019. Stateful Detection of Black-Box Adversarial Attacks. arxiv:1907.05587\u00a0[cs.CR]"},{"key":"e_1_3_2_2_23_1","volume-title":"Parallel Problem Solving from Nature \u2013 PPSN XIV, Julia Handl, Emma Hart, Peter\u00a0R. Lewis, Manuel L\u00f3pez-Ib\u00e1\u00f1ez","author":"Dang Duc-Cuong"},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133978"},{"key":"e_1_3_2_2_25_1","volume-title":"Proceedings of the 35th International Conference on Machine Learning, ICML 2018, Stockholmsm\u00e4ssan, Stockholm, Sweden, July 10-15, 2018. Proceedings of Machine Learning Research, Vol.\u00a080","author":"G."},{"key":"e_1_3_2_2_26_1","volume-title":"Explaining and Harnessing Adversarial Examples. International Conference on Learning Representations (ICLR) (Dec.","author":"Goodfellow J.","year":"2015"},{"key":"e_1_3_2_2_27_1","volume-title":"On the (Statistical) Detection of Adversarial Examples. ArXiv e-prints abs\/1702.06280","author":"Grosse Kathrin","year":"2017"},{"key":"e_1_3_2_2_28_1","volume-title":"Black-Box Attacks against RNN based Malware Detection Algorithms. ArXiv e-prints abs\/1705.08131","author":"Hu Weiwei","year":"2017"},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046684.2046692"},{"key":"e_1_3_2_2_30_1","unstructured":"Andrew Ilyas Logan Engstrom Anish Athalye and Jessy Lin. 2018. Black-box Adversarial Attacks with Limited Queries and Information See Dy and Krause [25] 2142\u20132151. http:\/\/proceedings.mlr.press\/v80\/ilyas18a.html  Andrew Ilyas Logan Engstrom Anish Athalye and Jessy Lin. 2018. Black-box Adversarial Attacks with Limited Queries and Information See Dy and Krause [25] 2142\u20132151. http:\/\/proceedings.mlr.press\/v80\/ilyas18a.html"},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.5555\/1248547.1248646"},{"key":"e_1_3_2_2_32_1","volume-title":"Kusner and Jos\u00e9\u00a0Miguel Hern\u00e1ndez-Lobato","author":"J.","year":"2016"},{"key":"e_1_3_2_2_33_1","unstructured":"Jinfeng Li Shouling Ji Tianyu Du Bo Li and Ting Wang. 2018. TextBugger: Generating Adversarial Text Against Real-world Applications. CoRR abs\/1812.05271(2018). arxiv:1812.05271http:\/\/arxiv.org\/abs\/1812.05271  Jinfeng Li Shouling Ji Tianyu Du Bo Li and Ting Wang. 2018. TextBugger: Generating Adversarial Text Against Real-world Applications. CoRR abs\/1812.05271(2018). arxiv:1812.05271http:\/\/arxiv.org\/abs\/1812.05271"},{"key":"e_1_3_2_2_34_1","volume-title":"6th International Conference on Learning Representations, ICLR","author":"Madry Aleksander","year":"2018"},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISI.2007.379542"},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/MILCOM.2016.7795300"},{"key":"e_1_3_2_2_37_1","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Pendlebury Feargus","year":"2019"},{"key":"e_1_3_2_2_38_1","volume-title":"Intriguing Properties of Adversarial ML Attacks in the Problem Space. In 2020 IEEE Symposium on Security and Privacy, SP 2020","author":"Pierazzi Fabio","year":"2020"},{"key":"e_1_3_2_2_39_1","unstructured":"J. Rapin and O. Teytaud. 2018. Nevergrad - A gradient-free optimization platform. https:\/\/GitHub.com\/FacebookResearch\/Nevergrad.  J. Rapin and O. Teytaud. 2018. Nevergrad - A gradient-free optimization platform. https:\/\/GitHub.com\/FacebookResearch\/Nevergrad."},{"key":"e_1_3_2_2_40_1","volume-title":"Generating End-to-End Adversarial Examples for Malware Classifiers Using Explainability. In The 2020 International Joint Conference on Neural Networks (IJCNN","author":"Rosenberg Ishai","year":"2020"},{"key":"e_1_3_2_2_41_1","unstructured":"Ihai Rosenberg Asaf Shabtai Yuval Elovici and Lior Rokach. 2020. Adversarial Learning in the Cyber Security Domain. arxiv:2007.02407\u00a0[cs.LG]  Ihai Rosenberg Asaf Shabtai Yuval Elovici and Lior Rokach. 2020. Adversarial Learning in the Cyber Security Domain. arxiv:2007.02407\u00a0[cs.LG]"},{"key":"e_1_3_2_2_42_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-00470-5_23"},{"key":"e_1_3_2_2_43_1","unstructured":"Jonathan Uesato Brendan O\u2019Donoghue Pushmeet Kohli and A\u00e4ron van\u00a0den Oord. 2018. Adversarial Risk and the Dangers of Evaluating Against Weak Attacks See Dy and Krause [25] 5032\u20135041. http:\/\/proceedings.mlr.press\/v80\/uesato18a.html  Jonathan Uesato Brendan O\u2019Donoghue Pushmeet Kohli and A\u00e4ron van\u00a0den Oord. 2018. Adversarial Risk and the Dangers of Evaluating Against Weak Attacks See Dy and Krause [25] 5032\u20135041. http:\/\/proceedings.mlr.press\/v80\/uesato18a.html"},{"key":"e_1_3_2_2_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/586110.586145"},{"key":"e_1_3_2_2_45_1","volume-title":"Automatically Evading Classifiers: A Case Study on PDF Malware Classifiers. In 23rd Annual Network and Distributed System Security Symposium, NDSS 2016","author":"Xu Weilin","year":"2016"},{"key":"e_1_3_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v31i1.10804"},{"key":"e_1_3_2_2_47_1","volume-title":"Proceedings of the 34th International Conference on Machine Learning, ICML 2017","author":"Zhang Yizhe","year":"2017"},{"key":"e_1_3_2_2_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3209978.3210080"}],"event":{"name":"ACSAC '20: Annual Computer Security Applications Conference","location":"Austin USA","acronym":"ACSAC '20"},"container-title":["Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3427228.3427230","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3427228.3427230","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:02:24Z","timestamp":1750197744000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3427228.3427230"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,12,7]]},"references-count":48,"alternative-id":["10.1145\/3427228.3427230","10.1145\/3427228"],"URL":"https:\/\/doi.org\/10.1145\/3427228.3427230","relation":{},"subject":[],"published":{"date-parts":[[2020,12,7]]},"assertion":[{"value":"2020-12-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}