{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,15]],"date-time":"2025-08-15T03:01:53Z","timestamp":1755226913931,"version":"3.43.0"},"reference-count":67,"publisher":"Association for Computing Machinery (ACM)","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Softw. Eng. Methodol."],"abstract":"\n Malware family labels and key features used for the decision-making of Android malware detection models fall short of precise comprehension of malicious behaviors due to their coarse granularity. To solve these problems, in this paper, we first introduce the concept of the malicious behavior trajectory (\n MBT<\/jats:italic>\n ) and propose an innovative approach called\n ProMal<\/jats:italic>\n .\n ProMal<\/jats:italic>\n aims to automatically generate malware descriptions with fine granularity through extracted\n MBTs<\/jats:italic>\n from malware for users. Specifically, a labeled dataset of\n MBTs<\/jats:italic>\n is constructed through substantial human efforts to build a behavioral knowledge graph (\n BxKG<\/jats:italic>\n ). The\n BxKG<\/jats:italic>\n is scalable and can be automatically updated using two strategies to ensure its completeness and timeliness: 1) taking into consideration the evolution of Android SDKs, and 2) mining new\n MBTs<\/jats:italic>\n by leveraging the widely-used malware datasets. We highlight that the knowledge graph is essential in\n ProMal<\/jats:italic>\n , which can reason new\n MBTs<\/jats:italic>\n based on existing\n MBTs<\/jats:italic>\n because of its structured data representation and semantic relation modeling, and thus helps effectively extract real\n MBTs<\/jats:italic>\n in Android malware. We evaluated\n ProMal<\/jats:italic>\n on a recent malware dataset where researcher-crafted malware descriptions are available, and the Precision, Recall, and F1-Score of\n MBT<\/jats:italic>\n identification based on\n BxKG<\/jats:italic>\n reached 96.97%, 91.43%, and 0.94, respectively, outperforming the state-of-the-art approaches. Taking\n MBTs<\/jats:italic>\n identified from Android malware as inputs, precise, fine-grained, and human-readable descriptions can be generated using the large language model, whose readability and usability are verified through a user study. The generated descriptions play a significant role in interpreting and comprehending malware behaviors.\n <\/jats:p>","DOI":"10.1145\/3715909","type":"journal-article","created":{"date-parts":[[2025,1,31]],"date-time":"2025-01-31T16:05:51Z","timestamp":1738339551000},"update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Beyond Decision: Android Malware Description Generation through Profiling Malicious Behavior Trajectory"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0008-8584-3360","authenticated-orcid":false,"given":"Chunlian","family":"Wu","sequence":"first","affiliation":[{"name":"College of Intelligence and Computing, Tianjin University, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9477-4100","authenticated-orcid":false,"given":"Sen","family":"Chen","sequence":"additional","affiliation":[{"name":"College of Cryptology and Cyber Science, Nankai University, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-5421-962X","authenticated-orcid":false,"given":"Jiaming","family":"Li","sequence":"additional","affiliation":[{"name":"College of Intelligence and Computing, Tianjin University, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-0782-7734","authenticated-orcid":false,"given":"Renchao","family":"Chai","sequence":"additional","affiliation":[{"name":"College of Intelligence and Computing, Tianjin University, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2428-9297","authenticated-orcid":false,"given":"Lingling","family":"Fan","sequence":"additional","affiliation":[{"name":"College of Cryptology and Cyber Science, Nankai University, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1288-6502","authenticated-orcid":false,"given":"Xiaofei","family":"Xie","sequence":"additional","affiliation":[{"name":"Singapore Management University, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9080-6865","authenticated-orcid":false,"given":"Ruitao","family":"Feng","sequence":"additional","affiliation":[{"name":"Southern Cross University, Australia"}]}],"member":"320","published-online":{"date-parts":[[2025,1,31]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"2020. List of Mobile Security Vendors. https:\/\/www.av-comparatives.org\/list-of-mobile-security-vendors-android\/"},{"key":"e_1_2_1_2_1","unstructured":"2024. Description Generation through Profiling Malicious Behavior Trajectory. https:\/\/github.com\/ProMal4Android\/ProMal4Android"},{"key":"e_1_2_1_3_1","volume-title":"Security and Privacy in Communication Networks: 9th International ICST Conference, SecureComm 2013","author":"Aafer Yousra","year":"2013","unstructured":"Yousra Aafer, Wenliang Du, and Heng Yin. 2013. Droidapiminer: Mining api-level features for robust malware detection in Android. In Security and Privacy in Communication Networks: 9th International ICST Conference, SecureComm 2013, Sydney, NSW, Australia, September 25-28, 2013, Revised Selected Papers 9. Springer, 86\u2013103."},{"key":"e_1_2_1_4_1","first-page":"23","article-title":"Drebin: Effective and explainable detection of Android malware in your pocket","volume":"14","author":"Arp Daniel","year":"2014","unstructured":"Daniel Arp, Michael Spreitzenbarth, Malte Hubner, Hugo Gascon, Konrad Rieck, and CERT Siemens. 2014. Drebin: Effective and explainable detection of Android malware in your pocket.. In NDSS, Vol. 14. 23\u201326.","journal-title":"NDSS"},{"key":"e_1_2_1_5_1","volume-title":"Damien Octeau, and Patrick McDaniel.","author":"Arzt Steven","year":"2014","unstructured":"Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. ACM sigplan notices 49, 6 (2014), 259\u2013269."},{"key":"e_1_2_1_6_1","volume-title":"Proceedings of the 44th ICSE. 1919\u20131931","author":"Cao Michael","year":"2022","unstructured":"Michael Cao, Khaled Ahmed, and Julia Rubin. 2022. Rotten apples spoil the bunch: An anatomy of Google Play malware. In Proceedings of the 44th ICSE. 1919\u20131931."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1016\/J.COSE.2017.11.007"},{"key":"e_1_2_1_8_1","volume-title":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, AsiaCCS 2016","author":"Chen Sen","year":"2016","unstructured":"Sen Chen, Minhui Xue, Zhushou Tang, Lihua Xu, and Haojin Zhu. 2016. StormDroid: A Streaminglized Machine Learning-Based System for Detecting Android Malware. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, AsiaCCS 2016, Xi\u2019an, China, May 30 - June 3, 2016. ACM, 377\u2013388. doi:10.1145\/2897845.2897860"},{"key":"e_1_2_1_9_1","volume-title":"Proceedings of the 9th international conference on Mobile systems, applications, and services. 239\u2013252","author":"Chin Erika","year":"2011","unstructured":"Erika Chin, Adrienne Porter Felt, Kate Greenwood, and David Wagner. 2011. Analyzing inter-application communication in Android. In Proceedings of the 9th international conference on Mobile systems, applications, and services. 239\u2013252."},{"key":"e_1_2_1_10_1","unstructured":"Lisa Ehrlinger and Wolfram W\u00f6\u00df. 2016. Towards a definition of knowledge graphs. In SEMANTiCS (Posters Demos SuCCESS)."},{"key":"e_1_2_1_11_1","volume-title":"Proceedings of the 16th ACM conference on Computer and communications security. 235\u2013245","author":"Enck William","year":"2009","unstructured":"William Enck, Machigar Ongtang, and Patrick McDaniel. 2009. On lightweight mobile phone application certification. In Proceedings of the 16th ACM conference on Computer and communications security. 235\u2013245."},{"key":"e_1_2_1_12_1","first-page":"838","article-title":"Can we trust your explanations? Sanity checks for interpreters in Android malware analysis","volume":"16","author":"Fan Ming","year":"2020","unstructured":"Ming Fan, Wenying Wei, Xiaofei Xie, Yang Liu, Xiaohong Guan, and Ting Liu. 2020. Can we trust your explanations? Sanity checks for interpreters in Android malware analysis. IEEE Transactions on Information Forensics and Security 16 (2020), 838\u2013853.","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2020.3025436"},{"key":"e_1_2_1_14_1","volume-title":"Proceedings of the 22nd ACM SIGSOFT international symposium on foundations of software engineering. 576\u2013587","author":"Feng Yu","year":"2014","unstructured":"Yu Feng, Saswat Anand, Isil Dillig, and Alex Aiken. 2014. Apposcopy: Semantics-based detection of android malware through static analysis. In Proceedings of the 22nd ACM SIGSOFT international symposium on foundations of software engineering. 576\u2013587."},{"key":"e_1_2_1_15_1","volume-title":"2016 8th IFIP international conference on new technologies, mobility and security (NTMS). IEEE, 1\u20135.","author":"Fereidooni Hossein","year":"2016","unstructured":"Hossein Fereidooni, Mauro Conti, Danfeng Yao, and Alessandro Sperduti. 2016. ANASTASIA: ANdroid mAlware detection using STatic analySIs of Applications. In 2016 8th IFIP international conference on new technologies, mobility and security (NTMS). IEEE, 1\u20135."},{"key":"e_1_2_1_16_1","first-page":"110","article-title":"Information flow analysis of android applications in droidsafe","volume":"15","author":"Gordon Michael I","year":"2015","unstructured":"Michael I Gordon, Deokhwan Kim, Jeff H Perkins, Limei Gilham, Nguyen Nguyen, and Martin C Rinard. 2015. Information flow analysis of android applications in droidsafe.. In NDSS, Vol. 15. 110.","journal-title":"NDSS"},{"key":"e_1_2_1_17_1","volume-title":"Local rule-based explanations of black box decision systems. arXiv preprint arXiv:1805.10820","author":"Guidotti Riccardo","year":"2018","unstructured":"Riccardo Guidotti, Anna Monreale, Salvatore Ruggieri, Dino Pedreschi, Franco Turini, and Fosca Giannotti. 2018. Local rule-based explanations of black box decision systems. arXiv preprint arXiv:1805.10820 (2018)."},{"key":"e_1_2_1_18_1","volume-title":"A survey of methods for explaining black box models. ACM computing surveys (CSUR) 51, 5","author":"Guidotti Riccardo","year":"2018","unstructured":"Riccardo Guidotti, Anna Monreale, Salvatore Ruggieri, Franco Turini, Fosca Giannotti, and Dino Pedreschi. 2018. A survey of methods for explaining black box models. ACM computing surveys (CSUR) 51, 5 (2018), 1\u201342."},{"key":"e_1_2_1_19_1","volume-title":"proceedings of the 2018 ACM SIGSAC conference on computer and communications security. 364\u2013379","author":"Guo Wenbo","year":"2018","unstructured":"Wenbo Guo, Dongliang Mu, Jun Xu, Purui Su, Gang Wang, and Xinyu Xing. 2018. Lemna: Explaining deep learning based security applications. In proceedings of the 2018 ACM SIGSAC conference on computer and communications security. 364\u2013379."},{"key":"e_1_2_1_20_1","unstructured":"Pascal Hitzler Markus Kr\u00f6tzsch Bijan Parsia Peter F Patel-Schneider and Sebastian Rudolph. 2009. OWL 2 Web Ontology Language Primer. W3C Recommendation."},{"key":"e_1_2_1_21_1","volume-title":"Roberto Navigli, Sebastian Neumaier, et al.","author":"Hogan Aidan","year":"2021","unstructured":"Aidan Hogan, Eva Blomqvist, Michael Cochez, Claudia d\u2019Amato, Gerard de Melo, Claudio Gutierrez, Sabrina Kirrane, Jos\u00e9 Emilio Labra Gayo, Roberto Navigli, Sebastian Neumaier, et al. 2021. Knowledge graphs. Vol. 12. Morgan & Claypool. 1\u2013242 pages."},{"key":"e_1_2_1_22_1","first-page":"773","article-title":"A multimodal deep learning method for android malware detection using various features","volume":"14","author":"Kim TaeGuen","year":"2018","unstructured":"TaeGuen Kim, BooJoong Kang, Mina Rho, Sakir Sezer, and Eul Gyu Im. 2018. A multimodal deep learning method for android malware detection using various features. IEEE Transactions on Information Forensics and Security 14, 3 (2018), 773\u2013788.","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"e_1_2_1_23_1","doi-asserted-by":"crossref","first-page":"3886","DOI":"10.1109\/TIFS.2020.3003571","article-title":"Adversarial deep ensemble: Evasion attacks and defenses for malware detection","volume":"15","author":"Li Deqiang","year":"2020","unstructured":"Deqiang Li and Qianmu Li. 2020. Adversarial deep ensemble: Evasion attacks and defenses for malware detection. IEEE Transactions on Information Forensics and Security 15 (2020), 3886\u20133900.","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"e_1_2_1_24_1","volume-title":"Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau, and Patrick McDaniel.","author":"Li Li","year":"2015","unstructured":"Li Li, Alexandre Bartel, Tegawend\u00e9 F Bissyand\u00e9, Jacques Klein, Yves Le Traon, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau, and Patrick McDaniel. 2015. Iccta: Detecting inter-component privacy leaks in Android apps. In Proceedings of 37th ICSE, Vol. 1. IEEE, 280\u2013291."},{"key":"e_1_2_1_25_1","doi-asserted-by":"crossref","first-page":"31","DOI":"10.1145\/3236386.3241340","article-title":"The mythos of model interpretability: In machine learning, the concept of interpretability is both important and slippery","volume":"16","author":"Lipton Zachary C","year":"2018","unstructured":"Zachary C Lipton. 2018. The mythos of model interpretability: In machine learning, the concept of interpretability is both important and slippery. Queue 16, 3 (2018), 31\u201357.","journal-title":"Queue"},{"key":"e_1_2_1_26_1","volume-title":"2022 IEEE 33rd International Symposium on Software Reliability Engineering (ISSRE). IEEE, 169\u2013180","author":"Liu Yue","year":"2022","unstructured":"Yue Liu, Chakkrit Tantithamthavorn, Li Li, and Yepang Liu. 2022. Explainable AI for Android malware detection: Towards understanding why the models perform so well?. In 2022 IEEE 33rd International Symposium on Software Reliability Engineering (ISSRE). IEEE, 169\u2013180."},{"key":"e_1_2_1_27_1","doi-asserted-by":"crossref","first-page":"121125","DOI":"10.1016\/j.eswa.2023.121125","article-title":"SeGDroid: An Android malware detection method based on sensitive function call graph learning","volume":"235","author":"Liu Zhen","year":"2024","unstructured":"Zhen Liu, Ruoyu Wang, Nathalie Japkowicz, Heitor Murilo Gomes, Bitao Peng, and Wenbin Zhang. 2024. SeGDroid: An Android malware detection method based on sensitive function call graph learning. Expert Systems with Applications 235 (2024), 121125.","journal-title":"Expert Systems with Applications"},{"key":"e_1_2_1_28_1","volume-title":"A unified approach to interpreting model predictions. Advances in neural information processing systems 30","author":"Lundberg Scott M","year":"2017","unstructured":"Scott M Lundberg and Su-In Lee. 2017. A unified approach to interpreting model predictions. Advances in neural information processing systems 30 (2017)."},{"key":"e_1_2_1_29_1","volume-title":"Mobile Application Development: Practice and Experience: 12th Industry Symposium in Conjunction with 18th ICDCIT 2022. Springer, 47\u201369","author":"Mahindru Arvind","year":"2023","unstructured":"Arvind Mahindru. 2023. Anndroid: a framework for android malware detection using feature selection techniques and machine learning algorithms. In Mobile Application Development: Practice and Experience: 12th Industry Symposium in Conjunction with 18th ICDCIT 2022. Springer, 47\u201369."},{"key":"e_1_2_1_30_1","volume-title":"Proceedings of the seventh ACM on conference on data and application security and privacy. 301\u2013308","author":"McLaughlin Niall","year":"2017","unstructured":"Niall McLaughlin, Jesus Martinez del Rincon, BooJoong Kang, Suleiman Yerima, Paul Miller, Sakir Sezer, Yeganeh Safaei, Erik Trickel, Ziming Zhao, Adam Doup\u00e9, et al. 2017. Deep android malware detection. In Proceedings of the seventh ACM on conference on data and application security and privacy. 301\u2013308."},{"key":"e_1_2_1_31_1","doi-asserted-by":"crossref","first-page":"36","DOI":"10.1145\/3331166","article-title":"Industry-scale knowledge graphs: Lessons and challenges","volume":"62","author":"Noy Natasha","year":"2019","unstructured":"Natasha Noy, Yuqing Gao, Anshu Jain, Annamalai Narayanan, Ankit Patterson, and Jamie Taylor. 2019. Industry-scale knowledge graphs: Lessons and challenges. Commun. ACM 62, 8 (2019), 36\u201343.","journal-title":"Commun. ACM"},{"key":"e_1_2_1_32_1","unstructured":"OpenAI. 2024. ChatGPT (GPT-3.5 architecture). https:\/\/www.openai.com\/chatgpt Large language model."},{"key":"e_1_2_1_33_1","doi-asserted-by":"crossref","first-page":"102513","DOI":"10.1016\/j.cose.2021.102513","article-title":"S3Feature: A static sensitive subgraph-based feature for android malware detection","volume":"112","author":"Ou Fan","year":"2022","unstructured":"Fan Ou and Jian Xu. 2022. S3Feature: A static sensitive subgraph-based feature for android malware detection. Computers & Security 112 (2022), 102513.","journal-title":"Computers & Security"},{"key":"e_1_2_1_34_1","volume-title":"22nd USENIX Security Symposium. 527\u2013542","author":"Pandita Rahul","year":"2013","unstructured":"Rahul Pandita, Xusheng Xiao, Wei Yang, William Enck, and Tao Xie. 2013. WHYPER: Towards automating risk assessment of mobile applications. In 22nd USENIX Security Symposium. 527\u2013542."},{"key":"e_1_2_1_35_1","volume-title":"Knowledge graph refinement: A survey of approaches and evaluation methods. Semantic web 8, 3","author":"Paulheim Heiko","year":"2017","unstructured":"Heiko Paulheim. 2017. Knowledge graph refinement: A survey of approaches and evaluation methods. Semantic web 8, 3 (2017), 489\u2013508."},{"key":"e_1_2_1_36_1","first-page":"23","article-title":"Execute this! analyzing unsafe and malicious dynamic code loading in android applications","volume":"14","author":"Poeplau Sebastian","year":"2014","unstructured":"Sebastian Poeplau, Yanick Fratantonio, Antonio Bianchi, Christopher Kruegel, and Giovanni Vigna. 2014. Execute this! analyzing unsafe and malicious dynamic code loading in android applications.. In NDSS, Vol. 14. 23\u201326.","journal-title":"NDSS"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.48550\/ARXIV.2410.06444"},{"key":"e_1_2_1_38_1","volume-title":"Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. 1354\u20131365","author":"Qu Zhengyang","year":"2014","unstructured":"Zhengyang Qu, Vaibhav Rastogi, Xinyi Zhang, Yan Chen, Tiantian Zhu, and Zhong Chen. 2014. AutoCog: Measuring the description-to-permission fidelity in Android applications. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. 1354\u20131365."},{"key":"e_1_2_1_39_1","volume-title":"Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security. 329\u2013334","author":"Rastogi Vaibhav","year":"2013","unstructured":"Vaibhav Rastogi, Yan Chen, and Xuxian Jiang. 2013. Droidchameleon: evaluating android anti-malware against transformation attacks. In Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security. 329\u2013334."},{"key":"e_1_2_1_40_1","volume-title":"Proceedings of the 22nd ACM SIGKDD international conference on knowledge discovery and data mining. 1135\u20131144","author":"Ribeiro Marco Tulio","year":"2016","unstructured":"Marco Tulio Ribeiro, Sameer Singh, and Carlos Guestrin. 2016. \u201d Why should i trust you?\u201d Explaining the predictions of any classifier. In Proceedings of the 22nd ACM SIGKDD international conference on knowledge discovery and data mining. 1135\u20131144."},{"key":"e_1_2_1_41_1","volume-title":"Proceedings of the 22nd ACM SIGKDD international conference on knowledge discovery and data mining. 1135\u20131144","author":"Ribeiro Marco Tulio","year":"2016","unstructured":"Marco Tulio Ribeiro, Sameer Singh, and Carlos Guestrin. 2016. Why should I trust you?\u2019 Explaining the predictions of any classifier. In Proceedings of the 22nd ACM SIGKDD international conference on knowledge discovery and data mining. 1135\u20131144."},{"key":"e_1_2_1_42_1","volume-title":"Proceedings of the AAAI conference on artificial intelligence","volume":"32","author":"Ribeiro Marco Tulio","year":"2018","unstructured":"Marco Tulio Ribeiro, Sameer Singh, and Carlos Guestrin. 2018. Anchors: High-precision model-agnostic explanations. In Proceedings of the AAAI conference on artificial intelligence, Vol. 32."},{"key":"e_1_2_1_43_1","doi-asserted-by":"crossref","first-page":"32","DOI":"10.1016\/j.jpdc.2022.10.001","article-title":"Malware detection using image representation of malware data and transfer learning","volume":"172","author":"Rustam Furqan","year":"2023","unstructured":"Furqan Rustam, Imran Ashraf, Anca Delia Jurcut, Ali Kashif Bashir, and Yousaf Bin Zikria. 2023. Malware detection using image representation of malware data and transfer learning. J. Parallel and Distrib. Comput. 172 (2023), 32\u201350.","journal-title":"J. Parallel and Distrib. Comput."},{"key":"e_1_2_1_44_1","doi-asserted-by":"crossref","first-page":"14246","DOI":"10.1109\/ACCESS.2022.3146363","article-title":"LinRegDroid: Detection of Android malware using multiple linear regression models-based classifiers","volume":"10","author":"\u015eah\u0131n Durmu\u015f \u00d6zkan","year":"2022","unstructured":"Durmu\u015f \u00d6zkan \u015eah\u0131n, Sedat Akleylek, and Erdal Kili\u00e7. 2022. LinRegDroid: Detection of Android malware using multiple linear regression models-based classifiers. IEEE Access 10 (2022), 14246\u201314259.","journal-title":"IEEE Access"},{"key":"e_1_2_1_45_1","doi-asserted-by":"crossref","first-page":"83","DOI":"10.1109\/TDSC.2016.2536605","article-title":"Madam: Effective and efficient behavior-based android malware detection and prevention","volume":"15","author":"Saracino Andrea","year":"2016","unstructured":"Andrea Saracino, Daniele Sgandurra, Gianluca Dini, and Fabio Martinelli. 2016. Madam: Effective and efficient behavior-based android malware detection and prevention. IEEE Transactions on Dependable and Secure Computing 15, 1 (2016), 83\u201397.","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"volume-title":"Jadx: Dex to Java decompiler. https:\/\/github.com\/skylot\/jadx. Accessed: 2024-08-30.","year":"2024","key":"e_1_2_1_46_1","unstructured":"SkiaBuild. 2024. Jadx: Dex to Java decompiler. https:\/\/github.com\/skylot\/jadx. Accessed: 2024-08-30."},{"key":"e_1_2_1_47_1","unstructured":"VirusTotal. 2019. The website of VirusTotal. https:\/\/www.virustotal.com\/gui\/home\/upload"},{"key":"e_1_2_1_48_1","first-page":"10","volume-title":"Proc. ACM Meas. Anal. Comput. Syst. 6, 2, Article 40 (jun","author":"Wang Liu","year":"2022","unstructured":"Liu Wang, Haoyu Wang, Ren He, Ran Tao, Guozhu Meng, Xiapu Luo, and Xuanzhe Liu. 2022. MalRadar: Demystifying Android Malware in the New Era. Proc. ACM Meas. Anal. Comput. Syst. 6, 2, Article 40 (jun 2022), 27 pages. doi:10.1145\/3530906"},{"key":"e_1_2_1_49_1","doi-asserted-by":"crossref","first-page":"174","DOI":"10.1109\/TR.2019.2927285","article-title":"LSCDroid: Malware detection based on local sensitive API invocation sequences","volume":"69","author":"Wang Weiping","year":"2019","unstructured":"Weiping Wang, Jianjian Wei, Shigeng Zhang, and Xi Luo. 2019. LSCDroid: Malware detection based on local sensitive API invocation sequences. IEEE Transactions on Reliability 69, 1 (2019), 174\u2013187.","journal-title":"IEEE Transactions on Reliability"},{"key":"e_1_2_1_50_1","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1016\/j.pmcj.2016.06.018","article-title":"DroidChain: A novel Android malware detection method based on behavior chains","volume":"32","author":"Wang Zhaoguo","year":"2016","unstructured":"Zhaoguo Wang, Chenglong Li, Zhenlong Yuan, Yi Guan, and Yibo Xue. 2016. DroidChain: A novel Android malware detection method based on behavior chains. Pervasive and Mobile Computing 32 (2016), 3\u201314.","journal-title":"Pervasive and Mobile Computing"},{"key":"e_1_2_1_51_1","volume-title":"DIMVA 2017, Bonn, Germany, July 6-7, 2017, Proceedings 14","author":"Wei Fengguo","year":"2017","unstructured":"Fengguo Wei, Yuping Li, Sankardas Roy, Xinming Ou, and Wu Zhou. 2017. Deep ground truth analysis of current Android malware. In Detection of Intrusions and Malware, and Vulnerability Assessment: 14th International Conference, DIMVA 2017, Bonn, Germany, July 6-7, 2017, Proceedings 14. Springer, 252\u2013276."},{"key":"e_1_2_1_52_1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3183575","article-title":"Amandroid: A precise and general inter-component data flow analysis framework for security vetting of android apps","volume":"21","author":"Wei Fengguo","year":"2018","unstructured":"Fengguo Wei, Sankardas Roy, Xinming Ou, and Robby. 2018. Amandroid: A precise and general inter-component data flow analysis framework for security vetting of android apps. ACM Transactions on Privacy and Security (TOPS) 21, 3 (2018), 1\u201332.","journal-title":"ACM Transactions on Privacy and Security (TOPS)"},{"key":"e_1_2_1_53_1","volume-title":"Denny Zhou, et al.","author":"Wei Jason","year":"2022","unstructured":"Jason Wei, Xuezhi Wang, Dale Schuurmans, Maarten Bosma, Fei Xia, Ed Chi, Quoc V Le, Denny Zhou, et al. 2022. Chain-of-thought prompting elicits reasoning in large language models. Advances in neural information processing systems 35 (2022), 24824\u201324837."},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/3423096"},{"key":"e_1_2_1_55_1","volume-title":"Effective detection of android malware based on the usage of data flow APIs and machine learning. Information and software technology 75","author":"Wu Songyang","year":"2016","unstructured":"Songyang Wu, Pan Wang, Xun Li, and Yong Zhang. 2016. Effective detection of android malware based on the usage of data flow APIs and machine learning. Information and software technology 75 (2016), 17\u201325."},{"key":"e_1_2_1_56_1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3317699","article-title":"Catering to your concerns: automatic generation of personalised security-centric descriptions for Android apps","volume":"3","author":"Wu Tingmin","year":"2019","unstructured":"Tingmin Wu, Lihong Tang, Rongjunchen Zhang, Sheng Wen, Cecile Paris, Surya Nepal, Marthie Grobler, and Yang Xiang. 2019. Catering to your concerns: automatic generation of personalised security-centric descriptions for Android apps. ACM Transactions on Cyber-Physical Systems 3, 4 (2019), 1\u201321.","journal-title":"ACM Transactions on Cyber-Physical Systems"},{"key":"e_1_2_1_57_1","volume-title":"2019 34th IEEE\/ACM International Conference on Automated Software Engineering (ASE). IEEE. doi:10","author":"Wu Yueming","year":"2019","unstructured":"Yueming Wu, Xiaodi Li, Deqing Zou, Wei Yang, Xin Zhang, and Hai Jin. 2019. MalScan: Fast Market-Wide Mobile Malware Scanning by Social-Network Centrality Analysis. In 2019 34th IEEE\/ACM International Conference on Automated Software Engineering (ASE). IEEE. doi:10.1109\/ase.2019.00023"},{"key":"e_1_2_1_58_1","doi-asserted-by":"crossref","first-page":"99","DOI":"10.1109\/TDSC.2017.2675881","article-title":"Leveraging compression-based graph mining for behavior-based malware detection","volume":"16","author":"W\u00fcchner Tobias","year":"2017","unstructured":"Tobias W\u00fcchner, Aleksander Cis\u0142ak, Martin Ochoa, and Alexander Pretschner. 2017. Leveraging compression-based graph mining for behavior-based malware detection. IEEE Transactions on Dependable and Secure Computing 16, 1 (2017), 99\u2013112.","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"e_1_2_1_59_1","volume-title":"2018 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 473\u2013487","author":"Xu Ke","year":"2018","unstructured":"Ke Xu, Yingjiu Li, Robert H Deng, and Kai Chen. 2018. Deeprefiner: Multi-layer android malware detection system applying deep neural networks. In 2018 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 473\u2013487."},{"key":"e_1_2_1_60_1","volume-title":"Proceedings of the ACM\/IEEE 44th International Conference on Software Engineering: Companion Proceedings. 105\u2013109","author":"Yan Jiwei","year":"2022","unstructured":"Jiwei Yan, Shixin Zhang, Yepang Liu, Jun Yan, and Jian Zhang. 2022. Iccbot: fragment-aware and context-sensitive icc resolution for android applications. In Proceedings of the ACM\/IEEE 44th International Conference on Software Engineering: Companion Proceedings. 105\u2013109."},{"key":"e_1_2_1_61_1","doi-asserted-by":"crossref","unstructured":"Chao Yang Zhaoyan Xu Guofei Gu Vinod Yegneswaran and Phillip Porras. 2014. Droidminer: Automated mining and characterization of fine-grained malicious behaviors in android applications. In Computer Security-ESORICS 2014: 19th European Symposium on Research in Computer Security Wroclaw Poland September 7-11 2014. Proceedings Part I 19. Springer 163\u2013182.","DOI":"10.1007\/978-3-319-11203-9_10"},{"key":"e_1_2_1_62_1","volume-title":"Proceedings of the 44th International Conference on Software Engineering. 685\u2013697","author":"Yang Shao","year":"2022","unstructured":"Shao Yang, Yuehan Wang, Yuan Yao, Haoyu Wang, Yanfang Ye, and Xusheng Xiao. 2022. DescribeCtx: context-aware description synthesis for sensitive behaviors in mobile apps. In Proceedings of the 44th International Conference on Software Engineering. 685\u2013697."},{"key":"e_1_2_1_63_1","volume-title":"Towards neural network based malware detection on android mobile devices. Cybersecurity systems for human cognition augmentation","author":"Yu Wei","year":"2014","unstructured":"Wei Yu, Linqiang Ge, Guobin Xu, and Xinwen Fu. 2014. Towards neural network based malware detection on android mobile devices. Cybersecurity systems for human cognition augmentation (2014), 99\u2013117."},{"key":"e_1_2_1_64_1","doi-asserted-by":"crossref","first-page":"114","DOI":"10.1109\/TST.2016.7399288","article-title":"Droiddetector: Android malware characterization and detection using deep learning","volume":"21","author":"Yuan Zhenlong","year":"2016","unstructured":"Zhenlong Yuan, Yongqiang Lu, and Yibo Xue. 2016. Droiddetector: Android malware characterization and detection using deep learning. Tsinghua Science and Technology 21, 1 (2016), 114\u2013123.","journal-title":"Tsinghua Science and Technology"},{"key":"e_1_2_1_65_1","volume-title":"Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. 518\u2013529","author":"Zhang Mu","year":"2015","unstructured":"Mu Zhang, Yue Duan, Qian Feng, and Heng Yin. 2015. Towards automatic generation of security-centric descriptions for Android apps. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. 518\u2013529."},{"key":"e_1_2_1_66_1","volume-title":"2012 IEEE symposium on security and privacy. IEEE, 95\u2013109","author":"Zhou Yajin","year":"2012","unstructured":"Yajin Zhou and Xuxian Jiang. 2012. Dissecting Android malware: Characterization and evolution. In 2012 IEEE symposium on security and privacy. IEEE, 95\u2013109."},{"key":"e_1_2_1_67_1","first-page":"50","article-title":"Hey, you, get off of my market: detecting malicious apps in official and alternative Android markets","volume":"25","author":"Zhou Yajin","year":"2012","unstructured":"Yajin Zhou, Zhi Wang, Wu Zhou, and Xuxian Jiang. 2012. Hey, you, get off of my market: detecting malicious apps in official and alternative Android markets.. In NDSS, Vol. 25. 50\u201352.","journal-title":"NDSS"}],"container-title":["ACM Transactions on Software Engineering and Methodology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3715909","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,31]],"date-time":"2025-01-31T16:06:59Z","timestamp":1738339619000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3715909"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,1,31]]},"references-count":67,"alternative-id":["10.1145\/3715909"],"URL":"https:\/\/doi.org\/10.1145\/3715909","relation":{},"ISSN":["1049-331X","1557-7392"],"issn-type":[{"type":"print","value":"1049-331X"},{"type":"electronic","value":"1557-7392"}],"subject":[],"published":{"date-parts":[[2025,1,31]]},"assertion":[{"value":"2024-06-15","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-01-09","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-01-31","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"3715909"}}