{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,26]],"date-time":"2026-02-26T15:28:06Z","timestamp":1772119686926,"version":"3.50.1"},"reference-count":26,"publisher":"Wiley","license":[{"start":{"date-parts":[[2020,12,2]],"date-time":"2020-12-02T00:00:00Z","timestamp":1606867200000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"2019 Tianjin New Generation AI Technology Key Project","award":["19ZXZNGX00090"],"award-info":[{"award-number":["19ZXZNGX00090"]}]},{"name":"2019 Tianjin New Generation AI Technology Key Project","award":["19JCYBJC15500"],"award-info":[{"award-number":["19JCYBJC15500"]}]},{"name":"2019 Tianjin New Generation AI Technology Key Project","award":["61872202"],"award-info":[{"award-number":["61872202"]}]},{"DOI":"10.13039\/501100006606","name":"Natural Science Foundation of Tianjin City","doi-asserted-by":"publisher","award":["19ZXZNGX00090"],"award-info":[{"award-number":["19ZXZNGX00090"]}],"id":[{"id":"10.13039\/501100006606","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100006606","name":"Natural Science Foundation of Tianjin City","doi-asserted-by":"publisher","award":["19JCYBJC15500"],"award-info":[{"award-number":["19JCYBJC15500"]}],"id":[{"id":"10.13039\/501100006606","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100006606","name":"Natural Science Foundation of Tianjin City","doi-asserted-by":"publisher","award":["61872202"],"award-info":[{"award-number":["61872202"]}],"id":[{"id":"10.13039\/501100006606","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["19ZXZNGX00090"],"award-info":[{"award-number":["19ZXZNGX00090"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["19JCYBJC15500"],"award-info":[{"award-number":["19JCYBJC15500"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61872202"],"award-info":[{"award-number":["61872202"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Wireless Communications and Mobile Computing"],"published-print":{"date-parts":[[2020,12,2]]},"abstract":"<jats:p>For malware detection, current state-of-the-art research concentrates on machine learning techniques. Binary<jats:inline-formula><a:math xmlns:a=\"http:\/\/www.w3.org\/1998\/Math\/MathML\" id=\"M1\"><a:mi>n<\/a:mi><\/a:math><\/jats:inline-formula>-gram OpCode features are commonly used for malicious code identification and classification with high accuracy. Binary OpCode modification is much more difficult than modification of image pixels. Traditional adversarial perturbation methods could not be applied on OpCode directly. In this paper, we propose a bidirectional universal adversarial learning method for effective binary OpCode perturbation from both benign and malicious perspectives. Benign features are those OpCodes that represent benign behaviours, while malicious features are OpCodes for malicious behaviours. From a large dataset of benign and malicious binary applications, we select the most significant benign and malicious OpCode features based on the feature SHAP value in the trained machine learning model. We implement an OpCode modification method that insert benign OpCodes into executables as garbage codes without execution and modify malicious OpCodes by equivalent replacement preserving execution semantics. The experimental results show that the benign and malicious OpCode perturbation (BMOP) method could bypass malicious code detection models based on the SVM, XGBoost, and DNN algorithms.<\/jats:p>","DOI":"10.1155\/2020\/8876632","type":"journal-article","created":{"date-parts":[[2020,12,4]],"date-time":"2020-12-04T01:50:14Z","timestamp":1607046614000},"page":"1-11","source":"Crossref","is-referenced-by-count":3,"title":["BMOP: Bidirectional Universal Adversarial Learning for Binary OpCode Features"],"prefix":"10.1155","volume":"2020","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5512-7920","authenticated-orcid":true,"given":"Xiang","family":"Li","sequence":"first","affiliation":[{"name":"National Key Laboratory of Science and Technology on Information System Security, Beijing 100101, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8351-4108","authenticated-orcid":true,"given":"Yuanping","family":"Nie","sequence":"additional","affiliation":[{"name":"National Key Laboratory of Science and Technology on Information System Security, Beijing 100101, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3252-9254","authenticated-orcid":true,"given":"Zhi","family":"Wang","sequence":"additional","affiliation":[{"name":"Nankai University, Tianjin, China"}]},{"given":"Xiaohui","family":"Kuang","sequence":"additional","affiliation":[{"name":"National Key Laboratory of Science and Technology on Information System Security, Beijing 100101, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7816-8258","authenticated-orcid":true,"given":"Kefan","family":"Qiu","sequence":"additional","affiliation":[{"name":"Nankai University, Tianjin, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6770-4289","authenticated-orcid":true,"given":"Cheng","family":"Qian","sequence":"additional","affiliation":[{"name":"National Key Laboratory of Science and Technology on Information System Security, Beijing 100101, China"}]},{"given":"Gang","family":"Zhao","sequence":"additional","affiliation":[{"name":"National Key Laboratory of Science and Technology on Information System Security, Beijing 100101, China"}]}],"member":"311","reference":[{"key":"1","doi-asserted-by":"publisher","DOI":"10.1109\/secpri.2001.924286"},{"key":"2","first-page":"178","article-title":"Automated classification and analysis of internet malware","author":"M. Bailey"},{"key":"3","doi-asserted-by":"publisher","DOI":"10.1109\/CMPSAC.2004.1342667"},{"key":"4","article-title":"Ensemble adversarial training: attacks and defenses","author":"F. Tram\u00e8r"},{"key":"5","first-page":"1765","article-title":"Universal adversarial perturbations","author":"S. M. Moosavi-Dezfooli"},{"key":"6","article-title":"UPSET and ANGRI: breaking high performance image classifiers","author":"S. Sarkar"},{"key":"7","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-011-0152-x"},{"key":"8","doi-asserted-by":"crossref","first-page":"271","DOI":"10.1007\/978-3-642-33018-6_28","article-title":"OPEM: a static-dynamic approach for machine-learning-based malware detection","volume-title":"International Joint Conference CISIS\u201912-ICEUTE\u00b412-SOCO\u00b412 Special Sessions","author":"I. Santos","year":"2013"},{"key":"9","first-page":"11","article-title":"Deep neural network based malware detection using two dimensional binary program features","author":"J. Saxe"},{"key":"10","first-page":"61","article-title":"Dl4md: a deep learning framework for intelligent malware detection","author":"W. Hardy"},{"key":"11","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-016-0283-1"},{"key":"12","doi-asserted-by":"publisher","DOI":"10.1145\/3128572.3140442"},{"key":"13","article-title":"Malware detection by eating a whole exe","author":"E. Raff"},{"key":"14","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134018"},{"key":"15","doi-asserted-by":"publisher","DOI":"10.23919\/DATE.2017.7926977"},{"key":"16","first-page":"97","article-title":"Support vector machines under adversarial label noise","author":"B. Biggio"},{"key":"17","article-title":"Generating adversarial malware examples for black-box attacks based on GAN","author":"W. Hu"},{"key":"18","article-title":"Adversarial examples on discrete sequences for beating whole-binary malware detection","author":"F. Kreuk"},{"key":"19","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.49"},{"key":"20","doi-asserted-by":"publisher","DOI":"10.1504\/ijesdf.2007.016865"},{"key":"21","doi-asserted-by":"publisher","DOI":"10.1109\/ISSA.2011.6027523"},{"key":"22","doi-asserted-by":"crossref","first-page":"204","DOI":"10.1007\/978-3-540-89900-6_21","article-title":"Unknown malcode detection using OPCODE representation","volume-title":"Intelligence and Security Informatics","author":"R. Moskovitch","year":"2008"},{"key":"23","article-title":"Exploring backdoor poisoning attacks against malware classifiers","author":"G. Severi"},{"key":"24","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2019.00017"},{"key":"25","doi-asserted-by":"crossref","article-title":"When explainability meets adversarial learning: detecting adversarial examples using shap signatures","author":"G. Fidel","DOI":"10.1109\/IJCNN48605.2020.9207637"},{"key":"26","doi-asserted-by":"publisher","DOI":"10.1109\/DSC50466.2020.00066"}],"container-title":["Wireless Communications and Mobile Computing"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/wcmc\/2020\/8876632.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/wcmc\/2020\/8876632.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/wcmc\/2020\/8876632.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,12,2]],"date-time":"2022-12-02T07:35:05Z","timestamp":1669966505000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.hindawi.com\/journals\/wcmc\/2020\/8876632\/"}},"subtitle":[],"editor":[{"given":"Weizhi","family":"Meng","sequence":"additional","affiliation":[]}],"short-title":[],"issued":{"date-parts":[[2020,12,2]]},"references-count":26,"alternative-id":["8876632","8876632"],"URL":"https:\/\/doi.org\/10.1155\/2020\/8876632","relation":{},"ISSN":["1530-8677","1530-8669"],"issn-type":[{"value":"1530-8677","type":"electronic"},{"value":"1530-8669","type":"print"}],"subject":[],"published":{"date-parts":[[2020,12,2]]}}}