{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,1]],"date-time":"2025-10-01T16:24:37Z","timestamp":1759335877364,"version":"3.37.3"},"reference-count":42,"publisher":"Wiley","license":[{"start":{"date-parts":[[2021,4,23]],"date-time":"2021-04-23T00:00:00Z","timestamp":1619136000000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U1836104","61702235","30918012204"],"award-info":[{"award-number":["U1836104","61702235","30918012204"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100012226","name":"Fundamental Research Funds for the Central Universities","doi-asserted-by":"publisher","award":["U1836104","61702235","30918012204"],"award-info":[{"award-number":["U1836104","61702235","30918012204"]}],"id":[{"id":"10.13039\/501100012226","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Security and Communication Networks"],"published-print":{"date-parts":[[2021,4,23]]},"abstract":"<jats:p>Mobile malware poses a great challenge to mobile devices and mobile communication. With the explosive growth of mobile networks, it is significant to detect mobile malware for mobile security. Since most mobile malware relies on the networks to coordinate operations, steal information, or launch attacks, evading network monitor is difficult for the mobile malware. In this paper, we present an N-gram, semantic-based neural modeling method to detect the network traffic generated by the mobile malware. In the proposed scheme, we segment the network traffic into flows and extract the application layer payload from each packet. Then, the generated flow payload data are converted into the text form as the input of the proposed model. Each flow text consists of several domains with 20 words. The proposed scheme models the domain representation using convolutional neural network with multiwidth kernels from each domain. Afterward, relationships of domains are adaptively encoded in flow representation using gated recurrent network and then the classification result is obtained from an attention layer. A series of experiments have been conducted to verify the effectiveness of our proposed scheme. In addition, to compare with the state-of-the-art methods, several comparative experiments also are conducted. The experiment results depict that our proposed scheme is better in terms of accuracy.<\/jats:p>","DOI":"10.1155\/2021\/5599556","type":"journal-article","created":{"date-parts":[[2021,4,23]],"date-time":"2021-04-23T20:38:55Z","timestamp":1619210335000},"page":"1-17","source":"Crossref","is-referenced-by-count":14,"title":["N-Gram, Semantic-Based Neural Network for Mobile Malware Network Traffic Detection"],"prefix":"10.1155","volume":"2021","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8985-6977","authenticated-orcid":true,"given":"Huiwen","family":"Bai","sequence":"first","affiliation":[{"name":"School of Automation, Nanjing University of Science and Technology, Nanjing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4729-7406","authenticated-orcid":true,"given":"Guangjie","family":"Liu","sequence":"additional","affiliation":[{"name":"School of Electronic and Information Engineering, Nanjing University of Information Science and Technology, Nanjing, China"}]},{"given":"Weiwei","family":"Liu","sequence":"additional","affiliation":[{"name":"School of Automation, Nanjing University of Science and Technology, Nanjing, China"}]},{"given":"Yingxue","family":"Quan","sequence":"additional","affiliation":[{"name":"School of Automation, Nanjing University of Science and Technology, Nanjing, China"}]},{"given":"Shuhua","family":"Huang","sequence":"additional","affiliation":[{"name":"School of Automation, Nanjing University of Science and Technology, Nanjing, China"}]}],"member":"311","reference":[{"article-title":"Number of apps 2009\u20132016","year":"2017","author":"G. Play","key":"1"},{"key":"2"},{"issue":"5","key":"3","doi-asserted-by":"crossref","first-page":"1096","DOI":"10.1109\/TIFS.2017.2771228","article-title":"Detecting android malware leveraging text semantics of network flows","volume":"13","author":"S. Wang","year":"2017","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"4","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04492-2_3"},{"key":"5","doi-asserted-by":"publisher","DOI":"10.1109\/access.2019.2918139"},{"key":"6","doi-asserted-by":"publisher","DOI":"10.18046\/syt.v14i37.2241"},{"first-page":"300","article-title":"Machine learning for Android malware detection using permission and API calls","author":"N. Peiravian","key":"7"},{"issue":"2","key":"8","article-title":"MaMaDroid: detecting Android malware by building Markov chains of behavioral models (extended version)","volume":"2","author":"L. Onwuzurike","year":"2019","journal-title":"ACM Transactions on Information and System Security"},{"first-page":"1507","article-title":"HinDroid: an intelligent Android malware detection system based on structured heterogeneous information network","author":"S. Hou","key":"9"},{"key":"10","doi-asserted-by":"publisher","DOI":"10.1155\/2015\/479174"},{"first-page":"611","article-title":"Vetting undesirable behaviors in Android apps with permission use analysis","author":"Y. Zhang","key":"11"},{"first-page":"1","article-title":"SigPID: significant permission identification for Android malware detection","author":"L. Sun","key":"12"},{"first-page":"1","article-title":"DeepDroid: dynamically enforcing enterprise policy on Android devices","author":"X. Wang","key":"13"},{"key":"14","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2018.01.007"},{"first-page":"1","article-title":"Toward developing a systematic approach to generate benchmark Android malware datasets and classification","author":"A. H. Lashkari","key":"15"},{"first-page":"1666","article-title":"Applying machine learning classifiers to dynamic Android malware detection at scale","author":"B. Amos","key":"16"},{"first-page":"281","article-title":"RiskRanker: scalable and accurate zero-day Android malware detection","author":"M. Grace","key":"17"},{"first-page":"209","article-title":"Apps play ground: automatic security analysis of smartphone applications","author":"V. Rastogi","key":"18"},{"first-page":"737","article-title":"Andro-profiler: anti-malware system based on behavior profiling of mobile malware","author":"J. W. Jang","key":"19"},{"key":"20","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2010.03.046"},{"first-page":"1","article-title":"Extensible Android malware detection and family classification using network-flows and API- calls","author":"L. Taheri","key":"21"},{"issue":"3","key":"22","doi-asserted-by":"crossref","first-page":"1277","DOI":"10.3233\/JIFS-169424","article-title":"Detecting Android malware using long short-term memory (LSTM)","volume":"34","author":"R. Vinayakumar","year":"2018","journal-title":"Journal of Intelligent & Fuzzy Systems"},{"key":"23"},{"issue":"12","key":"24","first-page":"2882","article-title":"Automatic generation of string signatures for malware detection","volume":"87","author":"K. Griffin","year":"2009","journal-title":"Signal Process"},{"first-page":"226","article-title":"Polygraph: automatically gener- ating signatures for polymorphic worms","author":"J. Newsome","key":"25"},{"author":"S. Singh","key":"26","article-title":"Automated worm fingerprinting"},{"article-title":"An architecture for generating semantics-aware signatures","author":"V. Yegneswaran","key":"27","doi-asserted-by":"crossref","DOI":"10.21236\/ADA449063"},{"first-page":"26","article-title":"Behavioral clustering of HTTP-based malware and signature generation using malicious network traces","author":"R. Perdisci","key":"28"},{"first-page":"128","article-title":"Clustering android malware families by traffic","author":"M. Aresu","key":"29"},{"first-page":"233","article-title":"Towards a network-based framework for android malware detection and characterization","author":"A. Lashkar","key":"30"},{"first-page":"66","article-title":"Malware detection using network traffic analysis in Android based mobile devices","author":"A. Arora","key":"31"},{"first-page":"444","article-title":"IoT malware network traffic classification using visual representation and deep learning","author":"G. Bendiab","key":"32"},{"key":"33","doi-asserted-by":"publisher","DOI":"10.1109\/access.2020.3008081"},{"first-page":"1036","article-title":"AsDroid: detecting stealthy behaviors in Android applications by user interface and program behavior contradiction","author":"J. Huang","key":"34"},{"first-page":"527","article-title":"WHYPER: towards automating risk assessment of mobile applications","author":"R. Pandita","key":"35"},{"first-page":"993","article-title":"UIPicker: user-input privacy identification in mobile applications","author":"Y. Nan","key":"36"},{"key":"37","doi-asserted-by":"publisher","DOI":"10.1109\/tnet.2014.2381230"},{"author":"J. Ren","key":"38","article-title":"ReCon: revealing and controlling PII leaks in mobile network traffic"},{"key":"39"},{"article-title":"Contagio mobile malware mini dump","year":"2016","author":"V. Total","key":"40"},{"first-page":"78","article-title":"Android botnets: what urls are telling us","author":"A. F. A. Kadir","key":"41"},{"first-page":"436","article-title":"Droidkin: lightweight detection of android apps similarity","author":"H. Gonzalez","key":"42"}],"container-title":["Security and Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2021\/5599556.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2021\/5599556.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2021\/5599556.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,23]],"date-time":"2021-04-23T20:39:02Z","timestamp":1619210342000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.hindawi.com\/journals\/scn\/2021\/5599556\/"}},"subtitle":[],"editor":[{"given":"Qi","family":"Liu","sequence":"additional","affiliation":[]}],"short-title":[],"issued":{"date-parts":[[2021,4,23]]},"references-count":42,"alternative-id":["5599556","5599556"],"URL":"https:\/\/doi.org\/10.1155\/2021\/5599556","relation":{},"ISSN":["1939-0122","1939-0114"],"issn-type":[{"type":"electronic","value":"1939-0122"},{"type":"print","value":"1939-0114"}],"subject":[],"published":{"date-parts":[[2021,4,23]]}}}