{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,3]],"date-time":"2026-06-03T03:45:05Z","timestamp":1780458305472,"version":"3.54.1"},"reference-count":45,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2021,7,19]],"date-time":"2021-07-19T00:00:00Z","timestamp":1626652800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Priv. Secur."],"published-print":{"date-parts":[[2021,11,30]]},"abstract":"<jats:p>\n            The malware analysis and detection research community relies on the online platform VirusTotal to label Android apps based on the scan results of around 60 antiviral scanners. Unfortunately, there are no standards on how to best interpret the scan results acquired from VirusTotal, which leads to the utilization of different threshold-based labeling strategies (e.g., if 10 or more scanners deem an app malicious, it is considered malicious). While some of the utilized thresholds may be able to accurately approximate the ground truths of apps, the fact that VirusTotal changes the set and versions of the scanners it uses makes such thresholds unsustainable over time. We implemented a method,\n            <jats:bold>Maat<\/jats:bold>\n            , that tackles these issues of standardization and sustainability by automatically generating a\n            <jats:bold>Machine Learning<\/jats:bold>\n            (\n            <jats:bold>ML<\/jats:bold>\n            )-based labeling scheme, which outperforms threshold-based labeling strategies. Using the VirusTotal scan reports of 53K Android apps that span 1 year, we evaluated the applicability of\n            <jats:bold>Maat<\/jats:bold>\n            \u2019s\n            <jats:bold>Machine Learning<\/jats:bold>\n            (\n            <jats:bold>ML<\/jats:bold>\n            )-based labeling strategies by comparing their performance against threshold-based strategies. We found that such\n            <jats:bold>ML<\/jats:bold>\n            -based strategies (a) can accurately and consistently label apps based on their VirusTotal scan reports, and (b) contribute to training\n            <jats:bold>ML<\/jats:bold>\n            -based detection methods that are more effective at classifying out-of-sample apps than their threshold-based counterparts.\n          <\/jats:p>","DOI":"10.1145\/3465361","type":"journal-article","created":{"date-parts":[[2021,7,19]],"date-time":"2021-07-19T16:04:12Z","timestamp":1626710652000},"page":"1-35","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":43,"title":["Maat"],"prefix":"10.1145","volume":"24","author":[{"given":"Aleieldin","family":"Salem","sequence":"first","affiliation":[{"name":"Technische Universit\u00e4t M\u00fcnchen, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Sebastian","family":"Banescu","sequence":"additional","affiliation":[{"name":"Technische Universit\u00e4t M\u00fcnchen, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Alexander","family":"Pretschner","sequence":"additional","affiliation":[{"name":"Technische Universit\u00e4t M\u00fcnchen, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2021,7,19]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"K-9 Mail\u2014Advanced Email for Android. Retrieved on","year":"2019"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2901739.2903508"},{"key":"e_1_2_1_3_1","volume-title":"DREBIN: Effective and explainable detection of android malware in your pocket. In NDSS.","author":"Arp Daniel","year":"2014"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.14569\/IJACSA.2016.070262"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1186\/s12864-019-6413-7"},{"key":"e_1_2_1_6_1","volume-title":"Jose Andre Morales, and Tim Strazzere","author":"Dunham Ken","year":"2014"},{"key":"e_1_2_1_7_1","volume-title":"28th USENIX Security Symposium. USENIX Association","author":"Johannes Kinder Feargus Pendlebury Roberto Jordaney","year":"2019"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2015.02.001"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40667-1_8"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2017.57"},{"key":"e_1_2_1_11_1","volume-title":"The Independent IT-Security Institute","year":"2019"},{"key":"e_1_2_1_12_1","volume-title":"Proceedings of the 8th ACM Workshop on Artificial Intelligence and Security. ACM, 45\u201356","author":"Kantchelian Alex"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1361-3723(10)70007-5"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2017.2656460"},{"key":"e_1_2_1_15_1","volume-title":"Fake Apps: Feigning Legitimacy. Retrieved on","author":"Luo Symphony","year":"2014"},{"key":"e_1_2_1_16_1","volume-title":"BitDefender Free Edition. Retrieved on","author":"Magazine PC","year":"2019"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-25560-1_10"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40667-1_7"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-08509-8_7"},{"key":"e_1_2_1_20_1","volume-title":"International Workshop on Information Security Applications. Springer, 231\u2013241","author":"Mohaisen Aziz","year":"2013"},{"key":"e_1_2_1_21_1","volume-title":"Dissecting the android bouncer. SummerCon2012","author":"Oberheide Jon"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3278505"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3355369.3355585"},{"key":"e_1_2_1_24_1","volume-title":"Proceedings of the 28th Annual Computer Security Applications Conference. ACM, 329\u2013338","author":"\u00a0al Roberto Perdisci","year":"2012"},{"key":"e_1_2_1_25_1","volume-title":"False Positives Sink Antivirus Ratings. Retrieved on","author":"Rubenking Neil J.","year":"2019"},{"key":"e_1_2_1_26_1","article-title":"Android malware classification based on mobile security framework","volume":"45","author":"Sachdeva Shefali","year":"2018","journal-title":"IAENG International Journal of Computer Science"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243218.3243222"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/CCNC.2012.6181075"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33018-6_30"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.7125\/APAN.36.4"},{"key":"e_1_2_1_32_1","volume-title":"Feature Selection. Retrieved on","year":"2019"},{"key":"e_1_2_1_33_1","volume-title":"Retrieved on","author":"CV.","year":"2019"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-45719-2_11"},{"key":"e_1_2_1_35_1","unstructured":"Tim Stazzere. 2016. Detecting pirated and malicious android apps with apkid. Retrieved from https:\/\/goo.gl\/Na2ZAX.  Tim Stazzere. 2016. Detecting pirated and malicious android apps with apkid. Retrieved from https:\/\/goo.gl\/Na2ZAX."},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3029806.3029825"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3017427"},{"key":"e_1_2_1_38_1","volume-title":"Retrieved on","year":"2019"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3278532.3278558"},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/2661829.2662086"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-60876-1_12"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/AsiaJCIS.2012.18"},{"key":"e_1_2_1_43_1","volume-title":"Proceedings of the 33rd Annual Computer Security Applications Conference. ACM, 288\u2013302","author":"Yang Wei"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/2435349.2435377"},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.16"},{"key":"e_1_2_1_46_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Zhu Shuofei","year":"2020"}],"container-title":["ACM Transactions on Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3465361","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3465361","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:17:12Z","timestamp":1750191432000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3465361"}},"subtitle":["Automatically Analyzing VirusTotal for Accurate Labeling and Effective Malware Detection"],"short-title":[],"issued":{"date-parts":[[2021,7,19]]},"references-count":45,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2021,11,30]]}},"alternative-id":["10.1145\/3465361"],"URL":"https:\/\/doi.org\/10.1145\/3465361","relation":{},"ISSN":["2471-2566","2471-2574"],"issn-type":[{"value":"2471-2566","type":"print"},{"value":"2471-2574","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,7,19]]},"assertion":[{"value":"2020-07-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-05-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-07-19","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}