{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T22:53:01Z","timestamp":1773183181958,"version":"3.50.1"},"reference-count":59,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2011,1,6]],"date-time":"2011-01-06T00:00:00Z","timestamp":1294272000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["J Intell Inf Syst"],"published-print":{"date-parts":[[2012,2]]},"DOI":"10.1007\/s10844-010-0148-x","type":"journal-article","created":{"date-parts":[[2011,1,5]],"date-time":"2011-01-05T03:12:16Z","timestamp":1294197136000},"page":"161-190","source":"Crossref","is-referenced-by-count":538,"title":["\u201cAndromaly\u201d: a behavioral malware detection framework for android devices"],"prefix":"10.1007","volume":"38","author":[{"given":"Asaf","family":"Shabtai","sequence":"first","affiliation":[]},{"given":"Uri","family":"Kanonov","sequence":"additional","affiliation":[]},{"given":"Yuval","family":"Elovici","sequence":"additional","affiliation":[]},{"given":"Chanan","family":"Glezer","sequence":"additional","affiliation":[]},{"given":"Yael","family":"Weiss","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2011,1,6]]},"reference":[{"key":"148_CR1","unstructured":"Adam, P. F., Chaudhuri, A., & Foster, J. S. (2009). SCanDroid: Automated security certification of android applications. In IEEE symposium of security and privacy."},{"key":"148_CR2","doi-asserted-by":"crossref","unstructured":"Bose, A., Hu, X., Shin, K. G., & Park, T. (2008). Behavioral detection of malware on mobile handsets. In Proc. of the 6th international conference on mobile systems, applications, and services.","DOI":"10.1145\/1378600.1378626"},{"key":"148_CR3","doi-asserted-by":"crossref","first-page":"130","DOI":"10.1016\/j.cose.2008.11.001","volume":"28","author":"RA Botha","year":"2009","unstructured":"Botha, R. A., Furnell, S. M., & Clarke, N. L. (2009). From desktop to mobile: Examining the security experience. Computer & Security, 28, 130\u2013137.","journal-title":"Computer & Security"},{"key":"148_CR4","doi-asserted-by":"crossref","unstructured":"Buennemeyer, T. K., et al. (2008). Mobile device profiling and intrusion detection using smart batteries. In International conference on system sciences (pp. 296\u2013296).","DOI":"10.1109\/HICSS.2008.319"},{"issue":"3","key":"148_CR5","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/1541880.1541882","volume":"41","author":"V Chandola","year":"2009","unstructured":"Chandola, V., Banerjee, A., & Kumar, V. (2009). Anomaly detection: A survey. ACM Computing Surveys, 41(3), 1\u201358.","journal-title":"ACM Computing Surveys"},{"key":"148_CR6","doi-asserted-by":"crossref","unstructured":"Chaudhuri, A. (2009). Language-based security on android. In ACM workshop on programming languages and analysis for security (PLAS) (pp. 1\u20137).","DOI":"10.1145\/1554339.1554341"},{"key":"148_CR7","doi-asserted-by":"crossref","unstructured":"Cheng, J., Wong, S. H., Yang, H., & Lu, S. (2007). SmartSiren: Virus detection and alert for smartphones. In Proceedings of the 5th international conference on mobile systems, applications and services.","DOI":"10.1145\/1247660.1247690"},{"key":"148_CR8","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1109\/MPRV.2004.21","volume":"3","author":"C Dagon","year":"2004","unstructured":"Dagon, C., Martin, T., & Starner, T. (2004). Mobile phones as computing devices the viruses are coming. Pervasive Computing, 3, 11\u201315.","journal-title":"Pervasive Computing"},{"key":"148_CR9","doi-asserted-by":"crossref","first-page":"103","DOI":"10.1023\/A:1007413511361","volume":"29","author":"P Domingos","year":"1997","unstructured":"Domingos, P., & Pazzani, M. (1997). On the optimality of simple Bayesian classifier under zero-one loss. Machine Learning, 29, 103\u2013130.","journal-title":"Machine Learning"},{"key":"148_CR10","unstructured":"Egele, M., Krugel, C., Kirda, E., Yin, H., & Song, D. (2007). Dynamic spyware analysis. In USENIX annual technical conference (pp. 233\u2013246)."},{"issue":"11","key":"148_CR11","doi-asserted-by":"crossref","first-page":"4","DOI":"10.1016\/S1353-4858(06)70450-0","volume":"2006","author":"D Emm","year":"2006","unstructured":"Emm, D. (2006). Mobile malware \u2013 new avenues. Network Security, 2006(11), 4\u20136.","journal-title":"Network Security"},{"key":"148_CR12","unstructured":"Enck, W., Ongtang, M., & McDaniel, P. (2008). Mitigating android software misuse before it happens. Tech. report NAS-TR-0094\u20132008, Network and Security Research Ctr., Dept. Computer Science and Eng., Pennsylvania State Univ."},{"issue":"1","key":"148_CR13","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1109\/MSP.2009.26","volume":"7","author":"W Enck","year":"2009","unstructured":"Enck, W., Ongtang, M., & McDaniel, P. (2009). Understanding android security. IEEE Security & Privacy Magazine, 7(1), 50\u201357.","journal-title":"IEEE Security & Privacy Magazine"},{"key":"148_CR14","doi-asserted-by":"crossref","unstructured":"Endler, D. (1998). Intrusion detection: Applying machine learning to solaris audit data. In Proceedings of the 14th annual computer security applications conference.","DOI":"10.1109\/CSAC.1998.738647"},{"issue":"1\u20132","key":"148_CR15","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1016\/j.cose.2008.08.003","volume":"28","author":"P Garcia-Teodoro","year":"2009","unstructured":"Garcia-Teodoro, P., Diaz-Verdejo, J., Macia-Fernandez, G., & Vazquez, E. (2009). Anomaly-based network intrusion detection: Techniques, systems and challenges. Computers & Security, 28(1\u20132), 18\u201328.","journal-title":"Computers & Security"},{"key":"148_CR16","doi-asserted-by":"crossref","first-page":"531","DOI":"10.1126\/science.286.5439.531","volume":"286","author":"T Golub","year":"1999","unstructured":"Golub, T., et al. (1999). Molecular classification of cancer: Class discovery and class prediction by gene expression monitoring. Science, 286, 531\u2013537.","journal-title":"Science"},{"key":"148_CR17","doi-asserted-by":"crossref","unstructured":"Griffin, K., Schneider, S., Hu, X., & Chiueh, T. (2009). Automatic generation of string signatures for malware detection. In Proc. of the 12th international symposium on recent advances in intrusion detection.","DOI":"10.1007\/978-3-642-04342-0_6"},{"key":"148_CR18","unstructured":"Gryaznov, D. (1999). Scanners of the year 2000: Heuritics. The 5th international virus bulletin."},{"key":"148_CR19","unstructured":"Guo, C., Wang, H. J., & Zhu, W. (2004). Smart-phone attacks and defenses. In HotNets III."},{"key":"148_CR20","doi-asserted-by":"crossref","first-page":"85","DOI":"10.1016\/j.cose.2008.10.002","volume":"28","author":"SS Hwang","year":"2009","unstructured":"Hwang, S. S., Cho, S., & Park, S. (2009). Keystroke dynamics-based authentication for mobile devices. Computer & Security, 28, 85\u201393.","journal-title":"Computer & Security"},{"key":"148_CR21","unstructured":"Imam, I. F., Michalski, R. S., & Kerschberg, L. (1993). Discovering attribute dependence in databases by integrating symbolic learning and statistical analysis techniques. In Proceeding of the AAAI-93 workshop on knowledge discovery in databases."},{"key":"148_CR22","doi-asserted-by":"crossref","first-page":"251","DOI":"10.1007\/s11416-008-0086-0","volume":"4","author":"G Jacob","year":"2008","unstructured":"Jacob, G., Debar, H., & Filiol, E. (2008). Behavioral detection of malware: From a survey towards an established taxonomy. Journal in Computer Virology, 4, 251\u2013266.","journal-title":"Journal in Computer Virology"},{"key":"148_CR23","doi-asserted-by":"crossref","unstructured":"Jacoby, G. A., & Davis, N. J. (2004). Battery-based intrusion detection. In Global telecommunications conference (GLOBECOM\u201904).","DOI":"10.1109\/GLOCOM.2004.1378409"},{"issue":"3","key":"148_CR24","doi-asserted-by":"crossref","first-page":"264","DOI":"10.1145\/331499.331504","volume":"31","author":"AK Jain","year":"1999","unstructured":"Jain, A. K., Murty, M. N., & Flynn, P. J. (1999). Data clustering. ACM Computing Surveys, 31(3):264\u2013296.","journal-title":"ACM Computing Surveys"},{"key":"148_CR25","unstructured":"John, G. H., & Langley, P. (1995). Estimating continuous distributions in bayesian classifiers. In Proc. of the conference on uncertainty in artificial intelligence (pp. 338\u2013345)."},{"key":"148_CR26","doi-asserted-by":"crossref","unstructured":"Kim, H., Smith, J., & Shin, K. G. (2008). Detecting energy-greedy anomalies and mobile malware variants. In Proceeding of the 6th international conference on mobile systems, applications, and services.","DOI":"10.1145\/1378600.1378627"},{"issue":"2","key":"148_CR27","doi-asserted-by":"crossref","first-page":"199","DOI":"10.1504\/IJMC.2008.016577","volume":"6","author":"KS Koong","year":"2008","unstructured":"Koong, K. S., Liu, L. C., Bai, S., & Lin, B. (2008). Identity theft in the USA: Evidence from 2002 to 2006. International Journal of Mobile Communications, 6(2), 199\u2013216.","journal-title":"International Journal of Mobile Communications"},{"issue":"4","key":"148_CR28","doi-asserted-by":"crossref","first-page":"20","DOI":"10.1109\/MC.2005.134","volume":"38","author":"N Leavitt","year":"2005","unstructured":"Leavitt, N. (2005). Mobile phones: The next frontier for hackers? Computer, 38(4), 20\u201323.","journal-title":"Computer"},{"key":"148_CR29","unstructured":"Lee, W., & Xiang, D. (2001). Information-theoretic measures for anomaly detection. In Proc. of the IEEE symposium on security and privacy (pp. 130\u2013143)."},{"key":"148_CR30","unstructured":"Lee, W., Stolfo, S., & Mok, K. (1999). A data mining framework for building intrusion detection models. In Proc. of the 1999 IEEE symposium on security and privacy. Oakland."},{"issue":"1\u20132","key":"148_CR31","doi-asserted-by":"crossref","first-page":"5","DOI":"10.3233\/JCS-2002-101-202","volume":"10","author":"W Lee","year":"2002","unstructured":"Lee, W., Fan, W., Miller, M., Stolfo, S., & Zadok, E. (2002). Toward cost-sensitive modeling for intrusion detection and response. Journal of Computer Security, 10(1\u20132), 5\u201322.","journal-title":"Journal of Computer Security"},{"issue":"4","key":"148_CR32","doi-asserted-by":"crossref","first-page":"1483","DOI":"10.1016\/j.csda.2008.10.015","volume":"53","author":"E Menahem","year":"2008","unstructured":"Menahem, E., Shabtai, A., Rokach, L., & Elovici, Y. (2008). Improving malware detection by applying multi-inducer ensemble. Computational Statistics and Data Analysis, 53(4), 1483\u20131494.","journal-title":"Computational Statistics and Data Analysis"},{"key":"148_CR33","doi-asserted-by":"crossref","unstructured":"Miettinen, M., Halonen, P., & H\u00e4t\u00f6nen, K. (2006). Host-based intrusion detection for advanced mobile devices. In Proc. of the 20th international conference on advanced information networking and applications.","DOI":"10.1109\/AINA.2006.192"},{"key":"148_CR34","volume-title":"Machine learning","author":"T Mitchell","year":"1997","unstructured":"Mitchell, T. (1997). Machine learning. New York: McGraw-Hill."},{"key":"148_CR35","unstructured":"Moreau, Y., Preneel, B., Burge, P., Shawe-Taylor, J., Stoermann, C., & Cooke, C. (1997). Novel techniques for fraud detection in mobile telecommunication networks. In ACTS mobile summit."},{"key":"148_CR36","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., & Kirda, E. (2007). Limits of static analysis for malware detection. In Annual computer security applications conference (pp. 421\u2013430).","DOI":"10.1109\/ACSAC.2007.21"},{"issue":"9","key":"148_CR37","doi-asserted-by":"crossref","first-page":"4544","DOI":"10.1016\/j.csda.2008.01.028","volume":"52","author":"R Moskovitch","year":"2008","unstructured":"Moskovitch, R., Elovici, Y., & Rokach, L. (2008). Detection of unknown computer worms based on behavioral classification of the host. Computational Statistics and Data Analysis, 52(9), 4544\u20134566.","journal-title":"Computational Statistics and Data Analysis"},{"key":"148_CR38","doi-asserted-by":"crossref","unstructured":"Muthukumaran, D., et al. (2008). Measuring integrity on mobile phone systems. In Proceedings of the 13th ACM symposium on access control models and technologies.","DOI":"10.1145\/1377836.1377862"},{"key":"148_CR39","doi-asserted-by":"crossref","unstructured":"Nash, D. C., et al. (2005). Towards an intrusion detection system for battery exhaustion attacks on mobile computing devices. In Pervasive computing and communications workshops.","DOI":"10.1109\/PERCOMW.2005.86"},{"key":"148_CR40","unstructured":"Neter, J., Kutner, M. H., Nachtsheim, C. J., & Wasserman, W. (1996). Applied linear statistical models. McGraw-Hill."},{"key":"148_CR41","doi-asserted-by":"crossref","unstructured":"Ongtang, M., McLaughlin, S., Enck, W., & McDaniel, P. (2009). Semantically rich application-centric security in android. In Proceedings of the 25th annual computer security applications conference (ACSAC). Honolulu.","DOI":"10.1109\/ACSAC.2009.39"},{"key":"148_CR42","volume-title":"Probabilistic reasoning in intelligent systems: Networks of plausible inference","author":"J Pearl","year":"1988","unstructured":"Pearl, J. (1988). Probabilistic reasoning in intelligent systems: Networks of plausible inference. Massachusetts: Morgan Kaufmann."},{"key":"148_CR43","doi-asserted-by":"crossref","first-page":"42","DOI":"10.1049\/ess:20040612","volume":"2","author":"M Piercy","year":"2004","unstructured":"Piercy, M. (2004). Embedded devices next on the virus target list. IEEE Electronics Systems and Software, 2, 42\u201343.","journal-title":"IEEE Electronics Systems and Software"},{"key":"148_CR44","volume-title":"C4.5: Programs for machine learning","author":"JR Quinlan","year":"1993","unstructured":"Quinlan, J. R. (1993). C4.5: Programs for machine learning. San Francisco: Morgan Kaufmann."},{"key":"148_CR45","doi-asserted-by":"crossref","unstructured":"Rieck, K., Holz, T., Willems, C., D\u00fcssel, P., & Laskov, P. (2008). Learning and classification of malware behavior. In Proc. of the conference on detection of intrusions and malware & vulnerability assessment (pp. 108\u2013125).","DOI":"10.1007\/978-3-540-70542-0_6"},{"key":"148_CR46","unstructured":"Russel, S., & Norvig, P. (2002). Artificial intelligence: A modern approach. Prentice Hall."},{"issue":"7","key":"148_CR47","doi-asserted-by":"crossref","first-page":"1373","DOI":"10.1109\/49.622919","volume":"15","author":"D Samfat","year":"1997","unstructured":"Samfat, D., & Molva, R. (1997). IDAMN: An intrusion detection architecture for mobile networks. IEEE Journal on Selected Areas in Communications, 15(7), 1373\u20131380.","journal-title":"IEEE Journal on Selected Areas in Communications"},{"key":"148_CR48","unstructured":"Schmidt, A. D., Schmidt, H. G., Y\u00fcksel, K. A., Kiraz, O., Camptepe, S. A., & Albayrak, S. (2008). Enhancing security of linux-based android devices. In Proc. of the 15th international linux system technology conference."},{"issue":"1","key":"148_CR49","doi-asserted-by":"crossref","first-page":"92","DOI":"10.1007\/s11036-008-0113-x","volume":"14","author":"AD Schmidt","year":"2009","unstructured":"Schmidt, A. D., Peters, F., Lamour, F., Scheel, C., Camtepe, S. A., & Albayrak, S. (2009). Monitoring smartphones for anomaly detection. Mobile Networks and Applications (MONET ), 14(1), 92\u2013106.","journal-title":"Mobile Networks and Applications (MONET)"},{"key":"148_CR50","unstructured":"Shabtai, A., Fledel, Y., & Elovici, Y. (2009a). Detecting malicious applications on android by applying machine learning classifiers to static features (Poster). Presented in the 25th annual computer security applications conference (ACSAC). Honolulu, Hawaii."},{"issue":"3","key":"148_CR51","first-page":"267","volume":"8","author":"A Shabtai","year":"2009","unstructured":"Shabtai, A., Fledel, Y., Elovici, Y., & Shahar, Y. (2009b). Knowledge-based temporal abstraction in clinical domains. Journal in Computer Virology, 8(3), 267\u2013298.","journal-title":"Journal in Computer Virology"},{"issue":"1","key":"148_CR52","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.istr.2009.03.001","volume":"14","author":"A Shabtai","year":"2009","unstructured":"Shabtai, A., Moskovitch, R., Elovici, Y., & Glezer, C. (2009c). Detection of malicious code by applying machine learning classifiers on static features: A state-of-the-art survey. Information Security Technical Report, 14(1):1\u201334.","journal-title":"Information Security Technical Report"},{"key":"148_CR53","unstructured":"Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., & Dolev, S. (2009d). Google android: A state-of-the-art review of security mechanisms. CoRR abs\/0912.5101."},{"issue":"8","key":"148_CR54","doi-asserted-by":"crossref","first-page":"1524","DOI":"10.1016\/j.jss.2010.03.046","volume":"83","author":"A Shabtai","year":"2010","unstructured":"Shabtai, A., Kanonov, U., & Elovici, Y. (2010a). Intrusion detection on mobile devices using the knowledge based temporal-abstraction method. Journal of Systems and Software, 83(8), 1524\u20131537.","journal-title":"Journal of Systems and Software"},{"key":"148_CR55","doi-asserted-by":"crossref","unstructured":"Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S., & Glezer, C. (2010b) Google android: A comprehensive security assessment. IEEE Security and Privacy Magazine. doi: 10.1109\/MSP.2010.2 .","DOI":"10.1109\/MSP.2010.2"},{"issue":"3","key":"148_CR56","doi-asserted-by":"crossref","first-page":"379","DOI":"10.1002\/j.1538-7305.1948.tb01338.x","volume":"27","author":"CE Shannon","year":"1948","unstructured":"Shannon, C. E. (1948). The mathematical theory of communication. The Bell system Technical Journal, 27(3), 379\u2013423.","journal-title":"The Bell system Technical Journal"},{"issue":"4","key":"148_CR57","doi-asserted-by":"crossref","first-page":"478","DOI":"10.1108\/02635570810868344","volume":"108","author":"DH Shih","year":"2008","unstructured":"Shih, D. H., Lin, B., Chiang, H. S., & Shih, M. H. (2008). Security aspects of mobile phone virus: A critical survey. Industrial Management & Data Systems, 108(4), 478\u2013494.","journal-title":"Industrial Management & Data Systems"},{"key":"148_CR58","doi-asserted-by":"crossref","first-page":"57","DOI":"10.1007\/11527725_7","volume":"3597","author":"TS Yap","year":"2005","unstructured":"Yap, T. S., & Ewe, H. T. (2005). A mobile phone malicious software detection model with behavior checker. Lecture Notes in Computer Science, 3597, 57\u201365.","journal-title":"Lecture Notes in Computer Science"},{"key":"148_CR59","doi-asserted-by":"crossref","unstructured":"Yin, H., Song, D., Egele, M., Krugel, C., & Kirda, E. (2007). Panorama: Capturing system-wide information flow for malware detection and analysis. In ACM conference on computer and communications security.","DOI":"10.1145\/1315245.1315261"}],"container-title":["Journal of Intelligent Information Systems"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10844-010-0148-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10844-010-0148-x\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10844-010-0148-x","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,7]],"date-time":"2019-06-07T15:14:48Z","timestamp":1559920488000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10844-010-0148-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011,1,6]]},"references-count":59,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2012,2]]}},"alternative-id":["148"],"URL":"https:\/\/doi.org\/10.1007\/s10844-010-0148-x","relation":{},"ISSN":["0925-9902","1573-7675"],"issn-type":[{"value":"0925-9902","type":"print"},{"value":"1573-7675","type":"electronic"}],"subject":[],"published":{"date-parts":[[2011,1,6]]}}}