{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T18:58:01Z","timestamp":1769972281321,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":54,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,10,16]],"date-time":"2023-10-16T00:00:00Z","timestamp":1697414400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-sa\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,10,16]]},"DOI":"10.1145\/3607199.3607207","type":"proceedings-article","created":{"date-parts":[[2023,10,3]],"date-time":"2023-10-03T22:30:51Z","timestamp":1696372251000},"page":"455-470","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["A Method for Summarizing and Classifying Evasive Malware"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0007-2669-8346","authenticated-orcid":false,"given":"Haikuo","family":"Yin","sequence":"first","affiliation":[{"name":"University of California, Los Angeles, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-8036-782X","authenticated-orcid":false,"given":"Brandon","family":"Lou","sequence":"additional","affiliation":[{"name":"University of California, Los Angeles, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5301-2246","authenticated-orcid":false,"given":"Peter","family":"Reiher","sequence":"additional","affiliation":[{"name":"University of California, Los Angeles, USA"}]}],"member":"320","published-online":{"date-parts":[[2023,10,16]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2338965.2336768"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2022.3152360"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2019.2932228"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484776"},{"key":"e_1_3_2_1_5_1","volume-title":"On Training Robust PDF Malware Classifiers. In 29th USENIX Security Symposium (USENIX Security 20)","author":"Chen Yizheng","year":"2020","unstructured":"Yizheng Chen, Shiqi Wang, Dongdong She, and Suman Jana. 2020. On Training Robust PDF Malware Classifiers. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 2343\u20132360. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/chen-yizheng."},{"key":"e_1_3_2_1_6_1","unstructured":"CNET. 2022. Free Software Downloads and Reviews for Windows Android Mac and iOS. Retrieved 2021-08-12 from https:\/\/download.cnet.com\/"},{"key":"e_1_3_2_1_7_1","volume-title":"Malware Statistics","author":"Cook Sam","year":"2022","unstructured":"Sam Cook. 2022. Malware Statistics in 2022. Retrieved 2022-10-17 from https:\/\/www.comparitech.com\/antivirus\/malware-statistics-facts\/"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2666652.2666657"},{"key":"e_1_3_2_1_9_1","unstructured":"Cuckoo. 2019. Cuckoo Sandbox - Automated Malware Analysis. Retrieved 2022-06-06 from https:\/\/cuckoosandbox.org\/"},{"key":"e_1_3_2_1_10_1","unstructured":"Cybersecurity and Infrastructure\u00a0Security Agency. 2020. Emotet Malware | CISA. Retrieved 2022-10-14 from https:\/\/www.cisa.gov\/uscert\/ncas\/alerts\/aa20-280a\/"},{"key":"e_1_3_2_1_11_1","unstructured":"LF\u00a0AI\u00a0& Data. 2023. Adversarial Robustness Toolbox (ART). Retrieved 2023-3-18 from https:\/\/github.com\/Trusted-AI\/adversarial-robustness-toolbox"},{"key":"e_1_3_2_1_12_1","volume-title":"Information and Communications Security","author":"Fadadu Fenil","unstructured":"Fenil Fadadu, Anand Handa, Nitesh Kumar, and Sandeep\u00a0Kumar Shukla. 2020. Evading API Call Sequence Based Malware Classifiers. In Information and Communications Security, Jianying Zhou, Xiapu Luo, Qingni Shen, and Zhen Xu (Eds.). Springer International Publishing, Cham, 18\u201333."},{"key":"e_1_3_2_1_13_1","unstructured":"Portable Freeware. 2022. Latest entries - The Portable Freeware Collection. Retrieved 2021-08-12 from https:\/\/www.portablefreeware.com\/"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102550"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66399-9_4"},{"key":"e_1_3_2_1_16_1","unstructured":"hasherezade. 2023. Github - IAT patcher. Retrieved 2023-3-18 from https:\/\/github.com\/hasherezade\/IAT_patcher"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","unstructured":"Weiwei Hu and Ying Tan. 2017. Black-Box Attacks against RNN based Malware Detection Algorithms. https:\/\/doi.org\/10.48550\/ARXIV.1705.08131","DOI":"10.48550\/ARXIV.1705.08131"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/3180445.3180449"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISQED51717.2021.9424310"},{"key":"e_1_3_2_1_20_1","unstructured":"Jimster480. 2007. EAT Hooking On DLLs. Retrieved 2023-3-18 from https:\/\/www.unknowncheats.me\/forum\/c-and-c\/50426-eat-hooking-dlls.html"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102872"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","unstructured":"Lorenzo Maffia Dario Nisi Platon Kotzias Giovanni Lagorio Simone Aonzo and Davide Balzarotti. 2021. Longitudinal Study of the Prevalence of Malware Evasive Techniques. https:\/\/doi.org\/10.48550\/ARXIV.2112.11289","DOI":"10.48550\/ARXIV.2112.11289"},{"key":"e_1_3_2_1_23_1","unstructured":"Mega. 2012. Export Address Table Hooking: What Why and How. Retrieved 2023-3-18 from http:\/\/megamandos.blogspot.com\/2012\/03\/export-address-table-hooking-what-why.html"},{"key":"e_1_3_2_1_24_1","volume-title":"Threat Encyclopedia. Retrieved 2022-10-04 from https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/","author":"Micro Trend","unstructured":"Trend Micro. 2022. Threat Encyclopedia. Retrieved 2022-10-04 from https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/"},{"key":"e_1_3_2_1_25_1","unstructured":"Microsoft. 2022. LightGBM 3.3.2.99 documentation. Retrieved 2022-06-06 from https:\/\/lightgbm.readthedocs.io\/en\/latest\/"},{"key":"e_1_3_2_1_26_1","unstructured":"Microsoft. 2022. Microsoft Security Intelligence. Retrieved 2022-10-04 from https:\/\/www.microsoft.com\/en-us\/wdsi\/threats\/"},{"key":"e_1_3_2_1_27_1","volume-title":"Process Injection: Portable Executable Injection. Retrieved 2022-06-04 from https:\/\/attack.mitre.org\/techniques\/T1055\/002\/","year":"2022","unstructured":"Mitre. 2022. Process Injection: Portable Executable Injection. Retrieved 2022-06-04 from https:\/\/attack.mitre.org\/techniques\/T1055\/002\/"},{"key":"e_1_3_2_1_28_1","unstructured":"Nicolas Papernot Patrick McDaniel and Ian Goodfellow. 2016. Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples. arxiv:1605.07277\u00a0[cs.CR]"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1368310.1368334"},{"key":"e_1_3_2_1_30_1","unstructured":"Daniel Plohmann and Steffen Enders. 2022. Malpedia. Retrieved 2022-10-04 from https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427230"},{"key":"e_1_3_2_1_32_1","volume-title":"Research in Attacks","author":"Rosenberg Ishai","unstructured":"Ishai Rosenberg, Asaf Shabtai, Lior Rokach, and Yuval Elovici. 2018. Generic Black-Box End-to-End Attack Against State of the Art API Call Based Malware Classifiers. In Research in Attacks, Intrusions, and Defenses, Michael Bailey, Thorsten Holz, Manolis Stamatogiannakis, and Sotiris Ioannidis (Eds.). Springer International Publishing, Cham, 490\u2013510. https:\/\/link.springer.com\/chapter\/10.1007\/978-3-030-00470-5_23."},{"key":"e_1_3_2_1_33_1","unstructured":"Sumit Saha. 2022. XGBoost vs LightGBM: How Are They Different - neptune.ai. Retrieved 2022-06-06 from https:\/\/neptune.ai\/blog\/xgboost-vs-lightgbm\/"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","unstructured":"Silvia Sebasti\u00e1n and Juan Caballero. 2020. AVClass2: Massive Malware Tag Extraction from AV Labels. https:\/\/doi.org\/10.48550\/ARXIV.2006.10615","DOI":"10.48550\/ARXIV.2006.10615"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/MET52542.2021.00009"},{"key":"e_1_3_2_1_36_1","unstructured":"Daniel Snyder. 2010. The very first viruses: Creeper Wabbit and Brain. Retrieved 2022-06-06 from https:\/\/infocarnivore.com\/the-very-first-viruses-creeper-wabbit-and-brain\/"},{"key":"e_1_3_2_1_37_1","volume-title":"Softpedia - Free Downloads Encyclopedia. Retrieved 2021-08-12 from https:\/\/www.softpedia.com\/","unstructured":"Softpedia. 2022. Softpedia - Free Downloads Encyclopedia. Retrieved 2021-08-12 from https:\/\/www.softpedia.com\/"},{"key":"e_1_3_2_1_38_1","volume-title":"Software Informer - Windows software downloads and editor","year":"2021","unstructured":"Software.informer. 2022. Software Informer - Windows software downloads and editorial reviews. Retrieved 2021-08-12 from https:\/\/software.informer.com\/"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.adhoc.2021.102558"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-36415-3_1"},{"key":"e_1_3_2_1_41_1","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Tong Liang","year":"2019","unstructured":"Liang Tong, Bo Li, Chen Hajaj, Chaowei Xiao, Ning Zhang, and Yevgeniy Vorobeychik. 2019. Improving Robustness of ML Classifiers against Realizable Evasion Attacks Using Conserved Features. In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA, 285\u2013302. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/tong"},{"key":"e_1_3_2_1_42_1","unstructured":"Vadim. 2020. 3 Effective DLL Injection Techniques. Retrieved 2023-3-18 from https:\/\/www.apriorit.com\/dev-blog\/679-windows-dll-injection-for-api-hooks"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3411508.3421374"},{"key":"e_1_3_2_1_44_1","unstructured":"VirusShare. 2022. VirusShare.com - Because Sharing is Caring. Retrieved 2021-07-12 from https:\/\/virusshare.com\/"},{"key":"e_1_3_2_1_45_1","unstructured":"VirusTotal. 2022. VirusTotal - Home. Retrieved 2021-10-23 from https:\/\/www.virustotal.com\/"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/586110.586145"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/CCWC.2019.8666454"},{"key":"e_1_3_2_1_48_1","unstructured":"Wikipedia. 2022. Windows API - Wikipedia. Retrieved 2022-06-06 from https:\/\/en.wikipedia.org\/wiki\/Windows_API"},{"key":"e_1_3_2_1_49_1","unstructured":"Wikipedia. 2022. Windows Native API - Wikipedia. Retrieved 2022-06-06 from https:\/\/en.wikipedia.org\/wiki\/Windows_Native_API"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1155\/2019"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1155\/2020"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.5555\/3489212.3489345"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1155\/2020"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.20"}],"event":{"name":"RAID 2023: The 26th International Symposium on Research in Attacks, Intrusions and Defenses","location":"Hong Kong China","acronym":"RAID 2023"},"container-title":["Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3607199.3607207","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3607199.3607207","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:37:34Z","timestamp":1750178254000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3607199.3607207"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,10,16]]},"references-count":54,"alternative-id":["10.1145\/3607199.3607207","10.1145\/3607199"],"URL":"https:\/\/doi.org\/10.1145\/3607199.3607207","relation":{},"subject":[],"published":{"date-parts":[[2023,10,16]]},"assertion":[{"value":"2023-10-16","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}