{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,7]],"date-time":"2026-03-07T01:34:30Z","timestamp":1772847270776,"version":"3.50.1"},"reference-count":45,"publisher":"Institute of Electronics, Information and Communications Engineers (IEICE)","issue":"2","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEICE Trans. Inf. & Syst."],"published-print":{"date-parts":[[2020,2,1]]},"DOI":"10.1587\/transinf.2019ini0003","type":"journal-article","created":{"date-parts":[[2020,1,31]],"date-time":"2020-01-31T22:09:58Z","timestamp":1580508598000},"page":"204-211","source":"Crossref","is-referenced-by-count":56,"title":["A Survey on Mobile Malware Detection Techniques"],"prefix":"10.1587","volume":"E103.D","author":[{"given":"Vasileios","family":"KOULIARIDIS","sequence":"first","affiliation":[{"name":"Department of Information & Communication Systems Engineering, University of Aegean"}]},{"given":"Konstantia","family":"BARMPATSALOU","sequence":"additional","affiliation":[{"name":"Centre for Informatics and Systems of the University of Coimbra"}]},{"given":"Georgios","family":"KAMBOURAKIS","sequence":"additional","affiliation":[{"name":"European Commission, Joint Research Centre (JRC)"}]},{"given":"Shuhong","family":"CHEN","sequence":"additional","affiliation":[{"name":"Guangzhou University"}]}],"member":"532","reference":[{"key":"1","doi-asserted-by":"publisher","unstructured":"[1] S. Peng, Min Wu, G. Wang, S. Yu, \u201cPropagation Model of Smartphone Worms Based on Semi-Markov Process and Social Relationship Graph,\u201d Comput. Secur., vol.44, pp.92-103, 2014. 10.1016\/j.cose.2014.04.006","DOI":"10.1016\/j.cose.2014.04.006"},{"key":"2","unstructured":"[2] McAfee, \u201cMobile Threat Report,\u201d https:\/\/www.mcafee.com\/enterprise\/en-us\/assets\/reports\/rp-mobile-threat-report-2018.pdf, accessed May 10 2018."},{"key":"3","unstructured":"[3] Symantec, \u201cMotivations of Recent Android Malware,\u201d http:\/\/www.symantec.com\/content\/en\/us\/enterprise\/media\/security_response\/whitepapers\/motivations_of_recent_android_malware.pdf, accessed Dec. 10 2018."},{"key":"4","doi-asserted-by":"publisher","unstructured":"[4] P. Yan, Z. Yan, \u201cA survey on dynamic mobile malware detection,\u201d Softw. Qual. J., vol.26, no.3, pp.891-919, 2018. 10.1007\/s11219-017-9368-4","DOI":"10.1007\/s11219-017-9368-4"},{"key":"5","doi-asserted-by":"publisher","unstructured":"[5] M. La Polla, F. Martinelli, and D. Sgandurra, \u201cA Survey on Security for Mobile Devices,\u201d IEEE Commun. Surv. Tutorials, vol.15, no.1, pp.446-471, 2013. 10.1109\/surv.2012.013012.00028","DOI":"10.1109\/SURV.2012.013012.00028"},{"key":"6","doi-asserted-by":"publisher","unstructured":"[6] E. Gandotra, D. Bansal, S. Sofat, \u201cMalware Analysis and Classification: A Survey,\u201d Journal of Information Security, vol.5, no.2, pp.56-64, 2014. 10.4236\/jis.2014.52006","DOI":"10.4236\/jis.2014.52006"},{"key":"7","doi-asserted-by":"publisher","unstructured":"[4] P. Yan, Z. Yan, \u201cA survey on dynamic mobile malware detection,\u201d Softw. Qual. J., vol.26, no.3, pp.891-919, 2018. 10.1007\/s11219-017-9368-4","DOI":"10.1007\/s11219-017-9368-4"},{"key":"8","doi-asserted-by":"publisher","unstructured":"[8] S. Peng, Min Wu, G. Wang, S. Yu, \u201cModeling the dynamics of worm propagation using two-dimensional cellular automata in smartphones,\u201d J. Comput. Syst. Sci., vol.79, no.5, pp.586-595, 2013. 10.1016\/j.jcss.2012.11.007","DOI":"10.1016\/j.jcss.2012.11.007"},{"key":"9","doi-asserted-by":"publisher","unstructured":"[9] M. Anagnostopoulos, G. Kambourakis, and S. Gritzalis, \u201cNew facets of mobile botnet: architecture and evaluation,\u201d Int. J. Inf. Secur., vol.15, no.5, pp.455-473, 2016. 10.1007\/s10207-015-0310-0","DOI":"10.1007\/s10207-015-0310-0"},{"key":"10","doi-asserted-by":"publisher","unstructured":"[10] S. Yu, G. Wang, and W. Zhou, \u201cModeling malicious activities in cyber space,\u201d IEEE Netw., vol.29, no.6, pp.83-87, 2015. 10.1109\/mnet.2015.7340429","DOI":"10.1109\/MNET.2015.7340429"},{"key":"11","unstructured":"[11] thehackernews.com, \u201cBankBot Returns On Play Store-A Never Ending Android Malware Story,\u201d https:\/\/thehackernews.com\/2017\/11\/bankbot-android-malware.html, accessed July 9 2018."},{"key":"12","unstructured":"[12] Kaspersky, \u201cHidden miners on Google Play,\u201d https:\/\/www.kaspersky.com\/blog\/google-play-hidden-miners\/21882\/, accessed July 9 2018."},{"key":"13","unstructured":"[13] securelist.com, \u201cMobile malware evolution 2017,\u201d https:\/\/securelist.com\/mobile-malware-review-2017\/84139\/, accessed July 9 2018."},{"key":"14","doi-asserted-by":"crossref","unstructured":"[14] A. Amamra, C. Talhi, and J.-M. Robert, \u201cSmartphone malware detection: From a survey towards taxonomy,\u201d 2012 7th International Conference on Malicious and Unwanted Software, pp.79-86, 2012. 10.1109\/malware.2012.6461012","DOI":"10.1109\/MALWARE.2012.6461012"},{"key":"15","doi-asserted-by":"crossref","unstructured":"[15] W. Enck, M. Ongtang, P. McDaniel, \u201cOn lightweight mobile phone application certification,\u201d Proc. 16th ACM conference on Computer and communications security-CCS '09, pp.235-245, 2009. 10.1145\/1653662.1653691","DOI":"10.1145\/1653662.1653691"},{"key":"16","doi-asserted-by":"crossref","unstructured":"[16] C.-M. Chen, G.-H. Lai, and J.-M. Lin, \u201cIdentifying Threat Patterns of Android Applications,\u201d AsiaJCIS, pp.69-74, 2017. 10.1109\/asiajcis.2017.23","DOI":"10.1109\/AsiaJCIS.2017.23"},{"key":"17","doi-asserted-by":"crossref","unstructured":"[17] D. Papamartzivanos, D. Damopoulos, and G. Kambourakis, \u201cA Cloud-based Architecture to Crowdsource Mobile App Privacy Leaks,\u201d Proc. 18th Panhellenic Conference on Informatics-PCI '14, pp.1-6, 2014. 10.1145\/2645791.2645799","DOI":"10.1145\/2645791.2645799"},{"key":"18","unstructured":"[18] D.-J. Wu, C.-H. Mao, T.-E. Wei, H.-M. Lee, and K.-P. Wu, \u201cDroidMat: Android Malware Detection through Manifest and API Calls Tracing,\u201d AsiaJCIS, pp.62-69, 2012. 10.1109\/asiajcis.2012.18"},{"key":"19","doi-asserted-by":"crossref","unstructured":"[19] B. Sanz, I. Santos, C. Laorden, X. Ugarte-Pedrero, P.G. Bringas, and G. \u00c1lvarez, \u201cPUMA: Permission Usage to Detect Malware in Android,\u201d Advances in Intelligent Systems and Computing, vol.189, pp.289-298, Jan. 2013. 10.1007\/978-3-642-33018-6_30","DOI":"10.1007\/978-3-642-33018-6_30"},{"key":"20","doi-asserted-by":"crossref","unstructured":"[20] N. Peiravian and X. Zhu, \u201cMachine Learning for Android Malware Detection Using Permission and API Calls,\u201d 2013 IEEE 25th International Conference on Tools with Artificial Intelligence, pp.300-305, 2013. 10.1109\/ictai.2013.53","DOI":"10.1109\/ICTAI.2013.53"},{"key":"21","doi-asserted-by":"crossref","unstructured":"[21] S. Chakradeo, B. Reaves, P. Traynor, and W. Enck, \u201cMAST: Triage for market-scale mobile malware analysis,\u201d WiSec 2013-Proc. 6th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 2013. 10.1145\/2462096.2462100","DOI":"10.1145\/2462096.2462100"},{"key":"22","doi-asserted-by":"crossref","unstructured":"[22] S. Liang and X. Du, \u201cPermission-combination-based scheme for Android mobile malware detection,\u201d 2014 IEEE International Conference on Communications (ICC), pp.2301-2306, 2014. 10.1109\/icc.2014.6883666","DOI":"10.1109\/ICC.2014.6883666"},{"key":"23","doi-asserted-by":"crossref","unstructured":"[23] G. Canfora, F. Mercaldo, and C.A. Visaggio, \u201cMobile malware detection using op-code frequency histograms,\u201d Proc. 12th International Conference on Security and Cryptography, pp.27-38, 2015. 10.5220\/0005537800270038","DOI":"10.5220\/0005537800270038"},{"key":"24","doi-asserted-by":"crossref","unstructured":"[24] M. Yusof, M.M. Saudi, and F. Ridzuan, \u201cA new mobile botnet classification based on permission and API calls,\u201d 2017 Seventh International Conference on Emerging Security Technologies (EST), pp.122-127, 2017. 10.1109\/est.2017.8090410","DOI":"10.1109\/EST.2017.8090410"},{"key":"25","unstructured":"[25] Google, \u201cGoogle play,\u201d https:\/\/play.google.com\/store\/apps, accessed June 6 2018."},{"key":"26","doi-asserted-by":"publisher","unstructured":"[26] J. Li, L. Sun, Q. Yan, Z. Li, W. Srisa-an, and H. Ye, \u201cSignificant Permission Identification for Machine-Learning-Based Android Malware Detection,\u201d IEEE Trans. Ind. Inf., vol.14, no.7, pp.3216-3225, 2018. 10.1109\/tii.2017.2789219","DOI":"10.1109\/TII.2017.2789219"},{"key":"27","doi-asserted-by":"publisher","unstructured":"[27] G. Tao, Z. Zheng, Z. Guo, and M.R. Lyu, \u201cMalPat: Mining Patterns of Malicious and Benign Android Apps via Permission-Related APIs,\u201d IEEE Trans. Rel., vol.67, no.1, pp.355-369, Mar. 2018. 10.1109\/tr.2017.2778147","DOI":"10.1109\/TR.2017.2778147"},{"key":"28","doi-asserted-by":"crossref","unstructured":"[28] F. Shen, J.D. Vecchio, A. Mohaisen, S.Y. Ko, and L. Ziarek, \u201cAndroid Malware Detection using Complex-Flows,\u201d 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), pp.2430-2437, 2017. 10.1109\/icdcs.2017.190","DOI":"10.1109\/ICDCS.2017.190"},{"key":"29","doi-asserted-by":"publisher","unstructured":"[29] A. Shabtai, L. Tenenboim-Chekina, D. Mimran, L. Rokach, B. Shapira, and Y. Elovici, \u201cMobile Malware Detection through Analysis of Deviations in Application Network Behavior,\u201d Comput. Secur., vol.43, pp.1-18, 2014. 10.1016\/j.cose.2014.02.009","DOI":"10.1016\/j.cose.2014.02.009"},{"key":"30","doi-asserted-by":"publisher","unstructured":"[30] D. Damopoulos, G. Kambourakis, S. Gritzalis, and S.O. Park, \u201cExposing mobile malware from the inside (or what is your mobile app really doing?),\u201d Peer-to-Peer Netw. Appl., vol.7, no.4, pp.687-697, Dec. 2014. 10.1007\/s12083-012-0179-x","DOI":"10.1007\/s12083-012-0179-x"},{"key":"31","doi-asserted-by":"crossref","unstructured":"[31] D. Damopoulos, G. Kambourakis, and G. Portokalidis, \u201cThe Best of Both Worlds: A Framework for the Synergistic Operation of Host and Cloud Anomaly-based IDS for Smartphones,\u201d Proc. 7th European Workshop on System Security-EuroSec '14, pp.1-6, 2014. 10.1145\/2592791.2592797","DOI":"10.1145\/2592791.2592797"},{"key":"32","doi-asserted-by":"publisher","unstructured":"[32] J.-W. Jang, H. Kang, J. Woo, A. Mohaisen, and H.K. Kim, \u201cAndro-AutoPsy: Anti-malware system based on similarity matching of malware and malware creator-centric information,\u201d Digital Investigation, vol.14, pp.17-35, Sept. 2015. 10.1016\/j.diin.2015.06.002","DOI":"10.1016\/j.diin.2015.06.002"},{"key":"33","doi-asserted-by":"publisher","unstructured":"[33] Z. Chen, Q. Yan, H. Han, S. Wang, L. Peng, L. Wang, and B. Yang, \u201cMachine learning based mobile malware detection using highly imbalanced network traffic,\u201d Inform. Sciences., vol.433-434, pp.346-364, 2018. 10.1016\/j.ins.2017.04.044","DOI":"10.1016\/j.ins.2017.04.044"},{"key":"34","doi-asserted-by":"crossref","unstructured":"[34] V. Kouliaridis, K. Barmpatsalou, G. Kambourakis, and G. Wang,\u201cMal-Warehouse: A Data Collection-as-a-Service of Mobile Malware Behavioral Patterns,\u201d 2018 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation(SmartWorld\/SCALCOM\/UIC\/ATC\/CBDCom\/IOP\/SCI), pp.1503-1508, 2018. 10.1109\/smartworld.2018.00260","DOI":"10.1109\/SmartWorld.2018.00260"},{"key":"35","doi-asserted-by":"publisher","unstructured":"[35] S. Wang, Z. Chen, Q. Yan, B. Yang, L. Peng, Z. Jia, \u201cA mobile malware detection method using behavior features in network traffic,\u201d J. Netw. Comput. Appl., vol.133, pp.15-25, 2019. 10.1016\/j.jnca.2018.12.014","DOI":"10.1016\/j.jnca.2018.12.014"},{"key":"36","doi-asserted-by":"publisher","unstructured":"[36] H. Zhang, K.D. Pham, Y. Cole, L. Ge, S. Wei, W. Yu, C. Lu, G. Chen, D. Shen, and E. Blasch, \u201cScanMe mobile: a cloud-based Android malware analysis service,\u201d ACM SIGAPP Applied Computing Review, vol.16, no.1, pp.36-49, 2016. 10.1145\/2924715.2924719","DOI":"10.1145\/2924715.2924719"},{"key":"37","doi-asserted-by":"publisher","unstructured":"[37] S. Alam, Z. Qu, R. Riley, Y. Chen, and V. Rastogi, \u201cDroidNative: Automating and optimizing detection of Android native code malware variants,\u201d Comput. Secur., vol.65, pp.230-246, 2017. 10.1016\/j.cose.2016.11.011","DOI":"10.1016\/j.cose.2016.11.011"},{"key":"38","unstructured":"[38] Android, \u201cAndroid Runtime,\u201d https:\/\/source.android.com\/devices\/ tech\/dalvik, accessed Oct 18 2018."},{"key":"39","doi-asserted-by":"publisher","unstructured":"[39] F. Tong and Z. Yan, \u201cA Hybrid Approach of Mobile Malware Detection in Android,\u201d J. Parallel. Distr. Com., vol.103, pp.22-31, 2017. 10.1016\/j.jpdc.2016.10.012","DOI":"10.1016\/j.jpdc.2016.10.012"},{"key":"40","unstructured":"[40] C. Miller, D. Blazakis, D. Daizovi, S. Esser, V. Lozzo, and R.-P. Weinmann, iOS Hackers Handbook, John Wiley & Sons, Indianapolis, 2012."},{"key":"41","doi-asserted-by":"crossref","unstructured":"[41] T. Petsas, G. Voyatzis, E. Athanasopoulos, M. Polychronakis, and S. Ioannidis, \u201cRage Against the Virtual Machine: Hindering Dynamic Analysis of Android Malware,\u201d Proc. 7th European Workshop on System Security-EuroSec '14, pp.1-6, 2014. 10.1145\/2592791.2592796","DOI":"10.1145\/2592791.2592796"},{"key":"42","doi-asserted-by":"publisher","unstructured":"[42] Q. Zhou, F. Feng, Z. Shen, R. Zhou, M.-Y. Hsieh, and K.-C. Li, \u201cA novel approach for mobile malware classification and detection in Android systems,\u201d Multimed. Tools. Appl., vol.78, no.3, pp.3529-3552, 2019. 10.1007\/s11042-018-6498-z","DOI":"10.1007\/s11042-018-6498-z"},{"key":"43","doi-asserted-by":"publisher","unstructured":"[43] S. Sharmeen, S. Huda, J.H. Abawajy, W.N. Ismail, and M.M. Hassan, \u201cMalware Threats and Detection for Industrial Mobile-IoT Networks,\u201d IEEE Access, vol.6, pp.15941-15957, 2018. 10.1109\/access.2018.2815660","DOI":"10.1109\/ACCESS.2018.2815660"},{"key":"44","doi-asserted-by":"publisher","unstructured":"[44] S. Arshad, M.A. Shah, A. Wahid, A. Mehmood, H. Song, and H. Yu, \u201cSAMADroid: A Novel 3-Level Hybrid Malware Detection Model for Android Operating System,\u201d IEEE Access, vol.6, pp.4321-4339, 2018. 10.1109\/access.2018.2792941","DOI":"10.1109\/ACCESS.2018.2792941"},{"key":"45","doi-asserted-by":"publisher","unstructured":"[45] A. Damodaran, F.D. Troia, C.A. Visaggio, T.H. Austin, and M. Stamp, \u201cA comparison of static, dynamic, and hybrid analysis for malware detection,\u201d J. Computer Virology and Hacking Techniques, vol.13, no.1, pp.1-12, 2017. 10.1007\/s11416-015-0261-z","DOI":"10.1007\/s11416-015-0261-z"}],"container-title":["IEICE Transactions on Information and Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.jstage.jst.go.jp\/article\/transinf\/E103.D\/2\/E103.D_2019INI0003\/_pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,2,1]],"date-time":"2020-02-01T03:27:09Z","timestamp":1580527629000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.jstage.jst.go.jp\/article\/transinf\/E103.D\/2\/E103.D_2019INI0003\/_article"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,2,1]]},"references-count":45,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2020]]}},"URL":"https:\/\/doi.org\/10.1587\/transinf.2019ini0003","relation":{},"ISSN":["0916-8532","1745-1361"],"issn-type":[{"value":"0916-8532","type":"print"},{"value":"1745-1361","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,2,1]]}}}