{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,7]],"date-time":"2026-02-07T12:12:45Z","timestamp":1770466365576,"version":"3.49.0"},"reference-count":162,"publisher":"PeerJ","license":[{"start":{"date-parts":[[2026,2,6]],"date-time":"2026-02-06T00:00:00Z","timestamp":1770336000000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Ministry of Higher Education Malaysia and Universiti Tenaga Nasional (UNITEN), Transdisciplinary Research Grant Scheme","award":["TRGS\/1\/2020\/UNITEN\/01\/1\/2"],"award-info":[{"award-number":["TRGS\/1\/2020\/UNITEN\/01\/1\/2"]}]},{"DOI":"10.13039\/501100006013","name":"United Arab Emirates University","doi-asserted-by":"crossref","award":["12R316"],"award-info":[{"award-number":["12R316"]}],"id":[{"id":"10.13039\/501100006013","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"abstract":"<jats:p>The increasing prevalence of malicious applications targeting the Android operating system has intensified security challenges in recent years. As Android\u2019s popularity continues to grow, it not only attracts users but also becomes a prime target for cybercriminals, underscoring the critical need for robust defenses against advanced Android malware. This survey manuscript is intended for a multidisciplinary field to evaluate and analyse the Android malware trend, behaviors, taxonomies, and future direction. This survey presents a comprehensive review of study trends, examines Android malware behaviors over time, and analyzes their patterns across platforms, families, and regions. Additionally, it evaluates existing Android malware taxonomies and identifies key gaps. To address these gaps, we propose an enhanced taxonomy tailored to advanced Android malware. The study concludes with actionable recommendations for future research, aimed at assisting users and industry professionals in mitigating the evolving risks posed by sophisticated Android malware attacks.<\/jats:p>","DOI":"10.7717\/peerj-cs.3312","type":"journal-article","created":{"date-parts":[[2026,2,6]],"date-time":"2026-02-06T08:00:28Z","timestamp":1770364828000},"page":"e3312","source":"Crossref","is-referenced-by-count":0,"title":["A comprehensive review of Android malware: trends, behaviors, taxonomies, and future direction"],"prefix":"10.7717","volume":"12","author":[{"given":"Collins Uchenna","family":"Chimeleze","sequence":"first","affiliation":[{"name":"Institute of Informatics and Computing in Energy, Universiti Tenaga Nasional, Kajang, Selangor, Malaysia"}]},{"given":"Mohammed A.","family":"Al-Sharafi","sequence":"additional","affiliation":[{"name":"King Fahad University of Petroleum and Minerals, Interdisciplinary Research Center for Finance and Digital Economy, KFUPM Business School, Dhahran, Saudi Arabia"}]},{"given":"Norziana","family":"Jamil","sequence":"additional","affiliation":[{"name":"Department of Information Systems and Security, College of IT, United Arab Emirates University, Al Ain, Abu Dhabi, United Arab Emirates"}]}],"member":"4443","published-online":{"date-parts":[[2026,2,6]]},"reference":[{"issue":"4","key":"10.7717\/peerj-cs.3312\/ref-1","doi-asserted-by":"publisher","first-page":"1374","DOI":"10.3390\/s21041374","article-title":"Feature subset selection for malware detection in smart IoT platforms","volume":"21","author":"Abawajy","year":"2021","journal-title":"Sensors"},{"issue":"8","key":"10.7717\/peerj-cs.3312\/ref-2","doi-asserted-by":"publisher","first-page":"7164","DOI":"10.1109\/jiot.2022.3229005","article-title":"Efficient and lightweight convolutional networks for IoT malware detection: a federated learning approach","volume":"10","author":"Abdel-Basset","year":"2023","journal-title":"IEEE Internet of Things Journal"},{"issue":"3","key":"10.7717\/peerj-cs.3312\/ref-3","doi-asserted-by":"publisher","first-page":"1","DOI":"10.13052\/2245-1439.732","article-title":"Understanding Android financial malware attacks: taxonomy, characterization, and challenges","volume":"7","author":"Abdul Kadir","year":"2018","journal-title":"Journal of Cyber Security and Mobility"},{"key":"10.7717\/peerj-cs.3312\/ref-4","doi-asserted-by":"publisher","first-page":"465","DOI":"10.1016\/j.procs.2016.04.210","article-title":"An Android-based trojan spyware to study the NotificationListener service vulnerability","volume":"83","author":"Abualola","year":"2016","journal-title":"Procedia Computer Science"},{"issue":"6","key":"10.7717\/peerj-cs.3312\/ref-5","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3365001","article-title":"Malware dynamic analysis evasion techniques: a survey","volume":"52","author":"Afianian","year":"2019","journal-title":"ACM Computing Surveys"},{"key":"10.7717\/peerj-cs.3312\/ref-6","doi-asserted-by":"publisher","DOI":"10.1109\/icic53490.2021.9693035","article-title":"A systematic literature review: usage of logistic regression for malware detection","author":"Akram","year":"2021"},{"key":"10.7717\/peerj-cs.3312\/ref-7","doi-asserted-by":"publisher","DOI":"10.1109\/ICCR61006.2024.10532846","article-title":"Malware threats targeting cryptocurrency: a comparative study","author":"Alauthman","year":"2024"},{"issue":"2","key":"10.7717\/peerj-cs.3312\/ref-8","doi-asserted-by":"publisher","first-page":"103014","DOI":"10.1016\/j.cose.2022.103014","article-title":"A cascaded federated deep learning-based framework for detecting wormhole attacks in IoT networks","volume":"125","author":"Alghamdi","year":"2023","journal-title":"Computers & Security"},{"key":"10.7717\/peerj-cs.3312\/ref-9","doi-asserted-by":"publisher","first-page":"161417\u2013161439","DOI":"10.1109\/ACCESS.2024.3488192","article-title":"A holistic intelligent cryptojacking malware detection system","volume":"12","author":"Almurshid","year":"2024","journal-title":"IEEE Access"},{"key":"10.7717\/peerj-cs.3312\/ref-10","doi-asserted-by":"publisher","first-page":"14027","DOI":"10.1038\/s41598-025-98596-7","article-title":"BERT ensemble based MBR framework for Android malware detection","volume":"15","author":"Alsubaei","year":"2025","journal-title":"Scientific Reports"},{"issue":"6","key":"10.7717\/peerj-cs.3312\/ref-11","doi-asserted-by":"publisher","first-page":"942","DOI":"10.3390\/electronics9060942","article-title":"Android malware family classification and analysis: current status and future directions","volume":"9","author":"Alswaina","year":"2020","journal-title":"Electronics"},{"issue":"12","key":"10.7717\/peerj-cs.3312\/ref-12","doi-asserted-by":"publisher","first-page":"4147","DOI":"10.1007\/s00521-016-2708-7","article-title":"An improved Android malware detection scheme based on an evolving hybrid neuro-fuzzy classifier (EHNFC) and permission-based features","volume":"28","author":"Altaher","year":"2016","journal-title":"Neural Computing and Applications"},{"key":"10.7717\/peerj-cs.3312\/ref-13","doi-asserted-by":"crossref","first-page":"55","DOI":"10.1016\/B978-0-12-821599-9.00003-0","article-title":"Cyber security in mobile social networks","volume-title":"Security in IoT Social Networks","author":"Al-Turjman","year":"2021"},{"key":"10.7717\/peerj-cs.3312\/ref-14","doi-asserted-by":"publisher","first-page":"101398","DOI":"10.1016\/j.iot.2024.101398","article-title":"Securing constrained IoT systems: a lightweight machine learning approach for anomaly detection and prevention","volume":"28","author":"Alwaisi","year":"2024","journal-title":"Internet of Things"},{"key":"10.7717\/peerj-cs.3312\/ref-15","doi-asserted-by":"publisher","first-page":"189","DOI":"10.1016\/b978-0-12-800744-0.00012-9","article-title":"Application security","volume-title":"The Basics of Information Security","author":"Andress","year":"2014"},{"issue":"1","key":"10.7717\/peerj-cs.3312\/ref-16","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1016\/s1361-3723(13)70004-6","article-title":"Windows RT jailbroken","volume":"2013","author":"Anonymous","year":"2013","journal-title":"Computer Fraud & Security"},{"issue":"6","key":"10.7717\/peerj-cs.3312\/ref-17","doi-asserted-by":"publisher","first-page":"1333","DOI":"10.3390\/electronics12061333","article-title":"A comprehensive review of cyber security vulnerabilities, threats, attacks, and solutions","volume":"12","author":"Aslan","year":"2023","journal-title":"Electronics"},{"key":"10.7717\/peerj-cs.3312\/ref-18","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/icomet48670.2020.9073872","article-title":"Effects of code cloning in mobile applications","author":"Azeem","year":"2020"},{"issue":"2\u20134","key":"10.7717\/peerj-cs.3312\/ref-19","doi-asserted-by":"publisher","first-page":"108804","DOI":"10.1016\/j.compeleceng.2023.108804","article-title":"Droidencoder: malware detection using auto-encoder based feature extractor and machine learning algorithms","volume":"110","author":"Bak\u0131r","year":"2023","journal-title":"Computers and Electrical Engineering"},{"issue":"9","key":"10.7717\/peerj-cs.3312\/ref-20","doi-asserted-by":"publisher","first-page":"998","DOI":"10.1007\/s42452-019-1124-x","article-title":"The Android malware detection systems between hope and reality","volume":"1","author":"Bakour","year":"2019","journal-title":"SN Applied Sciences"},{"issue":"5","key":"10.7717\/peerj-cs.3312\/ref-21","doi-asserted-by":"publisher","first-page":"3849","DOI":"10.1007\/s10462-020-09942-2","article-title":"Artificial intelligence, cyber-threats and Industry 4.0: challenges and opportunities","volume":"54","author":"B\u00e9cue","year":"2021","journal-title":"Artificial Intelligence Review"},{"key":"10.7717\/peerj-cs.3312\/ref-22","article-title":"Malware spotlight: what is click fraud? Infosec Resources","author":"Belding","year":"2021"},{"key":"10.7717\/peerj-cs.3312\/ref-23","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.2205.14576","article-title":"Problem-space evasion attacks in the Android OS: a survey","author":"Berger","year":"2022"},{"issue":"3","key":"10.7717\/peerj-cs.3312\/ref-24","doi-asserted-by":"publisher","first-page":"107546","DOI":"10.1016\/j.compeleceng.2021.107546","article-title":"Privacy-aware detection framework to mitigate new-age phishing attacks","volume":"96","author":"Bhardwaj","year":"2021","journal-title":"Computers & Electrical Engineering"},{"issue":"2","key":"10.7717\/peerj-cs.3312\/ref-25","doi-asserted-by":"publisher","first-page":"103064","DOI":"10.1016\/j.cose.2022.103064","article-title":"Intelligent IoT-BOTNET attack detection model with optimized hybrid classification model","volume":"126","author":"Bojarajulu","year":"2023","journal-title":"Computers & Security"},{"issue":"2","key":"10.7717\/peerj-cs.3312\/ref-26","doi-asserted-by":"publisher","first-page":"1110","DOI":"10.1016\/j.procs.2020.04.119","article-title":"PhishPreventer: a secure authentication protocol for prevention of phishing attacks in mobile environment with formal verification","volume":"171","author":"Bojjagani","year":"2020","journal-title":"Procedia Computer Science"},{"issue":"2","key":"10.7717\/peerj-cs.3312\/ref-27","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3284748","article-title":"Countermeasures against worm spreading: a new challenge for vehicular networks","volume":"52","author":"Boukerche","year":"2019","journal-title":"ACM Computing Surveys"},{"issue":"2","key":"10.7717\/peerj-cs.3312\/ref-28","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1191\/1478088706qp063oa","article-title":"Using thematic analysis in psychology","volume":"3","author":"Braun","year":"2006","journal-title":"Qualitative Research in Psychology"},{"issue":"4","key":"10.7717\/peerj-cs.3312\/ref-29","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1016\/s1353-4858(14)70040-6","article-title":"Advanced persistent threats: minimizing the damage","volume":"4","author":"Brewer","year":"2014","journal-title":"Network Security"},{"issue":"2","key":"10.7717\/peerj-cs.3312\/ref-30","doi-asserted-by":"publisher","first-page":"126139","DOI":"10.1016\/j.comcom.2021.02.016","article-title":"Cryptomining makes noise: detecting cryptojacking via machine learning","volume":"171","author":"Caprolu","year":"2021","journal-title":"Computer Communications"},{"issue":"6","key":"10.7717\/peerj-cs.3312\/ref-31","doi-asserted-by":"publisher","first-page":"103751","DOI":"10.1016\/j.compind.2022.103751","article-title":"Deceiving AI-based malware detection through polymorphic attacks","volume":"143","author":"Catalano","year":"2022","journal-title":"Computers in Industry"},{"issue":"3","key":"10.7717\/peerj-cs.3312\/ref-32","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/1541880.1541882","article-title":"Anomaly detection","volume":"41","author":"Chandola","year":"2009","journal-title":"ACM Computing Surveys"},{"issue":"2","key":"10.7717\/peerj-cs.3312\/ref-33","doi-asserted-by":"publisher","first-page":"100608","DOI":"10.1016\/j.cosrev.2023.100608","article-title":"Secret sharing: a comprehensive survey, taxonomy and applications","volume":"51","author":"Chattopadhyay","year":"2024","journal-title":"Computer Science Review"},{"key":"10.7717\/peerj-cs.3312\/ref-34","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1016\/j.sbspro.2013.02.025","article-title":"Adaptive change of the web advertising campaign parameters as a click-fraud protection method","volume":"73","author":"Chertov","year":"2013","journal-title":"Procedia\u2014Social and Behavioral Sciences"},{"issue":"2","key":"10.7717\/peerj-cs.3312\/ref-35","doi-asserted-by":"publisher","first-page":"100560","DOI":"10.1016\/j.eij.2024.100560","article-title":"A lightweight malware detection technique based on hybrid fuzzy simulated annealing clustering in Android apps","volume":"25","author":"Chimeleze","year":"2024","journal-title":"Egyptian Informatics Journal"},{"issue":"11","key":"10.7717\/peerj-cs.3312\/ref-36","first-page":"1111","article-title":"A preface on Android malware: taxonomy, techniques and tools","volume":"5","author":"Chouhan","year":"2017","journal-title":"International Journal of Recent Innovation Trends in Computing and Communication"},{"key":"10.7717\/peerj-cs.3312\/ref-37","article-title":"Networking, cloud, and cybersecurity solutions","author":"Cisco","year":"2022"},{"key":"10.7717\/peerj-cs.3312\/ref-38","article-title":"What is ad fraud? | AD click fraud | Cloudflare","author":"Cloudflare","year":"2022"},{"key":"10.7717\/peerj-cs.3312\/ref-39","article-title":"Ryuk ransomware: a targeted campaign breakdown","author":"Cohen","year":"2020"},{"key":"10.7717\/peerj-cs.3312\/ref-40","article-title":"Cybersecurity news","author":"Corll","year":"2023"},{"key":"10.7717\/peerj-cs.3312\/ref-41","article-title":"12 types of malware + examples that you should know","author":"CrowdStrike","year":"2023"},{"key":"10.7717\/peerj-cs.3312\/ref-42","doi-asserted-by":"publisher","DOI":"10.1145\/2594368.2594391","article-title":"Madfraud","author":"Crussell","year":"2014"},{"key":"10.7717\/peerj-cs.3312\/ref-43","doi-asserted-by":"publisher","first-page":"112","DOI":"10.1145\/3634737.3644992","article-title":"C2Miner: tricking IoT malware into revealing live command & control servers","author":"Davanian","year":"2024"},{"key":"10.7717\/peerj-cs.3312\/ref-44","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/iwcmc.2018.8450310","article-title":"A simple approach for securing IoT data transmitted over Multi-RATs","author":"Diba","year":"2018"},{"issue":"2","key":"10.7717\/peerj-cs.3312\/ref-45","doi-asserted-by":"publisher","first-page":"577","DOI":"10.1016\/j.procs.2022.10.080","article-title":"A website\u2019s network attack analysis and security countermeasures","volume":"208","author":"Dong","year":"2022","journal-title":"Procedia Computer Science"},{"issue":"1","key":"10.7717\/peerj-cs.3312\/ref-46","doi-asserted-by":"publisher","first-page":"523","DOI":"10.1016\/j.amc.2016.08.051","article-title":"A Markov adversary model to detect vulnerable iOS devices and vulnerabilities in iOS apps","volume":"293","author":"D\u2019Orazio","year":"2017","journal-title":"Applied Mathematics and Computation"},{"issue":"12","key":"10.7717\/peerj-cs.3312\/ref-47","doi-asserted-by":"publisher","first-page":"122","DOI":"10.35940\/ijitee.l7889.1091220","article-title":"Deep Droid: deep learning for Android malware detection","volume":"9","author":"El Fiky","year":"2020","journal-title":"International Journal of Innovative Technology and Exploring Engineering"},{"key":"10.7717\/peerj-cs.3312\/ref-48","doi-asserted-by":"publisher","first-page":"179","DOI":"10.1016\/b978-0-12-802149-1.00005-1","article-title":"Web applications and services","volume-title":"Penetration Tester\u2019s Open Source Toolkit","author":"Faircloth","year":"2017"},{"key":"10.7717\/peerj-cs.3312\/ref-49","doi-asserted-by":"publisher","first-page":"102087","DOI":"10.1016\/j.cose.2020.102087","article-title":"Android security assessment: a review, taxonomy and research gap study","volume":"100","author":"Garg","year":"2021","journal-title":"Computers & Security"},{"issue":"2","key":"10.7717\/peerj-cs.3312\/ref-50","doi-asserted-by":"publisher","first-page":"179","DOI":"10.1016\/j.cose.2019.03.013","article-title":"A flow-based approach for Trickbot banking Trojan detection","volume":"84","author":"Gezer","year":"2019","journal-title":"Computers & Security"},{"issue":"4","key":"10.7717\/peerj-cs.3312\/ref-51","doi-asserted-by":"publisher","first-page":"519","DOI":"10.1016\/j.cose.2017.12.006","article-title":"Mobile phishing attacks and defence mechanisms: state of art and open research challenges","volume":"73","author":"Goel","year":"2018","journal-title":"Computers & Security"},{"issue":"10","key":"10.7717\/peerj-cs.3312\/ref-52","doi-asserted-by":"publisher","first-page":"2758","DOI":"10.1093\/comjnl\/bxv047","article-title":"Toward a taxonomy of malware behaviors","volume":"58","author":"Gr\u00e9gio","year":"2015","journal-title":"The Computer Journal"},{"issue":"1","key":"10.7717\/peerj-cs.3312\/ref-53","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1155\/2017\/5202836","article-title":"Multiple-features-based semi-supervised clustering DDoS detection method","volume":"2017","author":"Gu","year":"2017","journal-title":"Mathematical Problems in Engineering"},{"issue":"Suppl.","key":"10.7717\/peerj-cs.3312\/ref-54","doi-asserted-by":"publisher","first-page":"S74","DOI":"10.1016\/j.diin.2013.06.011","article-title":"Automated identification of installed malicious Android applications","volume":"10","author":"Guido","year":"2013","journal-title":"Digital Investigation"},{"key":"10.7717\/peerj-cs.3312\/ref-55","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1016\/j.comnet.2018.02.028","article-title":"A hybrid intrusion detection system based on ABC-AFS algorithm for misuse and anomaly detection","volume":"136","author":"Hajisalem","year":"2018","journal-title":"Computer Networks"},{"issue":"2","key":"10.7717\/peerj-cs.3312\/ref-56","doi-asserted-by":"publisher","first-page":"109402","DOI":"10.1016\/j.comnet.2022.109402","article-title":"Estimation of the success probability of a malicious attacker on blockchain-based edge network","volume":"219","author":"Halgamuge","year":"2022","journal-title":"Computer Networks"},{"key":"10.7717\/peerj-cs.3312\/ref-57","article-title":"Nokia archives. Help Net Security","author":"Help Net Security","year":"2022"},{"key":"10.7717\/peerj-cs.3312\/ref-58","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/ccece.2019.8861782","article-title":"A blockchain-based framework for detecting malicious mobile applications in App stores","author":"Homayoun","year":"2019"},{"issue":"7","key":"10.7717\/peerj-cs.3312\/ref-59","doi-asserted-by":"publisher","first-page":"4219","DOI":"10.1016\/j.jksuci.2022.05.004","article-title":"Hybrid model for BOT group activity detection using similarity and correlation approaches based on network traffic flows analysis","volume":"34","author":"Hostiadi","year":"2022","journal-title":"Journal of King Saud University\u2014Computer and Information Sciences"},{"key":"10.7717\/peerj-cs.3312\/ref-60","doi-asserted-by":"publisher","first-page":"103669","DOI":"10.1016\/j.csi.2022.103669","article-title":"An analysis model for detecting misbehaviors in anonymous cryptocurrency","volume":"83","author":"Huang","year":"2023","journal-title":"Computer Standards & Interfaces"},{"issue":"3","key":"10.7717\/peerj-cs.3312\/ref-61","doi-asserted-by":"publisher","first-page":"496","DOI":"10.3390\/jcp1030025","article-title":"Tor hidden services: a systematic literature review","volume":"1","author":"Huete Trujillo","year":"2021","journal-title":"Journal of Cybersecurity and Privacy"},{"key":"10.7717\/peerj-cs.3312\/ref-62","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1186\/s40163-019-0097-9","article-title":"Ransomware deployment methods and analysis: views from a predictive model and human responses","volume":"8","author":"Hull","year":"2019","journal-title":"Crime Science"},{"key":"10.7717\/peerj-cs.3312\/ref-63","doi-asserted-by":"publisher","DOI":"10.1109\/intech.2016.7845073","article-title":"Analysis of machine learning solutions to detect malware in Android","author":"Jamil","year":"2016"},{"issue":"1","key":"10.7717\/peerj-cs.3312\/ref-64","doi-asserted-by":"publisher","first-page":"12","DOI":"10.1007\/s10462-024-11005-9","article-title":"Robustness in deep learning models for medical diagnostics: security and adversarial challenges towards robust AI applications","volume":"58","author":"Javed","year":"2025","journal-title":"Artificial Intelligence Review"},{"key":"10.7717\/peerj-cs.3312\/ref-65","doi-asserted-by":"publisher","DOI":"10.1109\/cybersa.2017.8073391","article-title":"Towards the normalization of cybercrime victimization: a routine activities analysis of cybercrime in Europe","author":"Junger","year":"2017"},{"issue":"3","key":"10.7717\/peerj-cs.3312\/ref-66","doi-asserted-by":"crossref","first-page":"1","DOI":"10.13052\/jcsm2245-1439.732","article-title":"Understanding Android financial malware attacks: taxonomy, characterization, and challenges","volume":"7","author":"Kadir","year":"2018","journal-title":"Journal of Cyber Security and Mobility"},{"key":"10.7717\/peerj-cs.3312\/ref-67","doi-asserted-by":"crossref","DOI":"10.23919\/ICACT.2019.8702049","article-title":"Analyzing WannaCry ransomware considering the weapons and exploits","author":"Kao","year":"2019"},{"issue":"2","key":"10.7717\/peerj-cs.3312\/ref-68","doi-asserted-by":"publisher","first-page":"206","DOI":"10.1016\/j.cose.2016.04.005","article-title":"SQLIGOT: detecting SQL injection attacks using a graph of tokens and SVM","volume":"60","author":"Kar","year":"2016","journal-title":"Computers & Security"},{"issue":"6","key":"10.7717\/peerj-cs.3312\/ref-69","doi-asserted-by":"publisher","first-page":"119133","DOI":"10.1016\/j.eswa.2022.119133","article-title":"Fileless malware threats: recent advances, analysis approach through memory forensics and research challenges","volume":"214","author":"Kara","year":"2023","journal-title":"Expert Systems with Applications"},{"issue":"2","key":"10.7717\/peerj-cs.3312\/ref-70","doi-asserted-by":"publisher","first-page":"102852","DOI":"10.1016\/j.jisa.2021.102852","article-title":"An ensemble classification-based approach to detect the attack level of SQL injections","volume":"59","author":"Kasim","year":"2021","journal-title":"Journal of Information Security and Applications"},{"key":"10.7717\/peerj-cs.3312\/ref-71","article-title":"What is the polymorphic virus?","author":"Kaspersky","year":"2021"},{"key":"10.7717\/peerj-cs.3312\/ref-72","article-title":"IP spoofing: how it works and how to prevent it","author":"Kaspersky","year":"2022a"},{"key":"10.7717\/peerj-cs.3312\/ref-73","article-title":"Online security you can trust at a price you\u2019ll love","author":"Kaspersky","year":"2022b"},{"key":"10.7717\/peerj-cs.3312\/ref-74","article-title":"What is a drive by download","author":"Kaspersky","year":"2022c"},{"key":"10.7717\/peerj-cs.3312\/ref-75","article-title":"Ransomware attacks and types\u2014how encryption trojans differ","author":"Kaspersky","year":"2022d"},{"key":"10.7717\/peerj-cs.3312\/ref-76","article-title":"What is cryptojacking?\u2014definition and explanation","author":"Kaspersky","year":"2022e"},{"key":"10.7717\/peerj-cs.3312\/ref-77","article-title":"The mobile threat landscape in 2024 (Mobile threat report)","author":"Kaspersky","year":"2025"},{"key":"10.7717\/peerj-cs.3312\/ref-78","doi-asserted-by":"publisher","first-page":"103387","DOI":"10.1016\/j.jisa.2022.103387","article-title":"A method for decrypting data infected with Hive ransomware","volume":"71","author":"Kim","year":"2022","journal-title":"Journal of Information Security and Applications"},{"key":"10.7717\/peerj-cs.3312\/ref-79","article-title":"Ad fraud tutorial series: what is click injection? Singular","author":"Komornik","year":"2022"},{"key":"10.7717\/peerj-cs.3312\/ref-80","first-page":"31","article-title":"Emotet malware\u2014a banking credentials stealer","volume":"22","author":"Kuraku","year":"2020","journal-title":"IOSR Journal of Computer Engineering"},{"key":"10.7717\/peerj-cs.3312\/ref-81","article-title":"Statistical inference for topological data analysis","author":"Lecci","year":"2014"},{"issue":"2","key":"10.7717\/peerj-cs.3312\/ref-82","doi-asserted-by":"publisher","first-page":"102644","DOI":"10.1016\/j.cose.2022.102644","article-title":"Preventive portfolio against data-selling ransomware\u2014a game theory of encryption and deception","volume":"116","author":"Li","year":"2022","journal-title":"Computers & Security"},{"issue":"2","key":"10.7717\/peerj-cs.3312\/ref-83","doi-asserted-by":"publisher","first-page":"174","DOI":"10.23919\/jcc.2022.02.014","article-title":"Cryptomining malware detection based on edge computing-oriented multi-modal features deep learning","volume":"19","author":"Lian","year":"2022","journal-title":"China Communications"},{"issue":"1","key":"10.7717\/peerj-cs.3312\/ref-84","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1155\/2022\/4927504","article-title":"Computer network confidential information security based on big data clustering algorithm","volume":"2022","author":"Liu","year":"2022","journal-title":"Wireless Communications and Mobile Computing"},{"key":"10.7717\/peerj-cs.3312\/ref-85","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.2402.02953","article-title":"Unraveling the key of machine learning solutions for Android malware detection","author":"Liu","year":"2024"},{"key":"10.7717\/peerj-cs.3312\/ref-86","doi-asserted-by":"publisher","first-page":"1146","DOI":"10.1109\/IAEAC.2015.7428739","article-title":"An alert correlation algorithm based on the sequence pattern mining","author":"Lv","year":"2016"},{"issue":"10","key":"10.7717\/peerj-cs.3312\/ref-87","doi-asserted-by":"publisher","first-page":"5183","DOI":"10.1007\/s00521-020-05309-4","article-title":"MLDroid\u2014framework for Android malware detection using machine learning techniques","volume":"33","author":"Mahindru","year":"2020","journal-title":"Neural Computing and Applications"},{"issue":"2","key":"10.7717\/peerj-cs.3312\/ref-88","doi-asserted-by":"publisher","first-page":"1636","DOI":"10.1109\/comst.2018.2874978","article-title":"Anatomy of threats to the internet of things","volume":"21","author":"Makhdoom","year":"2019","journal-title":"IEEE Communications Surveys & Tutorials"},{"key":"10.7717\/peerj-cs.3312\/ref-89","article-title":"What is ransomware? How to protect against ransomware","author":"Malwarebytes","year":"2022"},{"key":"10.7717\/peerj-cs.3312\/ref-90","article-title":"Cryptojacking\u2014what is it, and how does it work?","author":"Malwarebytes","year":"n.d"},{"key":"10.7717\/peerj-cs.3312\/ref-91","doi-asserted-by":"publisher","DOI":"10.1109\/ACSOS49614.2020.00032","article-title":"DeCrypto Pro: deep learning based cryptomining malware detection using performance counters","author":"Mani","year":"2020"},{"key":"10.7717\/peerj-cs.3312\/ref-92","doi-asserted-by":"publisher","first-page":"122255","DOI":"10.1016\/j.eswa.2023.122255","article-title":"Detection approaches for Android malware: taxonomy and review analysis","volume":"238","author":"Manzil","year":"2023","journal-title":"Expert Systems with Applications"},{"key":"10.7717\/peerj-cs.3312\/ref-93","article-title":"Antivirus, mobile security and VPN\u2014download for free","author":"McAfee","year":"2022"},{"issue":"2","key":"10.7717\/peerj-cs.3312\/ref-94","doi-asserted-by":"publisher","first-page":"199","DOI":"10.1016\/j.jisa.2018.04.001","article-title":"SQL injection attack classification through the feature extraction of SQL query strings using a gap-weighted string subsequence kernel","volume":"40","author":"McWhirter","year":"2018","journal-title":"Journal of Information Security and Applications"},{"issue":"1","key":"10.7717\/peerj-cs.3312\/ref-95","doi-asserted-by":"publisher","first-page":"637","DOI":"10.1109\/jiot.2022.3203514","article-title":"Multiuser physical-layer authentication based on latent perturbed neural networks for industrial internet of things","volume":"10","author":"Meng","year":"2023","journal-title":"IEEE Internet of Things Journal"},{"key":"10.7717\/peerj-cs.3312\/ref-96","article-title":"Ransomware maze","author":"Mundo","year":"2020"},{"issue":"3","key":"10.7717\/peerj-cs.3312\/ref-97","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1016\/j.cose.2018.09.006","article-title":"Detection of malicious and low throughput data exfiltration over the DNS protocol","volume":"80","author":"Nadler","year":"2019","journal-title":"Computers & Security"},{"key":"10.7717\/peerj-cs.3312\/ref-98","doi-asserted-by":"publisher","first-page":"790","DOI":"10.1016\/j.protcy.2012.05.129","article-title":"Generation of SQL-injection free secure algorithm to detect and prevent SQL-injection attacks","volume":"4","author":"Natarajan","year":"2012","journal-title":"Procedia Technology"},{"issue":"12","key":"10.7717\/peerj-cs.3312\/ref-99","doi-asserted-by":"publisher","first-page":"9905","DOI":"10.1109\/jiot.2020.3029970","article-title":"Malware on internet of UAVs detection combining string matching and Fourier transformation","volume":"8","author":"Niu","year":"2021","journal-title":"IEEE Internet of Things Journal"},{"issue":"1","key":"10.7717\/peerj-cs.3312\/ref-100","doi-asserted-by":"publisher","first-page":"879","DOI":"10.17705\/1cais.03743","article-title":"A guide to conducting a standalone systematic literature review","volume":"37","author":"Okoli","year":"2015","journal-title":"Communications of the Association for Information Systems"},{"issue":"4","key":"10.7717\/peerj-cs.3312\/ref-101","doi-asserted-by":"publisher","first-page":"432","DOI":"10.1177\/15274764221110198","article-title":"Institutional polymorphism: diversification of content and monetization strategies on YouTube","volume":"24","author":"\u00d8rmen","year":"2023","journal-title":"Television & New Media"},{"issue":"11s","key":"10.7717\/peerj-cs.3312\/ref-102","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3514229","article-title":"A survey on ransomware: evolution, taxonomy, and defense solutions","volume":"54","author":"Oz","year":"2022","journal-title":"ACM Computing Surveys"},{"key":"10.7717\/peerj-cs.3312\/ref-103","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-13-2463-5_2","article-title":"Systematic reviews in Asia: introducing the \u2018PRISMA\u2019 protocol to tourism and hospitality scholars","author":"Pahlevan Sharif","year":"2019"},{"key":"10.7717\/peerj-cs.3312\/ref-104","doi-asserted-by":"crossref","first-page":"55","DOI":"10.1007\/978-3-031-46479-9_3","article-title":"Malware detection using explainable AI","volume-title":"Explainable AI for Cybersecurity","author":"Pan","year":"2023"},{"issue":"10","key":"10.7717\/peerj-cs.3312\/ref-105","doi-asserted-by":"publisher","first-page":"2268","DOI":"10.1109\/tifs.2016.2578288","article-title":"Secure face unlocks: spoof detection on smartphones","volume":"11","author":"Patel","year":"2016","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"10.7717\/peerj-cs.3312\/ref-106","doi-asserted-by":"crossref","DOI":"10.1109\/ISBA.2016.7477232","article-title":"Assessing vulnerability of dorsal hand-vein verification system to spoofing attacks using smartphone camera","author":"Patil","year":"2016"},{"issue":"11","key":"10.7717\/peerj-cs.3312\/ref-107","doi-asserted-by":"publisher","first-page":"146","DOI":"10.1016\/j.aeue.2017.04.003","article-title":"Hardware trojans against virtual keyboards on e-banking platforms\u2014a proof of concept","volume":"76","author":"Peris-Lopez","year":"2017","journal-title":"AEU\u2014International Journal of Electronicsand Communications"},{"key":"10.7717\/peerj-cs.3312\/ref-108","doi-asserted-by":"publisher","first-page":"108628","DOI":"10.1016\/j.dib.2022.108628","article-title":"Botnet dataset with simultaneous attack activity","volume":"45","author":"Putra","year":"2022","journal-title":"Data in Brief"},{"issue":"5","key":"10.7717\/peerj-cs.3312\/ref-109","doi-asserted-by":"publisher","first-page":"887","DOI":"10.1016\/j.future.2019.03.007","article-title":"Mobile malware attacks: review, taxonomy & future directions","volume":"97","author":"Qamar","year":"2019","journal-title":"Future Generation Computer Systems"},{"issue":"5","key":"10.7717\/peerj-cs.3312\/ref-110","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1155\/2021\/8871230","article-title":"Analysis of challenges in modern network forensic framework","volume":"2021","author":"Qureshi","year":"2021","journal-title":"Security and Communication Networks"},{"issue":"1","key":"10.7717\/peerj-cs.3312\/ref-111","doi-asserted-by":"publisher","first-page":"102001","DOI":"10.1016\/j.cose.2020.102001","article-title":"New biostatistics features for detecting web bot activity on web applications","volume":"97","author":"Rahman","year":"2020","journal-title":"Computers & Security"},{"issue":"1","key":"10.7717\/peerj-cs.3312\/ref-112","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1504\/IJSN.2014.059327","article-title":"A taxonomy of privilege escalation attacks in Android applications","volume":"9","author":"Rangwala","year":"2014","journal-title":"International Journal of Security and Networks"},{"issue":"16","key":"10.7717\/peerj-cs.3312\/ref-113","doi-asserted-by":"publisher","first-page":"5671","DOI":"10.3390\/s21165671","article-title":"An analysis of Android malware classification services","volume":"21","author":"Rashed","year":"2021","journal-title":"Sensors"},{"issue":"1","key":"10.7717\/peerj-cs.3312\/ref-114","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1016\/s1361-3723(19)30010-7","article-title":"Understanding the evolution of malware","volume":"2019","author":"Rendell","year":"2019","journal-title":"Computer Fraud & Security"},{"key":"10.7717\/peerj-cs.3312\/ref-115","doi-asserted-by":"publisher","first-page":"121282","DOI":"10.1016\/j.techfore.2021.121282","article-title":"How cybercriminal communities grow and change: an investigation of ad-fraud communities","volume":"174","author":"Richet","year":"2022","journal-title":"Technological Forecasting and Social Change"},{"key":"10.7717\/peerj-cs.3312\/ref-116","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/icl-gnss49876.2020.9115489","article-title":"Assessment of the vulnerability to spoofing attacks of GNSS receivers integrated in consumer devices","author":"Rustamov","year":"2020"},{"key":"10.7717\/peerj-cs.3312\/ref-117","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-030-66583-8","volume-title":"Ransomware revolution: the rise of a prodigious cyber threat","volume":"85","author":"Ryan","year":"2021"},{"issue":"12","key":"10.7717\/peerj-cs.3312\/ref-118","doi-asserted-by":"publisher","first-page":"164","DOI":"10.3390\/computers10120164","article-title":"Click fraud in digital advertising: a comprehensive survey","volume":"10","author":"Sadeghpour","year":"2021","journal-title":"Computers"},{"key":"10.7717\/peerj-cs.3312\/ref-119","doi-asserted-by":"crossref","DOI":"10.1109\/ISCISC.2018.8546941","article-title":"A novel approach for detecting DGA-based ransomwares","author":"Salehi","year":"2018"},{"issue":"1","key":"10.7717\/peerj-cs.3312\/ref-120","doi-asserted-by":"publisher","first-page":"546","DOI":"10.1016\/j.procs.2011.07.071","article-title":"Exploration of attacks on current generation smartphones","volume":"5","author":"Salerno","year":"2011","journal-title":"Procedia Computer Science"},{"key":"10.7717\/peerj-cs.3312\/ref-121","article-title":"The evolution of ransomware","author":"Savage","year":"2015"},{"key":"10.7717\/peerj-cs.3312\/ref-122","doi-asserted-by":"crossref","first-page":"217","DOI":"10.1016\/B978-0-32-396098-4.00017-X","article-title":"Improving malware detection with explainable machine learning","volume-title":"Explainable Deep Learning AI","author":"Scalas","year":"2023"},{"key":"10.7717\/peerj-cs.3312\/ref-123","article-title":"Hackers take over IoT devices to \u2018click\u2019 on ads","author":"Seals","year":"2019"},{"issue":"5\u20136","key":"10.7717\/peerj-cs.3312\/ref-124","doi-asserted-by":"publisher","first-page":"353","DOI":"10.1002\/sam.11296","article-title":"Attack chain detection","volume":"8","author":"Sexton","year":"2015","journal-title":"Statistical Analysis and Data Mining"},{"issue":"4","key":"10.7717\/peerj-cs.3312\/ref-125","doi-asserted-by":"publisher","first-page":"101863","DOI":"10.1016\/j.cose.2020.101863","article-title":"IoT malicious traffic identification using wrapper-based feature selection mechanisms","volume":"94","author":"Shafiq","year":"2020","journal-title":"Computers & Security"},{"issue":"2","key":"10.7717\/peerj-cs.3312\/ref-126","doi-asserted-by":"publisher","first-page":"292","DOI":"10.1016\/j.ins.2020.05.053","article-title":"A machine learning-based golden-free detection method for command-activated hardware trojan","volume":"540","author":"Shang","year":"2020","journal-title":"Information Sciences"},{"issue":"5","key":"10.7717\/peerj-cs.3312\/ref-127","doi-asserted-by":"publisher","first-page":"100373","DOI":"10.1016\/j.cosrev.2021.100373","article-title":"Malicious application detection in Android\u2014a systematic literature review","volume":"40","author":"Sharma","year":"2021","journal-title":"Computer Science Review"},{"issue":"5","key":"10.7717\/peerj-cs.3312\/ref-128","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3708500","article-title":"Characterization of Android malwares and their families","volume":"57","author":"Sharma","year":"2025","journal-title":"ACM Computing Surveys"},{"key":"10.7717\/peerj-cs.3312\/ref-129","doi-asserted-by":"publisher","first-page":"553","DOI":"10.1145\/2791405.2791417","article-title":"Malware detection in Android files based on multiple levels of learning and diverse data sources","author":"Sheen","year":"2015"},{"key":"10.7717\/peerj-cs.3312\/ref-130","article-title":"Ransomware 2020: attack trends affecting organizations worldwide","author":"Singleton","year":"2025"},{"issue":"4","key":"10.7717\/peerj-cs.3312\/ref-131","doi-asserted-by":"publisher","first-page":"101011","DOI":"10.1016\/j.jestch.2021.05.015","article-title":"Quad division prototype selection-based K-nearest neighbor classifier for click fraud detection from highly skewed user click dataset","volume":"28","author":"Sisodia","year":"2022","journal-title":"Engineering Science and Technology, an International Journal"},{"issue":"3","key":"10.7717\/peerj-cs.3312\/ref-132","doi-asserted-by":"publisher","first-page":"108174","DOI":"10.1016\/j.comnet.2021.108174","article-title":"DNSXP: enhancing data exfiltration protection through data plane programmability","volume":"195","author":"Steadman","year":"2021","journal-title":"Computer Networks"},{"key":"10.7717\/peerj-cs.3312\/ref-133","article-title":"An overview of symmetric encryption and the key lifecycle","author":"Stubbs","year":"2019"},{"key":"10.7717\/peerj-cs.3312\/ref-134","doi-asserted-by":"publisher","DOI":"10.1109\/msn.2012.43","article-title":"Smartphone dual defense protection framework: detecting malicious applications in Android markets","author":"Su","year":"2012"},{"issue":"4","key":"10.7717\/peerj-cs.3312\/ref-135","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/2733306","article-title":"Securing Android","volume":"47","author":"Sufatrio","year":"2015","journal-title":"ACM Computing Surveys"},{"key":"10.7717\/peerj-cs.3312\/ref-136","article-title":"The evolution of ransomware","author":"Symantec","year":"2015"},{"issue":"12","key":"10.7717\/peerj-cs.3312\/ref-137","doi-asserted-by":"publisher","first-page":"6721","DOI":"10.1007\/s00521-020-05450-0","article-title":"Hybrid classification of Android malware based on fuzzy clustering and the gradient boosting machine","volume":"33","author":"Taha","year":"2021","journal-title":"Neural Computing and Applications"},{"issue":"4","key":"10.7717\/peerj-cs.3312\/ref-138","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3017427","article-title":"The evolution of Android malware and Android analysis techniques","volume":"49","author":"Tam","year":"2017","journal-title":"ACM Computing Surveys"},{"key":"10.7717\/peerj-cs.3312\/ref-139","doi-asserted-by":"publisher","DOI":"10.1109\/ictc.2013.6675302","article-title":"An analytics framework to detect compromised IoT devices using mobility behavior","author":"Taneja","year":"2013"},{"key":"10.7717\/peerj-cs.3312\/ref-140","doi-asserted-by":"crossref","DOI":"10.1002\/9781119898900","volume-title":"Data exfiltration threats and prevention techniques: machine learning and memory-based data security","author":"Tari","year":"2023"},{"issue":"1","key":"10.7717\/peerj-cs.3312\/ref-141","doi-asserted-by":"publisher","first-page":"453","DOI":"10.1007\/s10462-021-10037-9","article-title":"A survey on intrusion detection system: feature selection, model, performance measures, application perspective, challenges, and future research directions","volume":"55","author":"Thakkar","year":"2022","journal-title":"Artificial Intelligence Review"},{"issue":"4","key":"10.7717\/peerj-cs.3312\/ref-142","doi-asserted-by":"publisher","first-page":"213","DOI":"10.4236\/jis.2013.44024","article-title":"Analysis of malware families on Android mobiles: detection characteristics recognizable by ordinary phone users and how to fix it","volume":"4","author":"Thanh","year":"2013","journal-title":"Journal of Information Security"},{"key":"10.7717\/peerj-cs.3312\/ref-143","doi-asserted-by":"publisher","first-page":"103904","DOI":"10.1016\/j.engappai.2020.103904","article-title":"Sensor defense in-software (SDI): practical software-based detection of spoofing attacks on position sensors","volume":"95","author":"Tharayil","year":"2020","journal-title":"Engineering Applications of Artificial Intelligence"},{"issue":"1","key":"10.7717\/peerj-cs.3312\/ref-144","doi-asserted-by":"publisher","first-page":"100016","DOI":"10.1016\/j.mlwa.2020.100016","article-title":"A hybrid and effective learning approach for click fraud detection","volume":"3","author":"Thejas","year":"2021","journal-title":"Machine Learning with Applications"},{"key":"10.7717\/peerj-cs.3312\/ref-145","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1016\/j.jnca.2017.10.016","article-title":"Data exfiltration: a review of external attack vectors and countermeasures","volume":"101","author":"Ullah","year":"2018","journal-title":"Journal of Network and Computer Applications"},{"issue":"3","key":"10.7717\/peerj-cs.3312\/ref-146","doi-asserted-by":"publisher","first-page":"398","DOI":"10.1111\/nhs.12048","article-title":"Content analysis and thematic analysis: implications for conducting a qualitative descriptive study","volume":"15","author":"Vaismoradi","year":"2013","journal-title":"Nursing & Health Sciences"},{"issue":"22","key":"10.7717\/peerj-cs.3312\/ref-147","doi-asserted-by":"publisher","first-page":"286","DOI":"10.1016\/j.chb.2019.07.034","article-title":"If you know what to do, will you take action to avoid mobile phishing attacks: self-efficacy, anticipated regret, and gender","volume":"101","author":"Verkijika","year":"2019","journal-title":"Computers in Human Behavior"},{"issue":"4","key":"10.7717\/peerj-cs.3312\/ref-148","doi-asserted-by":"publisher","first-page":"113","DOI":"10.4018\/ijcac.2021100107","article-title":"Android malware detection techniques in traditional and cloud computing platforms","volume":"11","author":"Vishnoi","year":"2021","journal-title":"International Journal of Cloud Applications and Computing"},{"issue":"5","key":"10.7717\/peerj-cs.3312\/ref-149","doi-asserted-by":"publisher","first-page":"198","DOI":"10.1016\/j.chb.2016.05.035","article-title":"Mobile device affordance: explicating how smartphones influence the outcome of phishing attacks","volume":"63","author":"Vishwanath","year":"2016","journal-title":"Computers in Human Behavior"},{"issue":"3","key":"10.7717\/peerj-cs.3312\/ref-150","doi-asserted-by":"publisher","first-page":"5141","DOI":"10.3233\/jifs-231969","article-title":"An adaptive semi-supervised deep learning-based framework for the detection of Android malware","volume":"45","author":"Wajahat","year":"2023","journal-title":"Journal of Intelligent & Fuzzy Systems"},{"issue":"1","key":"10.7717\/peerj-cs.3312\/ref-151","doi-asserted-by":"publisher","first-page":"33","DOI":"10.3233\/idt-230284","article-title":"An effective deep learning scheme for android malware detection leveraging performance metrics and computational resources","volume":"18","author":"Wajahat","year":"2024a","journal-title":"Intelligent Decision Technologies"},{"issue":"1","key":"10.7717\/peerj-cs.3312\/ref-152","doi-asserted-by":"publisher","first-page":"651","DOI":"10.32604\/cmc.2024.047530","article-title":"Outsmarting Android malware with cutting-edge feature engineering and machine learning techniques","volume":"79","author":"Wajahat","year":"2024b","journal-title":"Computers, Materials & Continua"},{"key":"10.7717\/peerj-cs.3312\/ref-153","doi-asserted-by":"publisher","first-page":"2062","DOI":"10.1109\/infocom.2019.8737422","article-title":"VoicePop: a pop noise-based anti-spoofing system for voice authentication on smartphones","author":"Wang","year":"2019a"},{"key":"10.7717\/peerj-cs.3312\/ref-154","doi-asserted-by":"publisher","first-page":"67602","DOI":"10.1109\/ACCESS.2019.2918139","article-title":"Constructing features for detecting Android malicious applications: issues, taxonomy and directions","volume":"7","author":"Wang","year":"2019b","journal-title":"IEEE Access"},{"key":"10.7717\/peerj-cs.3312\/ref-155","article-title":"Reverse engineering tools review","author":"W\u00f3jcik","year":"2022"},{"issue":"16","key":"10.7717\/peerj-cs.3312\/ref-156","doi-asserted-by":"publisher","first-page":"8869","DOI":"10.1016\/j.jfranklin.2022.08.025","article-title":"Analysis and detection against network attacks in the overlapping phenomenon of behavior attribute","volume":"359","author":"Xie","year":"2022","journal-title":"Journal of the Franklin Institute"},{"issue":"16","key":"10.7717\/peerj-cs.3312\/ref-157","doi-asserted-by":"publisher","first-page":"8869","DOI":"10.1016\/j.jfranklin.2022.08.025","article-title":"Event-triggered control for uncertain stochastic systems under triple network attacks","volume":"359","author":"Xing","year":"2022","journal-title":"Journal of the Franklin Institute"},{"issue":"95\u2013105","key":"10.7717\/peerj-cs.3312\/ref-158","doi-asserted-by":"publisher","first-page":"117893","DOI":"10.1016\/j.eswa.2022.117893","article-title":"ICSA: intelligent chatbot security assistant using text-CNN and multi-phase real-time defense against SNS phishing attacks","volume":"207","author":"Yoo","year":"2022","journal-title":"Expert Systems with Applications"},{"issue":"21","key":"10.7717\/peerj-cs.3312\/ref-159","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1155\/2021\/9534016","article-title":"WEB DDoS attack detection method based on semi-supervised learning","volume":"2021","author":"Yu","year":"2021","journal-title":"Security and Communication Networks"},{"key":"10.7717\/peerj-cs.3312\/ref-160","doi-asserted-by":"publisher","first-page":"108919","DOI":"10.1016\/j.comnet.2022.108919","article-title":"Detecting DNS over HTTPS based data exfiltration","volume":"209","author":"Zhan","year":"2022","journal-title":"Computer Networks"},{"issue":"2","key":"10.7717\/peerj-cs.3312\/ref-161","doi-asserted-by":"publisher","first-page":"101757","DOI":"10.1016\/j.sysarc.2020.101757","article-title":"On hardware-Trojan-assisted power budgeting system attack targeting many-core systems","volume":"109","author":"Zhao","year":"2020","journal-title":"Journal of Systems Architecture"},{"issue":"4","key":"10.7717\/peerj-cs.3312\/ref-162","doi-asserted-by":"publisher","first-page":"297","DOI":"10.1080\/08874417.2018.1477076","article-title":"Crypto mining attacks in information systems: an emerging threat to cyber security","volume":"60","author":"Zimba","year":"2018","journal-title":"Journal of Computer Information Systems"}],"container-title":["PeerJ Computer Science"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/peerj.com\/articles\/cs-3312.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/peerj.com\/articles\/cs-3312.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/peerj.com\/articles\/cs-3312.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/peerj.com\/articles\/cs-3312.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,6]],"date-time":"2026-02-06T08:00:35Z","timestamp":1770364835000},"score":1,"resource":{"primary":{"URL":"https:\/\/peerj.com\/articles\/cs-3312"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,2,6]]},"references-count":162,"alternative-id":["10.7717\/peerj-cs.3312"],"URL":"https:\/\/doi.org\/10.7717\/peerj-cs.3312","archive":["CLOCKSS","LOCKSS","Portico"],"relation":{},"ISSN":["2376-5992"],"issn-type":[{"value":"2376-5992","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,2,6]]},"article-number":"e3312"}}