{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,5]],"date-time":"2025-11-05T06:25:56Z","timestamp":1762323956487},"publisher-location":"Cham","reference-count":37,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319336923"},{"type":"electronic","value":"9783319336930"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-319-33693-0_21","type":"book-chapter","created":{"date-parts":[[2016,5,24]],"date-time":"2016-05-24T05:35:47Z","timestamp":1464068147000},"page":"326-341","source":"Crossref","is-referenced-by-count":3,"title":["On Robust Malware Classifiers by Verifying Unwanted Behaviours"],"prefix":"10.1007","author":[{"given":"Wei","family":"Chen","sequence":"first","affiliation":[]},{"given":"David","family":"Aspinall","sequence":"additional","affiliation":[]},{"given":"Andrew D.","family":"Gordon","sequence":"additional","affiliation":[]},{"given":"Charles","family":"Sutton","sequence":"additional","affiliation":[]},{"given":"Igor","family":"Muttik","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,5,24]]},"reference":[{"key":"21_CR1","unstructured":"Malware Genome Project (2012). http:\/\/www.malgenomeproject.org\/"},{"key":"21_CR2","unstructured":"Forensic Blog (2014). http:\/\/forensics.spreitzenbarth.de\/android-malware\/"},{"key":"21_CR3","unstructured":"Juniper Networks (2015). https:\/\/www.juniper.net\/security\/auto\/includes\/mobile_signature_descriptions.html"},{"key":"21_CR4","unstructured":"Symantec security response (2015). http:\/\/www.symantec.com\/security_response\/"},{"key":"21_CR5","series-title":"Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","doi-asserted-by":"crossref","first-page":"86","DOI":"10.1007\/978-3-319-04283-1_6","volume-title":"Security and Privacy in Communication Networks","author":"Y Aafer","year":"2013","unstructured":"Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: mining API-level features for robust malware detection in Android. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds.) SecureComm 2013. LNICST, vol. 127, pp. 86\u2013103. Springer, Heidelberg (2013)"},{"issue":"3","key":"21_CR6","doi-asserted-by":"crossref","first-page":"175","DOI":"10.1080\/00031305.1992.10475879","volume":"46","author":"NS Altman","year":"1992","unstructured":"Altman, N.S.: An introduction to kernel and nearest-neighbor nonparametric regression. Am. Stat. 46(3), 175\u2013185 (1992)","journal-title":"Am. Stat."},{"issue":"2","key":"21_CR7","doi-asserted-by":"crossref","first-page":"87","DOI":"10.1016\/0890-5401(87)90052-6","volume":"75","author":"D Angluin","year":"1987","unstructured":"Angluin, D.: Learning regular sets from queries and counterexamples. Inf. Comput. 75(2), 87\u2013106 (1987)","journal-title":"Inf. Comput."},{"key":"21_CR8","doi-asserted-by":"crossref","unstructured":"Arp, D., et al.: Drebin: efficient and explainable detection of Android malware in your pocket. In: NDSS, pp. 23\u201326 (2014)","DOI":"10.14722\/ndss.2014.23247"},{"key":"21_CR9","doi-asserted-by":"crossref","unstructured":"Au, K.W.Y., et al.: PScout: analyzing the Android permission specification. In: CCS, pp. 217\u2013228 (2012)","DOI":"10.1145\/2382196.2382222"},{"key":"21_CR10","doi-asserted-by":"crossref","unstructured":"Barrera, D., Kayacik, H.G., van Oorschot, P.C., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to Android. In: CCS, pp. 73\u201384 (2010)","DOI":"10.1145\/1866307.1866317"},{"key":"21_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"168","DOI":"10.1007\/978-3-642-16612-9_14","volume-title":"Runtime Verification","author":"P Beaucamps","year":"2010","unstructured":"Beaucamps, P., Gnaedig, I., Marion, J.-Y.: Behavior abstraction in malware analysis. In: Barringer, H., et al. (eds.) RV 2010. LNCS, vol. 6418, pp. 168\u2013182. Springer, Heidelberg (2010)"},{"issue":"6","key":"21_CR12","doi-asserted-by":"crossref","first-page":"592","DOI":"10.1109\/TC.1972.5009015","volume":"21","author":"AW Biermann","year":"1972","unstructured":"Biermann, A.W., Feldman, J.A.: On the synthesis of finite-state machines from samples of their behavior. IEEE Trans. Comput. 21(6), 592\u2013597 (1972)","journal-title":"IEEE Trans. Comput."},{"key":"21_CR13","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1023\/A:1010933404324","volume":"45","author":"L Breiman","year":"2001","unstructured":"Breiman, L.: Random forests. Mach. Learn. 45, 5\u201332 (2001)","journal-title":"Mach. Learn."},{"key":"21_CR14","doi-asserted-by":"crossref","unstructured":"Chakradeo, S., Reaves, B., Traynor, P., Enck, W.: MAST: triage for market-scale mobile malware analysis. In: WiSec, pp. 13\u201324 (2013)","DOI":"10.1145\/2462096.2462100"},{"key":"21_CR15","volume-title":"Semi-Supervised Learning","author":"O Chapelle","year":"2010","unstructured":"Chapelle, O., Schlkopf, B., Zien, A.: Semi-Supervised Learning. The MIT Press, Cambridge (2010)"},{"key":"21_CR16","unstructured":"Chen, K.Z., et al.: Contextual policy enforcement in Android applications with permission event graphs. In: NDSS (2013)"},{"key":"21_CR17","unstructured":"Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of Android application security. In: USENIX Security Symposium (2011)"},{"key":"21_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"232","DOI":"10.1007\/10722167_20","volume-title":"Computer Aided Verification","author":"J Esparza","year":"2000","unstructured":"Esparza, J., Hansel, D., Rossmanith, P., Schwoon, S.: Efficient algorithms for model checking pushdown systems. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855, pp. 232\u2013247. Springer, Heidelberg (2000)"},{"key":"21_CR19","doi-asserted-by":"crossref","unstructured":"Fredrikson, M., et al.: Synthesizing near-optimal malware specifications from suspicious behaviors. In: Proceedings of the IEEE Symposium on Security and Privacy, SP 2010, pp. 45\u201360 (2010)","DOI":"10.1109\/SP.2010.11"},{"issue":"1","key":"21_CR20","doi-asserted-by":"crossref","first-page":"119","DOI":"10.1006\/jcss.1997.1504","volume":"55","author":"Y Freund","year":"1997","unstructured":"Freund, Y., Schapire, R.E.: A decision-theoretic generalization of on-line learning and an application to boosting. J. Comput. Syst. Sci. 55(1), 119\u2013139 (1997)","journal-title":"J. Comput. Syst. Sci."},{"key":"21_CR21","doi-asserted-by":"crossref","unstructured":"Gascon, H., Yamaguchi, F., Arp, D., Rieck, K.: Structural detection of Android malware using embedded call graphs. In: AISec, pp. 45\u201354 (2013)","DOI":"10.1145\/2517312.2517315"},{"key":"21_CR22","doi-asserted-by":"crossref","unstructured":"Gorla, A., et al.: Checking app behavior against app descriptions. In: ICSE, pp. 1025\u20131035 (2014)","DOI":"10.1145\/2568225.2568276"},{"key":"21_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"136","DOI":"10.1007\/978-3-319-23820-3_9","volume-title":"Runtime Verification","author":"J-C K\u00fcster","year":"2015","unstructured":"K\u00fcster, J.-C., Bauer, A.: Monitoring real Android malware. In: Bartocci, E., et al. (eds.) RV 2015. LNCS, vol. 9333, pp. 136\u2013152. Springer, Heidelberg (2015). doi: 10.1007\/978-3-319-23820-3_9"},{"key":"21_CR24","unstructured":"McAfee Threat Center (2015). http:\/\/www.mcafee.com\/uk\/threat-center.aspx"},{"key":"21_CR25","volume-title":"Paradigms of Artificial Intelligence Programming: Case Studies in Common Lisp","author":"P Norvig","year":"1992","unstructured":"Norvig, P.: Paradigms of Artificial Intelligence Programming: Case Studies in Common Lisp, 1st edn. Morgan Kaufmann Publishers Inc., San Francisco (1992)","edition":"1"},{"key":"21_CR26","volume-title":"C4.5 Programs for Machine Learning","author":"JR Quinlan","year":"1993","unstructured":"Quinlan, J.R.: C4.5 Programs for Machine Learning. Morgan Kaufmann Publishers Inc., San Francisco (1993)"},{"key":"21_CR27","unstructured":"Reina, A., Fattori, A., Cavallaro, L.: A system call-centric analysis and stimulation technique to automatically reconstruct Android malware behaviors. In: European Workshop on System Security (EUROSEC) (2013)"},{"issue":"1","key":"21_CR28","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1145\/353323.353382","volume":"3","author":"FB Schneider","year":"2000","unstructured":"Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30\u201350 (2000)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"21_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"416","DOI":"10.1007\/978-3-642-36742-7_29","volume-title":"Tools and Algorithms for the Construction and Analysis of Systems","author":"F Song","year":"2013","unstructured":"Song, F., Touili, T.: LTL model-checking for malware detection. In: Piterman, N., Smolka, S.A. (eds.) TACAS 2013 (ETAPS 2013). LNCS, vol. 7795, pp. 416\u2013431. Springer, Heidelberg (2013)"},{"issue":"2","key":"21_CR30","doi-asserted-by":"crossref","first-page":"141","DOI":"10.1007\/s10207-014-0250-0","volume":"14","author":"M Spreitzenbarth","year":"2015","unstructured":"Spreitzenbarth, M., et al.: Mobile-sandbox: combining static and dynamic analysis with machine-learning techniques. Int. J. Inf. Secur. 14(2), 141\u2013153 (2015)","journal-title":"Int. J. Inf. Secur."},{"key":"21_CR31","volume-title":"Support Vector Machines","author":"I Steinwart","year":"2008","unstructured":"Steinwart, I., Christmann, A.: Support Vector Machines. Springer, New York (2008)"},{"key":"21_CR32","doi-asserted-by":"crossref","first-page":"267","DOI":"10.1111\/j.2517-6161.1996.tb02080.x","volume":"58","author":"R Tibshirani","year":"1994","unstructured":"Tibshirani, R.: Regression shrinkage and selection via the lasso. J. Roy. Stat. Soc. Ser. B 58, 267\u2013288 (1994)","journal-title":"J. Roy. Stat. Soc. Ser. B"},{"issue":"2","key":"21_CR33","doi-asserted-by":"crossref","first-page":"183","DOI":"10.1016\/0022-0000(86)90026-7","volume":"32","author":"MY Vardi","year":"1986","unstructured":"Vardi, M.Y., Wolper, P.: Automata-theoretic techniques for modal logics of programs. J. Comput. Syst. Sci. 32(2), 183\u2013221 (1986)","journal-title":"J. Comput. Syst. Sci."},{"issue":"4","key":"21_CR34","doi-asserted-by":"crossref","first-page":"218","DOI":"10.1145\/566171.566212","volume":"27","author":"J Whaley","year":"2002","unstructured":"Whaley, J., Martin, M.C., Lam, M.S.: Automatic extraction of object-oriented component interfaces. SIGSOFT Softw. Eng. Notes 27(4), 218\u2013228 (2002)","journal-title":"SIGSOFT Softw. Eng. Notes"},{"key":"21_CR35","doi-asserted-by":"crossref","unstructured":"Yang, C., et al.: Droidminer: automated mining and characterization of fine-grained malicious behaviors in Android applications. In: ESORICS, pp. 163\u2013182 (2014)","DOI":"10.1007\/978-3-319-11203-9_10"},{"key":"21_CR36","doi-asserted-by":"crossref","unstructured":"Yerima, S.Y., Sezer, S., McWilliams, G., Muttik, I.: A new Android malware detection approach using bayesian classification. In: AINA, pp. 121\u2013128 (2013)","DOI":"10.1109\/AINA.2013.88"},{"key":"21_CR37","doi-asserted-by":"crossref","unstructured":"Zhou, Y., Jiang, X.: Dissecting Android malware: characterization and evolution. In: IEEE Symposium on Security and Privacy, pp. 95\u2013109 (2012)","DOI":"10.1109\/SP.2012.16"}],"container-title":["Lecture Notes in Computer Science","Integrated Formal Methods"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-33693-0_21","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,6,17]],"date-time":"2024-06-17T02:18:44Z","timestamp":1718590724000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-33693-0_21"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783319336923","9783319336930"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-33693-0_21","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2016]]}}}