{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,17]],"date-time":"2026-07-17T15:02:59Z","timestamp":1784300579500,"version":"3.55.0"},"reference-count":199,"publisher":"Association for Computing Machinery (ACM)","issue":"8","license":[{"start":{"date-parts":[[2022,12,23]],"date-time":"2022-12-23T00:00:00Z","timestamp":1671753600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Comput. Surv."],"published-print":{"date-parts":[[2023,8,31]]},"abstract":"<jats:p>Malicious applications (particularly those targeting the Android platform) pose a serious threat to developers and end-users. Numerous research efforts have been devoted to developing effective approaches to defend against Android malware. However, given the explosive growth of Android malware and the continuous advancement of malicious evasion technologies like obfuscation and reflection, Android malware defense approaches based on manual rules or traditional machine learning may not be effective. In recent years, a dominant research field called deep learning (DL), which provides a powerful feature abstraction ability, has demonstrated a compelling and promising performance in a variety of areas, like natural language processing and computer vision. To this end, employing DL techniques to thwart Android malware attacks has recently garnered considerable research attention. Yet, no systematic literature review focusing on DL approaches for Android malware defenses exists. In this article, we conducted a systematic literature review to search and analyze how DL approaches have been applied in the context of malware defenses in the Android environment. As a result, a total of 132 studies covering the period 2014\u20132021 were identified. Our investigation reveals that, while the majority of these sources mainly consider DL-based Android malware detection, 53 primary studies (40.1%) design defense approaches based on other scenarios. This review also discusses research trends, research focuses, challenges, and future research directions in DL-based Android malware defenses.<\/jats:p>","DOI":"10.1145\/3544968","type":"journal-article","created":{"date-parts":[[2022,6,22]],"date-time":"2022-06-22T13:26:06Z","timestamp":1655904366000},"page":"1-36","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":71,"title":["Deep Learning for Android Malware Defenses: A Systematic Literature Review"],"prefix":"10.1145","volume":"55","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5593-5917","authenticated-orcid":false,"given":"Yue","family":"Liu","sequence":"first","affiliation":[{"name":"Monash University, Wellington Rd, Clayton, VIC, Australia"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5516-9984","authenticated-orcid":false,"given":"Chakkrit","family":"Tantithamthavorn","sequence":"additional","affiliation":[{"name":"Monash University, Wellington Rd, Clayton, VIC, Australia"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Li","family":"Li","sequence":"additional","affiliation":[{"name":"Monash University, Wellington Rd, Clayton, VIC, Australia"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8147-8126","authenticated-orcid":false,"given":"Yepang","family":"Liu","sequence":"additional","affiliation":[{"name":"Southern University of Science and Technology, Shenzhen, China"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2022,12,23]]},"reference":[{"key":"e_1_3_2_2_2","doi-asserted-by":"publisher","DOI":"10.1109\/WCNCW.2019.8902627"},{"key":"e_1_3_2_3_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2807385"},{"key":"e_1_3_2_4_2","doi-asserted-by":"publisher","DOI":"10.1109\/SDS.2019.8768729"},{"key":"e_1_3_2_5_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICCE.2018.8326293"},{"key":"e_1_3_2_6_2","doi-asserted-by":"publisher","DOI":"10.1145\/3041008.3041010"},{"key":"e_1_3_2_7_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101663"},{"key":"e_1_3_2_8_2","first-page":"e3675","article-title":"Android malware detection through generative adversarial networks","author":"Amin Muhammad","year":"2019","unstructured":"Muhammad Amin, Babar Shah, Aizaz Sharif, Tamleek Ali, Ki-lL Kim, and Sajid Anwar. 2019. Android malware detection through generative adversarial networks. Transactions on Emerging Telecommunications Technologies (2019), e3675.","journal-title":"Transactions on Emerging Telecommunications Technologies"},{"key":"e_1_3_2_9_2","first-page":"173","volume-title":"International Conference on Machine Learning","author":"Amodei Dario","year":"2016","unstructured":"Dario Amodei, Sundaram Ananthanarayanan, Rishita Anubhai, Jingliang Bai, Eric Battenberg, Carl Case, Jared Casper, Bryan Catanzaro, Qiang Cheng, Guoliang Chen, et\u00a0al. 2016. Deep speech 2: End-to-end speech recognition in English and Mandarin. In International Conference on Machine Learning. 173\u2013182."},{"key":"e_1_3_2_10_2","first-page":"1","article-title":"SysDroid: A dynamic ML-based android malware analyzer using system call traces","author":"Ananya A.","year":"2020","unstructured":"A. Ananya, A. Aswathy, T. R. Amal, P. G. Swathy, P. Vinod, and Shojafar Mohammad. 2020. SysDroid: A dynamic ML-based android malware analyzer using system call traces. Cluster Computing (2020), 1\u201320.","journal-title":"Cluster Computing"},{"key":"e_1_3_2_11_2","unstructured":"AndroZoo 2020. AndroZoo. Retrieved October 11 2020 from https:\/\/androzoo.uni.lu\/."},{"key":"e_1_3_2_12_2","unstructured":"Apktool 2010. APKTOOL. Retrieved October 25 2021 from https:\/\/ibotpeaches.github.io\/Apktool\/."},{"key":"e_1_3_2_13_2","volume-title":"31st USENIX Security Symposium (USENIX Security\u201922)","author":"Arp Daniel","year":"2022","unstructured":"Daniel Arp, Erwin Quiring, Feargus Pendlebury, Alexander Warnecke, Fabio Pierazzi, Christian Wressnegger, Lorenzo Cavallaro, and Konrad Rieck. 2022. Dos and Don\u2019ts of Machine Learning in Computer Security. In 31st USENIX Security Symposium (USENIX Security\u201922). USENIX Association, Boston, MA."},{"key":"e_1_3_2_14_2","first-page":"23","volume-title":"NDSS","author":"Arp Daniel","year":"2014","unstructured":"Daniel Arp, Michael Spreitzenbarth, Malte Hubner, Hugo Gascon, Konrad Rieck, and CERT Siemens. 2014. DREBIN: Effective and explainable detection of android malware in your pocket. In NDSS, Vol. 14. 23\u201326."},{"key":"e_1_3_2_15_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2017.2743240"},{"key":"e_1_3_2_16_2","doi-asserted-by":"publisher","DOI":"10.1145\/3230833.3232823"},{"key":"e_1_3_2_17_2","doi-asserted-by":"publisher","DOI":"10.1145\/3377811.3380354"},{"key":"e_1_3_2_18_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2020.107639"},{"key":"e_1_3_2_19_2","doi-asserted-by":"publisher","DOI":"10.1049\/iet-ifs.2019.0159"},{"key":"e_1_3_2_20_2","first-page":"1","article-title":"VisDroid: Android malware classification based on local and global image features, bag of visual words and machine learning techniques","author":"Bakour Khaled","year":"2020","unstructured":"Khaled Bakour and Halil Murat \u00dcnver. 2020. VisDroid: Android malware classification based on local and global image features, bag of visual words and machine learning techniques. Neural Computing and Applications (2020), 1\u201321.","journal-title":"Neural Computing and Applications"},{"key":"e_1_3_2_21_2","doi-asserted-by":"publisher","DOI":"10.1109\/TPAMI.2013.50"},{"key":"e_1_3_2_22_2","unstructured":"BlackHat 2011. Androguard. Retrieved October 25 2021 from https:\/\/code.google.com\/archive\/p\/androguard."},{"key":"e_1_3_2_23_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102287"},{"key":"e_1_3_2_24_2","doi-asserted-by":"publisher","DOI":"10.1109\/CNS48642.2020.9162341"},{"key":"e_1_3_2_25_2","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3409733"},{"key":"e_1_3_2_26_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2019.2932228"},{"key":"e_1_3_2_27_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jpdc.2019.11.001"},{"key":"e_1_3_2_28_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-021-09955-7"},{"key":"e_1_3_2_29_2","doi-asserted-by":"crossref","first-page":"81","DOI":"10.1007\/978-3-030-87839-9_4","volume-title":"International Workshop on Deployable Machine Learning for Security Defense","author":"Daoudi Nadia","year":"2021","unstructured":"Nadia Daoudi, Jordan Samhi, Abdoul Kader Kabore, Kevin Allix, Tegawend\u00e9 F. Bissyand\u00e9, and Jacques Klein. 2021. DexRay: A simple, yet effective deep learning approach to android malware detection based on image representation of bytecode. In International Workshop on Deployable Machine Learning for Security Defense. Springer, 81\u2013106."},{"key":"e_1_3_2_30_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICC42927.2021.9500425"},{"key":"e_1_3_2_31_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2019.102423"},{"key":"e_1_3_2_32_2","article-title":"BERT: Pre-training of deep bidirectional transformers for language understanding","author":"Devlin Jacob","year":"2018","unstructured":"Jacob Devlin, Ming-Wei Chang, Kenton Lee, and Kristina Toutanova. 2018. BERT: Pre-training of deep bidirectional transformers for language understanding. arXiv:1810.04805.","journal-title":"arXiv:1810.04805"},{"key":"e_1_3_2_33_2","first-page":"1","article-title":"Android malware detection method based on bytecode image","author":"Ding Yuxin","year":"2020","unstructured":"Yuxin Ding, Xiao Zhang, Jieke Hu, and Wenting Xu. 2020. Android malware detection method based on bytecode image. Journal of Ambient Intelligence and Humanized Computing (2020), 1\u201310.","journal-title":"Journal of Ambient Intelligence and Humanized Computing"},{"key":"e_1_3_2_34_2","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3236045"},{"key":"e_1_3_2_35_2","doi-asserted-by":"publisher","DOI":"10.1207\/s15516709cog1402_1"},{"key":"e_1_3_2_36_2","doi-asserted-by":"publisher","DOI":"10.1145\/2619091"},{"key":"e_1_3_2_37_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2020.3021924"},{"key":"e_1_3_2_38_2","doi-asserted-by":"publisher","DOI":"10.1145\/3447548.3467168"},{"key":"e_1_3_2_39_2","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2014.2386139"},{"key":"e_1_3_2_40_2","doi-asserted-by":"publisher","DOI":"10.1145\/3374664.3375730"},{"key":"e_1_3_2_41_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICECCS.2019.00014"},{"key":"e_1_3_2_42_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2020.3025436"},{"key":"e_1_3_2_43_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2912210"},{"key":"e_1_3_2_44_2","doi-asserted-by":"publisher","DOI":"10.1109\/NTMS.2016.7792435"},{"key":"e_1_3_2_45_2","first-page":"1276","article-title":"Malware analysis by combining multiple detectors and observation windows","volume":"71","author":"Ficco Massimo","year":"2021","unstructured":"Massimo Ficco. 2021. Malware analysis by combining multiple detectors and observation windows. IEEE Trans. Comput. 71, 6 (2021), 1276\u20131290.","journal-title":"IEEE Trans. Comput."},{"key":"e_1_3_2_46_2","article-title":"An introduction to deep reinforcement learning","author":"Fran\u00e7ois-Lavet Vincent","year":"2018","unstructured":"Vincent Fran\u00e7ois-Lavet, Peter Henderson, Riashat Islam, Marc G. Bellemare, and Joelle Pineau. 2018. An introduction to deep reinforcement learning. arXiv:1811.12560.","journal-title":"arXiv:1811.12560"},{"key":"e_1_3_2_47_2","first-page":"20","article-title":"Less is more: A privacy-respecting Android malware classifier using federated learning","volume":"1","author":"G\u00e1lvez Rafa","year":"2021","unstructured":"Rafa G\u00e1lvez, Veelasha Moonsamy, and Claudia Diaz. 2021. Less is more: A privacy-respecting Android malware classifier using federated learning. Proceedings on Privacy Enhancing Technologies 1 (2021), 20.","journal-title":"Proceedings on Privacy Enhancing Technologies"},{"key":"e_1_3_2_48_2","doi-asserted-by":"publisher","DOI":"10.4236\/jis.2014.52006"},{"key":"e_1_3_2_49_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102264"},{"key":"e_1_3_2_50_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-64701-2_14"},{"key":"e_1_3_2_51_2","doi-asserted-by":"publisher","DOI":"10.1145\/3342195.3387530"},{"key":"e_1_3_2_52_2","doi-asserted-by":"publisher","DOI":"10.5555\/3086952"},{"key":"e_1_3_2_53_2","unstructured":"Google Play Protect 2020. Google Play Protect. Retrieved September 9 2020 from https:\/\/www.android.com\/play-protect\/."},{"key":"e_1_3_2_54_2","doi-asserted-by":"crossref","first-page":"28","DOI":"10.1109\/SPW.2019.00018","volume-title":"2019 IEEE Security and Privacy Workshops (SPW\u201919)","author":"Gron\u00e1t Petr","year":"2019","unstructured":"Petr Gron\u00e1t, Javier Alejandro Aldana-Iuit, and Martin B\u00e1lek. 2019. MaxNet: Neural network architecture for continuous detection of malicious activity. In 2019 IEEE Security and Privacy Workshops (SPW\u201919). IEEE, 28\u201335."},{"key":"e_1_3_2_55_2","first-page":"62","volume-title":"European Symposium on Research in Computer Security","author":"Grosse Kathrin","year":"2017","unstructured":"Kathrin Grosse, Nicolas Papernot, Praveen Manoharan, Michael Backes, and Patrick McDaniel. 2017. Adversarial examples for malware detection. In European Symposium on Research in Computer Security. Springer, 62\u201379."},{"key":"e_1_3_2_56_2","doi-asserted-by":"publisher","DOI":"10.1145\/2939672.2939754"},{"key":"e_1_3_2_57_2","article-title":"Local rule-based explanations of black box decision systems","author":"Guidotti Riccardo","year":"2018","unstructured":"Riccardo Guidotti, Anna Monreale, Salvatore Ruggieri, Dino Pedreschi, Franco Turini, and Fosca Giannotti. 2018. Local rule-based explanations of black box decision systems. arXiv:1805.10820.","journal-title":"arXiv:1805.10820"},{"key":"e_1_3_2_58_2","doi-asserted-by":"publisher","DOI":"10.1145\/3236009"},{"key":"e_1_3_2_59_2","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243792"},{"key":"e_1_3_2_60_2","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom\/BigDataSE.2019.00022"},{"key":"e_1_3_2_61_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2012.2205597"},{"key":"e_1_3_2_62_2","doi-asserted-by":"publisher","DOI":"10.4249\/scholarpedia.5947"},{"key":"e_1_3_2_63_2","doi-asserted-by":"publisher","DOI":"10.1016\/0893-6080(89)90020-8"},{"key":"e_1_3_2_64_2","doi-asserted-by":"publisher","DOI":"10.1109\/WIW.2016.040"},{"key":"e_1_3_2_65_2","doi-asserted-by":"publisher","DOI":"10.1145\/3110025.3116211"},{"key":"e_1_3_2_66_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-47121-1_5"},{"key":"e_1_3_2_67_2","doi-asserted-by":"publisher","DOI":"10.1109\/BigData.2018.8622324"},{"key":"e_1_3_2_68_2","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom\/BigDataSE.2019.00047"},{"key":"e_1_3_2_69_2","doi-asserted-by":"publisher","DOI":"10.1109\/BigData47090.2019.9006100"},{"key":"e_1_3_2_70_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102198"},{"key":"e_1_3_2_71_2","doi-asserted-by":"publisher","DOI":"10.1109\/TETCI.2019.2910243"},{"key":"e_1_3_2_72_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2020.2982385"},{"key":"e_1_3_2_73_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-80825-9_16"},{"key":"e_1_3_2_74_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2018.01.007"},{"key":"e_1_3_2_75_2","doi-asserted-by":"publisher","DOI":"10.1109\/TMC.2020.3007260"},{"key":"e_1_3_2_76_2","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom\/BigDataSE.2019.00044"},{"key":"e_1_3_2_77_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICIT.2019.8755048"},{"key":"e_1_3_2_78_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2018.2866319"},{"key":"e_1_3_2_79_2","article-title":"Semi-supervised classification with graph convolutional networks","author":"Kipf Thomas N.","year":"2016","unstructured":"Thomas N. Kipf and Max Welling. 2016. Semi-supervised classification with graph convolutional networks. arXiv:1609.02907.","journal-title":"arXiv:1609.02907"},{"issue":"2004","key":"e_1_3_2_80_2","first-page":"1","article-title":"Procedures for performing systematic reviews","volume":"33","author":"Kitchenham Barbara","year":"2004","unstructured":"Barbara Kitchenham. 2004. Procedures for performing systematic reviews. Keele, UK, Keele University 33, 2004 (2004), 1\u201326.","journal-title":"Keele, UK, Keele University"},{"key":"e_1_3_2_81_2","unstructured":"Barbara Kitchenham and Stuart Charters. 2007. Guidelines for Performing Systematic Literature Reviews in Software Engineering . EBSE Technical Report EBSE-2007-01."},{"key":"e_1_3_2_82_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-020-09843-6"},{"key":"e_1_3_2_83_2","article-title":"Adversarial machine learning at scale","author":"Kurakin Alexey","year":"2016","unstructured":"Alexey Kurakin, Ian Goodfellow, and Samy Bengio. 2016. Adversarial machine learning at scale. arXiv:1611.01236.","journal-title":"arXiv:1611.01236"},{"key":"e_1_3_2_84_2","doi-asserted-by":"publisher","DOI":"10.1038\/nature14539"},{"key":"e_1_3_2_85_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-13057-2_9"},{"key":"e_1_3_2_86_2","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2019.2909745"},{"key":"e_1_3_2_87_2","article-title":"Backdoor Attack on Machine Learning Based Android Malware Detectors","volume":"19","author":"Li Chaoran","year":"2021","unstructured":"Chaoran Li, Xiao Chen, Derui Wang, Sheng Wen, Muhammad Ejaz Ahmed, Seyit Camtepe, and Yang Xiang. 2021. Backdoor Attack on Machine Learning Based Android Malware Detectors. IEEE Transactions on Dependable and Secure Computing 19 (2021), 1\u20131.","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"e_1_3_2_88_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2020.3003571"},{"key":"e_1_3_2_89_2","doi-asserted-by":"publisher","DOI":"10.1109\/TNSE.2021.3051354"},{"key":"e_1_3_2_90_2","doi-asserted-by":"publisher","DOI":"10.1145\/3485832.3485916"},{"key":"e_1_3_2_91_2","doi-asserted-by":"publisher","DOI":"10.1002\/cpe.5308"},{"key":"e_1_3_2_92_2","doi-asserted-by":"publisher","DOI":"10.1109\/JSYST.2019.2906120"},{"key":"e_1_3_2_93_2","doi-asserted-by":"publisher","DOI":"10.1145\/3442381.3450044"},{"key":"e_1_3_2_94_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2015.48"},{"key":"e_1_3_2_95_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2901679"},{"key":"e_1_3_2_96_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2017.04.001"},{"key":"e_1_3_2_97_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2017.2656460"},{"key":"e_1_3_2_98_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2019.04.065"},{"key":"e_1_3_2_99_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-53817-4_4"},{"key":"e_1_3_2_100_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3006143"},{"key":"e_1_3_2_101_2","doi-asserted-by":"publisher","DOI":"10.1145\/3366423.3380242"},{"key":"e_1_3_2_102_2","doi-asserted-by":"publisher","DOI":"10.1155\/2020\/8863617"},{"key":"e_1_3_2_103_2","first-page":"4765","volume-title":"Advances in Neural Information Processing Systems","author":"Lundberg Scott M.","year":"2017","unstructured":"Scott M. Lundberg and Su-In Lee. 2017. A unified approach to interpreting model predictions. In Advances in Neural Information Processing Systems. 4765\u20134774."},{"key":"e_1_3_2_104_2","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2020.3038745"},{"key":"e_1_3_2_105_2","doi-asserted-by":"crossref","unstructured":"E. Mariconti L. Onwuzurike P. Andriotis E. De Cristofaro G. Ross and G. Stringhini. 2017. MamaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models. In 24th Annual Network and Distributed System Security Symposium NDSS 2017 San Diego California USA February 26 - March 1 2017 . The Internet Society.","DOI":"10.14722\/ndss.2017.23353"},{"key":"e_1_3_2_106_2","doi-asserted-by":"crossref","first-page":"1659","DOI":"10.1109\/CEC.2017.7969501","volume-title":"2017 IEEE Congress on Evolutionary Computation (CEC\u201917)","author":"Mart\u00edn Alejandro","year":"2017","unstructured":"Alejandro Mart\u00edn, F\u00e9lix Fuentes-Hurtado, Valery Naranjo, and David Camacho. 2017. Evolving deep neural networks architectures for android malware classification. In 2017 IEEE Congress on Evolutionary Computation (CEC\u201917). IEEE, 1659\u20131666."},{"key":"e_1_3_2_107_2","doi-asserted-by":"publisher","DOI":"10.1145\/3029806.3029823"},{"key":"e_1_3_2_108_2","first-page":"1","article-title":"Deep learning for image-based mobile malware detection","author":"Mercaldo Francesco","year":"2020","unstructured":"Francesco Mercaldo and Antonella Santone. 2020. Deep learning for image-based mobile malware detection. Journal of Computer Virology and Hacking Techniques (2020), 1\u201315.","journal-title":"Journal of Computer Virology and Hacking Techniques"},{"key":"e_1_3_2_109_2","doi-asserted-by":"publisher","DOI":"10.1145\/3374664.3375746"},{"key":"e_1_3_2_110_2","volume-title":"Interpretable Machine Learning","author":"Molnar Christoph","year":"2020","unstructured":"Christoph Molnar. 2020. Interpretable Machine Learning. Lulu.com."},{"key":"e_1_3_2_111_2","article-title":"A review on the use of deep learning in android malware detection","author":"Naway Abdelmonim","year":"2018","unstructured":"Abdelmonim Naway and Yuancheng Li. 2018. A review on the use of deep learning in android malware detection. arXiv:1812.10360.","journal-title":"arXiv:1812.10360"},{"key":"e_1_3_2_112_2","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN.2017.7966078"},{"key":"e_1_3_2_113_2","doi-asserted-by":"publisher","DOI":"10.1145\/3338501.3357374"},{"key":"e_1_3_2_114_2","doi-asserted-by":"publisher","DOI":"10.1145\/3329786"},{"key":"e_1_3_2_115_2","doi-asserted-by":"publisher","DOI":"10.1145\/2939672.2939751"},{"key":"e_1_3_2_116_2","doi-asserted-by":"crossref","first-page":"372","DOI":"10.1109\/EuroSP.2016.36","volume-title":"2016 IEEE European Symposium on Security and Privacy (EuroS&P\u201916)","author":"Papernot Nicolas","year":"2016","unstructured":"Nicolas Papernot, Patrick McDaniel, Somesh Jha, Matt Fredrikson, Z. Berkay Celik, and Ananthram Swami. 2016. The limitations of deep learning in adversarial settings. In 2016 IEEE European Symposium on Security and Privacy (EuroS&P\u201916). IEEE, 372\u2013387."},{"key":"e_1_3_2_117_2","first-page":"1\u201311 (preprint)","article-title":"Combining multi-features with a neural joint model for Android malware detection 1","author":"Pei Xinjun","year":"2020","unstructured":"Xinjun Pei, Long Yu, Shengwei Tian, Huanhuan Wang, and Yongfang Peng. 2020. Combining multi-features with a neural joint model for Android malware detection 1. Journal of Intelligent & Fuzzy Systems (2020), 1\u201311 (preprint).","journal-title":"Journal of Intelligent & Fuzzy Systems"},{"key":"e_1_3_2_118_2","doi-asserted-by":"publisher","DOI":"10.1007\/s00500-019-03940-5"},{"key":"e_1_3_2_119_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.neucom.2018.09.102"},{"key":"e_1_3_2_120_2","first-page":"729","volume-title":"28th USENIX Security Symposium (USENIX Security\u201919)","author":"Pendlebury Feargus","year":"2019","unstructured":"Feargus Pendlebury, Fabio Pierazzi, Roberto Jordaney, Johannes Kinder, and Lorenzo Cavallaro. 2019. \\(\\lbrace TESSERACT\\rbrace\\) : Eliminating experimental bias in malware classification across space and time. In 28th USENIX Security Symposium (USENIX Security\u201919). 729\u2013746."},{"key":"e_1_3_2_121_2","article-title":"Defect reduction planning (using TimeLIME)","author":"Peng Kewen","year":"2020","unstructured":"Kewen Peng and Tim Menzies. 2020. Defect reduction planning (using TimeLIME). arXiv:2006.07416.","journal-title":"arXiv:2006.07416"},{"key":"e_1_3_2_122_2","doi-asserted-by":"publisher","DOI":"10.1145\/2623330.2623732"},{"key":"e_1_3_2_123_2","doi-asserted-by":"publisher","DOI":"10.1145\/3382158"},{"key":"e_1_3_2_124_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-37231-6_22"},{"key":"e_1_3_2_125_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSR52588.2021.00049"},{"key":"e_1_3_2_126_2","doi-asserted-by":"publisher","DOI":"10.1145\/3234150"},{"key":"e_1_3_2_127_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2946392"},{"key":"e_1_3_2_128_2","doi-asserted-by":"publisher","DOI":"10.1145\/3417978"},{"key":"e_1_3_2_129_2","doi-asserted-by":"crossref","unstructured":"Dilini Rajapaksha Chakkrit Tantithamthavorn Christoph Bergmeir Wray Buntine Jirayus Jiarpakdee and John Grundy. 2021. SQAPlanner: Generating data-informed software quality improvement plans.","DOI":"10.1109\/TSE.2021.3070559"},{"key":"e_1_3_2_130_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10796-020-10083-8"},{"key":"e_1_3_2_131_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.adhoc.2020.102098"},{"key":"e_1_3_2_132_2","doi-asserted-by":"publisher","DOI":"10.1145\/2939672.2939778"},{"key":"e_1_3_2_133_2","first-page":"1527","volume-title":"AAAI","author":"Ribeiro Marco Tulio","year":"2018","unstructured":"Marco Tulio Ribeiro, Sameer Singh, and Carlos Guestrin. 2018. Anchors: High-precision model-agnostic explanations. In AAAI, Vol. 18. 1527\u20131535."},{"key":"e_1_3_2_134_2","doi-asserted-by":"publisher","DOI":"10.1109\/EISIC.2012.34"},{"key":"e_1_3_2_135_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.neunet.2014.09.003"},{"key":"e_1_3_2_136_2","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Severi Giorgio","year":"2021","unstructured":"Giorgio Severi, Jim Meyer, Scott Coull, and Alina Oprea. 2021. Explanation-guided backdoor poisoning attacks against malware classifiers. In 30th USENIX Security Symposium (USENIX Security 21)."},{"key":"e_1_3_2_137_2","unstructured":"Lwin Khin Shar Biniam Fisseha Demissie Mariano Ceccato and Wei Minn. 2020. Experimental comparison of features and classifiers for Android malware detection. (2020)."},{"key":"e_1_3_2_138_2","doi-asserted-by":"publisher","DOI":"10.1186\/s13673-018-0125-x"},{"key":"e_1_3_2_139_2","unstructured":"Statista 2020. Mobile Operating Systems\u2019 Market Share Worldwide from January 2012 to July 2020. Retrieved September 9 2020 from https:\/\/www.statista.com\/statistics\/272698\/global-market-share-held-by-mobile-operating-systems-since-2009\/."},{"key":"e_1_3_2_140_2","first-page":"1","article-title":"DroidDeep: Using deep belief network to characterize and detect Android malware","author":"Su Xin","year":"2020","unstructured":"Xin Su, Weiqi Shi, Xilong Qu, Yi Zheng, and Xuchong Liu. 2020. DroidDeep: Using deep belief network to characterize and detect Android malware. Soft Computing (2020), 1\u201314.","journal-title":"Soft Computing"},{"key":"e_1_3_2_141_2","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom.2016.0070"},{"issue":"4","key":"e_1_3_2_142_2","article-title":"Android malware family classification based on deep learning of code images","volume":"46","author":"Sun Yuxia","year":"2019","unstructured":"Yuxia Sun, Yanjia Chen, Yuchang Pan, and Lingyu Wu. 2019. Android malware family classification based on deep learning of code images. IAENG International Journal of Computer Science 46, 4 (2019).","journal-title":"IAENG International Journal of Computer Science"},{"key":"e_1_3_2_143_2","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2015.7298594"},{"key":"e_1_3_2_144_2","first-page":"1","article-title":"Adversarial Android malware detection for mobile multimedia applications in IoT environments","author":"Taheri Rahim","year":"2020","unstructured":"Rahim Taheri, Reza Javidan, and Zahra Pooranian. 2020. Adversarial Android malware detection for mobile multimedia applications in IoT environments. Multimedia Tools and Applications (2020), 1\u201317.","journal-title":"Multimedia Tools and Applications"},{"key":"e_1_3_2_145_2","first-page":"1","article-title":"On defending against label flipping attacks on malware detection systems","author":"Taheri Rahim","year":"2020","unstructured":"Rahim Taheri, Reza Javidan, Mohammad Shojafar, Zahra Pooranian, Ali Miri, and Mauro Conti. 2020. On defending against label flipping attacks on malware detection systems. Neural Computing and Applications (2020), 1\u201320.","journal-title":"Neural Computing and Applications"},{"key":"e_1_3_2_146_2","doi-asserted-by":"publisher","DOI":"10.1145\/3017427"},{"key":"e_1_3_2_147_2","volume-title":"NDSS","author":"Tam Kimberly","year":"2015","unstructured":"Kimberly Tam, Salahuddin J. Khan, Aristide Fattori, and Lorenzo Cavallaro. 2015. Copperdroid: Automatic reconstruction of Android malware behaviors. In NDSS."},{"key":"e_1_3_2_148_2","doi-asserted-by":"publisher","DOI":"10.1109\/WCNC45663.2020.9120765"},{"key":"e_1_3_2_149_2","article-title":"Explainable AI for software engineering","author":"Tantithamthavorn Chakkrit","year":"2020","unstructured":"Chakkrit Tantithamthavorn, Jirayus Jiarpakdee, and John Grundy. 2020. Explainable AI for software engineering. arXiv:2012.01614.","journal-title":"arXiv:2012.01614"},{"key":"e_1_3_2_150_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2018.11.001"},{"key":"e_1_3_2_151_2","first-page":"e3791","article-title":"Detection of clone scammers in Android markets using IoT-based edge computing","author":"Ullah Farhan","year":"2019","unstructured":"Farhan Ullah, Hamad Naeem, Muhammad Rashid Naeem, Sohail Jabbar, Shehazad Khalid, Fadi Al-Turjman, and Abdelrahman Abuarqoub. 2019. Detection of clone scammers in Android markets using IoT-based edge computing. Transactions on Emerging Telecommunications Technologies (2019), e3791.","journal-title":"Transactions on Emerging Telecommunications Technologies"},{"key":"e_1_3_2_152_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2020.107138"},{"key":"e_1_3_2_153_2","article-title":"Graph attention networks","author":"Veli\u010dkovi\u0107 Petar","year":"2017","unstructured":"Petar Veli\u010dkovi\u0107, Guillem Cucurull, Arantxa Casanova, Adriana Romero, Pietro Lio, and Yoshua Bengio. 2017. Graph attention networks. arXiv:1710.10903.","journal-title":"arXiv:1710.10903"},{"key":"e_1_3_2_154_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICACCI.2017.8126084"},{"key":"e_1_3_2_155_2","doi-asserted-by":"publisher","DOI":"10.3233\/jifs-169424"},{"key":"e_1_3_2_156_2","unstructured":"VirusShare.com 2020. Because Sharing is Caring. Retrieved October 11 2020 from https:\/\/virusshare.com\/."},{"key":"e_1_3_2_157_2","doi-asserted-by":"publisher","DOI":"10.1109\/GLOCOM.2017.8254503"},{"key":"e_1_3_2_158_2","doi-asserted-by":"publisher","DOI":"10.1109\/WCNC45663.2020.9120537"},{"key":"e_1_3_2_159_2","first-page":"1","volume-title":"2018 IEEE\/ACM 26th International Symposium on Quality of Service (IWQoS\u201918)","author":"Wang Shanshan","year":"2018","unstructured":"Shanshan Wang, Zhenxiang Chen, Qiben Yan, Ke Ji, Lin Wang, Bo Yang, and Mauro Conti. 2018. Deep and broad learning based detection of Android malware via network traffic. In 2018 IEEE\/ACM 26th International Symposium on Quality of Service (IWQoS\u201918). IEEE, 1\u20136."},{"key":"e_1_3_2_160_2","doi-asserted-by":"publisher","DOI":"10.1007\/s12652-018-0803-6"},{"key":"e_1_3_2_161_2","first-page":"1","article-title":"From static to dynamic word representations: A survey","author":"Wang Yuxuan","year":"2020","unstructured":"Yuxuan Wang, Yutai Hou, Wanxiang Che, and Ting Liu. 2020. From static to dynamic word representations: A survey. International Journal of Machine Learning and Cybernetics (2020), 1\u201320.","journal-title":"International Journal of Machine Learning and Cybernetics"},{"key":"e_1_3_2_162_2","doi-asserted-by":"publisher","DOI":"10.1109\/SARNOF.2016.7846747"},{"key":"e_1_3_2_163_2","article-title":"Review of Android malware detection based on deep learning","author":"Wang Zhiqiang","year":"2020","unstructured":"Zhiqiang Wang, Qian Liu, and Yaping Chi. 2020. Review of Android malware detection based on deep learning. IEEE Access (2020).","journal-title":"IEEE Access"},{"key":"e_1_3_2_164_2","doi-asserted-by":"crossref","first-page":"158","DOI":"10.1109\/EuroSP48549.2020.00018","volume-title":"2020 IEEE European Symposium on Security and Privacy (EuroS&P\u201920)","author":"Warnecke Alexander","year":"2020","unstructured":"Alexander Warnecke, Daniel Arp, Christian Wressnegger, and Konrad Rieck. 2020. Evaluating explanation methods for deep learning in security. In 2020 IEEE European Symposium on Security and Privacy (EuroS&P\u201920). IEEE, 158\u2013174."},{"key":"e_1_3_2_165_2","doi-asserted-by":"crossref","unstructured":"Supatsara Wattanakriengkrai Patanamon Thongtanunam Chakkrit Tantithamthavorn Hideaki Hata and Kenichi Matsumoto. 2022. Predicting Defective Lines Using a Model-Agnostic Technique. IEEE Transactions on Software Engineering 48 5 (2022) 1480\u20131496.","DOI":"10.1109\/TSE.2020.3023177"},{"key":"e_1_3_2_166_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-60876-1_12"},{"key":"e_1_3_2_167_2","article-title":"Attention? Attention","volume":"24","author":"Weng Lilian","year":"2018","unstructured":"Lilian Weng. 2018. Attention? Attention. Lil\u2019Log, June 24 (2018).","journal-title":"Lil\u2019Log, June"},{"key":"e_1_3_2_168_2","doi-asserted-by":"publisher","DOI":"10.1145\/3423096"},{"key":"e_1_3_2_169_2","doi-asserted-by":"publisher","DOI":"10.1109\/AsiaJCIS.2012.18"},{"key":"e_1_3_2_170_2","doi-asserted-by":"publisher","DOI":"10.1145\/3384544.3384546"},{"key":"e_1_3_2_171_2","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363193"},{"key":"e_1_3_2_172_2","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2019.00155"},{"key":"e_1_3_2_173_2","doi-asserted-by":"publisher","DOI":"10.1007\/s11042-017-5104-0"},{"key":"e_1_3_2_174_2","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2017.634"},{"key":"e_1_3_2_175_2","unstructured":"Jiayun Xu Yingjiu Li Robert H. Deng and Ke Xu. 2022. SDAC: A Slow-Aging Solution for Android Malware Detection Using Semantic Distance Based API Clustering. IEEE Transactions on Dependable and Secure Computing 19 2 (2022) 1149\u20131163."},{"key":"e_1_3_2_176_2","first-page":"473","volume-title":"2018 IEEE European Symposium on Security and Privacy (EuroS&P\u201918)","author":"Xu Ke","year":"2018","unstructured":"Ke Xu, Yingjiu Li, Robert H. Deng, and Kai Chen. 2018. DeepRefiner: Multi-layer Android malware detection system applying deep neural networks. In 2018 IEEE European Symposium on Security and Privacy (EuroS&P\u201918). IEEE, 473\u2013487."},{"key":"e_1_3_2_177_2","first-page":"702","volume-title":"Proceedings of SAI Intelligent Systems Conference","author":"Xu Lifan","year":"2016","unstructured":"Lifan Xu, Dongping Zhang, Nuwan Jayasena, and John Cavazos. 2016. HADM: Hybrid analysis for detection of malware. In Proceedings of SAI Intelligent Systems Conference. Springer, 702\u2013724."},{"key":"e_1_3_2_178_2","doi-asserted-by":"crossref","unstructured":"Jinpei Yan Yong Qi and Qifan Rao. 2018. LSTM-based hierarchical denoising network for Android malware detection. Security and Communication Networks 2018 (2018) 5249190.","DOI":"10.1155\/2018\/5249190"},{"key":"e_1_3_2_179_2","volume-title":"30th USENIX Security Symposium (USENIX Security\u201921)","author":"Yang Limin","year":"2021","unstructured":"Limin Yang, Wenbo Guo, Qingying Hao, Arridhana Ciptadi, Ali Ahmadzadeh, Xinyu Xing, and Gang Wang. 2021. CADE: Detecting and explaining concept drift samples for security applications. In 30th USENIX Security Symposium (USENIX Security\u201921)."},{"key":"e_1_3_2_180_2","first-page":"4150","volume-title":"IJCAI","author":"Ye Yanfang","year":"2019","unstructured":"Yanfang Ye, Shifu Hou, Lingwei Chen, Jingwei Lei, Wenqiang Wan, Jiabin Wang, Qi Xiong, and Fudong Shao. 2019. Out-of-sample node representation learning for heterogeneous graph in real-time Android malware detection. In IJCAI. 4150\u20134156."},{"key":"e_1_3_2_181_2","doi-asserted-by":"publisher","DOI":"10.1145\/3073559"},{"key":"e_1_3_2_182_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.microrel.2019.01.007"},{"key":"e_1_3_2_183_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101740"},{"key":"e_1_3_2_184_2","doi-asserted-by":"publisher","DOI":"10.1109\/TNNLS.2018.2886017"},{"key":"e_1_3_2_185_2","doi-asserted-by":"publisher","DOI":"10.1145\/2619239.2631434"},{"key":"e_1_3_2_186_2","doi-asserted-by":"publisher","DOI":"10.1109\/TST.2016.7399288"},{"key":"e_1_3_2_187_2","doi-asserted-by":"publisher","DOI":"10.1145\/3324884.3416582"},{"key":"e_1_3_2_188_2","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417291"},{"key":"e_1_3_2_189_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2019.2947861"},{"key":"e_1_3_2_190_2","doi-asserted-by":"publisher","DOI":"10.1145\/3395351.3399346"},{"key":"e_1_3_2_191_2","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3485387"},{"key":"e_1_3_2_192_2","doi-asserted-by":"crossref","unstructured":"Yanjie Zhao Li Li Haoyu Wang Haipeng Cai Tegawend\u00e9 F. Bissyand\u00e9 Jacques Klein and John Grundy. 2021. On the impact of sample duplication in machine-learning-based android malware detection. ACM Transactions on Software Engineering and Methodology (TOSEM) 30 3 (2021) 1\u201338.","DOI":"10.1145\/3446905"},{"key":"e_1_3_2_193_2","first-page":"49","volume-title":"2019 International Symposium on Theoretical Aspects of Software Engineering (TASE\u201919)","author":"Zhiwu Xu","year":"2019","unstructured":"Xu Zhiwu, Kerong Ren, and Fu Song. 2019. Android malware family classification and characterization using CFG and DFG. In 2019 International Symposium on Theoretical Aspects of Software Engineering (TASE\u201919). IEEE, 49\u201356."},{"key":"e_1_3_2_194_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3007571"},{"key":"e_1_3_2_195_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.16"},{"key":"e_1_3_2_196_2","doi-asserted-by":"crossref","first-page":"438","DOI":"10.1109\/ISCC.2017.8024568","volume-title":"2017 IEEE Symposium on Computers and Communications (ISCC\u201917)","author":"Zhu Dali","year":"2017","unstructured":"Dali Zhu, Hao Jin, Ying Yang, Di Wu, and Weiyi Chen. 2017. DeepFlow: Deep learning-based malware detection by mining Android application for abnormal usage of sensitive data. In 2017 IEEE Symposium on Computers and Communications (ISCC\u201917). IEEE, 438\u2013443."},{"key":"e_1_3_2_197_2","first-page":"1","volume-title":"2019 IEEE Symposium on Computers and Communications (ISCC\u201919)","author":"Zhu Dali","year":"2019","unstructured":"Dali Zhu, Yuchen Ma, Tong Xi, and Yiming Zhang. 2019. FSNet: Android malware detection with only one feature. In 2019 IEEE Symposium on Computers and Communications (ISCC\u201919). IEEE, 1\u20136."},{"key":"e_1_3_2_198_2","doi-asserted-by":"publisher","DOI":"10.1145\/3345768.3355915"},{"key":"e_1_3_2_199_2","doi-asserted-by":"publisher","DOI":"10.1109\/WCNC45663.2020.9120748"},{"key":"e_1_3_2_200_2","unstructured":"Huijuan Zhu Liangmin Wang Sheng Zhong Yang Li and Victor S. Sheng. 2021. A Hybrid Deep Network Framework for Android Malware Detection. IEEE Transactions on Knowledge and Data Engineering 19 (2021) 1-1."}],"container-title":["ACM Computing Surveys"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3544968","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3544968","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:00:01Z","timestamp":1750186801000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3544968"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,12,23]]},"references-count":199,"journal-issue":{"issue":"8","published-print":{"date-parts":[[2023,8,31]]}},"alternative-id":["10.1145\/3544968"],"URL":"https:\/\/doi.org\/10.1145\/3544968","relation":{},"ISSN":["0360-0300","1557-7341"],"issn-type":[{"value":"0360-0300","type":"print"},{"value":"1557-7341","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,12,23]]},"assertion":[{"value":"2021-03-11","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-06-14","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-12-23","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}