{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,7]],"date-time":"2026-07-07T15:12:22Z","timestamp":1783437142672,"version":"3.54.6"},"reference-count":37,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2014,12,24]],"date-time":"2014-12-24T00:00:00Z","timestamp":1419379200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Empir Software Eng"],"published-print":{"date-parts":[[2016,2]]},"DOI":"10.1007\/s10664-014-9352-6","type":"journal-article","created":{"date-parts":[[2014,12,23]],"date-time":"2014-12-23T02:41:29Z","timestamp":1419302489000},"page":"183-211","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":103,"title":["Empirical assessment of machine learning-based malware detectors for Android"],"prefix":"10.1007","volume":"21","author":[{"given":"Kevin","family":"Allix","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Tegawend\u00e9 F.","family":"Bissyand\u00e9","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Quentin","family":"J\u00e9rome","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jacques","family":"Klein","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Radu","family":"State","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yves","family":"Le Traon","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2014,12,24]]},"reference":[{"key":"9352_CR1","doi-asserted-by":"crossref","unstructured":"Allix K, Bissyand\u00e9 TF, J\u00e9rome Q, Klein J, State R, Le Traon Y (2014a) Large-scale machine learning-based malware detection: confronting the \u201c10-fold cross validation\u201d scheme with reality. In: Proceedings of the 4th ACM conference on data and application security and privacy. ACM, New York, CODASPY \u201914, pp 163\u2013166. doi: 10.1145\/2557547.2557587","DOI":"10.1145\/2557547.2557587"},{"key":"9352_CR2","doi-asserted-by":"crossref","unstructured":"Allix K, J\u00e9rome Q, Bissyand\u00e9 TF, Klein J, State R, Le Traon Y (2014b) A forensic analysis of android malware: how is malware written and how it could be detected? In: Computer software and applications conference (COMPSAC)","DOI":"10.1109\/COMPSAC.2014.61"},{"key":"9352_CR3","doi-asserted-by":"crossref","unstructured":"Amos B, Turner H, White J (2013) Applying machine learning classifiers to dynamic android malware detection at scale. In: 2013 9th international wireless communications and mobile computing conference (IWCMC), pp 1666\u20131671. doi: 10.1109\/IWCMC.2013.6583806","DOI":"10.1109\/IWCMC.2013.6583806"},{"key":"9352_CR4","unstructured":"AndroGuard (2013) Apktool for reverse engineering android applications. https:\/\/code.google.com\/p\/androguard\/ . Accessed 09 Sep 2013"},{"key":"9352_CR5","unstructured":"AppBrain (2013a) Comparison of free and paid android apps. http:\/\/www.appbrain.com\/stats\/free-and-paid-android-applications . Accessed 09 Sep 2013"},{"key":"9352_CR6","unstructured":"AppBrain (2013b) Number of available android applications. http:\/\/www.appbrain.com\/stats\/number-of-android-apps . Accessed 09 Sep 2013"},{"issue":"1","key":"9352_CR7","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1023\/A:1010933404324","volume":"45","author":"L Breiman","year":"2001","unstructured":"Breiman L (2001) Random forests. Mach Learn 45(1):5\u201332","journal-title":"Mach Learn"},{"key":"9352_CR8","doi-asserted-by":"crossref","unstructured":"Canfora G, Mercaldo F, Visaggio CA (2013) A classifier of malicious android applications. In: 2013 eight international conference on availability, reliability and security (ARES)","DOI":"10.1109\/ARES.2013.80"},{"key":"9352_CR9","unstructured":"Cesare S, Xiang Y (2010) Classification of malware using structured control flow. In: Proceedings of the eighth Australasian symposium on parallel and distributed computing, vol 107. Australian Computer Society, Inc., Darlinghurst, Australia, AusPDC \u201910, pp 61\u201370"},{"key":"9352_CR10","doi-asserted-by":"crossref","unstructured":"Cohen WW (1995) Fast effective rule induction. In: Machine learning-international workshop then conference. Morgan Kaufmann Publishers, Inc., pp 115\u2013123","DOI":"10.1016\/B978-1-55860-377-6.50023-2"},{"issue":"3","key":"9352_CR11","first-page":"273","volume":"20","author":"C Cortes","year":"1995","unstructured":"Cortes C, Vapnik V (1995) Support-vector networks. Mach Learn 20(3):273\u2013297. doi: 10.1007\/BF00994018","journal-title":"Mach Learn"},{"key":"9352_CR12","doi-asserted-by":"crossref","unstructured":"Demme J, Maycock M, Schmitz J, Tang A, Waksman A, Sethumadhavan S, Stolfo S (2013) On the feasibility of online malware detection with performance counters. In: Proceedings of the 40th annual international symposium on computer architecture. ACM, New York, ISCA \u201913, pp 559\u2013570. doi: 10.1145\/2485922.2485970","DOI":"10.1145\/2485922.2485970"},{"key":"9352_CR13","unstructured":"Enck W, Octeau D, McDaniel P, Chaudhuri S (2011) A study of android application security. In: Proceedings of the 20th USENIX conference on security. USENIX Association, Berkeley, SEC\u201911, pp 21\u201321. http:\/\/dl.acm.org\/citation.cfm?id=2028067.2028088"},{"key":"9352_CR14","doi-asserted-by":"crossref","unstructured":"Felt AP, Finifter M, Chin E, Hanna S, Wagner D (2011) A survey of mobile malware in the wild. In: Proceedings of the 1st ACM workshop on security and privacy in smartphones and mobile devices. ACM, New York, SPSM \u201911, pp 3\u201314. doi: 10.1145\/2046614.2046618","DOI":"10.1145\/2046614.2046618"},{"key":"9352_CR15","unstructured":"Google (2012) Android and security (bouncer announcement). http:\/\/googlemobile.blogspot.fr\/2012\/02\/android-and-security.html . Accessed 14 June 2014"},{"issue":"1","key":"9352_CR16","doi-asserted-by":"crossref","first-page":"10","DOI":"10.1145\/1656274.1656278","volume":"11","author":"M Hall","year":"2009","unstructured":"Hall M, Frank E, Holmes G, Pfahringer B, Reutemann P, Witten IH (2009) The weka data mining software: an update. SIGKDD Explor Newsl 11(1):10\u201318. doi: 10.1145\/1656274.1656278","journal-title":"SIGKDD Explor Newsl"},{"issue":"9","key":"9352_CR17","doi-asserted-by":"crossref","first-page":"1263","DOI":"10.1109\/TKDE.2008.239","volume":"21","author":"H He","year":"2009","unstructured":"He H, Garcia E (2009) Learning from imbalanced data. IEEE Trans Knowl Data Eng 21(9):1263\u20131284. doi: 10.1109\/TKDE.2008.239","journal-title":"IEEE Trans Knowl Data Eng"},{"key":"9352_CR18","doi-asserted-by":"crossref","unstructured":"Henchiri O, Japkowicz N (2006) A feature selection and evaluation scheme for computer virus detection. In: Proceedings of the sixth international conference on data mining. IEEE Computer Society, Washington, DC, ICDM \u201906, pp 891\u2013895. doi: 10.1109\/ICDM.2006.4","DOI":"10.1109\/ICDM.2006.4"},{"key":"9352_CR19","doi-asserted-by":"crossref","unstructured":"Jacob A, Gokhale M (2007) Language classification using n-grams accelerated by fpga-based bloom filters. In: Proceedings of the 1st international workshop on high-performance reconfigurable computing technology and applications: held in conjunction with SC07. Reno, Nevada, HPRCTA \u201907, pp 31\u201337","DOI":"10.1145\/1328554.1328564"},{"key":"9352_CR20","doi-asserted-by":"crossref","unstructured":"Kephart JO (1994) A biologically inspired immune system for computers. In: Artificial life IV: proceedings of the fourth international workshop on the synthesis and simulation of living systems. MIT Press, pp 130\u2013139","DOI":"10.7551\/mitpress\/1428.003.0017"},{"key":"9352_CR21","first-page":"2721","volume":"7","author":"JZ Kolter","year":"2006","unstructured":"Kolter JZ, Maloof MA (2006) Learning to detect and classify malicious executables in the wild. J Mach Learn Res 7:2721\u20132744. http:\/\/dl.acm.org\/citation.cfm?id=1248547.1248646","journal-title":"J Mach Learn Res"},{"key":"9352_CR22","doi-asserted-by":"crossref","unstructured":"McLachlan G, Do KA, Ambroise C (2005) Analyzing microarray gene expression data, vol 422. Wiley.com","DOI":"10.1002\/047172842X"},{"issue":"14","key":"9352_CR23","doi-asserted-by":"crossref","first-page":"1941","DOI":"10.1016\/j.patrec.2008.06.016","volume":"29","author":"R Perdisci","year":"2008","unstructured":"Perdisci R, Lanzi A, Lee W (2008a) Classification of packed executables for accurate computer virus detection. Pattern Recogn Lett 29(14):1941\u20131946. http:\/\/www.sciencedirect.com\/science\/article\/pii\/S0167865508002110","journal-title":"Pattern Recogn Lett"},{"key":"9352_CR24","doi-asserted-by":"crossref","unstructured":"Perdisci R, Lanzi A, Lee W (2008b) Mcboost: boosting scalability in malware collection and analysis using statistical classification of executables. In: Computer security applications conference, 2008. ACSAC 2008. Annual, pp 301\u2013310. doi: 10.1109\/ACSAC.2008.22","DOI":"10.1109\/ACSAC.2008.22"},{"key":"9352_CR25","doi-asserted-by":"crossref","unstructured":"Pieterse H, Olivier M (2012) Android botnets on the rise: trends and characteristics. In: Information security for South Africa (ISSA), 2012, pp 1\u20135. doi: 10.1109\/ISSA.2012.6320432","DOI":"10.1109\/ISSA.2012.6320432"},{"key":"9352_CR26","unstructured":"Pouik G (2012) Similarities for fun & profit. Phrack 14(68). http:\/\/www.phrack.org\/issues.html?id=15&issue=68"},{"key":"9352_CR27","unstructured":"Quinlan JR (1993) C4.5: programs for machine learning, vol 1. Morgan Kaufmann"},{"key":"9352_CR28","doi-asserted-by":"crossref","unstructured":"Rossow C, Dietrich C, Grier C, Kreibich C, Paxson V, Pohlmann N, Bos H, van Steen M (2012) Prudent practices for designing malware experiments: status quo and outlook. In: 2012 IEEE symposium on security and privacy (SP), pp 65\u201379. doi: 10.1109\/SP.2012.14","DOI":"10.1109\/SP.2012.14"},{"key":"9352_CR29","doi-asserted-by":"crossref","unstructured":"Sahs J, Khan L (2012) A machine learning approach to android malware detection. In: 2012 European intelligence and security informatics conference (EISIC). IEEE, pp 141\u2013147. doi: 10.1109\/EISIC.2012.34","DOI":"10.1109\/EISIC.2012.34"},{"key":"9352_CR30","doi-asserted-by":"crossref","unstructured":"Santos I, Penya YK, Devesa J, Bringas PG (2009) N-grams-based file signatures for malware detection. In: ICEIS, pp 317\u2013320","DOI":"10.5220\/0001863603170320"},{"key":"9352_CR31","doi-asserted-by":"crossref","unstructured":"Schultz M, Eskin E, Zadok E, Stolfo S (2001) Data mining methods for detection of new malicious executables. In: Proceedings 2001 IEEE symposium on security and privacy, 2001. S P 2001, pp 38\u201349. doi: 10.1109\/SECPRI.2001.924286","DOI":"10.1109\/SECPRI.2001.924286"},{"key":"9352_CR32","first-page":"949","volume":"98888","author":"G Tahan","year":"2012","unstructured":"Tahan G, Rokach L, Shahar Y (2012) Mal-id: automatic malware detection using common segment analysis and meta-features. J Mach Learn Res 98888:949\u2013979","journal-title":"J Mach Learn Res"},{"key":"9352_CR33","doi-asserted-by":"crossref","unstructured":"Van Hulse J, Khoshgoftaar TM, Napolitano A (2007) Experimental perspectives on learning from imbalanced data. In: Proceedings of the 24th international conference on machine learning. ACM, New York, ICML \u201907, pp 935\u2013942. doi: 10.1145\/1273496.1273614","DOI":"10.1145\/1273496.1273614"},{"key":"9352_CR34","doi-asserted-by":"crossref","unstructured":"Wu DJ, Mao CH, Wei TE, Lee HM, Wu KP (2012) Droidmat: Android malware detection through manifest and api calls tracing. In: 2012 seventh Asia joint conference on information security (Asia JCIS), pp 62\u201369. doi: 10.1109\/AsiaJCIS.2012.18","DOI":"10.1109\/AsiaJCIS.2012.18"},{"key":"9352_CR35","doi-asserted-by":"crossref","unstructured":"Yerima S, Sezer S, McWilliams G, Muttik I (2013) A new android malware detection approach using bayesian classification. In: 2013 IEEE 27th international conference on advanced information networking and applications (AINA), pp 121\u2013128. doi: 10.1109\/AINA.2013.88","DOI":"10.1109\/AINA.2013.88"},{"key":"9352_CR36","doi-asserted-by":"crossref","unstructured":"Zhang B, Yin J, Hao J, Zhang D, Wang S (2007) Malicious codes detection based on ensemble learning. In: Proceedings of the 4th international conference on autonomic and trusted computing. Springer, Berlin, Heidelberg, ATC\u201907, pp 468\u2013477","DOI":"10.1007\/978-3-540-73547-2_48"},{"key":"9352_CR37","doi-asserted-by":"crossref","unstructured":"Zhou Y, Jiang X (2012) Dissecting android malware: characterization and evolution. In: Proceedings of the 2012 IEEE symposium on security and privacy. IEEE Computer Society, Washington, DC, SP \u201912, pp 95\u2013109. doi: 10.1109\/SP.2012.16","DOI":"10.1109\/SP.2012.16"}],"container-title":["Empirical Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10664-014-9352-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10664-014-9352-6\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10664-014-9352-6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,6,6]],"date-time":"2024-06-06T01:54:06Z","timestamp":1717638846000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10664-014-9352-6"}},"subtitle":["Measuring the gap between in-the-lab and in-the-wild validation scenarios"],"short-title":[],"issued":{"date-parts":[[2014,12,24]]},"references-count":37,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2016,2]]}},"alternative-id":["9352"],"URL":"https:\/\/doi.org\/10.1007\/s10664-014-9352-6","relation":{},"ISSN":["1382-3256","1573-7616"],"issn-type":[{"value":"1382-3256","type":"print"},{"value":"1573-7616","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014,12,24]]}}}