{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,28]],"date-time":"2025-10-28T03:16:48Z","timestamp":1761621408288,"version":"3.37.3"},"reference-count":65,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/OAPA.html"}],"funder":[{"name":"TIM (Telecom Italia Group)"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2018]]},"DOI":"10.1109\/access.2018.2874502","type":"journal-article","created":{"date-parts":[[2018,10,8]],"date-time":"2018-10-08T22:57:22Z","timestamp":1539039442000},"page":"59540-59556","source":"Crossref","is-referenced-by-count":23,"title":["Countering Android Malware: A Scalable Semi-Supervised Approach for Family-Signature Generation"],"prefix":"10.1109","volume":"6","author":[{"given":"Andrea","family":"Atzeni","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Fernando","family":"Diaz","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1441-5798","authenticated-orcid":false,"given":"Andrea","family":"Marcelli","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Antonio","family":"Sanchez","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Giovanni","family":"Squillero","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alberto","family":"Tonda","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.16"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420999"},{"journal-title":"Clusthedroid Clustering android malware","year":"2015","author":"korczynski","key":"ref33"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1023\/A:1012801612483"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-2010-0410"},{"journal-title":"Anubis Analyzing Unknown Binaries","year":"2009","author":"bayer","key":"ref30"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/331499.331504"},{"journal-title":"Deep Learning","year":"2016","author":"goodfellow","key":"ref36"},{"key":"ref35","article-title":"Data mining cluster analysis: basic concepts and algorithms","author":"tan","year":"2013","journal-title":"Introduction to Data Mining"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23145"},{"key":"ref60","first-page":"1","article-title":"Automatically evading classifiers","author":"xu","year":"2016","journal-title":"Proc Symp Netw Distrib Syst"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1137\/1.9781611974010.27"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1145\/2666652.2666666"},{"key":"ref63","first-page":"323","article-title":"Incremental clustering for mining in a data warehousing environment","volume":"98","author":"ester","year":"1998","journal-title":"Proc VLDB"},{"key":"ref28","doi-asserted-by":"crossref","first-page":"108","DOI":"10.1007\/978-3-540-70542-0_6","article-title":"Learning and classification of malware behavior","author":"rieck","year":"2008","journal-title":"Detection of Intrusions and Malware and Vulnerability Assessment"},{"key":"ref64","first-page":"482","article-title":"An efficient density based incremental clustering algorithm in data warehousing environment","volume":"2","author":"goyal","year":"2011","journal-title":"Proc Int Conf Comput Eng Appl (IPCSIT)"},{"key":"ref27","doi-asserted-by":"crossref","first-page":"178","DOI":"10.1007\/978-3-540-74320-0_10","article-title":"Automated classification and analysis of Internet malware","author":"bailey","year":"2007","journal-title":"2nd Int Workshop Recent Advances in Intrusion Detection"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1016\/j.aej.2015.08.009"},{"key":"ref29","first-page":"518","article-title":"Similarity search in high dimensions via hashing","volume":"99","author":"gionis","year":"1999","journal-title":"VLDB"},{"key":"ref2","first-page":"463","article-title":"Android malware detection & protection: A survey","volume":"7","author":"arshad","year":"2016","journal-title":"Int J Adv Comput Sci Appl"},{"journal-title":"AndroidOS FakePlayer | Symantec","year":"2010","key":"ref1"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/ICDMW.2017.12"},{"key":"ref22","first-page":"410","article-title":"V-measure: A conditional entropy-based external evaluation measure","volume":"7","author":"rosenberg","year":"2007","journal-title":"Proceedings of EMNLP-CoNLL"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.21105\/joss.00205"},{"journal-title":"malicialab\/AVCLASS AVClass Malware Labeling Tool","year":"2016","key":"ref24"},{"key":"ref23","doi-asserted-by":"crossref","first-page":"230","DOI":"10.1007\/978-3-319-45719-2_11","article-title":"AVclass: A tool for massive malware labeling","author":"sebasti\u00e1n","year":"2016","journal-title":"Proc Int Symp Res Attacks Intrusions Defenses"},{"key":"ref26","first-page":"1","article-title":"Behavioral classification","author":"lee","year":"2006","journal-title":"Proc EICAR Conf"},{"key":"ref25","first-page":"52","article-title":"Experimental study of fuzzy hashing in malware clustering analysis","volume":"5","author":"li","year":"2015","journal-title":"Proc 8th Workshop Cyber Secur Exp Test"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1145\/1402958.1402979"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.34"},{"key":"ref59","doi-asserted-by":"crossref","first-page":"81","DOI":"10.1007\/11856214_5","article-title":"Paragraph: Thwarting signature learning by training maliciously","author":"newsome","year":"2006","journal-title":"2nd Int Workshop Recent Advances in Intrusion Detection"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.26"},{"key":"ref57","first-page":"1","article-title":"Kharon dataset: Android malware under a microscope","author":"kiss","year":"2016","journal-title":"Proc Workshop Learn Authoritative Secur Experim Results (LASER)"},{"journal-title":"Virus Bulletin Rule-Driven Malware Identification and Classification","year":"2008","key":"ref56"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom.2013.25"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/2523514.2523539"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2005.15"},{"key":"ref52","first-page":"232","article-title":"Automatically generating models for Botnet detection","author":"wurzinger","year":"2009","journal-title":"Proc Euro Symp Res Computer Security"},{"key":"ref10","first-page":"187","article-title":"MutantX-S: Scalable malware clustering based on static features","author":"hu","year":"2013","journal-title":"Proc USENIX Annu Tech Conf"},{"key":"ref11","first-page":"1","article-title":"Behavioral clustering of HTTP-based malware and signature generation using malicious network traces","volume":"10","author":"perdisci","year":"2010","journal-title":"Proc NSDI"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1007\/BF01206331"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046742"},{"key":"ref13","first-page":"8","article-title":"Scalable, behavior-based malware clustering","volume":"9","author":"bayer","year":"2009","journal-title":"Proc NDSS"},{"journal-title":"YARA&#x2014;The Pattern Matching Swiss Knife for Malware Researchers","year":"2013","key":"ref14"},{"journal-title":"Androguard Reverse Engineering Malware and Goodware Analysis of Android Applications $\\ldots$ and More (Ninja!)","year":"2011","author":"desnos","key":"ref15"},{"journal-title":"Droidbox An Android Application Sandbox for Dynamic Analysis","year":"2011","author":"desnos","key":"ref16"},{"key":"ref17","first-page":"226","article-title":"A density-based algorithm for discovering clusters in large spatial databases with noise","volume":"96","author":"ester","year":"1996","journal-title":"Proc KDD"},{"key":"ref18","first-page":"160","article-title":"Density-based clustering based on hierarchical density estimates","author":"campello","year":"2013","journal-title":"Proc Knowledge Discovery and Data Mining Conf"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/2733381"},{"key":"ref4","doi-asserted-by":"crossref","first-page":"98","DOI":"10.1007\/978-3-540-87403-4_6","article-title":"A study of the packer problem and its solutions","author":"guo","year":"2008","journal-title":"2nd Int Workshop Recent Advances in Intrusion Detection"},{"year":"2017","key":"ref3"},{"key":"ref6","first-page":"91","article-title":"CloudAV: N-version antivirus in the network cloud","author":"oberheide","year":"2008","journal-title":"Proc Usenix Secur Symp"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/LCN.2009.5355037"},{"journal-title":"Apktool&#x2014;A Tool for Reverse Engineering 3rd Party Closed Binary Android Apps","year":"2017","key":"ref8"},{"key":"ref7","first-page":"25","article-title":"ViewDroid: Towards obfuscation-resilient mobile application repackaging detection","author":"zhang","year":"2014","journal-title":"Proc ACM Conf Sec Privacy Wireless Mobile Netw"},{"key":"ref49","doi-asserted-by":"crossref","first-page":"21","DOI":"10.1007\/978-3-642-39235-1_2","article-title":"ProVeX: Detecting botnets with encrypted command and control channels","author":"rossow","year":"2013","journal-title":"Detection of Intrusions and Malware and Vulnerability Assessment"},{"journal-title":"an assembler\/disassembler for android's dex format Google Project Hosting","year":"2013","author":"freke","key":"ref9"},{"key":"ref46","first-page":"97","article-title":"An architecture for generating semantics-aware signatures","author":"yegneswaran","year":"2005","journal-title":"Proc Usenix Secur Symp"},{"key":"ref45","first-page":"227","article-title":"Anomalous payload-based worm detection and signature generation","author":"wang","year":"2005","journal-title":"2nd Int Workshop Recent Advances in Intrusion Detection"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/1774088.1774506"},{"key":"ref47","first-page":"15","article-title":"Hamsa: Fast signature generation for zero-day polymorphic worms with provable attack resilience","author":"li","year":"2006","journal-title":"Proc IEEE Symp Secur Privacy"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1145\/972374.972384"},{"key":"ref41","first-page":"112","article-title":"AV-Meter: An evaluation of antivirus scans and labels","author":"mohaisen","year":"2014","journal-title":"Detection of Intrusions and Malware and Vulnerability Assessment"},{"key":"ref44","first-page":"4","article-title":"Automated worm fingerprinting","volume":"6","author":"singh","year":"2004","journal-title":"Proc OSDI"},{"key":"ref43","first-page":"19","article-title":"Autograph: Toward automated, distributed worm signature detection","volume":"286","author":"kim","year":"2004","journal-title":"Proc Usenix Secur Symp"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6287639\/8274985\/08485352.pdf?arnumber=8485352","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,1,26]],"date-time":"2022-01-26T21:55:36Z","timestamp":1643234136000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8485352\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"references-count":65,"URL":"https:\/\/doi.org\/10.1109\/access.2018.2874502","relation":{},"ISSN":["2169-3536"],"issn-type":[{"type":"electronic","value":"2169-3536"}],"subject":[],"published":{"date-parts":[[2018]]}}}