{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T14:32:39Z","timestamp":1754145159844,"version":"3.41.2"},"publisher-location":"Cham","reference-count":52,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031823619"},{"type":"electronic","value":"9783031823626"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-82362-6_25","type":"book-chapter","created":{"date-parts":[[2025,4,1]],"date-time":"2025-04-01T10:08:36Z","timestamp":1743502116000},"page":"416-436","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Enabling Android Application Monitoring by\u00a0Characterizing Security-Critical Code Fragments"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9007-9896","authenticated-orcid":false,"given":"Hendrik","family":"Eikerling","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4286-714X","authenticated-orcid":false,"given":"Anemone","family":"Kampk\u00f6tter","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,4,1]]},"reference":[{"key":"25_CR1","doi-asserted-by":"publisher","unstructured":"Arp, D., Spreitzenbarth, M., Huebner, M., Gascon, H., Rieck, K.: DREBIN: effective and explainable detection of android malware in your pocket. In: Symposium on Network and Distributed System Security (NDSS), vol. 14 (2014). https:\/\/doi.org\/10.14722\/ndss.2014.23247","DOI":"10.14722\/ndss.2014.23247"},{"key":"25_CR2","doi-asserted-by":"publisher","unstructured":"Arzt, S., et al.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 259\u2013269. PLDI 2014, Association for Computing Machinery, New York, NY, USA (2014). https:\/\/doi.org\/10.1145\/2594291.2594299","DOI":"10.1145\/2594291.2594299"},{"key":"25_CR3","doi-asserted-by":"crossref","unstructured":"Book, T., Wallach, D.S.: A case of collusion: a study of the interface between Ad libraries and their apps. In: Proceedings of the ACM Workshop on Security and Privacy in Smartphones & Mobile Devices (2013)","DOI":"10.1145\/2516760.2516762"},{"key":"25_CR4","doi-asserted-by":"publisher","unstructured":"Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 15\u201326. SPSM 2011, Association for Computing Machinery, New York, NY, USA (2011). https:\/\/doi.org\/10.1145\/2046614.2046619","DOI":"10.1145\/2046614.2046619"},{"key":"25_CR5","doi-asserted-by":"publisher","unstructured":"Cai, H.: Assessing and improving malware detection sustainability through app evolution studies. ACM Trans. Softw. Eng. Methodol. 29(2) (2020). https:\/\/doi.org\/10.1145\/3371924","DOI":"10.1145\/3371924"},{"issue":"6","key":"25_CR6","doi-asserted-by":"publisher","first-page":"1455","DOI":"10.1109\/TIFS.2018.2879302","volume":"14","author":"H Cai","year":"2019","unstructured":"Cai, H., Meng, N., Ryder, B., Yao, D.: DroidCat: effective android malware detection and categorization via app-level profiling. IEEE Trans. Inf. Forensics Secur. 14(6), 1455\u20131470 (2019). https:\/\/doi.org\/10.1109\/TIFS.2018.2879302","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"25_CR7","unstructured":"Canadian institute for cybersecurity: CICMalDroid (2020). https:\/\/www.unb.ca\/cic\/datasets\/maldroid-2020.html. Accessed 28 June 2024"},{"key":"25_CR8","unstructured":"Dai, S., Wei, T., Zou, W.: DroidLogger: Reveal suspicious behavior of android applications via instrumentation. In International Conference on Computing and Convergence Technology (2012)"},{"key":"25_CR9","unstructured":"Dai, S., Wei, T., Zou, W.: DroidLogger: reveal suspicious behavior of android applications via instrumentation. In: 2012 7th International Conference on Computing and Convergence Technology (ICCCT), pp. 550\u2013555 (2012)"},{"key":"25_CR10","unstructured":"dpnishant: Appmon (2018). https:\/\/github.com\/dpnishant\/appmon. Accessed 28 June 2024"},{"key":"25_CR11","doi-asserted-by":"publisher","unstructured":"Dziwok, S., Koch, T., Merschjohann, S., Budweg, B., Leuer, S.: AppSecure.nrw software security study (2021). https:\/\/doi.org\/10.48550\/ARXIV.2108.11752","DOI":"10.48550\/ARXIV.2108.11752"},{"key":"25_CR12","doi-asserted-by":"publisher","unstructured":"Enck, W., et al.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. 32(2) (2014). https:\/\/doi.org\/10.1145\/2619091","DOI":"10.1145\/2619091"},{"key":"25_CR13","doi-asserted-by":"publisher","unstructured":"Fan, M., et al.: Android malware familial classification and representative sample selection via frequent subgraph analysis. IEEE Trans. Inf. Forensics Secur., 2806891 (2018). https:\/\/doi.org\/10.1109\/TIFS.2018","DOI":"10.1109\/TIFS.2018"},{"key":"25_CR14","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2844349","author":"P Feng","year":"2018","unstructured":"Feng, P., Ma, J., Sun, C., Xu, X., Ma, Y.: A novel dynamic android malware detection system with ensemble learning. IEEE Access (2018). https:\/\/doi.org\/10.1109\/ACCESS.2018.2844349","journal-title":"IEEE Access"},{"key":"25_CR15","unstructured":"Google Inc.: Android emulator (2022). http:\/\/developer.android.com\/tools\/help\/emulator.html. Accessed 28 June 2024"},{"key":"25_CR16","unstructured":"Google Inc.: ART TI (2022). https:\/\/source.android.com\/docs\/core\/runtime\/art-ti?hl=en. Accessed 28 June 2024"},{"key":"25_CR17","unstructured":"Google Inc.: Android API reference (2023). https:\/\/developer.android.com\/reference\/packages.html. Accessed 8 June 2024"},{"key":"25_CR18","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-980109","author":"S Hofmeyr","year":"1999","unstructured":"Hofmeyr, S., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. J. Comput. Secur. (1999). https:\/\/doi.org\/10.3233\/JCS-980109","journal-title":"J. Comput. Secur."},{"issue":"1","key":"25_CR19","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s40064-016-1861-x","volume":"5","author":"J Jang","year":"2016","unstructured":"Jang, J., Yun, J., Mohaisen, A., Woo, J., Kim, H.K.: Detecting and classifying method based on similarity matching of Android malware behavior with profile. Springerplus 5(1), 1\u201323 (2016). https:\/\/doi.org\/10.1186\/s40064-016-1861-x","journal-title":"Springerplus"},{"key":"25_CR20","unstructured":"Kang, H.J., Jang, J.w., Mohaisen, A., Kim, H.K.: AndroTracker: creator information based android malware classification system. In: Information Security Applications-15th International Workshop, WISA, vol.\u00a08909 (2014)"},{"key":"25_CR21","doi-asserted-by":"publisher","unstructured":"Karami, M., Elsabagh, M., Najafiborazjani, P., Stavrou, A.: Behavioral analysis of android applications using automated instrumentation, pp. 182\u2013187 (2013). https:\/\/doi.org\/10.1109\/SERE-C.2013.35","DOI":"10.1109\/SERE-C.2013.35"},{"key":"25_CR22","doi-asserted-by":"publisher","unstructured":"Kir\u00e1ly, F., et al.: sktime\/sktime: v0.30.1 (2024). https:\/\/doi.org\/10.5281\/zenodo.11479106","DOI":"10.5281\/zenodo.11479106"},{"key":"25_CR23","doi-asserted-by":"publisher","unstructured":"Klieber, W., Flynn, L., Bhosale, A., Jia, L., Bauer, L.: Android taint flow analysis for app sets. In: Proceedings of the 3rd ACM SIGPLAN International Workshop on the State of the Art in Java Program Analysis, pp. 1\u20136. SOAP 2014, Association for Computing Machinery, New York, NY, USA (2014). https:\/\/doi.org\/10.1145\/2614628.2614633","DOI":"10.1145\/2614628.2614633"},{"issue":"6","key":"25_CR24","doi-asserted-by":"publisher","first-page":"1269","DOI":"10.1109\/TIFS.2017.2656460","volume":"12","author":"L Li","year":"2017","unstructured":"Li, L., et al.: Understanding android app piggybacking: a systematic study of malicious code grafting. IEEE Trans. Inf. Forensics Secur. 12(6), 1269\u20131284 (2017). https:\/\/doi.org\/10.1109\/TIFS.2017.2656460","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"25_CR25","doi-asserted-by":"crossref","unstructured":"Li, W., Fu, X., , Cai, H.: AndroCT: ten years of app call traces in android. In: The 18th International Conference on Mining Software Repositories (MSR 2021), Data Showcase Track (2021)","DOI":"10.1109\/MSR52588.2021.00076"},{"key":"25_CR26","doi-asserted-by":"publisher","unstructured":"Liang, S., Du., X.: Permission-combination-based scheme for android mobile malware detection. In: IEEE ICC (2014). https:\/\/doi.org\/10.1109\/ICC.2014.6883666","DOI":"10.1109\/ICC.2014.6883666"},{"key":"25_CR27","unstructured":"L\u00f6ning, M., Bagnall, A.J., Ganesh, S., Kazakov, V., Lines, J., Kir\u00e1ly, F.J.: sktime: a unified interface for machine learning with time series. CoRR abs\/1909.07872 (2019). http:\/\/arxiv.org\/abs\/1909.07872"},{"key":"25_CR28","doi-asserted-by":"publisher","unstructured":"Mohamed, S.E., Ashaf, M., Ehab, A., Shereef, O., Metwaie, H., Amer, E.: Detecting malicious android applications based On API calls and permissions using machine learning algorithms. In: International Mobile, Intelligent, and Ubiquitous Computing Conference (2021). https:\/\/doi.org\/10.1109\/MIUCC52538.2021.9447594","DOI":"10.1109\/MIUCC52538.2021.9447594"},{"key":"25_CR29","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2013.09.014","author":"V Moonsamy","year":"2014","unstructured":"Moonsamy, V., Rong, J., Liu, S.: Mining permission patterns for contrasting clean and malicious android applications. Futur. Gener. Comput. Syst. (2014). https:\/\/doi.org\/10.1016\/j.future.2013.09.014","journal-title":"Futur. Gener. Comput. Syst."},{"key":"25_CR30","doi-asserted-by":"publisher","unstructured":"Nguyen-Vu, L., Ahn, J., Jung, S.: Android fragmentation in malware detection. Comput. Secur. 87, 101573 (2019). https:\/\/doi.org\/10.1016\/j.cose.2019.101573","DOI":"10.1016\/j.cose.2019.101573"},{"key":"25_CR31","unstructured":"Oracle corporation: Java Agents - Package java.lang.instrument (2020). https:\/\/docs.oracle.com\/javase\/7\/docs\/api\/java\/lang\/instrument\/package-summary.html. Accessed 28 June 2024"},{"key":"25_CR32","unstructured":"Oracle corporation: JVM tool interface (JVMTI) Version 21.0 (2024). https:\/\/docs.oracle.com\/en\/java\/javase\/21\/docs\/specs\/jvmti.html. Accessed 28 June 2024"},{"key":"25_CR33","unstructured":"OWASP: AppSensor. https:\/\/owasp.org\/www-project-appsensor\/. Accessed 28 June 2024"},{"key":"25_CR34","doi-asserted-by":"publisher","unstructured":"Qu, Z., Alam, S., Chen, Y., Zhou, X., Hong, W., Riley, R.: DyDroid: measuring dynamic code loading and its security implications in android applications. In: IEEE\/IFIP International Conference on Dependable Systems and Networks (2017). https:\/\/doi.org\/10.1109\/DSN.2017.14","DOI":"10.1109\/DSN.2017.14"},{"key":"25_CR35","unstructured":"Rapid7: Metasploit framework. https:\/\/github.com\/rapid7\/metasploit-framework. Accessed 28 June 2024"},{"key":"25_CR36","doi-asserted-by":"publisher","unstructured":"Rasthofer, S., Arzt, S., Bodden, E.: A machine-learning approach for classifying and categorizing android sources and sinks. In: NDSS (2014). https:\/\/doi.org\/10.14722\/ndss.2014.23039","DOI":"10.14722\/ndss.2014.23039"},{"key":"25_CR37","doi-asserted-by":"publisher","unstructured":"Rasthofer, S., Arzt, S., Miltenberger, M., Bodden, E.: Harvesting runtime values in android applications that feature anti-analysis techniques. In: NDSS (2016). https:\/\/doi.org\/10.14722\/ndss.2016.23066","DOI":"10.14722\/ndss.2016.23066"},{"key":"25_CR38","doi-asserted-by":"publisher","unstructured":"Rastogi, V., Chen, Y., Enck, W.: AppsPlayground: automatic security analysis of smartphone applications, pp. 209\u2013220 (2013). https:\/\/doi.org\/10.1145\/2435349.2435379","DOI":"10.1145\/2435349.2435379"},{"key":"25_CR39","doi-asserted-by":"publisher","unstructured":"Shatnawi, A.S., Jaradat, A., Yaseen, T.B., Taqieddin, E., Al-Ayyoub, M., Mustafa, D.: An android malware detection leveraging machine learning. Wirel. Commun. Mob. Comput. 2022 (2022). https:\/\/doi.org\/10.1155\/2022\/1830201","DOI":"10.1155\/2022\/1830201"},{"key":"25_CR40","unstructured":"StatCounter: mobile operating system market share worldwide (2023). https:\/\/gs.statcounter.com\/os-market-share\/mobile\/worldwide"},{"key":"25_CR41","doi-asserted-by":"publisher","unstructured":"Sun, H., et al.: A programming model and framework for comprehensive dynamic analysis on android. In: Proceedings of the 14th International Conference on Modularity. p. 133\u2013145. MODULARITY 2015, Association for Computing Machinery, New York, NY, USA (2015). https:\/\/doi.org\/10.1145\/2724525.2724566","DOI":"10.1145\/2724525.2724566"},{"key":"25_CR42","doi-asserted-by":"publisher","unstructured":"Tam, K., Khan, S., Fattori, A., Cavallaro, L.: CopperDroid: automatic reconstruction of android malware behaviors (2015). https:\/\/doi.org\/10.14722\/ndss.2015.23145","DOI":"10.14722\/ndss.2015.23145"},{"key":"25_CR43","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2018.11.021","author":"P Vinod","year":"2018","unstructured":"Vinod, P., Zemmari, A., Conti, M.: A machine learning based approach to detect malicious android apps using discriminant system calls. Futur. Gener. Comput. Syst. (2018). https:\/\/doi.org\/10.1016\/j.future.2018.11.021","journal-title":"Futur. Gener. Comput. Syst."},{"key":"25_CR44","unstructured":"Watson, C., Groves, D., Melton, J.: OWASP AppSensor. https:\/\/owasp.org\/www-project-appsensor\/ (2014). Accessed 14 Aug 2024"},{"key":"25_CR45","doi-asserted-by":"publisher","unstructured":"Wohlin, C.: Guidelines for snowballing in systematic literature studies and a replication in software engineering. ACM, New York, NY, USA (2014). https:\/\/doi.org\/10.1145\/2601248.2601268","DOI":"10.1145\/2601248.2601268"},{"key":"25_CR46","doi-asserted-by":"publisher","unstructured":"Wohlin, C., Runeson, P., H\u00f6st, M., Ohlsson, M.C., Regnell, B., Wessl\u00e9n, A.: Experimentation in Software Engineering. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-662-69306-3","DOI":"10.1007\/978-3-662-69306-3"},{"key":"25_CR47","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2018.09.042","author":"Y Xu","year":"2019","unstructured":"Xu, Y., Wang, G., Ren, J., Zhang, Y.: An adaptive and configurable protection framework against android privilege escalation threats. Futur. Gener. Comput. Syst. (2019). https:\/\/doi.org\/10.1016\/j.future.2018.09.042","journal-title":"Futur. Gener. Comput. Syst."},{"key":"25_CR48","doi-asserted-by":"publisher","unstructured":"Yan, L.K., Yin, H.: DroidScope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic android malware analysis. In: Proceedings of the 21st USENIX Conference on Security Symposium, p.\u00a029. Security 2012, USENIX Association, USA (2012). https:\/\/doi.org\/10.5555\/2362793.2362822","DOI":"10.5555\/2362793.2362822"},{"key":"25_CR49","doi-asserted-by":"publisher","unstructured":"Yerima, S., Muttik, I., Sezer, S.: High accuracy android malware detection using ensemble learning. IET Inf. Secur. (2015). https:\/\/doi.org\/10.1049\/iet-ifs.2014.0099","DOI":"10.1049\/iet-ifs.2014.0099"},{"issue":"11","key":"25_CR50","doi-asserted-by":"publisher","first-page":"3286","DOI":"10.1109\/TC.2023.3292001","volume":"72","author":"D Zhan","year":"2023","unstructured":"Zhan, D., Tan, K., Ye, L., Yu, X., Zhang, H., He, Z.: An adversarial robust behavior sequence anomaly detection approach based on critical behavior unit learning. IEEE Trans. Comput. 72(11), 3286\u20133299 (2023). https:\/\/doi.org\/10.1109\/TC.2023.3292001","journal-title":"IEEE Trans. Comput."},{"key":"25_CR51","doi-asserted-by":"crossref","unstructured":"Zhang, Y., et al.: Vetting undesirable behaviors in android apps with permission use analysis. In: Proceedings of the ACM SIGSAC Conference on Computer & communications security (2013)","DOI":"10.1145\/2508859.2516689"},{"key":"25_CR52","doi-asserted-by":"crossref","unstructured":"Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: IEEE Symposium on Security and Privacy (2012)","DOI":"10.1109\/SP.2012.16"}],"container-title":["Lecture Notes in Computer Science","Computer Security. ESORICS 2024 International Workshops"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-82362-6_25","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,16]],"date-time":"2025-07-16T17:00:44Z","timestamp":1752685244000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-82362-6_25"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031823619","9783031823626"],"references-count":52,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-82362-6_25","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"1 April 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bydgoszcz","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Poland","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 September 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 September 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/esorics2024.org","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}