{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,1]],"date-time":"2026-06-01T14:56:08Z","timestamp":1780325768395,"version":"3.54.1"},"reference-count":85,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2020,3,31]],"date-time":"2020-03-31T00:00:00Z","timestamp":1585612800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"North Atlantic Treaty Organization (NATO) Science for Peace and Security (SPS) programme","award":["grant G5319"],"award-info":[{"award-number":["grant G5319"]}]},{"DOI":"10.13039\/100000183","name":"Army Research Office","doi-asserted-by":"publisher","award":["W911NF1410358"],"award-info":[{"award-number":["W911NF1410358"]}],"id":[{"id":"10.13039\/100000183","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100007297","name":"Office of Naval Research","doi-asserted-by":"publisher","award":["grants N00014-15-1-2007 and N00014-16-1-2896"],"award-info":[{"award-number":["grants N00014-15-1-2007 and N00014-16-1-2896"]}],"id":[{"id":"10.13039\/100007297","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Manage. Inf. Syst."],"published-print":{"date-parts":[[2020,3,31]]},"abstract":"\n According to Nokia\u2019s 2017 Threat Intelligence Report, 68.5% of malware targets the Android platform; Windows is second with 28%, followed by iOS and other platforms with 3.5%. The Android spyware family U\n A<\/jats:sc>\n P\n USH<\/jats:sc>\n was responsible for the most infections, and several of the top 20 most common Android malware were spyware. Simply put, modern spyware steals the basic information needed to fuel more deadly attacks such as ransomware and banking fraud. Not surprisingly, some forms of spyware are also classified as banking trojans (e.g., A\n CE<\/jats:sc>\n C\n ARD<\/jats:sc>\n ). We present a data-driven characterization of the principal factors that distinguish modern Android spyware (July 2016\u2013July 2017) both from goodware and other Android malware, using both traditional and deep ML. First, we propose an Ensemble Late Fusion (ELF) architecture that combines the results of multiple classifiers\u2019 predicted probabilities to generate a final prediction. We show that ELF outperforms several of the best-known traditional and deep learning classifiers. Second, we automatically identify key features that distinguish spyware both from goodware and from other malware. Finally we present a detailed analysis of the factors distinguishing five important families of Android spyware: U\n A<\/jats:sc>\n P\n USH<\/jats:sc>\n , P\n INCER<\/jats:sc>\n , H\n E<\/jats:sc>\n H\n E<\/jats:sc>\n , USBC\n LEAVER<\/jats:sc>\n , and A\n CE<\/jats:sc>\n C\n ARD<\/jats:sc>\n (the last is a hybrid spyware-banking trojan).\n <\/jats:p>","DOI":"10.1145\/3382158","type":"journal-article","created":{"date-parts":[[2020,4,11]],"date-time":"2020-04-11T02:04:31Z","timestamp":1586570671000},"page":"1-38","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":27,"title":["A Data-driven Characterization of Modern Android Spyware"],"prefix":"10.1145","volume":"11","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1254-1758","authenticated-orcid":false,"given":"Fabio","family":"Pierazzi","sequence":"first","affiliation":[{"name":"King\u2019s College London, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Ghita","family":"Mezzour","sequence":"additional","affiliation":[{"name":"International University of Rabat, FIL, TICLab, Morocco"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Qian","family":"Han","sequence":"additional","affiliation":[{"name":"Dartmouth College, Hanover, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Michele","family":"Colajanni","sequence":"additional","affiliation":[{"name":"University of Modena and Reggio Emilia, Italy"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"V. S.","family":"Subrahmanian","sequence":"additional","affiliation":[{"name":"Dartmouth College, Hanover, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2020,4,10]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"[n.d.]. Retrieved from https:\/\/www.virustotal.com\/. [n.d.]. Retrieved from https:\/\/www.virustotal.com\/."},{"key":"e_1_2_1_2_1","unstructured":"[n.d.]. Retrieved from https:\/\/github.com\/pjlantz\/droidbox. [n.d.]. Retrieved from https:\/\/github.com\/pjlantz\/droidbox."},{"key":"e_1_2_1_3_1","volume-title":"Retrieved","year":"2017","unstructured":"[n.d.]. Retrieved July 2017 from Koodous . https:\/\/koodous.com\/. [n.d.]. Retrieved July 2017 from Koodous. https:\/\/koodous.com\/."},{"key":"e_1_2_1_4_1","unstructured":"[n.d.]. Whaling Emerges as Major Cybersecurity Threat. Retrieved from https:\/\/www.cio.com\/article\/3059621\/security\/whaling-emerges-as-major-cybersecurity-threat.html. [n.d.]. Whaling Emerges as Major Cybersecurity Threat. Retrieved from https:\/\/www.cio.com\/article\/3059621\/security\/whaling-emerges-as-major-cybersecurity-threat.html."},{"key":"e_1_2_1_5_1","unstructured":"2017. McAfee Mobile Threat Report [Internet]. Retrieved from https:\/\/www.mcafee.com\/us\/resources\/reports\/rp-mobile-threat-report-2017.pdf. 2017. McAfee Mobile Threat Report [Internet]. Retrieved from https:\/\/www.mcafee.com\/us\/resources\/reports\/rp-mobile-threat-report-2017.pdf."},{"key":"e_1_2_1_6_1","unstructured":"2017. Kaspersky IT Threat Evolution Statistics [Internet]. Retrieved from https:\/\/securelist.com\/it-threat-evolution-q1-2017-statistics\/78475\/. 2017. Kaspersky IT Threat Evolution Statistics [Internet]. Retrieved from https:\/\/securelist.com\/it-threat-evolution-q1-2017-statistics\/78475\/."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-04283-1_6"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-26362-5_18"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2015.7413693"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23247"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2594291.2594299"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2666652.2666666"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046614.2046619"},{"key":"e_1_2_1_14_1","unstructured":"Carlos Castillo. 2016. Android banking trojan asks for selfie with your ID. Retrieved from https:\/\/securingtomorrow.mcafee.com\/mcafee-labs\/android-banking-trojan-asks-for-selfie-with-your-id\/. Carlos Castillo. 2016. Android banking trojan asks for selfie with your ID. Retrieved from https:\/\/securingtomorrow.mcafee.com\/mcafee-labs\/android-banking-trojan-asks-for-selfie-with-your-id\/."},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2017.2739145"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00061"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2988450.2988454"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23465"},{"key":"e_1_2_1_19_1","volume-title":"Intelligence Report","author":"Nokia Corp. 2017.","year":"2017","unstructured":"Nokia Corp. 2017. Nokia Threat Intelligence Report 2017 . Retrieved from https:\/\/pages.nokia.com\/18259.threat.intelligence.report.lp.html. Nokia Corp. 2017. Nokia Threat Intelligence Report 2017. Retrieved from https:\/\/pages.nokia.com\/18259.threat.intelligence.report.lp.html."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2016.25"},{"key":"e_1_2_1_21_1","volume-title":"Proceedings of the International Conference on Information Security. Springer, 346--360","author":"Davi Lucas","year":"2010","unstructured":"Lucas Davi , Alexandra Dmitrienko , Ahmad-Reza Sadeghi , and Marcel Winandy . 2010 . Privilege escalation attacks on android . In Proceedings of the International Conference on Information Security. Springer, 346--360 . Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, and Marcel Winandy. 2010. Privilege escalation attacks on android. In Proceedings of the International Conference on Information Security. Springer, 346--360."},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2556464.2556467"},{"key":"e_1_2_1_23_1","unstructured":"H. Dharmdesani. 2014. Android.HeHe: Malware now disconnects phone calls. Retrieved from https:\/\/www.fireeye.com\/blog\/threat-research\/2014\/01\/android-hehe-malware-now-disconnects-phone-calls.html. H. Dharmdesani. 2014. Android.HeHe: Malware now disconnects phone calls. Retrieved from https:\/\/www.fireeye.com\/blog\/threat-research\/2014\/01\/android-hehe-malware-now-disconnects-phone-calls.html."},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2875475.2875487"},{"key":"e_1_2_1_25_1","first-page":"1","article-title":"Dynamic spyware analysis. In USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference","volume":"18","author":"Egele Manuel","year":"2007","unstructured":"Manuel Egele , Christopher Kruegel , Engin Kirda , Heng Yin , and Dawn Song . 2007 . Dynamic spyware analysis. In USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference , Article 18. 1 \u2013 14 . Manuel Egele, Christopher Kruegel, Engin Kirda, Heng Yin, and Dawn Song. 2007. Dynamic spyware analysis. In USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference, Article 18. 1\u201314.","journal-title":"Article"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2619091"},{"key":"e_1_2_1_27_1","unstructured":"F-Secure Corp. [n.d.]. Report. Retrieved from https:\/\/www.f-secure.com\/weblog\/archives\/00002573.html. F-Secure Corp. [n.d.]. Report. Retrieved from https:\/\/www.f-secure.com\/weblog\/archives\/00002573.html."},{"key":"e_1_2_1_28_1","unstructured":"F-Secure Corp. 2013. Trojan:Android\/Pincer.A. Retrieved from https:\/\/www.f-secure.com\/weblog\/archives\/00002538.html. F-Secure Corp. 2013. Trojan:Android\/Pincer.A. Retrieved from https:\/\/www.f-secure.com\/weblog\/archives\/00002538.html."},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.06.001"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2009.12.002"},{"key":"e_1_2_1_31_1","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy.","author":"Forrest Stephanie","unstructured":"Stephanie Forrest , Steven A. Hofmeyr , Anil Somayaji , and Thomas A. Longstaff . 1996. A sense of self for Unix processes . In Proceedings of the IEEE Symposium on Security and Privacy. Stephanie Forrest, Steven A. Hofmeyr, Anil Somayaji, and Thomas A. Longstaff. 1996. A sense of self for Unix processes. In Proceedings of the IEEE Symposium on Security and Privacy."},{"key":"e_1_2_1_32_1","series-title":"Springer Series in Statistics","volume-title":"The Elements of Statistical Learning","author":"Friedman Jerome","unstructured":"Jerome Friedman , Trevor Hastie , and Robert Tibshirani . 2001. The Elements of Statistical Learning . Springer Series in Statistics . Springer , New York, NY . Jerome Friedman, Trevor Hastie, and Robert Tibshirani. 2001. The Elements of Statistical Learning. Springer Series in Statistics. Springer, New York, NY."},{"key":"e_1_2_1_33_1","volume-title":"Puppetdroid: A user-centric ui exerciser for automatic dynamic analysis of similar android applications. Tech Report","author":"Gianazza Andrea","year":"2014","unstructured":"Andrea Gianazza , Federico Maggi , Aristide Fattori , Lorenzo Cavallaro , and Stefano Zanero . 2014 . Puppetdroid: A user-centric ui exerciser for automatic dynamic analysis of similar android applications. Tech Report (2014). Andrea Gianazza, Federico Maggi, Aristide Fattori, Lorenzo Cavallaro, and Stefano Zanero. 2014. Puppetdroid: A user-centric ui exerciser for automatic dynamic analysis of similar android applications. Tech Report (2014)."},{"key":"e_1_2_1_34_1","unstructured":"Review. Tech. Report. 2017 Android Security 2016 Year"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23089"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2185448.2185464"},{"key":"e_1_2_1_37_1","volume-title":"Targets Execs. Retrieved","year":"2017","unstructured":"Info-security magazine. [n.d.]. Exaspy , a New Android Spyware , Targets Execs. Retrieved August 2017 from https:\/\/www.infosecurity-magazine.com\/news\/exaspy-a-new-android-spyware\/. Info-security magazine. [n.d.]. Exaspy, a New Android Spyware, Targets Execs. Retrieved August 2017 from https:\/\/www.infosecurity-magazine.com\/news\/exaspy-a-new-android-spyware\/."},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2017.2710945"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2884964"},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/2835776.2835834"},{"key":"e_1_2_1_41_1","volume-title":"Criminals Blackmail Users with Sensitive Information. Retrieved","year":"2017","unstructured":"Kaspersky. [n.d.]. Criminals Blackmail Users with Sensitive Information. Retrieved August 2017 from https:\/\/www.kaspersky.com\/blog\/beware_sextortion\/5796\/. Kaspersky. [n.d.]. Criminals Blackmail Users with Sensitive Information. Retrieved August 2017 from https:\/\/www.kaspersky.com\/blog\/beware_sextortion\/5796\/."},{"key":"e_1_2_1_42_1","unstructured":"Kaspersky Labs. 2016. Android Trump Card: AceCard. Retrieved from https:\/\/www.kaspersky.com\/blog\/acecard-android-trojan\/11368\/. Kaspersky Labs. 2016. Android Trump Card: AceCard. Retrieved from https:\/\/www.kaspersky.com\/blog\/acecard-android-trojan\/11368\/."},{"key":"e_1_2_1_43_1","volume-title":"Proceedings of the USENIX Security Symposium (USENIX Security\u201906)","author":"Kirda Engin","year":"2006","unstructured":"Engin Kirda , Christopher Kruegel , Greg Banks , Giovanni Vigna , and Richard Kemmerer . 2006 . Behavior-based spyware detection . In Proceedings of the USENIX Security Symposium (USENIX Security\u201906) . Engin Kirda, Christopher Kruegel, Greg Banks, Giovanni Vigna, and Richard Kemmerer. 2006. Behavior-based spyware detection. In Proceedings of the USENIX Security Symposium (USENIX Security\u201906)."},{"key":"e_1_2_1_44_1","volume-title":"Retrieved","year":"2017","unstructured":"Koodous. [n.d.]. Droidbox. Retrieved July 2017 from https:\/\/docs.koodous.com\/yara\/droidbox\/. Koodous. [n.d.]. Droidbox. Retrieved July 2017 from https:\/\/docs.koodous.com\/yara\/droidbox\/."},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCSS.2018.2869171"},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2787394.2787396"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2015.103"},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/BADGERS.2014.7"},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-08509-8_4"},{"key":"e_1_2_1_50_1","volume-title":"Ignacio Bermudez, Alan Mislove, Mario Baldi, and Alok Tongaonkar.","author":"Liu Yabing","year":"2015","unstructured":"Yabing Liu , Han Hee Song , Ignacio Bermudez, Alan Mislove, Mario Baldi, and Alok Tongaonkar. 2015 . Identifying personal information in Internet traffic (COSN'15). ACM Press , 59--70. DOI:https:\/\/doi.org\/10.1145\/2817946.2817947 10.1145\/2817946.2817947 Yabing Liu, Han Hee Song, Ignacio Bermudez, Alan Mislove, Mario Baldi, and Alok Tongaonkar. 2015. Identifying personal information in Internet traffic (COSN'15). ACM Press, 59--70. DOI:https:\/\/doi.org\/10.1145\/2817946.2817947"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2016.05.018"},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/CYCON.2016.7529438"},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23353"},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.15"},{"key":"e_1_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40667-1_7"},{"key":"e_1_2_1_56_1","volume-title":"Machine learning aided Android malware classification. Comput. Electr. Eng. 61 (Jul","author":"Milosevic Nikola","year":"2017","unstructured":"Nikola Milosevic , Ali Dehghantanha , and Kim-Kwang Raymond Choo . 2017. Machine learning aided Android malware classification. Comput. Electr. Eng. 61 (Jul . 2017 ), 266\u2013274. DOI:https:\/\/doi.org\/10.1016\/j.compeleceng.2017.02.013 10.1016\/j.compeleceng.2017.02.013 Nikola Milosevic, Ali Dehghantanha, and Kim-Kwang Raymond Choo. 2017. Machine learning aided Android malware classification. Comput. Electr. Eng. 61 (Jul. 2017), 266\u2013274. DOI:https:\/\/doi.org\/10.1016\/j.compeleceng.2017.02.013"},{"key":"e_1_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/2742647.2742653"},{"key":"e_1_2_1_58_1","unstructured":"D. Oktavianto and I. Muhardianto. 2013. Cuckoo Malware Analysis. Packt Publishing. D. Oktavianto and I. Muhardianto. 2013. Cuckoo Malware Analysis. Packt Publishing."},{"key":"e_1_2_1_59_1","volume-title":"Proceedings of the 16th Annual Conference on Privacy, Security and Trust 16th Annual Conference on Privacy, Security and Trust (PST\u201918)","author":"Onwuzurike Lucky","unstructured":"Lucky Onwuzurike , Mario Almeida , Enrico Mariconti , Jeremy Blackburn , Gianluca Stringhini , and Emiliano De Cristofaro . [n.d.]. A family of droids\u2014Android malware detection via behavioral modeling: Static vs dynamic analysis . In Proceedings of the 16th Annual Conference on Privacy, Security and Trust 16th Annual Conference on Privacy, Security and Trust (PST\u201918) . Lucky Onwuzurike, Mario Almeida, Enrico Mariconti, Jeremy Blackburn, Gianluca Stringhini, and Emiliano De Cristofaro. [n.d.]. A family of droids\u2014Android malware detection via behavioral modeling: Static vs dynamic analysis. In Proceedings of the 16th Annual Conference on Privacy, Security and Trust 16th Annual Conference on Privacy, Security and Trust (PST\u201918)."},{"key":"e_1_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23265"},{"key":"e_1_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23265"},{"key":"e_1_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/1852666.1852716"},{"key":"e_1_2_1_63_1","volume-title":"Proceedings of the 28th USENIX Security Symposium (USENIX Security\u201919)","author":"Pendlebury Feargus","year":"2019","unstructured":"Feargus Pendlebury , Fabio Pierazzi , Roberto Jordaney , Johannes Kinder , and Lorenzo Cavallaro . 2019 . {TESSERACT}: Eliminating experimental bias in malware classification across space and time . In Proceedings of the 28th USENIX Security Symposium (USENIX Security\u201919) . 729--746. Feargus Pendlebury, Fabio Pierazzi, Roberto Jordaney, Johannes Kinder, and Lorenzo Cavallaro. 2019. {TESSERACT}: Eliminating experimental bias in malware classification across space and time. In Proceedings of the 28th USENIX Security Symposium (USENIX Security\u201919). 729--746."},{"key":"e_1_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243785"},{"key":"e_1_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1145\/2906388.2906392"},{"key":"e_1_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1515\/popets-2018-0021"},{"key":"e_1_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70542-0_6"},{"key":"e_1_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0167-4048(03)00501-7"},{"key":"e_1_2_1_69_1","volume-title":"A Survey of Data Leakage Detection and Prevention Solutions","author":"Shabtai Asaf","unstructured":"Asaf Shabtai , Yuval Elovici , and Lior Rokach . 2012. A Survey of Data Leakage Detection and Prevention Solutions . Springer Science 8 Business Media. Asaf Shabtai, Yuval Elovici, and Lior Rokach. 2012. A Survey of Data Leakage Detection and Prevention Solutions. Springer Science 8 Business Media."},{"key":"e_1_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884855"},{"key":"e_1_2_1_71_1","volume-title":"Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile. ACM Press, 15--26","author":"Song Yihang","year":"2015","unstructured":"Yihang Song and Urs Hengartner . 2015 . Privacy Guard: A VPN-based platform to detect information leakage on android devices . In Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile. ACM Press, 15--26 . DOI:https:\/\/doi.org\/10.1145\/2808117.2808120 10.1145\/2808117.2808120 Yihang Song and Urs Hengartner. 2015. Privacy Guard: A VPN-based platform to detect information leakage on android devices. In Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile. ACM Press, 15--26. DOI:https:\/\/doi.org\/10.1145\/2808117.2808120"},{"key":"e_1_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1145\/3029806.3029825"},{"key":"e_1_2_1_73_1","volume-title":"Dendroid: A text mining approach to analyzing and classifying code structures in android malware families. Expert Syst. Appl. 41, 4, Part 1","author":"Suarez-Tangil Guillermo","year":"2014","unstructured":"Guillermo Suarez-Tangil , Juan E Tapiador , Pedro Peris-Lopez , and Jorge Blasco . 2014 . Dendroid: A text mining approach to analyzing and classifying code structures in android malware families. Expert Syst. Appl. 41, 4, Part 1 (2014), 1101\u20131117. Guillermo Suarez-Tangil, Juan E Tapiador, Pedro Peris-Lopez, and Jorge Blasco. 2014. Dendroid: A text mining approach to analyzing and classifying code structures in android malware families. Expert Syst. Appl. 41, 4, Part 1 (2014), 1101\u20131117."},{"key":"e_1_2_1_74_1","doi-asserted-by":"crossref","unstructured":"Syaifuddin Syaifuddin Zamah Sari and Mohammad Khairul Masduqi. 2018. Analysis of uapush malware infection using static and behavior method on android. Kinetik: Game Technology Information System Computer Network Computing Electronics and Control. Universitas Muhammadiyah Malang. Syaifuddin Syaifuddin Zamah Sari and Mohammad Khairul Masduqi. 2018. Analysis of uapush malware infection using static and behavior method on android. Kinetik: Game Technology Information System Computer Network Computing Electronics and Control. Universitas Muhammadiyah Malang.","DOI":"10.22219\/kinetik.v3i1.265"},{"key":"e_1_2_1_75_1","volume-title":"A-Z Listing of Thearts and Risks. Retrieved","year":"2017","unstructured":"Symantec. [n.d.]. A-Z Listing of Thearts and Risks. Retrieved July 2017 from https:\/\/www.symantec.com\/security_response\/landing\/azlisting.jsp. Symantec. [n.d.]. A-Z Listing of Thearts and Risks. Retrieved July 2017 from https:\/\/www.symantec.com\/security_response\/landing\/azlisting.jsp."},{"key":"e_1_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.1145\/2566486.2568046"},{"key":"e_1_2_1_77_1","volume-title":"Proceedings of the IEEE Congress on Evolutionary Computation (CEC\u201906)","author":"Wang Tzu-Yen","year":"2006","unstructured":"Tzu-Yen Wang , Shi-Jinn Horng , Ming-Yang Su , Chin-Hsiung Wu , Peng-Chu Wang , and Wei-Zen Su . 2006 . A surveillance spyware detection system based on data mining methods . In Proceedings of the IEEE Congress on Evolutionary Computation (CEC\u201906) . IEEE, 3236--3241. Tzu-Yen Wang, Shi-Jinn Horng, Ming-Yang Su, Chin-Hsiung Wu, Peng-Chu Wang, and Wei-Zen Su. 2006. A surveillance spyware detection system based on data mining methods. In Proceedings of the IEEE Congress on Evolutionary Computation (CEC\u201906). IEEE, 3236--3241."},{"key":"e_1_2_1_78_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.60"},{"key":"e_1_2_1_79_1","volume-title":"Proceedings of the USENIX Security Symposium (USENIX Security\u201912)","author":"Yan Lok Kwong","year":"2012","unstructured":"Lok Kwong Yan and Heng Yin . 2012 . DroidScope: Seamlessly reconstructing the OS and Dalvik semantic views for dynamic android malware analysis . In Proceedings of the USENIX Security Symposium (USENIX Security\u201912) . Lok Kwong Yan and Heng Yin. 2012. DroidScope: Seamlessly reconstructing the OS and Dalvik semantic views for dynamic android malware analysis. In Proceedings of the USENIX Security Symposium (USENIX Security\u201912)."},{"key":"e_1_2_1_80_1","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2014.2320725"},{"key":"e_1_2_1_81_1","doi-asserted-by":"publisher","DOI":"10.1145\/2996758.2996760"},{"key":"e_1_2_1_82_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2016.01.002"},{"key":"e_1_2_1_83_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660359"},{"key":"e_1_2_1_84_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.16"},{"key":"e_1_2_1_85_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23034"}],"container-title":["ACM Transactions on Management Information Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3382158","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3382158","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3382158","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:02:08Z","timestamp":1750197728000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3382158"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,3,31]]},"references-count":85,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2020,3,31]]}},"alternative-id":["10.1145\/3382158"],"URL":"https:\/\/doi.org\/10.1145\/3382158","relation":{},"ISSN":["2158-656X","2158-6578"],"issn-type":[{"value":"2158-656X","type":"print"},{"value":"2158-6578","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,3,31]]},"assertion":[{"value":"2019-05-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-02-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-04-10","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}