{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,10]],"date-time":"2026-01-10T13:45:52Z","timestamp":1768052752774,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":22,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,11,26]],"date-time":"2023-11-26T00:00:00Z","timestamp":1700956800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Horizon 2020 Research and Innovation Programme","award":["847402"],"award-info":[{"award-number":["847402"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,11,30]]},"DOI":"10.1145\/3605764.3623914","type":"proceedings-article","created":{"date-parts":[[2023,11,21]],"date-time":"2023-11-21T12:12:17Z","timestamp":1700568737000},"page":"173-184","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":7,"title":["Certified Robustness of Static Deep Learning-based Malware Detectors against Patch and Append Attacks"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2448-1297","authenticated-orcid":false,"given":"Daniel","family":"Gibert","sequence":"first","affiliation":[{"name":"University College Dublin, Dublin, Ireland"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-5750-5744","authenticated-orcid":false,"given":"Giulio","family":"Zizzo","sequence":"additional","affiliation":[{"name":"IBM Research Europe, Dublin, Ireland"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6513-8340","authenticated-orcid":false,"given":"Quan","family":"Le","sequence":"additional","affiliation":[{"name":"University College Dublin, Dublin, Ireland"}]}],"member":"320","published-online":{"date-parts":[[2023,11,26]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2857705.2857713"},{"key":"e_1_3_2_1_2_1","volume-title":"EMBER: An Open Dataset for Training Static PE Malware Machine Learning Models. ArXiv e-prints (April","author":"Anderson H. S.","year":"2018","unstructured":"H. S. Anderson and P. Roth. 2018. EMBER: An Open Dataset for Training Static PE Malware Machine Learning Models. ArXiv e-prints (April 2018). arxiv: 1804.04637 [cs.CR]"},{"key":"e_1_3_2_1_3_1","unstructured":"Luca Demetrio and Battista Biggio. 2021. secml-malware: A Python Library for Adversarial Robustness Evaluation of Windows Malware Classifiers. arxiv: 2104.12848 [cs.CR]"},{"key":"e_1_3_2_1_4_1","volume-title":"Explaining Vulnerabilities of Deep Learning to Adversarial Malware Binaries. CoRR","author":"Demetrio Luca","year":"2019","unstructured":"Luca Demetrio, Battista Biggio, Giovanni Lagorio, Fabio Roli, and Alessandro Armando. 2019. Explaining Vulnerabilities of Deep Learning to Adversarial Malware Binaries. CoRR, Vol. abs\/1901.03583 (2019). [arXiv]1901.03583 http:\/\/arxiv.org\/abs\/1901.03583"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2021.3082330"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/3473039"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.3233\/978--1--61499--806--8--221"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101873"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW59978.2023.00052"},{"key":"e_1_3_2_1_10_1","volume-title":"3rd International Conference on Learning Representations, ICLR","author":"Goodfellow Ian J.","year":"2015","unstructured":"Ian J. Goodfellow, Jonathon Shlens, and Christian Szegedy. 2015. Explaining and Harnessing Adversarial Examples. In 3rd International Conference on Learning Representations, ICLR 2015, San Diego, CA, USA, May 7--9, 2015, Conference Track Proceedings, Yoshua Bengio and Yann LeCun (Eds.). http:\/\/arxiv.org\/abs\/1412.6572"},{"key":"e_1_3_2_1_11_1","volume-title":"Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN. CoRR","author":"Hu Weiwei","year":"2017","unstructured":"Weiwei Hu and Ying Tan. 2017. Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN. CoRR, Vol. abs\/1702.05983 (2017). [arXiv]1702.05983 http:\/\/arxiv.org\/abs\/1702.05983"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.23919\/EUSIPCO.2018.8553214"},{"key":"e_1_3_2_1_13_1","volume-title":"Adversarial Examples on Discrete Sequences for Beating Whole-Binary Malware Detection. CoRR","author":"Kreuk Felix","year":"2018","unstructured":"Felix Kreuk, Assi Barak, Shir Aviv-Reuven, Moran Baruch, Benny Pinkas, and Joseph Keshet. 2018. Adversarial Examples on Discrete Sequences for Beating Whole-Binary Malware Detection. CoRR, Vol. abs\/1802.04528 (2018). [arXiv]1802.04528 http:\/\/arxiv.org\/abs\/1802.04528"},{"key":"e_1_3_2_1_14_1","unstructured":"Martin B\u00e1lek. 2018. Deep Convolutional Malware Classifiers Can Learn from Raw Executables and Labels Only. https:\/\/openreview.net\/pdf?id=HkHrmM1PM"},{"key":"e_1_3_2_1_15_1","volume-title":"Advances in Neural Information Processing Systems 33: Annual Conference on Neural Information Processing Systems 2020","author":"Levine Alexander","year":"2020","unstructured":"Alexander Levine and Soheil Feizi. 2020. (De)Randomized Smoothing for Certifiable Defense against Patch Attacks. In Advances in Neural Information Processing Systems 33: Annual Conference on Neural Information Processing Systems 2020, NeurIPS 2020, December 6--12, 2020, virtual, Hugo Larochelle, Marc'Aurelio Ranzato, Raia Hadsell, Maria-Florina Balcan, and Hsuan-Tien Lin (Eds.). https:\/\/proceedings.neurips.cc\/paper\/2020\/hash\/47ce0875420b2dbacfc5535f94e68433-Abstract.html"},{"key":"e_1_3_2_1_16_1","volume-title":"PyTorch: An Imperative Style","author":"Paszke Adam","unstructured":"Adam Paszke, Sam Gross, Francisco Massa, Adam Lerer, James Bradbury, Gregory Chanan, Trevor Killeen, Zeming Lin, Natalia Gimelshein, Luca Antiga, Alban Desmaison, Andreas Kopf, Edward Yang, Zachary DeVito, Martin Raison, Alykhan Tejani, Sasank Chilamkurthy, Benoit Steiner, Lu Fang, Junjie Bai, and Soumith Chintala. 2019. PyTorch: An Imperative Style, High-Performance Deep Learning Library. In Advances in Neural Information Processing Systems 32, H. Wallach, H. Larochelle, A. Beygelzimer, F. dtextquotesingle Alch\u00e9-Buc, E. Fox, and R. Garnett (Eds.). Curran Associates, Inc., 8024--8035. http:\/\/papers.neurips.cc\/paper\/9015-pytorch-an-imperative-style-high-performance-deep-learning-library.pdf"},{"key":"e_1_3_2_1_17_1","unstructured":"Edward Raff Jon Barker Jared Sylvester Robert Brandon Bryan Catanzaro and Charles K. Nicholas. 2018. Malware Detection by Eating a Whole EXE. In The Workshops of the The Thirty-Second AAAI Conference on Artificial Intelligence New Orleans Louisiana USA February 2--7 2018 (AAAI Technical Report Vol. WS-18). AAAI Press 268--276. https:\/\/aaai.org\/ocs\/index.php\/WS\/AAAIW18\/paper\/view\/16422"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v35i11.17131"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2019.00015"},{"key":"e_1_3_2_1_20_1","volume-title":"2nd International Conference on Learning Representations, ICLR 2014, Banff, AB, Canada, April 14--16, 2014, Conference Track Proceedings, Yoshua Bengio and Yann LeCun (Eds.). http:\/\/arxiv.org\/abs\/1312","author":"Szegedy Christian","year":"2014","unstructured":"Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian J. Goodfellow, and Rob Fergus. 2014. Intriguing properties of neural networks. In 2nd International Conference on Learning Representations, ICLR 2014, Banff, AB, Canada, April 14--16, 2014, Conference Track Proceedings, Yoshua Bengio and Yann LeCun (Eds.). http:\/\/arxiv.org\/abs\/1312.6199"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/SPW53761.2021.00020"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102643"}],"event":{"name":"CCS '23: ACM SIGSAC Conference on Computer and Communications Security","location":"Copenhagen Denmark","acronym":"CCS '23","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 16th ACM Workshop on Artificial Intelligence and Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3605764.3623914","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3605764.3623914","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,23]],"date-time":"2025-08-23T01:35:45Z","timestamp":1755912945000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3605764.3623914"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,26]]},"references-count":22,"alternative-id":["10.1145\/3605764.3623914","10.1145\/3605764"],"URL":"https:\/\/doi.org\/10.1145\/3605764.3623914","relation":{},"subject":[],"published":{"date-parts":[[2023,11,26]]},"assertion":[{"value":"2023-11-26","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}