{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,18]],"date-time":"2026-03-18T13:34:27Z","timestamp":1773840867737,"version":"3.50.1"},"reference-count":139,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2021,5,24]],"date-time":"2021-05-24T00:00:00Z","timestamp":1621814400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2021,5,24]],"date-time":"2021-05-24T00:00:00Z","timestamp":1621814400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Empir Software Eng"],"published-print":{"date-parts":[[2021,7]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>A well-known curse of computer security research is that it often produces systems that, while technically sound, fail operationally. To overcome this curse, the community generally seeks to assess proposed systems under a variety of settings in order to make explicit every potential bias. In this respect, recently, research achievements on machine learning based malware detection are being considered for thorough evaluation by the community. Such an effort of comprehensive evaluation supposes first and foremost the possibility to perform an independent reproduction study in order to sharpen evaluations presented by approaches\u2019 authors. The question <jats:italic>Can published approaches actually be reproduced?<\/jats:italic> thus becomes paramount despite the little interest such mundane and practical aspects seem to attract in the malware detection field. In this paper, we attempt a complete reproduction of five Android Malware Detectors from the literature and discuss to what extent they are \u201creproducible\u201d. Notably, we provide insights on the implications around the guesswork that may be required to finalise a working implementation. Finally, we discuss how barriers to reproduction could be lifted, and how the malware detection field would benefit from stronger reproducibility standards\u2014like many various fields already have.<\/jats:p>","DOI":"10.1007\/s10664-021-09955-7","type":"journal-article","created":{"date-parts":[[2021,5,24]],"date-time":"2021-05-24T10:02:43Z","timestamp":1621850563000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":21,"title":["Lessons Learnt on Reproducibility in Machine Learning Based Android Malware Detection"],"prefix":"10.1007","volume":"26","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1437-667X","authenticated-orcid":false,"given":"Nadia","family":"Daoudi","sequence":"first","affiliation":[]},{"given":"Kevin","family":"Allix","sequence":"additional","affiliation":[]},{"given":"Tegawend\u00e9 F.","family":"Bissyand\u00e9","sequence":"additional","affiliation":[]},{"given":"Jacques","family":"Klein","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,5,24]]},"reference":[{"key":"9955_CR1","doi-asserted-by":"crossref","unstructured":"Aafer Y, Du W, Yin H (2013) Droidapiminer: Mining api-level features for robust malware detection in android. In: Zia T, Zomaya A, Varadharajan V, Mao M (eds) Security and privacy in communication networks. Springer International Publishing, Cham, pp 86\u2013103","DOI":"10.1007\/978-3-319-04283-1_6"},{"key":"9955_CR2","doi-asserted-by":"publisher","unstructured":"Abaid Z, Kaafar MA, Jha S (2017) Quantifying the impact of adversarial evasion attacks on machine learning based android malware classifiers. In: 2017 IEEE 16th international symposium on network computing and applications (NCA), pp 1\u201310. https:\/\/doi.org\/10.1109\/NCA.2017.8171381","DOI":"10.1109\/NCA.2017.8171381"},{"key":"9955_CR3","doi-asserted-by":"crossref","unstructured":"Abdul Kadir AF, Stakhanova N, Ghorbani AA (2015) Android botnets: What urls are telling us. In: Qiu M, Xu S, Yung M, Zhang H (eds) Network and system security. Springer International Publishing, Cham, pp 78\u201391","DOI":"10.1007\/978-3-319-25645-0_6"},{"key":"9955_CR4","doi-asserted-by":"publisher","unstructured":"Allix K, Bissyand\u00e9 TF, Klein J, Le Traon Y (2015) Are your training datasets yet relevant? In: Piessens F, Caballero J, Bielova N (eds) Engineering Secure Software and Systems. Springer International Publishing, Cham, pp 51\u201367. https:\/\/doi.org\/10.1007\/978-3-319-15618-7_5","DOI":"10.1007\/978-3-319-15618-7_5"},{"issue":"1","key":"9955_CR5","doi-asserted-by":"publisher","first-page":"183","DOI":"10.1007\/s10664-014-9352-6","volume":"21","author":"K Allix","year":"2016","unstructured":"Allix K, Bissyand\u00e9 TF, J\u00e9rome Q, Klein J, State R, Le Traon Y (2016a) Empirical assessment of machine learning-based malware detectors for android. Empir Softw Eng 21(1):183\u2013211. https:\/\/doi.org\/10.1007\/s10664-014-9352-6","journal-title":"Empir Softw Eng"},{"key":"9955_CR6","doi-asserted-by":"publisher","unstructured":"Allix K, Bissyand\u00e9 TF, Klein J, Le Traon Y (2016b) Androzoo: Collecting millions of android apps for the research community. In: Proceedings of the 13th international conference on mining software repositories, ACM, New York, NY, USA, MSR \u201916, pp 468\u2013471. https:\/\/doi.org\/10.1145\/2901739.2903508","DOI":"10.1145\/2901739.2903508"},{"key":"9955_CR7","doi-asserted-by":"crossref","unstructured":"Arp D, Spreitzenbarth M, H\u00fcbner M, Gascon H, Rieck K (2014) Drebin: Efficient and explainable detection of android malware in your pocket. In: Proceedings of the ISOC network and distributed system security symposium (NDSS), San Diego, CA","DOI":"10.14722\/ndss.2014.23247"},{"issue":"6","key":"9955_CR8","doi-asserted-by":"publisher","first-page":"259","DOI":"10.1145\/2666356.2594299","volume":"49","author":"S Arzt","year":"2014","unstructured":"Arzt S, Rasthofer S, Fritz C, Bodden E, Bartel A, Klein J, Le Traon Y, Octeau D, McDaniel P (2014) Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. Acm Sigplan Notices 49(6):259\u2013269","journal-title":"Acm Sigplan Notices"},{"key":"9955_CR9","unstructured":"Association for Computer Machinery (2020) Artifact review and badging. https:\/\/www.acm.org\/publications\/policies\/artifact-review-and-badging-current, Accessed 30 Oct 2020"},{"key":"9955_CR10","doi-asserted-by":"publisher","unstructured":"Au KWY, Zhou YF, Huang Z, Lie D (2012) Pscout: Analyzing the android permission specification. In: Proceedings of the 2012 ACM conference on computer and communications security, association for computing machinery, New York, NY, USA, CCS \u201912, pp 217\u2013228. https:\/\/doi.org\/10.1145\/2382196.2382222","DOI":"10.1145\/2382196.2382222"},{"key":"9955_CR11","doi-asserted-by":"publisher","unstructured":"Avdiienko V, Kuznetsov K, Gorla A, Zeller A, Arzt S, Rasthofer S, Bodden E (2015) Mining apps for abnormal usage of sensitive data. In: 2015 IEEE\/ACM 37th IEEE international conference on software engineering, vol 1, pp 426\u2013436. https:\/\/doi.org\/10.1109\/ICSE.2015.61","DOI":"10.1109\/ICSE.2015.61"},{"key":"9955_CR12","doi-asserted-by":"publisher","first-page":"452","DOI":"10.1038\/533452a","volume":"533","author":"M Baker","year":"2016","unstructured":"Baker M (2016) 1,500 scientists lift the lid on reproducibility. Nature 533:452\u2013454","journal-title":"Nature"},{"key":"9955_CR13","unstructured":"Balzarotti D, Cova M, Karlberger C, Kirda E, Kruegel C, Vigna G (2010) Efficient detection of split personalities in malware. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2010, San Diego, California, USA, 28th February - 3rd March 2010, The Internet Society. https:\/\/www.ndss-symposium.org\/ndss2010\/efficient-detection-split-personalities-malware"},{"key":"9955_CR14","doi-asserted-by":"publisher","unstructured":"Bartel A, Klein J, Le Traon Y, Monperrus M (2012) Dexpler: Converting android dalvik bytecode to jimple for static analysis with soot. In: Proceedings of the ACM SIGPLAN international workshop on state of the art in java program analysis, association for computing machinery, New York, NY, USA, SOAP \u201912, pp 27\u201338. https:\/\/doi.org\/10.1145\/2259051.2259056","DOI":"10.1145\/2259051.2259056"},{"key":"9955_CR15","unstructured":"Bayens C, Le T, Garcia L, Beyah R, Javanmard M, Zonouz S (2017) See no evil, hear no evil, feel no evil, print no evil? malicious fill pattern detection in additive manufacturing. In: Proceedings of the 26th USENIX Conference on Security Symposium, USENIX Association, USA, SEC\u201917, pp 1181\u20131198"},{"issue":"1","key":"9955_CR16","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1023\/A:1010933404324","volume":"45","author":"L Breiman","year":"2001","unstructured":"Breiman L (2001) Random forests. Mach Learn 45(1):5\u201332. https:\/\/doi.org\/10.1023\/A:1010933404324","journal-title":"Mach Learn"},{"issue":"6","key":"9955_CR17","doi-asserted-by":"publisher","first-page":"787","DOI":"10.1177\/1091142110385210","volume":"38","author":"LE Burman","year":"2010","unstructured":"Burman LE, Reed WR, Alm J (2010) A call for replication studies. Public Finance Rev 38(6):787\u2013793","journal-title":"Public Finance Rev"},{"key":"9955_CR18","doi-asserted-by":"publisher","unstructured":"Cai H (2020) Assessing and improving malware detection sustainability through app evolution studies. ACM Trans Softw Eng Methodol 29(2) https:\/\/doi.org\/10.1145\/3371924","DOI":"10.1145\/3371924"},{"issue":"6","key":"9955_CR19","doi-asserted-by":"publisher","first-page":"1455","DOI":"10.1109\/TIFS.2018.2879302","volume":"14","author":"H Cai","year":"2019","unstructured":"Cai H, Meng N, Ryder B, Yao D (2019) Droidcat: Effective android malware detection and categorization via app-level profiling. IEEE Trans Inform Forens Secur 14(6):1455\u20131470","journal-title":"IEEE Trans Inform Forens Secur"},{"issue":"12","key":"9955_CR20","doi-asserted-by":"publisher","first-page":"1230","DOI":"10.1109\/TSE.2018.2834344","volume":"45","author":"G Canfora","year":"2019","unstructured":"Canfora G, Martinelli F, Mercaldo F, Nardone V, Santone A, Visaggio CA (2019) Leila: Formal tool for identifying mobile malicious behaviour. IEEE Trans Softw Eng 45(12):1230\u20131252","journal-title":"IEEE Trans Softw Eng"},{"issue":"4","key":"9955_CR21","doi-asserted-by":"publisher","first-page":"799","DOI":"10.1109\/TIFS.2015.2510825","volume":"11","author":"L Caviglione","year":"2016","unstructured":"Caviglione L, Gaggero M, Lalande J, Mazurczyk W, Urba\u0144ski M (2016) Seeing the unseen: Revealing mobile malware hidden communications via energy consumption and artificial intelligence. IEEE Trans Inform Forens Secur 11(4):799\u2013810","journal-title":"IEEE Trans Inform Forens Secur"},{"key":"9955_CR22","doi-asserted-by":"crossref","unstructured":"Chandramohan M, Tan HBK, Briand LC, Shar LK, Padmanabhuni BM (2013) A scalable approach for malware detection through bounded feature space behavior modeling. In: 2013 28th IEEE\/ACM international conference on automated software engineering (ASE), pp 312\u2013322","DOI":"10.1109\/ASE.2013.6693090"},{"key":"9955_CR23","doi-asserted-by":"publisher","unstructured":"Chen S, Xue M, Tang Z, Xu L, Zhu H (2016) Stormdroid: A streaminglized machine learning-based system for detecting android malware. In: Proceedings of the 11th ACM on Asia conference on computer and communications security, ACM, New York, NY, USA, ASIA CCS \u201916, pp 377\u2013388. https:\/\/doi.org\/10.1145\/2897845.2897860","DOI":"10.1145\/2897845.2897860"},{"key":"9955_CR24","doi-asserted-by":"publisher","first-page":"326","DOI":"10.1016\/j.cose.2017.11.007","volume":"73","author":"S Chen","year":"2018","unstructured":"Chen S, Xue M, Fan L, Hao S, Xu L, Zhu H, Li B (2018) Automated poisoning attacks and defenses in malware detection systems: An adversarial machine learning approach. Comput Secur 73:326\u2013344. https:\/\/doi.org\/10.1016\/j.cose.2017.11.007. http:\/\/www.sciencedirect.com\/science\/article\/pii\/S0167404817302444","journal-title":"Comput Secur"},{"key":"9955_CR25","doi-asserted-by":"publisher","unstructured":"Chen S, Xue M, Fan L, Ma L, Liu Y, Xu L (2019) How can we craft large-scale android malware? an automated poisoning attack. In: 2019 IEEE 1st international workshop on artificial intelligence for mobile (AI4Mobile), pp 21\u201324. https:\/\/doi.org\/10.1109\/AI4Mobile.2019.8672691","DOI":"10.1109\/AI4Mobile.2019.8672691"},{"issue":"1040","key":"9955_CR26","doi-asserted-by":"publisher","first-page":"20140016","DOI":"10.1259\/bjr.20140016","volume":"87","author":"W Chen","year":"2014","unstructured":"Chen W, Samuelson FW (2014) The average receiver operating characteristic curve in multireader multicase imaging studies. British J Radiol 87 (1040):20140016. https:\/\/doi.org\/10.1259\/bjr.20140016","journal-title":"British J Radiol"},{"key":"9955_CR27","unstructured":"Curtsinger C, Livshits B, Zorn BG, Seifert C (2011) ZOZZLE: fast and precise in-browser javascript malware detection. In: 20th USENIX security symposium, San Francisco, CA, USA, August 8-12, 2011, Proceedings, USENIX Association. http:\/\/static.usenix.org\/events\/sec11\/tech\/full_papers\/Curtsinger.pdf"},{"issue":"2","key":"9955_CR28","doi-asserted-by":"publisher","first-page":"289","DOI":"10.1109\/TIFS.2015.2491300","volume":"11","author":"S Das","year":"2016","unstructured":"Das S, Liu Y, Zhang W, Chandramohan M (2016) Semantics-based online malware detection: Towards efficient real-time protection against malware. IEEE Trans Inform Forens Secur 11(2):289\u2013302","journal-title":"IEEE Trans Inform Forens Secur"},{"issue":"4","key":"9955_CR29","doi-asserted-by":"publisher","first-page":"711","DOI":"10.1109\/TDSC.2017.2700270","volume":"16","author":"A Demontis","year":"2019","unstructured":"Demontis A, Melis M, Biggio B, Maiorca D, Arp D, Rieck K, Corona I, Giacinto G, Roli F (2019) Yes, machine learning can be more secure! a case study on android malware detection. IEEE Trans Dependable Secure Comput 16(4):711\u2013724. https:\/\/doi.org\/10.1109\/TDSC.2017.2700270","journal-title":"IEEE Trans Dependable Secure Comput"},{"key":"9955_CR30","unstructured":"Desnos A, Gueguen G (2011) Android: From reversing to decompilation. Black Hat Abu Dhabi https:\/\/media.blackhat.com\/bh-ad-11\/Desnos\/bh-ad-11-DesnosGueguen-Andriod-Reversing_to_Decompilation_WP.pdf"},{"issue":"12","key":"9955_CR31","doi-asserted-by":"publisher","first-page":"2965","DOI":"10.1109\/TIFS.2018.2833292","volume":"13","author":"P Du","year":"2018","unstructured":"Du P, Sun Z, Chen H, Cho J, Xu S (2018) Statistical estimation of malware detection metrics in the absence of ground truth. IEEE Trans Inform Forens Secur 13(12):2965\u20132980","journal-title":"IEEE Trans Inform Forens Secur"},{"issue":"2","key":"9955_CR32","first-page":"164","volume":"12","author":"M Duvendack","year":"2015","unstructured":"Duvendack M, Palmer-Jones RW, Reed WR, et al. (2015) Replications in economics: A progress report. Econ Journal Watch 12(2):164\u2013191","journal-title":"Econ Journal Watch"},{"issue":"8","key":"9955_CR33","doi-asserted-by":"publisher","first-page":"1890","DOI":"10.1109\/TIFS.2018.2806891","volume":"13","author":"M Fan","year":"2018","unstructured":"Fan M, Liu J, Luo X, Chen K, Tian Z, Zheng Q, Liu T (2018) Android malware familial classification and representative sample selection via frequent subgraph analysis. IEEE Trans Inform Forens Secur 13(8):1890\u20131905","journal-title":"IEEE Trans Inform Forens Secur"},{"key":"9955_CR34","doi-asserted-by":"publisher","unstructured":"Fan M, Luo X, Liu J, Wang M, Nong C, Zheng Q, Liu T (2019) Graph embedding based familial analysis of android malware using unsupervised learning. In: Proceedings of the 41st international conference on software engineering, IEEE Press, ICSE \u201919, pp 771\u2013782. https:\/\/doi.org\/10.1109\/ICSE.2019.00085","DOI":"10.1109\/ICSE.2019.00085"},{"key":"9955_CR35","doi-asserted-by":"publisher","unstructured":"Fan Y, Hou S, Zhang Y, Ye Y, Abdulhayoglu M (2018) Gotcha - sly malware! scorpion a metagraph2vec based malware detection system. In: Proceedings of the 24th ACM SIGKDD international conference on knowledge discovery & data mining, association for computing machinery, New York, NY, USA, KDD \u201918, pp 253\u2013262. https:\/\/doi.org\/10.1145\/3219819.3219862","DOI":"10.1145\/3219819.3219862"},{"key":"9955_CR36","doi-asserted-by":"publisher","unstructured":"Feng Y, Anand S, Dillig I, Aiken A (2014) Apposcopy: Semantics-based detection of android malware through static analysis. In: Proceedings of the 22nd ACM SIGSOFT international symposium on foundations of software engineering, association for computing machinery, New York, NY, USA, FSE, vol 2014, pp 576\u2013587. https:\/\/doi.org\/10.1145\/2635868.2635869","DOI":"10.1145\/2635868.2635869"},{"key":"9955_CR37","unstructured":"Fokkens A, van Erp M, Postma M, Pedersen T, Vossen P, Freire N (2013) Offspring from reproduction problems: What replication failure teaches us. In: Proceedings of the 51st annual meeting of the association for computational linguistics (vol 1: Long Papers), Association for Computational Linguistics, Sofia, Bulgaria, pp 1691\u20131701. https:\/\/www.aclweb.org\/anthology\/P13-1166"},{"issue":"3","key":"9955_CR38","doi-asserted-by":"publisher","first-page":"215","DOI":"10.1016\/0378-8733(78)90021-7","volume":"1","author":"LC Freeman","year":"1978","unstructured":"Freeman LC (1978) Centrality in social networks conceptual clarification. Soc Netw 1(3):215\u2013239","journal-title":"Soc Netw"},{"key":"9955_CR39","doi-asserted-by":"publisher","unstructured":"Gao S, Li Z, Yao Y, Xiao B, Guo S, Yang Y (2018) Software-defined firewall: Enabling malware traffic detection and programmable security control. In: Proceedings of the 2018 on asia conference on computer and communications security, association for computing machinery, New York, NY, USA, ASIACCS \u201918, pp 413\u2013424. https:\/\/doi.org\/10.1145\/3196494.3196519","DOI":"10.1145\/3196494.3196519"},{"key":"9955_CR40","doi-asserted-by":"publisher","unstructured":"Garcia J, Hammad M, Malek S (2018) Lightweight, obfuscation-resilient detection and family identification of android malware. ACM Trans Softw Eng Methodol 26(3) https:\/\/doi.org\/10.1145\/3162625","DOI":"10.1145\/3162625"},{"key":"9955_CR41","doi-asserted-by":"publisher","unstructured":"Gascon H, Yamaguchi F, Arp D, Rieck K (2013) Structural detection of android malware using embedded call graphs. In: Proceedings of the 2013 ACM workshop on artificial intelligence and security, ACM, New York, NY, USA, AISec \u201913, pp 45\u201354. https:\/\/doi.org\/10.1145\/2517312.2517315","DOI":"10.1145\/2517312.2517315"},{"key":"9955_CR42","doi-asserted-by":"publisher","unstructured":"Gong L, Li Z, Qian F, Zhang Z, Chen QA, Qian Z, Lin H, Liu Y (2020) Experiences of landing machine learning onto market-scale mobile malware detection. In: Proceedings of the Fifteenth european conference on computer systems, association for computing machinery, New York, NY, USA, EuroSys \u201920. https:\/\/doi.org\/10.1145\/3342195.3387530","DOI":"10.1145\/3342195.3387530"},{"key":"9955_CR43","doi-asserted-by":"crossref","unstructured":"Gundersen OE, Kjensmo S (2018) State of the art: Reproducibility in artificial intelligence. In: McIlraith S, Weinberger K (eds) Proceedings of the 32nd AAAI conference on artificial intelligence (AAAI-18), association for the advancement of artificial intelligence","DOI":"10.1609\/aaai.v32i1.11503"},{"key":"9955_CR44","doi-asserted-by":"publisher","unstructured":"Hammad M, Garcia J, Malek S (2018) A large-scale empirical study on the effects of code obfuscations on android apps and anti-malware products. In: Proceedings of the 40th international conference on software engineering, association for computing machinery, New York, NY, USA, ICSE \u201918, pp 421\u2013431. https:\/\/doi.org\/10.1145\/3180155.3180228","DOI":"10.1145\/3180155.3180228"},{"issue":"4","key":"9955_CR45","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1109\/5254.708428","volume":"13","author":"MA Hearst","year":"1998","unstructured":"Hearst MA, Dumais ST, Osuna E, Platt J, Scholkopf B (1998) Support vector machines. IEEE Intell Syst Appl 13(4):18\u201328. https:\/\/doi.org\/10.1109\/5254.708428","journal-title":"IEEE Intell Syst Appl"},{"key":"9955_CR46","doi-asserted-by":"publisher","unstructured":"Hou S, Ye Y, Song Y, Abdulhayoglu M (2017) Hindroid: An intelligent android malware detection system based on structured heterogeneous information network. In: Proceedings of the 23rd ACM SIGKDD international conference on knowledge discovery and data mining, association for computing machinery, New York, NY, USA, KDD \u201917, pp 1507\u20131515. https:\/\/doi.org\/10.1145\/3097983.3098026","DOI":"10.1145\/3097983.3098026"},{"key":"9955_CR47","doi-asserted-by":"publisher","unstructured":"Hou S, Ye Y, Song Y, Abdulhayoglu M (2018) Make evasion harder: An intelligent android malware detection system. In: Proceedings of the twenty-seventh international joint conference on artificial intelligence, IJCAI-18, International joint conferences on artificial intelligence organization, pp 5279\u20135283. https:\/\/doi.org\/10.24963\/ijcai.2018\/737","DOI":"10.24963\/ijcai.2018\/737"},{"issue":"6377","key":"9955_CR48","doi-asserted-by":"publisher","first-page":"725","DOI":"10.1126\/science.359.6377.725","volume":"359","author":"M Hutson","year":"2018","unstructured":"Hutson M (2018) Artificial intelligence faces reproducibility crisis. Science 359(6377):725\u2013726. https:\/\/doi.org\/10.1126\/science.359.6377.725, https:\/\/science.sciencemag.org\/content\/359\/6377\/725","journal-title":"Science"},{"key":"9955_CR49","unstructured":"Islam R, Henderson P, Gomrokchi M, Precup D (2017) Reproducibility of benchmarked deep reinforcement learning tasks for continuous control. In: Reproducibility in machine learning workshop (ICML). arXiv:1708.04133.pdf"},{"key":"9955_CR50","doi-asserted-by":"publisher","unstructured":"Jerome Q, Allix K, State R, Engel T (2014) Using opcode-sequences to detect malicious android applications. In: 2014 IEEE international conference on communications (ICC), pp 914\u2013919 https:\/\/doi.org\/10.1109\/ICC.2014.6883436","DOI":"10.1109\/ICC.2014.6883436"},{"key":"9955_CR51","unstructured":"Jordaney R, Wang Z, Papini D, Nouretdinov I, Cavallaro L (2016) Misleading metrics: On evaluating machine learning for malware with confidence"},{"key":"9955_CR52","unstructured":"Jordaney R, Sharad K, Dash SK, Wang Z, Papini D, Nouretdinov I, Cavallaro L (2017) Transcend: Detecting concept drift in malware classification models. In: Proceedings of the 26th USENIX conference on security symposium, USENIX Association, USA, SEC\u201917, pp 625\u2013642"},{"key":"#cr-split#-9955_CR53.1","unstructured":"Kapravelos A, Shoshitaishvili Y, Cova M, Kruegel C, Vigna G (2013) Revolver: An automated approach to the detection of evasive web-based malware. In: King ST"},{"key":"#cr-split#-9955_CR53.2","unstructured":"(ed) Proceedings of the 22th USENIX Security Symposium, Washington, DC, USA, August 14-16, 2013, USENIX Association, pp 637-652. https:\/\/www.usenix.org\/conference\/usenixsecurity13\/technical-sessions\/presentation\/kapravelos"},{"issue":"1","key":"9955_CR54","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1007\/BF02289026","volume":"18","author":"L Katz","year":"1953","unstructured":"Katz L (1953) A new status index derived from sociometric analysis. Psychometrika 18(1):39\u201343","journal-title":"Psychometrika"},{"key":"9955_CR55","first-page":"98","volume":"10","author":"K Khatter","year":"2015","unstructured":"Khatter K, Malik S (2015) Androdata: a tool for static & dynamic feature extraction of android apps. Int J Appl Eng Res 10:98\u2013102","journal-title":"Int J Appl Eng Res"},{"issue":"3","key":"9955_CR56","doi-asserted-by":"publisher","first-page":"773","DOI":"10.1109\/TIFS.2018.2866319","volume":"14","author":"T Kim","year":"2019","unstructured":"Kim T, Kang B, Rho M, Sezer S, Im EG (2019) A multimodal deep learning method for android malware detection using various features. IEEE Trans Inform Forens Secur 14(3):773\u2013788","journal-title":"IEEE Trans Inform Forens Secur"},{"issue":"3","key":"9955_CR57","doi-asserted-by":"publisher","first-page":"444","DOI":"10.2307\/420301","volume":"28","author":"G King","year":"1995","unstructured":"King G (1995) Replication, replication. PS: Polit Sci Polit 28 (3):444\u2013452. https:\/\/doi.org\/10.2307\/420301","journal-title":"PS: Polit Sci Polit"},{"key":"9955_CR58","unstructured":"Kirat D, Vigna G, Kruegel C (2014) Barecloud: Bare-metal analysis-based evasive malware detection. In: Proceedings of the 23rd USENIX conference on security symposium, USENIX association, USA, SEC\u201914, pp 287\u2013301"},{"key":"9955_CR59","unstructured":"Kolbitsch C, Comparetti PM, Kruegel C, Kirda E, Zhou X, Wang X (2009) 18th USENIX security symposium, Montreal, Canada, August 10-14, 2009, Proceedings, USENIX Association. In: Monrose F (ed), pp 351\u2013366. http:\/\/www.usenix.org\/events\/sec09\/tech\/full_papers\/kolbitsch.pdf"},{"key":"9955_CR60","doi-asserted-by":"publisher","unstructured":"Kolbitsch C, Kirda E, Kruegel C (2011) The power of procrastination: Detection and mitigation of execution-stalling malicious code. In: Proceedings of the 18th ACM conference on computer and communications security, association for computing machinery, New York, NY, USA, CCS \u201911, pp 285\u2013296. https:\/\/doi.org\/10.1145\/2046707.2046740","DOI":"10.1145\/2046707.2046740"},{"key":"9955_CR61","doi-asserted-by":"publisher","unstructured":"Kong D, Yan G (2013) Discriminant malware distance learning on structural information for automated malware classification. In: Proceedings of the 19th ACM SIGKDD international conference on knowledge discovery and data mining, association for computing machinery, New York, NY, USA, KDD \u201913, pp 1357\u20131365. https:\/\/doi.org\/10.1145\/2487575.2488219","DOI":"10.1145\/2487575.2488219"},{"key":"9955_CR62","doi-asserted-by":"crossref","unstructured":"Van der Kouwe E, Heiser G, Andriesse D, Bos H, Giuffrida C (2019) Sok: Benchmarking flaws in systems security. In: European Conference on Security and Privacy (EuroS&P) . IEEE, Stockholm","DOI":"10.1109\/EuroSP.2019.00031"},{"key":"9955_CR63","unstructured":"Lam P, Bodden E, Lhot\u00e1k O, Hendren L (2011) The Soot framework for Java program analysis: A retrospective. In: Cetus Users and Compiler Infrastructure Workshop, Galveston Island, TX"},{"issue":"6","key":"9955_CR64","doi-asserted-by":"publisher","first-page":"1269","DOI":"10.1109\/TIFS.2017.2656460","volume":"12","author":"L Li","year":"2017","unstructured":"Li L, Li D, Bissyand\u00e9 TF, Klein J, Le Traon Y, Lo D, Cavallaro L (2017) Understanding android app piggybacking: A systematic study of malicious code grafting. IEEE Trans Inform Forens Secur 12(6):1269\u20131284","journal-title":"IEEE Trans Inform Forens Secur"},{"issue":"11","key":"9955_CR65","doi-asserted-by":"publisher","first-page":"1906","DOI":"10.1109\/TIFS.2014.2357251","volume":"9","author":"X Ma","year":"2014","unstructured":"Ma X, Zhang J, Tao J, Li J, Tian J, Guan X (2014) Dnsradar: Outsourcing malicious domain detection based on distributed cache-footprints. IEEE Trans Inform Forens Secur 9(11):1906\u20131921","journal-title":"IEEE Trans Inform Forens Secur"},{"key":"9955_CR66","doi-asserted-by":"publisher","unstructured":"Maiorca D, Corona I, Giacinto G (2013) Looking at the bag is not enough to find the bomb: An evasion of structural methods for malicious pdf files detection. In: Proceedings of the 8th ACM SIGSAC symposium on information, computer and communications security, association for computing machinery, New York, NY, USA, ASIA CCS \u201913, pp 119\u2013130. https:\/\/doi.org\/10.1145\/2484313.2484327","DOI":"10.1145\/2484313.2484327"},{"issue":"3-4","key":"9955_CR67","doi-asserted-by":"publisher","first-page":"539","DOI":"10.1016\/S0378-4371(00)00311-3","volume":"285","author":"M Marchiori","year":"2000","unstructured":"Marchiori M, Latora V (2000) Harmony in the small-world. Physica A: Stat Mechan Appl 285(3-4):539\u2013546","journal-title":"Physica A: Stat Mechan Appl"},{"key":"9955_CR68","doi-asserted-by":"crossref","unstructured":"Mariconti E, Onwuzurike L, Andriotis P, De Cristofaro E, Ross G, Stringhini G (2016) Mamadroid: Detecting android malware by building markov chains of behavioral models. arXiv:161204433","DOI":"10.14722\/ndss.2017.23353"},{"key":"9955_CR69","doi-asserted-by":"crossref","unstructured":"Mariconti E, Onwuzurike L, Andriotis P, De Cristofaro E, Ross G, Stringhini G (2017) Mamadroid: Detecting android malware by buildin markov chains of behavioral models. In: ISOC Network and Distributed Systems Security Symposiym (NDSS), San Diego, CA","DOI":"10.14722\/ndss.2017.23353"},{"issue":"4","key":"9955_CR70","doi-asserted-by":"publisher","first-page":"1093","DOI":"10.1353\/mcb.2006.0061","volume":"38","author":"BD McCullough","year":"2006","unstructured":"McCullough BD, McGeary KA, Harrison TD (2006) Lessons from the jmcb archive. J Money Credit Bank 38(4):1093\u20131107","journal-title":"J Money Credit Bank"},{"key":"9955_CR71","doi-asserted-by":"publisher","unstructured":"Meng G, Xue Y, Mahinthan C, Narayanan A, Liu Y, Zhang J, Chen T (2016) Mystique: Evolving android malware for auditing anti-malware tools. In: Proceedings of the 11th ACM on asia conference on computer and communications security, association for computing machinery, New York, NY, USA, ASIA CCS \u201916, pp 365\u2013376. https:\/\/doi.org\/10.1145\/2897845.2897856","DOI":"10.1145\/2897845.2897856"},{"issue":"7","key":"9955_CR72","doi-asserted-by":"publisher","first-page":"1944","DOI":"10.1109\/TIFS.2018.2889924","volume":"14","author":"G Meng","year":"2019","unstructured":"Meng G, Patrick M, Xue Y, Liu Y, Zhang J (2019) Securing android app markets via modeling and predicting malware spread between markets. IEEE Trans Inform Forens Secur 14(7):1944\u20131959","journal-title":"IEEE Trans Inform Forens Secur"},{"key":"9955_CR73","doi-asserted-by":"publisher","unstructured":"Mirzaei O, Suarez-Tangil G, de Fuentes JM, Tapiador J, Stringhini G (2019). In: Andrensemble: Leveraging api ensembles to characterize android malware families. In: Proceedings of the 2019 ACM asia conference on computer and communications security, association for computing machinery, New York, NY, USA, Asia CCS \u201919, pp 307\u2013314. https:\/\/doi.org\/10.1145\/3321705.3329854","DOI":"10.1145\/3321705.3329854"},{"issue":"5","key":"9955_CR74","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1371\/journal.pone.0063221","volume":"8","author":"A Mobley","year":"2013","unstructured":"Mobley A, Linder SK, Braeuer R, Ellis LM, Zwelling L (2013) A survey on data reproducibility in cancer research provides insights into our limited ability to translate findings from the laboratory to the clinic. Plos One 8(5):1\u20134. https:\/\/doi.org\/10.1371\/journal.pone.0063221","journal-title":"Plos One"},{"key":"9955_CR75","doi-asserted-by":"crossref","unstructured":"Nappa A, Xu Z, Rafique MZ, Caballero J, Gu G (2014) Cyberprobe: Towards internet-scale active detection of malicious servers. In: 21st annual network and distributed system security symposium, NDSS 2014, San Diego, California, USA, February 23-26, 2014, The Internet Society. https:\/\/www.ndss-symposium.org\/ndss2014\/cyberprobe-towards-internet-scale-active-detection-malicious-servers","DOI":"10.14722\/ndss.2014.23218"},{"issue":"3","key":"9955_CR76","doi-asserted-by":"publisher","first-page":"157","DOI":"10.1109\/TETCI.2017.2699220","volume":"1","author":"A Narayanan","year":"2017","unstructured":"Narayanan A, Chandramohan M, Chen L, Liu Y (2017) Context-aware, adaptive, and scalable android malware detection through online learning. IEEE Trans Emerg Topics Comput Intell 1(3):157\u2013175. https:\/\/doi.org\/10.1109\/TETCI.2017.2699220","journal-title":"IEEE Trans Emerg Topics Comput Intell"},{"issue":"3","key":"9955_CR77","doi-asserted-by":"publisher","first-page":"1222","DOI":"10.1007\/s10664-017-9539-8","volume":"23","author":"A Narayanan","year":"2018","unstructured":"Narayanan A, Chandramohan M, Chen L, Liu Y (2018) A multi-view context-aware approach to android malware detection and malicious code localization. Empirical Softw Engg 23(3):1222\u20131274. https:\/\/doi.org\/10.1007\/s10664-017-9539-8","journal-title":"Empirical Softw Engg"},{"issue":"12","key":"9955_CR78","doi-asserted-by":"publisher","first-page":"2591","DOI":"10.1109\/TIFS.2015.2469253","volume":"10","author":"S Naval","year":"2015","unstructured":"Naval S, Laxmi V, Rajarajan M, Gaur MS, Conti M (2015) Employing program semantics for malware detection. IEEE Trans Inform Forens Secur 10(12):2591\u20132604","journal-title":"IEEE Trans Inform Forens Secur"},{"key":"9955_CR79","doi-asserted-by":"publisher","unstructured":"Neupane A, Rahman ML, Saxena N, Hirshfield L (2015) A multi-modal neuro-physiological study of phishing detection and malware warnings. In: Proceedings of the 22nd ACM SIGSAC conference on computer and communications security, association for computing machinery, New York, NY, USA, CCS \u201915, pp 479\u2013491. https:\/\/doi.org\/10.1145\/2810103.2813660","DOI":"10.1145\/2810103.2813660"},{"issue":"3","key":"9955_CR80","doi-asserted-by":"publisher","first-page":"631","DOI":"10.1109\/TIFS.2016.2631905","volume":"12","author":"N Nissim","year":"2017","unstructured":"Nissim N, Cohen A, Elovici Y (2017) Aldocx: Detection of unknown malicious microsoft office documents using designated active learning methods based on new structural feature extraction methodology. IEEE Trans Inform Forens Secur 12(3):631\u2013646","journal-title":"IEEE Trans Inform Forens Secur"},{"issue":"5","key":"9955_CR81","doi-asserted-by":"publisher","first-page":"535","DOI":"10.1111\/dmcn.14054","volume":"61","author":"MB Nuijten","year":"2019","unstructured":"Nuijten MB (2019) Practical tools and strategies for researchers to increase replicability. Development Med Child Neurol 61(5):535\u2013539. https:\/\/doi.org\/10.1111\/dmcn.14054","journal-title":"Development Med Child Neurol"},{"issue":"3","key":"9955_CR82","doi-asserted-by":"publisher","first-page":"500","DOI":"10.1109\/TIFS.2013.2242890","volume":"8","author":"P O\u2019Kane","year":"2013","unstructured":"O\u2019Kane P, Sezer S, McLaughlin K, Im EG (2013) Svm training phase reduction using dataset feature filtering for malware detection. IEEE Trans Inform Forens Secur 8(3):500\u2013509","journal-title":"IEEE Trans Inform Forens Secur"},{"issue":"2","key":"9955_CR83","doi-asserted-by":"publisher","first-page":"14:1","DOI":"10.1145\/3313391","volume":"22","author":"L Onwuzurike","year":"2019","unstructured":"Onwuzurike L, Mariconti E, Andriotis P, Cristofaro ED, Ross G, Stringhini G (2019) Mamadroid: Detecting android malware by building markov chains of behavioral models (extended version). ACM Trans Priv Secur 22 (2):14:1\u201314:34. https:\/\/doi.org\/10.1145\/3313391","journal-title":"ACM Trans Priv Secur"},{"key":"9955_CR84","doi-asserted-by":"crossref","unstructured":"Pang M, Gao W, Tao M, Zhou ZH (2018) Unorganized malicious attacks detection. In: Proceedings of the 32nd international conference on neural information processing systems, Curran Associates Inc., Red Hook, NY, USA, NIPS\u201918, pp 6976\u20136985","DOI":"10.1360\/N112017-00112"},{"key":"9955_CR85","doi-asserted-by":"publisher","first-page":"101792","DOI":"10.1016\/j.cose.2020.101792","volume":"93","author":"X Pei","year":"2020","unstructured":"Pei X, Yu L, Tian S (2020) Amalnet: A deep learning framework based on graph convolutional networks for malware detection. Comput Secur 93:101792. https:\/\/doi.org\/10.1016\/j.cose.2020.101792. http:\/\/www.sciencedirect.com\/science\/article\/pii\/S0167404820300778","journal-title":"Comput Secur"},{"key":"9955_CR86","unstructured":"Pendlebury F, Pierazzi F, Jordaney R, Kinder J, Cavallaro L (2019) TESSERACT: Eliminating experimental bias in malware classification across space and time. In: 28th USENIX security symposium (USENIX Security 19), USENIX Association, Santa Clara, CA, pp 729\u2013746. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/pendlebury"},{"key":"9955_CR87","doi-asserted-by":"publisher","first-page":"76","DOI":"10.3389\/fninf.2017.00076","volume":"11","author":"HE Plesser","year":"2018","unstructured":"Plesser HE (2018) Reproducibility vs. replicability: A brief history of a confused terminology. Front Neuroinformat 11:76. https:\/\/doi.org\/10.3389\/fninf.2017.00076","journal-title":"Front Neuroinformat"},{"key":"9955_CR88","doi-asserted-by":"crossref","unstructured":"Poeplau S, Fratantonio Y, Bianchi A, Kruegel C, Vigna G (2014) Execute this! analyzing unsafe and malicious dynamic code loading in android applications. In: 21st annual network and distributed system security symposium, NDSS 2014, San Diego, California, USA, February 23-26, 2014, The Internet Society, https:\/\/www.ndss-symposium.org\/ndss2014\/execute-analyzing-unsafe-and-malicious-dynamic-code-loading-android-applications","DOI":"10.14722\/ndss.2014.23328"},{"key":"9955_CR89","volume-title":"The logic of scientific discovery","author":"KR Popper","year":"2002","unstructured":"Popper KR (2002) The logic of scientific discovery, 2nd edn. Routledge, London. first published in 1959","edition":"2nd edn."},{"key":"9955_CR90","doi-asserted-by":"publisher","unstructured":"Rahbarinia B, Balduzzi M, Perdisci R (2016) Real-time detection of malware downloads via large-scale url->file->machine graph mining. In: Proceedings of the 11th ACM on asia conference on computer and communications security, association for computing machinery, New York, NY, USA, ASIA CCS \u201916, pp 783\u2013794. https:\/\/doi.org\/10.1145\/2897845.2897918","DOI":"10.1145\/2897845.2897918"},{"key":"9955_CR91","doi-asserted-by":"crossref","unstructured":"Rasthofer S, Arzt S, Triller S, Pradel M (2017) Making malory behave maliciously: Targeted fuzzing of android execution environments. In: 2017 IEEE\/ACM 39th international conference on software engineering (ICSE), pp 300\u2013311","DOI":"10.1109\/ICSE.2017.35"},{"key":"9955_CR92","doi-asserted-by":"publisher","unstructured":"Rastogi V, Chen Y, Jiang X (2013) Droidchameleon: Evaluating android anti-malware against transformation attacks. In: Proceedings of the 8th ACM SIGSAC symposium on information, computer and communications security, association for computing machinery, New York, NY, USA, ASIA CCS \u201913, pp 329\u2013334. https:\/\/doi.org\/10.1145\/2484313.2484355","DOI":"10.1145\/2484313.2484355"},{"issue":"1","key":"9955_CR93","doi-asserted-by":"publisher","first-page":"99","DOI":"10.1109\/TIFS.2013.2290431","volume":"9","author":"V Rastogi","year":"2014","unstructured":"Rastogi V, Chen Y, Jiang X (2014) Catch me if you can: Evaluating android anti-malware against transformation attacks. IEEE Trans Inform Forens Secur 9(1):99\u2013108","journal-title":"IEEE Trans Inform Forens Secur"},{"issue":"3","key":"9955_CR94","doi-asserted-by":"publisher","first-page":"55:1","DOI":"10.1145\/2996358","volume":"49","author":"B Reaves","year":"2016","unstructured":"Reaves B, Bowers J, Gorski SA III, Anise O, Bobhate R, Cho R, Das H, Hussain S, Karachiwala H, Scaife N, Wright B, Butler K, Enck W, Traynor P (2016) *droid: Assessment and evaluation of android application analysis tools. ACM Comput Surv 49(3):55:1\u201355:30. https:\/\/doi.org\/10.1145\/2996358","journal-title":"ACM Comput Surv"},{"key":"9955_CR95","doi-asserted-by":"publisher","unstructured":"Rossow C, Dietrich CJ, Grier C, Kreibich C, Paxson V, Pohlmann N, Bos H, v Steen M (2012) Prudent practices for designing malware experiments: Status quo and outlook. In: 2012 IEEE symposium on security and privacy, pp 65\u201379. https:\/\/doi.org\/10.1109\/SP.2012.14","DOI":"10.1109\/SP.2012.14"},{"key":"9955_CR96","doi-asserted-by":"publisher","first-page":"e142","DOI":"10.7717\/peerj-cs.142","volume":"3","author":"NP Rougier","year":"2017","unstructured":"Rougier NP, Hinsen K, Alexandre F, Arildsen T, Barba LA, Benureau FC, Brown CT, De Buyl P, Caglayan O, Davison AP et al (2017) Sustainable computational science: The rescience initiative. PeerJ Computer Science 3:e142","journal-title":"PeerJ Computer Science"},{"key":"9955_CR97","doi-asserted-by":"publisher","first-page":"168","DOI":"10.1016\/j.cose.2019.06.004","volume":"86","author":"M Scalas","year":"2019","unstructured":"Scalas M, Maiorca D, Mercaldo F, Visaggio CA, Martinelli F, Giacinto G (2019) On the effectiveness of system api-related information for android ransomware detection. Comput Secur 86:168\u2013182","journal-title":"Comput Secur"},{"key":"9955_CR98","doi-asserted-by":"crossref","unstructured":"Schmicker R, Breitinger F, Baggili I (2019) Androparse - an android feature extraction framework and dataset. In: Breitinger F, Baggili I (eds) Digital forensics and cyber crime. Springer International Publishing, Cham, pp 66\u201388","DOI":"10.1007\/978-3-030-05487-8_4"},{"issue":"10","key":"9955_CR99","doi-asserted-by":"publisher","first-page":"2563","DOI":"10.1109\/TIFS.2018.2824250","volume":"13","author":"S Sen","year":"2018","unstructured":"Sen S, Aydogan E, Aysan AI (2018) Coevolution of mobile malware and anti-malware. IEEE Trans Inform Forens Secur 13(10):2563\u20132574","journal-title":"IEEE Trans Inform Forens Secur"},{"key":"9955_CR100","doi-asserted-by":"publisher","unstructured":"Skovoroda A, Gamayunov D (2017) Automated static analysis and classification of android malware using permission and api calls models. In: 2017 15th annual conference on privacy, security and trust (PST), pp 243\u201324309. https:\/\/doi.org\/10.1109\/PST.2017.00036","DOI":"10.1109\/PST.2017.00036"},{"key":"9955_CR101","doi-asserted-by":"crossref","unstructured":"Smutz C, Stavrou A (2016) When a tree falls: Using diversity in ensemble classifiers to identify evasion in malware detectors. In: 23rd annual network and distributed system security symposium, NDSS 2016, San Diego, California, USA, February 21-24, 2016, The Internet Society. http:\/\/wp.internetsociety.org\/ndss\/wp-content\/uploads\/sites\/25\/2017\/09\/when-tree-falls-using-diversity-ensemble-classifiers-identify-evasion-malware-detectors.pdf","DOI":"10.14722\/ndss.2016.23078"},{"key":"9955_CR102","doi-asserted-by":"publisher","unstructured":"Song F, Touili T (2013) Pommade: Pushdown model-checking for malware detection. In: Proceedings of the 2013 9th joint meeting on foundations of software engineering, association for computing machinery, New York, NY, USA, ESEC\/FSE, vol 2013, pp 607\u2013610. https:\/\/doi.org\/10.1145\/2491411.2494599","DOI":"10.1145\/2491411.2494599"},{"key":"9955_CR103","unstructured":"Srndic N, Laskov P (2013) Detection of malicious PDF files based on hierarchical document structure. In: 20th annual network and distributed system security symposium, NDSS 2013, San Diego, California, USA, February 24-27, 2013, The Internet Society. https:\/\/www.ndss-symposium.org\/ndss2013\/detection-malicious-pdf-files-based-hierarchical-document-structure"},{"issue":"5","key":"9955_CR104","doi-asserted-by":"publisher","first-page":"1103","DOI":"10.1109\/TIFS.2016.2646641","volume":"12","author":"M Sun","year":"2017","unstructured":"Sun M, Li X, Lui JCS, Ma RTB, Liang Z (2017) Monet: A user-oriented behavior-based malware variants detection system for android. IEEE Trans Inform Forens Secur 12(5):1103\u20131112","journal-title":"IEEE Trans Inform Forens Secur"},{"key":"9955_CR105","doi-asserted-by":"crossref","unstructured":"Tam K, Khan SJ, Fattori A, Cavallaro L (2015) Copperdroid: Automatic reconstruction of android malware behaviors. In: 22nd annual network and distributed system security symposium, NDSS 2015, San Diego, California, USA, February 8-11, 2015, The Internet Society. https:\/\/www.ndss-symposium.org\/ndss2015\/copperdroid-automatic-reconstruction-android-malware-behaviors","DOI":"10.14722\/ndss.2015.23145"},{"key":"9955_CR106","doi-asserted-by":"publisher","unstructured":"Tamersoy A, Roundy K, Chau DH (2014) Guilt by association: Large scale malware detection by mining file-relation graphs. In: Proceedings of the 20th ACM SIGKDD international conference on knowledge discovery and data mining, association for computing machinery, New York, NY, USA, KDD \u201914, pp 1524\u20131533. https:\/\/doi.org\/10.1145\/2623330.2623342","DOI":"10.1145\/2623330.2623342"},{"key":"9955_CR107","unstructured":"Vall\u00e9e-Rai R, Co P, Gagnon E, Hendren L, Lam P, Sundaresan V (1999) Soot - a java bytecode optimization framework. In: Proceedings of the 1999 conference of the centre for advanced studies on collaborative research, IBM Press, CASCON \u201999, p 13. http:\/\/dl.acm.org\/citation.cfm?id=781995.782008"},{"key":"9955_CR108","doi-asserted-by":"crossref","unstructured":"Viennot N, Garcia E, Nieh J (2014) A measurement study of google play. In: ACM SIGMETRICS Performance evaluation review, ACM, vol 42, pp 221\u2013233","DOI":"10.1145\/2637364.2592003"},{"key":"9955_CR109","unstructured":"Wang G, Wang T, Zhang H, Zhao BY (2014) Man vs. machine: Practical adversarial detection of malicious crowdsourcing workers. In: Proceedings of the 23rd USENIX conference on security symposium, USENIX Association, USA, SEC\u201914, pp 239\u2013254"},{"key":"9955_CR110","doi-asserted-by":"publisher","unstructured":"Wang J, Xue Y, Liu Y, Tan TH (2015) Jsdc: A hybrid approach for javascript malware detection and classification. In: Proceedings of the 10th ACM symposium on information, computer and communications security, association for computing machinery, New York, NY, USA, ASIA CCS \u201915, pp 109\u2013120. https:\/\/doi.org\/10.1145\/2714576.2714620","DOI":"10.1145\/2714576.2714620"},{"issue":"5","key":"9955_CR111","doi-asserted-by":"publisher","first-page":"1096","DOI":"10.1109\/TIFS.2017.2771228","volume":"13","author":"S Wang","year":"2018","unstructured":"Wang S, Yan Q, Chen Z, Yang B, Zhao C, Conti M (2018) Detecting android malware leveraging text semantics of network flows. IEEE Trans Inform Forens Secur 13(5):1096\u20131109","journal-title":"IEEE Trans Inform Forens Secur"},{"key":"9955_CR112","doi-asserted-by":"publisher","unstructured":"Wang S, Chen Z, Yu X, Li D, Ni J, Tang LA, Gui J, Li Z, Chen H, Yu PS (2019) Heterogeneous graph matching networks for unknown malware detection. In: Proceedings of the Twenty-Eighth international joint conference on artificial intelligence, IJCAI-19, International Joint Conferences on Artificial Intelligence Organization, pp 3762\u20133770. https:\/\/doi.org\/10.24963\/ijcai.2019\/522","DOI":"10.24963\/ijcai.2019\/522"},{"issue":"11","key":"9955_CR113","doi-asserted-by":"publisher","first-page":"1869","DOI":"10.1109\/TIFS.2014.2353996","volume":"9","author":"W Wang","year":"2014","unstructured":"Wang W, Wang X, Feng D, Liu J, Han Z, Zhang X (2014) Exploring permission-induced risk in android applications for malicious application detection. IEEE Trans Inform Forens Secur 9(11):1869\u20131882","journal-title":"IEEE Trans Inform Forens Secur"},{"issue":"3","key":"9955_CR114","doi-asserted-by":"publisher","first-page":"1136","DOI":"10.1109\/TIFS.2011.2157341","volume":"6","author":"S Wei","year":"2011","unstructured":"Wei S, Meguerdichian S, Potkonjak M (2011) Malicious circuitry detection using thermal conditioning. IEEE Trans Inform Forens Secur 6(3):1136\u20131145","journal-title":"IEEE Trans Inform Forens Secur"},{"key":"9955_CR115","doi-asserted-by":"crossref","unstructured":"Wong MY, Lie D (2016) Intellidroid: A targeted input generator for the dynamic analysis of android malware. In: 23rd annual network and distributed system security symposium, NDSS 2016, San Diego, California, USA, February 21-24, 2016, The Internet Society. http:\/\/wp.internetsociety.org\/ndss\/wp-content\/uploads\/sites\/25\/2017\/09\/intellidroid-targeted-input-generator-dynamic-analysis-android-malware.pdf","DOI":"10.14722\/ndss.2016.23118"},{"key":"9955_CR116","doi-asserted-by":"crossref","unstructured":"Wu Y, Li X, Zou D, Yang W, Zhang X, Jin H (2019) Malscan: Fast market-wide mobile malware scanning by social-network centrality analysis. In: 2019 34th IEEE\/ACM international conference on automated software engineering (ASE), pp 139\u2013150","DOI":"10.1109\/ASE.2019.00023"},{"key":"9955_CR117","doi-asserted-by":"publisher","unstructured":"W\u00fcchner T, Ochoa M, Pretschner A (2014) Malware detection with quantitative data flow graphs. In: Proceedings of the 9th ACM symposium on information, computer and communications security, association for computing machinery, New York, NY, USA, ASIA CCS \u201914, pp 271\u2013282. https:\/\/doi.org\/10.1145\/2590296.2590319","DOI":"10.1145\/2590296.2590319"},{"key":"9955_CR118","doi-asserted-by":"publisher","unstructured":"Xia Z, Liu C, Gong NZ, Li Q, Cui Y, Song D (2019) Characterizing and detecting malicious accounts in privacy-centric mobile social networks: A case study. In: Proceedings of the 25th ACM SIGKDD international conference on knowledge discovery & data mining, association for computing machinery, New York, NY, USA, KDD \u201919, pp 2012\u20132022. https:\/\/doi.org\/10.1145\/3292500.3330702","DOI":"10.1145\/3292500.3330702"},{"key":"9955_CR119","doi-asserted-by":"publisher","unstructured":"Xing L, Pan X, Wang R, Yuan K, Wang X (2014) Upgrading your android, elevating my malware: Privilege escalation through mobile os updating. In: 2014 IEEE symposium on security and privacy, pp 393\u2013408. https:\/\/doi.org\/10.1109\/SP.2014.32","DOI":"10.1109\/SP.2014.32"},{"key":"9955_CR120","doi-asserted-by":"publisher","unstructured":"Xu F, Diao W, Li Z, Chen J, Zhang K (2019) Badbluetooth: Breaking android security mechanisms via malicious bluetooth peripherals. https:\/\/doi.org\/10.14722\/ndss.2019.23482","DOI":"10.14722\/ndss.2019.23482"},{"issue":"6","key":"9955_CR121","doi-asserted-by":"publisher","first-page":"1252","DOI":"10.1109\/TIFS.2016.2523912","volume":"11","author":"K Xu","year":"2016","unstructured":"Xu K, Li Y, Deng RH (2016) Iccdetector: Icc-based malware detection on android. IEEE Trans Inform Forens Secur 11(6):1252\u20131264","journal-title":"IEEE Trans Inform Forens Secur"},{"key":"9955_CR122","unstructured":"Xue L, Zhou Y, Chen T, Luo X, Gu G (2017) Malton: Towards on-device non-invasive mobile malware analysis for ART. In: Kirda E, Ristenpart T (eds) 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, August 16-18, 2017, USENIX Association, pp 289\u2013306. https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/xue"},{"issue":"7","key":"9955_CR123","doi-asserted-by":"publisher","first-page":"1529","DOI":"10.1109\/TIFS.2017.2661723","volume":"12","author":"Y Xue","year":"2017","unstructured":"Xue Y, Meng G, Liu Y, Tan TH, Chen H, Sun J, Zhang J (2017) Auditing anti-malware tools by evolving android malware and dynamic loading technique. IEEE Trans Inform Forens Secur 12(7):1529\u20131544","journal-title":"IEEE Trans Inform Forens Secur"},{"key":"9955_CR124","doi-asserted-by":"publisher","unstructured":"Yan G (2015) Be sensitive to your errors: Chaining neyman-pearson criteria for automated malware classification. In: Proceedings of the 10th ACM symposium on information, computer and communications security, association for computing machinery, New York, NY, USA, ASIA CCS \u201915, pp 121\u2013132. https:\/\/doi.org\/10.1145\/2714576.2714578","DOI":"10.1145\/2714576.2714578"},{"key":"#cr-split#-9955_CR125.1","unstructured":"Yan L, Yin H (2012) Droidscope: Seamlessly reconstructing the OS and dalvik semantic views for dynamic android malware analysis. In: Kohno T"},{"key":"#cr-split#-9955_CR125.2","unstructured":"(ed) Proceedings of the 21th USENIX security symposium, Bellevue, WA, USA, August 8-10, 2012, USENIX Association, pp 569-584. https:\/\/www.usenix.org\/conference\/usenixsecurity12\/technical-sessions\/presentation\/yan"},{"key":"9955_CR126","doi-asserted-by":"crossref","unstructured":"Yang W, Xiao X, Andow B, Li S, Xie T, Enck W (2015) Appcontext: Differentiating malicious and benign mobile app behaviors using context. In: 2015 IEEE\/ACM 37th IEEE international conference on software engineering, vol 1, pp 303\u2013313","DOI":"10.1109\/ICSE.2015.50"},{"key":"9955_CR127","doi-asserted-by":"crossref","unstructured":"Yang W, Prasad M, Xie T (2018) Enmobile: Entity-based characterization and analysis of mobile malware. In: 2018 IEEE\/ACM 40th international conference on software engineering (ICSE), pp 384\u2013394","DOI":"10.1145\/3180155.3180223"},{"key":"9955_CR128","doi-asserted-by":"publisher","unstructured":"Ye Y, Li T, Jiang Q, Han Z, Wan L (2009) Intelligent file scoring system for malware detection from the gray list. In: Proceedings of the 15th ACM SIGKDD international conference on knowledge discovery and data mining, association for computing machinery, New York, NY, USA, KDD \u201909, pp 1385\u20131394. https:\/\/doi.org\/10.1145\/1557019.1557167","DOI":"10.1145\/1557019.1557167"},{"key":"9955_CR129","doi-asserted-by":"publisher","unstructured":"Ye Y, Li T, Zhu S, Zhuang W, Tas E, Gupta U, Abdulhayoglu M (2011) Combining file content and file relations for cloud based malware detection. In: Proceedings of the 17th ACM SIGKDD international conference on knowledge discovery and data mining, association for computing machinery, New York, NY, USA, KDD \u201911, pp 222\u2013230. https:\/\/doi.org\/10.1145\/2020408.2020448","DOI":"10.1145\/2020408.2020448"},{"key":"9955_CR130","doi-asserted-by":"publisher","unstructured":"Ye Y, Hou S, Chen L, Lei J, Wan W, Wang J, Xiong Q, Shao F (2019) Out-of-sample node representation learning for heterogeneous graph in real-time android malware detection. In: Proceedings of the twenty-eighth international joint conference on artificial intelligence, IJCAI-19, International Joint Conferences on Artificial Intelligence Organization, pp 4150\u20134156. https:\/\/doi.org\/10.24963\/ijcai.2019\/576","DOI":"10.24963\/ijcai.2019\/576"},{"key":"9955_CR131","doi-asserted-by":"publisher","unstructured":"Zhang H, Yao DD, Ramakrishnan N (2014a) Detection of stealthy malware activities with traffic causality and scalable triggering relation discovery. In: Proceedings of the 9th ACM symposium on information, computer and communications security, association for computing machinery, New York, NY, USA, ASIA CCS \u201914, pp 39\u201350. https:\/\/doi.org\/10.1145\/2590296.2590309","DOI":"10.1145\/2590296.2590309"},{"key":"9955_CR132","doi-asserted-by":"publisher","unstructured":"Zhang M, Duan Y, Yin H, Zhao Z (2014b) Semantics-aware android malware classification using weighted contextual API dependency graphs. In: Ahn G, Yung M, Li N (eds) Proceedings of the 2014 ACM SIGSAC conference on computer and communications security, Scottsdale, AZ, USA, November 3-7, 2014, ACM, pp 1105\u20131116. https:\/\/doi.org\/10.1145\/2660267.2660359","DOI":"10.1145\/2660267.2660359"},{"key":"9955_CR133","doi-asserted-by":"publisher","unstructured":"Zhao K, Zhang D, Su X, Li W (2015) Fest: A feature extraction and selection tool for android malware detection. In: 2015 IEEE symposium on computers and communication (ISCC), pp 714\u2013720. https:\/\/doi.org\/10.1109\/ISCC.2015.7405598","DOI":"10.1109\/ISCC.2015.7405598"},{"key":"9955_CR134","doi-asserted-by":"publisher","unstructured":"Zhongyang Y, Xin Z, Mao B, Xie L (2013) Droidalarm: An all-sided static analysis tool for android privilege-escalation malware. In: Proceedings of the 8th ACM SIGSAC symposium on information, computer and communications security, association for computing machinery, New York, NY, USA, ASIA CCS \u201913, pp 353\u2013358. https:\/\/doi.org\/10.1145\/2484313.2484359","DOI":"10.1145\/2484313.2484359"},{"key":"9955_CR135","doi-asserted-by":"publisher","unstructured":"Zhou Y, Jiang X (2012) Dissecting android malware: Characterization and evolution. In: 2012 IEEE symposium on security and privacy, pp 95\u2013109. https:\/\/doi.org\/10.1109\/SP.2012.16","DOI":"10.1109\/SP.2012.16"},{"key":"9955_CR136","unstructured":"Zhou Y, Wang Z, Zhou W, Jiang X (2012) Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets. In: Proceedings of the 19th Network and Distributed System Security Symposium NDSS, p 2012"},{"key":"9955_CR137","doi-asserted-by":"publisher","unstructured":"Zhu Z, Dumitraundefined T (2016) Featuresmith: Automatically engineering features for malware detection by mining the security literature. In: Proceedings of the 2016 ACM SIGSAC conference on computer and communications security, association for computing machinery, New York, NY, USA, CCS \u201916, pp 767\u2013778. https:\/\/doi.org\/10.1145\/2976749.2978304","DOI":"10.1145\/2976749.2978304"}],"container-title":["Empirical Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10664-021-09955-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10664-021-09955-7\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10664-021-09955-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,2,2]],"date-time":"2023-02-02T16:08:45Z","timestamp":1675354125000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10664-021-09955-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,5,24]]},"references-count":139,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2021,7]]}},"alternative-id":["9955"],"URL":"https:\/\/doi.org\/10.1007\/s10664-021-09955-7","relation":{},"ISSN":["1382-3256","1573-7616"],"issn-type":[{"value":"1382-3256","type":"print"},{"value":"1573-7616","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,5,24]]},"assertion":[{"value":"26 February 2021","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"24 May 2021","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}],"article-number":"74"}}