{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T05:05:12Z","timestamp":1750309512944,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":74,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,9,30]],"date-time":"2024-09-30T00:00:00Z","timestamp":1727654400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["CNS 2327427"],"award-info":[{"award-number":["CNS 2327427"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,9,30]]},"DOI":"10.1145\/3678890.3678892","type":"proceedings-article","created":{"date-parts":[[2024,9,29]],"date-time":"2024-09-29T22:23:36Z","timestamp":1727648616000},"page":"77-96","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["What do malware analysts want from academia? A survey on the state-of-the-practice to guide research developments"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6870-1178","authenticated-orcid":false,"given":"Marcus","family":"Botacin","sequence":"first","affiliation":[{"name":"Computer Science and Engineering, Texas A&amp;M University, United States of America"}]}],"member":"320","published-online":{"date-parts":[[2024,9,30]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Network and Distributed Systems Security (NDSS) Symposium","author":"Aghakhani Hojjat","year":"2020","unstructured":"Hojjat Aghakhani, Fabio Gritti, Francesco Mecca, Martina Lindorfer, Stefano Ortolani, Davide Balzarotti, Giovanni Vigna, and Christopher Kruegel. 2020. When malware is packin\u2019heat; limits of machine learning classifiers based on static analysis features. In Network and Distributed Systems Security (NDSS) Symposium 2020, Vol.\u00a01. IFIP, US, 1."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/3230833.3233280"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICISS50791.2020.9307581"},{"key":"e_1_3_2_1_4_1","volume-title":"USENIX Security Symposium. USENIX, US, 583\u2013600","author":"Andriesse Dennis","year":"2016","unstructured":"Dennis Andriesse, Xi Chen, Victor Van Der\u00a0Veen, Asia Slowinska, and Herbert Bos. 2016. An In-Depth Analysis of Disassembly on Full-Scale x86\/x64 Binaries.. In USENIX Security Symposium. USENIX, US, 583\u2013600."},{"key":"e_1_3_2_1_5_1","unstructured":"Simone Aonzo Yufei Han Alessandro Mantovani and Davide Balzarotti. 2023. Humans vs. Machines in Malware Classification."},{"key":"e_1_3_2_1_6_1","volume-title":"USENIX Security Symposium. USENIX, US, 3487\u20133504","author":"Avllazagaj Erin","year":"2021","unstructured":"Erin Avllazagaj, Ziyun Zhu, Leyla Bilge, Davide Balzarotti, and Tudor Dumitras. 2021. When Malware Changed Its Mind: An Empirical Study of Variable Program Behaviors in the Real World.. In USENIX Security Symposium. USENIX, US, 3487\u20133504."},{"volume-title":"Assisting Malware Analysis with Symbolic Execution: A Case Study","author":"Baldoni Roberto","key":"e_1_3_2_1_7_1","unstructured":"Roberto Baldoni, Emilio Coppa, Daniele\u00a0Cono D\u2019Elia, and Camil Demetrescu. 2017. Assisting Malware Analysis with Symbolic Execution: A Case Study. In Cyber Security Cryptography and Machine Learning, Shlomi Dolev and Sachin Lodha (Eds.). Springer, US."},{"key":"e_1_3_2_1_8_1","unstructured":"Davide Balzarotti Marco Cova Christoph Karlberger Engin Kirda Christopher Kruegel and Giovanni Vigna. 2010. Efficient Detection of Split Personalities in Malware.. In NDSS Vol.\u00a01. IFIP US 1."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/SOSE.2014.53"},{"key":"e_1_3_2_1_10_1","volume-title":"19th Large Installation System Administration Conference (LISA 05)","author":"Bono Steve","year":"2005","unstructured":"Steve Bono. 2005. Thinking Like an Attacker. In 19th Large Installation System Administration Conference (LISA 05), Vol.\u00a01. USENIX, US, 1."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3429741"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102287"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-019-00333-y"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/3375894.3375895"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","unstructured":"Marcus Botacin and Andr\u00e9 Gr\u00e9gio. 2021. Malware MultiVerse: From Automatic Logic Bomb Identification to Automatic Patching and Tracing. https:\/\/doi.org\/10.48550\/ARXIV.2109.06127","DOI":"10.48550\/ARXIV.2109.06127"},{"key":"e_1_3_2_1_16_1","volume-title":"YARIX: Scalable YARA-based Malware Intelligence. In 30th USENIX Security Symposium (USENIX Security 21)","author":"Brengel Michael","year":"2021","unstructured":"Michael Brengel and Christian Rossow. 2021. YARIX: Scalable YARA-based Malware Intelligence. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, US, 3541\u20133558. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/brengel"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2808128.2808133"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-68768-1_4"},{"key":"e_1_3_2_1_19_1","volume-title":"Decomperson: How Humans Decompile and What We Can Learn From It. In 31st USENIX Security Symposium (USENIX Security 22)","author":"Burk Kevin","year":"2022","unstructured":"Kevin Burk, Fabio Pagani, Christopher Kruegel, and Giovanni Vigna. 2022. Decomperson: How Humans Decompile and What We Can Learn From It. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 2765\u20132782. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/burk"},{"key":"e_1_3_2_1_20_1","unstructured":"Marcus Carpenter and Chunbo Luo. 2023. Behavioural Reports of Multi-Stage Malware. arxiv:2301.12800\u00a0[cs.CR]"},{"key":"e_1_3_2_1_21_1","unstructured":"Fabr\u00edcio Ceschin Heitor\u00a0Murilo Gomes Marcus Botacin Albert Bifet Bernhard Pfahringer Luiz\u00a0S. Oliveira and Andr\u00e9 Gr\u00e9gio. 2020. Machine Learning (In) Security: A Stream of Problems. arxiv:2010.16045\u00a0[cs.CR]"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243771"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","unstructured":"Steffen Enders Eva-Maria\u00a0C. Behner Niklas Bergmann Mariia Rybalka Elmar Padilla Er\u00a0Xue Hui Henry Low and Nicholas Sim. 2022. dewolf: Improving Decompilation by leveraging User Surveys. https:\/\/doi.org\/10.48550\/ARXIV.2205.06719","DOI":"10.48550\/ARXIV.2205.06719"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2015.06.001"},{"key":"e_1_3_2_1_25_1","volume-title":"24th USENIX Security Symposium (USENIX Security 15)","author":"Graziano Mariano","year":"2015","unstructured":"Mariano Graziano, Davide Canali, Leyla Bilge, Andrea Lanzi, and Davide Balzarotti. 2015. Needles in a Haystack: Mining Information from Public Dynamic Analysis Sandboxes for Malware Intelligence. In 24th USENIX Security Symposium (USENIX Security 15). USENIX Association, Washington, D.C., 1057\u20131072. https:\/\/www.usenix.org\/conference\/usenixsecurity15\/technical-sessions\/presentation\/graziano"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2014.99"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560649"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2010.5665794"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3340531.3417467"},{"key":"e_1_3_2_1_30_1","volume-title":"Barecloud: Bare-metal analysis-based evasive malware detection. In 23rd { USENIX} Security Symposium ({ USENIX} Security 14). USENIX, US, 287\u2013301.","author":"Kirat Dhilung","year":"2014","unstructured":"Dhilung Kirat, Giovanni Vigna, and Christopher Kruegel. 2014. Barecloud: Bare-metal analysis-based evasive malware detection. In 23rd { USENIX} Security Symposium ({ USENIX} Security 14). USENIX, US, 287\u2013301."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"crossref","unstructured":"Alexander K\u00fcchler Alessandro Mantovani Yufei Han Leyla Bilge and Davide Balzarotti. 2021. Does Every Second Count? Time-based Evolution of Malware Behavior in Sandboxes.. In NDSS. IFIP US 1.","DOI":"10.14722\/ndss.2021.24475"},{"volume-title":"Malware Triage Based on Static Features and Public APT Reports","author":"Laurenza Giuseppe","key":"e_1_3_2_1_32_1","unstructured":"Giuseppe Laurenza, Leonardo Aniello, Riccardo Lazzeretti, and Roberto Baldoni. 2017. Malware Triage Based on Static Features and Public APT Reports. In Cyber Security Cryptography and Machine Learning, Shlomi Dolev and Sachin Lodha (Eds.). Springer International Publishing, Cham, 288\u2013305."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3386581"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2512517"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pone.0273804"},{"key":"e_1_3_2_1_36_1","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Mantovani Alessandro","year":"2022","unstructured":"Alessandro Mantovani, Simone Aonzo, Yanick Fratantonio, and Davide Balzarotti. 2022. RE-Mind: a First Look Inside the Mind of a Reverse Engineer. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 2727\u20132745. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/mantovani"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.15"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3564625.3567993"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3199478.3199490"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40667-1_7"},{"key":"e_1_3_2_1_41_1","volume-title":"Information Security and Cryptology\u2013ICISC 2012: 15th International Conference","author":"Ming Jiang","year":"2012","unstructured":"Jiang Ming, Meng Pan, and Debin Gao. 2013. iBinHunt: Binary hunting with inter-procedural control flow. In Information Security and Cryptology\u2013ICISC 2012: 15th International Conference, Seoul, Korea, November 28-30, 2012, Revised Selected Papers 15. Springer, Springer, South Korea, 92\u2013109."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.42"},{"volume-title":"Malware Analysis and Detection Engineering: A Comprehensive Approach to Detect and Analyze Modern Malware","author":"Mohanta Abhijit","key":"e_1_3_2_1_43_1","unstructured":"Abhijit Mohanta and Anoop Saldanha. 2020. Malware Analysis and Detection Engineering: A Comprehensive Approach to Detect and Analyze Modern Malware. Springer, US."},{"volume-title":"Learning Malware Analysis: Explore the concepts, tools, and techniques to analyze and investigate Windows malware","author":"Monnappa KA","key":"e_1_3_2_1_44_1","unstructured":"KA Monnappa. 2018. Learning Malware Analysis: Explore the concepts, tools, and techniques to analyze and investigate Windows malware. Packt Publishing Ltd, US."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.17"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/ESEM.2019.8870147"},{"key":"e_1_3_2_1_47_1","volume-title":"Webwitness: Investigating, categorizing, and mitigating malware download paths. In 24th { USENIX} Security Symposium ({ USENIX} Security 15). USENIX, US, 1025\u20131040.","author":"Nelms Terry","year":"2015","unstructured":"Terry Nelms, Roberto Perdisci, Manos Antonakakis, and Mustaque Ahamad. 2015. Webwitness: Investigating, categorizing, and mitigating malware download paths. In 24th { USENIX} Security Symposium ({ USENIX} Security 15). USENIX, US, 1025\u20131040."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/1940941.1940944"},{"key":"e_1_3_2_1_49_1","volume-title":"Enigma 2019 (Enigma","author":"Nikolich Anita","year":"2019","unstructured":"Anita Nikolich. 2019. Grey Science. In Enigma 2019 (Enigma 2019). USENIX Association, Burlingame, CA, 1. https:\/\/www.usenix.org\/node\/226466"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/MIPRO.2016.7522360"},{"key":"e_1_3_2_1_51_1","unstructured":"OPSWAT. 2022. State of Malware Analysis. https:\/\/info.opswat.com\/hubfs\/opswat-2022-state-of-malware-analysis.pdf."},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/1831708.1831741"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/3433210.3457894"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/1966913.1966986"},{"key":"e_1_3_2_1_55_1","volume-title":"X-force: Force-executing binary programs for security applications. In 23rd { USENIX} Security Symposium ({ USENIX} Security 14). USENIX, US, 829\u2013844.","author":"Peng Fei","year":"2014","unstructured":"Fei Peng, Zhui Deng, Xiangyu Zhang, Dongyan Xu, Zhiqiang Lin, and Zhendong Su. 2014. X-force: Force-executing binary programs for security applications. In 23rd { USENIX} Security Symposium ({ USENIX} Security 14). USENIX, US, 829\u2013844."},{"key":"e_1_3_2_1_56_1","volume-title":"2013 5th International Conference on Cyber Conflict (CYCON","author":"Plohmann Daniel","year":"2013","unstructured":"Daniel Plohmann, Sebastian Eschweiler, and Elmar Gerhards-Padilla. 2013. Patterns of a cooperative malware analysis workflow. In 2013 5th International Conference on Cyber Conflict (CYCON 2013). IEEE, Estonia, 1\u201318."},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/3411508.3421372"},{"key":"e_1_3_2_1_58_1","volume-title":"SourceFinder: Finding Malware Source-Code from Publicly Available Repositories in GitHub","author":"Rokon Omar\u00a0Faruk","year":"2020","unstructured":"Md\u00a0Omar\u00a0Faruk Rokon, Risul Islam, Ahmad Darki, Evangelos\u00a0E Papalexakis, and Michalis Faloutsos. 2020. SourceFinder: Finding Malware Source-Code from Publicly Available Repositories in GitHub.. In RAID. Springer, 2020, 149\u2013163."},{"key":"e_1_3_2_1_59_1","first-page":"1","article-title":"Experiences in malware binary deobfuscation","volume":"1","author":"Sa\u0131di Hassen","year":"2010","unstructured":"Hassen Sa\u0131di, Phillip Porras, and Vinod Yegneswaran. 2010. Experiences in malware binary deobfuscation. Virus Bulletin 1, 1 (2010), 1.","journal-title":"Virus Bulletin"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101775"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2010.5665787"},{"key":"e_1_3_2_1_62_1","volume-title":"Eureka: A Framework for Enabling Static Malware Analysis.. In ESORICS, Vol.\u00a08","author":"Sharif I","year":"2008","unstructured":"Monirul\u00a0I Sharif, Vinod Yegneswaran, Hassen Saidi, Phillip\u00a0A Porras, and Wenke Lee. 2008. Eureka: A Framework for Enabling Static Malware Analysis.. In ESORICS, Vol.\u00a08. Springer, Springer, Spain, 481\u2013500."},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISDFS.2016.7473529"},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.17"},{"key":"e_1_3_2_1_65_1","unstructured":"Michael Sikorski and Andrew Honig. 2012. Practical malware analysis: the hands-on guide to dissecting malicious software. no starch press US."},{"key":"e_1_3_2_1_66_1","unstructured":"TwoSixLabs. 2020. Edge of the Art in Vulnerability Research. https:\/\/apps.dtic.mil\/sti\/citations\/AD1096948."},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.46"},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/3291061"},{"volume-title":"Do malware reports expedite cleanup? An experimental study","author":"Vasek Marie","key":"e_1_3_2_1_69_1","unstructured":"Marie Vasek and Tyler Moore. 2012. Do malware reports expedite cleanup? An experimental study. In USENIX CSET. USENIX Association, USENIX, US, 1."},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1145\/3290607.3313040"},{"key":"e_1_3_2_1_71_1","first-page":"3","article-title":"Prevalence of PII within Public Malware Sandbox Samples and Implications for Privacy and Threat Intelligence Sharing","volume":"37","author":"Weathersby Aaron","year":"2021","unstructured":"Aaron Weathersby. 2021. Prevalence of PII within Public Malware Sandbox Samples and Implications for Privacy and Threat Intelligence Sharing: Student Paper Abstract. J. Comput. Sci. Coll. 37, 3 (oct 2021), 166.","journal-title":"Student Paper Abstract. J. Comput. Sci. Coll."},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.18"},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484759"},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1109\/SAINT.2010.16"}],"event":{"name":"RAID '24: The 27th International Symposium on Research in Attacks, Intrusions and Defenses","acronym":"RAID '24","location":"Padua Italy"},"container-title":["The 27th International Symposium on Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3678890.3678892","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/abs\/10.1145\/3678890.3678892","content-type":"text\/html","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3678890.3678892","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:18:00Z","timestamp":1750295880000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3678890.3678892"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,9,30]]},"references-count":74,"alternative-id":["10.1145\/3678890.3678892","10.1145\/3678890"],"URL":"https:\/\/doi.org\/10.1145\/3678890.3678892","relation":{},"subject":[],"published":{"date-parts":[[2024,9,30]]},"assertion":[{"value":"2024-09-30","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}