{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,2]],"date-time":"2026-05-02T12:06:31Z","timestamp":1777723591689,"version":"3.51.4"},"reference-count":53,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2024,10,3]],"date-time":"2024-10-03T00:00:00Z","timestamp":1727913600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"},{"start":{"date-parts":[[2024,10,3]],"date-time":"2024-10-03T00:00:00Z","timestamp":1727913600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Comput Virol Hack Tech"],"DOI":"10.1007\/s11416-024-00536-y","type":"journal-article","created":{"date-parts":[[2024,10,3]],"date-time":"2024-10-03T13:03:08Z","timestamp":1727960588000},"page":"901-918","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["Experts still needed: boosting long-term android malware detection with active learning"],"prefix":"10.1007","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3655-5804","authenticated-orcid":false,"given":"Alejandro","family":"Guerra-Manzanares","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8882-4095","authenticated-orcid":false,"given":"Hayretdin","family":"Bahsi","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,10,3]]},"reference":[{"key":"536_CR1","doi-asserted-by":"crossref","unstructured":"Arp, D., Quiring, E., Pendlebury, F., Warnecke, A., Pierazzi, F., Wressnegger, C., Cavallaro, L., Rieck, K.: Dos and don\u2019ts of machine learning in computer security. In: Proceedings of the USENIX Security Symposium (2022)","DOI":"10.1109\/MSEC.2023.3287207"},{"key":"536_CR2","first-page":"274","volume":"1","author":"A Guerra-Manzanares","year":"2019","unstructured":"Guerra-Manzanares, A., Nomm, S., Bahsi, H.: In-depth feature selection and ranking for automated detection of mobile malware. ICISSP 1, 274\u2013283 (2019)","journal-title":"ICISSP"},{"issue":"12","key":"536_CR3","first-page":"2346","volume":"31","author":"J Lu","year":"2018","unstructured":"Lu, J., Liu, A., Dong, F., Gu, F., Gama, J., Zhang, G.: Learning under concept drift: a review. IEEE Trans. Knowl. Data Eng. 31(12), 2346\u20132363 (2018)","journal-title":"IEEE Trans. Knowl. Data Eng."},{"key":"536_CR4","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102835","volume":"122","author":"A Guerra-Manzanares","year":"2022","unstructured":"Guerra-Manzanares, A., Bahsi, H.: On the relativity of time: implications and challenges of data drift on long-term effective android malware detection. Comput. Secur. 122, 102835 (2022)","journal-title":"Comput. Secur."},{"key":"536_CR5","doi-asserted-by":"crossref","unstructured":"Guerra-Manzanares, A., Bahsi, H., Luckner, M.: Leveraging the first line of defense: A study on the evolution and usage of android security permissions for enhanced android malware detection. J. Comput. Virol. Hack. Tech. 19(1), 65\u201396 (2023)","DOI":"10.1007\/s11416-022-00432-3"},{"key":"536_CR6","unstructured":"Jordaney, R., Sharad, K., Dash, S., et\u00a0al.: Detecting concept drift in malware classification models. In: Proceedings of the 26th {USENIX} Security Symposium ({USENIX} Security 17), pp. 625\u2013642"},{"key":"536_CR7","doi-asserted-by":"crossref","unstructured":"Barbero, F., Pendlebury, F., Pierazzi, F., Cavallaro, L.: Transcending transcend: revisiting malware classification in the presence of concept drift. In: IEEE Symposium on Security and Privacy (SP). IEEE 2022, pp. 805\u2013823 (2022)","DOI":"10.1109\/SP46214.2022.9833659"},{"key":"536_CR8","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2022.117200","volume":"206","author":"A Guerra-Manzanares","year":"2022","unstructured":"Guerra-Manzanares, A., Luckner, M., Bahsi, H.: Android malware concept drift using system calls: detection, characterization and challenges. Expert Syst. Appl. 206, 117200 (2022)","journal-title":"Expert Syst. Appl."},{"key":"536_CR9","unstructured":"Dasgupta, S.: Coarse sample complexity bounds for active learning. Adv. Neural Inf. Process. Syst. 18 (2005)"},{"key":"536_CR10","unstructured":"Gatlan, S.: Google play protect fails android security tests once more. https:\/\/www.bleepingcomputer.com\/news\/security\/google-play-protect-fails-android-security-tests-once-more\/ (2021)"},{"key":"536_CR11","unstructured":"Kaspersky: Mobile security: android vs ios-which one is safer? https:\/\/www.kaspersky.com\/resource-center\/threats\/android-vs-iphone-mobile-security (2020)"},{"key":"536_CR12","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102399","volume":"110","author":"A Guerra-Manzanares","year":"2021","unstructured":"Guerra-Manzanares, A., Bahsi, H., N\u00f5mm, S.: Kronodroid: time-based hybrid-featured dataset for effective android malware detection and characterization. Comput. Secur. 110, 102399 (2021)","journal-title":"Comput. Secur."},{"issue":"13","key":"536_CR13","doi-asserted-by":"publisher","first-page":"1606","DOI":"10.3390\/electronics10131606","volume":"10","author":"J Senanayake","year":"2021","unstructured":"Senanayake, J., Kalutarage, H., Al-Kadri, M.O.: Android mobile malware detection using machine learning: a systematic review. Electronics 10(13), 1606 (2021)","journal-title":"Electronics"},{"key":"536_CR14","doi-asserted-by":"crossref","unstructured":"Guerra-Manzanares, A., Bahsi, H.: On the application of active learning to handle data evolution in android malware detection. In: International Conference on Digital Forensics and Cyber Crime. Springer, pp. 256\u2013273 (2022)","DOI":"10.1007\/978-3-031-36574-4_15"},{"key":"536_CR15","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-14142-8","volume-title":"Data Mining: The Textbook","author":"CC Aggarwal","year":"2015","unstructured":"Aggarwal, C.C.: Data Mining: The Textbook. Springer, Berlin (2015)"},{"key":"536_CR16","unstructured":"Settles, B.: Active learning literature survey (2009)"},{"key":"536_CR17","doi-asserted-by":"crossref","unstructured":"Settles, B., Craven, M.: An analysis of active learning strategies for sequence labeling tasks. In: Proceedings of the 2008 Conference on Empirical Methods in Natural Language Processing, pp. 1070\u20131079 (2008)","DOI":"10.3115\/1613715.1613855"},{"key":"536_CR18","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103654","volume":"138","author":"A Guerra-Manzanares","year":"2024","unstructured":"Guerra-Manzanares, A.: Machine learning for android malware detection: mission accomplished? a comprehensive review of open challenges and future perspectives. Comput. Secur. 138, 103654 (2024)","journal-title":"Comput. Secur."},{"issue":"2","key":"536_CR19","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3313391","volume":"22","author":"L Onwuzurike","year":"2019","unstructured":"Onwuzurike, L., Mariconti, E., Andriotis, P., Cristofaro, E.D., Ross, G., Stringhini, G.: Mamadroid: detecting android malware by building Markov chains of behavioral models (extended version). ACM Trans. Privacy Secur. (TOPS) 22(2), 1\u201334 (2019)","journal-title":"ACM Trans. Privacy Secur. (TOPS)"},{"key":"536_CR20","doi-asserted-by":"crossref","unstructured":"Xu, K., Li, Y., Deng, R., Chen, K., Xu, J.: Droidevolver: self-evolving android malware detection system. In: IEEE European Symposium on Security and Privacy (EuroS &P). IEEE 2019, pp. 47\u201362 (2019)","DOI":"10.1109\/EuroSP.2019.00014"},{"key":"536_CR21","unstructured":"Jordaney, R., Sharad, K., Dash, S.K., Wang, Z., Papini, D., Nouretdinov, I., Cavallaro, L.: Transcend: detecting concept drift in malware classification models. In: 26th USENIX Security Symposium (USENIX Security 17), pp. 625\u2013642 (2017)"},{"key":"536_CR22","doi-asserted-by":"crossref","unstructured":"Sculley, D., Otey, M.E., Pohl, M., Spitznagel, B., Hainsworth, J., Zhou, Y.: Detecting adversarial advertisements in the wild. In: Proceedings of the 17th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 274\u2013282 (2011)","DOI":"10.1145\/2020408.2020455"},{"key":"536_CR23","unstructured":"Whittaker, C., Ryner, B., Nazif, M.: Large-scale automatic classification of phishing pages. In: NDSS \u201910 (2010). http:\/\/www.isoc.org\/isoc\/conferences\/ndss\/10\/pdf\/08.pdf"},{"key":"536_CR24","doi-asserted-by":"publisher","first-page":"249","DOI":"10.1016\/j.neucom.2021.04.112","volume":"459","author":"SC Hoi","year":"2021","unstructured":"Hoi, S.C., Sahoo, D., Lu, J., Zhao, P.: Online learning: a comprehensive survey. Neurocomputing 459, 249\u2013289 (2021)","journal-title":"Neurocomputing"},{"issue":"1","key":"536_CR25","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1109\/TNNLS.2012.2236570","volume":"25","author":"I \u017dliobait\u0117","year":"2014","unstructured":"\u017dliobait\u0117, I., Bifet, A., Pfahringer, B., Holmes, G.: Active learning with drifting streaming data. IEEE Trans. Neural Netw. Learn. Syst. 25(1), 27\u201339 (2014)","journal-title":"IEEE Trans. Neural Netw. Learn. Syst."},{"key":"536_CR26","doi-asserted-by":"crossref","unstructured":"Chu, W., Zinkevich, M., Li, L., Thomas, A., Tseng, B.: Unbiased online active learning in data streams. In: Proceedings of the 17th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 195\u2013203 (2011)","DOI":"10.1145\/2020408.2020444"},{"issue":"2","key":"536_CR27","doi-asserted-by":"publisher","first-page":"486","DOI":"10.1109\/TNNLS.2018.2844332","volume":"30","author":"J Shan","year":"2018","unstructured":"Shan, J., Zhang, H., Liu, W., Liu, Q.: Online active learning ensemble framework for drifted data streams. IEEE Trans. Neural Netw. Learn. Syst. 30(2), 486\u2013498 (2018)","journal-title":"IEEE Trans. Neural Netw. Learn. Syst."},{"key":"536_CR28","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.neunet.2017.10.004","volume":"98","author":"S Mohamad","year":"2018","unstructured":"Mohamad, S., Sayed-Mouchaweh, M., Bouchachia, A.: Active learning for classifying data streams with unknown number of classes. Neural Netw. 98, 1\u201315 (2018)","journal-title":"Neural Netw."},{"key":"536_CR29","unstructured":"Lindstrom, P., Delany, S.J., Mac\u00a0Namee, B.: Handling concept drift in a text data stream constrained by high labelling cost. In: Twenty-Third International FLAIRS Conference (2010)"},{"key":"536_CR30","unstructured":"Pendlebury, F., Pierazzi, F., Jordaney, R., Kinder, J., Cavallaro, L.: {TESSERACT}: eliminating experimental bias in malware classification across space and time. In: 28th USENIX Security Symposium (USENIX Security 19), pp. 729\u2013746 (2019)"},{"key":"536_CR31","doi-asserted-by":"crossref","unstructured":"Miller, B., Kantchelian, A., Tschantz, M.C., Afroz, S., Bachwani, R., Faizullabhoy, R., Huang, L., Shankar, V., Wu, T., Yiu, G., et\u00a0al.: Reviewer integration and performance measurement for malware detection. In: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, pp. 122\u2013141 (2016)","DOI":"10.1007\/978-3-319-40667-1_7"},{"key":"536_CR32","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102838","volume":"121","author":"I Finder","year":"2022","unstructured":"Finder, I., Sheetrit, E., Nissim, N.: A time-interval-based active learning framework for enhanced PE malware acquisition and detection. Comput. Secur. 121, 102838 (2022)","journal-title":"Comput. Secur."},{"issue":"13","key":"536_CR33","doi-asserted-by":"publisher","first-page":"5843","DOI":"10.1016\/j.eswa.2014.02.053","volume":"41","author":"N Nissim","year":"2014","unstructured":"Nissim, N., Moskovitch, R., Rokach, L., Elovici, Y.: Novel active learning methods for enhanced pc malware detection in windows OS. Expert Syst. Appl. 41(13), 5843\u20135857 (2014)","journal-title":"Expert Syst. Appl."},{"key":"536_CR34","doi-asserted-by":"crossref","unstructured":"Zhang, X., Zhang, Y., Zhong, M., Ding, D., Cao, Y., Zhang, Y., Zhang, M., Yang, M.: Enhancing state-of-the-art classifiers with api semantics to detect evolved android malware. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, pp. 757\u2013770 (2020)","DOI":"10.1145\/3372297.3417291"},{"key":"536_CR35","unstructured":"Guerra-Manzanares, A., Bahsi, H.: On the application of active learning for efficient and effective iot botnet detection. Future Generation Computer Systems (2022). https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0167739X22003399"},{"key":"536_CR36","doi-asserted-by":"crossref","unstructured":"Andresini, G., Pendlebury, F., Pierazzi, F., Loglisci, C., Appice, A., Cavallaro, L.: Insomnia: towards concept-drift robustness in network intrusion detection. In: Proceedings of the 14th ACM Workshop on Artificial Intelligence and Security, pp. 111\u2013122 (2021)","DOI":"10.1145\/3474369.3486864"},{"key":"536_CR37","doi-asserted-by":"crossref","unstructured":"Riebe, T., Wirth, T., Bayer, M., K\u00fchn, P., Kaufhold, M.-A., Knauthe, V., Guthe, S., Reuter, C.: Cysecalert: an alert generation system for cyber security events using open source intelligence data. In: International Conference on Information and Communications Security. Springer, pp. 429\u2013446 (2021)","DOI":"10.1007\/978-3-030-86890-1_24"},{"issue":"3","key":"536_CR38","doi-asserted-by":"publisher","first-page":"631","DOI":"10.1109\/TIFS.2016.2631905","volume":"12","author":"N Nissim","year":"2016","unstructured":"Nissim, N., Cohen, A., Elovici, Y.: Aldocx: detection of unknown malicious microsoft office documents using designated active learning methods based on new structural feature extraction methodology. IEEE Trans. Inf. Forensics Secur. 12(3), 631\u2013646 (2016)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"536_CR39","doi-asserted-by":"crossref","unstructured":"Bhattacharjee, S.D., Talukder, A., Al-Shaer, E., Doshi, P.: Prioritized active learning for malicious url detection using weighted text-based features. In: 2017 IEEE International Conference on Intelligence and Security Informatics (ISI). IEEE, pp. 107\u2013112 (2017)","DOI":"10.1109\/ISI.2017.8004883"},{"key":"536_CR40","doi-asserted-by":"crossref","unstructured":"Miller, B., Kantchelian, A., Afroz, S., Bachwani, R., Dauber, E., Huang, L., Tschantz, M.C., Joseph, A.D., Tygar, J.D.: Adversarial active learning. In: Proceedings of the 2014 Workshop on Artificial Intelligent and Security Workshop, pp. 3\u201314 (2014)","DOI":"10.1145\/2666652.2666656"},{"key":"536_CR41","doi-asserted-by":"crossref","unstructured":"Zhao, W., Long, J., Yin, J., Cai, Z., Xia, G.: Sampling attack against active learning in adversarial environment. In: International Conference on Modeling Decisions for Artificial Intelligence. Springer, pp. 222\u2013233 (2012)","DOI":"10.1007\/978-3-642-34620-0_21"},{"key":"536_CR42","doi-asserted-by":"crossref","unstructured":"Shu, D., Leslie, N.O., Kamhoua, C.A., Tucker, C.S.: Generative adversarial attacks against intrusion detection systems using active learning. In: Proceedings of the 2nd ACM Workshop on Wireless Security and Machine Learning, pp. 1\u20136 (2020)","DOI":"10.1145\/3395352.3402618"},{"key":"536_CR43","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102757","volume":"120","author":"A Guerra-Manzanares","year":"2022","unstructured":"Guerra-Manzanares, A., Luckner, M., Bahsi, H.: Concept drift and cross-device behavior: challenges and implications for effective android malware detection. Comput. Secur. 120, 102757 (2022)","journal-title":"Comput. Secur."},{"key":"536_CR44","unstructured":"Natarajan, N., Dhillon, I.S., Ravikumar, P.K., Tewari, A.: Learning with noisy labels. Adv. Neural Inf. Process. Syst. 26 (2013)"},{"key":"536_CR45","doi-asserted-by":"crossref","unstructured":"Guerra-Manzanares, A., Bahsi, H., N\u00f5mm, S.: Differences in android behavior between real device and emulator: a malware detection perspective. In: 2019 Sixth International Conference on Internet of Things: Systems, Management and Security (IOTSMS). IEEE, pp. 399\u2013404 (2019)","DOI":"10.1109\/IOTSMS48152.2019.8939268"},{"key":"536_CR46","doi-asserted-by":"crossref","unstructured":"Guerra-Manzanares, A., N\u00f5mm, S., Bahsi, H.: Time-frame analysis of system calls behavior in machine learning-based mobile malware detection. In: 2019 International Conference on Cyber Security for Emerging Technologies (CSET). IEEE, pp. 1\u20138 (2019)","DOI":"10.1109\/CSET.2019.8904908"},{"key":"536_CR47","doi-asserted-by":"crossref","unstructured":"Mohammed, R., Rawashdeh, J., Abdullah, M.: Machine learning with oversampling and undersampling techniques: overview study and experimental results. In: 11th International Conference on Information and Communication Systems (ICICS). IEEE 2020, pp. 243\u2013248 (2020)","DOI":"10.1109\/ICICS49469.2020.239556"},{"key":"536_CR48","doi-asserted-by":"crossref","unstructured":"Kan, Z., Pendlebury, F., Pierazzi, F., Cavallaro, L.: Investigating labelless drift adaptation for malware detection. In: Proceedings of the 14th ACM Workshop on Artificial Intelligence and Security, pp. 123\u2013134 (2021)","DOI":"10.1145\/3474369.3486873"},{"key":"536_CR49","doi-asserted-by":"crossref","unstructured":"Dasgupta, S., Kalai, A.T., Monteleoni, C.: Analysis of perceptron-based active learning. In: International Conference on Computational Learning Theory. Springer, pp. 249\u2013263 (2005)","DOI":"10.1007\/11503415_17"},{"key":"536_CR50","doi-asserted-by":"crossref","unstructured":"Sch\u00fctze, H., Velipasaoglu, E., Pedersen, J.O.: Performance thresholding in practical text classification. In: Proceedings of the 15th ACM International Conference on Information and Knowledge Management, pp. 662\u2013671 (2006)","DOI":"10.1145\/1183614.1183709"},{"key":"536_CR51","doi-asserted-by":"crossref","unstructured":"Lewis, D.D., Catlett, J.: Heterogeneous uncertainty sampling for supervised learning. In: Machine Learning Proceedings. Elsevier 1994, pp. 148\u2013156 (1994)","DOI":"10.1016\/B978-1-55860-335-6.50026-X"},{"issue":"6","key":"536_CR52","doi-asserted-by":"publisher","first-page":"1323","DOI":"10.1109\/TASL.2009.2033421","volume":"18","author":"J Zhu","year":"2009","unstructured":"Zhu, J., Wang, H., Tsou, B.K., Ma, M.: Active learning with sampling by uncertainty and density for data annotations. IEEE Trans. Audio Speech Lang. Process. 18(6), 1323\u20131331 (2009)","journal-title":"IEEE Trans. Audio Speech Lang. Process."},{"key":"536_CR53","doi-asserted-by":"crossref","unstructured":"Du, B., Wang, Z., Zhang, L., Zhang, L., Liu, W., Shen, J., Tao, D.: Exploring representativeness and informativeness for active learning. IEEE Trans. Cybern. 47(1), 14\u201326 (2015)","DOI":"10.1109\/TCYB.2015.2496974"}],"container-title":["Journal of Computer Virology and Hacking Techniques"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-024-00536-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11416-024-00536-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-024-00536-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,15]],"date-time":"2024-10-15T15:15:39Z","timestamp":1729005339000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11416-024-00536-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10,3]]},"references-count":53,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2024,11]]}},"alternative-id":["536"],"URL":"https:\/\/doi.org\/10.1007\/s11416-024-00536-y","relation":{},"ISSN":["2263-8733"],"issn-type":[{"value":"2263-8733","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,10,3]]},"assertion":[{"value":"11 May 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"30 July 2024","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"3 October 2024","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethics declarations"}},{"value":"The authors declare that they have no Conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}]}}