{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,17]],"date-time":"2026-03-17T02:13:22Z","timestamp":1773713602356,"version":"3.50.1"},"reference-count":80,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"2","license":[{"start":{"date-parts":[[2026,3,1]],"date-time":"2026-03-01T00:00:00Z","timestamp":1772323200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2026,3,1]],"date-time":"2026-03-01T00:00:00Z","timestamp":1772323200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,3,1]],"date-time":"2026-03-01T00:00:00Z","timestamp":1772323200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"National Key R&#x0026;D Program of China","award":["2024YFB4506200"],"award-info":[{"award-number":["2024YFB4506200"]}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62202457"],"award-info":[{"award-number":["62202457"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"YuanTu Large Research Infrastructure"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2026,3]]},"DOI":"10.1109\/tdsc.2025.3639708","type":"journal-article","created":{"date-parts":[[2025,12,3]],"date-time":"2025-12-03T18:45:28Z","timestamp":1764787528000},"page":"3708-3722","source":"Crossref","is-referenced-by-count":1,"title":["LibPass: An Entropy-Guided Black-Box Adversarial Attack Against Third-Party Library Detection Tools in the Wild"],"prefix":"10.1109","volume":"23","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-9246-6468","authenticated-orcid":false,"given":"Bolin","family":"Zhou","sequence":"first","affiliation":[{"name":"Institute of Software, Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5561-9829","authenticated-orcid":false,"given":"Jingzheng","family":"Wu","sequence":"additional","affiliation":[{"name":"Institute of Software, Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7377-7844","authenticated-orcid":false,"given":"Xiang","family":"Ling","sequence":"additional","affiliation":[{"name":"Institute of Software, Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-8129-0582","authenticated-orcid":false,"given":"Jingkun","family":"Zhang","sequence":"additional","affiliation":[{"name":"Institute of Software, Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7407-8255","authenticated-orcid":false,"given":"Tianyue","family":"Luo","sequence":"additional","affiliation":[{"name":"Institute of Software, Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3409711"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/WCRE.2013.6671293"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/tse.2021.3114381"},{"key":"ref4","first-page":"3385","article-title":"LibScan: Towards more precise third-party library identification for android applications","volume-title":"Proc. 32nd USENIX Secur. Symp.","author":"Wu","year":"2023"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/2637364.2592003"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134059"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2019.2956690"},{"key":"ref8","article-title":"oss-security - backdoor in upstream xz\/liblzma leading to SSH server compromise","year":"2024"},{"key":"ref9","article-title":"Introducing mavengate: A supply chain attack method for java and android applications","year":"2024"},{"key":"ref10","article-title":"Unseen dangers: Hidden mobile app security risks in android libraries","author":"Huber","year":"2023"},{"key":"ref11","article-title":"Third-party libraries are one of the most insecure parts of an application","author":"Wisseman","year":"2016"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/3597503.3623347"},{"key":"ref13","article-title":"Regulation (eu) 2016\/679 of the European parliament and of the council of 27 april 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95\/46\/ec (general data protection regulation) (text with eea relevance)","year":"2016"},{"key":"ref14","article-title":"California consumer privacy act (CCPA)","year":"2024"},{"key":"ref15","first-page":"83","article-title":"Deldroid: An automated approach for determination and enforcement of least-privilege architecture in android","volume-title":"J. Syst. Softw.","volume":"149","author":"Hammad","year":"2019"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/ICSA.2017.18"},{"key":"ref17","first-page":"553","article-title":"AdSplit: Separating smartphone advertising from applications","volume-title":"Proc. 21st USENIX Secur. Symp.","author":"Shekhar","year":"2012"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/2523649.2523652"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/3597503.3639132"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2017.23"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978333"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/3366423.3380242"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.29"},{"key":"ref24","first-page":"1021","article-title":"Brahmastra: Driving apps to test the security of third-party components","volume-title":"Proc. 23rd USENIX Secur. Symp.","author":"Bhoraskar","year":"2014"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00150"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/tse.2022.3215628"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/3691620.3695554"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/3468264.3468597"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510229"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/3639476.3639762"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510104"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM48880.2022.9796786"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23353"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3623117"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3485387"},{"key":"ref36","first-page":"7393","article-title":"A wolf in sheep\u2019s clothing: Practical black-box adversarial attacks for evading learning-based windows malware detection in the wild","volume-title":"Proc. 33rd USENIX Secur. Symp.","author":"Ling","year":"2024"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/2889160.2889178"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2018.8330204"},{"key":"ref39","volume-title":"Nature-Inspired Metaheuristic Algorithms: Second Edition","author":"Yang","year":"2010"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/Trustcom.2015.377"},{"key":"ref41","first-page":"240","article-title":"Androdet: An adaptive android obfuscation detector","volume-title":"Future Gener. Comput. Syst.","volume":"90","author":"Mirzaei","year":"2019"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978422"},{"issue":"2","key":"ref43","first-page":"1","article-title":"String deobfuscation scheme based on dynamic code extraction for mobile malwares","volume":"4","author":"Yoo","year":"2016","journal-title":"IT Convergence Pract."},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/issnip.2014.6827639"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/2742647.2742668"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/icse.2017.38"},{"key":"ref47","article-title":"CVE","year":"2024"},{"key":"ref48","article-title":"NVD - NVD","year":"2024"},{"key":"ref49","article-title":"OSV - open source vulnerabilities","year":"2025"},{"key":"ref50","article-title":"First - improving security together","year":"2025"},{"key":"ref51","article-title":"Hackerone| #1 trusted security platform and hacker program","year":"2025"},{"key":"ref52","article-title":"Home| zero day initiative","year":"2025"},{"key":"ref53","article-title":"Awesome CVE POC","year":"2020"},{"key":"ref54","article-title":"Exploit database - exploits for penetration testers, researchers, and ethical hackers","year":"2025"},{"key":"ref55","first-page":"1401","article-title":"Practical data-only attack generation","volume-title":"Proc. 33rd USENIX Secur. Symp.","author":"Johannesmeyer","year":"2024"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1145\/1134271.1134282"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.24963\/ijcai.2021\/381"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1145\/1500518.1500651"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/tse.2017.2766070"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1109\/tse.2020.3042553"},{"key":"ref61","article-title":"Optimal fog node selection based on hybrid particle swarm optimization and firefly algorithm in dynamic fog computing services","volume-title":"Eng. Appl. Artif. Intell.","volume":"121","author":"Ogundoyin","year":"2023"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1631\/fitee.2000691"},{"key":"ref63","first-page":"48","article-title":"A bio-inspired approach: Firefly algorithm for multi-depot vehicle routing problem with time windows","volume-title":"Comput. Commun.","volume":"190","author":"Yesodha","year":"2022"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1109\/TSC.2023.3293048"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1007\/s11042-020-10139-6"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1007\/s00500-016-2474-6"},{"issue":"383","key":"ref67","first-page":"374","article-title":"Firefly algorithm with neighborhood attraction","volume-title":"Inf. Sci.","volume":"382","author":"Wang","year":"2017"},{"key":"ref68","article-title":"Hybrid firefly algorithm with grouping attraction for constrained optimization problem","volume-title":"Knowl.-Based Syst.","volume":"220","author":"Cheng","year":"2021"},{"issue":"2","key":"ref69","article-title":"Improved hybrid firefly algorithm with probability attraction model","volume-title":"Mathematics","volume":"11","author":"Bei","year":"2023"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pone.0112634"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1007\/s00500-016-2104-3"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1145\/355744.355745"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1145\/3197231.3197248"},{"key":"ref74","first-page":"1181","article-title":"Black-box adversarial example attack towards FCG based android malware detection under incomplete feature information","volume-title":"Proc. 32nd USENIX Secur. Symp.","author":"Li","year":"2023"},{"key":"ref75","article-title":"Soot - A J*va optimization framework 4.5.0-SNAPSHOT API","author":"OSS","year":"2024"},{"key":"ref76","article-title":"Codearts governance","author":"Cloud","year":"2025"},{"key":"ref77","article-title":"Tencent cloud","author":"Cloud","year":"2024"},{"key":"ref78","article-title":"Scantist software composition analysis","author":"Ltd.","year":"2024"},{"key":"ref79","doi-asserted-by":"crossref","DOI":"10.1145\/3756681.3756933","article-title":"Version-level third-party library detection in android applications via class structural similarity","volume-title":"Proc. Int. Conf. Eval. Assessment Softw. Eng.","author":"Zhou","year":"2025"},{"key":"ref80","article-title":"Obfuscapk: An open-source black-box obfuscation tool for Android apps","volume-title":"SoftwareX","volume":"11","author":"Aonzo","year":"2020"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/8858\/11434575\/11275815.pdf?arnumber=11275815","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,17]],"date-time":"2026-03-17T01:16:30Z","timestamp":1773710190000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11275815\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,3]]},"references-count":80,"journal-issue":{"issue":"2"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2025.3639708","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,3]]}}}