{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,3]],"date-time":"2026-06-03T20:47:44Z","timestamp":1780519664575,"version":"3.54.1"},"reference-count":122,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2022,8,2]],"date-time":"2022-08-02T00:00:00Z","timestamp":1659398400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2022,8,2]],"date-time":"2022-08-02T00:00:00Z","timestamp":1659398400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100003816","name":"Huawei Technologies","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100003816","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"published-print":{"date-parts":[[2022,12]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>As the smartphone market leader, Android has been a prominent target for malware attacks. The number of malicious applications (apps) identified for it has increased continually over the past decade, creating an immense challenge for all parties involved. For market holders and researchers, in particular, the large number of samples has made manual malware detection unfeasible, leading to an influx of research that investigate Machine Learning (ML) approaches to automate this process. However, while some of the proposed approaches achieve high performance, rapidly evolving Android malware has made them unable to maintain their accuracy over time. This has created a need in the community to conduct further research, and build more flexible ML pipelines. Doing so, however, is currently hindered by a lack of systematic overview of the existing literature, to learn from and improve upon the existing solutions. Existing survey papers often focus only on parts of the ML process (e.g., data collection or model deployment), while omitting other important stages, such as model evaluation and explanation. In this paper, we address this problem with a review of 42 highly-cited papers, spanning a decade of research (from 2011 to 2021). We introduce a novel procedural taxonomy of the published literature, covering how they have used ML algorithms, what features they have engineered, which dimensionality reduction techniques they have employed, what datasets they have employed for training, and what their evaluation and explanation strategies are. Drawing from this taxonomy, we also identify gaps in knowledge and provide ideas for improvement and future work.<\/jats:p>","DOI":"10.1186\/s42400-022-00119-8","type":"journal-article","created":{"date-parts":[[2022,8,2]],"date-time":"2022-08-02T01:04:02Z","timestamp":1659402242000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":22,"title":["On building machine learning pipelines for Android malware detection: a procedural survey of practices, challenges and opportunities"],"prefix":"10.1186","volume":"5","author":[{"given":"Masoud","family":"Mehrabi Koushki","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Ibrahim","family":"AbuAlhaol","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Anandharaju Durai","family":"Raju","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yang","family":"Zhou","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Ronnie Salvador","family":"Giagone","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Huang","family":"Shengqiang","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2022,8,2]]},"reference":[{"key":"119_CR1","doi-asserted-by":"crossref","unstructured":"Aafer Y, Du W, Yin H (2013) DroidAPIMiner: mining API-level features for robust malware detection in android. In: International conference on security and privacy in communication systems. Springer, pp 86\u2013103","DOI":"10.1007\/978-3-319-04283-1_6"},{"key":"119_CR2","unstructured":"ACM (2021) ACM Digital Library. https:\/\/dl.acm.org\/"},{"issue":"1","key":"119_CR3","doi-asserted-by":"publisher","first-page":"9","DOI":"10.1007\/s11416-014-0226-7","volume":"11","author":"VM Afonso","year":"2015","unstructured":"Afonso VM, de Amorim MF, Gr\u00e9gio ARA, Junquera GB, de Geus PL (2015) Identifying android malware using dynamically obtained features. J Comput Virol Hacking Tech 11(1):9\u201317","journal-title":"J Comput Virol Hacking Tech"},{"key":"119_CR4","doi-asserted-by":"publisher","unstructured":"Allix K, Bissyand\u00e9 TF, Klein J, Le\u00a0Traon Y (2016) AndroZoo: collecting millions of android apps for the research community. In: Proceedings of the 13th international conference on mining software repositories. MSR \u201916. ACM, New York, NY, USA, pp 468\u2013471. https:\/\/doi.org\/10.1145\/2901739.2903508","DOI":"10.1145\/2901739.2903508"},{"key":"119_CR5","doi-asserted-by":"publisher","first-page":"101663","DOI":"10.1016\/j.cose.2019.101663","volume":"89","author":"MK Alzaylaee","year":"2020","unstructured":"Alzaylaee MK, Yerima SY, Sezer S (2020) DL-Droid: deep learning based android malware detection using real devices. Comput Secur 89:101663. https:\/\/doi.org\/10.1016\/j.cose.2019.101663","journal-title":"Comput Secur"},{"key":"119_CR6","doi-asserted-by":"crossref","unstructured":"Amos B, Turner H, White J (2013) Applying machine learning classifiers to dynamic android malware detection at scale. In: 2013 9th international wireless communications and mobile computing conference (IWCMC). IEEE, pp 1666\u20131671","DOI":"10.1109\/IWCMC.2013.6583806"},{"key":"119_CR7","unstructured":"API A (2020) SELinux on android. https:\/\/source.android.com\/security\/selinux. Accessed 11 June 2020"},{"key":"119_CR8","unstructured":"APKTool (2021) APKTool. https:\/\/ibotpeaches.github.io\/Apktool\/"},{"key":"119_CR9","first-page":"23","volume":"14","author":"D Arp","year":"2014","unstructured":"Arp D, Spreitzenbarth M, Hubner M, Gascon H, Rieck K, Siemens C (2014) Drebin: effective and explainable detection of android malware in your pocket. NDSS 14:23\u201326","journal-title":"NDSS"},{"issue":"2","key":"119_CR10","first-page":"463","volume":"7","author":"S Arshad","year":"2016","unstructured":"Arshad S, Shah MA, Khan A, Ahmed M (2016) Android malware detection & protection: a survey. Int J Adv Comput Sci Appl 7(2):463\u2013475","journal-title":"Int J Adv Comput Sci Appl"},{"issue":"8","key":"119_CR11","doi-asserted-by":"publisher","first-page":"3133","DOI":"10.1007\/s00521-020-05195-w","volume":"33","author":"K Bakour","year":"2021","unstructured":"Bakour K, \u00dcnver HM (2021) VisDroid: android malware classification based on local and global image features, bag of visual words and machine learning techniques. Neural Comput Appl 33(8):3133\u20133153","journal-title":"Neural Comput Appl"},{"key":"119_CR12","doi-asserted-by":"crossref","unstructured":"Balzarotti D, Cova M, Felmetsger V, Jovanovic N, Kirda E, Kruegel C, Vigna G (2008) Saner: composing static and dynamic analysis to validate sanitization in web applications. In: 2008 IEEE symposium on security and privacy (SP 2008). IEEE, pp 387\u2013401","DOI":"10.1109\/SP.2008.22"},{"key":"119_CR13","doi-asserted-by":"crossref","unstructured":"Bhatt U, Xiang A, Sharma S, Weller A, Taly A, Jia Y, Ghosh J, Puri R, Moura JM, Eckersley P (2020) Explainable machine learning in deployment. In: Proceedings of the 2020 conference on fairness, accountability, and transparency, pp 648\u2013657","DOI":"10.1145\/3351095.3375624"},{"issue":"2","key":"119_CR14","doi-asserted-by":"publisher","first-page":"1153","DOI":"10.1109\/COMST.2015.2494502","volume":"18","author":"AL Buczak","year":"2015","unstructured":"Buczak AL, Guven E (2015) A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun Surv Tutor 18(2):1153\u20131176","journal-title":"IEEE Commun Surv Tutor"},{"key":"119_CR15","doi-asserted-by":"crossref","unstructured":"Burguera I, Zurutuza U, Nadjm-Tehrani S (2011) Crowdroid: behavior-based malware detection system for android. In: Proceedings of the 1st ACM workshop on security and privacy in smartphones and mobile devices, pp 15\u201326","DOI":"10.1145\/2046614.2046619"},{"key":"119_CR16","unstructured":"Cai H (2018) A preliminary study on the sustainability of android malware detection. arXiv preprint arXiv:1807.08221"},{"issue":"2","key":"119_CR17","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3371924","volume":"29","author":"H Cai","year":"2020","unstructured":"Cai H (2020) Assessing and improving malware detection sustainability through app evolution studies. ACM Trans Softw Eng Methodol (TOSEM) 29(2):1\u201328","journal-title":"ACM Trans Softw Eng Methodol (TOSEM)"},{"issue":"12","key":"119_CR18","doi-asserted-by":"publisher","first-page":"2934","DOI":"10.1109\/TSE.2020.2975176","volume":"47","author":"H Cai","year":"2020","unstructured":"Cai H, Ryder BG (2020) A longitudinal study of application structure and behaviors in android. IEEE Trans Softw Eng 47(12):2934\u20132955","journal-title":"IEEE Trans Softw Eng"},{"issue":"6","key":"119_CR19","doi-asserted-by":"publisher","first-page":"1455","DOI":"10.1109\/TIFS.2018.2879302","volume":"14","author":"H Cai","year":"2018","unstructured":"Cai H, Meng N, Ryder B, Yao D (2018) DroidCat: effective android malware detection and categorization via app-level profiling. IEEE Trans Inf Forensics Secur 14(6):1455\u20131470","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"119_CR20","doi-asserted-by":"publisher","first-page":"106291","DOI":"10.1016\/j.infsof.2020.106291","volume":"122","author":"H Cai","year":"2020","unstructured":"Cai H, Fu X, Hamou-Lhadj A (2020) A study of run-time behavioral evolution of benign versus malicious apps in android. Inf Softw Technol 122:106291","journal-title":"Inf Softw Technol"},{"key":"119_CR21","doi-asserted-by":"crossref","unstructured":"Cai H, Ryder BG (2017) Artifacts for dynamic analysis of android apps. In: 2017 IEEE international conference on software maintenance and evolution (ICSME). IEEE, p 659","DOI":"10.1109\/ICSME.2017.36"},{"key":"119_CR22","unstructured":"Carlini N, Athalye A, Papernot N, Brendel W, Rauber J, Tsipras D, Goodfellow I, Madry A, Kurakin A (2019) On evaluating adversarial robustness. arXiv preprint arXiv:1902.06705"},{"issue":"1","key":"119_CR23","first-page":"44","volume":"12","author":"R Casolare","year":"2021","unstructured":"Casolare R, De Dominicis C, Iadarola G, Martinelli F, Mercaldo F, Santone A (2021) Dynamic mobile malware detection through system call-based image representation. J Wirel Mob Netw Ubiquitous Comput Dependable Appl 12(1):44\u201363","journal-title":"J Wirel Mob Netw Ubiquitous Comput Dependable Appl"},{"key":"119_CR24","unstructured":"Chen K, Wang P, Lee Y, Wang X, Zhang N, Huang H, Zou W, Liu P (2015) Finding unknown malice in 10 seconds: mass vetting for new threats at the google-play scale. In: 24th $$\\{\\text{USENIX}\\}$$ security symposium ($$\\{\\text{ USENIX }\\}$$ security 15), pp 659\u2013674"},{"key":"119_CR25","unstructured":"Contagio (2021) Mobile malware mini dump. http:\/\/contagiominidump.blogspot.com\/. Accessed 01 June 2021"},{"issue":"3","key":"119_CR26","doi-asserted-by":"publisher","first-page":"141","DOI":"10.1080\/15536548.2015.1073510","volume":"11","author":"M Damshenas","year":"2015","unstructured":"Damshenas M, Dehghantanha A, Choo K-KR, Mahmud R (2015) M0Droid: an android behavioral-based malware detection model. J Inf Privacy Secur 11(3):141\u2013157. https:\/\/doi.org\/10.1080\/15536548.2015.1073510","journal-title":"J Inf Privacy Secur"},{"key":"119_CR27","doi-asserted-by":"crossref","unstructured":"Darwaish A, Na\u00eft-Abdesselam F, Titouna C, Sattar S (2021) Robustness of image-based android malware detection under adversarial attacks. In: ICC 2021-IEEE international conference on communications. IEEE, pp 1\u20136","DOI":"10.1109\/ICC42927.2021.9500425"},{"key":"119_CR28","volume-title":"Hands-on automated machine learning: a beginner\u2019s guide to building automated machine learning systems using AutoML and Python","author":"S Das","year":"2018","unstructured":"Das S, Cakmak UM (2018) Hands-on automated machine learning: a beginner\u2019s guide to building automated machine learning systems using AutoML and Python. Packt Publishing Ltd, Birmingham"},{"issue":"4","key":"119_CR29","doi-asserted-by":"publisher","first-page":"711","DOI":"10.1109\/TDSC.2017.2700270","volume":"16","author":"A Demontis","year":"2019","unstructured":"Demontis A, Melis M, Biggio B, Maiorca D, Arp D, Rieck K, Corona I, Giacinto G, Roli F (2019) Yes, machine learning can be more secure! a case study on android malware detection. IEEE Trans Dependable Secure Comput 16(4):711\u2013724. https:\/\/doi.org\/10.1109\/TDSC.2017.2700270","journal-title":"IEEE Trans Dependable Secure Comput"},{"key":"119_CR30","doi-asserted-by":"crossref","unstructured":"Dini G, Martinelli F, Saracino A, Sgandurra D (2012) MADAM: a multi-level anomaly detector for android malware. In: International conference on mathematical methods, models, and architectures for computer network security. Springer, pp 240\u2013253","DOI":"10.1007\/978-3-642-33704-8_21"},{"key":"119_CR31","unstructured":"Docs M (2022) What are Azue machine learning pipelines? https:\/\/docs.microsoft.com\/en-us\/azure\/machine-learning\/concept-ml-pipelines. Accessed 01 March 2022"},{"key":"119_CR32","volume-title":"Android security internals: an in-depth guide to android security architecture","author":"N Elenkov","year":"2014","unstructured":"Elenkov N (2014) Android security internals: an in-depth guide to android security architecture. No Starch Press, San Francisco, CA"},{"key":"119_CR33","doi-asserted-by":"publisher","unstructured":"Enck W, Ongtang M, McDaniel P (2009) On lightweight mobile phone application certification. In: Proceedings of the 16th ACM conference on computer and communications security. CCS \u201909. Association for Computing Machinery, New York, NY, USA, pp 235\u2013245. https:\/\/doi.org\/10.1145\/1653662.1653691","DOI":"10.1145\/1653662.1653691"},{"issue":"2","key":"119_CR34","doi-asserted-by":"publisher","first-page":"998","DOI":"10.1109\/COMST.2014.2386139","volume":"17","author":"P Faruki","year":"2014","unstructured":"Faruki P, Bharmal A, Laxmi V, Ganmoor V, Gaur MS, Conti M, Rajarajan M (2014) Android security: a survey of issues, malware penetration, and defenses. IEEE Commun Surv Tutor 17(2):998\u20131022","journal-title":"IEEE Commun Surv Tutor"},{"issue":"01","key":"119_CR35","first-page":"1","volume":"9","author":"M Fatima","year":"2017","unstructured":"Fatima M, Pasha M et al (2017) Survey of machine learning algorithms for disease diagnostic. J Intell Learn Syst Appl 9(01):1","journal-title":"J Intell Learn Syst Appl"},{"key":"119_CR36","doi-asserted-by":"publisher","first-page":"22","DOI":"10.1016\/j.diin.2015.02.001","volume":"13","author":"A Feizollah","year":"2015","unstructured":"Feizollah A, Anuar NB, Salleh R, Wahab AWA (2015) A review on feature selection in mobile malware detection. Digit Investig 13:22\u201337. https:\/\/doi.org\/10.1016\/j.diin.2015.02.001","journal-title":"Digit Investig"},{"key":"119_CR37","doi-asserted-by":"publisher","first-page":"30996","DOI":"10.1109\/ACCESS.2018.2844349","volume":"6","author":"P Feng","year":"2018","unstructured":"Feng P, Ma J, Sun C, Xu X, Ma Y (2018) A novel dynamic android malware detection system with ensemble learning. IEEE Access 6:30996\u201331011. https:\/\/doi.org\/10.1109\/ACCESS.2018.2844349","journal-title":"IEEE Access"},{"key":"119_CR38","doi-asserted-by":"publisher","unstructured":"Gascon H, Yamaguchi F, Arp D, Rieck K (2013) Structural detection of android malware using embedded call graphs. In: Proceedings of the 2013 ACM workshop on artificial intelligence and security. AISec \u201913. Association for Computing Machinery, New York, NY, USA, pp 45\u201354. https:\/\/doi.org\/10.1145\/2517312.2517315","DOI":"10.1145\/2517312.2517315"},{"key":"119_CR39","volume-title":"Practical MLOps","author":"N Gift","year":"2021","unstructured":"Gift N, Deza A (2021) Practical MLOps. O\u2019Reilly Media Inc, Sebastopol, CA"},{"key":"119_CR40","unstructured":"Google (2021) Google Scholar. https:\/\/scholar.google.com"},{"key":"119_CR41","doi-asserted-by":"publisher","unstructured":"Grace M, Zhou Y, Zhang Q, Zou S, Jiang X (2012) Riskranker: scalable and accurate zero-day android malware detection. In: Proceedings of the 10th international conference on mobile systems, applications, and services. MobiSys \u201912. Association for Computing Machinery, New York, NY, USA, pp 281\u2013294. https:\/\/doi.org\/10.1145\/2307636.2307663","DOI":"10.1145\/2307636.2307663"},{"key":"119_CR42","unstructured":"Hex-rays (2021) IDA Pro. https:\/\/hex-rays.com\/ida-pro\/"},{"key":"119_CR43","doi-asserted-by":"crossref","unstructured":"Holland B, Santhanam GR, Awadhutkar P, Kothari S (2016) Statically-informed dynamic analysis tools to detect algorithmic complexity vulnerabilities. In: 2016 IEEE 16th international working conference on source code analysis and manipulation (SCAM). IEEE, pp 79\u201384","DOI":"10.1109\/SCAM.2016.23"},{"key":"119_CR44","doi-asserted-by":"crossref","unstructured":"Hou S, Fan Y, Zhang Y, Ye Y, Lei J, Wan W, Wang J, Xiong Q, Shao F (2019) $$\\alpha$$cyber: enhancing robustness of android malware detection system against adversarial attacks on heterogeneous graph based model. In: Proceedings of the 28th ACM international conference on information and knowledge management, pp 609\u2013618","DOI":"10.1145\/3357384.3357875"},{"key":"119_CR45","unstructured":"IEEE (2021) IEEE Xplore. https:\/\/ieeexplore.ieee.org\/Xplore\/home.jsp"},{"key":"119_CR46","unstructured":"Inc G (2020) Android developer guides. https:\/\/developer.android.com\/guide\/. Accessed 17 April 2020"},{"key":"119_CR47","unstructured":"Inc G (2021) Behaviour changes in android 12. https:\/\/developer.android.com\/about\/versions\/12\/behavior-changes-12. Accessed 07 July 2021"},{"key":"119_CR48","doi-asserted-by":"publisher","first-page":"48","DOI":"10.1016\/j.diin.2018.01.007","volume":"24","author":"EB Karbab","year":"2018","unstructured":"Karbab EB, Debbabi M, Derhab A, Mouheb D (2018) MalDozer: automatic framework for android malware detection using deep learning. Digit Investig 24:48\u201359. https:\/\/doi.org\/10.1016\/j.diin.2018.01.007","journal-title":"Digit Investig"},{"key":"119_CR49","unstructured":"Kaspersky (2021) Mobile malware evolution 2020. https:\/\/securelist.com\/mobile-malware-evolution-2020\/101029\/. Accessed 01 June 2021"},{"issue":"3","key":"119_CR50","doi-asserted-by":"publisher","first-page":"773","DOI":"10.1109\/TIFS.2018.2866319","volume":"14","author":"T Kim","year":"2019","unstructured":"Kim T, Kang B, Rho M, Sezer S, Im EG (2019) A multimodal deep learning method for android malware detection using various features. IEEE Trans Inf Forensics Secur 14(3):773\u2013788. https:\/\/doi.org\/10.1109\/TIFS.2018.2866319","journal-title":"IEEE Trans Inf Forensics Secur"},{"issue":"7","key":"119_CR51","doi-asserted-by":"publisher","first-page":"3216","DOI":"10.1109\/TII.2017.2789219","volume":"14","author":"J Li","year":"2018","unstructured":"Li J, Sun L, Yan Q, Li Z, Srisa-an W, Ye H (2018) Significant permission identification for machine-learning-based android malware detection. IEEE Trans Ind Inf 14(7):3216\u20133225. https:\/\/doi.org\/10.1109\/TII.2017.2789219","journal-title":"IEEE Trans Ind Inf"},{"key":"119_CR52","doi-asserted-by":"crossref","unstructured":"Li W, Fu X, Cai H (2021) AndroCT: ten years of app call traces in android. In: 2021 IEEE\/ACM 18th international conference on mining software repositories (MSR). IEEE, pp 570\u2013574","DOI":"10.1109\/MSR52588.2021.00076"},{"key":"119_CR53","doi-asserted-by":"crossref","unstructured":"Lindorfer M, Neugschwandtner M, Platzer C (2015) MARVIN: efficient and comprehensive mobile app classification through static and dynamic analysis. In: 2015 IEEE 39th annual computer software and applications conference, vol.2. IEEE, pp 422\u2013433","DOI":"10.1109\/COMPSAC.2015.103"},{"key":"119_CR54","doi-asserted-by":"publisher","unstructured":"Liu X, Liu J (2014) A two-layered permission-based android malware detection scheme. In: 2014 2nd IEEE international conference on mobile cloud computing, services, and engineering, pp 142\u2013148. https:\/\/doi.org\/10.1109\/MobileCloud.2014.22","DOI":"10.1109\/MobileCloud.2014.22"},{"key":"119_CR55","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1016\/j.cose.2015.02.007","volume":"51","author":"D Maiorca","year":"2015","unstructured":"Maiorca D, Ariu D, Corona I, Aresu M, Giacinto G (2015) Stealth attacks: an extended insight into the obfuscation effects on android malware. Comput Secur 51:16\u201331","journal-title":"Comput Secur"},{"key":"119_CR56","unstructured":"Man Pages U (2021) Dexdump. http:\/\/manpages.ubuntu.com\/manpages\/bionic\/man1\/dexdump.1.html"},{"key":"119_CR57","unstructured":"Man Pages L (2021) Strace."},{"key":"119_CR58","unstructured":"McAfee (2021) Mobile threat report. https:\/\/www.mcafee.com\/content\/dam\/consumer\/en-us\/docs\/2020-Mobile-Threat-Report.pdf. Accessed 01 June 2021"},{"key":"119_CR59","doi-asserted-by":"crossref","unstructured":"McLaughlin N, Martinez\u00a0del Rincon J, Kang B, Yerima S, Miller P, Sezer S, Safaei Y, Trickel E, Zhao Z, Doup\u00e9 A et\u00a0al (2017) Deep android malware detection. In: Proceedings of the seventh ACM on conference on data and application security and privacy, pp 301\u2013308","DOI":"10.1145\/3029806.3029823"},{"issue":"1","key":"119_CR60","doi-asserted-by":"publisher","first-page":"217","DOI":"10.1007\/s13042-021-01393-7","volume":"13","author":"M Melis","year":"2022","unstructured":"Melis M, Scalas M, Demontis A, Maiorca D, Biggio B, Giacinto G, Roli F (2022) Do gradient-based explanations tell anything about adversarial robustness to android malware? Int J Mach Learn Cybernet 13(1):217\u2013232","journal-title":"Int J Mach Learn Cybernet"},{"key":"119_CR61","unstructured":"Microsoft (2021) Microsoft academic knowledge. https:\/\/www.microsoft.com\/en-us\/research\/project\/academic-knowledge\/"},{"key":"119_CR62","unstructured":"Mikolov T, Sutskever I, Chen K, Corrado G, Dean J (2013) Distributed representations of words and phrases and their compositionality. arXiv preprint arXiv:1310.4546"},{"key":"119_CR63","doi-asserted-by":"publisher","first-page":"266","DOI":"10.1016\/j.compeleceng.2017.02.013","volume":"61","author":"N Milosevic","year":"2017","unstructured":"Milosevic N, Dehghantanha A, Choo K-KR (2017) Machine learning aided android malware classification. Comput Electr Eng 61:266\u2013274. https:\/\/doi.org\/10.1016\/j.compeleceng.2017.02.013","journal-title":"Comput Electr Eng"},{"issue":"1","key":"119_CR64","doi-asserted-by":"publisher","first-page":"343","DOI":"10.1007\/s00500-014-1511-6","volume":"20","author":"FA Narudin","year":"2016","unstructured":"Narudin FA, Feizollah A, Anuar NB, Gani A (2016) Evaluation of machine learning classifiers for mobile malware detection. Soft Comput 20(1):343\u2013357","journal-title":"Soft Comput"},{"key":"119_CR65","unstructured":"Naway A, Li Y (2018) A review on the use of deep learning in android malware detection. arXiv preprint arXiv:1812.10360"},{"issue":"2","key":"119_CR66","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3313391","volume":"22","author":"L Onwuzurike","year":"2019","unstructured":"Onwuzurike L, Mariconti E, Andriotis P, Cristofaro ED, Ross G, Stringhini G (2019) MaMaDroid: detecting android malware by building Markov chains of behavioral models (extended version). ACM Trans Privacy Secur (TOPS) 22(2):1\u201334","journal-title":"ACM Trans Privacy Secur (TOPS)"},{"issue":"2","key":"119_CR67","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1145\/354876.354878","volume":"3","author":"S Osborn","year":"2000","unstructured":"Osborn S, Sandhu R, Munawer Q (2000) Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Trans Inf Syst Secur (TISSEC) 3(2):85\u2013106","journal-title":"ACM Trans Inf Syst Secur (TISSEC)"},{"issue":"4","key":"119_CR68","doi-asserted-by":"publisher","first-page":"240","DOI":"10.1080\/02564602.2015.1010611","volume":"32","author":"J Padmanabhan","year":"2015","unstructured":"Padmanabhan J, Johnson Premkumar MJ (2015) Machine learning in automatic speech recognition: a survey. IETE Tech Rev 32(4):240\u2013251","journal-title":"IETE Tech Rev"},{"issue":"10","key":"119_CR69","doi-asserted-by":"publisher","first-page":"1345","DOI":"10.1109\/TKDE.2009.191","volume":"22","author":"SJ Pan","year":"2009","unstructured":"Pan SJ, Yang Q (2009) A survey on transfer learning. IEEE Trans Knowl Data Eng 22(10):1345\u20131359","journal-title":"IEEE Trans Knowl Data Eng"},{"key":"119_CR70","doi-asserted-by":"publisher","unstructured":"Peiravian N, Zhu X (2013) Machine learning for android malware detection using permission and API calls. In: 2013 IEEE 25th international conference on tools with artificial intelligence, pp 300\u2013305. https:\/\/doi.org\/10.1109\/ICTAI.2013.53","DOI":"10.1109\/ICTAI.2013.53"},{"key":"119_CR71","unstructured":"Portal AD (2021a) Intents and intent filters. https:\/\/developer.android.com\/guide\/components\/intents-filters. Accessed 22 June 2021"},{"key":"119_CR72","unstructured":"Portal AD (2021b) Android asset packaging tool. https:\/\/developer.android.com\/studio\/command-line\/aapt2"},{"key":"119_CR73","unstructured":"Portal AD (2021c) Platform architecture. https:\/\/developer.android.com\/guide\/platform. Accessed 22 June 2021"},{"key":"119_CR74","unstructured":"Portal AD (2021d) Application fundamentals. https:\/\/developer.android.com\/guide\/components\/fundamentals. Accessed 22 June 2021"},{"key":"119_CR75","unstructured":"Project A (2021) Androguard. https:\/\/github.com\/androguard\/androguard"},{"key":"119_CR76","unstructured":"Project AOS (2021) Android architecture. https:\/\/source.android.com\/devices\/architecture. Accessed 22 June 2021"},{"key":"119_CR77","unstructured":"Project B (2021) Baksmali."},{"key":"119_CR78","unstructured":"Project D (2021a) DroidBox. https:\/\/github.com\/pjlantz\/droidbox. Accessed 02 June 2021"},{"key":"119_CR79","unstructured":"Project D (2021b) Dex2jar. https:\/\/github.com\/pxb1988\/dex2jar"},{"key":"119_CR80","unstructured":"Project P (2021a) Procyon. https:\/\/github.com\/ststeiger\/procyon"},{"key":"119_CR81","unstructured":"Project P (2021b) PScout. https:\/\/github.com\/zd2100\/PScout"},{"key":"119_CR82","unstructured":"Project S (2021) Soot framework. https:\/\/github.com\/soot-oss\/soot"},{"key":"119_CR83","doi-asserted-by":"publisher","first-page":"91686","DOI":"10.1109\/ACCESS.2021.3091427","volume":"9","author":"AD Raju","year":"2021","unstructured":"Raju AD, AbualHoal I, Salvador Giagone R, Zhou Y, Huang S (2021) A survey on cross-architectural IoT malware threat hunting. IEEE Access 9:91686\u201391709","journal-title":"IEEE Access"},{"key":"119_CR84","unstructured":"Ratazzi EP (2016) Understanding and improving security of the android operating system. Technical report, Syracuse University Syracuse United States"},{"issue":"4","key":"119_CR85","doi-asserted-by":"publisher","first-page":"867","DOI":"10.1007\/s10796-020-10083-8","volume":"23","author":"H Rathore","year":"2021","unstructured":"Rathore H, Sahay SK, Nikam P, Sewak M (2021) Robust android malware detection system against adversarial attacks using q-learning. Inf Syst Front 23(4):867\u2013882","journal-title":"Inf Syst Front"},{"key":"119_CR86","doi-asserted-by":"publisher","unstructured":"Sahs J, Khan L (2012) A machine learning approach to android malware detection. In: 2012 European intelligence and security informatics conference, pp 141\u2013147. https:\/\/doi.org\/10.1109\/EISIC.2012.34","DOI":"10.1109\/EISIC.2012.34"},{"issue":"9","key":"119_CR87","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1109\/35.312842","volume":"32","author":"RS Sandhu","year":"1994","unstructured":"Sandhu RS, Samarati P (1994) Access control: principle and practice. IEEE Commun Mag 32(9):40\u201348","journal-title":"IEEE Commun Mag"},{"key":"119_CR88","doi-asserted-by":"crossref","unstructured":"Sanz B, Santos I, Laorden C, Ugarte-Pedrero X, Bringas PG, \u00c1lvarez G (2013) PUMA: permission usage to detect malware in android. In: International joint conference CISIS\u201912-ICEUTE 12-SOCO 12 special sessions. Springer, pp 289\u2013298","DOI":"10.1007\/978-3-642-33018-6_30"},{"issue":"1","key":"119_CR89","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1109\/TDSC.2016.2536605","volume":"15","author":"A Saracino","year":"2018","unstructured":"Saracino A, Sgandurra D, Dini G, Martinelli F (2018) MADAM: effective and efficient behavior-based android malware detection and prevention. IEEE Trans Dependable Secure Comput 15(1):83\u201397. https:\/\/doi.org\/10.1109\/TDSC.2016.2536605","journal-title":"IEEE Trans Dependable Secure Comput"},{"key":"119_CR90","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cose.2014.02.009","volume":"43","author":"A Shabtai","year":"2014","unstructured":"Shabtai A, Tenenboim-Chekina L, Mimran D, Rokach L, Shapira B, Elovici Y (2014) Mobile malware detection through analysis of deviations in application network behavior. Comput Secur 43:1\u201318","journal-title":"Comput Secur"},{"issue":"1","key":"119_CR91","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s13673-017-0124-3","volume":"8","author":"A Souri","year":"2018","unstructured":"Souri A, Hosseini R (2018) A state-of-the-art survey of malware detection approaches using data mining techniques. Hum-Centric Comput Inf Sci 8(1):1\u201322","journal-title":"Hum-Centric Comput Inf Sci"},{"key":"119_CR92","unstructured":"StatCounter (2021) Mobile operating system market share worldwide. https:\/\/gs.statcounter.com\/os-market-share\/mobile\/worldwide. Accessed 01 June 2021"},{"key":"119_CR93","doi-asserted-by":"crossref","unstructured":"Suarez-Tangil G, Dash SK, Ahmadi M, Kinder J, Giacinto G, Cavallaro L (2017) DroidSieve: fast and accurate classification of obfuscated android malware. In: Proceedings of the seventh ACM on conference on data and application security and privacy, pp 309\u2013320","DOI":"10.1145\/3029806.3029825"},{"key":"119_CR94","doi-asserted-by":"publisher","first-page":"230","DOI":"10.1016\/j.future.2019.11.034","volume":"105","author":"R Taheri","year":"2020","unstructured":"Taheri R, Ghahramani M, Javidan R, Shojafar M, Pooranian Z, Conti M (2020) Similarity-based android malware detection using hamming distance of static binary features. Future Gener Comput Syst 105:230\u2013247","journal-title":"Future Gener Comput Syst"},{"key":"119_CR95","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.diin.2015.01.001","volume":"13","author":"KA Talha","year":"2015","unstructured":"Talha KA, Alper DI, Aydin C (2015) APK auditor: permission-based android malware detection system. Digit Investig 13:1\u201314. https:\/\/doi.org\/10.1016\/j.diin.2015.01.001","journal-title":"Digit Investig"},{"key":"119_CR96","unstructured":"Team S (2020) SELinux project. https:\/\/github.com\/SELinuxProject. Accessed 20 April 2020"},{"key":"119_CR97","unstructured":"Techotopia (2021) An overview of android architecture. https:\/\/www.techotopia.com\/index.php\/An_Overview_of_the_Android_Architecture. Accessed 22 June 2021"},{"key":"119_CR98","doi-asserted-by":"publisher","first-page":"22","DOI":"10.1016\/j.jpdc.2016.10.012","volume":"103","author":"F Tong","year":"2017","unstructured":"Tong F, Yan Z (2017) A hybrid approach of mobile malware detection in android. J Parallel Distrib Comput 103:22\u201331. https:\/\/doi.org\/10.1016\/j.jpdc.2016.10.012 (Special issue on scalable cyber-physical systems)","journal-title":"J Parallel Distrib Comput"},{"key":"119_CR99","doi-asserted-by":"publisher","first-page":"198","DOI":"10.1016\/j.knosys.2018.03.018","volume":"150","author":"JM Vidal","year":"2018","unstructured":"Vidal JM, Monge MAS, Villalba LJG (2018) A novel pattern recognition system for detecting android malware by analyzing suspicious boot sequences. Knowl-Based Syst 150:198\u2013217","journal-title":"Knowl-Based Syst"},{"key":"119_CR100","unstructured":"VirusShare (2021) VirusShare database. https:\/\/virusshare.com\/"},{"key":"119_CR101","unstructured":"VirusTotal (2021) VirusTotal website. https:\/\/www.virustotal.com\/"},{"issue":"11","key":"119_CR102","doi-asserted-by":"publisher","first-page":"1869","DOI":"10.1109\/TIFS.2014.2353996","volume":"9","author":"W Wang","year":"2014","unstructured":"Wang W, Wang X, Feng D, Liu J, Han Z, Zhang X (2014) Exploring permission-induced risk in android applications for malicious application detection. IEEE Trans Inf Forensics Secur 9(11):1869\u20131882. https:\/\/doi.org\/10.1109\/TIFS.2014.2353996","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"119_CR103","doi-asserted-by":"publisher","unstructured":"Wang Z, Cai J, Cheng S, Li W (2016) DroidDeepLearner: identifying android malware using deep learning. In: 2016 IEEE 37th Sarnoff symposium, pp 160\u2013165. https:\/\/doi.org\/10.1109\/SARNOF.2016.7846747","DOI":"10.1109\/SARNOF.2016.7846747"},{"key":"119_CR104","first-page":"21","volume":"16","author":"MY Wong","year":"2016","unstructured":"Wong MY, Lie D (2016) Intellidroid: a targeted input generator for the dynamic analysis of android malware. NDSS 16:21\u201324","journal-title":"NDSS"},{"key":"119_CR105","doi-asserted-by":"publisher","unstructured":"Wu D-J, Mao C-H, Wei T-E, Lee H-M, Wu K-P (2012) DroidMat: android malware detection through manifest and API calls tracing. In: 2012 seventh Asia joint conference on information security, pp 62\u201369 . https:\/\/doi.org\/10.1109\/AsiaJCIS.2012.18","DOI":"10.1109\/AsiaJCIS.2012.18"},{"key":"119_CR106","doi-asserted-by":"crossref","unstructured":"Wu W-C, Hung S-H (2014) DroidDolphin: a dynamic android malware detection framework using big data and machine learning. In: Proceedings of the 2014 conference on research in adaptive and convergent systems, pp 247\u2013252","DOI":"10.1145\/2663761.2664223"},{"key":"119_CR107","doi-asserted-by":"publisher","first-page":"35365","DOI":"10.1109\/ACCESS.2018.2836950","volume":"6","author":"Y Xin","year":"2018","unstructured":"Xin Y, Kong L, Liu Z, Chen Y, Li Y, Zhu H, Gao M, Hou H, Wang C (2018) Machine learning and deep learning methods for cybersecurity. IEEE Access 6:35365\u201335381","journal-title":"IEEE Access"},{"key":"119_CR108","doi-asserted-by":"publisher","unstructured":"Xu K, Li Y, Deng RH, Chen K (2018) DeepRefiner: multi-layer android malware detection system applying deep neural networks. In: 2018 IEEE European symposium on security and privacy (EuroS P), pp 473\u2013487 . https:\/\/doi.org\/10.1109\/EuroSP.2018.00040","DOI":"10.1109\/EuroSP.2018.00040"},{"issue":"3","key":"119_CR109","doi-asserted-by":"publisher","first-page":"891","DOI":"10.1007\/s11219-017-9368-4","volume":"26","author":"P Yan","year":"2018","unstructured":"Yan P, Yan Z (2018) A survey on dynamic mobile malware detection. Softw Qual J 26(3):891\u2013919","journal-title":"Softw Qual J"},{"key":"119_CR110","doi-asserted-by":"crossref","unstructured":"Yang C, Xu Z, Gu G, Yegneswaran V, Porras P (2014) DroidMiner: automated mining and characterization of fine-grained malicious behaviors in android applications. In: European symposium on research in computer security. Springer, pp 163\u2013182","DOI":"10.1007\/978-3-319-11203-9_10"},{"issue":"3","key":"119_CR111","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3073559","volume":"50","author":"Y Ye","year":"2017","unstructured":"Ye Y, Li T, Adjeroh D, Iyengar SS (2017) A survey on malware detection using data mining techniques. ACM Comput Surv 50(3):1\u201340. https:\/\/doi.org\/10.1145\/3073559","journal-title":"ACM Comput Surv"},{"key":"119_CR112","doi-asserted-by":"publisher","unstructured":"Yerima SY, Sezer S, McWilliams G, Muttik I (2013) A new android malware detection approach using Bayesian classification. In: 2013 IEEE 27th international conference on advanced information networking and applications (AINA), pp 121\u2013128. https:\/\/doi.org\/10.1109\/AINA.2013.88","DOI":"10.1109\/AINA.2013.88"},{"key":"119_CR113","doi-asserted-by":"publisher","unstructured":"Yerima SY, Sezer S, Muttik I (2014) Android malware detection using parallel machine learning classifiers. In: 2014 eighth international conference on next generation mobile apps, services and technologies, pp 37\u201342. https:\/\/doi.org\/10.1109\/NGMAST.2014.23","DOI":"10.1109\/NGMAST.2014.23"},{"issue":"6","key":"119_CR114","doi-asserted-by":"publisher","first-page":"313","DOI":"10.1049\/iet-ifs.2014.0099","volume":"9","author":"SY Yerima","year":"2015","unstructured":"Yerima SY, Sezer S, Muttik I (2015) High accuracy android malware detection using ensemble learning. IET Inf Secur 9(6):313\u2013320. https:\/\/doi.org\/10.1049\/iet-ifs.2014.0099","journal-title":"IET Inf Secur"},{"issue":"1","key":"119_CR115","doi-asserted-by":"publisher","first-page":"114","DOI":"10.1109\/TST.2016.7399288","volume":"21","author":"Z Yuan","year":"2016","unstructured":"Yuan Z, Lu Y, Xue Y (2016) Droiddetector: android malware characterization and detection using deep learning. Tsinghua Sci Technol 21(1):114\u2013123. https:\/\/doi.org\/10.1109\/TST.2016.7399288","journal-title":"Tsinghua Sci Technol"},{"key":"119_CR116","doi-asserted-by":"crossref","unstructured":"Yuan Z, Lu Y, Wang Z, Xue Y (2014) Droid-Sec: deep learning in android malware detection. In: Proceedings of the 2014 ACM conference on SIGCOMM, pp 371\u2013372","DOI":"10.1145\/2619239.2631434"},{"issue":"3","key":"119_CR117","first-page":"228","volume":"2","author":"WZ Zarni Aung","year":"2013","unstructured":"Zarni Aung WZ (2013) Permission-based android malware detection. Int J Sci Technol Res 2(3):228\u2013234","journal-title":"Int J Sci Technol Res"},{"key":"119_CR118","unstructured":"ZDNet (2021) Malicious apps on google play dropped banking trojans on user devices. https:\/\/www.zdnet.com\/article\/malicious-apps-on-google-play-dropped-banking-trojans-on-user-devices\/. Accessed 13 July 2021"},{"key":"119_CR119","doi-asserted-by":"crossref","unstructured":"Zhang M, Duan Y, Yin H, Zhao Z (2014) Semantics-aware android malware classification using weighted contextual API dependency graphs. In: Proceedings of the 2014 ACM SIGSAC conference on computer and communications security, pp 1105\u20131116","DOI":"10.1145\/2660267.2660359"},{"key":"119_CR120","doi-asserted-by":"crossref","unstructured":"Zhang Y, Yang Y, Wang X (2018) A novel android malware detection approach based on convolutional neural network. In: Proceedings of the 2nd international conference on cryptography, security and privacy, pp 144\u2013149","DOI":"10.1145\/3199478.3199492"},{"key":"119_CR121","doi-asserted-by":"publisher","unstructured":"Zhou Y, Jiang X (2012) Dissecting android malware: characterization and evolution. In: 2012 IEEE symposium on security and privacy, pp 95\u2013109. https:\/\/doi.org\/10.1109\/SP.2012.16","DOI":"10.1109\/SP.2012.16"},{"key":"119_CR122","doi-asserted-by":"publisher","first-page":"638","DOI":"10.1016\/j.neucom.2017.07.030","volume":"272","author":"H-J Zhu","year":"2018","unstructured":"Zhu H-J, You Z-H, Zhu Z-X, Shi W-L, Chen X, Cheng L (2018) DroidDet: effective and robust detection of android malware using static analysis along with rotation forest model. Neurocomputing 272:638\u2013646. https:\/\/doi.org\/10.1016\/j.neucom.2017.07.030","journal-title":"Neurocomputing"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-022-00119-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-022-00119-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-022-00119-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,2]],"date-time":"2022-08-02T01:06:49Z","timestamp":1659402409000},"score":1,"resource":{"primary":{"URL":"https:\/\/cybersecurity.springeropen.com\/articles\/10.1186\/s42400-022-00119-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,8,2]]},"references-count":122,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2022,12]]}},"alternative-id":["119"],"URL":"https:\/\/doi.org\/10.1186\/s42400-022-00119-8","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,8,2]]},"assertion":[{"value":"24 November 2021","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"2 March 2022","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"2 August 2022","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"16"}}