metaNet: Interpretable unknown mobile malware identification with a novel meta-features mining algorithm

The continuous emergence of malware has threatened to the Android platform and user privacy. With the evolution of the Android system and malware, it is challenging to design a method that can accurately identify the categories of sophisticated malware, including known and unknown families, as well...

Full description

Saved in:
Bibliographic Details
Published inComputer networks (Amsterdam, Netherlands : 1999) Vol. 250; p. 110563
Main Authors Li, Zhaoxuan, Zhao, Ziming, Zhang, Rui, Lu, Haoyang, Li, Wenhao, Zhang, Fan, Lu, Siqi, Xue, Rui
Format Journal Article
LanguageEnglish
Published Elsevier B.V 01.08.2024
Subjects
Android malware
Decentralized applications
Meta-features
U-net
Unknown families
Android malware
Decentralized applications
Meta-features
U-net
Unknown families
Online AccessGet full text
ISSN1389-1286
1872-7069
DOI10.1016/j.comnet.2024.110563

Cover

Abstract The continuous emergence of malware has threatened to the Android platform and user privacy. With the evolution of the Android system and malware, it is challenging to design a method that can accurately identify the categories of sophisticated malware, including known and unknown families, as well as their obfuscated variants, given that they may be newly emerging and lack available detection knowledge. Although some methods try to use anomaly detection and zero-shot technology to identify unseen applications, they are limited to binary classification or lack the robustness, stability, universality, and interpretability in multi-class identification. To this end, we first propose a generic meta-features mining algorithm, which can discover the potential relationships between samples belonging to the same category. Then we present metaNet, a novel method leveraging meta-features to identify sophisticated Android malware. Specifically, metaNet is mainly powered by four components: (i) mExtractor is a feature collector to obtain the static and dynamic features. (ii) mProcessor is taking unique meta-features of each category from extracted features. (iii) mLearner is a machine learning suite that leverages features and meta-features to design and train a classifier called HSU-Net. (iv) mEnforcer is a flexible deployer that identifies categories of malware families in the real world. We implement a prototype of metaNet with 15K lines of Python code and compare it with state-of-the-art (SOTA) methods. The results show that it can not only achieve superior performance in terms of known families (99.52% of accuracy) and unknown families (99.31% of accuracy trained with 80% known families) for binary classification, but also perform well in multi-class identification, i.e., 99.05% and 93.45% of accuracy for known and unknown families, respectively. Furthermore, we deploy and evaluate metaNet in the real world. It can identify applications over an acceptable time and memory overheads, i.e., average of 11.8 s and 56 MB per sample with a size of 8 MB. Also, the few-shot detection and feature perturbation experiments reflect its robustness and stability benefiting from meta-features. Finally, we collect the traffic of 112 decentralized applications (DApps) belonging to 16 categories, such as finance and health, and evaluated metaNet in DApp identification. The results illustrate its applicability across various tasks. That is, it can accurately classify 94.6% and 81.36% of DApp flows in all-known and 80%-known DApp scenarios, respectively, outperforming the SOTA methods.
AbstractList The continuous emergence of malware has threatened to the Android platform and user privacy. With the evolution of the Android system and malware, it is challenging to design a method that can accurately identify the categories of sophisticated malware, including known and unknown families, as well as their obfuscated variants, given that they may be newly emerging and lack available detection knowledge. Although some methods try to use anomaly detection and zero-shot technology to identify unseen applications, they are limited to binary classification or lack the robustness, stability, universality, and interpretability in multi-class identification. To this end, we first propose a generic meta-features mining algorithm, which can discover the potential relationships between samples belonging to the same category. Then we present metaNet, a novel method leveraging meta-features to identify sophisticated Android malware. Specifically, metaNet is mainly powered by four components: (i) mExtractor is a feature collector to obtain the static and dynamic features. (ii) mProcessor is taking unique meta-features of each category from extracted features. (iii) mLearner is a machine learning suite that leverages features and meta-features to design and train a classifier called HSU-Net. (iv) mEnforcer is a flexible deployer that identifies categories of malware families in the real world. We implement a prototype of metaNet with 15K lines of Python code and compare it with state-of-the-art (SOTA) methods. The results show that it can not only achieve superior performance in terms of known families (99.52% of accuracy) and unknown families (99.31% of accuracy trained with 80% known families) for binary classification, but also perform well in multi-class identification, i.e., 99.05% and 93.45% of accuracy for known and unknown families, respectively. Furthermore, we deploy and evaluate metaNet in the real world. It can identify applications over an acceptable time and memory overheads, i.e., average of 11.8 s and 56 MB per sample with a size of 8 MB. Also, the few-shot detection and feature perturbation experiments reflect its robustness and stability benefiting from meta-features. Finally, we collect the traffic of 112 decentralized applications (DApps) belonging to 16 categories, such as finance and health, and evaluated metaNet in DApp identification. The results illustrate its applicability across various tasks. That is, it can accurately classify 94.6% and 81.36% of DApp flows in all-known and 80%-known DApp scenarios, respectively, outperforming the SOTA methods.
ArticleNumber 110563
Author Zhao, Ziming
Li, Zhaoxuan
Lu, Haoyang
Li, Wenhao
Lu, Siqi
Zhang, Rui
Zhang, Fan
Xue, Rui
Author_xml – sequence: 1
  givenname: Zhaoxuan
  orcidid: 0000-0002-2195-0799
  surname: Li
  fullname: Li, Zhaoxuan
  email: lizhaoxuan@iie.ac.cn
  organization: State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, 100093, China
– sequence: 2
  givenname: Ziming
  orcidid: 0000-0003-1455-4330
  surname: Zhao
  fullname: Zhao, Ziming
  email: zhaoziming@zju.edu.cn
  organization: Zhejiang University, Hangzhou, 310027, China
– sequence: 3
  givenname: Rui
  surname: Zhang
  fullname: Zhang, Rui
  email: zhangrui@iie.ac.cn
  organization: State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, 100093, China
– sequence: 4
  givenname: Haoyang
  orcidid: 0009-0001-8745-0957
  surname: Lu
  fullname: Lu, Haoyang
  email: luhaoyang@iie.ac.cn
  organization: State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, 100093, China
– sequence: 5
  givenname: Wenhao
  orcidid: 0000-0003-2268-7416
  surname: Li
  fullname: Li, Wenhao
  email: liwenhao@iie.ac.cn
  organization: State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, 100093, China
– sequence: 6
  givenname: Fan
  surname: Zhang
  fullname: Zhang, Fan
  email: fanzhang@zju.edu.cn
  organization: Zhejiang University, Hangzhou, 310027, China
– sequence: 7
  givenname: Siqi
  surname: Lu
  fullname: Lu, Siqi
  email: 080lusiqi@sina.com
  organization: Information Engineering University, Zhengzhou, 450001, China
– sequence: 8
  givenname: Rui
  orcidid: 0000-0001-6024-3635
  surname: Xue
  fullname: Xue, Rui
  email: xuerui@iie.ac.cn
  organization: State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, 100093, China
BookMark eNqFkM1OwzAQhC1UJNrCG3DwC6TYjus4PSChip9KFVzgbDnOunVJ7MoxrXh7UsKJA5x2R9oZ7XwTNPLBA0LXlMwooeJmNzOh9ZBmjDA-o5TMRX6GxlQWLCuIKEf9nssyo0yKCzTpuh0hhHMmx2jbQtLPkBZ45RPEfexl1QD-8O8-HD1uQ-V62ermqCNgV4NPzjqjkwseH13aYo19OECDT0mZBZ0-InS4dd75DdbNJsT-qr1E51Y3HVz9zCl6e7h_XT5l65fH1fJunZmciJQxqEhtCVT9v9KQkopcCk4tt3MuJOTcliwvKy3mRljLippoMBZYIW1dE1LlU8SHXBND10Wwah9dq-OnokSdaKmdGmipEy010Opti18249J3yRS1a_4z3w5m6IsdHETVGQfeQO0imKTq4P4O-ALXgo1W
CitedBy_id crossref_primary_10_1109_TCAD_2024_3444712
crossref_primary_10_1109_TNET_2024_3413789
Cites_doi 10.1109/TSE.2018.2834344
10.1109/TIFS.2020.3025436
10.1109/TIFS.2022.3226572
10.1109/TDSC.2017.2739145
10.1016/j.jpdc.2016.10.012
10.1109/TIFS.2017.2771228
10.1109/TIFS.2021.3050608
10.1016/j.cose.2022.102887
10.1016/j.cose.2021.102198
10.1109/TSE.2021.3067061
10.1016/j.cose.2023.103663
10.1016/j.cose.2021.102273
10.1016/j.cose.2018.04.005
10.1016/j.cose.2018.01.001
10.1016/j.cose.2015.04.001
10.1109/TDSC.2017.2745575
10.1016/j.jnca.2012.10.004
10.1016/j.ins.2017.04.044
ContentType Journal Article
Copyright 2024 Elsevier B.V.
Copyright_xml – notice: 2024 Elsevier B.V.
DBID AAYXX
CITATION
DOI 10.1016/j.comnet.2024.110563
DatabaseName CrossRef
DatabaseTitle CrossRef
DatabaseTitleList
DeliveryMethod fulltext_linktorsrc
Discipline Engineering
EISSN 1872-7069
ExternalDocumentID 10_1016_j_comnet_2024_110563
S1389128624003955
GroupedDBID --K
--M
-~X
.DC
.~1
0R~
1B1
1~.
1~5
29F
4.4
457
4G.
5GY
5VS
6OB
7-5
71M
77K
8P~
AABNK
AACTN
AAEDT
AAEDW
AAIAV
AAIKJ
AAKOC
AALRI
AAOAW
AAQFI
AAXUO
AAYFN
ABBOA
ABFNM
ABMAC
ABTAH
ABXDB
ACDAQ
ACGFS
ACNNM
ACRLP
ACZNC
ADBBV
ADEZE
ADJOM
ADTZH
AEBSH
AECPX
AEKER
AENEX
AFKWA
AFTJW
AGHFR
AGUBO
AGYEJ
AHJVU
AHZHX
AIALX
AIEXJ
AIKHN
AITUG
AJOXV
AKRWK
ALMA_UNASSIGNED_HOLDINGS
AMFUW
AMRAJ
AOUOD
AXJTR
BJAXD
BKOJK
BLXMC
CS3
DU5
EBS
EFJIC
EJD
EO8
EO9
EP2
EP3
F0J
FDB
FEDTE
FGOYB
FIRID
FNPLU
FYGXN
G-Q
GBLVA
GBOLZ
HVGLF
HZ~
IHE
J1W
JJJVA
KOM
M41
MO0
MS~
N9A
O-L
O9-
OAUVE
OZT
P-8
P-9
PC.
PQQKQ
Q38
R2-
RIG
ROL
RPZ
RXW
SDF
SDG
SDP
SES
SEW
SPC
SPCBC
SST
SSV
SSZ
T5K
TAE
TN5
ZMT
ZY4
~G-
77I
AATTM
AAXKI
AAYWO
AAYXX
ABJNI
ACLOT
ACVFH
ADCNI
AEIPS
AEUPX
AFJKZ
AFPUW
AIGII
AIIUN
AKBMS
AKYEP
ANKPU
APXCP
CITATION
EFKBS
EFLBG
~HD
ID FETCH-LOGICAL-c306t-2eb0df0eb3898c091638641f4f5468e34f9239ba65c6ff27d0aecfe278fdd00b3
IEDL.DBID .~1
ISSN 1389-1286
IngestDate Wed Oct 01 04:06:59 EDT 2025
Thu Apr 24 23:08:21 EDT 2025
Sat Jul 13 15:32:09 EDT 2024
IsPeerReviewed true
IsScholarly true
Keywords Android malware
Decentralized applications
Meta-features
U-net
Unknown families
Language English
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c306t-2eb0df0eb3898c091638641f4f5468e34f9239ba65c6ff27d0aecfe278fdd00b3
ORCID 0000-0002-2195-0799
0009-0001-8745-0957
0000-0003-1455-4330
0000-0003-2268-7416
0000-0001-6024-3635
ParticipantIDs crossref_primary_10_1016_j_comnet_2024_110563
crossref_citationtrail_10_1016_j_comnet_2024_110563
elsevier_sciencedirect_doi_10_1016_j_comnet_2024_110563
ProviderPackageCode CITATION
AAYXX
PublicationCentury 2000
PublicationDate August 2024
2024-08-00
PublicationDateYYYYMMDD 2024-08-01
PublicationDate_xml – month: 08
  year: 2024
  text: August 2024
PublicationDecade 2020
PublicationTitle Computer networks (Amsterdam, Netherlands : 1999)
PublicationYear 2024
Publisher Elsevier B.V
Publisher_xml – name: Elsevier B.V
References Arp, Spreitzenbarth, Hubner, Gascon, Rieck (b5) 2014
Shen, Wei, Zhu (b23) 2017; 12
Mohaisen, Alrawi, Mohaisen (b64) 2015; 52
Enck, Gilbert, Chun, Cox, Jung, McDaniel, Sheth (b17) 2010
Zhao (b60) 2023
Shen, Zhang, Zhu, Xu, Du, Liu (b89) 2019
Yamaguchi, Golde, Arp (b16) 2014
Shen (b40) 2016
Wang, Tang, Wang (b48) 2021; 106
Comar, Liu, Saha (b33) 2013
Alfs, Caragea, Albin, Poggi-Corradini (b78) 2019
Zhao, Li, Jiang, Yu, Zhang, Xu, Zhao, Zhang, Guo (b24) 2023
Wang, Xiong, Liu, Li, Cui, Gou (b90) 2021; vol. 12978
Shen, Zhang, Zhu, Xu, Du (b88) 2021; 16
Zhao, Li, Zhang, Yang, Luo, Li, Zhang, Ren (b93) 2023; 18
Zhang, Yao, Ramakrishnan (b39) 2016
Tong, Yan (b46) 2017; 103
The Tcpdump Group (b80) 2023
Fredrikson, Jha, Christodorescu, Sailer, Yan (b15) 2010
Rong, Gou, Hou, Li, Xiong, Guo (b71) 2021
Liang (b83) 2015
Wang (b34) 2020
Sun, Lin, Wu (b70) 2006; vol. 4058
Krügel, Robertson, Valeur, Vigna (b66) 2004
Enck, Ongtang (b3) 2009
Chakraborty, Pierazzi, Subrahmanian (b27) 2020; 17
Mercaldo, Santone (b37) 2022; 48
Fu, Liu, Qin, Zhang, Zou, Yin, Li, Duan (b44) 2022
Androguard (b73) 2023
Lindorfer, Kolbitsch, Comparetti (b65) 2011; vol. 6961
Yan, Yin (b19) 2012
Tian, Yao, Ryder, Tan, Peng (b32) 2020; 17
Rasthofer, Arzt, Miltenberger, Bodden (b52) 2016
Feng, Chen, Xie, Meng, Lin, Liu (b35) 2021; 16
Cormen, Leiserson (b77) 1989
Chen, Yan, Han, Wang, Peng, Wang, Yang (b43) 2018; 433–434
Liu, Cao, Xiong (b41) 2018
Tam, Khan, Fattori, Cavallaro (b9) 2015
Zhao, Li, Zhou, Yu, Song, Xie, Zhang, Zhang (b94) 2024; 138
Canfora, Martinelli, Mercaldo, Nardone, Santone, Visaggio (b38) 2019; 45
Biondi (b81) 2022
Hu, Chiueh (b13) 2009
Zhao, Li, Song, Zhang (b63) 2023
VirusTotal (b86) 2021
Kolbitsch, Comparetti, Kruegel, Kirda, Zhou, Wang (b14) 2009
Arora, Peddoju, Chouhan (b22) 2018
Islam, Tian, Batten, Versteeg (b25) 2013; 36
Zhang, Reeves (b67) 2007
Bartos, Sofka, Franc (b21) 2016
Pendlebury, Pierazzi, Jordaney, Kinder, Cavallaro (b30) 2019
Maaten, Hinton (b87) 2008; 9
Dapps (b91) 2022
Zhao (b62) 2024
Bailey, Oberheide, Andersen (b45) 2007; vol. 4637
Conti, Khandhar, P. (b49) 2022; 122
Martignoni, Christodorescu, Jha (b69) 2007
Bai, Xing, Li, Feng, Ma (b50) 2020
Pascanu, Stokes, Sanossian, Marinescu, Thomas (b57) 2015
McAfee Lab (b74) 2021
AV-ATLAS (b28) 2024
Gu (b31) 2008
Ni, Qian, Zhang (b55) 2018; 77
SonicWall (b2) 2023
Huang, Liu, van der Maaten, Weinberger (b84) 2017
Canadian Institute for Cybersecurity (b85) 2018
Al-rimy, Maarof (b72) 2018; 74
Iadarola, Martinelli, Mercaldo, Santone (b36) 2021; 105
Liu, He, Xiong, Cao, Li (b42) 2019
Christodorescu, Jha, Kruegel (b68) 2007
Qiao, Jiang, Jiang, Gu (b56) 2019
Ren, Liu, Cheng, Feng, Chen (b7) 2017
Paola (b26) 2018
Mariconti, Onwuzurike, Andriotis (b10) 2017
Y. (b11) 2016
Christodorescu, Jha (b51) 2003
Korczynski, Duda (b61) 2014
Wang, Yan, Chen, Yang, Zhao, Conti (b47) 2018; 13
Rastogi, Chen, Jiang (b53) 2013
Felt, Chin, Hanna (b4) 2011
StatCounter (b1) 2021
Google for developers (b79) 2023
Ronneberger, Fischer, Brox (b82) 2015; vol. 9351
Zhang, Zhang, Zhong (b12) 2020
Zhou, Wang, Zhou, Jiang (b18) 2012
Peng, Gates, Sarma, Li, Qi, Potharaju, Nita-Rotaru, Molloy (b6) 2012
Yuan, Lu (b20) 2014
Song, Zhao (b59) 2023
Christodorescu, Jha, Seshia, Song, Bryant (b54) 2005
Zhang, Duan, Yin, Zhao (b8) 2014
Sathyanarayan, Kohli, Bruhadeshwar (b29) 2008; vol. 5107
Chuang, Wang (b58) 2015
García (b75) 2020
Nguyen, Epps, Bailey (b76) 2010; 11
Selenium (b92) 2022
Lindorfer (10.1016/j.comnet.2024.110563_b65) 2011; vol. 6961
Christodorescu (10.1016/j.comnet.2024.110563_b68) 2007
Cormen (10.1016/j.comnet.2024.110563_b77) 1989
Zhao (10.1016/j.comnet.2024.110563_b94) 2024; 138
Zhao (10.1016/j.comnet.2024.110563_b24) 2023
Christodorescu (10.1016/j.comnet.2024.110563_b51) 2003
Arp (10.1016/j.comnet.2024.110563_b5) 2014
Pascanu (10.1016/j.comnet.2024.110563_b57) 2015
Liu (10.1016/j.comnet.2024.110563_b42) 2019
Yan (10.1016/j.comnet.2024.110563_b19) 2012
Gu (10.1016/j.comnet.2024.110563_b31) 2008
Shen (10.1016/j.comnet.2024.110563_b89) 2019
Pendlebury (10.1016/j.comnet.2024.110563_b30) 2019
Tam (10.1016/j.comnet.2024.110563_b9) 2015
Enck (10.1016/j.comnet.2024.110563_b17) 2010
Tian (10.1016/j.comnet.2024.110563_b32) 2020; 17
Qiao (10.1016/j.comnet.2024.110563_b56) 2019
Fu (10.1016/j.comnet.2024.110563_b44) 2022
Wang (10.1016/j.comnet.2024.110563_b48) 2021; 106
Song (10.1016/j.comnet.2024.110563_b59) 2023
The Tcpdump Group (10.1016/j.comnet.2024.110563_b80) 2023
Peng (10.1016/j.comnet.2024.110563_b6) 2012
Islam (10.1016/j.comnet.2024.110563_b25) 2013; 36
SonicWall (10.1016/j.comnet.2024.110563_b2) 2023
Rastogi (10.1016/j.comnet.2024.110563_b53) 2013
Christodorescu (10.1016/j.comnet.2024.110563_b54) 2005
Dapps (10.1016/j.comnet.2024.110563_b91) 2022
Mariconti (10.1016/j.comnet.2024.110563_b10) 2017
Wang (10.1016/j.comnet.2024.110563_b47) 2018; 13
Tong (10.1016/j.comnet.2024.110563_b46) 2017; 103
StatCounter (10.1016/j.comnet.2024.110563_b1) 2021
Zhao (10.1016/j.comnet.2024.110563_b60) 2023
Zhao (10.1016/j.comnet.2024.110563_b93) 2023; 18
Korczynski (10.1016/j.comnet.2024.110563_b61) 2014
Zhao (10.1016/j.comnet.2024.110563_b63) 2023
Felt (10.1016/j.comnet.2024.110563_b4) 2011
Mercaldo (10.1016/j.comnet.2024.110563_b37) 2022; 48
Mohaisen (10.1016/j.comnet.2024.110563_b64) 2015; 52
Sun (10.1016/j.comnet.2024.110563_b70) 2006; vol. 4058
Hu (10.1016/j.comnet.2024.110563_b13) 2009
Ni (10.1016/j.comnet.2024.110563_b55) 2018; 77
Androguard (10.1016/j.comnet.2024.110563_b73) 2023
Biondi (10.1016/j.comnet.2024.110563_b81) 2022
Sathyanarayan (10.1016/j.comnet.2024.110563_b29) 2008; vol. 5107
Liang (10.1016/j.comnet.2024.110563_b83) 2015
Wang (10.1016/j.comnet.2024.110563_b90) 2021; vol. 12978
Zhou (10.1016/j.comnet.2024.110563_b18) 2012
VirusTotal (10.1016/j.comnet.2024.110563_b86) 2021
Paola (10.1016/j.comnet.2024.110563_b26) 2018
Arora (10.1016/j.comnet.2024.110563_b22) 2018
Shen (10.1016/j.comnet.2024.110563_b88) 2021; 16
Martignoni (10.1016/j.comnet.2024.110563_b69) 2007
Canadian Institute for Cybersecurity (10.1016/j.comnet.2024.110563_b85) 2018
Comar (10.1016/j.comnet.2024.110563_b33) 2013
Zhao (10.1016/j.comnet.2024.110563_b62) 2024
García (10.1016/j.comnet.2024.110563_b75) 2020
Feng (10.1016/j.comnet.2024.110563_b35) 2021; 16
Nguyen (10.1016/j.comnet.2024.110563_b76) 2010; 11
AV-ATLAS (10.1016/j.comnet.2024.110563_b28) 2024
Zhang (10.1016/j.comnet.2024.110563_b67) 2007
Chuang (10.1016/j.comnet.2024.110563_b58) 2015
Ronneberger (10.1016/j.comnet.2024.110563_b82) 2015; vol. 9351
Rong (10.1016/j.comnet.2024.110563_b71) 2021
Shen (10.1016/j.comnet.2024.110563_b23) 2017; 12
Bailey (10.1016/j.comnet.2024.110563_b45) 2007; vol. 4637
Conti (10.1016/j.comnet.2024.110563_b49) 2022; 122
Al-rimy (10.1016/j.comnet.2024.110563_b72) 2018; 74
Shen (10.1016/j.comnet.2024.110563_b40) 2016
Y. (10.1016/j.comnet.2024.110563_b11) 2016
Enck (10.1016/j.comnet.2024.110563_b3) 2009
Rasthofer (10.1016/j.comnet.2024.110563_b52) 2016
Krügel (10.1016/j.comnet.2024.110563_b66) 2004
Yuan (10.1016/j.comnet.2024.110563_b20) 2014
Zhang (10.1016/j.comnet.2024.110563_b8) 2014
Fredrikson (10.1016/j.comnet.2024.110563_b15) 2010
Ren (10.1016/j.comnet.2024.110563_b7) 2017
Canfora (10.1016/j.comnet.2024.110563_b38) 2019; 45
Huang (10.1016/j.comnet.2024.110563_b84) 2017
Selenium (10.1016/j.comnet.2024.110563_b92) 2022
Bartos (10.1016/j.comnet.2024.110563_b21) 2016
Iadarola (10.1016/j.comnet.2024.110563_b36) 2021; 105
Chen (10.1016/j.comnet.2024.110563_b43) 2018; 433–434
Liu (10.1016/j.comnet.2024.110563_b41) 2018
Maaten (10.1016/j.comnet.2024.110563_b87) 2008; 9
Yamaguchi (10.1016/j.comnet.2024.110563_b16) 2014
Chakraborty (10.1016/j.comnet.2024.110563_b27) 2020; 17
Zhang (10.1016/j.comnet.2024.110563_b12) 2020
Wang (10.1016/j.comnet.2024.110563_b34) 2020
Bai (10.1016/j.comnet.2024.110563_b50) 2020
Google for developers (10.1016/j.comnet.2024.110563_b79) 2023
Alfs (10.1016/j.comnet.2024.110563_b78) 2019
Kolbitsch (10.1016/j.comnet.2024.110563_b14) 2009
Zhang (10.1016/j.comnet.2024.110563_b39) 2016
McAfee Lab (10.1016/j.comnet.2024.110563_b74) 2021
References_xml – start-page: 5
  year: 2007
  end-page: 14
  ident: b68
  article-title: Mining specifications of malicious behavior
  publication-title: ESEC/SIGSOFT FSE
– year: 2022
  ident: b92
  article-title: Selenium automates browsers
– volume: 45
  start-page: 1230
  year: 2019
  end-page: 1252
  ident: b38
  article-title: LEILA: Formal tool for identifying mobile malicious behaviour
  publication-title: IEEE Trans. Software Eng.
– year: 2023
  ident: b2
  article-title: 2023 SonicWall cyber threat report
– year: 2012
  ident: b19
  article-title: DroidScope: Seamlessly reconstructing the OS and dalvik semantic views for dynamic Android malware analysis
  publication-title: USENIX Security Symposium
– start-page: 45
  year: 2018
  end-page: 50
  ident: b26
  article-title: A hybrid system for malware detection on big data
  publication-title: INFOCOM Workshops
– start-page: 2022
  year: 2013
  end-page: 2030
  ident: b33
  article-title: Combining supervised and unsupervised learning for zero-day malware detection
  publication-title: INFOCOM
– year: 2016
  ident: b11
  article-title: IntelliDroid: A targeted input generator for the dynamic analysis of Android malware
  publication-title: NDSS
– volume: 106
  year: 2021
  ident: b48
  article-title: A novel few-shot malware classification approach for unknown family recognition with multi-prototype modeling
  publication-title: Comput. Secur.
– start-page: 32
  year: 2005
  end-page: 46
  ident: b54
  article-title: Semantics-aware malware detection
  publication-title: S&P
– year: 2014
  ident: b5
  article-title: DREBIN: Effective and explainable detection of Android malware in your pocket
  publication-title: NDSS
– volume: 138
  year: 2024
  ident: b94
  article-title: DDoS family: A novel perspective for massive types of DDoS attacks
  publication-title: Comput. Secur.
– volume: vol. 6961
  start-page: 338
  year: 2011
  end-page: 357
  ident: b65
  article-title: Detecting environment-sensitive malware
  publication-title: RAID
– year: 2020
  ident: b34
  article-title: You are what you do: Hunting stealthy malware via data provenance analysis
  publication-title: NDSS
– start-page: 139
  year: 2008
  end-page: 154
  ident: b31
  article-title: BotMiner: Clustering analysis of network traffic for protocol- and structure-independent botnet detection
  publication-title: USENIX Security Symposium
– start-page: 611
  year: 2009
  end-page: 620
  ident: b13
  article-title: Large-scale malware indexing using function-call graphs
  publication-title: CCS
– year: 2015
  ident: b9
  article-title: CopperDroid: Automatic reconstruction of Android malware behaviors
  publication-title: NDSS
– volume: 105
  year: 2021
  ident: b36
  article-title: Towards an interpretable deep learning model for mobile malware detection and family identification
  publication-title: Comput. Secur.
– volume: 13
  start-page: 1096
  year: 2018
  end-page: 1109
  ident: b47
  article-title: Detecting Android malware leveraging text semantics of network flows
  publication-title: IEEE Trans. Inf. Forensics Secur.
– year: 2003
  ident: b51
  article-title: Static analysis of executables to detect malicious patterns
  publication-title: USENIX Security Symposium
– year: 2021
  ident: b74
  article-title: ‘FakeInstaller’ leads the attack on Android phones
– volume: 103
  start-page: 22
  year: 2017
  end-page: 31
  ident: b46
  article-title: A hybrid approach of mobile malware detection in Android
  publication-title: J. Parallel Distrib. Comput.
– volume: 433–434
  start-page: 346
  year: 2018
  end-page: 364
  ident: b43
  article-title: Machine learning based mobile malware detection using highly imbalanced network traffic
  publication-title: Inform. Sci.
– start-page: 1105
  year: 2014
  end-page: 1116
  ident: b8
  article-title: Semantics-aware Android malware classification using weighted contextual API dependency graphs
  publication-title: CCS
– start-page: 9911
  year: 2019
  end-page: 9912
  ident: b78
  article-title: Identifying Android malware using network-based approaches
  publication-title: AAAI
– start-page: 241
  year: 2012
  end-page: 252
  ident: b6
  article-title: Using probabilistic generative models for ranking risks of Android apps
  publication-title: CCS
– start-page: 781
  year: 2014
  end-page: 789
  ident: b61
  article-title: Markov chain fingerprinting to classify encrypted traffic
  publication-title: INFOCOM
– volume: vol. 4058
  start-page: 159
  year: 2006
  end-page: 170
  ident: b70
  article-title: API monitoring system for defeating worms and exploits in MS-windows system
  publication-title: ACISP
– start-page: 351
  year: 2009
  end-page: 366
  ident: b14
  article-title: Effective and efficient malware detection at the end host
  publication-title: USENIX Security Symposium
– year: 1989
  ident: b77
  article-title: Introduction to Algorithms
– volume: 16
  start-page: 2367
  year: 2021
  end-page: 2380
  ident: b88
  article-title: Accurate decentralized application identification via encrypted traffic analysis using graph neural networks
  publication-title: IEEE Trans. Inf. Forensics Secur.
– year: 2012
  ident: b18
  article-title: Hey, you, get off of my market: Detecting malicious apps in official and alternative Android markets
  publication-title: NDSS
– year: 2016
  ident: b21
  article-title: Optimized invariant representation of network traffic for detecting unseen malware variants
  publication-title: USENIX Security Symposium
– start-page: 431
  year: 2007
  end-page: 441
  ident: b69
  article-title: OmniUnpack: Fast, generic, and safe unpacking of malware
  publication-title: ACSAC
– volume: 17
  start-page: 262
  year: 2020
  end-page: 277
  ident: b27
  article-title: EC2: Ensemble clustering and classification for predicting Android malware families
  publication-title: IEEE Trans. Dependable Secur. Comput.
– year: 2017
  ident: b10
  article-title: MaMaDroid: Detecting Android malware by building Markov chains of behavioral models
  publication-title: NDSS
– year: 2018
  ident: b85
  article-title: Android malware dataset (CIC-AndMal2017)
– volume: 12
  start-page: 1830
  year: 2017
  end-page: 1843
  ident: b23
  article-title: Classification of encrypted traffic with second-order Markov chains and application attribute bigrams
  publication-title: IEEE TIFS
– start-page: 18:1
  year: 2019
  end-page: 18:10
  ident: b89
  article-title: Encrypted traffic classification of decentralized applications on ethereum using feature fusion
  publication-title: IWQoS
– start-page: 729
  year: 2019
  end-page: 746
  ident: b30
  article-title: TESSERACT: Eliminating experimental bias in malware classification across space and time
  publication-title: USENIX Security Symposium
– volume: 18
  start-page: 789
  year: 2023
  end-page: 803
  ident: b93
  article-title: SAGE: Steering the adversarial generation of examples with accelerations
  publication-title: IEEE Trans. Inf. Forensics Secur.
– start-page: 47
  year: 2016
  end-page: 58
  ident: b39
  article-title: Causality-based sensemaking of network traffic for Android application security
  publication-title: AISec@CCS
– start-page: 495
  year: 2022
  end-page: 509
  ident: b44
  article-title: Encrypted malware traffic detection via graph-based network analysis
  publication-title: RAID
– start-page: 2261
  year: 2017
  end-page: 2269
  ident: b84
  article-title: Densely connected convolutional networks
  publication-title: CVPR
– start-page: 255
  year: 2004
  end-page: 270
  ident: b66
  article-title: Static disassembly of obfuscated binaries
  publication-title: USENIX Security Symposium
– start-page: 798
  year: 2018
  end-page: 800
  ident: b22
  article-title: Poster: Hybrid Android malware detection by combining supervised and unsupervised learning
  publication-title: MobiCom
– volume: 122
  year: 2022
  ident: b49
  article-title: A few-shot malware classification approach for unknown family recognition using malware feature visualization
  publication-title: Comput. Secur.
– year: 2024
  ident: b28
  article-title: Total amount of malware and PUA
– start-page: 627
  year: 2011
  end-page: 638
  ident: b4
  article-title: Android permissions demystified
  publication-title: CCS
– volume: 77
  start-page: 871
  year: 2018
  end-page: 885
  ident: b55
  article-title: Malware identification using visualization images and deep learning
  publication-title: Comput. Secur.
– year: 2023
  ident: b79
  article-title: Android studio
– year: 2021
  ident: b86
  article-title: VirusTotal
– start-page: 201
  year: 2015
  end-page: 206
  ident: b58
  article-title: Machine learning based hybrid behavior models for Android malware analysis
  publication-title: QRS
– year: 2020
  ident: b75
  article-title: AndroPyTool
– volume: vol. 9351
  start-page: 234
  year: 2015
  end-page: 241
  ident: b82
  article-title: U-Net: Convolutional networks for biomedical image segmentation
  publication-title: MICCAI
– start-page: 329
  year: 2013
  end-page: 334
  ident: b53
  article-title: DroidChameleon: Evaluating Android anti-malware against transformation attacks
  publication-title: AsiaCCS
– start-page: 1916
  year: 2015
  end-page: 1920
  ident: b57
  article-title: Malware classification with recurrent networks
  publication-title: ICASSP
– year: 2021
  ident: b1
  article-title: Mobile operating system market share worldwide
– volume: 9
  start-page: 2579
  year: 2008
  end-page: 2605
  ident: b87
  article-title: Visualizing data using t-SNE
  publication-title: J. Mach. Learn. Res.
– volume: 52
  start-page: 251
  year: 2015
  end-page: 266
  ident: b64
  article-title: AMAL: High-fidelity, behavior-based automated malware analysis and classification
  publication-title: Comput. Secur.
– start-page: 3367
  year: 2015
  end-page: 3375
  ident: b83
  article-title: Recurrent convolutional neural network for object recognition
  publication-title: CVPR
– start-page: 590
  year: 2014
  end-page: 604
  ident: b16
  article-title: Modeling and discovering vulnerabilities with code property graphs
  publication-title: IEEE Symposium on Security and Privacy
– start-page: 371
  year: 2014
  end-page: 372
  ident: b20
  article-title: Droid-sec: Deep learning in Android malware detection
  publication-title: SIGCOMM
– volume: 48
  start-page: 2643
  year: 2022
  end-page: 2657
  ident: b37
  article-title: Formal equivalence checking for mobile malware detection and family classification
  publication-title: IEEE Trans. Software Eng.
– start-page: 757
  year: 2019
  end-page: 762
  ident: b56
  article-title: A multi-channel visualization method for malware classification based on deep learning
  publication-title: TrustCom/BigDataSE
– year: 2023
  ident: b73
  article-title: Reverse engineering and pentesting for Android applications
– start-page: 45
  year: 2010
  end-page: 60
  ident: b15
  article-title: Synthesizing near-optimal malware specifications from suspicious behaviors
  publication-title: IEEE Symposium on Security and Privacy
– volume: vol. 5107
  start-page: 336
  year: 2008
  end-page: 349
  ident: b29
  article-title: Signature generation and detection of malware families
  publication-title: ACISP
– year: 2023
  ident: b60
  article-title: CMD: Co-analyzed IoT Malware Detection Beyond the Network Traffic Domain
  publication-title: IEEE Trans. Mob. Comput.
– year: 2022
  ident: b91
  article-title: State of the dapps
– volume: 36
  start-page: 646
  year: 2013
  end-page: 656
  ident: b25
  article-title: Classification of malware based on integrated static and dynamic features
  publication-title: J. Netw. Comput. Appl.
– start-page: 431
  year: 2023
  end-page: 434
  ident: b63
  article-title: Work-in-progress: Towards real-time IDS via RNN and programmable switches co-designed approach
  publication-title: RTSS
– volume: 74
  start-page: 144
  year: 2018
  end-page: 166
  ident: b72
  article-title: Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions
  publication-title: Comput. Secur.
– year: 2023
  ident: b80
  article-title: Tcpdump&libpcap
– start-page: 1
  year: 2018
  end-page: 10
  ident: b41
  article-title: MaMPF: Encrypted traffic classification based on multi-attribute Markov probability fingerprints
  publication-title: IWQoS
– start-page: 411
  year: 2007
  end-page: 420
  ident: b67
  article-title: MetaAware: Identifying metamorphic malware
  publication-title: ACSAC
– year: 2024
  ident: b62
  article-title: Effective DDoS Mitigation via ML-Driven In-network Traffic Shaping
  publication-title: IEEE Trans. Dependable Secure Comput.
– start-page: 1
  year: 2016
  end-page: 10
  ident: b40
  article-title: Certificate-aware encrypted traffic classification using second-order Markov chain
  publication-title: IWQoS
– start-page: 1171
  year: 2019
  end-page: 1179
  ident: b42
  article-title: FS-Net: A flow sequence network for encrypted traffic classification
  publication-title: INFOCOM
– start-page: 235
  year: 2009
  end-page: 245
  ident: b3
  article-title: On lightweight mobile phone application certification
  publication-title: CCS
– start-page: 393
  year: 2010
  end-page: 407
  ident: b17
  article-title: TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones
  publication-title: OSDI
– start-page: 757
  year: 2020
  end-page: 770
  ident: b12
  article-title: Enhancing state-of-the-art classifiers with API semantics to detect evolved Android malware
  publication-title: CCS
– year: 2016
  ident: b52
  article-title: Harvesting runtime values in Android applications that feature anti-analysis techniques
  publication-title: NDSS
– volume: vol. 4637
  start-page: 178
  year: 2007
  end-page: 197
  ident: b45
  article-title: Automated classification and analysis of internet malware
  publication-title: RAID
– year: 2022
  ident: b81
  article-title: Scapy
– start-page: 570
  year: 2017
  end-page: 572
  ident: b7
  article-title: Poster: EasyDefense: Towards easy and effective protection against malware for smartphones
  publication-title: MobiCom
– volume: 11
  start-page: 2837
  year: 2010
  end-page: 2854
  ident: b76
  article-title: Information theoretic measures for clusterings comparison: Variants, properties, normalization and correction for chance
  publication-title: J. Mach. Learn. Res.
– volume: 16
  start-page: 1563
  year: 2021
  end-page: 1578
  ident: b35
  article-title: A performance-sensitive malware detection system using deep learning on mobile devices
  publication-title: IEEE Trans. Inf. Forensics Secur.
– start-page: 1560
  year: 2020
  end-page: 1571
  ident: b50
  article-title: Unsuccessful story about few shot malware family classification and siamese network to the rescue
  publication-title: ICSE
– year: 2023
  ident: b59
  article-title: I2RNN: An Incremental and Interpretable Recurrent Neural Network for Encrypted Traffic Classification
  publication-title: IEEE Trans. Dependable Secure Comput.
– volume: 17
  start-page: 64
  year: 2020
  end-page: 77
  ident: b32
  article-title: Detection of repackaged Android malware with code-heterogeneity features
  publication-title: IEEE Trans. Dependable Secur. Comput.
– volume: vol. 12978
  start-page: 518
  year: 2021
  end-page: 534
  ident: b90
  article-title: CQNet: A clustering-based quadruplet network for decentralized application classification via encrypted traffic
  publication-title: ECML/PKDD (4)
– start-page: 1
  year: 2021
  end-page: 8
  ident: b71
  article-title: UMVD-FSL: Unseen malware variants detection using few-shot learning
  publication-title: IJCNN
– start-page: 1
  year: 2023
  end-page: 18
  ident: b24
  article-title: ERNN: Error-resilient RNN for encrypted traffic detection towards network-induced phenomena
  publication-title: IEEE Trans. Dependable Secure Comput.
– start-page: 371
  year: 2014
  ident: 10.1016/j.comnet.2024.110563_b20
  article-title: Droid-sec: Deep learning in Android malware detection
– year: 2016
  ident: 10.1016/j.comnet.2024.110563_b52
  article-title: Harvesting runtime values in Android applications that feature anti-analysis techniques
– start-page: 45
  year: 2010
  ident: 10.1016/j.comnet.2024.110563_b15
  article-title: Synthesizing near-optimal malware specifications from suspicious behaviors
– year: 2020
  ident: 10.1016/j.comnet.2024.110563_b34
  article-title: You are what you do: Hunting stealthy malware via data provenance analysis
– start-page: 757
  year: 2020
  ident: 10.1016/j.comnet.2024.110563_b12
  article-title: Enhancing state-of-the-art classifiers with API semantics to detect evolved Android malware
– volume: vol. 4058
  start-page: 159
  year: 2006
  ident: 10.1016/j.comnet.2024.110563_b70
  article-title: API monitoring system for defeating worms and exploits in MS-windows system
– year: 2016
  ident: 10.1016/j.comnet.2024.110563_b21
  article-title: Optimized invariant representation of network traffic for detecting unseen malware variants
– year: 2022
  ident: 10.1016/j.comnet.2024.110563_b91
– volume: 45
  start-page: 1230
  issue: 12
  year: 2019
  ident: 10.1016/j.comnet.2024.110563_b38
  article-title: LEILA: Formal tool for identifying mobile malicious behaviour
  publication-title: IEEE Trans. Software Eng.
  doi: 10.1109/TSE.2018.2834344
– start-page: 757
  year: 2019
  ident: 10.1016/j.comnet.2024.110563_b56
  article-title: A multi-channel visualization method for malware classification based on deep learning
– start-page: 590
  year: 2014
  ident: 10.1016/j.comnet.2024.110563_b16
  article-title: Modeling and discovering vulnerabilities with code property graphs
– volume: vol. 5107
  start-page: 336
  year: 2008
  ident: 10.1016/j.comnet.2024.110563_b29
  article-title: Signature generation and detection of malware families
– volume: 16
  start-page: 1563
  year: 2021
  ident: 10.1016/j.comnet.2024.110563_b35
  article-title: A performance-sensitive malware detection system using deep learning on mobile devices
  publication-title: IEEE Trans. Inf. Forensics Secur.
  doi: 10.1109/TIFS.2020.3025436
– start-page: 1916
  year: 2015
  ident: 10.1016/j.comnet.2024.110563_b57
  article-title: Malware classification with recurrent networks
– volume: 18
  start-page: 789
  year: 2023
  ident: 10.1016/j.comnet.2024.110563_b93
  article-title: SAGE: Steering the adversarial generation of examples with accelerations
  publication-title: IEEE Trans. Inf. Forensics Secur.
  doi: 10.1109/TIFS.2022.3226572
– volume: 17
  start-page: 262
  issue: 2
  year: 2020
  ident: 10.1016/j.comnet.2024.110563_b27
  article-title: EC2: Ensemble clustering and classification for predicting Android malware families
  publication-title: IEEE Trans. Dependable Secur. Comput.
  doi: 10.1109/TDSC.2017.2739145
– start-page: 1560
  year: 2020
  ident: 10.1016/j.comnet.2024.110563_b50
  article-title: Unsuccessful story about few shot malware family classification and siamese network to the rescue
– volume: 103
  start-page: 22
  year: 2017
  ident: 10.1016/j.comnet.2024.110563_b46
  article-title: A hybrid approach of mobile malware detection in Android
  publication-title: J. Parallel Distrib. Comput.
  doi: 10.1016/j.jpdc.2016.10.012
– volume: 13
  start-page: 1096
  issue: 5
  year: 2018
  ident: 10.1016/j.comnet.2024.110563_b47
  article-title: Detecting Android malware leveraging text semantics of network flows
  publication-title: IEEE Trans. Inf. Forensics Secur.
  doi: 10.1109/TIFS.2017.2771228
– start-page: 47
  year: 2016
  ident: 10.1016/j.comnet.2024.110563_b39
  article-title: Causality-based sensemaking of network traffic for Android application security
– start-page: 411
  year: 2007
  ident: 10.1016/j.comnet.2024.110563_b67
  article-title: MetaAware: Identifying metamorphic malware
– start-page: 495
  year: 2022
  ident: 10.1016/j.comnet.2024.110563_b44
  article-title: Encrypted malware traffic detection via graph-based network analysis
– start-page: 431
  year: 2007
  ident: 10.1016/j.comnet.2024.110563_b69
  article-title: OmniUnpack: Fast, generic, and safe unpacking of malware
– start-page: 1
  year: 2018
  ident: 10.1016/j.comnet.2024.110563_b41
  article-title: MaMPF: Encrypted traffic classification based on multi-attribute Markov probability fingerprints
– volume: vol. 9351
  start-page: 234
  year: 2015
  ident: 10.1016/j.comnet.2024.110563_b82
  article-title: U-Net: Convolutional networks for biomedical image segmentation
– volume: 16
  start-page: 2367
  year: 2021
  ident: 10.1016/j.comnet.2024.110563_b88
  article-title: Accurate decentralized application identification via encrypted traffic analysis using graph neural networks
  publication-title: IEEE Trans. Inf. Forensics Secur.
  doi: 10.1109/TIFS.2021.3050608
– start-page: 5
  year: 2007
  ident: 10.1016/j.comnet.2024.110563_b68
  article-title: Mining specifications of malicious behavior
– start-page: 431
  year: 2023
  ident: 10.1016/j.comnet.2024.110563_b63
  article-title: Work-in-progress: Towards real-time IDS via RNN and programmable switches co-designed approach
– volume: 122
  year: 2022
  ident: 10.1016/j.comnet.2024.110563_b49
  article-title: A few-shot malware classification approach for unknown family recognition using malware feature visualization
  publication-title: Comput. Secur.
  doi: 10.1016/j.cose.2022.102887
– year: 2021
  ident: 10.1016/j.comnet.2024.110563_b1
– start-page: 45
  year: 2018
  ident: 10.1016/j.comnet.2024.110563_b26
  article-title: A hybrid system for malware detection on big data
– volume: 11
  start-page: 2837
  year: 2010
  ident: 10.1016/j.comnet.2024.110563_b76
  article-title: Information theoretic measures for clusterings comparison: Variants, properties, normalization and correction for chance
  publication-title: J. Mach. Learn. Res.
– volume: 105
  year: 2021
  ident: 10.1016/j.comnet.2024.110563_b36
  article-title: Towards an interpretable deep learning model for mobile malware detection and family identification
  publication-title: Comput. Secur.
  doi: 10.1016/j.cose.2021.102198
– volume: 48
  start-page: 2643
  issue: 7
  year: 2022
  ident: 10.1016/j.comnet.2024.110563_b37
  article-title: Formal equivalence checking for mobile malware detection and family classification
  publication-title: IEEE Trans. Software Eng.
  doi: 10.1109/TSE.2021.3067061
– start-page: 1
  year: 2023
  ident: 10.1016/j.comnet.2024.110563_b24
  article-title: ERNN: Error-resilient RNN for encrypted traffic detection towards network-induced phenomena
  publication-title: IEEE Trans. Dependable Secure Comput.
– year: 2014
  ident: 10.1016/j.comnet.2024.110563_b5
  article-title: DREBIN: Effective and explainable detection of Android malware in your pocket
– start-page: 1
  year: 2016
  ident: 10.1016/j.comnet.2024.110563_b40
  article-title: Certificate-aware encrypted traffic classification using second-order Markov chain
– volume: 138
  year: 2024
  ident: 10.1016/j.comnet.2024.110563_b94
  article-title: DDoS family: A novel perspective for massive types of DDoS attacks
  publication-title: Comput. Secur.
  doi: 10.1016/j.cose.2023.103663
– start-page: 627
  year: 2011
  ident: 10.1016/j.comnet.2024.110563_b4
  article-title: Android permissions demystified
– start-page: 3367
  year: 2015
  ident: 10.1016/j.comnet.2024.110563_b83
  article-title: Recurrent convolutional neural network for object recognition
– start-page: 241
  year: 2012
  ident: 10.1016/j.comnet.2024.110563_b6
  article-title: Using probabilistic generative models for ranking risks of Android apps
– year: 2017
  ident: 10.1016/j.comnet.2024.110563_b10
  article-title: MaMaDroid: Detecting Android malware by building Markov chains of behavioral models
– start-page: 393
  year: 2010
  ident: 10.1016/j.comnet.2024.110563_b17
  article-title: TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones
– volume: 106
  year: 2021
  ident: 10.1016/j.comnet.2024.110563_b48
  article-title: A novel few-shot malware classification approach for unknown family recognition with multi-prototype modeling
  publication-title: Comput. Secur.
  doi: 10.1016/j.cose.2021.102273
– start-page: 18:1
  year: 2019
  ident: 10.1016/j.comnet.2024.110563_b89
  article-title: Encrypted traffic classification of decentralized applications on ethereum using feature fusion
– start-page: 2261
  year: 2017
  ident: 10.1016/j.comnet.2024.110563_b84
  article-title: Densely connected convolutional networks
– start-page: 329
  year: 2013
  ident: 10.1016/j.comnet.2024.110563_b53
  article-title: DroidChameleon: Evaluating Android anti-malware against transformation attacks
– year: 2023
  ident: 10.1016/j.comnet.2024.110563_b80
– volume: 77
  start-page: 871
  year: 2018
  ident: 10.1016/j.comnet.2024.110563_b55
  article-title: Malware identification using visualization images and deep learning
  publication-title: Comput. Secur.
  doi: 10.1016/j.cose.2018.04.005
– year: 2016
  ident: 10.1016/j.comnet.2024.110563_b11
  article-title: IntelliDroid: A targeted input generator for the dynamic analysis of Android malware
– start-page: 2022
  year: 2013
  ident: 10.1016/j.comnet.2024.110563_b33
  article-title: Combining supervised and unsupervised learning for zero-day malware detection
– start-page: 611
  year: 2009
  ident: 10.1016/j.comnet.2024.110563_b13
  article-title: Large-scale malware indexing using function-call graphs
– year: 2021
  ident: 10.1016/j.comnet.2024.110563_b86
– volume: vol. 4637
  start-page: 178
  year: 2007
  ident: 10.1016/j.comnet.2024.110563_b45
  article-title: Automated classification and analysis of internet malware
– start-page: 729
  year: 2019
  ident: 10.1016/j.comnet.2024.110563_b30
  article-title: TESSERACT: Eliminating experimental bias in malware classification across space and time
– year: 2021
  ident: 10.1016/j.comnet.2024.110563_b74
– year: 2022
  ident: 10.1016/j.comnet.2024.110563_b92
– volume: 74
  start-page: 144
  year: 2018
  ident: 10.1016/j.comnet.2024.110563_b72
  article-title: Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions
  publication-title: Comput. Secur.
  doi: 10.1016/j.cose.2018.01.001
– year: 2023
  ident: 10.1016/j.comnet.2024.110563_b79
– year: 2023
  ident: 10.1016/j.comnet.2024.110563_b2
– start-page: 139
  year: 2008
  ident: 10.1016/j.comnet.2024.110563_b31
  article-title: BotMiner: Clustering analysis of network traffic for protocol- and structure-independent botnet detection
– year: 2024
  ident: 10.1016/j.comnet.2024.110563_b28
– year: 2023
  ident: 10.1016/j.comnet.2024.110563_b59
  article-title: I2RNN: An Incremental and Interpretable Recurrent Neural Network for Encrypted Traffic Classification
  publication-title: IEEE Trans. Dependable Secure Comput.
– volume: 52
  start-page: 251
  year: 2015
  ident: 10.1016/j.comnet.2024.110563_b64
  article-title: AMAL: High-fidelity, behavior-based automated malware analysis and classification
  publication-title: Comput. Secur.
  doi: 10.1016/j.cose.2015.04.001
– start-page: 570
  year: 2017
  ident: 10.1016/j.comnet.2024.110563_b7
  article-title: Poster: EasyDefense: Towards easy and effective protection against malware for smartphones
– year: 2023
  ident: 10.1016/j.comnet.2024.110563_b60
  article-title: CMD: Co-analyzed IoT Malware Detection Beyond the Network Traffic Domain
  publication-title: IEEE Trans. Mob. Comput.
– volume: 9
  start-page: 2579
  issue: Nov
  year: 2008
  ident: 10.1016/j.comnet.2024.110563_b87
  article-title: Visualizing data using t-SNE
  publication-title: J. Mach. Learn. Res.
– volume: vol. 12978
  start-page: 518
  year: 2021
  ident: 10.1016/j.comnet.2024.110563_b90
  article-title: CQNet: A clustering-based quadruplet network for decentralized application classification via encrypted traffic
– start-page: 255
  year: 2004
  ident: 10.1016/j.comnet.2024.110563_b66
  article-title: Static disassembly of obfuscated binaries
– year: 2015
  ident: 10.1016/j.comnet.2024.110563_b9
  article-title: CopperDroid: Automatic reconstruction of Android malware behaviors
– year: 2023
  ident: 10.1016/j.comnet.2024.110563_b73
– start-page: 1105
  year: 2014
  ident: 10.1016/j.comnet.2024.110563_b8
  article-title: Semantics-aware Android malware classification using weighted contextual API dependency graphs
– volume: 17
  start-page: 64
  issue: 1
  year: 2020
  ident: 10.1016/j.comnet.2024.110563_b32
  article-title: Detection of repackaged Android malware with code-heterogeneity features
  publication-title: IEEE Trans. Dependable Secur. Comput.
  doi: 10.1109/TDSC.2017.2745575
– start-page: 32
  year: 2005
  ident: 10.1016/j.comnet.2024.110563_b54
  article-title: Semantics-aware malware detection
– start-page: 351
  year: 2009
  ident: 10.1016/j.comnet.2024.110563_b14
  article-title: Effective and efficient malware detection at the end host
– year: 2003
  ident: 10.1016/j.comnet.2024.110563_b51
  article-title: Static analysis of executables to detect malicious patterns
– start-page: 235
  year: 2009
  ident: 10.1016/j.comnet.2024.110563_b3
  article-title: On lightweight mobile phone application certification
– volume: 36
  start-page: 646
  issue: 2
  year: 2013
  ident: 10.1016/j.comnet.2024.110563_b25
  article-title: Classification of malware based on integrated static and dynamic features
  publication-title: J. Netw. Comput. Appl.
  doi: 10.1016/j.jnca.2012.10.004
– year: 2012
  ident: 10.1016/j.comnet.2024.110563_b19
  article-title: DroidScope: Seamlessly reconstructing the OS and dalvik semantic views for dynamic Android malware analysis
– start-page: 1
  year: 2021
  ident: 10.1016/j.comnet.2024.110563_b71
  article-title: UMVD-FSL: Unseen malware variants detection using few-shot learning
– volume: vol. 6961
  start-page: 338
  year: 2011
  ident: 10.1016/j.comnet.2024.110563_b65
  article-title: Detecting environment-sensitive malware
– start-page: 1171
  year: 2019
  ident: 10.1016/j.comnet.2024.110563_b42
  article-title: FS-Net: A flow sequence network for encrypted traffic classification
– year: 2024
  ident: 10.1016/j.comnet.2024.110563_b62
  article-title: Effective DDoS Mitigation via ML-Driven In-network Traffic Shaping
  publication-title: IEEE Trans. Dependable Secure Comput.
– year: 2020
  ident: 10.1016/j.comnet.2024.110563_b75
– year: 2018
  ident: 10.1016/j.comnet.2024.110563_b85
– start-page: 201
  year: 2015
  ident: 10.1016/j.comnet.2024.110563_b58
  article-title: Machine learning based hybrid behavior models for Android malware analysis
– start-page: 9911
  year: 2019
  ident: 10.1016/j.comnet.2024.110563_b78
  article-title: Identifying Android malware using network-based approaches
– start-page: 781
  year: 2014
  ident: 10.1016/j.comnet.2024.110563_b61
  article-title: Markov chain fingerprinting to classify encrypted traffic
– year: 2022
  ident: 10.1016/j.comnet.2024.110563_b81
– year: 1989
  ident: 10.1016/j.comnet.2024.110563_b77
– year: 2012
  ident: 10.1016/j.comnet.2024.110563_b18
  article-title: Hey, you, get off of my market: Detecting malicious apps in official and alternative Android markets
– volume: 433–434
  start-page: 346
  year: 2018
  ident: 10.1016/j.comnet.2024.110563_b43
  article-title: Machine learning based mobile malware detection using highly imbalanced network traffic
  publication-title: Inform. Sci.
  doi: 10.1016/j.ins.2017.04.044
– start-page: 798
  year: 2018
  ident: 10.1016/j.comnet.2024.110563_b22
  article-title: Poster: Hybrid Android malware detection by combining supervised and unsupervised learning
– volume: 12
  start-page: 1830
  issue: 8
  year: 2017
  ident: 10.1016/j.comnet.2024.110563_b23
  article-title: Classification of encrypted traffic with second-order Markov chains and application attribute bigrams
  publication-title: IEEE TIFS
SSID ssj0004428
Score 2.4660542
Snippet The continuous emergence of malware has threatened to the Android platform and user privacy. With the evolution of the Android system and malware, it is...
SourceID crossref
elsevier
SourceType Enrichment Source
Index Database
Publisher
StartPage 110563
SubjectTerms Android malware
Decentralized applications
Meta-features
U-net
Unknown families
Title metaNet: Interpretable unknown mobile malware identification with a novel meta-features mining algorithm
URI https://dx.doi.org/10.1016/j.comnet.2024.110563
Volume 250
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
journalDatabaseRights – providerCode: PRVESC
  databaseName: Baden-Württemberg Complete Freedom Collection (Elsevier)
  customDbUrl:
  eissn: 1872-7069
  dateEnd: 99991231
  omitProxy: true
  ssIdentifier: ssj0004428
  issn: 1389-1286
  databaseCode: GBLVA
  dateStart: 20110101
  isFulltext: true
  titleUrlDefault: https://www.sciencedirect.com
  providerName: Elsevier
– providerCode: PRVESC
  databaseName: Elsevier SD Freedom Collection Journals [SCFCJ]
  customDbUrl:
  eissn: 1872-7069
  dateEnd: 99991231
  omitProxy: true
  ssIdentifier: ssj0004428
  issn: 1389-1286
  databaseCode: AIKHN
  dateStart: 19990114
  isFulltext: true
  titleUrlDefault: https://www.sciencedirect.com
  providerName: Elsevier
– providerCode: PRVESC
  databaseName: Science Direct
  customDbUrl:
  eissn: 1872-7069
  dateEnd: 99991231
  omitProxy: true
  ssIdentifier: ssj0004428
  issn: 1389-1286
  databaseCode: ACRLP
  dateStart: 19990114
  isFulltext: true
  titleUrlDefault: https://www.sciencedirect.com
  providerName: Elsevier
– providerCode: PRVESC
  databaseName: ScienceDirect (Elsevier)
  customDbUrl:
  eissn: 1872-7069
  dateEnd: 99991231
  omitProxy: true
  ssIdentifier: ssj0004428
  issn: 1389-1286
  databaseCode: .~1
  dateStart: 19990114
  isFulltext: true
  titleUrlDefault: https://www.sciencedirect.com
  providerName: Elsevier
– providerCode: PRVLSH
  databaseName: Elsevier Journals
  customDbUrl:
  mediaType: online
  eissn: 1872-7069
  dateEnd: 99991231
  omitProxy: true
  ssIdentifier: ssj0004428
  issn: 1389-1286
  databaseCode: AKRWK
  dateStart: 19990114
  isFulltext: true
  providerName: Library Specific Holdings
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1LT-QwDI4Qe4ED2uUhYBeUA9cwnTZJM9wQAs0yYg48BLcqDwcGtZ3RUODGb9-4jwUkBBKXRo3sqHISx04_24Ts6cRFTkKfgQuPoP0sUxIkM9b6VKfCCoOO4tlYDq_46Y24WSBHXSwMwipb3d_o9Fpbtz29Vpq92WTSu6h_scUY4IABpgIDzTlPsYrB_ssrzIPzur4qEjOk7sLnaoxXGLsERFTGHPHwQiYfH09vjpyTn2SltRXpYfM5v8gClKtk-U0GwTVyV0Clx1Ad0Ff0oMmBPpZ4WVbSYmrCtqeFzp_1HOjEteCgej4oXsJSTcvpE-QUR2Ie6kSfD7SoC0dQnd9O54GqWCdXJ8eXR0PWFk9gNngBFYvBRM5HwVdWA2WDVRA2muR9z73gUkHCfTDtBkZLYaX3ceoiDdZDnCrvXBSZZIMsltMSNgmVPsGsXV70FXAnI21AgRJg9aAPsYq2SNLJLLNtZnEscJFnHYTsPmsknaGks0bSW4T955o1mTW-oE-76cjerZAsKP9PObe_zfmbLOFbA_j7Qxar-SPsBCOkMrv1KtslPw7_joZjbEfn16N_EFDgqA
linkProvider Elsevier
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV07T8MwELYKDMCAeIo3HlhN08R2XDaEQAVKF6jULfLjDEVJikqAjd-OnQcPCYHEksG5s6yzfb6zv7tD6FBGJjAcOgSM-zjtp4ngwInS2sYyZpop7yheD3hvSC9HbNRCp00sjIdV1rq_0umltq5b2rU024_jcfumfGILfYCDDzBlbAbNURbG3gM7evvEeVBaFlj11MSTN_FzJcjLdZ6Dh1SG1APiGY9-Pp--nDnny2ipNhbxSTWeFdSCfBUtfkkhuIbuMyjkAIpj_AkfVCng59zfluU4myi373Em01c5BTw2NTqonBDsb2GxxPnkBVLseyIWykyfTzgrK0dgmd5Npo4qW0fD87Pb0x6pqycQ7dyAgoSgAmMD5yyLrtDOLHA7jdOOpZZRLiCi1tl2XSU509zaMDaBBG0hjIU1JghUtIFm80kOmwhzG_m0XZZ1BFDDA6lAgGCgZbcDoQi2UNTILNF1anFf4SJNGgzZQ1JJOvGSTipJbyHywfVYpdb4gz5upiP5tkQSp_1_5dz-N-cBmu_dXveT_sXgagct-D8V-m8XzRbTZ9hzFkmh9ssV9w5VoOCa
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=metaNet%3A+Interpretable+unknown+mobile+malware+identification+with+a+novel+meta-features+mining+algorithm&rft.jtitle=Computer+networks+%28Amsterdam%2C+Netherlands+%3A+1999%29&rft.au=Li%2C+Zhaoxuan&rft.au=Zhao%2C+Ziming&rft.au=Zhang%2C+Rui&rft.au=Lu%2C+Haoyang&rft.date=2024-08-01&rft.issn=1389-1286&rft.volume=250&rft.spage=110563&rft_id=info:doi/10.1016%2Fj.comnet.2024.110563&rft.externalDBID=n%2Fa&rft.externalDocID=10_1016_j_comnet_2024_110563
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1389-1286&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1389-1286&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1389-1286&client=summon