{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,31]],"date-time":"2026-03-31T09:44:37Z","timestamp":1774950277017,"version":"3.50.1"},"reference-count":92,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2022,2,9]],"date-time":"2022-02-09T00:00:00Z","timestamp":1644364800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2022,2,9]],"date-time":"2022-02-09T00:00:00Z","timestamp":1644364800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100010418","name":"Institute for Information and Communications Technology Promotion","doi-asserted-by":"crossref","award":["2017-0-00168"],"award-info":[{"award-number":["2017-0-00168"]}],"id":[{"id":"10.13039\/501100010418","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/501100003725","name":"National Research Foundation of Korea","doi-asserted-by":"publisher","award":["NRF2020R1A2C2014336"],"award-info":[{"award-number":["NRF2020R1A2C2014336"]}],"id":[{"id":"10.13039\/501100003725","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2022,8]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>A lot of malicious applications appears every day, threatening numerous users. Therefore, a surge of studies have been conducted to protect users from newly emerging malware by using machine learning algorithms. Albeit existing machine or deep learning-based Android malware detection approaches achieve high accuracy by using a combination of multiple features, it is not possible to employ them on our mobile devices due to the high cost for using them. In this paper, we propose<jats:sc>MAPAS<\/jats:sc>, a malware detection system, that achieves high accuracy and adaptable usages of computing resources.<jats:sc>MAPAS<\/jats:sc>analyzes behaviors of malicious applications based on API call graphs of them by using convolution neural networks (CNN). However,<jats:sc>MAPAS<\/jats:sc>does not use a classifier model generated by CNN, it only utilizes CNN for discovering common features of API call graphs of malware. For efficiently detecting malware,<jats:sc>MAPAS<\/jats:sc>employs a lightweight classifier that calculates a similarity between API call graphs used for malicious activities and API call graphs of applications that are going to be classified. To demonstrate the effectiveness and efficiency of<jats:sc>MAPAS<\/jats:sc>, we implement a prototype and thoroughly evaluate it. And, we compare<jats:sc>MAPAS<\/jats:sc>with a state-of-the-art Android malware detection approach, MaMaDroid. Our evaluation results demonstrate that<jats:sc>MAPAS<\/jats:sc>can classify applications 145.8% faster and uses memory around ten times lower than MaMaDroid. Also,<jats:sc>MAPAS<\/jats:sc>achieves higher accuracy (91.27%) than MaMaDroid (84.99%) for detecting unknown malware. In addition,<jats:sc>MAPAS<\/jats:sc>can generally detect any type of malware with high accuracy.<\/jats:p>","DOI":"10.1007\/s10207-022-00579-6","type":"journal-article","created":{"date-parts":[[2022,2,9]],"date-time":"2022-02-09T05:02:43Z","timestamp":1644382963000},"page":"725-738","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":97,"title":["MAPAS: a practical deep learning-based android malware detection system"],"prefix":"10.1007","volume":"21","author":[{"given":"Jinsung","family":"Kim","sequence":"first","affiliation":[]},{"given":"Younghoon","family":"Ban","sequence":"additional","affiliation":[]},{"given":"Eunbyeol","family":"Ko","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5344-5252","authenticated-orcid":false,"given":"Haehyun","family":"Cho","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2720-0593","authenticated-orcid":false,"given":"Jeong Hyun","family":"Yi","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,2,9]]},"reference":[{"key":"579_CR1","unstructured":"2020 McAfee Mobile Threat Report. McAfee Labs (2020)"},{"key":"579_CR2","doi-asserted-by":"crossref","unstructured":"Aafer, Y., Du, W., Yin, H.: Droidapiminer: Mining api-level features for robust malware detection in android. In: International Conference on Security and Privacy in Communication Systems, pp. 86\u2013103. Springer, Berlin (2013)","DOI":"10.1007\/978-3-319-04283-1_6"},{"issue":"2","key":"579_CR3","doi-asserted-by":"crossref","first-page":"37","DOI":"10.1111\/j.1469-8137.1912.tb05611.x","volume":"11","author":"P Accard","year":"1912","unstructured":"Accard, P.: The distribution of the flora in the alpine zone. New Phytol. 11(2), 37\u201350 (1912)","journal-title":"New Phytol."},{"key":"579_CR4","doi-asserted-by":"crossref","first-page":"52138","DOI":"10.1109\/ACCESS.2018.2870052","volume":"6","author":"A Adadi","year":"2018","unstructured":"Adadi, A., Berrada, M.: Peeking inside the black-box: a survey on explainable artificial intelligence (XAI). IEEE Access 6, 52138\u201352160 (2018)","journal-title":"IEEE Access"},{"issue":"1","key":"579_CR5","doi-asserted-by":"crossref","first-page":"9","DOI":"10.1007\/s11416-014-0226-7","volume":"11","author":"VM Afonso","year":"2015","unstructured":"Afonso, V.M., de Amorim, M.F., Gr\u00e9gio, A.R.A., Junquera, G.B., de Geus, P.L.: Identifying android malware using dynamically obtained features. J. Comput. Virol. Hacking Tech. 11(1), 9\u201317 (2015)","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"579_CR6","doi-asserted-by":"crossref","unstructured":"Allix, K., Bissyand\u00e9, T.F., Klein, J., Traon, Y.L.: Androzoo: collecting millions of android apps for the research community. In: 2016 IEEE\/ACM 13th Working Conference on Mining Software Repositories (MSR), pp. 468\u2013471. IEEE (2016)","DOI":"10.1145\/2901739.2903508"},{"key":"579_CR7","doi-asserted-by":"crossref","unstructured":"Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., CERT, S.: Drebin: effective and explainable detection of android malware in your pocket. In: Ndss, vol.\u00a014, pp. 23\u201326 (2014)","DOI":"10.14722\/ndss.2014.23247"},{"key":"579_CR8","unstructured":"Arzt, S.: Static data flow analysis for android applications (2017)"},{"issue":"6","key":"579_CR9","doi-asserted-by":"crossref","first-page":"259","DOI":"10.1145\/2666356.2594299","volume":"49","author":"S Arzt","year":"2014","unstructured":"Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Traon, Y.L., Octeau, D., McDaniel, P.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. Acm Sigplan Notices 49(6), 259\u2013269 (2014)","journal-title":"Acm Sigplan Notices"},{"issue":"3","key":"579_CR10","first-page":"228","volume":"2","author":"Z Aung","year":"2013","unstructured":"Aung, Z., Zaw, W.: Permission-based android malware detection. Int. J. Sci. Technol. Res. 2(3), 228\u2013234 (2013)","journal-title":"Int. J. Sci. Technol. Res."},{"key":"579_CR11","doi-asserted-by":"crossref","unstructured":"Avdiienko, V., Kuznetsov, K., Gorla, A., Zeller, A., Arzt, S., Rasthofer, S., Bodden, E.: Mining apps for abnormal usage of sensitive data. In: 2015 IEEE\/ACM 37th IEEE International Conference on Software Engineering, vol. 1, pp. 426\u2013436. IEEE (2015)","DOI":"10.1109\/ICSE.2015.61"},{"key":"579_CR12","doi-asserted-by":"crossref","unstructured":"Bl\u00e4sing, T., Batyuk, L., Schmidt, A.-D., Camtepe, S.A., Albayrak, S.: An android application sandbox system for suspicious software detection. In: 2010 5th International Conference on Malicious and Unwanted Software, pp. 55\u201362. IEEE (2010)","DOI":"10.1109\/MALWARE.2010.5665792"},{"issue":"1","key":"579_CR13","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1023\/A:1010933404324","volume":"45","author":"L Breiman","year":"2001","unstructured":"Breiman, L.: Random forests. Mach. Learn. 45(1), 5\u201332 (2001)","journal-title":"Mach. Learn."},{"key":"579_CR14","doi-asserted-by":"crossref","unstructured":"Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 15\u201326 (2011)","DOI":"10.1145\/2046614.2046619"},{"key":"579_CR15","doi-asserted-by":"crossref","unstructured":"Chan, P.P., Song, W.-K.: Static detection of android malware by using permissions and API calls. In: 2014 International Conference on Machine Learning and Cybernetics, vol. 1, pp. 82\u201387. IEEE (2014)","DOI":"10.1109\/ICMLC.2014.7009096"},{"key":"579_CR16","doi-asserted-by":"crossref","unstructured":"Chen, T., Mao, Q., Yang, Y., Lv, M., Zhu, J.: Tinydroid: a lightweight and efficient model for android malware detection and classification. In: Mobile Information Systems, 2018 (2018)","DOI":"10.1155\/2018\/4157156"},{"issue":"1","key":"579_CR17","doi-asserted-by":"crossref","first-page":"21","DOI":"10.1109\/TIT.1967.1053964","volume":"13","author":"T Cover","year":"1967","unstructured":"Cover, T., Hart, P.: Nearest neighbor pattern classification. IEEE Trans. Inf. Theory 13(1), 21\u201327 (1967)","journal-title":"IEEE Trans. Inf. Theory"},{"key":"579_CR18","unstructured":"Desnos, A., Gueguen, G.: Android: from reversing to decompilation. In: Proc. of Black Hat Abu Dhabi, pp. 77\u2013101 (2011)"},{"key":"579_CR19","doi-asserted-by":"crossref","first-page":"505","DOI":"10.1016\/j.future.2016.05.035","volume":"80","author":"G Dini","year":"2018","unstructured":"Dini, G., Martinelli, F., Matteucci, I., Petrocchi, M., Saracino, A., Sgandurra, D.: Risk analysis of android applications: a user-centric solution. Futur. Gener. Comput. Syst. 80, 505\u2013518 (2018)","journal-title":"Futur. Gener. Comput. Syst."},{"key":"579_CR20","doi-asserted-by":"crossref","unstructured":"Fan, M., Liu, J., Luo, X., Chen, K., Chen, T., Tian, Z., Zhang, X., Zheng, Q., Liu, T.: Frequent subgraph based familial classification of android malware. In: 2016 IEEE 27th International Symposium on Software Reliability Engineering (ISSRE), pp. 24\u201335. IEEE (2016)","DOI":"10.1109\/ISSRE.2016.14"},{"key":"579_CR21","doi-asserted-by":"crossref","unstructured":"Feng, Y., Anand, S., Dillig, I., Aiken, A.: Apposcopy: semantics-based detection of android malware through static analysis. In: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, pp. 576\u2013587 (2014)","DOI":"10.1145\/2635868.2635869"},{"key":"579_CR22","doi-asserted-by":"crossref","unstructured":"Ferrante, A., Malek, M., Martinelli, F., Mercaldo, F., Milosevic, J.: Extinguishing ransomware-a hybrid approach to android ransomware detection. In: International Symposium on Foundations and Practice of Security, pp. 242\u2013258. Springer, Berlin (2017)","DOI":"10.1007\/978-3-319-75650-9_16"},{"key":"579_CR23","doi-asserted-by":"crossref","unstructured":"Ganesh, M., Pednekar, P., Prabhuswamy, P., Nair, D.S., Park, Y., Jeon, H.: CNN-based android malware detection. In: 2017 International Conference on Software Security and Assurance (ICSSA), pp. 60\u201365. IEEE (2017)","DOI":"10.1109\/ICSSA.2017.18"},{"key":"579_CR24","unstructured":"Google Play Store. https:\/\/play.google.com\/store\/apps. Accessed November (2019)"},{"key":"579_CR25","doi-asserted-by":"crossref","unstructured":"Gordon, M.I., Kim, D., Perkins, J.H., Gilham, L., Nguyen, N., Rinard, M.C.: Information flow analysis of android applications in droidsafe. In: NDSS, vol.\u00a015, p. 110 (2015)","DOI":"10.14722\/ndss.2015.23089"},{"issue":"2","key":"579_CR26","doi-asserted-by":"crossref","first-page":"149","DOI":"10.7763\/IJCCE.2014.V3.310","volume":"3","author":"YJ Ham","year":"2014","unstructured":"Ham, Y.J., Lee, H.-W.: Detection of malicious android mobile applications based on aggregated system call events. Int. J. Comput. Commun. Eng. 3(2), 149 (2014)","journal-title":"Int. J. Comput. Commun. Eng."},{"issue":"1","key":"579_CR27","first-page":"231","volume":"8","author":"YJ Ham","year":"2014","unstructured":"Ham, Y.J., Moon, D., Lee, H.-W., Lim, J.D., Kim, J.N.: Android mobile application system call event pattern analysis for determination of malicious attack. Int. J. Secur. Appl. 8(1), 231\u2013246 (2014)","journal-title":"Int. J. Secur. Appl."},{"key":"579_CR28","unstructured":"HCL AppScan. https:\/\/www.hcltechsw.com\/appscan\/. Accessed March (2021)"},{"issue":"1s","key":"579_CR29","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3241056","volume":"15","author":"MS Hossain","year":"2019","unstructured":"Hossain, M.S., Amin, S.U., Alsulaiman, M., Muhammad, G.: Applying deep learning for epilepsy seizure detection and brain mapping visualization. ACM Trans. Multimed. Comput. Commun. Appl. (TOMM) 15(1s), 1\u201317 (2019)","journal-title":"ACM Trans. Multimed. Comput. Commun. Appl. (TOMM)"},{"key":"579_CR30","doi-asserted-by":"crossref","unstructured":"Hou, S., Saas, A., Ye, Y., Chen, L.: Droiddelver: an android malware detection system using deep belief network based on api call blocks. In: International Conference on Web-Age Information Management, pp. 54\u201366. Springer, Berlin (2016)","DOI":"10.1007\/978-3-319-47121-1_5"},{"key":"579_CR31","doi-asserted-by":"crossref","unstructured":"Hou, S., Saas, A., Chen, L., Ye, Y., Bourlai, T.: Deep neural networks for automatic android malware detection. In: Proceedings of the 2017 IEEE\/ACM International Conference on Advances in Social Networks Analysis and Mining 2017, pp. 803\u2013810 (2017)","DOI":"10.1145\/3110025.3116211"},{"key":"579_CR32","doi-asserted-by":"crossref","unstructured":"Isohara, T., Takemori, K., Kubota, A.: Kernel-based behavior analysis for android malware detection. In: 2011 Seventh International Conference on Computational Intelligence and Security, pp. 1011\u20131015. IEEE (2011)","DOI":"10.1109\/CIS.2011.226"},{"key":"579_CR33","doi-asserted-by":"crossref","unstructured":"Jing, Y., Ahn, G.-J., Zhao, Z., Hu, H.: Riskmon: continuous and automated risk assessment of mobile applications. In: Proceedings of the 4th ACM Conference on Data and Application Security and Privacy, pp. 99\u2013110 (2014)","DOI":"10.1145\/2557547.2557549"},{"key":"579_CR34","doi-asserted-by":"crossref","first-page":"S48","DOI":"10.1016\/j.diin.2018.01.007","volume":"24","author":"EB Karbab","year":"2018","unstructured":"Karbab, E.B., Debbabi, M., Derhab, A., Mouheb, D.: Maldozer: automatic framework for android malware detection using deep learning. Digit. Investig. 24, S48\u2013S59 (2018)","journal-title":"Digit. Investig."},{"key":"579_CR35","doi-asserted-by":"crossref","unstructured":"Kim, Y.: Convolutional neural networks for sentence classification. In: Proceedings of the 2014 Conference on Empirical Methods in Natural Language Processing, EMNLP 2014, October 25\u201329, 2014, Doha, Qatar, A meeting of SIGDAT, a Special Interest Group of the ACL, pp. 1746\u20131751. ACL (2014)","DOI":"10.3115\/v1\/D14-1181"},{"issue":"4","key":"579_CR36","doi-asserted-by":"crossref","first-page":"1690","DOI":"10.1016\/j.eswa.2013.08.066","volume":"41","author":"G Kim","year":"2014","unstructured":"Kim, G., Lee, S., Kim, S.: A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Syst. Appl. 41(4), 1690\u20131700 (2014)","journal-title":"Expert Syst. Appl."},{"issue":"4","key":"579_CR37","doi-asserted-by":"crossref","first-page":"5027","DOI":"10.1007\/s11042-017-4756-0","volume":"77","author":"H Kim","year":"2018","unstructured":"Kim, H., Cho, T., Ahn, G.-J., Yi, J.H.: Risk assessment of mobile applications based on machine learned malware dataset. Multimed. Tools Appl. 77(4), 5027\u20135042 (2018)","journal-title":"Multimed. Tools Appl."},{"issue":"3","key":"579_CR38","doi-asserted-by":"crossref","first-page":"773","DOI":"10.1109\/TIFS.2018.2866319","volume":"14","author":"T Kim","year":"2018","unstructured":"Kim, T., Kang, B., Rho, M., Sezer, S., Im, E.G.: A multimodal deep learning method for android malware detection using various features. IEEE Trans. Inf. Forensics Secur. 14(3), 773\u2013788 (2018)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"issue":"4","key":"579_CR39","first-page":"39","volume":"9","author":"K Kim","year":"2019","unstructured":"Kim, K., Ko, E., Kim, J., Yi, J.H.: Intelligent malware detection based on hybrid learning of API and ACG on android. J. Internet Ser. Inf. Secur. 9(4), 39\u201348 (2019)","journal-title":"J. Internet Ser. Inf. Secur."},{"key":"579_CR40","doi-asserted-by":"crossref","first-page":"48503","DOI":"10.1109\/ACCESS.2020.2979477","volume":"8","author":"K Kim","year":"2020","unstructured":"Kim, K., Kim, J., Ko, E., Yi, J.H.: Risk assessment scheme for mobile applications based on tree boosting. IEEE Access 8, 48503\u201348514 (2020)","journal-title":"IEEE Access"},{"key":"579_CR41","doi-asserted-by":"crossref","unstructured":"Kong, D., Cen, L., Jin, H.: Autoreb: automatically understanding the review-to-behavior fidelity in android applications. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 530\u2013541 (2015)","DOI":"10.1145\/2810103.2813689"},{"key":"579_CR42","doi-asserted-by":"crossref","first-page":"158","DOI":"10.1016\/j.future.2018.02.001","volume":"83","author":"A Kumar","year":"2018","unstructured":"Kumar, A., Kuppusamy, K., Aghila, G.: Famous: Forensic analysis of mobile devices using scoring of application permissions. Futur. Gener. Comput. Syst. 83, 158\u2013172 (2018)","journal-title":"Futur. Gener. Comput. Syst."},{"key":"579_CR43","unstructured":"Le, Q., Mikolov, T.: Distributed representations of sentences and documents. In: International Conference on Machine Learning, pp. 1188\u20131196. PMLR (2014)"},{"issue":"11","key":"579_CR44","doi-asserted-by":"crossref","first-page":"2278","DOI":"10.1109\/5.726791","volume":"86","author":"Y LeCun","year":"1998","unstructured":"LeCun, Y., Bottou, L., Bengio, Y., Haffner, P.: Gradient-based learning applied to document recognition. Proc. IEEE 86(11), 2278\u20132324 (1998)","journal-title":"Proc. IEEE"},{"issue":"4","key":"579_CR45","doi-asserted-by":"crossref","first-page":"6668","DOI":"10.1109\/JIOT.2019.2909745","volume":"6","author":"T Lei","year":"2019","unstructured":"Lei, T., Qin, Z., Wang, Z., Li, Q., Ye, D.: Evedroid: event-aware android malware detection against model degrading for iot devices. IEEE Internet Things J. 6(4), 6668\u20136680 (2019)","journal-title":"IEEE Internet Things J."},{"key":"579_CR46","doi-asserted-by":"crossref","unstructured":"Li, Y., Li, Y., Yan, H., Liu, J.: Deep joint discriminative learning for vehicle re-identification and retrieval. In: 2017 IEEE International Conference on Image Processing (ICIP), pp. 395\u2013399. IEEE (2017)","DOI":"10.1109\/ICIP.2017.8296310"},{"key":"579_CR47","doi-asserted-by":"crossref","unstructured":"Li, D., Wang, Z., Xue, Y.: Fine-grained android malware detection based on deep learning. In: 2018 IEEE Conference on Communications and Network Security (CNS), pp. 1\u20132. IEEE (2018)","DOI":"10.1109\/CNS.2018.8433204"},{"issue":"7","key":"579_CR48","doi-asserted-by":"crossref","first-page":"3216","DOI":"10.1109\/TII.2017.2789219","volume":"14","author":"J Li","year":"2018","unstructured":"Li, J., Sun, L., Yan, Q., Li, Z., Srisa-An, W., Ye, H.: Significant permission identification for machine-learning-based android malware detection. IEEE Trans. Ind. Inf. 14(7), 3216\u20133225 (2018)","journal-title":"IEEE Trans. Ind. Inf."},{"key":"579_CR49","doi-asserted-by":"crossref","unstructured":"Li, W., Wang, Z., Cai, J., Cheng, S.: An android malware detection approach using weight-adjusted deep learning. In: 2018 International Conference on Computing, Networking and Communications (ICNC), pp. 437\u2013441. IEEE (2018)","DOI":"10.1109\/ICCNC.2018.8390391"},{"key":"579_CR50","doi-asserted-by":"crossref","unstructured":"Liu, P., Wang, W., Luo, X., Wang, H., Liu, C.: Nsdroid: efficient multi-classification of android malware using neighborhood signature in local function call graphs. Int. J. Inf. Secur. 1\u201313 (2020)","DOI":"10.1007\/s10207-020-00489-5"},{"key":"579_CR51","doi-asserted-by":"crossref","first-page":"21235","DOI":"10.1109\/ACCESS.2019.2896003","volume":"7","author":"Z Ma","year":"2019","unstructured":"Ma, Z., Ge, H., Liu, Y., Zhao, M., Ma, J.: A combination method for android malware detection based on control flow graphs and machine learning algorithms. IEEE Access 7, 21235\u201321245 (2019)","journal-title":"IEEE Access"},{"key":"579_CR52","doi-asserted-by":"crossref","first-page":"16","DOI":"10.1016\/j.cose.2015.02.007","volume":"51","author":"D Maiorca","year":"2015","unstructured":"Maiorca, D., Ariu, D., Corona, I., Aresu, M., Giacinto, G.: Stealth attacks: an extended insight into the obfuscation effects on android malware. Comput. Secur. 51, 16\u201331 (2015)","journal-title":"Comput. Secur."},{"key":"579_CR53","doi-asserted-by":"crossref","unstructured":"Mart\u00edn, A., Calleja, A., Men\u00e9ndez, H.D., Tapiador, J., Camacho, D.: Adroit: android malware detection using meta-information. In: 2016 IEEE Symposium Series on Computational Intelligence (SSCI), pp. 1\u20138. IEEE (2016)","DOI":"10.1109\/SSCI.2016.7849904"},{"key":"579_CR54","doi-asserted-by":"crossref","unstructured":"McLaughlin, N., del Rincon, J.M., Kang, B., Yerima, S., Miller, P., Sezer, S., Safaei, Y., Trickel, E., Zhao, Z., Doup\u00e9, A., Ahn, G.J.: Deep android malware detection. In: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, pp. 301\u2013308 (2017)","DOI":"10.1145\/3029806.3029823"},{"key":"579_CR55","unstructured":"Mikolov, T., Sutskever, I., Chen, K., Corrado, G., Dean, J.: Distributed representations of words and phrases and their compositionality. In: Proceedings of the 26th International Conference on Neural Information Processing Systems, vol. 2, pp. 3111\u20133119 (2013)"},{"key":"579_CR56","unstructured":"Mohr, M., Graf, J., Hecker, M.: Jodroid: Adding android support to a static information flow control tool. In: Software Engineering (Workshops), pp. 140\u2013145. Citeseer (2015)"},{"key":"579_CR57","unstructured":"Molnar, C.: Interpretable machine learning. Lulu. com (2020)"},{"key":"579_CR58","doi-asserted-by":"crossref","unstructured":"Nix, R., Zhang, J.: Classification of android apps and malware using deep neural networks. In: 2017 International Joint Conference on Neural Networks (IJCNN), pp. 1871\u20131878. IEEE (2017)","DOI":"10.1109\/IJCNN.2017.7966078"},{"key":"579_CR59","volume-title":"Markov Chains","author":"JR Norris","year":"1998","unstructured":"Norris, J.R., Norris, J.R., Norris, J.R.: Markov Chains, vol. 2. Cambridge University Press, Cambridge (1998)"},{"key":"579_CR60","unstructured":"Octeau, D., McDaniel, P., Jha, S., Bartel, A., Bodden, E., Klein, J., Traon, Y.L.: Effective inter-component communication mapping in android: an essential step towards holistic security analysis. In: 22nd {USENIX} Security Symposium ({USENIX} Security 13), pp. 543\u2013558 (2013)"},{"issue":"2","key":"579_CR61","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3313391","volume":"22","author":"L Onwuzurike","year":"2019","unstructured":"Onwuzurike, L., Mariconti, E., Andriotis, P., Cristofaro, E.D., Ross, G., Stringhini, G.: Mamadroid: detecting android malware by building Markov chains of behavioral models (extended version). ACM Trans. Priv. Secur. (TOPS) 22(2), 1\u201334 (2019)","journal-title":"ACM Trans. Priv. Secur. (TOPS)"},{"key":"579_CR62","unstructured":"Pandita, R., Xiao, X., ang, W., Enck, W., Xie, T.: {WHYPER}: Towards automating risk assessment of mobile applications. In: 22nd USENIX Security Symposium (USENIX Security 13), pp. 527\u2013542 (2013)"},{"key":"579_CR63","doi-asserted-by":"crossref","unstructured":"Pehlivan, U., Baltaci, N., Acart\u00fcrk, C., Baykal, N.: The analysis of feature selection methods and classification algorithms in permission based android malware detection. In: 2014 IEEE Symposium on Computational Intelligence in Cyber Security (CICS), pp. 1\u20138. IEEE (2014)","DOI":"10.1109\/CICYBS.2014.7013371"},{"key":"579_CR64","doi-asserted-by":"crossref","unstructured":"Peng, W., Huang, L., Jia, J., Ingram, E.: Enhancing the Naive Bayes spam filter through intelligent text modification detection. In: 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing And Communications\/12th IEEE International Conference on Big Data Science and Engineering (TrustCom\/BigDataSE), pp. 849\u2013854. IEEE (2018)","DOI":"10.1109\/TrustCom\/BigDataSE.2018.00122"},{"key":"579_CR65","doi-asserted-by":"crossref","unstructured":"Qiu, L., Wang, Y., Rubin, J.: Analyzing the analyzers: Flowdroid\/iccta, amandroid, and droidsafe. In: Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 176\u2013186 (2018)","DOI":"10.1145\/3213846.3213873"},{"key":"579_CR66","doi-asserted-by":"crossref","first-page":"64","DOI":"10.1016\/j.ins.2011.08.020","volume":"231","author":"I Santos","year":"2013","unstructured":"Santos, I., Brezo, F., Ugarte-Pedrero, X., Bringas, P.G.: Opcode sequences as representation of executables for data-mining-based unknown malware detection. Inf. Sci. 231, 64\u201382 (2013)","journal-title":"Inf. Sci."},{"issue":"1","key":"579_CR67","doi-asserted-by":"crossref","first-page":"83","DOI":"10.1109\/TDSC.2016.2536605","volume":"15","author":"A Saracino","year":"2016","unstructured":"Saracino, A., Sgandurra, D., Dini, G., Martinelli, F.: Madam: effective and efficient behavior-based android malware detection and prevention. IEEE Trans. Dependable Secur. Comput. 15(1), 83\u201397 (2016)","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"579_CR68","doi-asserted-by":"crossref","first-page":"85","DOI":"10.1016\/j.neunet.2014.09.003","volume":"61","author":"J Schmidhuber","year":"2015","unstructured":"Schmidhuber, J.: Deep learning in neural networks: an overview. Neural Netw. 61, 85\u2013117 (2015)","journal-title":"Neural Netw."},{"key":"579_CR69","doi-asserted-by":"crossref","unstructured":"Selvaraju, R.R., Cogswell, M., Das, A., Vedantam, R., Parikh, D., Batra, D.: Grad-cam: visual explanations from deep networks via gradient-based localization. In: Proceedings of the IEEE International Conference on Computer Vision, pp. 618\u2013626 (2017)","DOI":"10.1109\/ICCV.2017.74"},{"key":"579_CR70","doi-asserted-by":"crossref","first-page":"804","DOI":"10.1016\/j.procs.2015.02.149","volume":"46","author":"P Shijo","year":"2015","unstructured":"Shijo, P., Salim, A.: Integrated static and dynamic analysis for malware detection. Proc. Comput. Sci. 46, 804\u2013811 (2015)","journal-title":"Proc. Comput. Sci."},{"key":"579_CR71","doi-asserted-by":"crossref","unstructured":"Strubell, E., Ganesh, A., McCallum, A.: Energy and policy considerations for deep learning in nlp. In: Proceedings of the 57th Annual Meeting of the Association for Computational Linguistics, pp. 3645\u20133650 (2019)","DOI":"10.18653\/v1\/P19-1355"},{"issue":"4","key":"579_CR72","doi-asserted-by":"crossref","first-page":"1104","DOI":"10.1016\/j.eswa.2013.07.106","volume":"41","author":"G Suarez-Tangil","year":"2014","unstructured":"Suarez-Tangil, G., Tapiador, J.E., Peris-Lopez, P., Blasco, J.: Dendroid: a text mining approach to analyzing and classifying code structures in android malware families. Expert Syst. Appl. 41(4), 1104\u20131117 (2014)","journal-title":"Expert Syst. Appl."},{"key":"579_CR73","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.diin.2015.01.001","volume":"13","author":"KA Talha","year":"2015","unstructured":"Talha, K.A., Alper, D.I., Aydin, C.: APK auditor: permission-based android malware detection system. Digit. Investig. 13, 1\u201314 (2015)","journal-title":"Digit. Investig."},{"key":"579_CR74","doi-asserted-by":"crossref","first-page":"22","DOI":"10.1016\/j.jpdc.2016.10.012","volume":"103","author":"F Tong","year":"2017","unstructured":"Tong, F., Yan, Z.: A hybrid approach of mobile malware detection in android. J. Parallel Distrib. Comput. 103, 22\u201331 (2017)","journal-title":"J. Parallel Distrib. Comput."},{"key":"579_CR75","unstructured":"VirusShare. https:\/\/virusshare.com\/. Accessed November (2019)"},{"key":"579_CR76","doi-asserted-by":"crossref","unstructured":"Wang, Y., Zheng, J., Sun, C., Mukkamala, S.: Quantitative security risk assessment of android permissions and applications. In: IFIP Annual Conference on Data and Applications Security and Privacy, pp. 226\u2013241. Springer, Berlin (2013)","DOI":"10.1007\/978-3-642-39256-6_15"},{"key":"579_CR77","doi-asserted-by":"crossref","unstructured":"Wang, Z., Cai, J., Cheng, S., Li, W.: Droiddeeplearner: identifying android malware using deep learning. In: 2016 IEEE 37th Sarnoff Symposium, pp. 160\u2013165. IEEE (2016)","DOI":"10.1109\/SARNOF.2016.7846747"},{"issue":"8","key":"579_CR78","doi-asserted-by":"crossref","first-page":"3035","DOI":"10.1007\/s12652-018-0803-6","volume":"10","author":"W Wang","year":"2019","unstructured":"Wang, W., Zhao, M., Wang, J.: Effective android malware detection with a hybrid model based on deep autoencoder and convolutional neural network. J. Ambient. Intell. Humaniz. Comput. 10(8), 3035\u20133043 (2019)","journal-title":"J. Ambient. Intell. Humaniz. Comput."},{"key":"579_CR79","doi-asserted-by":"crossref","first-page":"252","DOI":"10.1007\/978-3-319-60876-1_12","volume-title":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","author":"F Wei","year":"2017","unstructured":"Wei, F., Li, Y., Roy, S., Zhou, X.O.W.: Deep ground truth analysis of current android malware. In: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 252\u2013276. Springer, Berlin (2017)"},{"issue":"3","key":"579_CR80","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3183575","volume":"21","author":"F Wei","year":"2018","unstructured":"Wei, F., Roy, S., Ou, X.: Amandroid: a precise and general inter-component data flow analysis framework for security vetting of android apps. ACM Trans. Priv. Secur. (TOPS) 21(3), 1\u201332 (2018)","journal-title":"ACM Trans. Priv. Secur. (TOPS)"},{"key":"579_CR81","doi-asserted-by":"crossref","first-page":"125","DOI":"10.1016\/j.cose.2015.12.005","volume":"58","author":"J Wook Jang","year":"2016","unstructured":"Wook Jang, J., Kang, H., Woo, J., Mohaisen, A., Kim, H.K.: Andro-dumpsys: anti-malware system based on the similarity of malware creator and malware centric information. Comput. Secur. 58, 125\u2013138 (2016)","journal-title":"Comput. Secur."},{"key":"579_CR82","doi-asserted-by":"crossref","unstructured":"Wu, D.-J., Mao, C.-H., Wei, T.-E., Lee, H.-M., Wu, K.-P.: Droidmat: android malware detection through manifest and API calls tracing. In: 2012 Seventh Asia Joint Conference on Information Security, pp. 62\u201369. IEEE (2012)","DOI":"10.1109\/AsiaJCIS.2012.18"},{"key":"579_CR83","doi-asserted-by":"crossref","first-page":"17","DOI":"10.1016\/j.infsof.2016.03.004","volume":"75","author":"S Wu","year":"2016","unstructured":"Wu, S., Wang, P., Li, X., Zhang, Y.: Effective detection of android malware based on the usage of data flow APIs and machine learning. Inf. Softw. Technol. 75, 17\u201325 (2016)","journal-title":"Inf. Softw. Technol."},{"key":"579_CR84","doi-asserted-by":"crossref","unstructured":"Wu, W.-C., Hung, S.-H.: Droiddolphin: a dynamic android malware detection framework using big data and machine learning. In: Proceedings of the 2014 Conference on Research in Adaptive and Convergent Systems, pp. 247\u2013252 (2014)","DOI":"10.1145\/2663761.2664223"},{"key":"579_CR85","doi-asserted-by":"crossref","unstructured":"Xu, K., Li, Y., Deng, R.H., Chen, K.: Deeprefiner: multi-layer android malware detection system applying deep neural networks. In: 2018 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 473\u2013487. IEEE (2018)","DOI":"10.1109\/EuroSP.2018.00040"},{"key":"579_CR86","doi-asserted-by":"crossref","unstructured":"Yerima, S.Y., Sezer, S., Muttik, I.: Android malware detection using parallel machine learning classifiers. In: 2014 Eighth International Conference on Next Generation Mobile Apps, Services and Technologies, pp. 37\u201342. IEEE (2014)","DOI":"10.1109\/NGMAST.2014.23"},{"issue":"1","key":"579_CR87","doi-asserted-by":"crossref","first-page":"114","DOI":"10.1109\/TST.2016.7399288","volume":"21","author":"Z Yuan","year":"2016","unstructured":"Yuan, Z., Lu, Y., Xue, Y.: Droiddetector: android malware characterization and detection using deep learning. Tsinghua Sci. Technol. 21(1), 114-123 (2016)","journal-title":"Tsinghua Sci. Technol."},{"key":"579_CR88","doi-asserted-by":"crossref","unstructured":"Zhang, Y., Yang, Y., Wang, X.: A novel android malware detection approach based on convolutional neural network. In: Proceedings of the 2nd International Conference on Cryptography, Security and Privacy, pp. 144\u2013149 (2018)","DOI":"10.1145\/3199478.3199492"},{"key":"579_CR89","doi-asserted-by":"crossref","first-page":"69246","DOI":"10.1109\/ACCESS.2019.2919796","volume":"7","author":"H Zhang","year":"2019","unstructured":"Zhang, H., Luo, S., Zhang, Y., Pan, L.: An efficient android malware detection system based on method-level behavioral semantic analysis. IEEE Access 7, 69246\u201369256 (2019)","journal-title":"IEEE Access"},{"key":"579_CR90","first-page":"50","volume":"25","author":"Y Zhou","year":"2012","unstructured":"Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, you, get off of my market: detecting malicious apps in official and alternative android markets. In NDSS 25, 50\u201352 (2012)","journal-title":"In NDSS"},{"key":"579_CR91","doi-asserted-by":"crossref","unstructured":"Zhou, B., Khosla, A., Lapedriza, A., Oliva, A., Torralba, A.: Learning deep features for discriminative localization. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 2921\u20132929 (2016)","DOI":"10.1109\/CVPR.2016.319"},{"key":"579_CR92","doi-asserted-by":"crossref","unstructured":"Zhu, D., Jin, H., ang, Y., Wu, D., Chen, W.: Deepflow: deep learning-based malware detection by mining android application for abnormal usage of sensitive data. In: 2017 IEEE Symposium on computers and Communications (ISCC), pp. 438\u2013443. IEEE (2017)","DOI":"10.1109\/ISCC.2017.8024568"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-022-00579-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-022-00579-6\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-022-00579-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,18]],"date-time":"2024-09-18T03:56:21Z","timestamp":1726631781000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-022-00579-6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,2,9]]},"references-count":92,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2022,8]]}},"alternative-id":["579"],"URL":"https:\/\/doi.org\/10.1007\/s10207-022-00579-6","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,2,9]]},"assertion":[{"value":"9 February 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"This article does not contain any studies with human participants or animals performed by any of the authors.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical approval"}}]}}