Keynotes

Pick Two: Robustness, Accuracy, Real Correlations in Malware Detection with AI
Luca Demetrio, University of Genova

Abstract: While great progress has been achieved in the domain of Windows malware detection, there is still work to do. In particular, these models reach incredible performance, but at the cost of either robustness against unseen attacks, or by relying on spurious correlations inside data that are known to be useless by expert domain knowledge. In this talk, we will present the limits of current literature, and provide some pointers towards possible lines of research that address this triangle.

Bio: Luca Demetrio is an Assistant Professor (University of Genova). He is currently investigating the principal issues that hinders the security of Machine Learning and Artificial Intelligence, with strong emphasis on their applications in the Cyber Security domain. With his seminal work on top-tier international journals (TIFS, TOPS), he highlighted how novel machine-learning threat detectors can be easily deceived by injecting minimal perturbations inside malware, potentially harming end-user devices. In 2023, he received an honorable mention “Premio Giovani Ricercatori” from the “Gruppo 2003” for his research on adversarial attacks against Windows malware detectors. In 2024, he also was appointed Associate Editor for the journal Pattern Recognition.

Our detector has a 99.99% accuracy!” but malware is still out there...
Andrea Continella, University of Twente

Abstract: Malware is one of the oldest and still nowadays major Internet threats. Over the past 20 years, researchers and practitioners have designed and deployed increasingly sophisticated solutions to detect malicious samples, and the cybersecurity industry is now overflowing with anti-malware solutions, which score almost perfect detection rates. Nonetheless, as a matter of fact, malware still exists and infects systems on a daily basis, including critical infrastructures. In this talk, I will take you on a journey into the depths of malware analysis and detection, highlighting the current open problems in the state-of-the-art, and pointing out directions for future research in a field too often considered "solved". Finally, I will conclude my talk with takeaways and lessons learned that apply beyond the malware scope and are actionable in several cybersecurity fields, discussing the way forward for our community.

Bio: Andrea Continella is an Associate Professor at the University of Twente, where he leads the cybersecurity team of the Semantics, Cybersecurity & Services group (SCS), and he is a member of the International Secure Systems Lab (iSecLab). His research focuses on several aspects of systems security, such as malware and threat analysis, mobile and IoT security, software and firmware security, and large-scale measurements of security issues. Andrea is a strong advocate for open and reproducible science, he regularly publishes at top-tier security venues, and he serves on the program committees of major systems security conferences.

Accepted Papers

The formal program will be published soon. We plan to start at 9:30.

	Technical Papers Session I: Robustifying AI Detectors
	Mitigating Information Leakage in Large Language Models: Evaluating the Impact of Code Obfuscation on Vulnerability Detection Bengü Gülay (Sabancı University), Cemal Yılmaz (Sabancı University)
	Demystifying the Role of Rule-based Detection in AI Systems for Windows Malware Detection Andrea Ponte (University of Genova), Luca Demetrio (University of Genova), Luca Oneto (University of Genova), Ivan Tesfai Ogbu (Rina Consulting S.p.A.), Battista Biggio (University of Cagliari), Fabio Roli (University of Genova, University of Cagliari)
	On the Effect of Ruleset Tuning and Data Imbalance on Explainable Network Security Alert Classifications: a Case-Study on DeepCASE Koen Teuwen (Eindhoven University of Technology), Sam Baggen (Eindhoven University of Technology), Emmanuele Zambon (Eindhoven University of Technology), Luca Allodi (Eindhoven University of Technology)
	Technical Papers Session II: Improving Windows Malware Detection
	Democratizing Generic Malware Unpacking Thorsten Jenke (Fraunhofer FKIE), Max Ufer (Fraunhofer FKIE), Manuel Blatt (Fraunhofer FKIE), Leander Kohler (Universität Bonn), Elmar Padilla (Fraunhofer FKIE), Lilli Bruckschen (Fraunhofer FKIE)
	Toward Automatically Generating User-specific Recovery Procedures after Malware Infections Jerre Starink (University of Twente), Cassie Wanjun Xu (TU Delft), Andrea Continella (University of Twente)
	Technical Session III: Beyond Detection: Pre-Analysis and Post-Infection Phases
	A Unified Comparison of Tabular and Graph-Based Feature Representations in Machine Learning for Malware Detection Samy Bettaieb (UCLouvain), Serena Lucca (UCLouvain), Charles-Henry Bertrand Van Ouytsel (UCLouvain), Axel Legay (Nexova), Etienne Rivière (UCLouvain)
	Do Fear The REAPIR: Adversarial Malware From API Replacement Luke Kurlandski (Rochester Institute of Technology), Rayan Mosli (King Abdulaziz University), Yin Pan (Rochester Institute of Technology), Sirapat Thianphan (Rochester Institute of Technology), Matthew Wright (Rochester Institute of Technology)

Call for Papers

Important Dates

• Abstract registration deadline: February 20 March 3, 2025; 11:59 PM (AoE, UTC-12)
• Paper submission deadline: February 27 March 6, 2025; 11:59 PM (AoE, UTC-12)
• Acceptance notification: March 31, 2025
• Camera ready due: April 16, 2025; 11:59 PM (AoE, UTC-12)
• Workshop date: June 30, 2025

New from last year

• Original research papers are expected to have a main text of 6 pages, instead of 8 pages.
• We introduced "Guidelines for Authors" and "Guidelines for Reviewers" regarding the use of Generative AI tools.
• The description of position papers is updated to highlight the importance of originality.

Overview

Malware research is a discipline of information security that aims to provide protection against unwanted and dangerous software. Since the mid-1980s, researchers in this area have been leading a technological arms race against creators of malware. Many ideas have been proposed, to varying degrees of effectiveness, from more traditional systems security and program analysis to the use of AI and Machine Learning. Nevertheless, with increased technological complexity and despite more sophisticated defenses, malware’s impact has grown, rather than shrunk. It appears that the defenders are continually reacting to yesterday’s threats, only to be surprised by today's minor variations. The rise of Generative AI and Large Language models opens the path for new attackers strategies at reduced costs, and complicates the work for defenders.

This lack of robustness is most apparent in signature matching, where malware is represented by a characteristic substring. The fundamental limitation of this approach is its reliance on falsifiable evidence. Mutating the characteristic substring, i.e., falsifying the evidence, is effective in evading detection, and cheaper than discovering the substring in the first place. Unsurprisingly, the same limitation applies to malware detectors based on machine learning, as long as they rely on falsifiable features for decision-making. Robust malware features are necessary. Furthermore, robust methods for malware classification and analysis are needed across the board to overcome phenomena including, but not limited to, concept drift (malware evolution), polymorphism, new malware families, new anti-analysis techniques, and adversarial machine learning, while supporting robust explanations.

This workshop solicits work that aims to rethink how we conduct malware analysis, with the goal of creating long-term solutions to the threats of today’s digital environment. Potential research directions are malware detection, benchmark datasets, environments for malware arms race simulation, and exploring limitations of existing work, among others.

Topics of Interest

Topics of interest include (but are not limited to):

Bridging the Gap between Academia and Industry
Topics related to addressing the disconnect that often exists between academic research and its practical application in real-world industry scenarios:

• Translating research into practice
• Identifying practical constraints of theoretical models
• Applying academic rigor to real-world problems
• Releasing open data and collaborative platforms

GenAI, Large Language Models, and Malware
Topics related to the use of LLMs for both attack generation and detection, including:

• The use of Generative AI in creative ways to thwart attackers or defenders
• New risks rising from Generative AI
• Using LLMs to explain malware behaviors
• Using LLMS for better malware analysis
• Using LLMs for modifying code automatically

Malware Analysis
Topics related to understanding the malicious actions exhibited by malware:

• Identification of malware behaviors
• Identification of code modules which implement specific behaviors
• Unsupervised behavior identification
• Machine Learning and AI for behavior identification
• Reliable parsing of file formats and program code
• De-obfuscation and de-cloaking of malware
• Robust static and dynamic code analysis
• Feature extraction in presence of adversaries
• Robust signature generation and matching

Malware Detection
Topics related to techniques for malware detection:

• Developing robust malware detection, malware family recognition, identification of novel malware families
• Network-based malware analysis
• Host-based malware analysis
• Malware datasets: publication of new datasets for detection, e.g., family recognition, new family identification, behavior identification, generalization ability

Malware Attribution
Topics exploring methods and techniques to confidently attribute a piece of malware to its creators:

• Binary and source-code attribution
• Adversarial attribution

Malware Arms Race
Topics related to the malware arms race:

• Virtual malware arms race environments and competition reports – automated bots of malware and detectors simultaneously attacking and defending networked hosts, adaptively co-evolving in their quest towards supremacy
• Automated countermeasures to malware anti-analysis techniques, e.g., packing, anti-debugging, anti-emulation
• Bypassing anti-malware (anti-virus), e.g., via problem-space adversarial modifications

Robustness Evaluations of Malware Analysis
Topics exploring the limitations of existing research:

• Experiments demonstrating the limitations in robustness of existing methods (for detection, unpacking, behavior analysis, etc.), datasets, defenses
• Machine learning-based malware analysis and adversarial machine learning
• Overcoming limitations – demonstrating methods resilient to, e.g., concept drift (malware evolution), polymorphism, new malware families, new anti-analysis techniques, or adversarial machine learning defenses

Submission Guidelines

We invite the following types of papers:

• Original Research papers, which are expected to be 6 pages in double-column IEEE format, not exceeding 12 pages with the references and appendices. This category of papers should describe original work that is not previously published or concurrently submitted elsewhere. In this category, we strongly encourage the submission of open-source software artifacts and emphasize the importance of reproducibility in results. We acknowledge that while these elements may not be mandatory for the acceptance of a paper, they significantly contribute to enhancing the overall merit of original research.
• Position or open-problem papers, of up to 6 pages, in double-column IEEE format, not exceeding 12 pages with the references and appendices. Title for this category must include the text "Position:" at the beginning. Position research papers aim at fostering discussion and collaboration by presenting preliminary research activities, work in progress and/or industrial innovations. Position research papers may systematize existing research results and outline new emerging ideas.

Submissions must be anonymous (double-blind review), and authors should refer to their previous work in the third person. Submissions must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or conference with proceedings.

Papers must be typeset in LaTeX in A4 format (not "US Letter") using the IEEE conference proceeding template supplied by IEEE EuroS&P: eurosp-template.zip. Please do not use other IEEE templates.

Submissions must be in Portable Document Format (.pdf). Authors should pay special attention to unusual fonts, images, and figures that might create problems for reviewers. Your document should render correctly in Adobe Reader XI and when printed in black and white.

Accepted papers will be published in IEEE Xplore. One author of each accepted paper is required to attend the workshop and present the paper for it to be included in the proceedings. Committee members are not required to read the appendices, so the paper should be intelligible without them. Submissions must be in English.

Use of Generative AI tools

Guidelines for Authors: We encourage authors to use any suitable tools, including Large Language Models (LLMs), for preparing high-quality papers. However, authors must adhere to three key criteria:

• The methodology of use must be thoroughly documented and reported as citations or footnotes.
• If LLMs are integral to the contributions of the paper, their use should be explicitly motivated and justified in the body of the paper.
• The authors are responsible for the entire content of their paper, including all text and figures. While any tool may be used for improving writing and presentation (with due documentation), it is crucial that all content is accurate (i.e., factually correct and aligned with the research presented) and original (i.e., avoids plagiarism), ensuring transparency and maintaining the integrity of the research process.

Guidelines for Reviewers: To protect the nature of the peer-review process, reviewers are expected to form their opinion about the paper and construct their feedback independently, i.e., without applying any automated analysis or reasoning tools to the workshop submissions. The reviewers are strictly disallowed to input the paper PDFs and text snippets from the reviewed paper into any AI-based tool, including LLMs and AI detection tools.

Submission Site

HotCrp Submission Website: https://submission.intellisec.de/worma-2025