{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,26]],"date-time":"2026-03-26T16:13:48Z","timestamp":1774541628430,"version":"3.50.1"},"reference-count":36,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2020,3,12]],"date-time":"2020-03-12T00:00:00Z","timestamp":1583971200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,3,12]],"date-time":"2020-03-12T00:00:00Z","timestamp":1583971200000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61672543"],"award-info":[{"award-number":["61672543"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Open Research Fund of Hunan Provincial Key Laboratory of Network Investigational Technology","award":["2017WLZC002"],"award-info":[{"award-number":["2017WLZC002"]}]},{"name":"Fundamental Research Funds for the Central Universities of Central South University","award":["2018zzts175"],"award-info":[{"award-number":["2018zzts175"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2021,2]]},"DOI":"10.1007\/s10207-020-00489-5","type":"journal-article","created":{"date-parts":[[2020,3,12]],"date-time":"2020-03-12T07:02:51Z","timestamp":1583996571000},"page":"59-71","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":21,"title":["NSDroid: efficient multi-classification of android malware using neighborhood signature in local function call graphs"],"prefix":"10.1007","volume":"20","author":[{"given":"Pengfei","family":"Liu","sequence":"first","affiliation":[]},{"given":"Weiping","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Xi","family":"Luo","sequence":"additional","affiliation":[]},{"given":"Haodong","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Chushu","family":"Liu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,3,12]]},"reference":[{"key":"489_CR1","unstructured":"Detection report: Tencent anti virus laboratory 2017 q3 security report. https:\/\/slab.qq.com\/news\/authority\/1744.html. Accessed 2 Nov 2018"},{"key":"489_CR2","doi-asserted-by":"crossref","unstructured":"Yang, C., Xu, Z., Gu, G., Yegneswaran, V., Porras, P.: Droidminer: automated mining and characterization of fine-grained malicious behaviors in android applications. In: Proceedings of 2014 European Symposium on Research in Computer Security (ESRCS), pp. 163\u2013182 (2014)","DOI":"10.1007\/978-3-319-11203-9_10"},{"key":"489_CR3","doi-asserted-by":"crossref","unstructured":"Hou, S., Ye, Y., Song, Y., Abdulhayoglu, M.: Hindroid: an intelligent android malware detection system based on structured heterogeneous information network. In: Proceedings of 2017 ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD), pp. 1507\u20131515. ACM (2017)","DOI":"10.1145\/3097983.3098026"},{"key":"489_CR4","doi-asserted-by":"crossref","unstructured":"Onwuzurike, L., Mariconti, E., Andriotis, P., De Cristofaro, E., Ross, G., Stringhini, G.: Mamadroid: detecting android malware by building Markov chains of behavioral models (extended version). arXiv preprint arXiv:1711.07477 (2016)","DOI":"10.14722\/ndss.2017.23353"},{"key":"489_CR5","doi-asserted-by":"crossref","unstructured":"Zhang, M., Duan, Y., Yin, H., Zhao, Z.: Semantics-aware android malware classification using weighted contextual API dependency graphs. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security(CCS), pp. 1105\u20131116. ACM (2014)","DOI":"10.1145\/2660267.2660359"},{"issue":"4","key":"489_CR6","doi-asserted-by":"publisher","first-page":"1104","DOI":"10.1016\/j.eswa.2013.07.106","volume":"41","author":"G Suarez-Tangil","year":"2014","unstructured":"Suarez-Tangil, G., Tapiador, J.E., Peris-Lopez, P., Blasco, J.: Dendroid: a text mining approach to analyzing and classifying code structures in android malware families. Expert Syst. Appl. (ESA) 41(4), 1104\u20131117 (2014)","journal-title":"Expert Syst. Appl. (ESA)"},{"key":"489_CR7","unstructured":"Jiang, X., Zhou, Y.: Dissecting android malware: characterization and evolution. In: Proceedings of the 2012 IEEE Symposium on Security and Privacy (SP), pp. 95\u2013109. IEEE (2012)"},{"key":"489_CR8","doi-asserted-by":"crossref","unstructured":"Fan, M., Liu, J., Luo, X., Chen, K., Chen, T., Tian, Z., Zhang, X., Zheng, Q., Liu, T.: Frequent subgraph based familial classification of android malware. In: Proceedings of the 27th IEEE International Symposium on Software Reliability Engineering(ISSRE), pp. 24\u201335. IEEE (2016)","DOI":"10.1109\/ISSRE.2016.14"},{"issue":"10","key":"489_CR9","doi-asserted-by":"publisher","first-page":"1367","DOI":"10.1109\/TPAMI.2004.75","volume":"26","author":"LP Cordella","year":"2004","unstructured":"Cordella, L.P., Foggia, P., Sansone, C., Vento, M.: A (sub)graph isomorphism algorithm for matching large graphs. IEEE Trans. Pattern Anal. Mach. Intell. (TPAMI) 26(10), 1367\u20131372 (2004)","journal-title":"IEEE Trans. Pattern Anal. Mach. Intell. (TPAMI)"},{"issue":"1\u20132","key":"489_CR10","doi-asserted-by":"publisher","first-page":"183","DOI":"10.1016\/j.artint.2004.01.001","volume":"155","author":"AK Sen","year":"2004","unstructured":"Sen, A.K., Bagchi, A., Zhang, W.: Average-case analysis of best-first search in two representative directed acyclic graphs. Artif. Intell. (AI) 155(1\u20132), 183\u2013206 (2004)","journal-title":"Artif. Intell. (AI)"},{"issue":"5","key":"489_CR11","first-page":"808","volume":"27","author":"LA Levin","year":"2002","unstructured":"Levin, L.A., Venkatesan, R.: An average case NP-complete graph colouring problem. Comput. Sci. 27(5), 808\u2013828 (2002)","journal-title":"Comput. Sci."},{"key":"489_CR12","doi-asserted-by":"crossref","unstructured":"Zhou, W., Zhou, Y., Jiang, X., Ning, P.: Detecting repackaged smartphone applications in third-party android marketplaces. In: Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy (DASP), pp. 317\u2013326. ACM (2012)","DOI":"10.1145\/2133601.2133640"},{"key":"489_CR13","doi-asserted-by":"crossref","unstructured":"Deshotels, L., Notani, V., Lakhotia, A.: Droidlegacy: automated familial classification of android malware. In: Proceedings of 2014 ACM SIGPLAN on Program Protection and Reverse Engineering Workshop (PPREW), p.\u00a03. ACM (2014)","DOI":"10.1145\/2556464.2556467"},{"issue":"1","key":"489_CR14","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1109\/TDSC.2016.2536605","volume":"15","author":"A Saracino","year":"2016","unstructured":"Saracino, A., Sgandurra, D., Dini, G., Martinelli, F.: Madam: effective and efficient behavior-based android malware detection and prevention. IEEE Trans. Dependable Secure Comput. (TDSC) 15(1), 83\u201397 (2016)","journal-title":"IEEE Trans. Dependable Secure Comput. (TDSC)"},{"key":"489_CR15","doi-asserted-by":"publisher","unstructured":"Jang, Y., Lee, N., Kim, H., Park, S.: Design and implementation of a bloom filter-based data deduplication algorithm for efficient data management. J. Ambient Intell. Hum. Comput. (2018). https:\/\/doi.org\/10.1007\/s12652-018-0893-1","DOI":"10.1007\/s12652-018-0893-1"},{"key":"489_CR16","doi-asserted-by":"crossref","unstructured":"Hido, S., Kashima, H.: A linear-time graph kernel. In: Proceedings of the 9th IEEE International Conference on Data Mining (ICDM), pp. 179\u2013188. IEEE (2009)","DOI":"10.1109\/ICDM.2009.30"},{"key":"489_CR17","doi-asserted-by":"crossref","first-page":"31798","DOI":"10.1109\/ACCESS.2018.2835654","volume":"6","author":"W Wang","year":"2018","unstructured":"Wang, W., Gao, Z., Zhao, M., Li, Y., Liu, J., Zhang, X.: Droidensemble: detecting android malicious applications with ensemble of string and structural static features. IEEE Access 6, 31798\u201331807 (2018)","journal-title":"IEEE Access"},{"key":"489_CR18","doi-asserted-by":"crossref","unstructured":"Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K.: CERT Siemens. Drebin: effective and explainable detection of android malware in your pocket. In: The Network and Distributed System Security Symposium (NDSS), Vol.\u00a014, pp. 23\u201326. ISOC (2014)","DOI":"10.14722\/ndss.2014.23247"},{"issue":"2","key":"489_CR19","doi-asserted-by":"publisher","first-page":"153","DOI":"10.1007\/s10207-017-0363-3","volume":"17","author":"G Kirubavathi","year":"2018","unstructured":"Kirubavathi, G., Anitha, R.: Structural analysis and detection of android botnets using machine learning techniques. Int. J. Inf. Secur. (IJIS) 17(2), 153\u2013167 (2018)","journal-title":"Int. J. Inf. Secur. (IJIS)"},{"key":"489_CR20","doi-asserted-by":"publisher","first-page":"125","DOI":"10.1016\/j.cose.2015.12.005","volume":"58","author":"J Jang","year":"2016","unstructured":"Jang, J., Kang, H., Woo, J., Mohaisen, A., Kim, H.K.: Andro-dumpsys: anti-malware system based on the similarity of malware creator and malware centric information. Comput. Secur. 58, 125\u2013138 (2016)","journal-title":"Comput. Secur."},{"key":"489_CR21","doi-asserted-by":"crossref","unstructured":"Wei, F., Li, Y., Roy, S., Ou, X., Zhou, W.: Deep ground truth analysis of current android malware. In: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), pp. 252\u2013276. Springer, Berlin (2017)","DOI":"10.1007\/978-3-319-60876-1_12"},{"key":"489_CR22","doi-asserted-by":"crossref","unstructured":"Blasing, T., Batyuk, L., Schmidt, A.-D., Camtepe, S.A., Albayrak, S.: An android application sandbox system for suspicious software detection. In: Proceedings of the 5th International Conference on Malicious and Unwanted Software(MUS), pp. 55\u201362. IEEE (2010)","DOI":"10.1109\/MALWARE.2010.5665792"},{"issue":"9\u201310","key":"489_CR23","doi-asserted-by":"publisher","first-page":"607","DOI":"10.1007\/s12243-017-0580-9","volume":"72","author":"C Wang","year":"2017","unstructured":"Wang, C., Li, Z., Mo, X., Yang, H., Zhao, Y.: An android malware dynamic detection method based on service call co-occurrence matrices. Ann. Telecommun. (AT) 72(9\u201310), 607\u2013615 (2017)","journal-title":"Ann. Telecommun. (AT)"},{"key":"489_CR24","doi-asserted-by":"crossref","unstructured":"Wong, M.Y., Lie, D.: Intellidroid: a targeted input generator for the dynamic analysis of android malware. In: Proceedings of the 2016 ISOC Network and Distributed System Security Symposium (NDSS), vol.\u00a016, pp. 21\u201324. ISOC (2016)","DOI":"10.14722\/ndss.2016.23118"},{"issue":"4","key":"489_CR25","doi-asserted-by":"publisher","first-page":"371","DOI":"10.1007\/s10207-016-0333-1","volume":"16","author":"A Ruiz-Heras","year":"2017","unstructured":"Ruiz-Heras, A., Garc\u00eda-Teodoro, P., S\u00e1nchez-Casado, L.: Adroid: anomaly-based detection of malicious events in android platforms. Int. J. Inf. Secur. (IJIS) 16(4), 371\u2013384 (2017)","journal-title":"Int. J. Inf. Secur. (IJIS)"},{"issue":"2","key":"489_CR26","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1145\/2619091","volume":"32","author":"W Enck","year":"2014","unstructured":"Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 5 (2014)","journal-title":"ACM Trans. Comput. Syst. (TOCS)"},{"issue":"3","key":"489_CR27","doi-asserted-by":"publisher","first-page":"677","DOI":"10.1109\/TIFS.2018.2855650","volume":"14","author":"J Bai","year":"2019","unstructured":"Bai, J., Wang, W., Qin, Y., Zhang, S., Wang, J., Pan, Y.: Bridgetaint: a bi-directional dynamic taint tracking method for javascript bridges in android hybrid applications. IEEE Trans. Inf. Forensics Secur. (TIFS) 14(3), 677\u2013692 (2019)","journal-title":"IEEE Trans. Inf. Forensics Secur. (TIFS)"},{"key":"489_CR28","doi-asserted-by":"crossref","unstructured":"Dai, S., Liu, Y., Wang, T., Wei, T., Zou, W.: Behavior-based malware detection on mobile phone. In: Proceedings of the 6th International Conference on Wireless Communications Networking and Mobile Computing (WCNMC), pp. 1\u20134. IEEE (2010)","DOI":"10.1109\/WICOM.2010.5601291"},{"key":"489_CR29","doi-asserted-by":"crossref","unstructured":"Isohara, T., Takemori, K., Kubota, A.: Kernel-based behavior analysis for android malware detection. In: Proceedings of the 7th International Conference on Computational Intelligence and Security (CIS), pp. 1011\u20131015. IEEE (2011)","DOI":"10.1109\/CIS.2011.226"},{"key":"489_CR30","doi-asserted-by":"crossref","unstructured":"Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPISM), pp. 15\u201326. ACM (2011)","DOI":"10.1145\/2046614.2046619"},{"key":"489_CR31","doi-asserted-by":"crossref","unstructured":"Petsas, T., Voyatzis, G., Athanasopoulos, E., Polychronakis, M., Ioannidis, S.: Rage against the virtual machine: hindering dynamic analysis of android malware. In: Proceedings of the 7th European Workshop on System Security (EWSS), pp. 1\u20136. ACM (2014)","DOI":"10.1145\/2592791.2592796"},{"issue":"4","key":"489_CR32","doi-asserted-by":"publisher","first-page":"385","DOI":"10.1007\/s10207-016-0343-z","volume":"16","author":"S Garg","year":"2017","unstructured":"Garg, S., Peddoju, S.K., Sarje, A.K.: Network-based detection of android malicious apps. Int. J. Inf. Secur. (IJIS) 16(4), 385\u2013400 (2017)","journal-title":"Int. J. Inf. Secur. (IJIS)"},{"issue":"4","key":"489_CR33","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1007\/s10207-015-0297-6","volume":"15","author":"Q Miao","year":"2016","unstructured":"Miao, Q., Liu, J., Cao, Y., Song, J.: Malware detection using bilayer behavior abstraction and improved one-class support vector machines. Int. J. Inf. Secur. (IJIS) 15(4), 361\u2013379 (2016)","journal-title":"Int. J. Inf. Secur. (IJIS)"},{"issue":"3","key":"489_CR34","first-page":"14","volume":"21","author":"F Wei","year":"2018","unstructured":"Wei, F., Roy, S., Ou, X., et al.: Amandroid: a precise and general inter-component data flow analysis framework for security vetting of android apps. ACM Trans. Priv. Secur. (TOPS) 21(3), 14 (2018)","journal-title":"ACM Trans. Priv. Secur. (TOPS)"},{"key":"489_CR35","doi-asserted-by":"crossref","unstructured":"Feng, Y., Anand, S., Dillig, I., Aiken, A.: Apposcopy: semantics-based detection of android malware through static analysis. In: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering(FSE), pp. 576\u2013587. ACM (2014)","DOI":"10.1145\/2635868.2635869"},{"issue":"6","key":"489_CR36","doi-asserted-by":"publisher","first-page":"259","DOI":"10.1145\/2666356.2594299","volume":"49","author":"S Arzt","year":"2014","unstructured":"Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Traon, Y.L., Octeau, D., McDaniel, P.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM Sigplan Notices (SN) 49(6), 259\u2013269 (2014)","journal-title":"ACM Sigplan Notices (SN)"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-020-00489-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10207-020-00489-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-020-00489-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,10,18]],"date-time":"2022-10-18T13:36:39Z","timestamp":1666100199000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10207-020-00489-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,3,12]]},"references-count":36,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2021,2]]}},"alternative-id":["489"],"URL":"https:\/\/doi.org\/10.1007\/s10207-020-00489-5","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,3,12]]},"assertion":[{"value":"12 March 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Compliance with ethical standards"}},{"value":"Our article does not contain any studies with human participants or animals performed by any of the authors. Every participant in our paper received informed consent.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical approval"}}]}}