{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,2]],"date-time":"2026-06-02T23:57:21Z","timestamp":1780444641413,"version":"3.54.1"},"reference-count":39,"publisher":"Springer Science and Business Media LLC","issue":"29","license":[{"start":{"date-parts":[[2023,4,3]],"date-time":"2023-04-03T00:00:00Z","timestamp":1680480000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,4,3]],"date-time":"2023-04-03T00:00:00Z","timestamp":1680480000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Neural Comput & Applic"],"published-print":{"date-parts":[[2023,10]]},"DOI":"10.1007\/s00521-023-08512-1","type":"journal-article","created":{"date-parts":[[2023,4,3]],"date-time":"2023-04-03T19:02:41Z","timestamp":1680548561000},"page":"21555-21565","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["MVDroid: an android malicious VPN detector using neural networks"],"prefix":"10.1007","volume":"35","author":[{"given":"Saeed","family":"Seraj","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Siavash","family":"Khodambashi","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Michalis","family":"Pavlidis","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4249-4953","authenticated-orcid":false,"given":"Nikolaos","family":"Polatidis","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2023,4,3]]},"reference":[{"key":"8512_CR1","doi-asserted-by":"publisher","unstructured":"Ikram M, Vallina-Rodriguez N, Seneviratne S, Kaafar MA, Paxson V (2016) An analysis of the privacy and security risks of android vpn permission-enabled apps. In: Proceedings of the 2016 internet measurement conference. https:\/\/doi.org\/10.1145\/2987443.2987471","DOI":"10.1145\/2987443.2987471"},{"key":"8512_CR2","doi-asserted-by":"crossref","unstructured":"Khattak S, Javed M, Khayam S A, Uzmi Z A, Paxson V (2014) A look at the consequences of internet censorship through an ISP lens. In: Proceedings of the 2014 Conference on internet measurement conference, Vancouver, pp 271\u2013284","DOI":"10.1145\/2663716.2663750"},{"key":"8512_CR3","unstructured":"https:\/\/www.kaggle.com\/datasets\/saeedseraj\/mvdroid-a-malicious-android-vpn-detector-dataset. Accessed 20 March 2022"},{"key":"8512_CR4","unstructured":"VirusTotal. https:\/\/www.virustotal.com. Accessed 20 March 2022"},{"key":"8512_CR5","doi-asserted-by":"publisher","unstructured":"Taha Khan M, DeBlasio J, Voelker G M, Snoeren A C, Kanich C, Rodriguez NV (2018) An empirical analysis of the commercial VPN ecosystem. In: Proceedings of the internet measurement conference 2018 (IMC\u201918). https:\/\/doi.org\/10.1145\/3278532.3278570","DOI":"10.1145\/3278532.3278570"},{"key":"8512_CR6","doi-asserted-by":"publisher","unstructured":"Wilson J, McLuskie D, Bayne E (2020) Investigation into the security and privacy of iOS VPN applications. In: Proceedings of the 15th international conference on availability, reliability and security (ARES \u201920). https:\/\/doi.org\/10.1145\/3407023.3407029","DOI":"10.1145\/3407023.3407029"},{"issue":"1","key":"8512_CR7","doi-asserted-by":"publisher","first-page":"91","DOI":"10.54417\/jaetm.v1i1.27","volume":"1","author":"T Wangchuk","year":"2021","unstructured":"Wangchuk T, Rathod D (2021) Forensic and behavior analysis of free android VPNs. J Appl Eng Technol Manag 1(1):91\u2013101. https:\/\/doi.org\/10.54417\/jaetm.v1i1.27","journal-title":"J Appl Eng Technol Manag"},{"issue":"6","key":"8512_CR8","doi-asserted-by":"publisher","first-page":"757","DOI":"10.1016\/j.bushor.2021.07.011","volume":"64","author":"A Korty","year":"2021","unstructured":"Korty A, Calarco D, Spencer M (2021) Balancing risk with virtual private networking during a pandemic. Bus Horiz 64(6):757\u2013761. https:\/\/doi.org\/10.1016\/j.bushor.2021.07.011","journal-title":"Bus Horiz"},{"key":"8512_CR9","unstructured":"https:\/\/thehackernews.com\/2022\/06\/sidewinder-hackers-use-fake-android-vpn.html?&web_view=true"},{"key":"8512_CR10","doi-asserted-by":"publisher","first-page":"100365","DOI":"10.1016\/j.cosrev.2021.100365","volume":"39","author":"V Sihaga","year":"2021","unstructured":"Sihaga V, Vardhan M, Singh P (2021) A survey of android application and malware hardening. Comput Sci Rev 39:100365. https:\/\/doi.org\/10.1016\/j.cosrev.2021.100365","journal-title":"Comput Sci Rev"},{"issue":"2","key":"8512_CR11","doi-asserted-by":"publisher","first-page":"466","DOI":"10.14569\/IJACSA.2016.070262","volume":"7","author":"S Arshad","year":"2016","unstructured":"Arshad S, Ali Shah M, Khan A, Ahmed M (2016) Android malware detection & protection: a survey. Int J Adv Comput Sci Appl 7(2):466. https:\/\/doi.org\/10.14569\/IJACSA.2016.070262","journal-title":"Int J Adv Comput Sci Appl"},{"key":"8512_CR12","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1007\/978-3-642-15506-2_15","volume":"337","author":"V Roussev","year":"2010","unstructured":"Roussev V (2010) Data fingerprinting with similarity digests. IFIP Adv Inf Commun Technol 337:207\u2013226. https:\/\/doi.org\/10.1007\/978-3-642-15506-2_15","journal-title":"IFIP Adv Inf Commun Technol"},{"key":"8512_CR13","unstructured":"YaraRules: yara-rules\/rules; https:\/\/github.com\/Yara-Rules\/rules. Accessed 28 March 2022"},{"issue":"11","key":"8512_CR14","doi-asserted-by":"publisher","first-page":"1869","DOI":"10.1109\/TIFS.2014.2353996","volume":"9","author":"W Wang","year":"2014","unstructured":"Wang W, Wang X, Feng D, Liu J, Han Z, Zhang X (2014) Exploring permission-induced risk in android applications for malicious application detection. IEEE Trans Inform Forensics Secur 9(11):1869\u20131882. https:\/\/doi.org\/10.1109\/TIFS.2014.2353996","journal-title":"IEEE Trans Inform Forensics Secur"},{"key":"8512_CR15","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.diin.2015.01.001","volume":"13","author":"KA Talha","year":"2015","unstructured":"Talha KA, Alper DI, Aydin C (2015) APK auditor: permissionbased android malware detection system. Digit Investig 13:1\u201314. https:\/\/doi.org\/10.1016\/j.diin.2015.01.001","journal-title":"Digit Investig"},{"issue":"7","key":"8512_CR16","doi-asserted-by":"publisher","first-page":"3216","DOI":"10.1109\/TII.2017.2789219","volume":"14","author":"J Li","year":"2018","unstructured":"Li J, Sun L, Yan Q, Li Z, Srisa-An W, Ye H (2018) Significant permission identification for machine-learning-based android malware detection. IEEE Trans Indu Inform 14(7):3216\u20133225. https:\/\/doi.org\/10.1109\/TII.2017.2789219","journal-title":"IEEE Trans Indu Inform"},{"key":"8512_CR17","doi-asserted-by":"publisher","first-page":"266","DOI":"10.1016\/j.compeleceng.2017.02.013","volume":"61","author":"N Milosevic","year":"2017","unstructured":"Milosevic N, Dehghantanha A, Choo KKR (2017) Machine learning aided android malware classification. Comput Electr Eng Elsevier 61:266\u2013274","journal-title":"Comput Electr Eng Elsevier"},{"key":"8512_CR18","doi-asserted-by":"crossref","unstructured":"Kang BJ, Yerima SY, McLaughlin K, Sezer S (2016) N-opcode analysis for android malware classification and categorization. In Proceedings of IEEE international conference on cyber security and protection of digital services (Cyber Security), pp 1\u20137","DOI":"10.1109\/CyberSecPODS.2016.7502343"},{"key":"8512_CR19","first-page":"245","volume":"29","author":"DO\u00a8 Sahin","year":"2021","unstructured":"Sahin DO\u00a8, Kural OE, Akleylek S et al (2021) A novel permission-based android malware detection system using feature selection based on linear regression. Neural ComputAppl 29:245\u2013326","journal-title":"Neural ComputAppl"},{"issue":"10","key":"8512_CR20","doi-asserted-by":"publisher","first-page":"5183","DOI":"10.1007\/s00521-020-05309-4","volume":"33","author":"A Mahindru","year":"2021","unstructured":"Mahindru A, Sangal AL (2021) MLDroid: framework for android malware detection using machine learning techniques. Neural Comput Appl 33(10):5183\u20135240","journal-title":"Neural Comput Appl"},{"key":"8512_CR21","doi-asserted-by":"publisher","DOI":"10.1007\/s00521-02106755-4","author":"S Seraj","year":"2022","unstructured":"Seraj S, Khodambashi S, Pavlidis M, Polatidis N (2022) HamDroid: permission-based harmful android anti-malware detection using neural networks. Neural Comput Appli. https:\/\/doi.org\/10.1007\/s00521-02106755-4","journal-title":"Neural Comput Appli"},{"key":"8512_CR22","doi-asserted-by":"publisher","unstructured":"Vidas T, Christin N (2014) Evading android runtime analysis via sandbox detection. In: Proceedings of the 9th ACM symposium on Information, computer and communications security, pp 447\u2013458. https:\/\/doi.org\/10.1145\/2590296.2590325","DOI":"10.1145\/2590296.2590325"},{"issue":"2","key":"8512_CR23","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/2619091","volume":"32","author":"W Enck","year":"2014","unstructured":"Enck W, Gilbert P, Han S, Tendulkar V, Chun BG, Cox LP, Jung J, McDaniel P, Sheth AN (2014) TaintDroid. ACMTrans. Comput Syst 32(2):1\u201329. https:\/\/doi.org\/10.1145\/2619091","journal-title":"Comput Syst"},{"key":"8512_CR24","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101688","volume":"90","author":"J Gajrani","year":"2020","unstructured":"Gajrani J, Agarwal U, Laxmi V, Bezawada B, Gaur MS, Tripathi M, Zemmari A (2020) EspyDroid+: precise reflection analysis of android apps. Comput Secur 90:101688","journal-title":"Comput Secur"},{"key":"8512_CR25","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s10922-021-09634-4","volume":"30","author":"S Mahdavifar","year":"2022","unstructured":"Mahdavifar S, Alhadidi D, Ghorbani AA (2022) Effective and efficient hybrid android malware classification using pseudo-label stacked auto-encoder. J Netw Syst Manage 30:1\u201334","journal-title":"J Netw Syst Manage"},{"issue":"4","key":"8512_CR26","doi-asserted-by":"publisher","first-page":"2487","DOI":"10.1007\/s10586-021-03490-2","volume":"25","author":"G D\u2019Angelo","year":"2022","unstructured":"D\u2019Angelo G, Palmieri F, Robustelli A (2022) A federated approach to Android malware classification through Perm-Maps. Cluster Comput 25(4):2487\u20132500","journal-title":"Cluster Comput"},{"key":"8512_CR27","doi-asserted-by":"crossref","unstructured":"Seraj S, Pavlidis M, Polatidis N (2022) TrojanDroid: android malware detection for trojan discovery using convolutional neural networks. In: Engineering applications of neural networks: 23rd international conference, EAAAI\/EANN 2022, Chersonissos, Crete, Greece, June 17\u201320, 2022, Proceedings, pp 203-212. Cham: Springer International Publishing","DOI":"10.1007\/978-3-031-08223-8_17"},{"issue":"21","key":"8512_CR28","doi-asserted-by":"publisher","first-page":"10755","DOI":"10.3390\/app122110755","volume":"12","author":"S Ullah","year":"2022","unstructured":"Ullah S, Ahmad T, Buriro A, Zara N, Saha S (2022) TrojanDetector: a multi-layer hybrid approach for trojan detection in android applications. Appl Sci 12(21):10755","journal-title":"Appl Sci"},{"issue":"4","key":"8512_CR29","doi-asserted-by":"publisher","first-page":"519","DOI":"10.3390\/electronics10040519","volume":"10","author":"SY Yerima","year":"2021","unstructured":"Yerima SY, Alzaylaee MK, Shajan A (2021) Deep learning techniques for android botnet detection. Electronics 10(4):519","journal-title":"Electronics"},{"key":"8512_CR30","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2021.106988","volume":"222","author":"M Moodi","year":"2021","unstructured":"Moodi M, Ghazvini M, Moodi H (2021) A hybrid intelligent approach to detect android botnet using smart self-adaptive learning-based PSO-SVM. Knowl-Based Syst 222:106988","journal-title":"Knowl-Based Syst"},{"key":"8512_CR31","doi-asserted-by":"crossref","unstructured":"Amer E (2021) Permission-based approach for android malware analysis through ensemble-based voting model. In: Proceedings of the 2021 international mobile, intelligent, and ubiquitous computing conference (MIUCC), Cairo, Egypt, 26\u201327, pp 135\u2013139","DOI":"10.1109\/MIUCC52538.2021.9447675"},{"key":"8512_CR32","volume":"66","author":"H Wang","year":"2022","unstructured":"Wang H, Zhang W, He H (2022) You are what the permissions told me! Android malware detection based on hybrid tactics. J Inf Secur Appl 66:103159","journal-title":"J Inf Secur Appl"},{"key":"8512_CR33","unstructured":"Bahar Z (2022) Your free VPN app could be a trojan: How to spot fake vpns,\u00a0NordVPN. https:\/\/nordvpn.com\/blog\/fake-vpn\/ (Accessed: 23rd January 2023)."},{"key":"8512_CR34","unstructured":"Glover C (2022)\u00a0Sandstrike Fake VPN is latest in wave of new Android malware,\u00a0Tech Monitor. https:\/\/techmonitor.ai\/technology\/cybersecurity\/android-malware-sandstrike-fake-vpn (Accessed: 23 January 2023)"},{"key":"8512_CR35","unstructured":"Editor (2022)\u00a0Eset Research: Bahamut Group targets android users with fake VPN apps; spyware steals users' conversations,\u00a0ESET. https:\/\/www.eset.com\/int\/about\/newsroom\/press-releases\/research\/eset-research-bahamut-group-targets-android-users-with-fake-vpn-apps-spyware-steals-users-convers\/ (Accessed: 23 January 2023)"},{"issue":"6","key":"8512_CR36","doi-asserted-by":"publisher","first-page":"1269","DOI":"10.1109\/TIFS.2017.2656460","volume":"12","author":"L Li","year":"2017","unstructured":"Li L, Li D, Bissyand\u00e9 TF, Klein J, Le Traon Y, Lo D, Cavallaro L (2017) Understanding android app piggybacking: a systematic study of malicious code grafting. IEEE Trans Inf Forensics Secur 12(6):1269\u20131284","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"8512_CR37","doi-asserted-by":"crossref","unstructured":"Arp D, Spreitzenbarth M, Hubner M, Gascon H, Rieck K, Siemens CERT (2014) Drebin: effective and explainable detection of android malware in your pocket. In: Ndss\u00a0(Vol. 14, pp 23\u201326)","DOI":"10.14722\/ndss.2014.23247"},{"key":"8512_CR38","unstructured":"Pendlebury F, Pierazzi F, Jordaney R, Kinder J, Cavallaro L (2019) {TESSERACT}: eliminating experimental bias in malware classification across space and time. In: 28th USENIX security symposium (USENIX Security 19)\u00a0(pp 729\u2013746)"},{"issue":"4","key":"8512_CR39","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3465361","volume":"24","author":"A Salem","year":"2021","unstructured":"Salem A, Banescu S, Pretschner A (2021) Maat: automatically analyzing virustotal for accurate labeling and effective malware detection. ACM Trans Priv Secur (TOPS) 24(4):1\u201335","journal-title":"ACM Trans Priv Secur (TOPS)"}],"container-title":["Neural Computing and Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00521-023-08512-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s00521-023-08512-1\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00521-023-08512-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,9]],"date-time":"2025-04-09T16:11:51Z","timestamp":1744215111000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s00521-023-08512-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,4,3]]},"references-count":39,"journal-issue":{"issue":"29","published-print":{"date-parts":[[2023,10]]}},"alternative-id":["8512"],"URL":"https:\/\/doi.org\/10.1007\/s00521-023-08512-1","relation":{},"ISSN":["0941-0643","1433-3058"],"issn-type":[{"value":"0941-0643","type":"print"},{"value":"1433-3058","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,4,3]]},"assertion":[{"value":"12 October 2022","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"21 March 2023","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"3 April 2023","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}]}}