{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,19]],"date-time":"2026-01-19T00:05:21Z","timestamp":1768781121691,"version":"3.49.0"},"reference-count":45,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2016,12,28]],"date-time":"2016-12-28T00:00:00Z","timestamp":1482883200000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"funder":[{"name":"Returned Overseas Chinese Scholars","award":["K14C300020"],"award-info":[{"award-number":["K14C300020"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cluster Comput"],"published-print":{"date-parts":[[2018,3]]},"DOI":"10.1007\/s10586-016-0703-5","type":"journal-article","created":{"date-parts":[[2016,12,28]],"date-time":"2016-12-28T02:44:28Z","timestamp":1482893068000},"page":"265-275","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":14,"title":["DroidWard: An Effective Dynamic Analysis Method for Vetting Android Applications"],"prefix":"10.1007","volume":"21","author":[{"given":"Yubin","family":"Yang","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zongtao","family":"Wei","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yong","family":"Xu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Haiwu","family":"He","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Wei","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2016,12,28]]},"reference":[{"key":"703_CR1","unstructured":"F-Secure, Threat Report 2015. https:\/\/www.f-secure.com\/documents\/996508\/1030743\/Threat_Report_2015.pdf (2015)"},{"key":"703_CR2","unstructured":"Greenberg, A.: Scanner identifies thousands of malicious Android apps on Google Play, other markets. http:\/\/www.scmagazine.com\/scanner-identifies-thousands-of-malicious-android-apps-on-google-play-other-markets\/article\/435387\/ (2015)"},{"key":"703_CR3","unstructured":"Hirst, S.: Lookout Discovers SocialPath Malware in Google Play Store. https:\/\/vpncreative.net\/2015\/01\/10\/lookout-socialpath-malware-google-play (2015)"},{"key":"703_CR4","unstructured":"Lockheimer, H.: Android and Security. http:\/\/googlemobile.blogspot.com\/2014\/02\/android-and-security.html (2014)"},{"key":"703_CR5","doi-asserted-by":"crossref","unstructured":"Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. IEEE Symposium on Security and Privacy, pp. 95\u2013109, 2012","DOI":"10.1109\/SP.2012.16"},{"issue":"2","key":"703_CR6","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1145\/2619091","volume":"32","author":"W Enck","year":"2014","unstructured":"Enck, W., Gilbert, P., Han, S., et al.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 5 (2014)","journal-title":"ACM Trans. Comput. Syst. (TOCS)"},{"key":"703_CR7","doi-asserted-by":"crossref","unstructured":"Lindorfer, M., Neugschwandtner, M., Platzer, C.: Marvin: Efficient and comprehensive mobile app classification through static and dynamic analysis. 39th IEEE Annual Computer Software and Applications Conference (COMPSAC), vol. 2, pp. 422\u2013433, 2015","DOI":"10.1109\/COMPSAC.2015.103"},{"key":"703_CR8","doi-asserted-by":"crossref","unstructured":"Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., et al.: Andrubis\u20131,000,000 apps later: a view on current Android malware behaviors. Third International IEEE Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), p 3-17, 2014","DOI":"10.1109\/BADGERS.2014.7"},{"key":"703_CR9","doi-asserted-by":"crossref","unstructured":"Felt, A. P., Chin, E., Hanna, S., et al.: Android permissions demystified. 18th ACM Conference on Computer and communications security, pp. 627-638, 2011","DOI":"10.1145\/2046707.2046779"},{"key":"703_CR10","unstructured":"Dietz, M., Shekhar, S., Pisetsky, Y., et al.: QUIRE: lightweight provenance for smart phone operating systems. USENIX Security Symposium, vol. 31, 2011"},{"issue":"1","key":"703_CR11","doi-asserted-by":"crossref","first-page":"9","DOI":"10.1007\/s11416-014-0226-7","volume":"11","author":"VM Afonso","year":"2015","unstructured":"Afonso, V.M., de Amorim, M.F., Gr\u00e9gio, A.R.A., et al.: Identifying Android malware using dynamically obtained features. J. Comput. Virol. Hacking Tech. 11(1), 9\u201317 (2015)","journal-title":"J. Comput. Virol. Hacking Tech."},{"issue":"1","key":"703_CR12","doi-asserted-by":"crossref","first-page":"58","DOI":"10.1016\/j.comcom.2007.10.010","volume":"31","author":"W Wang","year":"2008","unstructured":"Wang, W., Guan, X., Zhang, X.: Processing of massive audit data streams for real-time anomaly intrusion detection. Comput. Commun. 31(1), 58\u201372 (2008)","journal-title":"Comput. Commun."},{"key":"703_CR13","unstructured":"Wang, W., Liu, J., Pitsilis, G., et al.: Abstracting massive data for lightweight intrusion detection in computer networks. Information Sciences (online first), 2016"},{"key":"703_CR14","doi-asserted-by":"crossref","first-page":"103","DOI":"10.1016\/j.knosys.2014.06.018","volume":"70","author":"W Wang","year":"2014","unstructured":"Wang, W., Guyet, T., Quiniou, R., et al.: Autonomic intrusion detection: adaptively detecting anomalies over unlabeled audit data streams in computer networks. Knowl.-Based Syst. 70, 103\u2013117 (2014)","journal-title":"Knowl.-Based Syst."},{"key":"703_CR15","doi-asserted-by":"crossref","unstructured":"Wang, W., Battiti, R.: Identifying intrusions in computer networks with principal component analysis, First International Conference on Availability, Reliability and Security. IEEE, p 1-8, 2006","DOI":"10.1109\/ARES.2006.73"},{"issue":"7","key":"703_CR16","doi-asserted-by":"crossref","first-page":"1644","DOI":"10.1109\/TKDE.2013.146","volume":"26","author":"X Zhang","year":"2014","unstructured":"Zhang, X., Furtlehner, C., Germain-Renaud, C., et al.: Data stream clustering with affinity propagation. IEEE Trans. Knowl. Data Eng. 26(7), 1644\u20131656 (2014)","journal-title":"IEEE Trans. Knowl. Data Eng."},{"issue":"4","key":"703_CR17","doi-asserted-by":"crossref","first-page":"616","DOI":"10.1007\/s11390-013-1362-0","volume":"28","author":"XL Zhang","year":"2013","unstructured":"Zhang, X.L., Lee, T.M.D., Pitsilis, G.: Securing recommender systems against shilling attacks using social-based clustering. J. Comput. Sci. Technol. 28(4), 616\u2013624 (2013)","journal-title":"J. Comput. Sci. Technol."},{"issue":"12","key":"703_CR18","doi-asserted-by":"crossref","first-page":"1974","DOI":"10.1016\/j.jss.2009.06.040","volume":"82","author":"W Wang","year":"2009","unstructured":"Wang, W., Zhang, X., Gombault, S.: Constructing attribute weights from computer audit data for effective intrusion detection. J. Syst. Softw. 82(12), 1974\u20131981 (2009)","journal-title":"J. Syst. Softw."},{"issue":"1","key":"703_CR19","doi-asserted-by":"crossref","first-page":"31","DOI":"10.1016\/j.jnca.2008.04.006","volume":"32","author":"X Guan","year":"2009","unstructured":"Guan, X., Wang, W., Zhang, X.: Fast intrusion detection based on a non-negative matrix factorization model. J. Netw. Comput. Appl. 32(1), 31\u201344 (2009)","journal-title":"J. Netw. Comput. Appl."},{"issue":"7","key":"703_CR20","doi-asserted-by":"crossref","first-page":"539","DOI":"10.1016\/j.cose.2006.05.005","volume":"25","author":"W Wang","year":"2006","unstructured":"Wang, W., Guan, X., Zhang, X., Yang, L.: Profiling program behavior for anomaly intrusion detection based on the transition and frequency property of computer audit data. Comput. Secur. 25(7), 539\u2013550 (2006)","journal-title":"Comput. Secur."},{"issue":"8","key":"703_CR21","doi-asserted-by":"crossref","first-page":"2201","DOI":"10.1109\/TPDS.2013.271","volume":"25","author":"X Huang","year":"2014","unstructured":"Huang, X., Li, J., Li, J., et al.: Securely outsourcing attribute-based encryption with checkability. IEEE Trans. Parallel Distrib. Syst. 25(8), 2201\u20132210 (2014)","journal-title":"IEEE Trans. Parallel Distrib. Syst."},{"issue":"2","key":"703_CR22","doi-asserted-by":"crossref","first-page":"425","DOI":"10.1109\/TC.2013.208","volume":"64","author":"J Li","year":"2015","unstructured":"Li, J., Li, J., Chen, X., et al.: Identity-based encryption with outsourced revocation in cloud computing. IEEE Trans. Comput. 64(2), 425\u2013437 (2015)","journal-title":"IEEE Trans. Comput."},{"issue":"5","key":"703_CR23","doi-asserted-by":"crossref","first-page":"1206","DOI":"10.1109\/TPDS.2014.2318320","volume":"26","author":"J Li","year":"2015","unstructured":"Li, J., Li, Y.K., Chen, X., et al.: A hybrid cloud approach for secure authorized deduplication. IEEE Trans. Parallel Distrib. Syst. 26(5), 1206\u20131216 (2015)","journal-title":"IEEE Trans. Parallel Distrib. Syst."},{"issue":"6","key":"703_CR24","doi-asserted-by":"crossref","first-page":"1615","DOI":"10.1109\/TPDS.2013.284","volume":"25","author":"J Li","year":"2014","unstructured":"Li, J., Chen, X., Li, M., et al.: Secure deduplication with efficient and reliable convergent key management. IEEE Trans. Parallel Distrib Syst. 25(6), 1615\u20131625 (2014)","journal-title":"IEEE Trans. Parallel Distrib Syst."},{"key":"703_CR25","unstructured":"Fuchs, A.P., Chaudhuri, A., Foster, J.S.: Scandroid: automated security certification of android. Technical report, University of Maryland (2009)"},{"key":"703_CR26","unstructured":"Pandita, R., Xiao, X., Yang, W., et al.: Whyper: towards automating risk assessment of mobile applications, Presented as part of the 22nd USENIX Security Symposium (USENIX Security 13), pp. 527-542, 2013"},{"key":"703_CR27","doi-asserted-by":"crossref","unstructured":"Peiravian, N., Zhu, X.: Machine learning for android malware detection using permission and api calls. IEEE 25th International Conference on Tools with Artificial Intelligence. IEEE, pp. 300-305, 2013","DOI":"10.1109\/ICTAI.2013.53"},{"key":"703_CR28","doi-asserted-by":"crossref","unstructured":"Arp, D., Spreitzenbarth, M., Hubner, M., et al.: DREBIN: effective and explainable detection of android malware in your pocket. In: The 2014 Network and Distributed System Security Symposium (NDSS), pp. 1\u201312","DOI":"10.14722\/ndss.2014.23247"},{"issue":"1\u20132","key":"703_CR29","doi-asserted-by":"crossref","first-page":"61","DOI":"10.1007\/s11416-012-0162-3","volume":"8","author":"A Apvrille","year":"2012","unstructured":"Apvrille, A., Strazzere, T.: Reducing the window of opportunity for Android malware Gotta catch\u2019em all. J. Comput. Virol. 8(1\u20132), 61\u201371 (2012)","journal-title":"J. Comput. Virol."},{"key":"703_CR30","doi-asserted-by":"crossref","unstructured":"Wang, W., Wang, X., Feng, D., Liu, J., Han, Z., Zhang, X.: Exploring permission-induced risk in android applications for malicious application detection. IEEE Transactions on Information Forensics and Security 9, pp. 1869\u20131882 (2014)","DOI":"10.1109\/TIFS.2014.2353996"},{"key":"703_CR31","doi-asserted-by":"crossref","unstructured":"Liu X, Liu J, Wang W, Exploring sensor usage behaviors of Android applications based on data flow analysis. IPCCC, p 1-8, 2015","DOI":"10.1109\/PCCC.2015.7410335"},{"key":"703_CR32","doi-asserted-by":"crossref","unstructured":"Su, D., Wang, W., Wang, X., Liu, J.: Anomadroid: profiling Android applications\u2019 behaviors for identifying unknown malapps. 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom), 2016","DOI":"10.1109\/TrustCom.2016.0127"},{"key":"703_CR33","doi-asserted-by":"crossref","unstructured":"Liu, X., Zhu, S., Wang, W., Liu, J.: Alde: privacy risk analysis of analytics libraries in the android ecosystem. 12th EAI International Conference on Security and Privacy in Communication Networks (SecureComm), 2016","DOI":"10.1007\/978-3-319-59608-2_36"},{"key":"703_CR34","doi-asserted-by":"crossref","unstructured":"Spreitzenbarth, M., Freiling, F., Echtler, F., et al.: Mobile-sandbox: having a deeper look into android applications. Proceedings of the 28th Annual ACM Symposium on Applied Computing. ACM, pp. 1808-1815, 2013","DOI":"10.1145\/2480362.2480701"},{"key":"703_CR35","unstructured":"Monkeyrunner. https:\/\/developer.android.com\/studio\/test\/monkeyrunner\/index.html"},{"key":"703_CR36","unstructured":"Apvrille, A.: Apktool: a tool for reverse engineering android apk files. https:\/\/ibotpeaches.github.io\/Apktool\/"},{"key":"703_CR37","doi-asserted-by":"crossref","unstructured":"Ho, T.H., Dean, D., Gu, X., et al.: PREC: practical root exploit containment for android devices. Proceedings of the 4th ACM conference on data and application security and privacy. ACM, pp. 187-198, 2014","DOI":"10.1145\/2557547.2557563"},{"key":"703_CR38","unstructured":"Anzhi Market. http:\/\/www.anzhi.com"},{"key":"703_CR39","unstructured":"Virustotal. https:\/\/www.virustotal.com\/"},{"issue":"2","key":"703_CR40","doi-asserted-by":"crossref","first-page":"121","DOI":"10.1023\/A:1009715923555","volume":"2","author":"CJC Burges","year":"1998","unstructured":"Burges, C.J.C.: A tutorial on support vector machines for pattern recognition. Data Min. Knowl. Discov. 2(2), 121\u2013167 (1998)","journal-title":"Data Min. Knowl. Discov."},{"key":"703_CR41","volume-title":"C4.5: programs for machine learning","author":"J Quinlan","year":"1993","unstructured":"Quinlan, J.: C4.5: programs for machine learning. Morgan Kaufmann Publishers, Burlington (1993)"},{"key":"703_CR42","doi-asserted-by":"crossref","unstructured":"Wang, W., Gombault, S., Guyet, T.: Towards fast detecting intrusions: using key attributes of network traffic, Internet Monitoring and Protection, ICIMP\u201908. The Third International Conference on. IEEE , p 86\u201391, 2008","DOI":"10.1109\/ICIMP.2008.13"},{"issue":"6","key":"703_CR43","doi-asserted-by":"crossref","first-page":"374","DOI":"10.1049\/iet-ifs.2014.0353","volume":"9","author":"W Wang","year":"2015","unstructured":"Wang, W., He, Y., Liu, J., et al.: Constructing important features from massive network traffic for lightweight intrusion detection. IET Inf. Secur. 9(6), 374\u2013379 (2015)","journal-title":"IET Inf. Secur."},{"issue":"1","key":"703_CR44","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1023\/A:1010933404324","volume":"45","author":"L Breiman","year":"2001","unstructured":"Breiman, L.: Random forests. Mach. Learn. 45(1), 5\u201332 (2001)","journal-title":"Mach. Learn."},{"issue":"04","key":"703_CR45","first-page":"213","volume":"4","author":"H Thanh Le","year":"2013","unstructured":"Le Thanh, H.: Analysis of malware families on android mobiles: detection characteristics recognizable by ordinary phone users and how to fix it. J. Inf. Secur. 4(04), 213 (2013)","journal-title":"J. Inf. Secur."}],"container-title":["Cluster Computing"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10586-016-0703-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10586-016-0703-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10586-016-0703-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,13]],"date-time":"2025-06-13T22:46:45Z","timestamp":1749854805000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10586-016-0703-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,12,28]]},"references-count":45,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2018,3]]}},"alternative-id":["703"],"URL":"https:\/\/doi.org\/10.1007\/s10586-016-0703-5","relation":{},"ISSN":["1386-7857","1573-7543"],"issn-type":[{"value":"1386-7857","type":"print"},{"value":"1573-7543","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016,12,28]]}}}