MAB-Malware: A Reinforcement Learning Framework for Attacking Static Malware Classifiers Article Swipe
Wei Song
,
Xuezixiang Li
,
Sadia Afroz
,
Deepali Garg
,
Dmitry Kuznetsov
,
Heng Yin
·
YOU?
·
· 2020
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2003.03100
YOU?
·
· 2020
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2003.03100
Modern commercial antivirus systems increasingly rely on machine learning to keep up with the rampant inflation of new malware. However, it is well-known that machine learning models are vulnerable to adversarial examples (AEs). Previous works have shown that ML malware classifiers are fragile to the white-box adversarial attacks. However, ML models used in commercial antivirus products are usually not available to attackers and only return hard classification labels. Therefore, it is more practical to evaluate the robustness of ML models and real-world AVs in a pure black-box manner. We propose a black-box Reinforcement Learning (RL) based framework to generate AEs for PE malware classifiers and AV engines. It regards the adversarial attack problem as a multi-armed bandit problem, which finds an optimal balance between exploiting the successful patterns and exploring more varieties. Compared to other frameworks, our improvements lie in three points. 1) Limiting the exploration space by modeling the generation process as a stateless process to avoid combination explosions. 2) Due to the critical role of payload in AE generation, we design to reuse the successful payload in modeling. 3) Minimizing the changes on AE samples to correctly assign the rewards in RL learning. It also helps identify the root cause of evasions. As a result, our framework has much higher black-box evasion rates than other off-the-shelf frameworks. Results show it has over 74\%--97\% evasion rate for two state-of-the-art ML detectors and over 32\%--48\% evasion rate for commercial AVs in a pure black-box setting. We also demonstrate that the transferability of adversarial attacks among ML-based classifiers is higher than the attack transferability between purely ML-based and commercial AVs.
Related Topics
Concepts
Metadata
- Type
- preprint
- Language
- en
- Landing Page
- http://arxiv.org/abs/2003.03100
- https://arxiv.org/pdf/2003.03100
- OA Status
- green
- Cited By
- 22
- References
- 53
- Related Works
- 10
- OpenAlex ID
- https://openalex.org/W3158179156
All OpenAlex metadata
Raw OpenAlex JSON
- OpenAlex ID
-
https://openalex.org/W3158179156Canonical identifier for this work in OpenAlex
- DOI
-
https://doi.org/10.48550/arxiv.2003.03100Digital Object Identifier
- Title
-
MAB-Malware: A Reinforcement Learning Framework for Attacking Static Malware ClassifiersWork title
- Type
-
preprintOpenAlex work type
- Language
-
enPrimary language
- Publication year
-
2020Year of publication
- Publication date
-
2020-03-06Full publication date if available
- Authors
-
Wei Song, Xuezixiang Li, Sadia Afroz, Deepali Garg, Dmitry Kuznetsov, Heng YinList of authors in order
- Landing page
-
https://arxiv.org/abs/2003.03100Publisher landing page
- PDF URL
-
https://arxiv.org/pdf/2003.03100Direct link to full text PDF
- Open access
-
YesWhether a free full text is available
- OA status
-
greenOpen access status per OpenAlex
- OA URL
-
https://arxiv.org/pdf/2003.03100Direct OA link when available
- Concepts
-
Malware, Evasion (ethics), Computer science, Reinforcement learning, Machine learning, Artificial intelligence, Payload (computing), Adversarial system, Black box, System call, Computer security, Operating system, Immune system, Immunology, Network packet, BiologyTop concepts (fields/topics) attached by OpenAlex
- Cited by
-
22Total citation count in OpenAlex
- Citations by year (recent)
-
2025: 2, 2024: 5, 2023: 6, 2022: 5, 2021: 4Per-year citation counts (last 5 years)
- References (count)
-
53Number of works referenced by this work
- Related works (count)
-
10Other works algorithmically related by OpenAlex
Full payload
| id | https://openalex.org/W3158179156 |
|---|---|
| doi | https://doi.org/10.48550/arxiv.2003.03100 |
| ids.doi | https://doi.org/10.48550/arxiv.2003.03100 |
| ids.mag | 3158179156 |
| ids.openalex | https://openalex.org/W3158179156 |
| fwci | |
| type | preprint |
| title | MAB-Malware: A Reinforcement Learning Framework for Attacking Static Malware Classifiers |
| biblio.issue | |
| biblio.volume | |
| biblio.last_page | |
| biblio.first_page | |
| topics[0].id | https://openalex.org/T11241 |
| topics[0].field.id | https://openalex.org/fields/17 |
| topics[0].field.display_name | Computer Science |
| topics[0].score | 0.9997000098228455 |
| topics[0].domain.id | https://openalex.org/domains/3 |
| topics[0].domain.display_name | Physical Sciences |
| topics[0].subfield.id | https://openalex.org/subfields/1711 |
| topics[0].subfield.display_name | Signal Processing |
| topics[0].display_name | Advanced Malware Detection Techniques |
| topics[1].id | https://openalex.org/T11689 |
| topics[1].field.id | https://openalex.org/fields/17 |
| topics[1].field.display_name | Computer Science |
| topics[1].score | 0.9991000294685364 |
| topics[1].domain.id | https://openalex.org/domains/3 |
| topics[1].domain.display_name | Physical Sciences |
| topics[1].subfield.id | https://openalex.org/subfields/1702 |
| topics[1].subfield.display_name | Artificial Intelligence |
| topics[1].display_name | Adversarial Robustness in Machine Learning |
| topics[2].id | https://openalex.org/T10400 |
| topics[2].field.id | https://openalex.org/fields/17 |
| topics[2].field.display_name | Computer Science |
| topics[2].score | 0.9613000154495239 |
| topics[2].domain.id | https://openalex.org/domains/3 |
| topics[2].domain.display_name | Physical Sciences |
| topics[2].subfield.id | https://openalex.org/subfields/1705 |
| topics[2].subfield.display_name | Computer Networks and Communications |
| topics[2].display_name | Network Security and Intrusion Detection |
| is_xpac | False |
| apc_list | |
| apc_paid | |
| concepts[0].id | https://openalex.org/C541664917 |
| concepts[0].level | 2 |
| concepts[0].score | 0.8100271224975586 |
| concepts[0].wikidata | https://www.wikidata.org/wiki/Q14001 |
| concepts[0].display_name | Malware |
| concepts[1].id | https://openalex.org/C2781251061 |
| concepts[1].level | 3 |
| concepts[1].score | 0.7519270181655884 |
| concepts[1].wikidata | https://www.wikidata.org/wiki/Q5416089 |
| concepts[1].display_name | Evasion (ethics) |
| concepts[2].id | https://openalex.org/C41008148 |
| concepts[2].level | 0 |
| concepts[2].score | 0.7299001216888428 |
| concepts[2].wikidata | https://www.wikidata.org/wiki/Q21198 |
| concepts[2].display_name | Computer science |
| concepts[3].id | https://openalex.org/C97541855 |
| concepts[3].level | 2 |
| concepts[3].score | 0.709833025932312 |
| concepts[3].wikidata | https://www.wikidata.org/wiki/Q830687 |
| concepts[3].display_name | Reinforcement learning |
| concepts[4].id | https://openalex.org/C119857082 |
| concepts[4].level | 1 |
| concepts[4].score | 0.5552981495857239 |
| concepts[4].wikidata | https://www.wikidata.org/wiki/Q2539 |
| concepts[4].display_name | Machine learning |
| concepts[5].id | https://openalex.org/C154945302 |
| concepts[5].level | 1 |
| concepts[5].score | 0.5463141202926636 |
| concepts[5].wikidata | https://www.wikidata.org/wiki/Q11660 |
| concepts[5].display_name | Artificial intelligence |
| concepts[6].id | https://openalex.org/C134066672 |
| concepts[6].level | 3 |
| concepts[6].score | 0.48411500453948975 |
| concepts[6].wikidata | https://www.wikidata.org/wiki/Q1424639 |
| concepts[6].display_name | Payload (computing) |
| concepts[7].id | https://openalex.org/C37736160 |
| concepts[7].level | 2 |
| concepts[7].score | 0.48208290338516235 |
| concepts[7].wikidata | https://www.wikidata.org/wiki/Q1801315 |
| concepts[7].display_name | Adversarial system |
| concepts[8].id | https://openalex.org/C94966114 |
| concepts[8].level | 2 |
| concepts[8].score | 0.4758037030696869 |
| concepts[8].wikidata | https://www.wikidata.org/wiki/Q29256 |
| concepts[8].display_name | Black box |
| concepts[9].id | https://openalex.org/C2778579508 |
| concepts[9].level | 2 |
| concepts[9].score | 0.4519590139389038 |
| concepts[9].wikidata | https://www.wikidata.org/wiki/Q722192 |
| concepts[9].display_name | System call |
| concepts[10].id | https://openalex.org/C38652104 |
| concepts[10].level | 1 |
| concepts[10].score | 0.40479418635368347 |
| concepts[10].wikidata | https://www.wikidata.org/wiki/Q3510521 |
| concepts[10].display_name | Computer security |
| concepts[11].id | https://openalex.org/C111919701 |
| concepts[11].level | 1 |
| concepts[11].score | 0.11440610885620117 |
| concepts[11].wikidata | https://www.wikidata.org/wiki/Q9135 |
| concepts[11].display_name | Operating system |
| concepts[12].id | https://openalex.org/C8891405 |
| concepts[12].level | 2 |
| concepts[12].score | 0.0 |
| concepts[12].wikidata | https://www.wikidata.org/wiki/Q1059 |
| concepts[12].display_name | Immune system |
| concepts[13].id | https://openalex.org/C203014093 |
| concepts[13].level | 1 |
| concepts[13].score | 0.0 |
| concepts[13].wikidata | https://www.wikidata.org/wiki/Q101929 |
| concepts[13].display_name | Immunology |
| concepts[14].id | https://openalex.org/C158379750 |
| concepts[14].level | 2 |
| concepts[14].score | 0.0 |
| concepts[14].wikidata | https://www.wikidata.org/wiki/Q214111 |
| concepts[14].display_name | Network packet |
| concepts[15].id | https://openalex.org/C86803240 |
| concepts[15].level | 0 |
| concepts[15].score | 0.0 |
| concepts[15].wikidata | https://www.wikidata.org/wiki/Q420 |
| concepts[15].display_name | Biology |
| keywords[0].id | https://openalex.org/keywords/malware |
| keywords[0].score | 0.8100271224975586 |
| keywords[0].display_name | Malware |
| keywords[1].id | https://openalex.org/keywords/evasion |
| keywords[1].score | 0.7519270181655884 |
| keywords[1].display_name | Evasion (ethics) |
| keywords[2].id | https://openalex.org/keywords/computer-science |
| keywords[2].score | 0.7299001216888428 |
| keywords[2].display_name | Computer science |
| keywords[3].id | https://openalex.org/keywords/reinforcement-learning |
| keywords[3].score | 0.709833025932312 |
| keywords[3].display_name | Reinforcement learning |
| keywords[4].id | https://openalex.org/keywords/machine-learning |
| keywords[4].score | 0.5552981495857239 |
| keywords[4].display_name | Machine learning |
| keywords[5].id | https://openalex.org/keywords/artificial-intelligence |
| keywords[5].score | 0.5463141202926636 |
| keywords[5].display_name | Artificial intelligence |
| keywords[6].id | https://openalex.org/keywords/payload |
| keywords[6].score | 0.48411500453948975 |
| keywords[6].display_name | Payload (computing) |
| keywords[7].id | https://openalex.org/keywords/adversarial-system |
| keywords[7].score | 0.48208290338516235 |
| keywords[7].display_name | Adversarial system |
| keywords[8].id | https://openalex.org/keywords/black-box |
| keywords[8].score | 0.4758037030696869 |
| keywords[8].display_name | Black box |
| keywords[9].id | https://openalex.org/keywords/system-call |
| keywords[9].score | 0.4519590139389038 |
| keywords[9].display_name | System call |
| keywords[10].id | https://openalex.org/keywords/computer-security |
| keywords[10].score | 0.40479418635368347 |
| keywords[10].display_name | Computer security |
| keywords[11].id | https://openalex.org/keywords/operating-system |
| keywords[11].score | 0.11440610885620117 |
| keywords[11].display_name | Operating system |
| language | en |
| locations[0].id | pmh:oai:arXiv.org:2003.03100 |
| locations[0].is_oa | True |
| locations[0].source.id | https://openalex.org/S4306400194 |
| locations[0].source.issn | |
| locations[0].source.type | repository |
| locations[0].source.is_oa | True |
| locations[0].source.issn_l | |
| locations[0].source.is_core | False |
| locations[0].source.is_in_doaj | False |
| locations[0].source.display_name | arXiv (Cornell University) |
| locations[0].source.host_organization | https://openalex.org/I205783295 |
| locations[0].source.host_organization_name | Cornell University |
| locations[0].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[0].license | |
| locations[0].pdf_url | https://arxiv.org/pdf/2003.03100 |
| locations[0].version | submittedVersion |
| locations[0].raw_type | text |
| locations[0].license_id | |
| locations[0].is_accepted | False |
| locations[0].is_published | False |
| locations[0].raw_source_name | |
| locations[0].landing_page_url | http://arxiv.org/abs/2003.03100 |
| locations[1].id | pmh:oai:escholarship.org/ark:/13030/qt38m6n4vm |
| locations[1].is_oa | True |
| locations[1].source.id | https://openalex.org/S4306400115 |
| locations[1].source.issn | |
| locations[1].source.type | repository |
| locations[1].source.is_oa | False |
| locations[1].source.issn_l | |
| locations[1].source.is_core | False |
| locations[1].source.is_in_doaj | False |
| locations[1].source.display_name | eScholarship (California Digital Library) |
| locations[1].source.host_organization | https://openalex.org/I2801248553 |
| locations[1].source.host_organization_name | California Digital Library |
| locations[1].source.host_organization_lineage | https://openalex.org/I2801248553 |
| locations[1].license | |
| locations[1].pdf_url | https://escholarship.org/uc/item/38m6n4vm |
| locations[1].version | submittedVersion |
| locations[1].raw_type | article |
| locations[1].license_id | |
| locations[1].is_accepted | False |
| locations[1].is_published | False |
| locations[1].raw_source_name | |
| locations[1].landing_page_url | https://escholarship.org/uc/item/38m6n4vm |
| locations[2].id | doi:10.48550/arxiv.2003.03100 |
| locations[2].is_oa | True |
| locations[2].source.id | https://openalex.org/S4306400194 |
| locations[2].source.issn | |
| locations[2].source.type | repository |
| locations[2].source.is_oa | True |
| locations[2].source.issn_l | |
| locations[2].source.is_core | False |
| locations[2].source.is_in_doaj | False |
| locations[2].source.display_name | arXiv (Cornell University) |
| locations[2].source.host_organization | https://openalex.org/I205783295 |
| locations[2].source.host_organization_name | Cornell University |
| locations[2].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[2].license | |
| locations[2].pdf_url | |
| locations[2].version | |
| locations[2].raw_type | article |
| locations[2].license_id | |
| locations[2].is_accepted | False |
| locations[2].is_published | |
| locations[2].raw_source_name | |
| locations[2].landing_page_url | https://doi.org/10.48550/arxiv.2003.03100 |
| indexed_in | arxiv, datacite |
| authorships[0].author.id | https://openalex.org/A5067090170 |
| authorships[0].author.orcid | https://orcid.org/0000-0002-5909-9661 |
| authorships[0].author.display_name | Wei Song |
| authorships[0].author_position | first |
| authorships[0].raw_author_name | Wei Song |
| authorships[0].is_corresponding | False |
| authorships[1].author.id | https://openalex.org/A5058972082 |
| authorships[1].author.orcid | https://orcid.org/0009-0005-9713-3815 |
| authorships[1].author.display_name | Xuezixiang Li |
| authorships[1].author_position | middle |
| authorships[1].raw_author_name | Xuezixiang Li |
| authorships[1].is_corresponding | False |
| authorships[2].author.id | https://openalex.org/A5101418350 |
| authorships[2].author.orcid | https://orcid.org/0000-0002-8427-0635 |
| authorships[2].author.display_name | Sadia Afroz |
| authorships[2].author_position | middle |
| authorships[2].raw_author_name | Sadia Afroz |
| authorships[2].is_corresponding | False |
| authorships[3].author.id | https://openalex.org/A5001907607 |
| authorships[3].author.orcid | |
| authorships[3].author.display_name | Deepali Garg |
| authorships[3].author_position | middle |
| authorships[3].raw_author_name | Deepali Garg |
| authorships[3].is_corresponding | False |
| authorships[4].author.id | https://openalex.org/A5023325161 |
| authorships[4].author.orcid | https://orcid.org/0000-0002-9972-947X |
| authorships[4].author.display_name | Dmitry Kuznetsov |
| authorships[4].author_position | middle |
| authorships[4].raw_author_name | Dmitry Kuznetsov |
| authorships[4].is_corresponding | False |
| authorships[5].author.id | https://openalex.org/A5073376805 |
| authorships[5].author.orcid | https://orcid.org/0000-0002-8942-7742 |
| authorships[5].author.display_name | Heng Yin |
| authorships[5].author_position | last |
| authorships[5].raw_author_name | Heng Yin |
| authorships[5].is_corresponding | False |
| has_content.pdf | False |
| has_content.grobid_xml | False |
| is_paratext | False |
| open_access.is_oa | True |
| open_access.oa_url | https://arxiv.org/pdf/2003.03100 |
| open_access.oa_status | green |
| open_access.any_repository_has_fulltext | False |
| created_date | 2021-05-10T00:00:00 |
| display_name | MAB-Malware: A Reinforcement Learning Framework for Attacking Static Malware Classifiers |
| has_fulltext | False |
| is_retracted | False |
| updated_date | 2025-11-06T06:51:31.235846 |
| primary_topic.id | https://openalex.org/T11241 |
| primary_topic.field.id | https://openalex.org/fields/17 |
| primary_topic.field.display_name | Computer Science |
| primary_topic.score | 0.9997000098228455 |
| primary_topic.domain.id | https://openalex.org/domains/3 |
| primary_topic.domain.display_name | Physical Sciences |
| primary_topic.subfield.id | https://openalex.org/subfields/1711 |
| primary_topic.subfield.display_name | Signal Processing |
| primary_topic.display_name | Advanced Malware Detection Techniques |
| related_works | https://openalex.org/W2783112941, https://openalex.org/W4387298227, https://openalex.org/W2526398307, https://openalex.org/W2439951656, https://openalex.org/W2470029541, https://openalex.org/W4387065217, https://openalex.org/W1573526548, https://openalex.org/W1998188341, https://openalex.org/W4368275542, https://openalex.org/W4285357721 |
| cited_by_count | 22 |
| counts_by_year[0].year | 2025 |
| counts_by_year[0].cited_by_count | 2 |
| counts_by_year[1].year | 2024 |
| counts_by_year[1].cited_by_count | 5 |
| counts_by_year[2].year | 2023 |
| counts_by_year[2].cited_by_count | 6 |
| counts_by_year[3].year | 2022 |
| counts_by_year[3].cited_by_count | 5 |
| counts_by_year[4].year | 2021 |
| counts_by_year[4].cited_by_count | 4 |
| locations_count | 3 |
| best_oa_location.id | pmh:oai:arXiv.org:2003.03100 |
| best_oa_location.is_oa | True |
| best_oa_location.source.id | https://openalex.org/S4306400194 |
| best_oa_location.source.issn | |
| best_oa_location.source.type | repository |
| best_oa_location.source.is_oa | True |
| best_oa_location.source.issn_l | |
| best_oa_location.source.is_core | False |
| best_oa_location.source.is_in_doaj | False |
| best_oa_location.source.display_name | arXiv (Cornell University) |
| best_oa_location.source.host_organization | https://openalex.org/I205783295 |
| best_oa_location.source.host_organization_name | Cornell University |
| best_oa_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| best_oa_location.license | |
| best_oa_location.pdf_url | https://arxiv.org/pdf/2003.03100 |
| best_oa_location.version | submittedVersion |
| best_oa_location.raw_type | text |
| best_oa_location.license_id | |
| best_oa_location.is_accepted | False |
| best_oa_location.is_published | False |
| best_oa_location.raw_source_name | |
| best_oa_location.landing_page_url | http://arxiv.org/abs/2003.03100 |
| primary_location.id | pmh:oai:arXiv.org:2003.03100 |
| primary_location.is_oa | True |
| primary_location.source.id | https://openalex.org/S4306400194 |
| primary_location.source.issn | |
| primary_location.source.type | repository |
| primary_location.source.is_oa | True |
| primary_location.source.issn_l | |
| primary_location.source.is_core | False |
| primary_location.source.is_in_doaj | False |
| primary_location.source.display_name | arXiv (Cornell University) |
| primary_location.source.host_organization | https://openalex.org/I205783295 |
| primary_location.source.host_organization_name | Cornell University |
| primary_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| primary_location.license | |
| primary_location.pdf_url | https://arxiv.org/pdf/2003.03100 |
| primary_location.version | submittedVersion |
| primary_location.raw_type | text |
| primary_location.license_id | |
| primary_location.is_accepted | False |
| primary_location.is_published | False |
| primary_location.raw_source_name | |
| primary_location.landing_page_url | http://arxiv.org/abs/2003.03100 |
| publication_date | 2020-03-06 |
| publication_year | 2020 |
| referenced_works | https://openalex.org/W2591788621, https://openalex.org/W2785844809, https://openalex.org/W2799420851, https://openalex.org/W2899100205, https://openalex.org/W3015481738, https://openalex.org/W2775261393, https://openalex.org/W2966840685, https://openalex.org/W2777119424, https://openalex.org/W2780061022, https://openalex.org/W2910550356, https://openalex.org/W1851403712, https://openalex.org/W2798159728, https://openalex.org/W2911377781, https://openalex.org/W2891700561, https://openalex.org/W2966708309, https://openalex.org/W2144112223, https://openalex.org/W2963777745, https://openalex.org/W2167003418, https://openalex.org/W2973367395, https://openalex.org/W2964262883, https://openalex.org/W2603766943, https://openalex.org/W2963539830, https://openalex.org/W2784452215, https://openalex.org/W2963106521, https://openalex.org/W2963165251, https://openalex.org/W2108738385, https://openalex.org/W2776884785, https://openalex.org/W2886812138, https://openalex.org/W2963579187, https://openalex.org/W2891381877, https://openalex.org/W2485666843, https://openalex.org/W2982631433, https://openalex.org/W2964159373, https://openalex.org/W2765325603, https://openalex.org/W2913848079, https://openalex.org/W2009801020, https://openalex.org/W2941300490, https://openalex.org/W2967540978, https://openalex.org/W2964088652, https://openalex.org/W2968508910, https://openalex.org/W2780484784, https://openalex.org/W1893133781, https://openalex.org/W2968683169, https://openalex.org/W2973628901, https://openalex.org/W2938667439, https://openalex.org/W2912014554, https://openalex.org/W2800789931, https://openalex.org/W3011839747, https://openalex.org/W3006800307, https://openalex.org/W1966948031, https://openalex.org/W2962849096, https://openalex.org/W2903660849, https://openalex.org/W2970044827 |
| referenced_works_count | 53 |
| abstract_inverted_index.a | 84, 90, 114, 153, 205, 241 |
| abstract_inverted_index.1) | 142 |
| abstract_inverted_index.2) | 160 |
| abstract_inverted_index.3) | 180 |
| abstract_inverted_index.AE | 169, 185 |
| abstract_inverted_index.AV | 105 |
| abstract_inverted_index.As | 204 |
| abstract_inverted_index.It | 107, 195 |
| abstract_inverted_index.ML | 38, 49, 78, 230 |
| abstract_inverted_index.PE | 101 |
| abstract_inverted_index.RL | 193 |
| abstract_inverted_index.We | 88, 245 |
| abstract_inverted_index.an | 120 |
| abstract_inverted_index.as | 113, 152 |
| abstract_inverted_index.by | 147 |
| abstract_inverted_index.in | 52, 83, 139, 168, 178, 192, 240 |
| abstract_inverted_index.is | 21, 70, 257 |
| abstract_inverted_index.it | 20, 69, 221 |
| abstract_inverted_index.of | 16, 77, 166, 202, 251 |
| abstract_inverted_index.on | 6, 184 |
| abstract_inverted_index.to | 9, 29, 43, 60, 73, 97, 133, 156, 162, 173, 187 |
| abstract_inverted_index.up | 11 |
| abstract_inverted_index.we | 171 |
| abstract_inverted_index.AEs | 99 |
| abstract_inverted_index.AVs | 82, 239 |
| abstract_inverted_index.Due | 161 |
| abstract_inverted_index.and | 62, 80, 104, 128, 232, 266 |
| abstract_inverted_index.are | 27, 41, 56 |
| abstract_inverted_index.for | 100, 227, 237 |
| abstract_inverted_index.has | 209, 222 |
| abstract_inverted_index.lie | 138 |
| abstract_inverted_index.new | 17 |
| abstract_inverted_index.not | 58 |
| abstract_inverted_index.our | 136, 207 |
| abstract_inverted_index.the | 13, 44, 75, 109, 125, 144, 149, 163, 175, 182, 190, 199, 249, 260 |
| abstract_inverted_index.two | 228 |
| abstract_inverted_index.(RL) | 94 |
| abstract_inverted_index.AVs. | 268 |
| abstract_inverted_index.also | 196, 246 |
| abstract_inverted_index.hard | 65 |
| abstract_inverted_index.have | 35 |
| abstract_inverted_index.keep | 10 |
| abstract_inverted_index.more | 71, 130 |
| abstract_inverted_index.much | 210 |
| abstract_inverted_index.only | 63 |
| abstract_inverted_index.over | 223, 233 |
| abstract_inverted_index.pure | 85, 242 |
| abstract_inverted_index.rate | 226, 236 |
| abstract_inverted_index.rely | 5 |
| abstract_inverted_index.role | 165 |
| abstract_inverted_index.root | 200 |
| abstract_inverted_index.show | 220 |
| abstract_inverted_index.than | 215, 259 |
| abstract_inverted_index.that | 23, 37, 248 |
| abstract_inverted_index.used | 51 |
| abstract_inverted_index.with | 12 |
| abstract_inverted_index.among | 254 |
| abstract_inverted_index.avoid | 157 |
| abstract_inverted_index.based | 95 |
| abstract_inverted_index.cause | 201 |
| abstract_inverted_index.finds | 119 |
| abstract_inverted_index.helps | 197 |
| abstract_inverted_index.other | 134, 216 |
| abstract_inverted_index.rates | 214 |
| abstract_inverted_index.reuse | 174 |
| abstract_inverted_index.shown | 36 |
| abstract_inverted_index.space | 146 |
| abstract_inverted_index.three | 140 |
| abstract_inverted_index.which | 118 |
| abstract_inverted_index.works | 34 |
| abstract_inverted_index.(AEs). | 32 |
| abstract_inverted_index.Modern | 0 |
| abstract_inverted_index.assign | 189 |
| abstract_inverted_index.attack | 111, 261 |
| abstract_inverted_index.bandit | 116 |
| abstract_inverted_index.design | 172 |
| abstract_inverted_index.higher | 211, 258 |
| abstract_inverted_index.models | 26, 50, 79 |
| abstract_inverted_index.purely | 264 |
| abstract_inverted_index.return | 64 |
| abstract_inverted_index.Results | 219 |
| abstract_inverted_index.attacks | 253 |
| abstract_inverted_index.balance | 122 |
| abstract_inverted_index.between | 123, 263 |
| abstract_inverted_index.changes | 183 |
| abstract_inverted_index.evasion | 213, 225, 235 |
| abstract_inverted_index.fragile | 42 |
| abstract_inverted_index.labels. | 67 |
| abstract_inverted_index.machine | 7, 24 |
| abstract_inverted_index.malware | 39, 102 |
| abstract_inverted_index.manner. | 87 |
| abstract_inverted_index.optimal | 121 |
| abstract_inverted_index.payload | 167, 177 |
| abstract_inverted_index.points. | 141 |
| abstract_inverted_index.problem | 112 |
| abstract_inverted_index.process | 151, 155 |
| abstract_inverted_index.propose | 89 |
| abstract_inverted_index.rampant | 14 |
| abstract_inverted_index.regards | 108 |
| abstract_inverted_index.result, | 206 |
| abstract_inverted_index.rewards | 191 |
| abstract_inverted_index.samples | 186 |
| abstract_inverted_index.systems | 3 |
| abstract_inverted_index.usually | 57 |
| abstract_inverted_index.Compared | 132 |
| abstract_inverted_index.However, | 19, 48 |
| abstract_inverted_index.Learning | 93 |
| abstract_inverted_index.Limiting | 143 |
| abstract_inverted_index.ML-based | 255, 265 |
| abstract_inverted_index.Previous | 33 |
| abstract_inverted_index.attacks. | 47 |
| abstract_inverted_index.critical | 164 |
| abstract_inverted_index.engines. | 106 |
| abstract_inverted_index.evaluate | 74 |
| abstract_inverted_index.examples | 31 |
| abstract_inverted_index.generate | 98 |
| abstract_inverted_index.identify | 198 |
| abstract_inverted_index.learning | 8, 25 |
| abstract_inverted_index.malware. | 18 |
| abstract_inverted_index.modeling | 148 |
| abstract_inverted_index.patterns | 127 |
| abstract_inverted_index.problem, | 117 |
| abstract_inverted_index.products | 55 |
| abstract_inverted_index.setting. | 244 |
| abstract_inverted_index.antivirus | 2, 54 |
| abstract_inverted_index.attackers | 61 |
| abstract_inverted_index.available | 59 |
| abstract_inverted_index.black-box | 86, 91, 212, 243 |
| abstract_inverted_index.correctly | 188 |
| abstract_inverted_index.detectors | 231 |
| abstract_inverted_index.evasions. | 203 |
| abstract_inverted_index.exploring | 129 |
| abstract_inverted_index.framework | 96, 208 |
| abstract_inverted_index.inflation | 15 |
| abstract_inverted_index.learning. | 194 |
| abstract_inverted_index.modeling. | 179 |
| abstract_inverted_index.practical | 72 |
| abstract_inverted_index.stateless | 154 |
| abstract_inverted_index.white-box | 45 |
| abstract_inverted_index.32\%--48\% | 234 |
| abstract_inverted_index.74\%--97\% | 224 |
| abstract_inverted_index.Minimizing | 181 |
| abstract_inverted_index.Therefore, | 68 |
| abstract_inverted_index.commercial | 1, 53, 238, 267 |
| abstract_inverted_index.exploiting | 124 |
| abstract_inverted_index.generation | 150 |
| abstract_inverted_index.real-world | 81 |
| abstract_inverted_index.robustness | 76 |
| abstract_inverted_index.successful | 126, 176 |
| abstract_inverted_index.varieties. | 131 |
| abstract_inverted_index.vulnerable | 28 |
| abstract_inverted_index.well-known | 22 |
| abstract_inverted_index.adversarial | 30, 46, 110, 252 |
| abstract_inverted_index.classifiers | 40, 103, 256 |
| abstract_inverted_index.combination | 158 |
| abstract_inverted_index.demonstrate | 247 |
| abstract_inverted_index.exploration | 145 |
| abstract_inverted_index.explosions. | 159 |
| abstract_inverted_index.frameworks, | 135 |
| abstract_inverted_index.frameworks. | 218 |
| abstract_inverted_index.generation, | 170 |
| abstract_inverted_index.multi-armed | 115 |
| abstract_inverted_index.improvements | 137 |
| abstract_inverted_index.increasingly | 4 |
| abstract_inverted_index.Reinforcement | 92 |
| abstract_inverted_index.off-the-shelf | 217 |
| abstract_inverted_index.classification | 66 |
| abstract_inverted_index.transferability | 250, 262 |
| abstract_inverted_index.state-of-the-art | 229 |
| cited_by_percentile_year | |
| countries_distinct_count | 0 |
| institutions_distinct_count | 6 |
| citation_normalized_percentile |