Giter Club home page Giter Club logo

awesome-malware-related-papers's Introduction

Awesome-Malware-Related-Papers

Awesome PRs Welcome

A curated list of malware-related papers.

Contents:

1. Detection Papers

1. Android

  1. Hey, You, Get off of My Market: Detecting Malicious Apps in Official and Alternative Android Market. NDSS 2012. Permission Footprinting for known malware, Heuristic-based detection engine for unknown malware [pdf]

  2. RiskRanker: Scalable and Accurate Zero-day Android Malware Detection. MobiSys 2012. Two-order Risk analyze engine by android behavior [pdf]

  3. Dissecting Android Malware: Characterization and Evolution. IEEE S&P 2012. Measurement Study of Android [pdf] [dataset (not available now)]

  4. Using Probabilistic Generative Models for Ranking Risks of Android Apps. CCS 2012. Probabilistic Method with permission information [pdf]

  5. DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket. NDSS 2014. Static feature groups from manifest and disassembled code, SVM [pdf] [dataset]

  6. Apposcopy: Semantics-Based Detection of Android Malware through Static Analysis. FSE 2014. Semantic-based feature to detect a spefic family malware that steals private user information [pdf]

  7. DroidMiner: Automated Mining and Characterization of Fine-grained Malicious Behaviors in Android Applications. ESORICS 2014. Detection by extracting the malware modalities [pdf]

  8. Semantic Modelling of Android Malware for Effective Malware Comprehension, Detection, and Classification. ISSTA 2016. Detection by capuature the semantic information [pdf]

  9. MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models. NDSS 2017. Behavior Model, Sequence of abstract API calls, Markov Chain [pdf]

  10. Transcend: Detecting Concept Drift in Malware Classification Models. USENIX Security 2017. Conformal Evaluator for OOD [pdf] [code]

  11. Yes, Machine Learning Can Be More Secure! A Case Study on Android Malware Detection. TDSC 2017. A variant algorithm to SVM for resisting the obsfucation based attack [pdf]

  12. Lightweight, Obfuscation-Resilient Detection and Family Identification of Android Malware. TOSEM 2017. Detection by using Android-API usage for lightweight [pdf]

  13. DeepRefiner: Multi-layer Android Malware Detection System Applying Deep Neural Networks. Euro S&P 2018. code to vec for detection [pdf]

  14. Coevolution of Mobile Malware and Anti-Malware. TIFS 2018. Coevolution with android malware and anti-malware [pdf]

  15. TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time. USENIX 2019. New Metric to evaluate the classify performance during time [pdf] [code]

  16. A Multimodal Deep Learning Method for Android Malware Detection Using Various Features. TIFS 2019. Use opcode sequence to detect Malware [pdf]

  17. AndrEnsemble: Leveraging API Ensembles to Characterize Android Malware Families. AsiaCCS 2019. Use API call graph to detect Malware [pdf]

  18. Android Malware Detection via (Somewhat) Robust Irreversible Feature Transformations. TIFS 2020. Detect Malware using feature fusion [pdf]

  19. SDAC: A Slow-Aging Solution for Android Malware Detection Using Semantic Distance Based API Clustering. TDSC 2020. Mitigate model aging by API clustering [pdf]

  20. Byte-level malware classification based on markov images and deep learning. Computers & Security 2020. Use markov image to detect malware [pdf]

  21. Enhancing State-of-the-art Classifiers with API Semantics to Detect Evolved Android Malware. CCS 2020. Use API Relation to detect Malware [pdf]

  22. VAHunt: Warding Off New Repackaged Android Malware in App-Virtualization’s Clothing. CCS 2020. App Virtualization malware detection [pdf]

  23. Why an Android App Is Classified as Malware: Toward Malware Classification Interpretation. TOSEM 2021. interperting malware detection algorithm [pdf] [code]

  24. SpecView: Malware Spectrum Visualization Framework With Singular Spectrum Transformation. TIFS 2021. Detection using spectrum [pdf]

  25. An Inside Look into the Practice of Malware Analysis. CCS 2021. Malware analysis in practice measurement [pdf]

  26. Differential Training: A Generic Framework to Reduce Label Noises for Android Malware Detection. NDSS 2021. Detect noisy labels [pdf]

  27. CADE: Detecting and Explaining Concept Drift Samples for Security Applications. USENIX Security 2021. OOD Detection [pdf] [code]

  28. Can We Leverage Predictive Uncertainty to Detect Dataset Shift and Adversarial Examples in Android Malware Detection?. ACSAC 2021. Predictive Uncertainity is useful to dataset shift but is useless for adversarial attack [pdf]

  29. Heterogeneous Temporal Graph Transformer: An Intelligent System for Evolving Android Malware Detection. KDD 2021. Detect Malware Using relation graph [pdf] [code]

  30. Transcending TRANSCEND: Revisiting Malware Classification in the Presence of Concept Drift. IEEE S&P 2022. OOD detection [pdf] [code]

  31. A Deep Dive Inside DREBIN: An Explorative Analysis beyond Android Malware Detection Scores. ACM TOPS 2022. Analyze the feature of Drebin classifier [pdf]

  32. Continuous Learning for Android Malware Detection. USENIX Security 2023. New Continual Learning Paridigram for Malware detection [pdf] [code]

2. Windows

  1. Malware Detection by Eating a Whole EXE. AAAI WS 2018. Detection using raw bytes [pdf]

  2. Activation Analysis of a Byte-Based Deep Neural Network for Malware Classification. AAAI WS 2018. Detection using raw bytes [pdf]

  3. Towards Paving the Way for Large-Scale Windows Malware Analysis: Generic Binary Unpacking with Orders-of-Magnitude Performance Boost. IEEE S&P WS 2019. Detection using raw bytes [pdf]

  4. Enhancing Robustness of Malware Detection using Synthetically-adversarial Samples. GLOBECOM 2020. Adversarial training for enhence the detection [pdf]

  5. Learning from Context: A Multi-View Deep Learning Architecture for Malware Detection. IEEE S&P WS 2020. Detection with filepath [pdf]

  6. When Malware is Packin’ Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features. NDSS 2020. ML classifier ability for packed malware [pdf]

  7. You Are What You Do: Hunting Stealthy Malware via Data Provenance Analysis. NDSS 2020. Detect Parasitic Malware [pdf]

  8. Survivalism: Systematic Analysis of Windows Malware Living-Off-The-Land. IEEE S&P 2021. Analysis Living-off-the-land Malware [pdf]

  9. I-MAD: Interpretable Malware Detector Using Galaxy Transformer. Computers&Security 2021. Detecting malware using transformers [pdf]

  10. Does Every Second Count? Time-based Evolution of Malware Behavior in Sandboxes. NDSS 2021. Time for dynamic analysis [pdf]

  11. Prevalence and Impact of Low-Entropy Packing Schemes in the Malware Ecosystem. NDSS 2022. Determine executables packing [pdf]

  12. CruParamer: Learning on Parameter-Augmented API Sequences for Malware Detection. TIFS 2022. Detection using API sequences [pdf]

  13. MalGraph: Hierarchical Graph Neural Networks for Robust Windows Malware Detection. INFOCOM 2022. Detection Using GNN [pdf]

3. Linux

  1. Understanding Linux Malware. IEEE S&P 2018. Static and Dynamic analysis for linux malware [pdf]

4. PDF

  1. On Training Robust PDF Malware Classifiers. USENIX Security 2020. Robustness Certification [pdf]

2. Adversarial Attack Papers

1. Android

1. Evasion Attack

  1. DroidChameleon: Evaluating Android Anti-malware against Transformation Attacks. ASIA CCS 2013. Code Transformation techniques to generate malware [pdf]

  2. Catch Me If You Can: Evaluating Android Anti-Malware Against Transformation Attacks. TIFS 2014. Evaluate DroidChameleon in AV Engines [pdf]

  3. Adversarial Examples for Malware Detection. ESORICS 2017. Perturbed AndroidManifest File [pdf]

  4. Malware Detection in Adversarial Settings: Exploiting Feature Evolutions and Confusions in Android Apps. ACSAC 2017. Perturbated Malware using program transplant [pdf]

  5. Quantifying the Impact of Adversarial Evasion Attacks on Machine Learning Based Android Malware Classifiers. NCA 2017. Adversarial Attack in derbin by transfer attack [pdf]

  6. Picking on the family: Disrupting android malware triage by forcing misclassification. Expert Systems with Applications 2018. Adversarial Attack on derbin and a detection algorithm [pdf]

  7. Adversarial-Example Attacks Toward Android Malware Detection System. IEEE SYSTEMS JOURNAL 2020. Adversarial attack using GAN, but not mention problem space [pdf]

  8. Adversarial Deep Ensemble: Evasion Attacks and Defenses for Malware Detection. TIFS 2020. Adversarial attack android, ensumble [pdf] [code]

  9. Intriguing Properties of Adversarial ML Attacks in the Problem Space. IEEE S&P 2020. Adversarial Attack for drebin [pdf] [code]

  10. Android HIV: A Study of Repackaging Malware for Evading Machine-Learning Detection. TIFS 2020. White-box C&W repackage attack [pdf]

  11. ShadowDroid: Practical Black-box Attack against ML-based Android Malware Detection. IEEE ICAPDS 2021. Transfer attack to malware detector [pdf]

  12. Robustness of Image-based Android Malware Detection Under Adversarial Attacks. IEEE ICC 2021. Attack Visual-based Feature by add benign component [pdf]

  13. Structural Attack against Graph Based Android Malware Detection. ACM CCS 2021. Adversarial Attack to Grpah base Malware detection [pdf]

  14. Measuring Vulnerabilities of Malware Detectors with Explainability-Guided Evasion Attacks. Arxiv 2022. Explainable-guided adversarial attack [pdf]

  15. Realizable Universal Adversarial Perturbations for Malware. Arxiv 2022. UAP for Adversarial Malware [pdf]

  16. EvadeDroid: A Practical Evasion Attack on Machine Learning for Black-box Android Malware Detection. Arxiv 2022. Black Box attack using random search [pdf]

  17. OFEI: A Semi-black-box Android Adversarial Sample Attack Framework Against DLaaS. TOC 2023. Feature Space Adversarial Attack on Drebin [pdf]

  18. Black-box Adversarial Example Attack towards FCG Based Android Malware Detection under Incomplete Feature Information. USENIX Security 2023. Black-box Android Adversarial Malware against the FCG-based ML classifier [pdf]

  19. Efficient Query-Based Attack against ML-Based Android Malware Detection under Zero Knowledge Setting. ACM CCS 2023. Semantic similar perturbations are more likely to have similar evasion effectiveness [pdf] [code]

2. Poisoning Attack

  1. Automated Poisoning Attacks and Defenses in Malware Detection Systems: An Adversarial Machine Learning Approach. Computers & Security 2018. Poisoning attack in android [pdf]

  2. When Does Machine Learning FAIL? Generalized Transferability for Evasion and Poisoning Attacks. USENIX Security 2018. Target Poisoning attack by injecting perturbed benign apps for drebin classifier [pdf]

  3. Explanation-Guided Backdoor Poisoning Attacks Against Malware Classifiers. USENIX Security 2021. Backdoor attack in android [pdf]

  4. Backdoor Attack on Machine Learning Based Android Malware Detectors. TDSC 2021. Backdoor attack in android [pdf]

  5. Jigsaw Puzzle: Selective Backdoor Attack to Subvert Malware Classifiers. IEEE S&P 2023. Backdoor attack with the targeted family [pdf]

2. Windows

1. Evasion Attack

  1. Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN. Arxiv 2017. Gernerate AE using GAN [pdf]

  2. Query-Efficient Black-Box Attack Against Sequence-Based Malware Classifiers. ACSAC 2020. Black-Box Adversarial Attack for windows API sequence-based classification method. Injecting a lot of API Sequences and remove it [pdf]

  3. Functionality-Preserving Black-Box Optimization of Adversarial Windows Malware. TIFS 2021. Black-box adversarial attack by adding benign bytes to malicious file. Using Generic Algorithm [pdf]

  4. MAB-Malware: A Reinforcement Learning Framework for Attacking Static Malware Classifiers. Asia CCS 2022. Reinforcement Learning [pdf]

  5. Semantics-preserving Reinforcement Learning Attack Against Graph Neural Networks for Malware Detection. TDSC 2022. Reinforcement Learning by adding nop instruction [pdf]

3. PDF

1. Evasion Attack

  1. Evading Classifiers by Morphing in the Dark. ACM CCS 2017. Morpher and search to generate adversarial PDF [pdf]

4. Source Code Attribution

1. Evasion Attack

  1. Misleading Authorship Attribution of Source Code using Adversarial Learning. USENIX Security 2019. Adversarial attack in source code, MCST [pdf] [code]

  2. A Practical Black-box Attack on Source Code Authorship Identification Classifiers. TIFS 2021. Transfer attack for code identification [pdf]

3. Adversarial Defense Papers

1. Android

1. Adversarial Defense

  1. Selective Adversarial Learning for Mobile Malware. IEEE TrustCom 2019. Simple Adversarial Defense [pdf]

  2. Effectiveness of Adversarial Examples and Defenses for Malware Classification. ICSPCS 2019. Distillation, Ensumble, Adversaial Training [pdf]

  3. Robust Android Malware Detection against Adversarial Example Attacks. WWW 2021. Use VAE to distinguish the adversarial malware [pdf] [code]

  4. A Framework for Enhancing Deep Neural Networks Against Adversarial Malware. TNSE 2021. Use AE to get robust feature embedding [pdf] [code]

  5. Robust Android Malware Detection System Against Adversarial Attacks Using Q-Learning. NDSS Poster 2021. Q-Learning for adversarial attack and retraining for defense [pdf]

2. Poisoning Defense

  1. On Defending Against Label Flipping Attacks on Malware Detection Systems. Neural Computing and Applications 2020. Detected poisoned sample by label prediction [pdf]

2. Windows PE

1. Adversarial Defense

  1. Adversarial Training for Raw-Binary Malware Classifiers. USENIX Security 2023. Adversarial Training for Windows PE malware [pdf]

3. IoT

1. Adversarial Defense

  1. Adversarial android malware detection for mobile multimedia applications in IoT environments. Multimedia Tools and Applications 2020. Robust Neural Network [pdf]

4. Misc Papers

  1. Automatically Inferring Malware Signatures for Anti-Virus Assisted Attacks. ACM AsiaCCS 2017. Inferring the signature of AVs [pdf]

  2. Toward Systematically Exploring Antivirus Engines. DIMVA 2018. Infer AVs components [pdf]

  3. Measuring and Modeling the Label Dynamics of Online Anti-Malware Engines. USENIX Security 2020. Label dynamics in vriustotal [pdf]

  4. DeepReflect: Discovering Malicious Functionality through Binary Reconstruction. USENIX Security 2021. Use AutoEncoder to identify the functionality of components [pdf]

  5. Debiasing Android Malware Datasets: How Can I Trust Your Results If Your Dataset Is Biased?. TIFS 2022. Debias Dataset [pdf]

  6. A Large-scale Temporal Measurement of Android Malicious Apps: Persistence, Migration, and Lessons Learned. USENIX Security 2022. Malware influence days in realworld [pdf]

  7. The Droid is in the Details: Environment-aware Evasion of Android Sandboxes. NDSS 2022. Classify Android Sandbox [pdf]

  8. Trojan Source: Invisible Vulnerabilities. USENIX Security 2023. UTF-8 Control Symbol to inject malware [pdf]

  9. Humans vs. Machines in Malware Classification. USENIX Security 2023. Leveraging Feature Difference between human and ML-based classifiers [pdf]

  10. URET: Universal Robustness Evaluation Toolkit (for Evasion). USENIX Security 2023. General Toolbox to select the perdefined perturbations [pdf] [code]

  11. PELICAN: Exploiting Backdoors of Naturally Trained Deep Learning Models In Binary Code Analysis. USENIX Security 2023. Reverse engineering natural backdoor in transformer-based x86 binary code analysis task [pdf]

  12. On The Empirical Effectiveness of Unrealistic Adversarial Hardening Against Realistic Adversarial Attacks. IEEE S&P 2023. Adversarial attacks on feature space may enhance the robustness in problem space [pdf] [code]

  13. Decoding the Secrets of Machine Learning in Windows Malware Classification: A Deep Dive into Datasets, Features, and Model Performance. ACM CCS 2023. static features are better than dynamic feature in WindowsPE malware detection [pdf]

  14. FINER: Enhancing State-of-the-art Classifiers with Feature Attribution to Facilitate Security Analysis. ACM CCS 2023. Ensumble explaination for different stakeholder [pdf] [code]

5. Survey Papers

  1. Android Security: A Survey of Issues, Malware Penetration, and Defenses. IEEE Communications Surveys & Tutorials 2015. [pdf]

  2. Arms Race in Adversarial Malware Detection: A Survey. ACM Computing Surveys 2021. [pdf]

  3. Deep Learning for Android Malware Defenses: a Systematic Literature Review. ACM Computing Surveys 2022. [pdf]

  4. MalRadar: Demystifying Android Malware in the New Era. ACM Meas. Anal. Computing Surveys 2022. [pdf]

Contributing

This list is mainly maintained by Ping He from NESA Lab.

We are very much welcome contributors for contributing this repository!

Markdown format

**Paper Name**. Conference Year. `Keywords` [[pdf](pdf_link)] [[code](code_link)] [[dataset](dataset_link)]

Licenses

CC0

To the extent possible under law, gnipping all copyright and related or neighboring rights to this repository.

awesome-malware-related-papers's People

Contributors

gnipping avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.