Published in Annual Computer Security Applications Conference (ACSAC), 2023
My co-authored paper discussing the concept of a hardware detector for memory injections
Recommended citation: Botacin et al. (2023). "Machine Learning (In) Security: A Stream of Problems" ACM DTRAP. 1(1). https://www.acsac.org/
Published in ACM Digital Threats: Research and Practice (DTRAP), 2023
My co-authored paper discussing the use of Machine Learning (ML) for malware detection
Recommended citation: Ceschin et al. (2023). "Machine Learning (In) Security: A Stream of Problems" ACM DTRAP. 1(1). https://dl.acm.org/doi/10.1145/3617897
Published in Workshop on Offensive Technologies (WOOT), 2023
My paper discussing the use of GPT-3 to automatically generate malware.
Recommended citation: Botacin, Marcus. (2023). "GPThreats-3: Is Automatic Malware Generation a Threat?" WOOT. 1(1). https://ieeexplore.ieee.org/document/10188649
Published in ACM Conference on Code Generation and Optimization (CGO), 2023
Our paper discussing the use of histograms to cluster binaries compiled using different obfuscation strategies.
Recommended citation: Damasio et al, Thais. (2023). " A Game-Based Framework to Compare Program Classifiers and Evaders." ACM CGO. 1(1). https://dl.acm.org/doi/10.1145/3579990.3580012
Published in Springer Information Security Conference (ISC), 2022
Our paper discussing the security of application uninstallers and removers.
Recommended citation: Botacin et al, Marcus. (2022). " Dissecting Applications Uninstallers & Removers: Are they effective?." Springer ISC. 1(1). https://link.springer.com/chapter/10.1007/978-3-031-22390-7_20
Published in Springer Information Security Conference (ISC), 2022
Our paper discussing the science of security of Hardware Performance Counters.
Recommended citation: Botacin et al, Marcus. (2022). " Why we need a theory of maliciousness: Hardware Performance Counters in security." Springer ISC. 1(1). https://link.springer.com/chapter/10.1007/978-3-031-22390-7_22
Published in Elsevier Expert Systems With Applications (ESWA), 2022
Our paper discussing concept drift in Android malware detectors.
Recommended citation: Ceschin et al, Fabricio. (2022). " Fast & Furious: On the modelling of malware detection as an evolving data stream." Elsevier ESWA. 1(1). https://www.sciencedirect.com/science/article/abs/pii/S0957417422016463
Published in Elsevier Expert Systems With Applications (ESWA), 2022
My paper proposing using branch patterns as inspection triggers for malware detection.
Recommended citation: Botacin et al, Marcus. (2022). " HEAVEN: A Hardware-Enhanced AntiVirus ENgine to accelerate real-time, signature-based malware detection." Elsevier ESWA. 1(1). https://www.sciencedirect.com/science/article/abs/pii/S0957417422004882
Published in ACM Transactions on Privacy and Security (TOPS), 2022
My paper proposing hardware breakpoints for AV scanning using a CPU coprocessor.
Recommended citation: Botacin et al, Marcus. (2022). " Terminator: A Secure Coprocessor to Accelerate Real-Time AntiViruses Using Inspection Breakpoints." ACM TOPS. 1(1). https://dl.acm.org/doi/10.1145/3494535
Published in Elsevier Digital Investigation, 2021
My paper about clustering malware using similarity hashing functions.
Recommended citation: Botacin et al, Marcus. (2021). "Understanding uses and misuses of similarity hashing functions for malware detection and family clustering in actual scenarios." Elsevier Digital Investigation. 1(1). https://www.sciencedirect.com/science/article/pii/S2666281721001281
Published in Elsevier Computers & Security, 2021
My paper about challenges to conduct malware research.
Recommended citation: Botacin et al, Marcus. (2021). "Challenges and Pitfalls in Malware Research." Elsevier Comp&Sec. 1(1). https://www.sciencedirect.com/science/article/pii/S0167404821001115
Published in Arxiv, 2021
My preprint paper about symbolic execution for malware analysis.
Recommended citation: Botacin et al, Marcus. (2021). "Malware MultiVerse: From Automatic Logic Bomb Identification to Automatic Patching and Tracing." Arxiv. 1(1). https://arxiv.org/abs/2109.06127
Published in ACM Transactions On Privacy and Security (TOPS), 2021
My paper about Brazilian Financial Malware describing desktop malware samples.
Recommended citation: Botacin et al, Marcus. (2021). "One Size Does Not Fit All: A Longitudinal Analysis of Brazilian Financial Malware." ACM TOPS. 1(1). https://dl.acm.org/doi/10.1145/3429741
Published in Elsevier Computeers & Security, 2021
My paper about analyzing the internals of AV solutions.
Recommended citation: Botacin et al, Marcus. (2021). "AntiViruses under the Microscope: A Hands-On Perspective." Elsevier Comp&Sec. 1(1). https://www.sciencedirect.com/science/article/pii/S0167404821003242
Published in IEEE Transactions on Dependable and Secure Computing (TDSC), 2020
Our paper about detecting malware by adding OS uncertainty
Recommended citation: Sun et al, Ruimin. (2020). "A Praise for Defensive Programming: Leveraging Uncertainty for Effective Malware Mitigation." IEEE TDSC. 1(1). https://ieeexplore.ieee.org/document/9061034
Published in Springer Journal of Computer Virology and Hacking Techniques (JCVHT), 2020
My paper about detecting SMC execution via CPU side-effects
Recommended citation: Botacin et al, Marcus. (2020). "The self modifying code (SMC)-aware processor (SAP): a security look on architectural impact and support." Springer JCVHT. 1(1). https://link.springer.com/article/10.1007%2Fs11416-020-00348-w
Published in Springer Journal of Computer Virology and Hacking Techniques (JCVHT), 2020
My paper about tracing the kernel from within using CPUs branch monitors
Recommended citation: Botacin et al, Marcus. (2020). "Leveraging branch traces to understand kernel internals from within." Springer JCVHT. 1(1). https://link.springer.com/article/10.1007%2Fs11416-019-00343-w
Published in Springer (DIMVA), 2020
My paper about the security of application installers and software repositorires.
Recommended citation: Botacin et al, Marcus. (2020). "On the Security of Application Installers and Online Software Repositories Conference ." Springer DIMVA. 1(1). https://link.springer.com/chapter/10.1007/978-3-030-52683-2_10
Published in The International Symposium on Memory Systems (MEMSYS), 2020
My paper about detecting fileless malware via memory controller instrumentation.
Recommended citation: Botacin et al, Marcus. (2020). "Near-Memory & In-Memory Detection of Fileless Malware." ACM MEMSYS. 1(1). https://dl.acm.org/doi/10.1145/3422575.3422775
Published in ACM Reversing and Offensive-Oriented Trends Symposium (ROOTS), 2020
Our second paper about how we won a malware evasion challenge using adversarial malware samples.
Recommended citation: Ceschin et al, Fabricio. (2020). "No Need to Teach New Tricks to Old Malware: Winning an Evasion Challenge with XOR-Based Adversarial Samples." ACM ROOTS. 1(1). https://dl.acm.org/doi/10.1145/3433667.3433669
Published in Elsevier Computers & Security, 2020
My paper about challenges to evaluate AV solutions.
Recommended citation: Botacin et al, Marcus. (2020). "We Need to Talk About AntiViruses: Challenges & Pitfalls of AV Evaluations." Elsevier Comp&Sec. 1(1). http://www.sciencedirect.com/science/article/pii/S0167404820301310
Published in Information Security Conference (ISC), 2019
Our paper about detecting malware via image textures.
Recommended citation: Beppler et al, Tamy. (2019). "L(a)ying in (Test)Bed: How Biased Datasets Produce Impractical Results for Actual Malware Families’ Classification." Springer ISC. 1(1). https://link.springer.com/chapter/10.1007/978-3-030-30215-3_19
Published in Springer Journal of Computer Virology and Hacking Techniques (JCVHT), 2019
My paper about evading AVs via distributed malware payloads.
Recommended citation: Botacin et al, Marcus. (2019). "VANILLA malware: vanishing antiviruses by interleaving layers and layers of attacks." Springer JCVHT. 1(1). https://link.springer.com/article/10.1007%2Fs11416-019-00333-y
Published in International Symposium on Reconfigurable Communication-centric Systems-on-Chip (Recosoc), 2019
My paper about detecting malware via a ML classifier in an FPGA.
Recommended citation: Botacin et al, Marcus. (2019). "The AV says: Your hardware definitions were updated!." IEEE Recosoc. 1(1). https://ieeexplore.ieee.org/document/9034972
Published in ACM Reversing and Offensive-Oriented Trends Symposium (ROOTS), 2019
Our second paper about how we won a malware evasion challenge using adversarial malware samples.
Recommended citation: Ceschin et al, Fabricio. (2019). "Shallow Security: On the Creation of Adversarial Variants to Evade Machine Learning-Based Malware Detectors." ACM ROOTS. 1(1). https://dl.acm.org/doi/10.1145/3375894.3375898
Published in ACM Reversing and Offensive-Oriented Trends Symposium (ROOTS), 2019
My paper about how to decompile malware from debugging sessions
Recommended citation: Botacin et al, Marcus. (2019). "RevEngE is a Dish Served Cold: Debug-Oriented Malware Decompilation and Reassembly." ACM ROOTS. 1(1). https://dl.acm.org/doi/10.1145/3375894.3375895
Published in International Conference on Availability, Reliability and Security (ARES), 2019
My paper about the nature of Mobile Banking Apps in Brazil.
Recommended citation: Botacin et al, Marcus. (2019). "The Internet Banking [in]Security Spiral: Past, Present, and Future of Online Banking Protection Mechanisms Based on a Brazilian Case Study." ACM ARES. 1(1). https://dl.acm.org/doi/10.1145/3339252.3340103
Published in ACM Computing Surveys (CSUR), 2018
My paper about the state-of-the-art on hardware support for security applications.
Recommended citation: Botacin et al, Marcus. (2018). "Who Watches the Watchmen: A Security-focused Review on Current State-of-the-art Techniques, Tools, and Methods for Systems and Binary Analysis on Modern Platforms." ACM CSUR. 1(1). http://doi.acm.org/10.1145/3199673
Published in Springer Journal of Computer Virology and Hacking Techniques (JCVHT), 2018
My paper about a Windows kernel-based sandbox.
Recommended citation: Botacin et al, Marcus. (2018). "The other guys: automated analysis of marginalized malware." Springer JCVHT. 1(1). https://link.springer.com/article/10.1007%2Fs11416-017-0292-8
Published in ACM Transactions on Privacy and Security (TOPS), 2018
My paper proposing a framework based on CPUs branch monitors.
Recommended citation: Botacin et al, Marcus. (2018). "Enhancing Branch Monitoring for Security Purposes: From Control Flow Integrity to Malware Analysis and Debugging." ACM TOPS. 1(1). http://doi.acm.org/10.1145/3152162