{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,5]],"date-time":"2025-11-05T20:57:29Z","timestamp":1762376249782},"publisher-location":"Cham","reference-count":36,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319596075"},{"type":"electronic","value":"9783319596082"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-59608-2_33","type":"book-chapter","created":{"date-parts":[[2017,6,13]],"date-time":"2017-06-13T15:29:56Z","timestamp":1497367796000},"page":"597-616","source":"Crossref","is-referenced-by-count":20,"title":["DroidClassifier: Efficient Adaptive Mining of Application-Layer Header for Classifying Android Malware"],"prefix":"10.1007","author":[{"given":"Zhiqiang","family":"Li","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lichao","family":"Sun","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Qiben","family":"Yan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Witawas","family":"Srisa-an","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhenxiang","family":"Chen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2017,6,14]]},"reference":[{"issue":"1","key":"33_CR1","doi-asserted-by":"crossref","first-page":"9","DOI":"10.1007\/s11416-014-0226-7","volume":"11","author":"VM Afonso","year":"2015","unstructured":"Afonso, V.M., de Amorim, M.F., Gr\u00e9gio, A.R.A., Junquera, G.B., de Geus, P.L.: Identifying android malware using dynamically obtained features. J. Comput. Virol. Hacking Tech. 11(1), 9\u201317 (2015)","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"33_CR2","doi-asserted-by":"crossref","unstructured":"Aresu, M., Ariu, D., Ahmadi, M., Maiorca, D., Giacinto, G.: Clustering android malware families by http traffic. In: 10th International Conference on Malicious and Unwanted Software (MALWARE). IEEE (2015)","DOI":"10.1109\/MALWARE.2015.7413693"},{"key":"33_CR3","doi-asserted-by":"crossref","unstructured":"Arora, A., Garg, S., Peddoju, S.K.: Malware detection using network traffic analysis in android based mobile devices. In: 2014 Eighth International Conference on Next Generation Mobile Apps, Services and Technologies (NGMAST), pp. 66\u201371. IEEE (2014)","DOI":"10.1109\/NGMAST.2014.57"},{"key":"33_CR4","doi-asserted-by":"crossref","unstructured":"Arp, D., Spreitzenbarth, M., H\u00fcbner, M., Gascon, H., Rieck, K., Siemens, C.: Drebin: effective and explainable detection of android malware in your pocket. In: Annual Symposium on Network and Distributed System Security (NDSS) (2014)","DOI":"10.14722\/ndss.2014.23247"},{"key":"33_CR5","doi-asserted-by":"crossref","unstructured":"Chen, Z., Han, H., Yan, Q., Yang, B., Peng, L., Zhang, L., Li, J.: A first look at android malware traffic in first few minutes. In: IEEE TrustCom 2015 (Aug. 2015)","DOI":"10.1109\/Trustcom.2015.376"},{"key":"33_CR6","unstructured":"G Data. GData mobile malware report, July 2015. \nhttps:\/\/public.gdatasoftware.com\/Presse\/Publikationen\/Malware_Reports\/G_DATA_MobileMWR_Q2_2015_EN.pdf"},{"issue":"2","key":"33_CR7","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1145\/2619091","volume":"32","author":"W Enck","year":"2014","unstructured":"Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.-G., Cox, L.P., Jung, J., Mc-Daniel, P., Sheth, A.N.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 5 (2014)","journal-title":"ACM Trans. Comput. Syst. (TOCS)"},{"key":"33_CR8","unstructured":"F-Secure. F-secure mobile threat report, March, 2014. \nhttps:\/\/www.f-secure.com\/documents\/996508\/1030743\/Mobile_Threat_Report_Q1_2014.pdf"},{"key":"33_CR9","doi-asserted-by":"crossref","unstructured":"Gill, P., Erramilli, V., Chaintreau, A., Krishnamurthy, B., Papagiannaki, K., Rodriguez, P.: Best paper\u2013follow the money: understanding economics of online aggregation and advertising. In: Conference on Internet Measurement Conference, pp. 141\u2013148. ACM (2013)","DOI":"10.1145\/2504730.2504768"},{"key":"33_CR10","doi-asserted-by":"crossref","unstructured":"Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These aren\u2019t the droids you\u2019re looking for: retrofitting android to protect data from imperious applications. In: ACM Conference on Computer and Communications Security, pp. 639\u2013652. ACM (2011)","DOI":"10.1145\/2046707.2046780"},{"key":"33_CR11","volume-title":"Etude comparative de la distribution florale dans une portion des Alpes et du Jura","author":"P Jaccard","year":"1901","unstructured":"Jaccard, P.: Etude comparative de la distribution florale dans une portion des Alpes et du Jura. Impr, Corbaz (1901)"},{"issue":"3","key":"33_CR12","doi-asserted-by":"crossref","first-page":"264","DOI":"10.1145\/331499.331504","volume":"31","author":"AK Jain","year":"1999","unstructured":"Jain, A.K., Murty, M.N., Flynn, P.J.: Data clustering: a review. ACM Comput. Surv. (CSUR) 31(3), 264\u2013323 (1999)","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"33_CR13","doi-asserted-by":"crossref","unstructured":"Jensen, C.S., Prasad, M.R., M\u00f8ller, A.: Automated testing with targeted event sequence generation. In: International Symposium on Software Testing and Analysis, ISSTA 2013, Lugano, Switzerland, pp. 67\u201377 (2013)","DOI":"10.1145\/2483760.2483777"},{"key":"33_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"187","DOI":"10.1007\/978-3-642-35890-6_14","volume-title":"Data Privacy Management and Autonomous Spontaneous Security","author":"N Kheir","year":"2013","unstructured":"Kheir, N.: Analyzing HTTP user agent anomalies for malware detection. In: Pietro, R., Herranz, J., Damiani, E., State, R. (eds.) DPM\/SETOP -2012. LNCS, vol. 7731, pp. 187\u2013200. Springer, Heidelberg (2013). doi:\n10.1007\/978-3-642-35890-6_14"},{"key":"33_CR15","doi-asserted-by":"crossref","unstructured":"Le, A., Varmarken, J., Langhoff, S., Shuba, A., Gjoka, M., Markopoulou, A.: Antmonitor: a system for monitoring from mobile devices. In: SIGCOMM Workshop on Crowdsourcing and Crowdsharing of Big (Internet) Data, pp. 15\u201320. ACM (2015)","DOI":"10.1145\/2787394.2787396"},{"key":"33_CR16","unstructured":"Levenshtein, V.I.: Binary codes capable of correcting deletions, insertions, and reversals. Forschungsbericht, 707\u2013710 S (1966)"},{"key":"33_CR17","doi-asserted-by":"crossref","unstructured":"Nari, S., Ghorbani, A.A.: Automated malware classification based on network behavior. In: 2013 International Conference on Computing, Networking and Communications (ICNC), pp. 642\u2013647. IEEE (2013)","DOI":"10.1109\/ICCNC.2013.6504162"},{"issue":"1","key":"33_CR18","doi-asserted-by":"crossref","first-page":"343","DOI":"10.1007\/s00500-014-1511-6","volume":"20","author":"FA Narudin","year":"2016","unstructured":"Narudin, F.A., Feizollah, A., Anuar, N.B., Gani, A.: Evaluation of machine learning classifiers for mobile malware detection. Soft. Comput. 20(1), 343\u2013357 (2016)","journal-title":"Soft. Comput."},{"key":"33_CR19","unstructured":"Pelleg, D., Moore, A.W., et al.: X-means: extending k-means with efficient estimation of the number of clusters. In: ICML, vol. 1, 2000"},{"key":"33_CR20","unstructured":"Perdisci, R., Lee, W., Feamster, N.: Behavioral clustering of http-based malware and signature generation using malicious network traces. In: NSDI, pp. 391\u2013404 (2010)"},{"key":"33_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"144","DOI":"10.1007\/978-3-642-41284-4_8","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"MZ Rafique","year":"2013","unstructured":"Rafique, M.Z., Caballero, Juan: FIRMA: malware clustering and network signature generation with mixed network behaviors. In: Stolfo, S.J., Stavrou, Angelos, Wright, C.V. (eds.) RAID 2013. LNCS, vol. 8145, pp. 144\u2013163. Springer, Heidelberg (2013). doi:\n10.1007\/978-3-642-41284-4_8"},{"key":"33_CR22","doi-asserted-by":"crossref","unstructured":"Rao, A., Sherry, J., Legout, A., Krishnamurthy, A., Dabbous, W., Choffnes, D.: Meddle: middleboxes for increased transparency and control of mobile traffic. In: ACM Conference on CoNEXT Student Workshop, pp. 65\u201366. ACM (2012)","DOI":"10.1145\/2413247.2413286"},{"key":"33_CR23","unstructured":"Razaghpanah, A., Vallina-Rodriguez, N., Sundaresan, S., Kreibich, C., Gill, P., Allman, M., Paxson, V.: Haystack: In situ mobile traffic analysis in user space. In arXiv preprint \narXiv:1510.01419\n\n (2015)"},{"key":"33_CR24","doi-asserted-by":"crossref","first-page":"321","DOI":"10.1007\/0-387-25465-X_15","volume-title":"Data Mining and Knowledge Discovery Handbook","author":"L Rokach","year":"2005","unstructured":"Rokach, L., Maimon, O.: Clustering methods. In: Maimon, O., Rokach, L. (eds.) Data Mining and Knowledge Discovery Handbook, pp. 321\u2013352. Springer, USA (2005)"},{"issue":"1","key":"33_CR25","doi-asserted-by":"crossref","first-page":"161","DOI":"10.1007\/s10844-010-0148-x","volume":"38","author":"A Shabtai","year":"2012","unstructured":"Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., Weiss, Y.: andromaly: a behavioral malware detection framework for android devices. J. Intell. Inf. Syst. 38(1), 161\u2013190 (2012)","journal-title":"J. Intell. Inf. Syst."},{"key":"33_CR26","unstructured":"Symantec Corporation. Internet Security Threat Report 2014. \nhttp:\/\/www.symantec.com\/content\/en\/us\/enterprise\/other_resources\/b-istr_main_report_v19_21291018.en-us.pdf\n\n. Accessed 21 June 2016"},{"key":"33_CR27","unstructured":"Tutorialspoint. HTTP header. \nhttp:\/\/www.tutorialspoint.com\/http\/http_header_fields.htm\n\n. Accessed 21 June 2016"},{"key":"33_CR28","doi-asserted-by":"crossref","unstructured":"Vallina-Rodriguez, N., Shah, J., Finamore, A., Grunenberger, Y., Papagiannaki, K., Haddadi, H., Crowcroft, J.: Breaking for commercials: characterizing mobile advertising. In: ACM Conference on Internet Measurement Conference, pp. 343\u2013356. ACM (2012)","DOI":"10.1145\/2398776.2398812"},{"key":"33_CR29","unstructured":"Winsniewski, R.: Android\u2013apktool: a tool for reverse engineering android apk files. \nhttp:\/\/ibotpeaches.github.io\/Apktool\/\n\n, Accessed 21 June 2016"},{"key":"33_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"232","DOI":"10.1007\/978-3-642-04444-1_15","volume-title":"Computer Security \u2013 ESORICS 2009","author":"P Wurzinger","year":"2009","unstructured":"Wurzinger, P., Bilge, L., Holz, T., Goebel, J., Kruegel, C., Kirda, E.: Automatically generating models for botnet detection. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 232\u2013249. Springer, Heidelberg (2009). doi:\n10.1007\/978-3-642-04444-1_15"},{"key":"33_CR31","doi-asserted-by":"crossref","unstructured":"Xu, Q., Liao, Y., Miskovic, S., Mao, Z.M., Baldi, M., Nucci, A., Andrews, T.: Automatic generation of mobile app signatures from traffic observations. In: IEEE INFOCOM, April 2015","DOI":"10.1109\/INFOCOM.2015.7218526"},{"key":"33_CR32","doi-asserted-by":"crossref","unstructured":"Xu, W., Qi, Y., Evans, D.: Automatically evading classifiers, a case study on pdf malware classifiers. In: Annual Symposium on Network and Distributed System Security (NDSS) (2016)","DOI":"10.14722\/ndss.2016.23115"},{"key":"33_CR33","doi-asserted-by":"crossref","unstructured":"Yao, H., Ranjan, G., Tongaonkar, A., Liao, Y., Mao, Z.M.: Samples: self adaptive mining of persistent lexical snippets for classifying mobile application traffic. In: Annual International Conference on Mobile Computing and Networking (2015)","DOI":"10.1145\/2789168.2790097"},{"key":"33_CR34","doi-asserted-by":"crossref","unstructured":"Zhang, J., Saha, S., Gu, G., Lee, S.-J., Mellia, M.: Systematic mining of associated server herds for malware campaign discovery. In: 2015 IEEE 35th International Conference on Distributed Computing Systems (ICDCS), pp. 630\u2013641. IEEE (2015)","DOI":"10.1109\/ICDCS.2015.70"},{"key":"33_CR35","doi-asserted-by":"crossref","unstructured":"Zhang, Y., Yang, M., Xu, B., Yang, Z., Gu, G., Ning, P., Wang, X.S., Zang, B.: Vetting undesirable behaviors in android apps with permission use analysis. In: ACM SIGSAC Conference on Computer & Communications Security, pp. 611\u2013622. ACM (2013)","DOI":"10.1145\/2508859.2516689"},{"key":"33_CR36","doi-asserted-by":"crossref","unstructured":"Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 95\u2013109. IEEE (2012)","DOI":"10.1109\/SP.2012.16"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Security and Privacy in Communication Networks"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-59608-2_33","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,6,13]],"date-time":"2017-06-13T15:43:02Z","timestamp":1497368582000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-59608-2_33"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319596075","9783319596082"],"references-count":36,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-59608-2_33","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"type":"print","value":"1867-8211"},{"type":"electronic","value":"1867-822X"}],"subject":[],"published":{"date-parts":[[2017]]}}}