{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,22]],"date-time":"2026-02-22T18:21:50Z","timestamp":1771784510622,"version":"3.50.1"},"reference-count":57,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2023,8,22]],"date-time":"2023-08-22T00:00:00Z","timestamp":1692662400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,8,22]],"date-time":"2023-08-22T00:00:00Z","timestamp":1692662400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Comput Virol Hack Tech"],"DOI":"10.1007\/s11416-023-00495-w","type":"journal-article","created":{"date-parts":[[2023,8,22]],"date-time":"2023-08-22T15:02:50Z","timestamp":1692716570000},"page":"71-93","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":15,"title":["Android ransomware detection using a novel hamming distance based feature selection"],"prefix":"10.1007","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2865-2794","authenticated-orcid":false,"given":"Hashida Haidros","family":"Rahima Manzil","sequence":"first","affiliation":[]},{"given":"S. Manohar","family":"Naik","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,8,22]]},"reference":[{"issue":"2","key":"495_CR1","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/2089125.2089126","volume":"44","author":"M Egele","year":"2008","unstructured":"Egele, M., Scholte, T., Kirda, E., Kruegel, C.: A survey on automated dynamic malware-analysis techniques and tools. ACM Comput. Surv. (CSUR) 44(2), 1\u201342 (2008)","journal-title":"ACM Comput. Surv. (CSUR)"},{"issue":"2","key":"495_CR2","doi-asserted-by":"publisher","first-page":"341","DOI":"10.1109\/TETC.2017.2756908","volume":"8","author":"S Homayoun","year":"2017","unstructured":"Homayoun, S., Dehghantanha, A., Ahmadzadeh, M., Hashemi, S., Khayami, R.: Know abnormal, find evil: frequent pattern mining for ransomware threat hunting and intelligence. IEEE Trans. Emerg. Top. Comput. 8(2), 341\u2013351 (2017)","journal-title":"IEEE Trans. Emerg. Top. Comput."},{"issue":"1","key":"495_CR3","first-page":"10","volume":"13","author":"R Richardson","year":"2017","unstructured":"Richardson, R., North, M.M.: Ransomware: evolution, mitigation and prevention. Int. Manag. Rev. 13(1), 10 (2017)","journal-title":"Int. Manag. Rev."},{"issue":"5","key":"495_CR4","first-page":"871","volume":"6","author":"S Patel","year":"2018","unstructured":"Patel, S., Kumar, P., Garg, S., Kumar, R.: Face recognition based smart attendance system using IoT. Int. J. Comput. Sci. Eng. 6(5), 871\u2013877 (2018)","journal-title":"Int. J. Comput. Sci. Eng."},{"key":"495_CR5","doi-asserted-by":"publisher","first-page":"379","DOI":"10.1007\/978-981-15-7527-3_37","volume-title":"Research in Intelligent and Computing in Engineering: Select Proceedingsof RICE 2020","author":"S Jimada","year":"2021","unstructured":"Jimada, S., Nguyen, T.D.L., Sanda, J., Vududala, S.K.: Analysis of ransomware, methodologies used by attackers and mitigation techniques. In: Sanda, J. (ed.) Research in Intelligent and Computing in Engineering: Select Proceedingsof RICE 2020, pp. 379\u2013387. Springer, Berlin (2021)"},{"issue":"1","key":"495_CR6","doi-asserted-by":"publisher","first-page":"105","DOI":"10.1016\/j.eij.2020.05.003","volume":"22","author":"M Humayun","year":"2021","unstructured":"Humayun, M., Jhanjhi, N., Alsayat, A., Ponnusamy, V.: Internet of things and ransomware: evolution, mitigation and prevention. Egypt. Inform. J. 22(1), 105\u2013117 (2021)","journal-title":"Egypt. Inform. J."},{"key":"495_CR7","unstructured":"Mobile Malware Evolution\u2014Securelist. https:\/\/securelist.com\/mobile-malware-evolution-2021\/105876\/ (2012). Accessed 12 April 2012"},{"key":"495_CR8","unstructured":"Google Android Ransomware Attacks\u2014MSSP Alert. https:\/\/www.msspalert.com\/cybersecurity-breaches-and-attacks\/ransomware\/android-malware-targets-mobile-apps-microsoft-finds\/ (2012). Accessed 12 April 2012"},{"key":"495_CR9","unstructured":"The Rise of Android Ransomware. www.welivesecurity.com\/wp-content\/uploads\/2016\/02\/Rise_of_Android_Ransomware.pdf (2012). Accessed 13 April 2012"},{"issue":"16","key":"495_CR10","doi-asserted-by":"publisher","first-page":"6272","DOI":"10.1002\/cpe.6272","volume":"33","author":"S Sharma","year":"2021","unstructured":"Sharma, S., Kumar, R., Rama Krishna, C.: A survey on analysis and detection of android ransomware. Concurr. Comput.: Pract. Exp. 33(16), 6272 (2021)","journal-title":"Concurr. Comput.: Pract. Exp."},{"key":"495_CR11","unstructured":"APKTool. https:\/\/ibotpeaches.github.io\/Apktool\/ (2023). Accessed 01 Oct 2023"},{"key":"495_CR12","unstructured":"JADAX. https:\/\/github.com\/skylot\/jadx (2023). Accessed 01 Sept 2023"},{"key":"495_CR13","unstructured":"Android Studio. https:\/\/developer.android.com\/studio\/debug\/apk-debugger (2023). Accessed 01 Sept 2023"},{"key":"495_CR14","doi-asserted-by":"crossref","unstructured":"Taheri, L., Kadir, A.F.A., Lashkari, A.H.: Extensible Android Malware Detection and Family Classification Using Network-flows and API-calls. IEEE. https:\/\/www.unb.ca\/cic\/datasets\/invesandmal2019.html","DOI":"10.1109\/CCST.2019.8888430"},{"key":"495_CR15","doi-asserted-by":"crossref","unstructured":"Lashkari, A.H., Kadir, A.F.A., Taheri, L., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark android malware datasets and classification, pp. 1\u20137. IEEE (2018)","DOI":"10.1109\/CCST.2018.8585560"},{"key":"495_CR16","first-page":"23","volume":"14","author":"D Arp","year":"2014","unstructured":"Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., Siemens, C.: DREBIN: effective and explainable detection of android malware in your pocket. NDSS 14, 23\u201326 (2014)","journal-title":"NDSS"},{"key":"495_CR17","unstructured":"Contagio MiniDump. http:\/\/contagiominidump.blogspot.com\/ (2021). Accessed 11 Dec 2021"},{"key":"495_CR18","volume":"38","author":"V Sihag","year":"2021","unstructured":"Sihag, V., Vardhan, M., Singh, P.: Blade: robust malware detection against obfuscation in android. Forensic Sci. Int.: Digit. Investig. 38, 301176 (2021)","journal-title":"Forensic Sci. Int.: Digit. Investig."},{"issue":"1","key":"495_CR19","doi-asserted-by":"publisher","first-page":"114","DOI":"10.1109\/TST.2016.7399288","volume":"21","author":"Z Yuan","year":"2016","unstructured":"Yuan, Z., Lu, Y., Xue, Y.: Droiddetector: android malware characterization and detection using deep learning. Tsinghua Sci. Technol. 21(1), 114\u2013123 (2016)","journal-title":"Tsinghua Sci. Technol."},{"key":"495_CR20","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2020.107069","volume":"102","author":"N Zhang","year":"2021","unstructured":"Zhang, N., Tan, Y.-A., Yang, C., Li, Y.: Deep learning feature exploration for android malware detection. Appl. Soft Comput. 102, 107069 (2021)","journal-title":"Appl. Soft Comput."},{"key":"495_CR21","doi-asserted-by":"crossref","unstructured":"Alsoghyer, S., Almomani, I.: On the effectiveness of application permissions for android ransomware detection. In: 2020 6th Conference on Data Science and Machine Learning Applications (CDMA), IEEE. pp. 94\u201399 (2020)","DOI":"10.1109\/CDMA47397.2020.00022"},{"key":"495_CR22","doi-asserted-by":"publisher","first-page":"211","DOI":"10.1016\/j.future.2018.07.052","volume":"90","author":"H Zhang","year":"2019","unstructured":"Zhang, H., Xiao, X., Mercaldo, F., Ni, S., Martinelli, F., Sangaiah, A.K.: Classification of ransomware families with machine learning based onn-gram of opcodes. Futur. Gener. Comput. Syst. 90, 211\u2013221 (2019)","journal-title":"Futur. Gener. Comput. Syst."},{"key":"495_CR23","doi-asserted-by":"crossref","unstructured":"Abdullah, Z., Muhadi, F.W., Saudi, M.M., Hamid, I.R.A., Foozy, C.F.M.: Android ransomware detection based on dynamic obtained features. In: Recent Advances on Soft Computing and Data Mining: Proceedings of the Fourth International Conference on Soft Computing and Data Mining (SCDM 2020), Melaka, Malaysia, 22\u201323 Jan 2020. Springer, Berlin. pp. 121\u2013129 (2020)","DOI":"10.1007\/978-3-030-36056-6_12"},{"key":"495_CR24","volume":"37","author":"S Sharma","year":"2021","unstructured":"Sharma, S., Krishna, C.R., Kumar, R.: Ransomdroid: forensic analysis and detection of android ransomware using unsupervised machine learning technique. Forensic Sci. Int.: Digit. Investig. 37, 301168 (2021)","journal-title":"Forensic Sci. Int.: Digit. Investig."},{"key":"495_CR25","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2022.107903","volume":"100","author":"U Ahmed","year":"2022","unstructured":"Ahmed, U., Lin, J.C.-W., Srivastava, G.: Mitigating adversarial evasion attacks of ransomware using ensemble learning. Comput. Electr. Eng. 100, 107903 (2022)","journal-title":"Comput. Electr. Eng."},{"key":"495_CR26","doi-asserted-by":"crossref","unstructured":"Andronio, N., Zanero, S., Maggi, F.: Heldroid: Dissecting and detecting mobile ransomware. In: Research in Attacks, Intrusions, and Defenses: 18th International Symposium, RAID 2015, Kyoto, Japan, November 2\u20134, 2015. Proceedings 18, Springer, Berlin. pp. 382\u2013404 (2015)","DOI":"10.1007\/978-3-319-26362-5_18"},{"issue":"5","key":"495_CR27","doi-asserted-by":"publisher","first-page":"1286","DOI":"10.1109\/TIFS.2017.2787905","volume":"13","author":"J Chen","year":"2017","unstructured":"Chen, J., Wang, C., Zhao, Z., Chen, K., Du, R., Ahn, G.-J.: Uncovering the face of android ransomware: characterization and real-time detection. IEEE Trans. Inf. Forens. Secur. 13(5), 1286\u20131300 (2017)","journal-title":"IEEE Trans. Inf. Forens. Secur."},{"key":"495_CR28","unstructured":"VirusTotal. https:\/\/www.virustotal.com\/gui\/home\/upload (2023). Accessed 15 Jan 2023"},{"key":"495_CR29","unstructured":"Koodous. https:\/\/goo.gl\/RVxfxL (2023). Accessed 15 Jan 2023"},{"key":"495_CR30","doi-asserted-by":"crossref","unstructured":"Allix, K., Bissyand\u00e9, T.F., Klein, J., Le\u00a0Traon, Y.: Androzoo: collecting millions of android apps for the research community. In: Proceedings of the 13th International Conference on Mining Software Repositories, pp. 468\u2013471 (2016)","DOI":"10.1145\/2901739.2903508"},{"key":"495_CR31","doi-asserted-by":"publisher","DOI":"10.1145\/3579822","author":"N Lachtar","year":"2021","unstructured":"Lachtar, N., Ibdah, D., Khan, H., Bacha, A.: Ransomshield: a visualization approach to defending mobile systems against ransomware. ACM Transact. Privacy Secur. (2021). https:\/\/doi.org\/10.1145\/3579822","journal-title":"ACM Transact. Privacy Secur."},{"key":"495_CR32","doi-asserted-by":"publisher","first-page":"128754","DOI":"10.1109\/ACCESS.2022.3227579","volume":"10","author":"MS Hossain","year":"2022","unstructured":"Hossain, M.S., Hasan, N., Samad, M.A., Shakhawat, H.M., Karmoker, J., Ahmed, F., Fuad, K.N., Choi, K.: Android ransomware detection from traffic analysis using metaheuristic feature selection. IEEE Access 10, 128754\u2013128763 (2022)","journal-title":"IEEE Access"},{"key":"495_CR33","unstructured":"Sgandurra, D., Mu\u00f1oz-Gonz\u00e1lez, L., Mohsen, R., Lupu, E.C.: Automated dynamic analysis of ransomware: benefits, limitations and use for detection. arXiv preprint arXiv:1609.03020 (2016)"},{"key":"495_CR34","doi-asserted-by":"crossref","unstructured":"Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., Kirda, E.: Cutting the gordian knot: A look under the hood of ransomware attacks. In: Detection of Intrusions and Malware, and Vulnerability Assessment: 12th International Conference, DIMVA 2015, Milan, Italy, 9\u201310 July 2015. Proceedings 12, pp. 3\u201324. Springer, Berlin (2015)","DOI":"10.1007\/978-3-319-20550-2_1"},{"key":"495_CR35","unstructured":"Kharraz, A., Arshad, S., Mulliner, C., Robertson, W.K., Kirda, E.: Unveil: a large-scale, automated approach to detecting ransomware. In: USENIX Security Symposium, vol. 25. Austin, Texas (2016)"},{"key":"495_CR36","doi-asserted-by":"crossref","unstructured":"Continella, A., Guagnelli, A., Zingaro, G., De\u00a0Pasquale, G., Barenghi, A., Zanero, S., Maggi, F.: Shieldfs: a self-healing, ransomware-aware filesystem. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 336\u2013347 (2016)","DOI":"10.1145\/2991079.2991110"},{"key":"495_CR37","doi-asserted-by":"crossref","unstructured":"Scaife, N., Carter, H., Traynor, P., Butler, K.R.: Cryptolock (and drop it): stopping ransomware attacks on user data. In: 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pp. 303\u2013312. IEEE (2016)","DOI":"10.1109\/ICDCS.2016.46"},{"key":"495_CR38","doi-asserted-by":"crossref","unstructured":"Kolodenker, E., Koch, W., Stringhini, G., Egele, M.: Paybreak: defense against cryptographic ransomware. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 599\u2013611 (2017)","DOI":"10.1145\/3052973.3053035"},{"key":"495_CR39","doi-asserted-by":"publisher","DOI":"10.1155\/2016\/2946735","author":"S Song","year":"2016","unstructured":"Song, S., Kim, B., Lee, S.: The effective ransomware prevention technique using process monitoring on android platform. Mobile Inf. Syst. (2016). https:\/\/doi.org\/10.1155\/2016\/2946735","journal-title":"Mobile Inf. Syst."},{"issue":"4","key":"495_CR40","doi-asserted-by":"publisher","first-page":"285","DOI":"10.1007\/s11416-021-00414-x","volume":"18","author":"F Manavi","year":"2022","unstructured":"Manavi, F., Hamzeh, A.: A novel approach for ransomware detection based on PE header using graph embedding. J. Comput. Virol. Hack. Tech. 18(4), 285\u2013296 (2022)","journal-title":"J. Comput. Virol. Hack. Tech."},{"issue":"5","key":"495_CR41","first-page":"1984","volume":"34","author":"S Kok","year":"2022","unstructured":"Kok, S., Abdullah, A., Jhanjhi, N.: Early detection of crypto-ransomware using pre-encryption detection algorithm. J. King Saud Univ. Comput. Inf. Sci. 34(5), 1984\u20131999 (2022)","journal-title":"J. King Saud Univ. Comput. Inf. Sci."},{"key":"495_CR42","doi-asserted-by":"crossref","unstructured":"Sharma, G., Johri, A., Goel, A., Gupta, A., et al.: Enhancing ransomwareelite app for detection of ransomware in android applications. In: 2018 Eleventh International Conference on Contemporary Computing (IC3), pp. 1\u20134. IEEE (2018)","DOI":"10.1109\/IC3.2018.8530614"},{"key":"495_CR43","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1016\/j.cose.2016.11.007","volume":"65","author":"A Feizollah","year":"2017","unstructured":"Feizollah, A., Anuar, N.B., Salleh, R., Suarez-Tangil, G., Furnell, S.: Androdialysis: analysis of android intent effectiveness in malware detection. Comput. Secur. 65, 121\u2013134 (2017)","journal-title":"Comput. Secur."},{"key":"495_CR44","doi-asserted-by":"publisher","first-page":"708","DOI":"10.1016\/j.future.2019.09.025","volume":"110","author":"B Zhang","year":"2020","unstructured":"Zhang, B., Xiao, W., Xiao, X., Sangaiah, A.K., Zhang, W., Zhang, J.: Ransomware classification using patch-based CNN and self-attention network on embedded n-grams of opcodes. Futur. Gener. Comput. Syst. 110, 708\u2013720 (2020)","journal-title":"Futur. Gener. Comput. Syst."},{"key":"495_CR45","first-page":"107","volume-title":"Leveraging Support Vector Machine for Opcode Density Based Detection of Crypto-Ransomware","author":"J Baldwin","year":"2018","unstructured":"Baldwin, J., Dehghantanha, A.: Leveraging Support Vector Machine for Opcode Density Based Detection of Crypto-Ransomware, pp. 107\u2013136. Springer, Berlin (2018)"},{"key":"495_CR46","doi-asserted-by":"crossref","unstructured":"Vinayakumar, R., Soman, K., Velan, K.S., Ganorkar, S.: Evaluating shallow and deep networks for ransomware detection and classification. In: 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 259\u2013265. IEEE (2017)","DOI":"10.1109\/ICACCI.2017.8125850"},{"key":"495_CR47","doi-asserted-by":"crossref","unstructured":"Takeuchi, Y., Sakai, K., Fukumoto, S.: Detecting ransomware using support vector machines. In: Workshop Proceedings of the 47th International Conference on Parallel Processing, pp. 1\u20136 (2018)","DOI":"10.1145\/3229710.3229726"},{"key":"495_CR48","doi-asserted-by":"crossref","unstructured":"Yang, T., Yang, Y., Qian, K., Lo, D.C.-T., Qian, Y., Tao, L.: Automated detection and analysis for android ransomware. In: 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems, pp. 1338\u20131343. IEEE (2015)","DOI":"10.1109\/HPCC-CSS-ICESS.2015.39"},{"key":"495_CR49","doi-asserted-by":"crossref","unstructured":"Ferrante, A., Malek, M., Martinelli, F., Mercaldo, F., Milosevic, J.: Extinguishing ransomware-a hybrid approach to android ransomware detection. In: Foundations and Practice of Security: 10th International Symposium, FPS 2017, Nancy, France, October 23\u201325, 2017, Revised Selected Papers 10, pp. 242\u2013258. Springer, Berlin (2018)","DOI":"10.1007\/978-3-319-75650-9_16"},{"key":"495_CR50","first-page":"16","volume-title":"A Framework for Supporting Ransomware Detection and Prevention Based on Hybrid Analysis","author":"A Cuzzocrea","year":"2021","unstructured":"Cuzzocrea, A., Mercaldo, F., Martinelli, F.: A Framework for Supporting Ransomware Detection and Prevention Based on Hybrid Analysis, pp. 16\u201327. Springer, Berlin (2021)"},{"key":"495_CR51","doi-asserted-by":"crossref","unstructured":"Gharib, A., Ghorbani, A.: Dna-droid: a real-time android ransomware detection framework. In: Network and System Security: 11th International Conference, NSS 2017, Helsinki, Finland, August 21\u201323, 2017, Proceedings 11, pp. 184\u2013198. Springer, Berlin (2017)","DOI":"10.1007\/978-3-319-64701-2_14"},{"key":"495_CR52","unstructured":"R-PackDroid. https:\/\/goo.gl\/RVxfxL (2023). Accessed 15 Jan 2023"},{"key":"495_CR53","unstructured":"Hybrid Analysis. https:\/\/www.hybrid-analysis.com\/ (2023). Accessed 15 Jan 2023"},{"key":"495_CR54","unstructured":"Open Malware. http:\/\/www.offensivecomputing.net\/ (2023). Accessed 15 Jan 2023"},{"key":"495_CR55","unstructured":"Malwr. http:\/\/contagiodump.blogspot.in\/ (2023). Accessed 15 01 2023"},{"key":"495_CR56","unstructured":"Malware DB. https:\/\/github.com\/ytisf\/theZoo\/ (2023). Accessed 15 Jan 2023"},{"key":"495_CR57","unstructured":"VirusShare. https:\/\/virustotal.com\/ (2023). Accessed 15 Jan 2023"}],"container-title":["Journal of Computer Virology and Hacking Techniques"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-023-00495-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11416-023-00495-w\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-023-00495-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,26]],"date-time":"2024-10-26T15:37:56Z","timestamp":1729957076000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11416-023-00495-w"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,8,22]]},"references-count":57,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2024,3]]}},"alternative-id":["495"],"URL":"https:\/\/doi.org\/10.1007\/s11416-023-00495-w","relation":{},"ISSN":["2263-8733"],"issn-type":[{"value":"2263-8733","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,8,22]]},"assertion":[{"value":"7 June 2022","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"23 June 2023","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"22 August 2023","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}]}}