{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T17:55:22Z","timestamp":1773510922151,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":70,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,11,12]],"date-time":"2021-11-12T00:00:00Z","timestamp":1636675200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Hong Kong RGC Project","award":["PolyU15223918"],"award-info":[{"award-number":["PolyU15223918"]}]},{"name":"PolyU Internal Fund","award":["BE3U; ZVQ8"],"award-info":[{"award-number":["BE3U; ZVQ8"]}]},{"name":"the National Natural Science Foundation of China","award":["61571205"],"award-info":[{"award-number":["61571205"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,12]]},"DOI":"10.1145\/3460120.3485387","type":"proceedings-article","created":{"date-parts":[[2021,11,13]],"date-time":"2021-11-13T12:05:34Z","timestamp":1636805134000},"page":"3218-3235","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":45,"title":["Structural Attack against Graph Based Android Malware Detection"],"prefix":"10.1145","author":[{"given":"Kaifa","family":"Zhao","sequence":"first","affiliation":[{"name":"The Hong Kong Polytechnic University, Hong Kong, China"}]},{"given":"Hao","family":"Zhou","sequence":"additional","affiliation":[{"name":"The Hong Kong Polytechnic University, Hong Kong, China"}]},{"given":"Yulin","family":"Zhu","sequence":"additional","affiliation":[{"name":"The Hong Kong Polytechnic University, Hong Kong, China"}]},{"given":"Xian","family":"Zhan","sequence":"additional","affiliation":[{"name":"The Hong Kong Polytechnic University, Hong Kong, China"}]},{"given":"Kai","family":"Zhou","sequence":"additional","affiliation":[{"name":"The Hong Kong Polytechnic University, Hong Kong, China"}]},{"given":"Jianfeng","family":"Li","sequence":"additional","affiliation":[{"name":"The Hong Kong Polytechnic University, Hong Kong, China"}]},{"given":"Le","family":"Yu","sequence":"additional","affiliation":[{"name":"The Hong Kong Polytechnic University, Hong Kong, China"}]},{"given":"Wei","family":"Yuan","sequence":"additional","affiliation":[{"name":"Huazhong University of Science and Technology, Wuhan, China"}]},{"given":"Xiapu","family":"Luo","sequence":"additional","affiliation":[{"name":"The Hong Kong Polytechnic University, Hong Kong, China"}]}],"member":"320","published-online":{"date-parts":[[2021,11,13]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00073"},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23247"},{"key":"e_1_3_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2017.2789219"},{"key":"e_1_3_2_2_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2018.2866319"},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2019.00023"},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23353"},{"key":"e_1_3_2_2_7_1","first-page":"659","volume-title":"24th $$USENIX$$ Security Symposium ($$USENIX$$ Security 15)","author":"Chen K.","year":"2015","unstructured":"K. Chen, P. Wang, Y. Lee, X. Wang, N. Zhang, H. Huang, W. Zou, and P. Liu. Finding unknown malice in 10 seconds: Mass vetting for new threats at the google-play scale. In 24th $$USENIX$$ Security Symposium ($$USENIX$$ Security 15), pages 659--674, 2015."},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2568225.2568286"},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.neucom.2020.10.054"},{"key":"e_1_3_2_2_10_1","volume-title":"Efficient call graph analysis. ACM Letters on Programming Languages and Systems (LOPLAS), 1(3):227--242","author":"Hall MW.","year":"1992","unstructured":"MW. Hall and K. Kennedy. Efficient call graph analysis. ACM Letters on Programming Languages and Systems (LOPLAS), 1(3):227--242, 1992."},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417291"},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.5555\/3367471.3367618"},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISEA-ISAP49340.2020.235015"},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101663"},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3423341"},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3097983.3098026"},{"key":"e_1_3_2_2_17_1","first-page":"289","volume-title":"26th $$USENIX$$ Security Symposium ($$USENIX$$ Security 17)","author":"Xue L.","year":"2017","unstructured":"L. Xue, Y. Zhou, T. Chen, X. Luo, and G. Gu. Malton: Towards on-device non-invasive mobile malware analysis for $$ART$$. In 26th $$USENIX$$ Security Symposium ($$USENIX$$ Security 17), pages 289--306, 2017."},{"key":"e_1_3_2_2_18_1","volume-title":"Development of new android malware worldwide from june 2016 to march","year":"2020","unstructured":"Statista. Development of new android malware worldwide from june 2016 to march 2020, 2021."},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00150"},{"key":"e_1_3_2_2_20_1","first-page":"44","article-title":"Enhancing the description-to-behavior fidelity in android apps with privacy policy","author":"Yu L.","year":"2018","unstructured":"L. Yu, X. Luo, C. Qian, S. Wang, and H. Leung. Enhancing the description-to-behavior fidelity in android apps with privacy policy. IEEE Trans. Softw. Eng., 44, 2018.","journal-title":"IEEE Trans. Softw. Eng."},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00085"},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2019.2932228"},{"key":"e_1_3_2_2_23_1","volume-title":"30th $$USENIX$$ Security Symposium ($$USENIX$$ Security 21)","author":"Xi Z.","year":"2021","unstructured":"Z. Xi, R. Pang, S. Ji, and T. Wang. Graph backdoor. In 30th $$USENIX$$ Security Symposium ($$USENIX$$ Security 21), 2021."},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3450569.3463560"},{"key":"e_1_3_2_2_25_1","volume-title":"Attacking graph convolutional networks via rewiring. arXiv preprint arXiv:1906.03750","author":"Ma Y.","year":"2019","unstructured":"Y. Ma, S. Wang, T. Derr, L. Wu, and J. Tang. Attacking graph convolutional networks via rewiring. arXiv preprint arXiv:1906.03750, 2019."},{"key":"e_1_3_2_2_26_1","volume-title":"Attack graph convolutional networks by adding fake nodes. arXiv preprint arXiv:1810.10751","author":"Wang X.","year":"2018","unstructured":"X. Wang, M. Cheng, J. Eaton, CJ. Hsieh, and F. Wu. Attack graph convolutional networks by adding fake nodes. arXiv preprint arXiv:1810.10751, 2018."},{"key":"e_1_3_2_2_27_1","volume-title":"Preserve, promote, or attack? gnn explanation via topology perturbation. arXiv preprint arXiv:2103.13944","author":"Sun Y.","year":"2021","unstructured":"Y. Sun, A. Valente, S. Liu, and D. Wang. Preserve, promote, or attack? gnn explanation via topology perturbation. arXiv preprint arXiv:2103.13944, 2021."},{"key":"e_1_3_2_2_28_1","first-page":"1115","volume-title":"International conference on machine learning","author":"Dai H.","year":"2018","unstructured":"H. Dai, H. Li, T. Tian, X. Huang, L. Wang, J. Zhu, and L. Song. Adversarial attack on graph structured data. In International conference on machine learning, pages 1115--1124. PMLR, 2018."},{"key":"e_1_3_2_2_29_1","first-page":"479","volume-title":"28th $$USENIX$$ Security Symposium ($$USENIX$$ Security 19)","author":"Quiring E.","year":"2019","unstructured":"E. Quiring, A. Maier, and K. Rieck. Misleading authorship attribution of source code using adversarial learning. In 28th $$USENIX$$ Security Symposium ($$USENIX$$ Security 19), pages 479--496, 2019."},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354206"},{"key":"e_1_3_2_2_31_1","volume-title":"Binarizedattack: Structural poisoning attacks to graph-based anomaly detection. arXiv preprint arXiv:2106.09989","author":"Zhu Y.","year":"2021","unstructured":"Y. Zhu, Y. Lai, K. Zhao, X. Luo, M. Yuan, J. Ren, and K. Zhou. Binarizedattack: Structural poisoning attacks to graph-based anomaly detection. arXiv preprint arXiv:2106.09989, 2021."},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66399-9_4"},{"key":"e_1_3_2_2_33_1","volume-title":"When the guard failed the droid: A case study of android malware. arXiv preprint arXiv:2003.14123","author":"Berger H.","year":"2020","unstructured":"H. Berger, C. Hajaj, and A. Dvir. When the guard failed the droid: A case study of android malware. arXiv preprint arXiv:2003.14123, 2020."},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2020.3003571"},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-00470-5_23"},{"key":"e_1_3_2_2_36_1","volume-title":"Reinforcement learning: An introduction","author":"Sutton RS.","year":"2018","unstructured":"RS. Sutton and AG. Barto. Reinforcement learning: An introduction. MIT press, 2018."},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1016\/0378-8733(78)90021-7"},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.1007\/BF02289026"},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382222"},{"key":"e_1_3_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP.1998.674402"},{"key":"e_1_3_2_2_41_1","volume-title":"On evaluating adversarial robustness. arXiv preprint arXiv:1902.06705","author":"Carlini N.","year":"2019","unstructured":"N. Carlini, A. Athalye, N. Papernot, W. Brendel, J. Rauber, D. Tsipras, I. Goodfellow, A. Madry, and A. Kurakin. On evaluating adversarial robustness. arXiv preprint arXiv:1902.06705, 2019."},{"key":"e_1_3_2_2_42_1","volume-title":"Playing atari with deep reinforcement learning. arXiv preprint arXiv:1312.5602","author":"Mnih V.","year":"2013","unstructured":"V. Mnih, K. Kavukcuoglu, D. Silver, A. Graves, I. Antonoglou, D. Wierstra, and M. Riedmiller. Playing atari with deep reinforcement learning. arXiv preprint arXiv:1312.5602, 2013."},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2019.00014"},{"key":"e_1_3_2_2_44_1","doi-asserted-by":"publisher","DOI":"10.5555\/647476.727758"},{"key":"e_1_3_2_2_45_1","volume-title":"Static data flow analysis for android applications","author":"Arzt S.","year":"2017","unstructured":"S. Arzt. Static data flow analysis for android applications. 2017."},{"key":"e_1_3_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2666356.2594299"},{"key":"e_1_3_2_2_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/2901739.2903508"},{"key":"e_1_3_2_2_48_1","volume-title":"Virustotal - free online virus, malware and url scanner","year":"2021","unstructured":"VirusTotal. Virustotal - free online virus, malware and url scanner, 2021."},{"key":"e_1_3_2_2_49_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-01701-9_10"},{"key":"e_1_3_2_2_50_1","volume-title":"https:\/\/www.preemptive.com\/dotfuscator\/pro\/userguide\/en\/protection_obfuscation_renaming.html","year":"2017","unstructured":"Proguard. https:\/\/www.preemptive.com\/dotfuscator\/pro\/userguide\/en\/protection_obfuscation_renaming.html, 2017."},{"key":"e_1_3_2_2_51_1","volume-title":"https:\/\/www.guardsquare.com","year":"2017","unstructured":"Dexguard. https:\/\/www.guardsquare.com, 2017."},{"key":"e_1_3_2_2_52_1","volume-title":"Transcending transcend: Revisiting malware classification in the presence of concept drift. arXiv preprint arXiv:2010.03856","author":"Barbero F.","year":"2020","unstructured":"F. Barbero, F. Pendlebury, F. Pierazzi, and L. Cavallaro. Transcending transcend: Revisiting malware classification in the presence of concept drift. arXiv preprint arXiv:2010.03856, 2020."},{"key":"e_1_3_2_2_53_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-94-015-7744-1_2"},{"key":"e_1_3_2_2_54_1","unstructured":"Google-Monkey. Google Monkey 2021."},{"key":"e_1_3_2_2_55_1","volume-title":"Ensemble methods as a defense to adversarial perturbations against deep neural networks. arXiv preprint arXiv:1709.03423","author":"Strauss T.","year":"2017","unstructured":"T. Strauss, M. Hanselmann, A. Junginger, and H. Ulmer. Ensemble methods as a defense to adversarial perturbations against deep neural networks. arXiv preprint arXiv:1709.03423, 2017."},{"key":"e_1_3_2_2_56_1","volume-title":"Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572","author":"Goodfellow IJ.","year":"2014","unstructured":"IJ. Goodfellow, J. Shlens, and C. Szegedy. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572, 2014."},{"key":"e_1_3_2_2_57_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-24177-7_15"},{"key":"e_1_3_2_2_58_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00105"},{"key":"e_1_3_2_2_59_1","volume-title":"Parema: An unpacking framework for demystifying vm-based android packers","author":"Xue L.","year":"2021","unstructured":"L. Xue, Y. Yan, L. Yan, M. Jiang, X. Luo, D. Wu, and Y. Zhou. Parema: An unpacking framework for demystifying vm-based android packers. 2021."},{"key":"e_1_3_2_2_60_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2020.2996433"},{"key":"e_1_3_2_2_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/3324884.3416642"},{"key":"e_1_3_2_2_62_1","doi-asserted-by":"publisher","DOI":"10.1109\/AI4Mobile.2019.8672711"},{"key":"e_1_3_2_2_63_1","volume-title":"Semantic-preserving reinforcement learning attack against graph neural networks for malware detection. arXiv preprint arXiv:2009.05602","author":"Zhang L.","year":"2020","unstructured":"L. Zhang, P. Liu, and YH. Choi. Semantic-preserving reinforcement learning attack against graph neural networks for malware detection. arXiv preprint arXiv:2009.05602, 2020."},{"key":"e_1_3_2_2_64_1","doi-asserted-by":"publisher","DOI":"10.1145\/3357384.3357875"},{"key":"e_1_3_2_2_65_1","first-page":"250","volume-title":"Conference on Uncertainty in Artificial Intelligence","author":"Zhou K.","year":"2020","unstructured":"K. Zhou and Y. Vorobeychik. Robust collective classification against structural attacks. In Conference on Uncertainty in Artificial Intelligence, pages 250--259. PMLR, 2020."},{"key":"e_1_3_2_2_66_1","volume-title":"Wrappers for feature subset selection. Artif Intell, 97(1--2):273--324","author":"Kohavi R.","year":"1997","unstructured":"R. Kohavi and GH. John. Wrappers for feature subset selection. Artif Intell, 97(1--2):273--324, 1997."},{"key":"e_1_3_2_2_67_1","doi-asserted-by":"publisher","DOI":"10.1006\/jcss.1997.1504"},{"key":"e_1_3_2_2_68_1","doi-asserted-by":"publisher","DOI":"10.5555\/1953048.2078195"},{"key":"e_1_3_2_2_69_1","doi-asserted-by":"publisher","DOI":"10.1016\/B978-1-55860-335-6.50043-X"},{"key":"e_1_3_2_2_70_1","doi-asserted-by":"publisher","DOI":"10.1109\/4235.771163"}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","location":"Virtual Event Republic of Korea","acronym":"CCS '21","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3485387","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3485387","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T20:47:32Z","timestamp":1763498852000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3485387"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,12]]},"references-count":70,"alternative-id":["10.1145\/3460120.3485387","10.1145\/3460120"],"URL":"https:\/\/doi.org\/10.1145\/3460120.3485387","relation":{},"subject":[],"published":{"date-parts":[[2021,11,12]]},"assertion":[{"value":"2021-11-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}