{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,19]],"date-time":"2025-12-19T15:51:31Z","timestamp":1766159491799,"version":"build-2065373602"},"reference-count":42,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2024,7,31]],"date-time":"2024-07-31T00:00:00Z","timestamp":1722384000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,7,31]],"date-time":"2024-07-31T00:00:00Z","timestamp":1722384000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"DOI":"10.13039\/501100001843","name":"Science and Engineering Research Board","doi-asserted-by":"publisher","award":["TAR\/2023\/000443"],"award-info":[{"award-number":["TAR\/2023\/000443"]}],"id":[{"id":"10.13039\/501100001843","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Innovations Syst Softw Eng"],"published-print":{"date-parts":[[2025,12]]},"DOI":"10.1007\/s11334-024-00572-3","type":"journal-article","created":{"date-parts":[[2024,7,31]],"date-time":"2024-07-31T14:40:56Z","timestamp":1722436856000},"page":"1109-1122","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Leveraging machine learning for proactive detection and mitigation of Android RAT"],"prefix":"10.1007","volume":"21","author":[{"given":"Subhasish","family":"Ghosh","sequence":"first","affiliation":[]},{"given":"Jithin","family":"Ponduru","sequence":"additional","affiliation":[]},{"given":"Mukesh","family":"Thatikonda","sequence":"additional","affiliation":[]},{"given":"Amit Kr","family":"Mandal","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,7,31]]},"reference":[{"key":"572_CR1","unstructured":"AhMyth (2020) Ahmyth Android RAT. https:\/\/github.com\/AhMyth\/AhMyth-Android-RAT. Accessed 19 Apr 2023"},{"key":"572_CR2","unstructured":"Ani (2023) Apple hack warnings: Mos Rajeev Chandrashekhar rebuts Washington post; says report has \u201chalf facts, fully embellished\u201d. The Hindu. https:\/\/www.thehindu.com\/news\/national\/apple-hack-warnings-mos-rajeev-chandrashekhar-rebuts-washington-post-says-report-has-half-facts-fully-embellished\/article67685918.ece. Accessed 03 Jan 2024"},{"key":"572_CR3","unstructured":"Babayeva K (2021) Android mischief dataset. https:\/\/data.mendeley.com\/datasets\/xbx2j63xfd\/1"},{"key":"572_CR4","doi-asserted-by":"publisher","unstructured":"Blancaflor E, De Mata KKF, Peralta JC et al (2023) Remote access penetration testing simulation on a mobile phone using Camphish, storm-breaker, & ghost framework. In: 2023 13th International Conference on Software Technology and Engineering (ICSTE). IEEE, pp 20\u201325. https:\/\/doi.org\/10.1109\/ICSTE61649.2023.00011","DOI":"10.1109\/ICSTE61649.2023.00011"},{"key":"572_CR5","unstructured":"Bonderud D (2023) Romcom rat attack analysis: fake it to make it. Security Intelligence. https:\/\/securityintelligence.com\/articles\/romcom-rat-attack-analysis\/ Accessed 21 May 2023"},{"key":"572_CR6","unstructured":"ay Boyd C (2023) Malware creator who compromised 10,000 computers arrested. MalwarebytesLab. https:\/\/www.malwarebytes.com\/blog\/news\/2023\/03\/creator-of-rat-disguised-as-fake-game-application-arrested. Accessed 21 May 2023"},{"key":"572_CR7","unstructured":"CYBER-GH507 (2020) Droidjack-4.4. https:\/\/github.com\/CYBER-GH507\/DROIDJACK-4.4-CRACKED-. Accessed 18 Apr 2023"},{"key":"572_CR8","doi-asserted-by":"publisher","unstructured":"Dai B, Chen RC, Zhu SZ et al (2018) Using random forest algorithm for breast cancer diagnosis. In: 2018 International symposium on computer, consumer and control (IS3C). IEEE, pp 449\u2013452. https:\/\/doi.org\/10.1109\/IS3C.2018.00119","DOI":"10.1109\/IS3C.2018.00119"},{"key":"572_CR9","doi-asserted-by":"publisher","unstructured":"Dietterich TG (2000) Ensemble methods in machine learning. In: International workshop on multiple classifier systems. Springer, pp 1\u201315. https:\/\/doi.org\/10.1007\/3-540-45014-9_1","DOI":"10.1007\/3-540-45014-9_1"},{"key":"572_CR10","unstructured":"Dodia R, Bhati P (2019) Saefko: A new multi-layered rat. https:\/\/www.zscaler.com\/blogs\/security-research\/saefko-new-multi-layered-rat. Accessed 18 Apr 2023"},{"key":"572_CR11","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s13593-016-0364-z","volume":"36","author":"Y Everingham","year":"2016","unstructured":"Everingham Y, Sexton J, Skocaj D et al (2016) Accurate prediction of sugarcane yield using a random forest algorithm. Agron Sustain Dev 36:1\u20139","journal-title":"Agron Sustain Dev"},{"key":"572_CR12","unstructured":"Farinholt BR (2019) Understanding the remote access trojan malware ecosystem through the lens of the infamous DarkComet RAT. PhD thesis, UC San Diego. https:\/\/escholarship.org\/uc\/item\/3vv544n5"},{"issue":"7","key":"572_CR13","doi-asserted-by":"publisher","first-page":"374","DOI":"10.3390\/info14070374","volume":"14","author":"P Faruki","year":"2023","unstructured":"Faruki P, Bhan R, Jain V et al (2023) A survey and evaluation of android-based malware evasion techniques and detection frameworks. Information 14(7):374. https:\/\/doi.org\/10.3390\/info14070374","journal-title":"Information"},{"issue":"4","key":"572_CR14","doi-asserted-by":"publisher","first-page":"367","DOI":"10.1016\/S0167-9473(01)00065-2","volume":"38","author":"JH Friedman","year":"2002","unstructured":"Friedman JH (2002) Stochastic gradient boosting. Comput Stat Data Anal 38(4):367\u2013378. https:\/\/doi.org\/10.1016\/S0167-9473(01)00065-2","journal-title":"Comput Stat Data Anal"},{"key":"572_CR15","doi-asserted-by":"publisher","unstructured":"Gonen S, Karacayilmaz G, Artuner H et al (2023) Cyber attack detection with encrypted network connection analysis. In: International symposium on intelligent manufacturing and service systems. Springer, pp 622\u2013629. https:\/\/doi.org\/10.1007\/978-981-99-6062-0_57","DOI":"10.1007\/978-981-99-6062-0_57"},{"issue":"11","key":"572_CR16","doi-asserted-by":"publisher","first-page":"1894","DOI":"10.3390\/electronics9111894","volume":"9","author":"C Guo","year":"2020","unstructured":"Guo C, Song Z, Ping Y et al (2020) PRATD: a phased remote access trojan detection method with double-sided features. Electronics 9(11):1894. https:\/\/doi.org\/10.3390\/electronics9111894","journal-title":"Electronics"},{"key":"572_CR17","unstructured":"Gupta S (2019) Hawkshaw. https:\/\/github.com\/Ch0pin\/Android-RAT---Hawkshaw. Accessed 18 Apr 2023"},{"key":"572_CR18","doi-asserted-by":"publisher","unstructured":"Hwa KC, Manickam S, Al-Shareeda MA (2022) Review of peer-to-peer botnets and detection mechanisms. Preprint arXiv:2207.12937https:\/\/doi.org\/10.48550\/arXiv.2207.12937","DOI":"10.48550\/arXiv.2207.12937"},{"key":"572_CR19","doi-asserted-by":"publisher","unstructured":"Jaiswal JK, Samikannu R (2017) Application of random forest algorithm on feature subset selection and classification and regression. In: 2017 world congress on computing and communication technologies (WCCCT). IEEE, pp 65\u201368. https:\/\/doi.org\/10.1109\/WCCCT.2016.25","DOI":"10.1109\/WCCCT.2016.25"},{"key":"572_CR20","doi-asserted-by":"publisher","unstructured":"Jiang D, Omote K (2015) An approach to detect remote access trojan in the early stage of communication. In: 2015 IEEE 29th international conference on advanced information networking and applications. pp 706\u2013713. https:\/\/doi.org\/10.1109\/AINA.2015.257","DOI":"10.1109\/AINA.2015.257"},{"key":"572_CR21","doi-asserted-by":"publisher","unstructured":"Jiang D, Omote K (2015) An approach to detect remote access trojan in the early stage of communication. In: 2015 IEEE 29th international conference on advanced information networking and applications. pp 706\u2013713. https:\/\/doi.org\/10.1109\/AINA.2015.257","DOI":"10.1109\/AINA.2015.257"},{"issue":"4","key":"572_CR22","doi-asserted-by":"publisher","first-page":"1","DOI":"10.4018\/IJDCF.2019100101","volume":"11","author":"W Jiang","year":"2019","unstructured":"Jiang W, Wu X, Cui X et al (2019) A highly efficient remote access trojan detection method. Int J Digit Crime Forensics 11(4):1\u201313. https:\/\/doi.org\/10.4018\/IJDCF.2019100101","journal-title":"Int J Digit Crime Forensics"},{"key":"572_CR23","doi-asserted-by":"publisher","unstructured":"Karo-Karo GFM, Harumnanda MSA, Lim C (2023) Investigating multiple malware as a service (MAAS): analysis and prevention techniques. In: 2023 IEEE international conference on cryptography, informatics, and cybersecurity (ICoCICs). IEEE, pp 270\u2013274. https:\/\/doi.org\/10.1109\/ICoCICs58778.2023.10277515","DOI":"10.1109\/ICoCICs58778.2023.10277515"},{"key":"572_CR24","doi-asserted-by":"publisher","first-page":"16568","DOI":"10.1109\/ACCESS.2017.2738069","volume":"5","author":"W Lin","year":"2017","unstructured":"Lin W, Wu Z, Lin L et al (2017) An ensemble random forest algorithm for insurance big data analysis. IEEE Access 5:16568\u201316575. https:\/\/doi.org\/10.1109\/ACCESS.2017.2738069","journal-title":"IEEE Access"},{"key":"572_CR25","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2023.109990","volume":"236","author":"S Lv","year":"2023","unstructured":"Lv S, Wang C, Wang Z et al (2023) AAE-DSVDD: a one-class classification model for VPN traffic identification. Comput Netw 236:109990. https:\/\/doi.org\/10.1016\/j.comnet.2023.109990","journal-title":"Comput Netw"},{"issue":"6","key":"572_CR26","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3638240","volume":"56","author":"P Maniriho","year":"2024","unstructured":"Maniriho P, Mahmood AN, Chowdhury MJM (2024) A survey of recent advances in deep learning models for detecting malware in desktop and mobile platforms. ACM Comput Surv 56(6):1\u201341. https:\/\/doi.org\/10.1145\/3638240","journal-title":"ACM Comput Surv"},{"key":"572_CR27","doi-asserted-by":"publisher","unstructured":"Mimura M, Otsubo Y, Tanaka H et al (2017) A practical experiment of the http-based rat detection method in proxy server logs. In: 2017 12th Asia joint conference on information security (AsiaJCIS). IEEE, pp 31\u201337. https:\/\/doi.org\/10.1109\/AsiaJCIS.2017.13","DOI":"10.1109\/AsiaJCIS.2017.13"},{"key":"572_CR28","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103628","volume":"137","author":"B Pi","year":"2024","unstructured":"Pi B, Guo C, Cui Y et al (2024) Remote access trojan traffic early detection method based on Markov matrices and deep learning. Comput Secur 137:103628. https:\/\/doi.org\/10.1016\/j.cose.2023.103628","journal-title":"Comput Secur"},{"key":"572_CR29","doi-asserted-by":"publisher","unstructured":"Rudie J, Katz Z, Kuhbander S et al (2021) Technical analysis of the NSO group\u2019s Pegasus spyware. In: 2021 international conference on computational science and computational intelligence (CSCI). IEEE, pp 747\u2013752. https:\/\/doi.org\/10.1109\/CSCI54926.2021.00188","DOI":"10.1109\/CSCI54926.2021.00188"},{"key":"572_CR30","unstructured":"Singh N (2021) Androrat. https:\/\/github.com\/karma9874\/AndroRAT. Accessed 18 Apr 2023"},{"issue":"2","key":"572_CR31","doi-asserted-by":"publisher","DOI":"10.1002\/spy2.355","volume":"7","author":"NJ Singh","year":"2024","unstructured":"Singh NJ, Hoque N, Singh KR et al (2024) Botnet-based IoT network traffic analysis using deep learning. Secur Priv 7(2):e355. https:\/\/doi.org\/10.1002\/spy2.355","journal-title":"Secur Priv"},{"key":"572_CR32","unstructured":"SWAT Calls (2020) Spy-max. https:\/\/github.com\/swatcalls\/spy-max. Accessed 18 Apr 2023"},{"key":"572_CR33","unstructured":"Toulas B (2023) Romcom rat attack analysis: fake it to make it. BleepingComputer.com. https:\/\/www.bleepingcomputer.com\/news\/security\/rat-developer-arrested-for-infecting-10-000-pcs-with-malware\/. Accessed 21 May 2023"},{"key":"572_CR34","unstructured":"Unit TA (2022) Vmware threat report\u2014exposing malware in Linux-based multi-cloud environments. VMware Security Blog. https:\/\/blogs.vmware.com\/security\/2022\/02\/2022-vmware-threat-report-exposing-malware-in-linux-based-multi-cloud-environments.html. Accessed 13 Mar 2023"},{"key":"572_CR35","unstructured":"Valeros V (2022) A study of remote access trojans. https:\/\/github.com\/stratosphereips\/a-study-of-remote-access-trojans. Accessed 18 Apr 2023"},{"key":"572_CR36","doi-asserted-by":"publisher","unstructured":"Valeros V, Garcia S (2020) Growth and commoditization of remote access trojans. In: 2020 IEEE European symposium on security and privacy workshops (EuroS &PW). pp 454\u2013462. https:\/\/doi.org\/10.1109\/EuroSPW51379.2020.00067","DOI":"10.1109\/EuroSPW51379.2020.00067"},{"key":"572_CR37","doi-asserted-by":"publisher","unstructured":"Wu S, Liu S, Lin W et al (2017) Detecting remote access trojans through external control at area network borders. In: 2017 ACM\/IEEE symposium on architectures for networking and communications systems (ANCS). pp 131\u2013141. https:\/\/doi.org\/10.1109\/ANCS.2017.27","DOI":"10.1109\/ANCS.2017.27"},{"key":"572_CR38","doi-asserted-by":"publisher","unstructured":"Xu A, Cai X, Li M et al (2019) A collaborative characteristic event sequence based identification method for cyberattacks in cyber-physical system. In: 2019 IEEE 9th annual international conference on CYBER technology in automation, control, and intelligent systems (CYBER). pp 513\u2013518. https:\/\/doi.org\/10.1109\/CYBER46603.2019.9066579","DOI":"10.1109\/CYBER46603.2019.9066579"},{"issue":"3","key":"572_CR39","doi-asserted-by":"publisher","first-page":"1621","DOI":"10.1109\/TDSC.2020.3032570","volume":"19","author":"R Yang","year":"2022","unstructured":"Yang R, Chen X, Xu H et al (2022) RATScope: recording and reconstructing missing rat semantic behaviors for forensic analysis on windows. IEEE Trans Dependable Secure Comput 19(3):1621\u20131638. https:\/\/doi.org\/10.1109\/TDSC.2020.3032570","journal-title":"IEEE Trans Dependable Secure Comput"},{"key":"572_CR40","doi-asserted-by":"publisher","unstructured":"Zhang Y, Xue H, Lin J et al (2023) Er-ert: a method of ensemble representation learning of encrypted rat traffic. In: 2023 IFIP networking conference (IFIP networking). pp 1\u201310. https:\/\/doi.org\/10.23919\/IFIPNetworking57963.2023.10186391","DOI":"10.23919\/IFIPNetworking57963.2023.10186391"},{"key":"572_CR41","doi-asserted-by":"publisher","first-page":"22","DOI":"10.1016\/j.inffus.2021.02.009","volume":"72","author":"J Zhao","year":"2021","unstructured":"Zhao J, Jing X, Yan Z et al (2021) Network traffic classification for data fusion: a survey. Inf Fusion 72:22\u201347. https:\/\/doi.org\/10.1016\/j.inffus.2021.02.009","journal-title":"Inf Fusion"},{"key":"572_CR42","doi-asserted-by":"publisher","unstructured":"Zhu H, Wu Z, Tian J et al (2018) A network behavior analysis method to detect reverse remote access trojan. In: 2018 IEEE 9th international conference on software engineering and service science (ICSESS). pp 1007\u20131010. https:\/\/doi.org\/10.1109\/ICSESS.2018.8663903","DOI":"10.1109\/ICSESS.2018.8663903"}],"container-title":["Innovations in Systems and Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11334-024-00572-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11334-024-00572-3\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11334-024-00572-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,15]],"date-time":"2025-10-15T03:03:13Z","timestamp":1760497393000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11334-024-00572-3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7,31]]},"references-count":42,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2025,12]]}},"alternative-id":["572"],"URL":"https:\/\/doi.org\/10.1007\/s11334-024-00572-3","relation":{},"ISSN":["1614-5046","1614-5054"],"issn-type":[{"type":"print","value":"1614-5046"},{"type":"electronic","value":"1614-5054"}],"subject":[],"published":{"date-parts":[[2024,7,31]]},"assertion":[{"value":"28 April 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"13 July 2024","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"31 July 2024","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no Conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}]}}