{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T18:50:46Z","timestamp":1768416646042,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":45,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T00:00:00Z","timestamp":1667779200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"RIE2020 Industry Alignment Fund - Industry Collaboration Projects (IAF-ICP) Funding Initiative","award":[""],"award-info":[{"award-number":[""]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,11,7]]},"DOI":"10.1145\/3548659.3561307","type":"proceedings-article","created":{"date-parts":[[2022,11,9]],"date-time":"2022-11-09T20:08:05Z","timestamp":1668024485000},"page":"37-44","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["KUBO: a framework for automated efficacy testing of anti-virus behavioral detection with procedure-based malware emulation"],"prefix":"10.1145","author":[{"given":"Jakub","family":"Pru\u017einec","sequence":"first","affiliation":[{"name":"HP-NTU Digital Manufacturing Corporate Lab, Singapore"}]},{"given":"Quynh Anh","family":"Nguyen","sequence":"additional","affiliation":[{"name":"HP-NTU Digital Manufacturing Corporate Lab, Singapore"}]},{"given":"Adrian","family":"Baldwin","sequence":"additional","affiliation":[{"name":"HP-Labs, UK"}]},{"given":"Jonathan","family":"Griffin","sequence":"additional","affiliation":[{"name":"HP-Labs, UK"}]},{"given":"Yang","family":"Liu","sequence":"additional","affiliation":[{"name":"HP-NTU Digital Manufacturing Corporate Lab, Singapore"}]}],"member":"320","published-online":{"date-parts":[[2022,11,9]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"crossref","unstructured":"Rawan Al-Shaer Jonathan M. Spring and Eliana Christou. 2020. Learning the Associations of MITRE ATT&CK Adversarial Techniques. arxiv:2005.01654. \t\t\t\t  Rawan Al-Shaer Jonathan M. Spring and Eliana Christou. 2020. Learning the Associations of MITRE ATT&CK Adversarial Techniques. arxiv:2005.01654.","DOI":"10.1109\/CNS48642.2020.9162207"},{"key":"e_1_3_2_1_2_1","unstructured":"AMTSO. 2019. Testing Protocol Standard. https:\/\/www.amtso.org\/wp-content\/uploads\/2019\/12\/AMTSO-Testing-Protocol-Standard-for-the-Testing-of-Anti-Malware-Solutions-v1.3.pdf \t\t\t\t  AMTSO. 2019. Testing Protocol Standard. https:\/\/www.amtso.org\/wp-content\/uploads\/2019\/12\/AMTSO-Testing-Protocol-Standard-for-the-Testing-of-Anti-Malware-Solutions-v1.3.pdf"},{"key":"e_1_3_2_1_3_1","unstructured":"Anonymous. 2018. Invoke-Adversary. https:\/\/github.com\/CyberMonitor\/Invoke-Adversary \t\t\t\t  Anonymous. 2018. Invoke-Adversary. https:\/\/github.com\/CyberMonitor\/Invoke-Adversary"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991111"},{"key":"e_1_3_2_1_5_1","unstructured":"AV-Comparatives. 1999. AV-Comparatives. https:\/\/www.av-comparatives.org\/ \t\t\t\t  AV-Comparatives. 1999. AV-Comparatives. https:\/\/www.av-comparatives.org\/"},{"key":"e_1_3_2_1_6_1","unstructured":"AV-Test. 2004. AV-Test. https:\/\/www.av-test.org \t\t\t\t  AV-Test. 2004. AV-Test. https:\/\/www.av-test.org"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/IKT.2013.6620049"},{"key":"e_1_3_2_1_8_1","first-page":"46","article-title":"QEMU, a fast and portable dynamic translator.. In USENIX annual technical conference","volume":"41","author":"Bellard Fabrice","year":"2005","unstructured":"Fabrice Bellard . 2005 . QEMU, a fast and portable dynamic translator.. In USENIX annual technical conference , FREENIX Track. 41 , 46 . Fabrice Bellard. 2005. QEMU, a fast and portable dynamic translator.. In USENIX annual technical conference, FREENIX Track. 41, 46.","journal-title":"FREENIX Track."},{"key":"e_1_3_2_1_9_1","unstructured":"Red Canary. 2017? Atomic Red Team. https:\/\/atomicredteam.io\/ \t\t\t\t  Red Canary. 2017? Atomic Red Team. https:\/\/atomicredteam.io\/"},{"key":"e_1_3_2_1_10_1","unstructured":"Red Canary. 2020. ChainReactor. https:\/\/redcanary.com\/blog\/chain-reactor-framework-for-linux\/ \t\t\t\t  Red Canary. 2020. ChainReactor. https:\/\/redcanary.com\/blog\/chain-reactor-framework-for-linux\/"},{"key":"e_1_3_2_1_11_1","volume-title":"13th USENIX Workshop on Cyber Security Experimentation and Test, CSET 2020","author":"Choi Seungoh","year":"2020","unstructured":"Seungoh Choi , Jongwon Choi , Jeong-Han Yun , Byung-Gil Min , and HyoungChun Kim . 2020 . Expansion of ICS Testbed for Security Validation based on MITRE ATT&CK Techniques . In 13th USENIX Workshop on Cyber Security Experimentation and Test, CSET 2020 , August 10, 2020, Tamara Denning and Tyler Moore (Eds.). USENIX Association. https:\/\/www.usenix.org\/conference\/cset20\/presentation\/choi Seungoh Choi, Jongwon Choi, Jeong-Han Yun, Byung-Gil Min, and HyoungChun Kim. 2020. Expansion of ICS Testbed for Security Validation based on MITRE ATT&CK Techniques. In 13th USENIX Workshop on Cyber Security Experimentation and Test, CSET 2020, August 10, 2020, Tamara Denning and Tyler Moore (Eds.). USENIX Association. https:\/\/www.usenix.org\/conference\/cset20\/presentation\/choi"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1013886.1007518"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-015-0261-z"},{"key":"e_1_3_2_1_14_1","unstructured":"Joseph Demarco. 2017. Invoke-Keylogger. https:\/\/gist.github.com\/D3F4LT99\/65d15c3c48da960b5e946a4f10e639df \t\t\t\t  Joseph Demarco. 2017. Invoke-Keylogger. https:\/\/gist.github.com\/D3F4LT99\/65d15c3c48da960b5e946a4f10e639df"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/UKSim.2018.00018"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-006-0026-9"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"crossref","unstructured":"Jameel Haffejee and Barry Irwin. 2014. Testing antivirus engines to determine their effectiveness as a security layer. In 2014 Information Security for South Africa. 1\u20136. \t\t\t\t  Jameel Haffejee and Barry Irwin. 2014. Testing antivirus engines to determine their effectiveness as a security layer. In 2014 Information Security for South Africa. 1\u20136.","DOI":"10.1109\/ISSA.2014.6950496"},{"key":"e_1_3_2_1_18_1","first-page":"2007","article-title":"A survey of malware detection techniques","volume":"48","author":"Idika Nwokedi","year":"2007","unstructured":"Nwokedi Idika and Aditya P Mathur . 2007 . A survey of malware detection techniques . Purdue University , 48 (2007), 2007 \u2013 2002 . Nwokedi Idika and Aditya P Mathur. 2007. A survey of malware detection techniques. Purdue University, 48 (2007), 2007\u20132.","journal-title":"Purdue University"},{"key":"e_1_3_2_1_19_1","volume-title":"Proceedings of the Linux symposium. 225\u2013230","author":"Kivity Avi","year":"2007","unstructured":"Avi Kivity , Yaniv Kamay , Dor Laor , Uri Lublin , and Anthony Liguori . 2007 . KVM: the Linux virtual machine monitor . In Proceedings of the Linux symposium. 225\u2013230 . Avi Kivity, Yaniv Kamay, Dor Laor, Uri Lublin, and Anthony Liguori. 2007. KVM: the Linux virtual machine monitor. In Proceedings of the Linux symposium. 225\u2013230."},{"key":"e_1_3_2_1_20_1","volume-title":"The Antivirus Hacker\u2019s Handbook","author":"Koret Joxean","year":"1902","unstructured":"Joxean Koret and Elias Bachaalany . 2015. The Antivirus Hacker\u2019s Handbook ( 1 st ed.). Wiley Publishing . isbn:11 1902 8752 Joxean Koret and Elias Bachaalany. 2015. The Antivirus Hacker\u2019s Handbook (1st ed.). Wiley Publishing. isbn:1119028752","edition":"1"},{"key":"e_1_3_2_1_21_1","unstructured":"Guardicore Labs. 2021? Infection Monkey. https:\/\/www.guardicore.com\/infectionmonkey\/ \t\t\t\t  Guardicore Labs. 2021? Infection Monkey. https:\/\/www.guardicore.com\/infectionmonkey\/"},{"key":"e_1_3_2_1_22_1","unstructured":"ICSA Labs. 1989. ICSA Labs. https:\/\/www.icsalabs.com\/ \t\t\t\t  ICSA Labs. 1989. ICSA Labs. https:\/\/www.icsalabs.com\/"},{"key":"e_1_3_2_1_23_1","unstructured":"SE Labs. 2015. SE Labs. https:\/\/selabs.uk \t\t\t\t  SE Labs. 2015. SE Labs. https:\/\/selabs.uk"},{"key":"e_1_3_2_1_24_1","unstructured":"West Coast Labs. 2015. West Coast Labs. http:\/\/www.westcoastlabs.com\/ \t\t\t\t  West Coast Labs. 2015. West Coast Labs. http:\/\/www.westcoastlabs.com\/"},{"key":"e_1_3_2_1_25_1","unstructured":"Valentine Legoy Marco Caselli Christin Seifert and Andreas Peter. 2020. Automated Retrieval of ATT&CK Tactics and Techniques for Cyber Threat Reports. arxiv:2004.14322. \t\t\t\t  Valentine Legoy Marco Caselli Christin Seifert and Andreas Peter. 2020. Automated Retrieval of ATT&CK Tactics and Techniques for Cyber Threat Reports. arxiv:2004.14322."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897856"},{"key":"e_1_3_2_1_27_1","unstructured":"Mitre. 2020. Event Triggered Execution: Accessibility Features. https:\/\/attack.mitre.org\/techniques\/T1546\/008\/ \t\t\t\t  Mitre. 2020. Event Triggered Execution: Accessibility Features. https:\/\/attack.mitre.org\/techniques\/T1546\/008\/"},{"key":"e_1_3_2_1_28_1","unstructured":"MRG-Effitas. 2009. MRG-Effitas. https:\/\/www.mrg-effitas.com\/ \t\t\t\t  MRG-Effitas. 2009. MRG-Effitas. https:\/\/www.mrg-effitas.com\/"},{"key":"e_1_3_2_1_29_1","unstructured":"Elastic NV. 2018. Red Team Automation. https:\/\/github.com\/endgameinc\/RTA \t\t\t\t  Elastic NV. 2018. Red Team Automation. https:\/\/github.com\/endgameinc\/RTA"},{"key":"e_1_3_2_1_30_1","volume-title":"SoK: ATT&CK Techniques and Trends in Windows Malware. In International Conference on Security and Privacy in Communication Systems. 406\u2013425","author":"Oosthoek Kris","year":"2019","unstructured":"Kris Oosthoek and Christian Doerr . 2019 . SoK: ATT&CK Techniques and Trends in Windows Malware. In International Conference on Security and Privacy in Communication Systems. 406\u2013425 . Kris Oosthoek and Christian Doerr. 2019. SoK: ATT&CK Techniques and Trends in Windows Malware. In International Conference on Security and Privacy in Communication Systems. 406\u2013425."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427233"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1186\/s13673-018-0125-x"},{"key":"e_1_3_2_1_33_1","volume-title":"Detecting Undetectable Metamorphic Viruses. In International Conference on Security & Management.","author":"Stamp Mark","unstructured":"Mark Stamp and S. Venkatachalam . 2011 . Detecting Undetectable Metamorphic Viruses. In International Conference on Security & Management. Mark Stamp and S. Venkatachalam. 2011. Detecting Undetectable Metamorphic Viruses. In International Conference on Security & Management."},{"key":"e_1_3_2_1_34_1","volume-title":"Thomas","author":"Strom Blake E.","year":"2018","unstructured":"Blake E. Strom , Andy Applebaum , Douglas P. Miller , Kathryn C. Nickels , Adam G. Pennington , and Cody B . Thomas . 2018 . MITRE ATT&CK\u2122 : Design and Philosophy. Mitre . Blake E. Strom, Andy Applebaum, Douglas P. Miller, Kathryn C. Nickels, Adam G. Pennington, and Cody B. Thomas. 2018. MITRE ATT&CK\u2122 : Design and Philosophy. Mitre."},{"key":"e_1_3_2_1_35_1","volume-title":"Wolf","author":"Strom Blake E.","year":"2017","unstructured":"Blake E. Strom , Joseph A. Battaglia , Michael S. Kemmerer , William Kupersanin , Douglas P. Miller , Craig Wampler , Sean M. Whitley , and Ross D . Wolf . 2017 . Finding Cyber Threats with ATT&CK-Based Analytics. Mitre . Blake E. Strom, Joseph A. Battaglia, Michael S. Kemmerer, William Kupersanin, Douglas P. Miller, Craig Wampler, Sean M. Whitley, and Ross D. Wolf. 2017. Finding Cyber Threats with ATT&CK-Based Analytics. Mitre."},{"key":"e_1_3_2_1_36_1","first-page":"63","article-title":"Commercial antivirus software effectiveness: an empirical study","volume":"44","author":"Sukwong Orathai","year":"2011","unstructured":"Orathai Sukwong , Hyong Kim , and James Hoe . 2011 . Commercial antivirus software effectiveness: an empirical study . IEEE Computer Architecture Letters , 44 , 03 (2011), 63 \u2013 70 . Orathai Sukwong, Hyong Kim, and James Hoe. 2011. Commercial antivirus software effectiveness: an empirical study. IEEE Computer Architecture Letters, 44, 03 (2011), 63\u201370.","journal-title":"IEEE Computer Architecture Letters"},{"key":"e_1_3_2_1_37_1","volume-title":"13th $USENIX$ Workshop on Cyber Security Experimentation and Test ($CSET$ 20).","author":"Takahashi Yusuke","unstructured":"Yusuke Takahashi , Shigeyoshi Shima , Rui Tanabe , and Katsunari Yoshioka . 2020. APTGen: An Approach towards Generating Practical Dataset Labelled with Targeted Attack Sequences . In 13th $USENIX$ Workshop on Cyber Security Experimentation and Test ($CSET$ 20). Yusuke Takahashi, Shigeyoshi Shima, Rui Tanabe, and Katsunari Yoshioka. 2020. APTGen: An Approach towards Generating Practical Dataset Labelled with Targeted Attack Sequences. In 13th $USENIX$ Workshop on Cyber Security Experimentation and Test ($CSET$ 20)."},{"key":"e_1_3_2_1_38_1","unstructured":"Uber. 2017. Metta. https:\/\/github.com\/uber-common\/metta \t\t\t\t  Uber. 2017. Metta. https:\/\/github.com\/uber-common\/metta"},{"key":"e_1_3_2_1_39_1","unstructured":"Mauricio Velazco. 2020. PurpSharp. https:\/\/www.purplesharp.com\/en\/latest\/ \t\t\t\t  Mauricio Velazco. 2020. PurpSharp. https:\/\/www.purplesharp.com\/en\/latest\/"},{"key":"e_1_3_2_1_40_1","volume-title":"Proceedings of the 3rd Hackers\u2019 Workshop on computer and internet security (IITKHACK\u201909)","author":"Vinod P","year":"2009","unstructured":"P Vinod , R Jaipur , V Laxmi , and M Gaur . 2009 . Survey on malware detection methods . In Proceedings of the 3rd Hackers\u2019 Workshop on computer and internet security (IITKHACK\u201909) . 74\u201379. P Vinod, R Jaipur, V Laxmi, and M Gaur. 2009. Survey on malware detection methods. In Proceedings of the 3rd Hackers\u2019 Workshop on computer and internet security (IITKHACK\u201909). 74\u201379."},{"key":"e_1_3_2_1_41_1","unstructured":"VirusTotal. 2004. VirusTotal. https:\/\/www.virustotal.com \t\t\t\t  VirusTotal. 2004. VirusTotal. https:\/\/www.virustotal.com"},{"key":"e_1_3_2_1_42_1","unstructured":"Winscripting. 2017. First entry: Welcome and fileless UAC bypass. https:\/\/winscripting.blog\/2017\/05\/12\/first-entry-welcome-and-uac-bypass\/ \t\t\t\t  Winscripting. 2017. First entry: Welcome and fileless UAC bypass. https:\/\/winscripting.blog\/2017\/05\/12\/first-entry-welcome-and-uac-bypass\/"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2017.2661723"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/BWCCA.2010.85"},{"key":"e_1_3_2_1_45_1","unstructured":"Polina Zilberman Rami Puzis Sunders Bruskin Shai Shwarz and Yuval Elovici. 2020. SoK: A Survey of Open-Source Threat Emulators. arXiv preprint arXiv:2003.01518. \t\t\t\t  Polina Zilberman Rami Puzis Sunders Bruskin Shai Shwarz and Yuval Elovici. 2020. SoK: A Survey of Open-Source Threat Emulators. arXiv preprint arXiv:2003.01518."}],"event":{"name":"A-TEST '22: 13th International Workshop on Automating Test Case Design, Selection and Evaluation","location":"Singapore Singapore","acronym":"A-TEST '22","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","NUS NUS"]},"container-title":["Proceedings of the 13th International Workshop on Automating Test Case Design, Selection and Evaluation"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3548659.3561307","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3548659.3561307","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T18:10:39Z","timestamp":1750183839000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3548659.3561307"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,11,7]]},"references-count":45,"alternative-id":["10.1145\/3548659.3561307","10.1145\/3548659"],"URL":"https:\/\/doi.org\/10.1145\/3548659.3561307","relation":{},"subject":[],"published":{"date-parts":[[2022,11,7]]},"assertion":[{"value":"2022-11-09","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}