{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,11]],"date-time":"2026-07-11T16:47:28Z","timestamp":1783788448205,"version":"3.55.0"},"publisher-location":"New York, NY, USA","reference-count":66,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,11,15]],"date-time":"2023-11-15T00:00:00Z","timestamp":1700006400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100020593","name":"Fundamental Research Funds for the Central Universities","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100020593","id-type":"DOI","asserted-by":"publisher"}]},{"name":"NSFC","award":["No. U1936215"],"award-info":[{"award-number":["No. U1936215"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,11,15]]},"DOI":"10.1145\/3576915.3623117","type":"proceedings-article","created":{"date-parts":[[2023,11,21]],"date-time":"2023-11-21T12:35:13Z","timestamp":1700570113000},"page":"90-104","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":19,"title":["Efficient Query-Based Attack against ML-Based Android Malware Detection under Zero Knowledge Setting"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-9911-7897","authenticated-orcid":false,"given":"Ping","family":"He","sequence":"first","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-7986-8519","authenticated-orcid":false,"given":"Yifan","family":"Xia","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8571-9780","authenticated-orcid":false,"given":"Xuhong","family":"Zhang","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4268-372X","authenticated-orcid":false,"given":"Shouling","family":"Ji","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, China"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2023,11,21]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"crossref","unstructured":"Kevin Allix Tegawend\u00e9 F. Bissyand\u00e9 Jacques Klein and Yves Le Traon. 2016. AndroZoo: collecting millions of Android apps for the research community. In MSR.","DOI":"10.1145\/2901739.2903508"},{"key":"e_1_3_2_1_2_1","volume-title":"Android Documentation. [Accessed on","year":"2023","unstructured":"Android. 2023 a. Android Documentation. [Accessed on Apr. 13, 2023]."},{"key":"e_1_3_2_1_3_1","volume-title":"2023 b. Android Manifest Documentation. https:\/\/developer.android.com\/guide\/topics\/manifest\/manifest-intro. [Accessed on","year":"2023","unstructured":"Android. 2023 b. Android Manifest Documentation. https:\/\/developer.android.com\/guide\/topics\/manifest\/manifest-intro. [Accessed on Apr. 21, 2023]."},{"key":"e_1_3_2_1_4_1","volume-title":"2023 c. Android Permission. https:\/\/developer.android.com\/reference\/android\/Manifest.permission. [Accessed on","year":"2023","unstructured":"Android. 2023 c. Android Permission. https:\/\/developer.android.com\/reference\/android\/Manifest.permission. [Accessed on Apr. 21, 2023]."},{"key":"e_1_3_2_1_5_1","volume-title":"2023 d. App Components. https:\/\/developer.android.com\/guide\/components\/fundamentals. [Accessed on","year":"2023","unstructured":"Android. 2023 d. App Components. https:\/\/developer.android.com\/guide\/components\/fundamentals. [Accessed on Apr. 21, 2023]."},{"key":"e_1_3_2_1_6_1","volume-title":"2023 e. App Intent. https:\/\/developer.android.com\/reference\/android\/content\/Intent. [Accessed on","year":"2023","unstructured":"Android. 2023 e. App Intent. https:\/\/developer.android.com\/reference\/android\/content\/Intent. [Accessed on Apr. 21, 2023]."},{"key":"e_1_3_2_1_7_1","volume-title":"2023 f. App Process. https:\/\/developer.android.com\/guide\/components\/processes-and-threads. [Accessed on","year":"2023","unstructured":"Android. 2023 f. App Process. https:\/\/developer.android.com\/guide\/components\/processes-and-threads. [Accessed on Apr. 21, 2023]."},{"key":"e_1_3_2_1_8_1","volume-title":"2023 g. Use-Feature reference. https:\/\/developer.android.com\/guide\/topics\/manifest\/uses-feature-element. [Accessed on","year":"2023","unstructured":"Android. 2023 g. Use-Feature reference. https:\/\/developer.android.com\/guide\/topics\/manifest\/uses-feature-element. [Accessed on Apr. 21, 2023]."},{"key":"e_1_3_2_1_9_1","volume-title":"https:\/\/ibotpeaches.github.io\/Apktool\/. [Accessed on","year":"2023","unstructured":"Apktool. 2023. Apktool. https:\/\/ibotpeaches.github.io\/Apktool\/. [Accessed on Apr. 21, 2023]."},{"key":"e_1_3_2_1_10_1","volume-title":"Roundy","author":"Apruzzese Giovanni","year":"2022","unstructured":"Giovanni Apruzzese, Hyrum S. Anderson, Savino Dambra, David Freeman, Fabio Pierazzi, and Kevin A. Roundy. 2022. \"Real Attackers Don't Compute Gradients\": Bridging the Gap Between Adversarial ML Research and Practice. CoRR (2022)."},{"key":"e_1_3_2_1_11_1","volume-title":"USENIX Security Symposium.","author":"Arp Daniel","year":"2022","unstructured":"Daniel Arp, Erwin Quiring, Feargus Pendlebury, Alexander Warnecke, Fabio Pierazzi, Christian Wressnegger, Lorenzo Cavallaro, and Konrad Rieck. 2022. Dos and Don'ts of Machine Learning in Computer Security. In USENIX Security Symposium."},{"key":"e_1_3_2_1_12_1","volume-title":"DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket. In NDSS.","author":"Arp Daniel","year":"2014","unstructured":"Daniel Arp, Michael Spreitzenbarth, Malte Hubner, Hugo Gascon, and Konrad Rieck. 2014. DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket. In NDSS."},{"key":"e_1_3_2_1_13_1","volume-title":"Damien Octeau, and Patrick D. McDaniel.","author":"Arzt Steven","year":"2014","unstructured":"Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick D. McDaniel. 2014. FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In PLDI."},{"key":"e_1_3_2_1_14_1","volume-title":"Zhen Huang, and David Lie.","author":"Yee Au Kathy Wain","year":"2012","unstructured":"Kathy Wain Yee Au, Yi Fan Zhou, Zhen Huang, and David Lie. 2012. PScout: analyzing the Android permission specification. In ACM CCS."},{"key":"e_1_3_2_1_15_1","volume-title":"Total Amount of Android Malware. https:\/\/portal.av-atlas.org\/malware\/statistics. [Accessed on","author":"AV-ATLAS.","year":"2023","unstructured":"AV-ATLAS. 2023. Total Amount of Android Malware. https:\/\/portal.av-atlas.org\/malware\/statistics. [Accessed on Apr. 13, 2023]."},{"key":"e_1_3_2_1_16_1","volume-title":"Transcending TRANSCEND: Revisiting Malware Classification in the Presence of Concept Drift","author":"Barbero Federico","unstructured":"Federico Barbero, Feargus Pendlebury, Fabio Pierazzi, and Lorenzo Cavallaro. 2022. Transcending TRANSCEND: Revisiting Malware Classification in the Presence of Concept Drift. In IEEE S&P."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"crossref","unstructured":"Battista Biggio and Fabio Roli. 2018. Wild patterns: Ten years after the rise of adversarial machine learning. Pattern Recognit. (2018).","DOI":"10.1145\/3243734.3264418"},{"key":"e_1_3_2_1_18_1","volume-title":"EvadeDroid: A Practical Evasion Attack on Machine Learning for Black-box Android Malware Detection. CoRR","author":"Bostani Hamid","year":"2021","unstructured":"Hamid Bostani and Veelasha Moonsamy. 2021. EvadeDroid: A Practical Evasion Attack on Machine Learning for Black-box Android Malware Detection. CoRR (2021)."},{"key":"e_1_3_2_1_19_1","volume-title":"On Evaluating Adversarial Robustness. CoRR","author":"Carlini Nicholas","year":"2019","unstructured":"Nicholas Carlini, Anish Athalye, Nicolas Papernot, Wieland Brendel, Jonas Rauber, Dimitris Tsipras, Ian J. Goodfellow, Aleksander Madry, and Alexey Kurakin. 2019. On Evaluating Adversarial Robustness. CoRR (2019)."},{"key":"e_1_3_2_1_20_1","volume-title":"Wagner","author":"Carlini Nicholas","year":"2017","unstructured":"Nicholas Carlini and David A. Wagner. 2017. Towards Evaluating the Robustness of Neural Networks. In IEEE S&P."},{"key":"e_1_3_2_1_21_1","volume":"2020","author":"Chen Jianbo","unstructured":"Jianbo Chen, Michael I. Jordan, and Martin J. Wainwright. 2020a. HopSkipJumpAttack: A Query-Efficient Decision-Based Attack. In IEEE S&P.","journal-title":"Martin J. Wainwright."},{"key":"e_1_3_2_1_22_1","volume-title":"Android HIV: A Study of Repackaging Malware for Evading Machine-Learning Detection","author":"Chen Xiao","year":"2020","unstructured":"Xiao Chen, Chaoran Li, Derui Wang, Sheng Wen, Jun Zhang, Surya Nepal, Yang Xiang, and Kui Ren. 2020b. Android HIV: A Study of Repackaging Malware for Evading Machine-Learning Detection. IEEE Trans. Inf. Forensics Secur. (2020)."},{"key":"e_1_3_2_1_23_1","unstructured":"Tianyu Du Shouling Ji Lujia Shen Yao Zhang Jinfeng Li Jie Shi Chengfang Fang Jianwei Yin Raheem Beyah and Ting Wang. 2021. Cert-RNN: Towards Certifying the Robustness of Recurrent Neural Networks. In ACM CCS."},{"key":"e_1_3_2_1_24_1","unstructured":"Google Play. 2023. Google Play. [Accessed on Apr. 13 2023]."},{"key":"e_1_3_2_1_25_1","volume-title":"McDaniel","author":"Grosse Kathrin","year":"2017","unstructured":"Kathrin Grosse, Nicolas Papernot, Praveen Manoharan, Michael Backes, and Patrick D. McDaniel. 2017. Adversarial Examples for Malware Detection. In ESORICS."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243792"},{"key":"e_1_3_2_1_27_1","volume-title":"Transcend: Detecting Concept Drift in Malware Classification Models. In USENIX Security Symposium.","author":"Jordaney Roberto","year":"2017","unstructured":"Roberto Jordaney, Kumar Sharad, Santanu Kumar Dash, Zhi Wang, Davide Papini, Ilia Nouretdinov, and Lorenzo Cavallaro. 2017. Transcend: Detecting Concept Drift in Malware Classification Models. In USENIX Security Symposium."},{"key":"e_1_3_2_1_28_1","volume-title":"Towards Certifying the Asymmetric Robustness for Neural Networks: Quantification and Applications","author":"Li Changjiang","year":"2022","unstructured":"Changjiang Li, Shouling Ji, Haiqin Weng, Bo Li, Jie Shi, Raheem Beyah, Shanqing Guo, Zonghui Wang, and Ting Wang. 2022a. Towards Certifying the Asymmetric Robustness for Neural Networks: Quantification and Applications. IEEE Trans. Dependable Secur. Comput. (2022)."},{"key":"e_1_3_2_1_29_1","volume-title":"Adversarial Deep Ensemble: Evasion Attacks and Defenses for Malware Detection","author":"Li Deqiang","year":"2020","unstructured":"Deqiang Li and Qianmu Li. 2020. Adversarial Deep Ensemble: Evasion Attacks and Defenses for Malware Detection. IEEE Trans. Inf. Forensics Secur. (2020)."},{"key":"e_1_3_2_1_30_1","volume-title":"2023 a. Black-box Adversarial Example Attack towards FCG Based Android Malware Detection under Incomplete Feature Information. CoRR","author":"Li Heng","year":"2023","unstructured":"Heng Li, Zhang Cheng, Bang Wu, Liheng Yuan, Cuiying Gao, Wei Yuan, and Xiapu Luo. 2023 a. Black-box Adversarial Example Attack towards FCG Based Android Malware Detection under Incomplete Feature Information. CoRR (2023)."},{"key":"e_1_3_2_1_31_1","volume-title":"USENIX Security Symposium.","author":"Li Huiying","unstructured":"Huiying Li, Shawn Shan, Emily Wenger, Jiayun Zhang, Haitao Zheng, and Ben Y. Zhao. 2022b. Blacklight: Scalable Defense for Neural Networks against Query-Based Black-Box Attacks. In USENIX Security Symposium."},{"key":"e_1_3_2_1_32_1","unstructured":"Heng Li ShiYao Zhou Wei Yuan Xiapu Luo Cuiying Gao and Shuiyan Chen. 2021. Robust Android Malware Detection against Adversarial Example Attacks. In WWW."},{"key":"e_1_3_2_1_33_1","unstructured":"Jinfeng Li Shouling Ji Tianyu Du Bo Li and Ting Wang. 2019. TextBugger: Generating Adversarial Text Against Real-world Applications. In NDSS."},{"key":"e_1_3_2_1_34_1","volume-title":"2023 b. SoK: Certified Robustness for Deep Neural Networks","author":"Li Linyi","unstructured":"Linyi Li, Tao Xie, and Bo Li. 2023 b. SoK: Certified Robustness for Deep Neural Networks. In IEEE S&P."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"crossref","unstructured":"Yue Liu Chakkrit Tantithamthavorn Li Li and Yepang Liu. 2023. Deep Learning for Android Malware Defenses: A Systematic Literature Review. ACM Comput. Surv. (2023).","DOI":"10.1145\/3544968"},{"key":"e_1_3_2_1_36_1","volume-title":"Transfer Attacks Revisited: A Large-Scale Empirical Study in Real Computer Vision Settings","author":"Mao Yuhao","unstructured":"Yuhao Mao, Chong Fu, Saizhuo Wang, Shouling Ji, Xuhong Zhang, Zhenguang Liu, Jun Zhou, Alex X. Liu, Raheem Beyah, and Ting Wang. 2022. Transfer Attacks Revisited: A Large-Scale Empirical Study in Real Computer Vision Settings. In IEEE S&P."},{"key":"e_1_3_2_1_37_1","volume-title":"Gordon J. Ross, and Gianluca Stringhini.","author":"Mariconti Enrico","year":"2017","unstructured":"Enrico Mariconti, Lucky Onwuzurike, Panagiotis Andriotis, Emiliano De Cristofaro, Gordon J. Ross, and Gianluca Stringhini. 2017. MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models. In NDSS."},{"key":"e_1_3_2_1_38_1","volume-title":"-C. Lan","author":"Murphy Gail C.","year":"1998","unstructured":"Gail C. Murphy, David Notkin, William G. Griswold, and Erica S.-C. Lan. 1998. An Empirical Study of Static Call Graph Extractors. ACM Trans. Softw. Eng. Methodol. (1998)."},{"key":"e_1_3_2_1_39_1","volume-title":"An introduction to decision tree modeling. Journal of Chemometrics: A Journal of the Chemometrics Society","author":"Myles Anthony J","year":"2004","unstructured":"Anthony J Myles, Robert N Feudale, Yang Liu, Nathaniel A Woody, and Steven D Brown. 2004. An introduction to decision tree modeling. Journal of Chemometrics: A Journal of the Chemometrics Society (2004)."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"crossref","unstructured":"Nicolas Papernot Patrick D. McDaniel Ian J. Goodfellow Somesh Jha Z. Berkay Celik and Ananthram Swami. 2017. Practical Black-Box Attacks against Machine Learning. In ACM AsiaCCS.","DOI":"10.1145\/3052973.3053009"},{"key":"e_1_3_2_1_41_1","volume-title":"PyTorch: An Imperative Style","author":"Paszke Adam","unstructured":"Adam Paszke, Sam Gross, Francisco Massa, Adam Lerer, James Bradbury, Gregory Chanan, Trevor Killeen, Zeming Lin, Natalia Gimelshein, Luca Antiga, Alban Desmaison, Andreas K\u00f6pf, Edward Z. Yang, Zachary DeVito, Martin Raison, Alykhan Tejani, Sasank Chilamkurthy, Benoit Steiner, Lu Fang, Junjie Bai, and Soumith Chintala. 2019. PyTorch: An Imperative Style, High-Performance Deep Learning Library. In NeurIPS."},{"key":"e_1_3_2_1_42_1","volume-title":"USENIX Security Symposium.","author":"Pendlebury Feargus","year":"2019","unstructured":"Feargus Pendlebury, Fabio Pierazzi, Roberto Jordaney, Johannes Kinder, and Lorenzo Cavallaro. 2019. TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time. In USENIX Security Symposium."},{"key":"e_1_3_2_1_43_1","volume-title":"Intriguing Properties of Adversarial ML Attacks in the Problem Space. In IEEE Symposium on S&P.","author":"Pierazzi Fabio","year":"2020","unstructured":"Fabio Pierazzi, Feargus Pendlebury, Jacopo Cortellazzi, and Lorenzo Cavallaro. 2020. Intriguing Properties of Adversarial ML Attacks in the Problem Space. In IEEE Symposium on S&P."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"crossref","unstructured":"J. Ross Quinlan. 1996. Learning Decision Tree Classifiers. ACM Comput. Surv. (1996).","DOI":"10.1145\/234313.234346"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"crossref","unstructured":"Vitalis Salis Thodoris Sotiropoulos Panos Louridas Diomidis Spinellis and Dimitris Mitropoulos. 2021. PyCG: Practical Call Graph Generation in Python. In ICSE.","DOI":"10.1109\/ICSE43902.2021.00146"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"crossref","unstructured":"Yun Shen Pierre-Antoine Vervier and Gianluca Stringhini. 2021. Understanding Worldwide Private Information Collection on Android. In NDSS.","DOI":"10.14722\/ndss.2021.24076"},{"key":"e_1_3_2_1_47_1","volume-title":"USENIX Security Symposium.","author":"Shen Yun","year":"2022","unstructured":"Yun Shen, Pierre Antoine Vervier, and Gianluca Stringhini. 2022. A Large-scale Temporal Measurement of Android Malicious Apps: Persistence, Migration, and Lessons Learned. In USENIX Security Symposium."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"crossref","unstructured":"Wei Song Xuezixiang Li Sadia Afroz Deepali Garg Dmitry Kuznetsov and Heng Yin. 2022. MAB-Malware: A Reinforcement Learning Framework for Blackbox Generation of Adversarial Malware. In ACM AsiaCCS.","DOI":"10.1145\/3488932.3497768"},{"key":"e_1_3_2_1_49_1","volume-title":"Mobile Operating Systems' Market. https:\/\/www.statista.com\/statistics\/272698\/global-market-share-held-by-mobile-operating-systems-since-2009\/. [Accessed on","year":"2023","unstructured":"Statista. 2023. Mobile Operating Systems' Market. https:\/\/www.statista.com\/statistics\/272698\/global-market-share-held-by-mobile-operating-systems-since-2009\/. [Accessed on Apr. 13, 2023]."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2020.2982635"},{"key":"e_1_3_2_1_51_1","volume-title":"Generalized Transferability for Evasion and Poisoning Attacks. In USENIX Security Symposium.","author":"Suciu Octavian","year":"2018","unstructured":"Octavian Suciu, Radu Marginean, Yigitcan Kaya, Hal Daum\u00e9 III, and Tudor Dumitras. 2018. When Does Machine Learning FAIL? Generalized Transferability for Evasion and Poisoning Attacks. In USENIX Security Symposium."},{"key":"e_1_3_2_1_52_1","volume-title":"Griffin","author":"Tanay Thomas","year":"2016","unstructured":"Thomas Tanay and Lewis D. Griffin. 2016. A Boundary Tilting Persepective on the Phenomenon of Adversarial Examples. CoRR (2016)."},{"key":"e_1_3_2_1_53_1","unstructured":"Raja Vall\u00e9 e-Rai Phong Co Etienne Gagnon Laurie J. Hendren Patrick Lam and Vijay Sundaresan. 1999. Soot - a Java bytecode optimization framework. In CASCON."},{"key":"e_1_3_2_1_54_1","volume-title":"https:\/\/virusshare.com\/. [Accessed on","author":"Dataset VirusShare","year":"2023","unstructured":"VirusShare. 2023. VirusShare Dataset. https:\/\/virusshare.com\/. [Accessed on July 17, 2023]."},{"key":"e_1_3_2_1_55_1","volume-title":"VirusTotal API Documentation. [Accessed on","year":"2023","unstructured":"VirusTotal. 2023 a. VirusTotal API Documentation. [Accessed on Apr. 13, 2023]."},{"key":"e_1_3_2_1_56_1","volume-title":"2023 b. VirusTotal Sandboxes. https:\/\/support.virustotal.com\/hc\/en-us\/articles\/6253253596957. [Accessed on","year":"2023","unstructured":"VirusTotal. 2023 b. VirusTotal Sandboxes. https:\/\/support.virustotal.com\/hc\/en-us\/articles\/6253253596957. [Accessed on July 17, 2023]."},{"key":"e_1_3_2_1_57_1","volume-title":"Ranasinghe","author":"Vo Viet Quoc","year":"2022","unstructured":"Viet Quoc Vo, Ehsan Abbasnejad, and Damith C. Ranasinghe. 2022. RamBoAttack: A Robust and Query Efficient Deep Neural Network Decision Exploit. In NDSS."},{"key":"e_1_3_2_1_58_1","volume-title":"Exposing Weaknesses of Malware Detectors with Explainability-Guided Evasion Attacks. CoRR","author":"Wang Wei","year":"2021","unstructured":"Wei Wang, Ruoxi Sun, Tian Dong, Shaofeng Li, Minhui Xue, Gareth Tyson, and Haojin Zhu. 2021. Exposing Weaknesses of Malware Detectors with Explainability-Guided Evasion Attacks. CoRR (2021)."},{"key":"e_1_3_2_1_59_1","volume-title":"Lyu","author":"Wu Bozhi","year":"2021","unstructured":"Bozhi Wu, Sen Chen, Cuiyun Gao, Lingling Fan, Yang Liu, Weiping Wen, and Michael R. Lyu. 2021a. Why an Android App Is Classified as Malware: Toward Malware Classification Interpretation. ACM Trans. Softw. Eng. Methodol. (2021)."},{"key":"e_1_3_2_1_60_1","volume-title":"USENIX Security Symposium.","author":"Wu Xian","year":"2021","unstructured":"Xian Wu, Wenbo Guo, Hua Wei, and Xinyu Xing. 2021b. Adversarial Policy Training against Deep Reinforcement Learning. In USENIX Security Symposium."},{"key":"e_1_3_2_1_61_1","volume-title":"CADE: Detecting and Explaining Concept Drift Samples for Security Applications. In USENIX Security Symposium.","author":"Yang Limin","year":"2021","unstructured":"Limin Yang, Wenbo Guo, Qingying Hao, Arridhana Ciptadi, Ali Ahmadzadeh, Xinyu Xing, and Gang Wang. 2021. CADE: Detecting and Explaining Concept Drift Samples for Security Applications. In USENIX Security Symposium."},{"key":"e_1_3_2_1_62_1","unstructured":"Zhuolin Yang Zhikuan Zhao Boxin Wang Jiawei Zhang Linyi Li Hengzhi Pei Bojan Karla? Ji Liu Heng Guo Ce Zhang and Bo Li. 2022. Improving Certified Robustness via Statistical Learning with Logical Reasoning. In NeurIPS."},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"crossref","unstructured":"Jin Zhang Chennan Zhang Xiangyu Liu Yuncheng Wang Wenrui Diao and Shanqing Guo. 2021. ShadowDroid: Practical Black-box Attack against ML-based Android Malware Detection. In ICPADS.","DOI":"10.1109\/ICPADS53394.2021.00084"},{"key":"e_1_3_2_1_64_1","volume-title":"USENIX Security Symposium.","author":"Zhang Xinyang","year":"2020","unstructured":"Xinyang Zhang, Ningfei Wang, Hua Shen, Shouling Ji, Xiapu Luo, and Ting Wang. 2020a. Interpretable Deep Learning under Fire. In USENIX Security Symposium."},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"crossref","unstructured":"Xiaohan Zhang Yuan Zhang Ming Zhong Daizong Ding Yinzhi Cao Yukun Zhang Mi Zhang and Min Yang. 2020b. Enhancing State-of-the-art Classifiers with API Semantics to Detect Evolved Android Malware. In ACM CCS.","DOI":"10.1145\/3372297.3417291"},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"crossref","unstructured":"Kaifa Zhao Hao Zhou Yulin Zhu Xian Zhan Kai Zhou Jianfeng Li Le Yu Wei Yuan and Xiapu Luo. 2021. Structural Attack against Graph Based Android Malware Detection. In ACM CCS.","DOI":"10.1145\/3460120.3485387"}],"event":{"name":"CCS '23: ACM SIGSAC Conference on Computer and Communications Security","location":"Copenhagen Denmark","acronym":"CCS '23","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3576915.3623117","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3576915.3623117","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,21]],"date-time":"2025-08-21T01:57:40Z","timestamp":1755741460000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3576915.3623117"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,15]]},"references-count":66,"alternative-id":["10.1145\/3576915.3623117","10.1145\/3576915"],"URL":"https:\/\/doi.org\/10.1145\/3576915.3623117","relation":{},"subject":[],"published":{"date-parts":[[2023,11,15]]},"assertion":[{"value":"2023-11-21","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}