Published in ACM TAISAP, 2026
My students paper about automatically generating evasive malware with GANs and LLMs.
Recommended citation: Dondapati et al. (2026). "When GANs meet LLMs: Bridging the Feature-Problem space gap for efficient adversarial ML-based malware generation" ACM TAISAP. 1(1). https://dl.acm.org/doi/10.1145/3816733
Published in USENIX WOOT, 2025
My student paper about making Acoustic Side Channels (ASCs) viable with vision transformers and LLMs.
Recommended citation: Ayati et al. (2025). "Making Acoustic Side-Channel Attacks on Noisy Keyboards Viable with LLM-Assisted Spectrograms Typo Correction" USENIX WOOT. 1(1). https://www.usenix.org/conference/woot25/presentation/ayati
Published in Springer DIMVA, 2025
My student paper about explaining concept drift events and anticipating retraining points in malware detection pipelines.
Recommended citation: Tripathi et al. (2025). "Towards Explainable Drift Detection and Early Retrain in ML-Based Malware Detection Pipelines" Springer DIMVA. 1(1). https://link.springer.com/chapter/10.1007/978-3-031-97623-0_1
Published in IEEE SATML, 2025
My co-authored paper investigating the limits of ML-based malware behavior detection on sandboxes and endpoints.
Recommended citation: Kaya et al. (2025). "ML-Based Behavioral Malware Detection Is Far From a Solved Problem" IEEE SATML. 1(1). https://ieeexplore.ieee.org/document/10992442
Published in JCVHT, 2024
My paper investigating the fingerprinting of AntiVirus (AV) labels.
Recommended citation: Botacin. (2024). "On the uniqueness of AntiVirus labels: How many labels do we need to fingerprint an AV?" Springer JCVHT. 1(1). https://link.springer.com/article/10.1007/s11416-024-00541-1
Published in DTRAP, 2024
My paper investigating multipath malware execution via fuzzing and symbolic execution.
Recommended citation: Botacin. (2024). "Fuzzing and Symbolic Execution for Multipath Malware Tracing: Bridging Theory and Practice via Survey and Experiments" ACM DTRAP. 1(1). https://dl.acm.org/doi/10.1145/3700147
Published in RAID, 2024
My paper on distilling ML models for efficient malware detection around the world.
Recommended citation: Botacin et al. (2024). "Cross-Regional Malware Detection via Model Distilling and Federated Learning" RAID. 1(1). https://dl.acm.org/doi/10.1145/3678890.3678893
Published in RAID, 2024
My paper surveying the practice of malware analysis.
Recommended citation: Botacin. (2024). "What do malware analysts want from academia? A survey on the state-of-the-practice to guide research developments" RAID. 1(1). https://dl.acm.org/doi/10.1145/3678890.3678892
Published in SECRYPT, 2024
My (co-authored) paper on classifying PUAs written in WebAssembly (WASM).
Recommended citation: Helpa et al. (2024). "The Use of the DWARF Debugging Format for the Identification of Potentially Unwanted Applications (PUAs) in WebAssembly Binaries" SECRYPT. 1(1). https://www.insticc.org/node/TechnicalProgram/secrypt/2024/presentationDetails/127545
Published in Computers & Security, 2024
My paper on label delays in malware classifiers.
Recommended citation: Botacin, Marcus and Gomes, Heitor. (2024). "Towards more realistic evaluations: The impact of label delays in malware detection pipelines" Computers & Security. 1(1). https://www.sciencedirect.com/science/article/abs/pii/S0167404824004279
Published in USENIX Security, 2024
My co-authored paper on extracting ML models from mobile devices.
Recommended citation: Nayan et al. (2024). "SoK: All You Need to Know About On-Device ML Model Extraction - The Gap Between Research and Practice" USENIX Security. 1(1). https://www.usenix.org/conference/usenixsecurity24/presentation/nayan
Published in WhitePaper, 2024
My whitepaper presenting math-supported insights on why we should adopt hardware detectors.
Recommended citation: Botacin et al. (2024). "A Cost-Model Argument for the Adoption of Hardware-Assisted Malware Detection" WhitePaper. 1(1). https://marcusbotacin.github.io/publications/
Published in Latin-American Symposium on Dependable and Secure Computing (LADC), 2023
My co-authored paper presenting preliminary results on classifying the malware samples of the MS competition dataset into families via CNNs.
Recommended citation: Palma et al. (2023). "Enhancing Malware Family Classification in the Microsoft Challenge Dataset via Transfer Learning" ACM LADC. 1(1). https://dl.acm.org/doi/10.1145/3615366.3615374
Published in Annual Computer Security Applications Conference (ACSAC), 2023
My co-authored paper discussing the concept of a hardware detector for memory injections
Recommended citation: Botacin et al. (2023). "Detecting Memory Injections Using a Hardware Monitor" ACM ACSAC. 1(1). https://www.acsac.org/
Published in ACM Digital Threats: Research and Practice (DTRAP), 2023
My co-authored paper discussing the use of Machine Learning (ML) for malware detection
Recommended citation: Ceschin et al. (2023). "Machine Learning (In) Security: A Stream of Problems" ACM DTRAP. 1(1). https://dl.acm.org/doi/10.1145/3617897
Published in Workshop on Offensive Technologies (WOOT), 2023
My paper discussing the use of GPT-3 to automatically generate malware.
Recommended citation: Botacin, Marcus. (2023). "GPThreats-3: Is Automatic Malware Generation a Threat?" WOOT. 1(1). https://ieeexplore.ieee.org/document/10188649
Published in ACM Conference on Code Generation and Optimization (CGO), 2023
Our paper discussing the use of histograms to cluster binaries compiled using different obfuscation strategies.
Recommended citation: Damasio et al, Thais. (2023). " A Game-Based Framework to Compare Program Classifiers and Evaders." ACM CGO. 1(1). https://dl.acm.org/doi/10.1145/3579990.3580012
Published in Springer Information Security Conference (ISC), 2022
Our paper discussing the security of application uninstallers and removers.
Recommended citation: Botacin et al, Marcus. (2022). " Dissecting Applications Uninstallers & Removers: Are they effective?." Springer ISC. 1(1). https://link.springer.com/chapter/10.1007/978-3-031-22390-7_20
Published in Springer Information Security Conference (ISC), 2022
Our paper discussing the science of security of Hardware Performance Counters.
Recommended citation: Botacin et al, Marcus. (2022). " Why we need a theory of maliciousness: Hardware Performance Counters in security." Springer ISC. 1(1). https://link.springer.com/chapter/10.1007/978-3-031-22390-7_22
Published in Elsevier Expert Systems With Applications (ESWA), 2022
Our paper discussing concept drift in Android malware detectors.
Recommended citation: Ceschin et al, Fabricio. (2022). " Fast & Furious: On the modelling of malware detection as an evolving data stream." Elsevier ESWA. 1(1). https://www.sciencedirect.com/science/article/abs/pii/S0957417422016463
Published in Elsevier Expert Systems With Applications (ESWA), 2022
My paper proposing using branch patterns as inspection triggers for malware detection.
Recommended citation: Botacin et al, Marcus. (2022). " HEAVEN: A Hardware-Enhanced AntiVirus ENgine to accelerate real-time, signature-based malware detection." Elsevier ESWA. 1(1). https://www.sciencedirect.com/science/article/abs/pii/S0957417422004882
Published in ACM Transactions on Privacy and Security (TOPS), 2022
My paper proposing hardware breakpoints for AV scanning using a CPU coprocessor.
Recommended citation: Botacin et al, Marcus. (2022). " Terminator: A Secure Coprocessor to Accelerate Real-Time AntiViruses Using Inspection Breakpoints." ACM TOPS. 1(1). https://dl.acm.org/doi/10.1145/3494535
Published in Elsevier Digital Investigation, 2021
My paper about clustering malware using similarity hashing functions.
Recommended citation: Botacin et al, Marcus. (2021). "Understanding uses and misuses of similarity hashing functions for malware detection and family clustering in actual scenarios." Elsevier Digital Investigation. 1(1). https://www.sciencedirect.com/science/article/pii/S2666281721001281
Published in Elsevier Computers & Security, 2021
My paper about challenges to conduct malware research.
Recommended citation: Botacin et al, Marcus. (2021). "Challenges and Pitfalls in Malware Research." Elsevier Comp&Sec. 1(1). https://www.sciencedirect.com/science/article/pii/S0167404821001115
Published in Arxiv, 2021
My preprint paper about symbolic execution for malware analysis.
Recommended citation: Botacin et al, Marcus. (2021). "Malware MultiVerse: From Automatic Logic Bomb Identification to Automatic Patching and Tracing." Arxiv. 1(1). https://arxiv.org/abs/2109.06127
Published in ACM Transactions On Privacy and Security (TOPS), 2021
My paper about Brazilian Financial Malware describing desktop malware samples.
Recommended citation: Botacin et al, Marcus. (2021). "One Size Does Not Fit All: A Longitudinal Analysis of Brazilian Financial Malware." ACM TOPS. 1(1). https://dl.acm.org/doi/10.1145/3429741
Published in Elsevier Computeers & Security, 2021
My paper about analyzing the internals of AV solutions.
Recommended citation: Botacin et al, Marcus. (2021). "AntiViruses under the Microscope: A Hands-On Perspective." Elsevier Comp&Sec. 1(1). https://www.sciencedirect.com/science/article/pii/S0167404821003242
Published in IEEE Transactions on Dependable and Secure Computing (TDSC), 2020
Our paper about detecting malware by adding OS uncertainty
Recommended citation: Sun et al, Ruimin. (2020). "A Praise for Defensive Programming: Leveraging Uncertainty for Effective Malware Mitigation." IEEE TDSC. 1(1). https://ieeexplore.ieee.org/document/9061034
Published in Springer Journal of Computer Virology and Hacking Techniques (JCVHT), 2020
My paper about detecting SMC execution via CPU side-effects
Recommended citation: Botacin et al, Marcus. (2020). "The self modifying code (SMC)-aware processor (SAP): a security look on architectural impact and support." Springer JCVHT. 1(1). https://link.springer.com/article/10.1007%2Fs11416-020-00348-w
Published in Springer Journal of Computer Virology and Hacking Techniques (JCVHT), 2020
My paper about tracing the kernel from within using CPUs branch monitors
Recommended citation: Botacin et al, Marcus. (2020). "Leveraging branch traces to understand kernel internals from within." Springer JCVHT. 1(1). https://link.springer.com/article/10.1007%2Fs11416-019-00343-w
Published in Springer (DIMVA), 2020
My paper about the security of application installers and software repositorires.
Recommended citation: Botacin et al, Marcus. (2020). "On the Security of Application Installers and Online Software Repositories Conference ." Springer DIMVA. 1(1). https://link.springer.com/chapter/10.1007/978-3-030-52683-2_10
Published in The International Symposium on Memory Systems (MEMSYS), 2020
My paper about detecting fileless malware via memory controller instrumentation.
Recommended citation: Botacin et al, Marcus. (2020). "Near-Memory & In-Memory Detection of Fileless Malware." ACM MEMSYS. 1(1). https://dl.acm.org/doi/10.1145/3422575.3422775
Published in ACM Reversing and Offensive-Oriented Trends Symposium (ROOTS), 2020
Our second paper about how we won a malware evasion challenge using adversarial malware samples.
Recommended citation: Ceschin et al, Fabricio. (2020). "No Need to Teach New Tricks to Old Malware: Winning an Evasion Challenge with XOR-Based Adversarial Samples." ACM ROOTS. 1(1). https://dl.acm.org/doi/10.1145/3433667.3433669
Published in Elsevier Computers & Security, 2020
My paper about challenges to evaluate AV solutions.
Recommended citation: Botacin et al, Marcus. (2020). "We Need to Talk About AntiViruses: Challenges & Pitfalls of AV Evaluations." Elsevier Comp&Sec. 1(1). http://www.sciencedirect.com/science/article/pii/S0167404820301310
Published in Information Security Conference (ISC), 2019
Our paper about detecting malware via image textures.
Recommended citation: Beppler et al, Tamy. (2019). "L(a)ying in (Test)Bed: How Biased Datasets Produce Impractical Results for Actual Malware Families’ Classification." Springer ISC. 1(1). https://link.springer.com/chapter/10.1007/978-3-030-30215-3_19
Published in Springer Journal of Computer Virology and Hacking Techniques (JCVHT), 2019
My paper about evading AVs via distributed malware payloads.
Recommended citation: Botacin et al, Marcus. (2019). "VANILLA malware: vanishing antiviruses by interleaving layers and layers of attacks." Springer JCVHT. 1(1). https://link.springer.com/article/10.1007%2Fs11416-019-00333-y
Published in International Symposium on Reconfigurable Communication-centric Systems-on-Chip (Recosoc), 2019
My paper about detecting malware via a ML classifier in an FPGA.
Recommended citation: Botacin et al, Marcus. (2019). "The AV says: Your hardware definitions were updated!." IEEE Recosoc. 1(1). https://ieeexplore.ieee.org/document/9034972
Published in ACM Reversing and Offensive-Oriented Trends Symposium (ROOTS), 2019
Our second paper about how we won a malware evasion challenge using adversarial malware samples.
Recommended citation: Ceschin et al, Fabricio. (2019). "Shallow Security: On the Creation of Adversarial Variants to Evade Machine Learning-Based Malware Detectors." ACM ROOTS. 1(1). https://dl.acm.org/doi/10.1145/3375894.3375898
Published in ACM Reversing and Offensive-Oriented Trends Symposium (ROOTS), 2019
My paper about how to decompile malware from debugging sessions
Recommended citation: Botacin et al, Marcus. (2019). "RevEngE is a Dish Served Cold: Debug-Oriented Malware Decompilation and Reassembly." ACM ROOTS. 1(1). https://dl.acm.org/doi/10.1145/3375894.3375895
Published in International Conference on Availability, Reliability and Security (ARES), 2019
My paper about the nature of Mobile Banking Apps in Brazil.
Recommended citation: Botacin et al, Marcus. (2019). "The Internet Banking [in]Security Spiral: Past, Present, and Future of Online Banking Protection Mechanisms Based on a Brazilian Case Study." ACM ARES. 1(1). https://dl.acm.org/doi/10.1145/3339252.3340103
Published in ACM Computing Surveys (CSUR), 2018
My paper about the state-of-the-art on hardware support for security applications.
Recommended citation: Botacin et al, Marcus. (2018). "Who Watches the Watchmen: A Security-focused Review on Current State-of-the-art Techniques, Tools, and Methods for Systems and Binary Analysis on Modern Platforms." ACM CSUR. 1(1). http://doi.acm.org/10.1145/3199673
Published in Springer Journal of Computer Virology and Hacking Techniques (JCVHT), 2018
My paper about a Windows kernel-based sandbox.
Recommended citation: Botacin et al, Marcus. (2018). "The other guys: automated analysis of marginalized malware." Springer JCVHT. 1(1). https://link.springer.com/article/10.1007%2Fs11416-017-0292-8
Published in ACM Transactions on Privacy and Security (TOPS), 2018
My paper proposing a framework based on CPUs branch monitors.
Recommended citation: Botacin et al, Marcus. (2018). "Enhancing Branch Monitoring for Security Purposes: From Control Flow Integrity to Malware Analysis and Debugging." ACM TOPS. 1(1). http://doi.acm.org/10.1145/3152162