{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,17]],"date-time":"2026-03-17T02:13:18Z","timestamp":1773713598068,"version":"3.50.1"},"reference-count":68,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"2","license":[{"start":{"date-parts":[[2026,3,1]],"date-time":"2026-03-01T00:00:00Z","timestamp":1772323200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2026,3,1]],"date-time":"2026-03-01T00:00:00Z","timestamp":1772323200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,3,1]],"date-time":"2026-03-01T00:00:00Z","timestamp":1772323200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"Hong Kong RGC Project","award":["PolyU15231223"],"award-info":[{"award-number":["PolyU15231223"]}]},{"name":"Open Foundation of Key Laboratory of Cyberspace Security"},{"DOI":"10.13039\/501100002338","name":"Ministry of Education of China","doi-asserted-by":"crossref","id":[{"id":"10.13039\/501100002338","id-type":"DOI","asserted-by":"crossref"}]},{"name":"Henan Key Laboratory of Network Cryptography","award":["KLCS20240305"],"award-info":[{"award-number":["KLCS20240305"]}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62502173"],"award-info":[{"award-number":["62502173"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Postdoctoral Fellowship Program of CPSF","award":["GZB20240248"],"award-info":[{"award-number":["GZB20240248"]}]},{"DOI":"10.13039\/501100002858","name":"China Postdoctoral Science Foundation","doi-asserted-by":"publisher","award":["2024M751010"],"award-info":[{"award-number":["2024M751010"]}],"id":[{"id":"10.13039\/501100002858","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2026,3]]},"DOI":"10.1109\/tdsc.2025.3642903","type":"journal-article","created":{"date-parts":[[2025,12,11]],"date-time":"2025-12-11T18:48:29Z","timestamp":1765478909000},"page":"4103-4120","source":"Crossref","is-referenced-by-count":0,"title":["Why Not Diversify Triggers? APK-Specific Backdoor Attack Against Android Malware Detection"],"prefix":"10.1109","volume":"23","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8045-8983","authenticated-orcid":false,"given":"Heng","family":"Li","sequence":"first","affiliation":[{"name":"Huazhong University of Science and Technology, Wuhan, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bang","family":"Wu","sequence":"additional","affiliation":[{"name":"Huazhong University of Science and Technology, Wuhan, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-5351-1901","authenticated-orcid":false,"given":"Zhiyuan","family":"Yao","sequence":"additional","affiliation":[{"name":"Huazhong University of Science and Technology, Wuhan, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0709-3361","authenticated-orcid":false,"given":"Cuiying","family":"Gao","sequence":"additional","affiliation":[{"name":"JD.com, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5867-5364","authenticated-orcid":false,"given":"Wei","family":"Yuan","sequence":"additional","affiliation":[{"name":"Huazhong University of Science and Technology, Wuhan, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6156-6946","authenticated-orcid":false,"given":"Beihao","family":"Xia","sequence":"additional","affiliation":[{"name":"Huazhong University of Science and Technology, Wuhan, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9082-3208","authenticated-orcid":false,"given":"Xiapu","family":"Luo","sequence":"additional","affiliation":[{"name":"The Hong Kong Polytechnic University, Hong Kong"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23353"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23247"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/3446776"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2019.00279"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-58607-2_11"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV48922.2021.00750"},{"key":"ref7","first-page":"1","article-title":"Poster: BadGPT: Exploring security vulnerabilities of chatGPT via backdoor attacks to instructGPT","volume-title":"Proc. Netw. Distrib. Syst. Secur. Symp.","author":"Shi","year":"2023"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM48880.2022.9796878"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v38i4.28104"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.11.007"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2021.3094824"},{"key":"ref12","first-page":"1487","article-title":"Explanation-guided backdoor poisoning attacks against malware classifiers","volume-title":"Proc. 30th USENIX Secur. Symp.","author":"Severi","year":"2021"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179347"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/2133601.2133640"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33167-1_3"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2012.114"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2017.2656460"},{"key":"ref18","first-page":"1181","article-title":"Black-box adversarial example attack towards FCG based android malware detection under incomplete feature information","volume-title":"Proc. 32th USENIX Secur. Symp.","author":"Li","year":"2023"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00073"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1007\/s10922-021-09634-4"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359790"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00031"},{"key":"ref23","first-page":"1","article-title":"Detecting backdoor attacks on deep neural networks by activation clustering","volume-title":"Proc. AAAI Conf. Artif. Intell.","author":"Chen","year":"2019"},{"key":"ref24","first-page":"2361","article-title":"Measuring and modeling the label dynamics of online anti-malware engines","volume-title":"Proc. 29th USENIX Secur. Symp.","author":"Zhu","year":"2020"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2018.2806891"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/2901739.2903508"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/TSMC.2019.2958382"},{"key":"ref28","doi-asserted-by":"crossref","first-page":"1560","DOI":"10.1145\/3377811.3380354","article-title":"Unsuccessful story about few shot malware family classification and siamese network to the rescue","volume-title":"Proc. ACM\/IEEE 42nd Int. Conf. Softw. Eng.","author":"Bai","year":"2020"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2013.05.008"},{"key":"ref30","article-title":"Alienvault - open threat exchange","year":"2012"},{"key":"ref31","article-title":"Virscan. org - free multi-engine online virus scanner","year":"2022"},{"key":"ref32","article-title":"Metadefender cloud| homepage","year":"2012"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/2568225.2568286"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-43936-4_9"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664275"},{"key":"ref36","first-page":"8011","article-title":"Spectral signatures in backdoor attacks","volume-title":"Proc. Neural Inf. Process. Syst.","author":"Tran","year":"2018"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363216"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427264"},{"key":"ref39","article-title":"Tencent application treasure","year":"2012"},{"key":"ref40","first-page":"12080","article-title":"Metapoison: Practical general-purpose clean-label data poisoning","volume-title":"Proc. Neural Inf. Process. Syst.","author":"Huang","year":"2020"},{"key":"ref41","first-page":"1","article-title":"beta-VAE: Learning basic visual concepts with a constrained variational framework","volume-title":"Proc. Int. Conf. Learn. Representations","author":"Higgins","year":"2017"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23145"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1145\/3446905"},{"key":"ref44","article-title":"Virustotal","year":"2019"},{"key":"ref45","first-page":"3971","article-title":"Dos and don\u2019ts of machine learning in computer security","volume-title":"Proc. 31st USENIX Secur. Symp.","author":"Arp","year":"2022"},{"key":"ref46","doi-asserted-by":"crossref","first-page":"1560","DOI":"10.1145\/3377811.3380354","article-title":"Unsuccessful story about few shot malware family classification and siamese network to the rescue","volume-title":"Proc. ACM\/IEEE 42nd Int. Conf. Softw. Eng.","author":"Bai","year":"2020"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/3442381.3450044"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23379"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2017.57"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417291"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1145\/3442381.3450044"},{"key":"ref52","first-page":"2343","article-title":"On training robust $\\lbrace${PDF$\\rbrace$} malware classifiers","volume-title":"Proc. 29th USENIX Secur. Symp. (USENIX Secur. 20)","author":"Chen","year":"2020"},{"issue":"86","key":"ref53","first-page":"2579","article-title":"Visualizing data using t-sne","volume":"9","author":"Maaten","year":"2008","journal-title":"J. Mach. Learn. Res."},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/spw67851.2025.00017"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/bigdata.2018.8622324"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102264"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-87839-9_4"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1145\/3674805.3690745"},{"key":"ref59","article-title":"Targeted backdoor attacks on deep learning systems using data poisoning","author":"Chen","year":"2017","journal-title":"CoRR"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516716"},{"key":"ref61","first-page":"1","article-title":"Intriguing properties of neural networks","volume-title":"Proc. Int. Conf. Learn. Representations","author":"Szegedy","year":"2014"},{"key":"ref62","article-title":"Label-consistent backdoor attacks","author":"Turner","year":"2019"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1145\/3605764.3623919"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1145\/3588432.3591500"},{"key":"ref65","first-page":"1","article-title":"Towards smooth video composition","volume-title":"Proc. 11th Int. Conf. Learn. Representations","author":"Zhang","year":"2023"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1109\/JSYST.2019.2906120"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-19-8991-9_29"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1109\/AI4Mobile.2019.8672711"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/8858\/11434575\/11297833.pdf?arnumber=11297833","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,17]],"date-time":"2026-03-17T01:16:12Z","timestamp":1773710172000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11297833\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,3]]},"references-count":68,"journal-issue":{"issue":"2"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2025.3642903","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,3]]}}}