KronoDroid: Time-based Hybrid-featured Dataset for Effective Android Malware Detection and Characterization

Android malware evolution has been neglected by the available data sets, thus providing a static snapshot of a non-stationary phenomenon. The impact of the time variable has not had the deserved attention by the Android malware research, omitting its degenerative impact on the performance of machine...

Full description

Saved in:
Bibliographic Details
Published in:Computers & security Vol. 110; p. 102399
Main Authors: Guerra-Manzanares, Alejandro, Bahsi, Hayretdin, Nõmm, Sven
Format: Journal Article
Language:English
Published: Amsterdam Elsevier Ltd 01.11.2021
Elsevier Sequoia S.A
Subjects:
Android malware
Data
Data collection
Dataset
Datasets
Emulators
Families & family life
Machine learning
Malware
Malware analysis
Malware detection
Mobile malware
System effectiveness
Android malware
Mobile malware
Malware analysis
Malware detection
Dataset
ISSN:0167-4048, 1872-6208
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Abstract Android malware evolution has been neglected by the available data sets, thus providing a static snapshot of a non-stationary phenomenon. The impact of the time variable has not had the deserved attention by the Android malware research, omitting its degenerative impact on the performance of machine learning-based classifiers (i.e., concept drift). Besides, the sources of dynamic data and their particularities have been overlooked (i.e., real devices and emulators). Critical factors to take into account when aiming to build more effective, robust, and long-lasting Android malware detection systems. In this research, different sources of benign and malware data are merged, generating a data set encompassing a larger time frame and 489 static and dynamic features are collected. The particularities of the source of the dynamic features (i.e., system calls) are attended using an emulator and a real device, thus generating two equally featured sub-datasets. The main outcome of this research is a novel, labeled, and hybrid-featured Android dataset that provides timestamps for each data sample, covering all years of Android history, from 2008-2020, and considering the distinct dynamic data sources. The emulator data set is composed of 28,745 malicious apps from 209 malware families and 35,246 benign samples. The real device data set contains 41,382 malware, belonging to 240 malware families, and 36,755 benign apps. Made publicly available as KronoDroid, in a structured format, it is the largest hybrid-featured Android dataset and the only one providing timestamped data, considering dynamic sources’ particularities and including samples from over 209 Android malware families.
AbstractList Android malware evolution has been neglected by the available data sets, thus providing a static snapshot of a non-stationary phenomenon. The impact of the time variable has not had the deserved attention by the Android malware research, omitting its degenerative impact on the performance of machine learning-based classifiers (i.e., concept drift). Besides, the sources of dynamic data and their particularities have been overlooked (i.e., real devices and emulators). Critical factors to take into account when aiming to build more effective, robust, and long-lasting Android malware detection systems. In this research, different sources of benign and malware data are merged, generating a data set encompassing a larger time frame and 489 static and dynamic features are collected. The particularities of the source of the dynamic features (i.e., system calls) are attended using an emulator and a real device, thus generating two equally featured sub-datasets. The main outcome of this research is a novel, labeled, and hybrid-featured Android dataset that provides timestamps for each data sample, covering all years of Android history, from 2008-2020, and considering the distinct dynamic data sources. The emulator data set is composed of 28,745 malicious apps from 209 malware families and 35,246 benign samples. The real device data set contains 41,382 malware, belonging to 240 malware families, and 36,755 benign apps. Made publicly available as KronoDroid, in a structured format, it is the largest hybrid-featured Android dataset and the only one providing timestamped data, considering dynamic sources’ particularities and including samples from over 209 Android malware families.
ArticleNumber 102399
Author Guerra-Manzanares, Alejandro
Nõmm, Sven
Bahsi, Hayretdin
Author_xml – sequence: 1
  givenname: Alejandro
  orcidid: 0000-0002-3655-5804
  surname: Guerra-Manzanares
  fullname: Guerra-Manzanares, Alejandro
  email: alejandro.guerra@taltech.ee
– sequence: 2
  givenname: Hayretdin
  orcidid: 0000-0001-8882-4095
  surname: Bahsi
  fullname: Bahsi, Hayretdin
– sequence: 3
  givenname: Sven
  surname: Nõmm
  fullname: Nõmm, Sven
BookMark eNp9kE1PAyEURYnRxPrxB1yRuJ4KzLRQ48a0fsUaN3VNGHhEah30QWv018tYVy5cES73AO8ckN0udkDICWdDzvj4bDm0McFQMMFLIOrJZIcMuJKiGgumdsmglGTVsEbtk4OUloxxOVZqQF7uMXZxhjG4c7oIr1C1JoGjt58tBld5MHmNZT8zueSZ-oj0ynuwOWyAXnauJ-mDWX0YBDqD3J_EjprO0emzQWMzYPgyfXhE9rxZJTj-XQ_J0_XVYnpbzR9v7qaX88rWUuRKjV3bToTgQlngnhkpnBVu1NbS84kYuda0TUm8LEM5b5WUjQGoWWMN562tD8np9t43jO9rSFkv4xq78qQWIyWaWipRl5batizGlBC8tiH__DOjCSvNme7V6qXu1eperd6qLaj4g75heDX4-T90sYWgjL4JgDrZAJ0FF7BI0y6G__BvvhmV8g
CitedBy_id crossref_primary_10_1007_s10207_024_00822_2
crossref_primary_10_7717_peerj_cs_1092
crossref_primary_10_1016_j_jestch_2024_101945
crossref_primary_10_1002_spy2_347
crossref_primary_10_1016_j_jnca_2024_104021
crossref_primary_10_1155_2023_6447655
crossref_primary_10_3390_math13152471
crossref_primary_10_1007_s11416_025_00568_y
crossref_primary_10_1016_j_jisa_2024_103880
crossref_primary_10_1016_j_cose_2024_103969
crossref_primary_10_1038_s41598_023_30028_w
crossref_primary_10_1016_j_future_2024_107562
crossref_primary_10_1007_s10922_025_09906_3
crossref_primary_10_1007_s11416_022_00432_3
crossref_primary_10_1016_j_cose_2022_102757
crossref_primary_10_1155_2022_7775917
crossref_primary_10_1155_2022_5339926
crossref_primary_10_32604_cmc_2024_046890
crossref_primary_10_1155_2024_7382302
crossref_primary_10_1093_comjnl_bxae114
crossref_primary_10_1038_s41597_024_03027_3
crossref_primary_10_1016_j_compeleceng_2024_109233
crossref_primary_10_1109_TMC_2025_3558406
crossref_primary_10_1016_j_jisa_2025_104120
crossref_primary_10_1109_JIOT_2024_3394555
crossref_primary_10_1007_s11276_025_03914_6
crossref_primary_10_1007_s10586_024_04484_6
crossref_primary_10_1109_ACCESS_2025_3585241
crossref_primary_10_1007_s11280_024_01287_y
crossref_primary_10_3390_electronics12214427
crossref_primary_10_1016_j_jisa_2025_104165
crossref_primary_10_1016_j_procs_2022_12_095
crossref_primary_10_3390_sym14040718
crossref_primary_10_1007_s11416_024_00536_y
crossref_primary_10_1016_j_cose_2023_103654
crossref_primary_10_1016_j_eswa_2022_117200
crossref_primary_10_1051_itmconf_20235403002
crossref_primary_10_1016_j_compeleceng_2025_110625
crossref_primary_10_1109_ACCESS_2024_3486094
crossref_primary_10_1186_s40537_024_00933_6
crossref_primary_10_1016_j_cose_2022_102835
crossref_primary_10_1016_j_cose_2025_104361
crossref_primary_10_1016_j_eswa_2023_121125
crossref_primary_10_1016_j_jisa_2025_104191
Cites_doi 10.1145/2619091
10.1007/s11416-018-0316-z
10.1016/j.infsof.2020.106291
10.1109/JSYST.2019.2906120
10.1007/s10844-010-0148-x
10.1016/j.diin.2015.01.001
10.14722/ndss.2017.23353
10.1155/2017/4956386
10.1109/MSR52588.2021.00076
10.1007/s12652-018-0803-6
10.1016/j.cose.2019.101663
10.24251/HICSS.2021.839
10.1109/SP.2012.16
10.1016/j.neucom.2020.10.054
10.1145/3371924
10.1109/MMUL.2020.3022702
10.1016/j.cose.2016.11.007
10.1109/JIOT.2019.2909745
10.1145/3313391
10.1016/j.diin.2018.01.001
10.1016/j.diin.2015.02.001
10.1109/TIFS.2018.2879302
10.1049/iet-ifs.2014.0099
ContentType Journal Article
Copyright 2021
Copyright Elsevier Sequoia S.A. Nov 2021
Copyright_xml – notice: 2021
– notice: Copyright Elsevier Sequoia S.A. Nov 2021
DBID 6I.
AAFTH
AAYXX
CITATION
7SC
8FD
JQ2
K7.
L7M
L~C
L~D
DOI 10.1016/j.cose.2021.102399
DatabaseName ScienceDirect Open Access Titles
Elsevier:ScienceDirect:Open Access
CrossRef
Computer and Information Systems Abstracts
Technology Research Database
ProQuest Computer Science Collection
ProQuest Criminal Justice (Alumni)
Advanced Technologies Database with Aerospace
Computer and Information Systems Abstracts – Academic
Computer and Information Systems Abstracts Professional
DatabaseTitle CrossRef
ProQuest Criminal Justice (Alumni)
Technology Research Database
Computer and Information Systems Abstracts – Academic
ProQuest Computer Science Collection
Computer and Information Systems Abstracts
Advanced Technologies Database with Aerospace
Computer and Information Systems Abstracts Professional
DatabaseTitleList
ProQuest Criminal Justice (Alumni)
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
EISSN 1872-6208
ExternalDocumentID 10_1016_j_cose_2021_102399
S0167404821002236
GroupedDBID --K
--M
-~X
.DC
.~1
0R~
1B1
1RT
1~.
1~5
29F
4.4
457
4G.
5GY
5VS
6I.
7-5
71M
8P~
9JN
AACTN
AAEDT
AAEDW
AAFTH
AAIAV
AAIKJ
AAKOC
AALRI
AAOAW
AAQFI
AAQXK
AAXUO
AAYFN
ABBOA
ABFSI
ABMAC
ABXDB
ABYKQ
ACDAQ
ACGFO
ACGFS
ACNNM
ACRLP
ACZNC
ADBBV
ADEZE
ADHUB
ADJOM
ADMUD
AEBSH
AEKER
AENEX
AFFNX
AFKWA
AFTJW
AGHFR
AGUBO
AGYEJ
AHHHB
AHZHX
AIALX
AIEXJ
AIKHN
AITUG
AJBFU
AJOXV
ALMA_UNASSIGNED_HOLDINGS
AMFUW
AMRAJ
AOUOD
ASPBG
AVWKF
AXJTR
AZFZN
BKOJK
BKOMP
BLXMC
CS3
DU5
E.L
EBS
EFJIC
EFLBG
EJD
EO8
EO9
EP2
EP3
FDB
FEDTE
FGOYB
FIRID
FNPLU
FYGXN
G-2
G-Q
GBLVA
GBOLZ
HLX
HLZ
HVGLF
HZ~
IHE
J1W
KOM
LG8
LG9
M41
MO0
MS~
N9A
O-L
O9-
OAUVE
OZT
P-8
P-9
P2P
PC.
PQQKQ
Q38
R2-
RIG
RNS
ROL
RPZ
RXW
SBC
SBM
SDF
SDG
SDP
SES
SEW
SPC
SPCBC
SSV
SSZ
T5K
TAE
TN5
TWZ
WH7
WUQ
XJE
XPP
XSW
YK3
ZMT
~G-
9DU
AATTM
AAXKI
AAYWO
AAYXX
ABJNI
ABWVN
ACLOT
ACRPL
ACVFH
ADCNI
ADNMO
AEIPS
AEUPX
AFJKZ
AFPUW
AGQPQ
AIGII
AIIUN
AKBMS
AKRWK
AKYEP
ANKPU
APXCP
CITATION
EFKBS
~HD
7SC
8FD
JQ2
K7.
L7M
L~C
L~D
ID FETCH-LOGICAL-c372t-86dbb922128ce1f0a72dc2d5b37f1925dbab4dc2f7016dfc8774aee304ca11bc3
ISICitedReferencesCount 58
ISICitedReferencesURI http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000703432300003&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
ISSN 0167-4048
IngestDate Thu Nov 20 01:22:37 EST 2025
Sat Nov 29 07:24:10 EST 2025
Tue Nov 18 22:17:15 EST 2025
Fri Feb 23 02:40:24 EST 2024
IsDoiOpenAccess true
IsOpenAccess true
IsPeerReviewed true
IsScholarly true
Keywords Android malware
Mobile malware
Malware analysis
Malware detection
Dataset
Language English
License This is an open access article under the CC BY-NC-ND license.
LinkModel OpenURL
MergedId FETCHMERGED-LOGICAL-c372t-86dbb922128ce1f0a72dc2d5b37f1925dbab4dc2f7016dfc8774aee304ca11bc3
Notes ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ORCID 0000-0002-3655-5804
0000-0001-8882-4095
OpenAccessLink https://dx.doi.org/10.1016/j.cose.2021.102399
PQID 2582437823
PQPubID 46289
ParticipantIDs proquest_journals_2582437823
crossref_citationtrail_10_1016_j_cose_2021_102399
crossref_primary_10_1016_j_cose_2021_102399
elsevier_sciencedirect_doi_10_1016_j_cose_2021_102399
PublicationCentury 2000
PublicationDate November 2021
2021-11-00
20211101
PublicationDateYYYYMMDD 2021-11-01
PublicationDate_xml – month: 11
  year: 2021
  text: November 2021
PublicationDecade 2020
PublicationPlace Amsterdam
PublicationPlace_xml – name: Amsterdam
PublicationTitle Computers & security
PublicationYear 2021
Publisher Elsevier Ltd
Elsevier Sequoia S.A
Publisher_xml – name: Elsevier Ltd
– name: Elsevier Sequoia S.A
References Chebyshev V, Mobile malware evolution 2019
Cimpanu C, Gustuff android banking trojan targets 125+ banking, im, and cryptocurrency apps
Liang, Du (bib0077) 2014
F-droid, F-droid - free and open source android app repository
Wen Li XF, Cai H, Androct: Ten years of app call traces in android, in: The 18th International Conference on Mining Software Repositories (MSR 2021), Data Showcase Track, 2021.
Hahn K, Ransomware identification for the judicious analyst
Microsoft, Sophisticated new android malware marks the latest evolution of mobile ransomware
2021.
Cai (bib0114) 2020
VirusTotal, Virustotal academic malware samples
Wang, Zhao, Wang (bib0068) 2019; 10
Stringhini G, Mamadroid source code
Kaspersky, Rules for naming
Barbero F, Pendlebury F, Pierazzi F, Cavallaro L, Transcending transcend: Revisiting malware classification with conformal evaluation, arXiv preprint arXiv:2010.03856 (2020).
Android, Manifest.permission
Peng, Gates, Sarma, Li, Qi, Potharaju, Nita-Rotaru, Molloy (bib0074) 2012
Harvey P, Exiftool
Android, Introduction to activities
Li, Wang, Xue (bib0064) 2018
Desnos A, Gueguen G, Bachmann S, Androguard
Iqbal M, App download and usage statistics (2020)
Lakshmanan R, Joker malware apps once again bypass google's security to spread via play store
,
Feizollah, Anuar, Salleh, A. (bib0014) 2015; 13
Jordaney, Sharad, Dash, Wang, Papini, Nouretdinov, Cavallaro (bib0099) 2017
Oberheide J, Miller C, Dissecting the android bouncer
Android, Set the application id
Fedler, Schu¨tte, Kulicke (bib0012) 2013; 45
Rahali, Lashkari, Kaur, Taheri, Fran- cois, Massicotte (bib0037) 2020
Burguera, Zurutuza, Nadjm-Tehrani (bib0082) 2011
Peiravian, Zhu (bib0066) 2013
Talha, Alper, Aydin (bib0076) 2015; 13
Feizollah, Anuar, Salleh, Suarez-Tangil, Furnell (bib0079) 2017; 65
Onwuzurike, Mariconti, Andriotis, Cristofaro, Ross, Stringhini (bib0102) 2019; 22
Android, Content providers
Cai, Fu, Hamou-Lhadj (bib0112) 2020; 122
2018.
Xu, Li, Deng, Chen, Xu (bib0106) 2019
Arp D, Quiring E, Pendlebury F, Warnecke A, Pierazzi F, Wressnegger C, Cavallaro L, Rieck K, Dos and don'ts of machine learning in computer security, arXiv preprint arXiv:2010.09470 (2020).
Shabtai, Kanonov, Elovici, Glezer, Weiss (bib0091) 2012; 38
U. of New Brunswick, Investigation of the android malware (cic-invesandmal2019)
Cai H, Tracedroid: Eight-year behavioral profiles of android apps
Irolla, Dey (bib0041) 2018; 14
U. of New Brunswick, Cccs-cic-andmal-2020
Faruki, Ganmoor, Laxmi, Gaur, Bharmal (bib0016) 2013
Withwam R, Android antivirus apps are useless here's what to do instead
Android, Services overview
Braunschweig TU, The drebin dataset
Lindorfer, Neugschwandtner, Platzer (bib0125) 2015; 2
Amos, Turner, White (bib0089) 2013
Guerra-Manzanares A, Kronodroid dataset
Kadir, Stakhanova, Ghorbani (bib0025) 2015
Hu D, Ma Z, Zhang X, Li P, Ye D, Ling B, The concept drift problem in android malware detection and its solution, Security and Communication Networks 2017 (2017).
Taheri, Kadir, Lashkari (bib0035) 2019
Statista, Mobile operating systems’ market share worldwide from january 2012 to october 2020
2015.
Cai, Ryder (bib0115) 2020
Felt, Chin, Hanna, Song, Wagner (bib0063) 2011
Android, Application fundamentals
ArgusLab, Amd dataset - argus cyber security lab
Tam, Khan, Fattori, Cavallaro (bib0084) 2015
Zhou, Jiang (bib0021) 2012
Irolla, Dey (bib0121) 2018; 14
Jordaney, Sharad, Dash, Wang, Papini, Nouretdinov, Cavallaro (bib0139) 2017
Allix, Bissyand´e, Klein, Traon (bib0047) 2016
APKMirror, Faq - security
2020.
Cai, Yap (bib0137) 2016
U. of New Brunswick, Android malware dataset (cic-andmal2017)
Cai, Meng, Ryder, Yao (bib0104) 2019; 14
Li, Zhou, Yuan, Li, Leung (bib0065) 2020; 14
Guerra-Manzanares, Nõmm, Bahsi (bib0051) 2019
Bl¨asing, Batyuk, Schmidt, Camtepe, Albayrak (bib0095) 2010
Guerra-Manzanares, Bahsi, N˜omm (bib0044) 2019
U. of New Brunswick, Android adware and general malware dataset (cic-aagm2017)
Parkour M, Contagio minidump
Yuan, Lu, Wang, Xue (bib0094) 2014
Zheng C, Xu Z, New android malware family evades antivirus detection by using popular ad libraries
Android, Android abis
2016.
McGowan E, Another 21 malware apps found on google play
Google, Google play protect
Petsas, Voyatzis, Athanasopoulos, Polychronakis, Ioannidis (bib0092) 2014
Wu, Li, Zhu, Liu (bib0042) 2020; 27
VirusTotal, How it works
Narayanan, Yang, Chen, Jinliang (bib0097) 2016
Wei, Li, Roy, Ou, Zhou (bib0029) 2017
Sikorski, Honig (bib0061) 2012
Levin D, Strace - linux syscall tracer
Mariconti E, Onwuzurike L, Andriotis P, De Cristofaro E, Ross G, Stringhini G, Mamadroid: Detecting android malware by building markov chains of behavioral models, arXiv preprint arXiv:1612.04433 (2016).
Alzaylaee, Yerima, Sezer (bib0081) 2020; 89
Android, Reduce your app size
Bovet DP, Cesati M, Understanding the Linux Kernel: from I/O ports to process management, ” O'Reilly Media, Inc.”, 2005.
Hahn K, Malware naming hell part 1: Taming the mess of av detection names
Enck, Gilbert, Han, Tendulkar, Chun, Cox, Jung, McDaniel, Sheth (bib0088) 2014; 32
Microsoft, Malware names
Yang, Du, Yang, Liu (bib0071) 2021
Cai, Jenkins (bib0105) 2018
Lipovsky´ R, Sˇtefanko L, Braniˇsa G, The rise of android ransomware
Zhu, Jin, Yang, Wu, Chen (bib0069) 2017
Cai, Jiang, Gao, Li, Yuan (bib0072) 2021; 423
Android, Broadcasts overview
El Fiky (bib0043) 2020; 9
Cai (bib0113) 2020; 29
Hou, Saas, Chen, Ye, Bourlai (bib0073) 2017
Idrees, Rajarajan (bib0080) 2014
Lashkari, A.Kadir, Gonzalez, Mbah, Ghorbani (bib0085) 2017
2021a.
Dini, Martinelli, Saracino, Sgandurra (bib0090) 2012
Enck, Ongtang, McDaniel (bib0075) 2009
Fu, Cai (bib0107) 2019
Guerra-Manzanares, Bahsi, Nõmm (bib0052) 2019
du Luxembourg U, Androzoo
Android
Mahdavifar, Kadir, Fatemi, Alhadidi, Ghorbani (bib0039) 2020
Dunham, Hartman, Morales, Quintans, Strazzere (bib0062) 2015
Kabakus, Dogru (bib0093) 2018; 24
Zhang, Zhang, Zhong, Ding, Cao, Zhang, Zhang, Yang (bib0111) 2020
Android, How it works
VirusShare, Virusshare
Arora, Garg, Peddoju (bib0086) 2014
Hou, Saas, Chen, Ye (bib0083) 2016
Cai, Ryder (bib0100) 2017
Lashkari, Kadir, Gonzalez, Mbah, Ghorbani (bib0031) 2017
Lei, Qin, Wang, Li, Ye (bib0108) 2019; 6
Li W, Fu X, Cai H, Androct: Ten years of app call traces in android
Grace, Zhou, Zhang, Zou, Jiang (bib0015) 2012
2021b.
Broersma M, Android hit by ‘incredibly sophisticated’ malware
Samsung, About knox
Cohen R, Walkowski D, Banking trojans: A reference guide to the malware family tree
U. of New Brunswick, Android botnet dataset
Android, Ui/application exerciser monkey
Zhou Y, Jiang X, Malgenome project
Cortes, Jackel, Chiang (bib0017) 1994; 7
F-Secure, Riskware:android/smsreg.variant!online
Kiss, Lalande, Leslous, Viet Triem Tong (bib0027) 2016
2019.
Hu, Ma, Zhang, Li, Ye, Ling (bib0098) 2017; 2017
Sessions, Valtorta (bib0018) 2006; 6
Kiss N, Lalande J-F, Leslous M, Viet Triem Tong V, Kharon malware dataset
U. of New Brunswick, Cicmaldroid 2020
Cai, Ryder (bib0101) 2017
Mcdonald, Herron, Glisson, Benton (bib0078) 2021
permission
Grace, Zhou, Zhang, Zou, Jiang (bib0070) 2012
Android, Aapt2
Lashkari, Kadir, Taheri, Ghor- bani (bib0033) 2020
Guerra-Manzanares, Nomm, Bahsi (bib0053) 2019
APKMirror, Apkmirror
Arp, Spreitzenbarth, Hubner, Gascon, Rieck, Siemens (bib0023) 2014; 14
Statista, Development of new android malware worldwide from june 2016 to march 2020
AppBrain, Number of android apps on google play
Yerima, Sezer, Muttik (bib0067) 2015; 9
Pendlebury, Pierazzi, Jordaney, Kinder, Cavallaro (bib0109) 2019
2012.
Schmidt A-D, Detection of smartphone malware (2011).
du Luxembourg U, Androzoo - lists of apks
Lei (10.1016/j.cose.2021.102399_bib0108) 2019; 6
Irolla (10.1016/j.cose.2021.102399_bib0121) 2018; 14
Fu (10.1016/j.cose.2021.102399_bib0107) 2019
Hu (10.1016/j.cose.2021.102399_bib0098) 2017; 2017
Guerra-Manzanares (10.1016/j.cose.2021.102399_bib0052) 2019
10.1016/j.cose.2021.102399_bib0048
Enck (10.1016/j.cose.2021.102399_bib0088) 2014; 32
10.1016/j.cose.2021.102399_bib0049
10.1016/j.cose.2021.102399_bib0054
10.1016/j.cose.2021.102399_bib0055
10.1016/j.cose.2021.102399_bib0056
Cai (10.1016/j.cose.2021.102399_bib0105) 2018
10.1016/j.cose.2021.102399_bib0057
10.1016/j.cose.2021.102399_bib0050
Dini (10.1016/j.cose.2021.102399_bib0090) 2012
Shabtai (10.1016/j.cose.2021.102399_bib0091) 2012; 38
Peiravian (10.1016/j.cose.2021.102399_bib0066) 2013
Kiss (10.1016/j.cose.2021.102399_bib0027) 2016
Yuan (10.1016/j.cose.2021.102399_bib0094) 2014
Zhu (10.1016/j.cose.2021.102399_bib0069) 2017
Dunham (10.1016/j.cose.2021.102399_bib0062) 2015
Cai (10.1016/j.cose.2021.102399_bib0115) 2020
Allix (10.1016/j.cose.2021.102399_bib0047) 2016
Petsas (10.1016/j.cose.2021.102399_bib0092) 2014
Lindorfer (10.1016/j.cose.2021.102399_bib0125) 2015; 2
10.1016/j.cose.2021.102399_bib0058
10.1016/j.cose.2021.102399_bib0059
Feizollah (10.1016/j.cose.2021.102399_bib0079) 2017; 65
Grace (10.1016/j.cose.2021.102399_bib0015) 2012
Lashkari (10.1016/j.cose.2021.102399_bib0033) 2020
10.1016/j.cose.2021.102399_bib0060
Wu (10.1016/j.cose.2021.102399_bib0042) 2020; 27
Cai (10.1016/j.cose.2021.102399_bib0072) 2021; 423
Liang (10.1016/j.cose.2021.102399_bib0077) 2014
Tam (10.1016/j.cose.2021.102399_bib0084) 2015
10.1016/j.cose.2021.102399_bib0103
Mcdonald (10.1016/j.cose.2021.102399_bib0078) 2021
Hou (10.1016/j.cose.2021.102399_bib0073) 2017
10.1016/j.cose.2021.102399_bib0110
Xu (10.1016/j.cose.2021.102399_bib0106) 2019
Amos (10.1016/j.cose.2021.102399_bib0089) 2013
Cai (10.1016/j.cose.2021.102399_bib0137) 2016
Grace (10.1016/j.cose.2021.102399_bib0070) 2012
Guerra-Manzanares (10.1016/j.cose.2021.102399_bib0053) 2019
Zhou (10.1016/j.cose.2021.102399_bib0021) 2012
Cortes (10.1016/j.cose.2021.102399_bib0017) 1994; 7
10.1016/j.cose.2021.102399_bib0117
10.1016/j.cose.2021.102399_bib0118
Sessions (10.1016/j.cose.2021.102399_bib0018) 2006; 6
10.1016/j.cose.2021.102399_bib0119
Yerima (10.1016/j.cose.2021.102399_bib0067) 2015; 9
10.1016/j.cose.2021.102399_bib0116
10.1016/j.cose.2021.102399_bib0120
10.1016/j.cose.2021.102399_bib0087
10.1016/j.cose.2021.102399_bib0122
Narayanan (10.1016/j.cose.2021.102399_bib0097) 2016
10.1016/j.cose.2021.102399_bib0001
10.1016/j.cose.2021.102399_bib0123
10.1016/j.cose.2021.102399_bib0002
Wang (10.1016/j.cose.2021.102399_bib0068) 2019; 10
Wei (10.1016/j.cose.2021.102399_bib0029) 2017
Cai (10.1016/j.cose.2021.102399_bib0114) 2020
Talha (10.1016/j.cose.2021.102399_bib0076) 2015; 13
Burguera (10.1016/j.cose.2021.102399_bib0082) 2011
Cai (10.1016/j.cose.2021.102399_bib0112) 2020; 122
Jordaney (10.1016/j.cose.2021.102399_bib0099) 2017
Kadir (10.1016/j.cose.2021.102399_bib0025) 2015
Felt (10.1016/j.cose.2021.102399_bib0063) 2011
Alzaylaee (10.1016/j.cose.2021.102399_bib0081) 2020; 89
10.1016/j.cose.2021.102399_bib0128
10.1016/j.cose.2021.102399_bib0007
10.1016/j.cose.2021.102399_bib0008
10.1016/j.cose.2021.102399_bib0129
10.1016/j.cose.2021.102399_bib0009
10.1016/j.cose.2021.102399_bib0124
10.1016/j.cose.2021.102399_bib0003
10.1016/j.cose.2021.102399_bib0004
10.1016/j.cose.2021.102399_bib0126
10.1016/j.cose.2021.102399_bib0005
10.1016/j.cose.2021.102399_bib0127
10.1016/j.cose.2021.102399_bib0006
10.1016/j.cose.2021.102399_bib0010
10.1016/j.cose.2021.102399_bib0131
10.1016/j.cose.2021.102399_bib0132
10.1016/j.cose.2021.102399_bib0011
10.1016/j.cose.2021.102399_bib0133
10.1016/j.cose.2021.102399_bib0134
10.1016/j.cose.2021.102399_bib0013
10.1016/j.cose.2021.102399_bib0096
10.1016/j.cose.2021.102399_bib0130
Li (10.1016/j.cose.2021.102399_bib0065) 2020; 14
Cai (10.1016/j.cose.2021.102399_bib0113) 2020; 29
Irolla (10.1016/j.cose.2021.102399_bib0041) 2018; 14
Bl¨asing (10.1016/j.cose.2021.102399_bib0095) 2010
10.1016/j.cose.2021.102399_bib0019
Cai (10.1016/j.cose.2021.102399_bib0101) 2017
10.1016/j.cose.2021.102399_bib0135
10.1016/j.cose.2021.102399_bib0136
Faruki (10.1016/j.cose.2021.102399_bib0016) 2013
Sikorski (10.1016/j.cose.2021.102399_bib0061) 2012
Fedler (10.1016/j.cose.2021.102399_bib0012) 2013; 45
10.1016/j.cose.2021.102399_bib0138
10.1016/j.cose.2021.102399_bib0142
El Fiky (10.1016/j.cose.2021.102399_bib0043) 2020; 9
10.1016/j.cose.2021.102399_bib0143
10.1016/j.cose.2021.102399_bib0022
10.1016/j.cose.2021.102399_bib0144
10.1016/j.cose.2021.102399_bib0024
10.1016/j.cose.2021.102399_bib0145
10.1016/j.cose.2021.102399_bib0140
10.1016/j.cose.2021.102399_bib0141
10.1016/j.cose.2021.102399_bib0020
Mahdavifar (10.1016/j.cose.2021.102399_bib0039) 2020
Lashkari (10.1016/j.cose.2021.102399_bib0085) 2017
Kabakus (10.1016/j.cose.2021.102399_bib0093) 2018; 24
Zhang (10.1016/j.cose.2021.102399_bib0111) 2020
Yang (10.1016/j.cose.2021.102399_bib0071) 2021
Jordaney (10.1016/j.cose.2021.102399_bib0139) 2017
Taheri (10.1016/j.cose.2021.102399_bib0035) 2019
Feizollah (10.1016/j.cose.2021.102399_bib0014) 2015; 13
10.1016/j.cose.2021.102399_bib0146
Rahali (10.1016/j.cose.2021.102399_bib0037) 2020
Cai (10.1016/j.cose.2021.102399_bib0100) 2017
10.1016/j.cose.2021.102399_bib0147
10.1016/j.cose.2021.102399_bib0026
10.1016/j.cose.2021.102399_bib0028
10.1016/j.cose.2021.102399_bib0032
Guerra-Manzanares (10.1016/j.cose.2021.102399_bib0051) 2019
10.1016/j.cose.2021.102399_bib0034
Hou (10.1016/j.cose.2021.102399_bib0083) 2016
10.1016/j.cose.2021.102399_bib0030
Li (10.1016/j.cose.2021.102399_bib0064) 2018
Lashkari (10.1016/j.cose.2021.102399_bib0031) 2017
Guerra-Manzanares (10.1016/j.cose.2021.102399_bib0044) 2019
Enck (10.1016/j.cose.2021.102399_bib0075) 2009
10.1016/j.cose.2021.102399_bib0036
Idrees (10.1016/j.cose.2021.102399_bib0080) 2014
10.1016/j.cose.2021.102399_bib0038
10.1016/j.cose.2021.102399_bib0045
Onwuzurike (10.1016/j.cose.2021.102399_bib0102) 2019; 22
10.1016/j.cose.2021.102399_bib0046
Peng (10.1016/j.cose.2021.102399_bib0074) 2012
10.1016/j.cose.2021.102399_bib0040
Arp (10.1016/j.cose.2021.102399_bib0023) 2014; 14
Pendlebury (10.1016/j.cose.2021.102399_bib0109) 2019
Arora (10.1016/j.cose.2021.102399_bib0086) 2014
Cai (10.1016/j.cose.2021.102399_bib0104) 2019; 14
References_xml – volume: 14
  start-page: 23
  year: 2014
  end-page: 26
  ident: bib0023
  article-title: Drebin: Effective and explainable detection of android malware in your pocket
  publication-title: Ndss
– start-page: 468
  year: 2016
  end-page: 471
  ident: bib0047
  article-title: Androzoo: Collecting millions of android apps for the research community
  publication-title: Proceedings of the 13th International Conference on Mining Software Repositories, MSR ’16
– year: 2020
  ident: bib0037
  article-title: Didroid: Android malware classification and characterization using deep image learning
  publication-title: 10th International Conference on Communication and Network Security
– start-page: 95
  year: 2012
  end-page: 109
  ident: bib0021
  article-title: Dissecting android malware: Characterization and evolution
  publication-title: 2012 IEEE Symposium on Security and Privacy
– reference: Android, Aapt2,
– reference: Android,
– reference: Withwam R, Android antivirus apps are useless here's what to do instead,
– volume: 14
  start-page: 1455
  year: 2019
  end-page: 1470
  ident: bib0104
  article-title: Droidcat: Effec- tive android malware detection and categorization via app-level profiling
  publication-title: IEEE Transactions on Information Forensics and Security
– reference: Li W, Fu X, Cai H, Androct: Ten years of app call traces in android,
– reference: , 2020.
– reference: , 2012.
– reference: , 2015.
– reference: Bovet DP, Cesati M, Understanding the Linux Kernel: from I/O ports to process management, ” O'Reilly Media, Inc.”, 2005.
– start-page: 233
  year: 2017
  end-page: 23309
  ident: bib0031
  article-title: Towards a network-based framework for android malware detection and characterization
  publication-title: 2017 15th Annual Conference on Privacy, Security and Trust (PST)
– start-page: 757
  year: 2020
  end-page: 770
  ident: bib0111
  article-title: Enhancing state-of-the-art classifiers with api semantics to detect evolved android malware
  publication-title: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security
– start-page: 515
  year: 2020
  end-page: 522
  ident: bib0039
  article-title: Dynamic android malware category classification using semi-supervised deep learning
  publication-title: 2020 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Comput- ing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech)
– reference: Wen Li XF, Cai H, Androct: Ten years of app call traces in android, in: The 18th International Conference on Mining Software Repositories (MSR 2021), Data Showcase Track, 2021.
– reference: Cai H, Tracedroid: Eight-year behavioral profiles of android apps,
– reference: AppBrain, Number of android apps on google play,
– reference: Cimpanu C, Gustuff android banking trojan targets 125+ banking, im, and cryptocurrency apps,
– reference: Stringhini G, Mamadroid source code,
– reference: VirusTotal, Virustotal academic malware samples,
– start-page: 172
  year: 2016
  end-page: 182
  ident: bib0137
  article-title: Inferring the detection logic and evaluating the effectiveness of android anti-virus apps
  publication-title: Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy
– start-page: 1
  year: 2019
  end-page: 8
  ident: bib0051
  article-title: Time-frame analysis of system calls behavior in machine learning-based mobile malware detection
  publication-title: 2019 International Conference on Cyber Security for Emerging Technologies (CSET)
– reference: McGowan E, Another 21 malware apps found on google play,
– reference: Cohen R, Walkowski D, Banking trojans: A reference guide to the malware family tree,
– start-page: 272
  year: 2019
  end-page: 273
  ident: bib0107
  article-title: On the deterioration of learning-based malware detectors for android
  publication-title: 2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)
– reference: U. of New Brunswick, Cicmaldroid 2020,
– reference: Android, Services overview,
– start-page: 233
  year: 2017
  end-page: 23309
  ident: bib0085
  article-title: Towards a network-based framework for android malware detection and characterization
  publication-title: 2017 15th Annual Conference on Privacy, Security and Trust (PST)
– reference: U. of New Brunswick, Android adware and general malware dataset (cic-aagm2017),
– reference: Android, Android abis,
– start-page: 1
  year: 2018
  end-page: 2
  ident: bib0064
  article-title: Fine-grained android malware detection based on deep learning
  publication-title: 2018 IEEE Conference on Communications and Network Security (CNS)
– reference: VirusTotal, How it works,
– reference: Harvey P, Exiftool,
– start-page: 78
  year: 2015
  end-page: 91
  ident: bib0025
  article-title: Android botnets: What urls are telling us
  publication-title: International Conference on Network and System Security
– reference: Samsung, About knox,
– reference: U. of New Brunswick, Cccs-cic-andmal-2020,
– start-page: 6976
  year: 2021
  ident: bib0078
  article-title: Machine learning-based android malware detection using manifest permissions
  publication-title: Proceedings of the 54th Hawaii International Conference on System Sciences
– reference: Oberheide J, Miller C, Dissecting the android bouncer,
– start-page: 47
  year: 2019
  end-page: 62
  ident: bib0106
  article-title: Droidevolver: Self-evolving android malware detection system
  publication-title: 2019 IEEE European Symposium on Security and Privacy (EuroS&P)
– reference: ,
– reference: Zhou Y, Jiang X, Malgenome project,
– start-page: 15
  year: 2011
  end-page: 26
  ident: bib0082
  article-title: Crowdroid: behavior-based malware detection system for android
  publication-title: Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
– start-page: 1
  year: 2020
  end-page: 7
  ident: bib0033
  article-title: Toward developing a systematic approach to generate benchmark android malware datasets and classification
  publication-title: 2018 International Carnahan Conference on Security Technology (ICCST)
– volume: 14
  start-page: 653
  year: 2020
  end-page: 656
  ident: bib0065
  article-title: Adversarial-example attacks toward android malware detection system
  publication-title: IEEE Systems Journal
– start-page: 55
  year: 2010
  end-page: 62
  ident: bib0095
  article-title: An android application sandbox system for suspicious software detection
  publication-title: 2010 5th International Conference on Malicious and Unwanted Software
– reference: Desnos A, Gueguen G, Bachmann S, Androguard,
– reference: du Luxembourg U, Androzoo - lists of apks,
– start-page: 10
  year: 2021
  ident: bib0071
  article-title: Android malware detection based on structural features of the function call graph
  publication-title: Electronics
– reference: Google, Google play protect,
– volume: 2017
  year: 2017
  ident: bib0098
  article-title: The concept drift problem in android malware detection and its solution
  publication-title: Security and Communication Networks
– reference: Hu D, Ma Z, Zhang X, Li P, Ye D, Ling B, The concept drift problem in android malware detection and its solution, Security and Communication Networks 2017 (2017).
– start-page: 241
  year: 2012
  end-page: 252
  ident: bib0074
  article-title: Using probabilistic generative models for ranking risks of android apps
  publication-title: Proceedings of the 2012 ACM conference on Computer and communications security
– reference: Microsoft, Sophisticated new android malware marks the latest evolution of mobile ransomware,
– reference: , 2018.
– reference: Iqbal M, App download and usage statistics (2020),
– volume: 6
  start-page: 6668
  year: 2019
  end-page: 6680
  ident: bib0108
  article-title: Evedroid: Event-aware android malware detection against model degrading for iot devices
  publication-title: IEEE Internet of Things Journal
– reference: F-droid, F-droid - free and open source android app repository,
– reference: Broersma M, Android hit by ‘incredibly sophisticated’ malware,
– reference: Levin D, Strace - linux syscall tracer,
– reference: , 2021b.
– reference: , 2021.
– reference: Schmidt A-D, Detection of smartphone malware (2011).
– reference: Chebyshev V, Mobile malware evolution 2019,
– start-page: 1
  year: 2014
  end-page: 6
  ident: bib0092
  article-title: Rage against the virtual machine: hindering dynamic analysis of android malware
  publication-title: Proceedings of the seventh european workshop on system security
– reference: , 2021a.
– volume: 7
  start-page: 239
  year: 1994
  end-page: 246
  ident: bib0017
  article-title: Limits on learning machine accuracy imposed by data quality
  publication-title: Advances in Neural Information Processing Systems
– start-page: 625
  year: 2017
  end-page: 642
  ident: bib0099
  article-title: Transcend: Detecting concept drift in malware classification models
  publication-title: 26th USENIX Security Symposium (USENIX Security 17
– start-page: 364
  year: 2017
  end-page: 375
  ident: bib0100
  article-title: Understanding android application programming and security: A dynamic study
  publication-title: 2017 IEEE International Conference on Software Maintenance and Evolution (ICSME
– reference: , 2019.
– reference: Hahn K, Malware naming hell part 1: Taming the mess of av detection names,
– year: 2012
  ident: bib0061
  article-title: Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
– reference: Android, How it works,
– volume: 14
  start-page: 245
  year: 2018
  end-page: 249
  ident: bib0121
  article-title: The duplication issue within the drebin dataset
  publication-title: Journal of Computer Virology and Hacking Techniques
– volume: 9
  start-page: 313
  year: 2015
  end-page: 320
  ident: bib0067
  article-title: High accuracy android malware detection using ensemble learning
  publication-title: IET Information Security
– reference: Zheng C, Xu Z, New android malware family evades antivirus detection by using popular ad libraries,
– volume: 29
  start-page: 1
  year: 2020
  end-page: 28
  ident: bib0113
  article-title: Assessing and improving malware detection sustainability through app evolution studies
  publication-title: ACM Transactions on Software Engineering and Methodology (TOSEM)
– reference: U. of New Brunswick, Android botnet dataset,
– volume: 10
  start-page: 3035
  year: 2019
  end-page: 3043
  ident: bib0068
  article-title: Effective android malware detection with a hybrid model based on deep autoencoder and convolutional neural network
  publication-title: Journal of Ambient Intelligence and Humanized Computing
– start-page: 152
  year: 2013
  end-page: 159
  ident: bib0016
  article-title: Androsimilar: robust statistical feature signature for android malware detection
  publication-title: Proceedings of the 6th International Conference on Security of Information and Networks
– start-page: 252
  year: 2017
  end-page: 276
  ident: bib0029
  article-title: Deep ground truth analysis of current android malware
  publication-title: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
– start-page: 300
  year: 2013
  end-page: 305
  ident: bib0066
  article-title: Machine learning for android malware detection using permission and api calls
  publication-title: 2013 IEEE 25th International Conference on Tools with Artificial Intelligence
– reference: Android, Reduce your app size,
– start-page: 625
  year: 2017
  end-page: 642
  ident: bib0139
  article-title: Transcend: Detecting concept drift in malware classification models
  publication-title: 26th USENIX Security Symposium (USENIX Security 17
– reference: Android, Content providers,
– start-page: 66
  year: 2014
  end-page: 71
  ident: bib0086
  article-title: Malware detection using network traffic analysis in android based mobile devices
  publication-title: 2014 Eighth International Conference on Next Generation Mobile Apps, Services and Technologies
– start-page: 399
  year: 2019
  end-page: 404
  ident: bib0052
  article-title: Differences in android behavior between real device and emulator: A malware detection perspective
  publication-title: 2019 Sixth International Conference on Internet of Things: Systems, Management and Security (IOTSMS)
– year: 2017
  ident: bib0101
  article-title: Artifacts for dynamic analysis of android apps
  publication-title: 2017 IEEE International Conference on Software Maintenance and Evolution (ICSME)
– reference: Android, Broadcasts overview,
– reference: F-Secure, Riskware:android/smsreg.variant!online,
– reference: APKMirror, Faq - security,
– volume: 22
  start-page: 1
  year: 2019
  end-page: 34
  ident: bib0102
  article-title: Mamadroid: Detecting android malware by building markov chains of behavioral models (extended version)
  publication-title: ACM Transactions on Privacy and Security (TOPS)
– start-page: 274
  year: 2019
  end-page: 283
  ident: bib0053
  article-title: In-depth feature selection and ranking for automated detection of mobile malware
  publication-title: ICISSP
– reference: Kiss N, Lalande J-F, Leslous M, Viet Triem Tong V, Kharon malware dataset,
– year: 2015
  ident: bib0084
  article-title: Copperdroid: automatic reconstruction of android malware behaviors
  publication-title: Ndss
– year: 2020
  ident: bib0115
  article-title: A longitudinal study of application structure and behaviors in android
  publication-title: IEEE Transactions on Software Engineering
– reference: Statista, Mobile operating systems’ market share worldwide from january 2012 to october 2020,
– reference: ArgusLab, Amd dataset - argus cyber security lab,
– reference: Guerra-Manzanares A, Kronodroid dataset,
– reference: Mariconti E, Onwuzurike L, Andriotis P, De Cristofaro E, Ross G, Stringhini G, Mamadroid: Detecting android malware by building markov chains of behavioral models, arXiv preprint arXiv:1612.04433 (2016).
– start-page: 627
  year: 2011
  end-page: 638
  ident: bib0063
  article-title: Android permissions demystified
  publication-title: Proceedings of the 18th ACM conference on Computer and communications security
– reference: , 2016.
– reference: Parkour M, Contagio minidump,
– volume: 24
  start-page: 25
  year: 2018
  end-page: 33
  ident: bib0093
  article-title: An in-depth analysis of android malware using hybrid techniques
  publication-title: Digital Investigation
– reference: VirusShare, Virusshare,
– year: 2016
  ident: bib0027
  article-title: Kharon dataset: Android malware under a microscope
  publication-title: Learning from Authoritative Security Experiment Results
– reference: Lakshmanan R, Joker malware apps once again bypass google's security to spread via play store,
– start-page: 31
  year: 2020
  end-page: 35
  ident: bib0114
  article-title: Embracing mobile app evolution via continuous ecosystem mining and characterization, MOBILESoft ’20
– start-page: 281
  year: 2012
  end-page: 294
  ident: bib0015
  article-title: Riskranker: scalable and accurate zero-day android malware detection
  publication-title: Proceedings of the 10th international conference on Mobile systems, applications, and services
– start-page: 371
  year: 2014
  end-page: 372
  ident: bib0094
  article-title: Droid-sec: deep learning in android malware detection
  publication-title: Proceedings of the 2014 ACM conference on SIGCOMM
– start-page: 1666
  year: 2013
  end-page: 1671
  ident: bib0089
  article-title: Applying machine learning classifiers to dynamic android malware detection at scale
  publication-title: 2013 9th International Wireless Communications and Mobile Computing Conference (IWCMC)
– reference: APKMirror, Apkmirror,
– start-page: 438
  year: 2017
  end-page: 443
  ident: bib0069
  article-title: Deepflow: Deep learning-based malware detection by mining android application for abnormal usage of sensitive data
  publication-title: 2017 IEEE Symposium on Computers and Communications (ISCC)
– start-page: 729
  year: 2019
  end-page: 746
  ident: bib0109
  article-title: TESSERACT: Eliminating experimental bias in malware classification across space and time
  publication-title: 28th USENIX Security Symposium (USENIX Security 19
– reference: du Luxembourg U, Androzoo,
– reference: Microsoft, Malware names,
– reference: permission
– start-page: 354
  year: 2014
  end-page: 358
  ident: bib0080
  article-title: Investigating the android intents and permissions for malware detection
  publication-title: 2014 IEEE 10th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob)
– volume: 89
  year: 2020
  ident: bib0081
  article-title: Dl-droid: Deep learning based android malware detection using real devices
  publication-title: Computers Security
– volume: 2
  start-page: 422
  year: 2015
  end-page: 433
  ident: bib0125
  article-title: Marvin: Efficient and comprehensive mobile app classification through static and dynamic analysis
  publication-title: 2015 IEEE 39th Annual Computer Software and Applications Conference
– volume: 27
  start-page: 48
  year: 2020
  end-page: 57
  ident: bib0042
  article-title: Mviidroid: A multiple view information integration approach for android malware detection and family identification
  publication-title: IEEE MultiMedia
– reference: Android, Manifest.permission,
– volume: 122
  year: 2020
  ident: bib0112
  article-title: A study of run-time behavioral evolution of benign versus malicious apps in android
  publication-title: Information and Software Technology
– reference: Braunschweig TU, The drebin dataset,
– reference: Kaspersky, Rules for naming,
– start-page: 350
  year: 2018
  end-page: 351
  ident: bib0105
  article-title: Towards sustainable android malware detection
  publication-title: Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings, ICSE ’18, Associa- tion for Computing Machinery
– reference: Barbero F, Pendlebury F, Pierazzi F, Cavallaro L, Transcending transcend: Revisiting malware classification with conformal evaluation, arXiv preprint arXiv:2010.03856 (2020).
– start-page: 803
  year: 2017
  end-page: 810
  ident: bib0073
  article-title: Deep neural networks for automatic android malware detection
  publication-title: Proceedings of the 2017 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining 2017
– reference: U. of New Brunswick, Android malware dataset (cic-andmal2017),
– start-page: 104
  year: 2016
  end-page: 111
  ident: bib0083
  article-title: Deep4maldroid: A deep learning framework for android malware detection based on linux kernel system call graphs
  publication-title: 2016 IEEE/WIC/ACM International Conference on Web Intelligence Workshops (WIW)
– volume: 13
  start-page: 22
  year: 2015
  end-page: 37
  ident: bib0014
  article-title: Wahab, A review on feature selection in mobile malware detection
  publication-title: Digital investigation
– reference: Android, Set the application id,
– start-page: 235
  year: 2009
  end-page: 245
  ident: bib0075
  article-title: On lightweight mobile phone application certification
  publication-title: Proceedings of the 16th ACM conference on Computer and communications security
– volume: 6
  start-page: 485
  year: 2006
  end-page: 498
  ident: bib0018
  article-title: The effects of data quality on machine learning algorithms
  publication-title: ICIQ
– start-page: 1
  year: 2019
  end-page: 8
  ident: bib0035
  article-title: Extensible android malware detection and family classification using network-flows and api-calls
  publication-title: 2019 International Carnahan Conference on Security Technology (ICCST)
– start-page: 2301
  year: 2014
  end-page: 2306
  ident: bib0077
  article-title: Permission-combination-based scheme for android mobile malware detection
  publication-title: 2014 IEEE International Conference on Communications (ICC)
– reference: Android, Ui/application exerciser monkey,
– reference: Statista, Development of new android malware worldwide from june 2016 to march 2020,
– year: 2015
  ident: bib0062
  article-title: Android Malware and Analysis
– start-page: 281
  year: 2012
  end-page: 294
  ident: bib0070
  article-title: Riskranker: scalable and accurate zero-day android malware detection
  publication-title: Proceedings of the 10th international conference on Mobile systems, applications, and services
– start-page: 240
  year: 2012
  end-page: 253
  ident: bib0090
  article-title: Madam: a multi-level anomaly detector for android malware
  publication-title: International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security
– volume: 32
  start-page: 1
  year: 2014
  end-page: 29
  ident: bib0088
  article-title: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones
  publication-title: ACM Transactions on Computer Systems (TOCS)
– volume: 14
  start-page: 245
  year: 2018
  end-page: 249
  ident: bib0041
  article-title: The duplication issue within the drebin dataset
  publication-title: Journal of Computer Virology and Hacking Techniques
– start-page: 2484
  year: 2016
  end-page: 2491
  ident: bib0097
  article-title: Adaptive and scalable android malware detection through online learning
  publication-title: 2016 International Joint Conference on Neural Networks (IJCNN)
– reference: U. of New Brunswick, Investigation of the android malware (cic-invesandmal2019),
– volume: 9
  year: 2020
  ident: bib0043
  article-title: Deep-droid: Deep learning for android malware detection
  publication-title: International Journal of Innovative Technology and Exploring Engineering
– reference: Android, Application fundamentals,
– start-page: 399
  year: 2019
  end-page: 404
  ident: bib0044
  article-title: Differences in android behavior between real device and emulator: A malware detection perspective
  publication-title: 2019 Sixth International Conference on Internet of Things: Systems, Management and Security (IOTSMS)
– volume: 13
  start-page: 1
  year: 2015
  end-page: 14
  ident: bib0076
  article-title: Apk auditor: Permission-based android malware detection system
  publication-title: Digital Investigation
– volume: 45
  year: 2013
  ident: bib0012
  article-title: On the effectiveness of malware protection on android
  publication-title: Fraunhofer AISEC
– volume: 65
  start-page: 121
  year: 2017
  end-page: 134
  ident: bib0079
  article-title: Androdialysis: Analysis of android intent effectiveness in malware detection
  publication-title: computers security
– volume: 38
  start-page: 161
  year: 2012
  end-page: 190
  ident: bib0091
  article-title: andromaly”: a behavioral malware detection framework for android devices
  publication-title: Journal of Intelligent Information Systems
– reference: Android, Introduction to activities,
– reference: Arp D, Quiring E, Pendlebury F, Warnecke A, Pierazzi F, Wressnegger C, Cavallaro L, Rieck K, Dos and don'ts of machine learning in computer security, arXiv preprint arXiv:2010.09470 (2020).
– volume: 423
  start-page: 301
  year: 2021
  end-page: 307
  ident: bib0072
  article-title: Learning features from enhanced function call graphs for android malware detection
  publication-title: Neurocomputing
– reference: Lipovsky´ R, Sˇtefanko L, Braniˇsa G, The rise of android ransomware,
– reference: Hahn K, Ransomware identification for the judicious analyst,
– start-page: 1
  year: 2019
  ident: 10.1016/j.cose.2021.102399_bib0051
  article-title: Time-frame analysis of system calls behavior in machine learning-based mobile malware detection
– ident: 10.1016/j.cose.2021.102399_bib0055
– volume: 14
  start-page: 23
  year: 2014
  ident: 10.1016/j.cose.2021.102399_bib0023
  article-title: Drebin: Effective and explainable detection of android malware in your pocket
  publication-title: Ndss
– volume: 32
  start-page: 1
  year: 2014
  ident: 10.1016/j.cose.2021.102399_bib0088
  article-title: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones
  publication-title: ACM Transactions on Computer Systems (TOCS)
  doi: 10.1145/2619091
– start-page: 281
  year: 2012
  ident: 10.1016/j.cose.2021.102399_bib0070
  article-title: Riskranker: scalable and accurate zero-day android malware detection
– volume: 14
  start-page: 245
  year: 2018
  ident: 10.1016/j.cose.2021.102399_bib0041
  article-title: The duplication issue within the drebin dataset
  publication-title: Journal of Computer Virology and Hacking Techniques
  doi: 10.1007/s11416-018-0316-z
– ident: 10.1016/j.cose.2021.102399_bib0026
– ident: 10.1016/j.cose.2021.102399_bib0141
– ident: 10.1016/j.cose.2021.102399_bib0032
– ident: 10.1016/j.cose.2021.102399_bib0135
– ident: 10.1016/j.cose.2021.102399_bib0003
– start-page: 1
  year: 2019
  ident: 10.1016/j.cose.2021.102399_bib0035
  article-title: Extensible android malware detection and family classification using network-flows and api-calls
– volume: 122
  year: 2020
  ident: 10.1016/j.cose.2021.102399_bib0112
  article-title: A study of run-time behavioral evolution of benign versus malicious apps in android
  publication-title: Information and Software Technology
  doi: 10.1016/j.infsof.2020.106291
– start-page: 240
  year: 2012
  ident: 10.1016/j.cose.2021.102399_bib0090
  article-title: Madam: a multi-level anomaly detector for android malware
– ident: 10.1016/j.cose.2021.102399_bib0049
– start-page: 233
  year: 2017
  ident: 10.1016/j.cose.2021.102399_bib0031
  article-title: Towards a network-based framework for android malware detection and characterization
– start-page: 625
  year: 2017
  ident: 10.1016/j.cose.2021.102399_bib0099
  article-title: Transcend: Detecting concept drift in malware classification models
– start-page: 729
  year: 2019
  ident: 10.1016/j.cose.2021.102399_bib0109
  article-title: TESSERACT: Eliminating experimental bias in malware classification across space and time
– ident: 10.1016/j.cose.2021.102399_bib0126
– start-page: 233
  year: 2017
  ident: 10.1016/j.cose.2021.102399_bib0085
  article-title: Towards a network-based framework for android malware detection and characterization
– start-page: 274
  year: 2019
  ident: 10.1016/j.cose.2021.102399_bib0053
  article-title: In-depth feature selection and ranking for automated detection of mobile malware
  publication-title: ICISSP
– ident: 10.1016/j.cose.2021.102399_bib0008
– ident: 10.1016/j.cose.2021.102399_bib0117
– ident: 10.1016/j.cose.2021.102399_bib0138
– volume: 14
  start-page: 653
  year: 2020
  ident: 10.1016/j.cose.2021.102399_bib0065
  article-title: Adversarial-example attacks toward android malware detection system
  publication-title: IEEE Systems Journal
  doi: 10.1109/JSYST.2019.2906120
– year: 2012
  ident: 10.1016/j.cose.2021.102399_bib0061
– ident: 10.1016/j.cose.2021.102399_bib0046
– ident: 10.1016/j.cose.2021.102399_bib0087
– ident: 10.1016/j.cose.2021.102399_bib0123
– start-page: 2301
  year: 2014
  ident: 10.1016/j.cose.2021.102399_bib0077
  article-title: Permission-combination-based scheme for android mobile malware detection
– ident: 10.1016/j.cose.2021.102399_bib0144
– volume: 38
  start-page: 161
  year: 2012
  ident: 10.1016/j.cose.2021.102399_bib0091
  article-title: andromaly”: a behavioral malware detection framework for android devices
  publication-title: Journal of Intelligent Information Systems
  doi: 10.1007/s10844-010-0148-x
– start-page: 47
  year: 2019
  ident: 10.1016/j.cose.2021.102399_bib0106
  article-title: Droidevolver: Self-evolving android malware detection system
– start-page: 1666
  year: 2013
  ident: 10.1016/j.cose.2021.102399_bib0089
  article-title: Applying machine learning classifiers to dynamic android malware detection at scale
– ident: 10.1016/j.cose.2021.102399_bib0130
– start-page: 252
  year: 2017
  ident: 10.1016/j.cose.2021.102399_bib0029
  article-title: Deep ground truth analysis of current android malware
– start-page: 625
  year: 2017
  ident: 10.1016/j.cose.2021.102399_bib0139
  article-title: Transcend: Detecting concept drift in malware classification models
– year: 2015
  ident: 10.1016/j.cose.2021.102399_bib0084
  article-title: Copperdroid: automatic reconstruction of android malware behaviors
  publication-title: Ndss
– start-page: 300
  year: 2013
  ident: 10.1016/j.cose.2021.102399_bib0066
  article-title: Machine learning for android malware detection using permission and api calls
– ident: 10.1016/j.cose.2021.102399_bib0028
– start-page: 15
  year: 2011
  ident: 10.1016/j.cose.2021.102399_bib0082
  article-title: Crowdroid: behavior-based malware detection system for android
– ident: 10.1016/j.cose.2021.102399_bib0133
– ident: 10.1016/j.cose.2021.102399_bib0001
– volume: 13
  start-page: 1
  year: 2015
  ident: 10.1016/j.cose.2021.102399_bib0076
  article-title: Apk auditor: Permission-based android malware detection system
  publication-title: Digital Investigation
  doi: 10.1016/j.diin.2015.01.001
– start-page: 399
  year: 2019
  ident: 10.1016/j.cose.2021.102399_bib0052
  article-title: Differences in android behavior between real device and emulator: A malware detection perspective
– ident: 10.1016/j.cose.2021.102399_bib0009
– ident: 10.1016/j.cose.2021.102399_bib0120
– ident: 10.1016/j.cose.2021.102399_bib0103
  doi: 10.14722/ndss.2017.23353
– ident: 10.1016/j.cose.2021.102399_bib0140
  doi: 10.1155/2017/4956386
– ident: 10.1016/j.cose.2021.102399_bib0147
– ident: 10.1016/j.cose.2021.102399_bib0128
– ident: 10.1016/j.cose.2021.102399_bib0020
– ident: 10.1016/j.cose.2021.102399_bib0119
  doi: 10.1109/MSR52588.2021.00076
– ident: 10.1016/j.cose.2021.102399_bib0034
– volume: 10
  start-page: 3035
  year: 2019
  ident: 10.1016/j.cose.2021.102399_bib0068
  article-title: Effective android malware detection with a hybrid model based on deep autoencoder and convolutional neural network
  publication-title: Journal of Ambient Intelligence and Humanized Computing
  doi: 10.1007/s12652-018-0803-6
– start-page: 55
  year: 2010
  ident: 10.1016/j.cose.2021.102399_bib0095
  article-title: An android application sandbox system for suspicious software detection
– volume: 45
  year: 2013
  ident: 10.1016/j.cose.2021.102399_bib0012
  article-title: On the effectiveness of malware protection on android
  publication-title: Fraunhofer AISEC
– volume: 89
  year: 2020
  ident: 10.1016/j.cose.2021.102399_bib0081
  article-title: Dl-droid: Deep learning based android malware detection using real devices
  publication-title: Computers Security
  doi: 10.1016/j.cose.2019.101663
– ident: 10.1016/j.cose.2021.102399_bib0057
– ident: 10.1016/j.cose.2021.102399_bib0054
– start-page: 2484
  year: 2016
  ident: 10.1016/j.cose.2021.102399_bib0097
  article-title: Adaptive and scalable android malware detection through online learning
– start-page: 1
  year: 2014
  ident: 10.1016/j.cose.2021.102399_bib0092
  article-title: Rage against the virtual machine: hindering dynamic analysis of android malware
– start-page: 468
  year: 2016
  ident: 10.1016/j.cose.2021.102399_bib0047
  article-title: Androzoo: Collecting millions of android apps for the research community
– start-page: 172
  year: 2016
  ident: 10.1016/j.cose.2021.102399_bib0137
  article-title: Inferring the detection logic and evaluating the effectiveness of android anti-virus apps
– ident: 10.1016/j.cose.2021.102399_bib0142
– ident: 10.1016/j.cose.2021.102399_bib0006
– ident: 10.1016/j.cose.2021.102399_bib0136
– start-page: 6976
  year: 2021
  ident: 10.1016/j.cose.2021.102399_bib0078
  article-title: Machine learning-based android malware detection using manifest permissions
  doi: 10.24251/HICSS.2021.839
– ident: 10.1016/j.cose.2021.102399_bib0060
– ident: 10.1016/j.cose.2021.102399_bib0048
– start-page: 371
  year: 2014
  ident: 10.1016/j.cose.2021.102399_bib0094
  article-title: Droid-sec: deep learning in android malware detection
– year: 2016
  ident: 10.1016/j.cose.2021.102399_bib0027
  article-title: Kharon dataset: Android malware under a microscope
– start-page: 241
  year: 2012
  ident: 10.1016/j.cose.2021.102399_bib0074
  article-title: Using probabilistic generative models for ranking risks of android apps
– ident: 10.1016/j.cose.2021.102399_bib0040
– ident: 10.1016/j.cose.2021.102399_bib0096
– volume: 2
  start-page: 422
  year: 2015
  ident: 10.1016/j.cose.2021.102399_bib0125
  article-title: Marvin: Efficient and comprehensive mobile app classification through static and dynamic analysis
– start-page: 1
  year: 2018
  ident: 10.1016/j.cose.2021.102399_bib0064
  article-title: Fine-grained android malware detection based on deep learning
– volume: 9
  year: 2020
  ident: 10.1016/j.cose.2021.102399_bib0043
  article-title: Deep-droid: Deep learning for android malware detection
  publication-title: International Journal of Innovative Technology and Exploring Engineering
– start-page: 272
  year: 2019
  ident: 10.1016/j.cose.2021.102399_bib0107
  article-title: On the deterioration of learning-based malware detectors for android
– ident: 10.1016/j.cose.2021.102399_bib0007
– year: 2020
  ident: 10.1016/j.cose.2021.102399_bib0037
  article-title: Didroid: Android malware classification and characterization using deep image learning
– start-page: 95
  year: 2012
  ident: 10.1016/j.cose.2021.102399_bib0021
  article-title: Dissecting android malware: Characterization and evolution
  publication-title: 2012 IEEE Symposium on Security and Privacy
  doi: 10.1109/SP.2012.16
– ident: 10.1016/j.cose.2021.102399_bib0045
– year: 2015
  ident: 10.1016/j.cose.2021.102399_bib0062
– ident: 10.1016/j.cose.2021.102399_bib0122
– ident: 10.1016/j.cose.2021.102399_bib0022
– ident: 10.1016/j.cose.2021.102399_bib0145
– ident: 10.1016/j.cose.2021.102399_bib0013
– start-page: 757
  year: 2020
  ident: 10.1016/j.cose.2021.102399_bib0111
  article-title: Enhancing state-of-the-art classifiers with api semantics to detect evolved android malware
– ident: 10.1016/j.cose.2021.102399_bib0059
– ident: 10.1016/j.cose.2021.102399_bib0131
– volume: 423
  start-page: 301
  year: 2021
  ident: 10.1016/j.cose.2021.102399_bib0072
  article-title: Learning features from enhanced function call graphs for android malware detection
  publication-title: Neurocomputing
  doi: 10.1016/j.neucom.2020.10.054
– ident: 10.1016/j.cose.2021.102399_bib0036
– volume: 29
  start-page: 1
  year: 2020
  ident: 10.1016/j.cose.2021.102399_bib0113
  article-title: Assessing and improving malware detection sustainability through app evolution studies
  publication-title: ACM Transactions on Software Engineering and Methodology (TOSEM)
  doi: 10.1145/3371924
– start-page: 1
  year: 2020
  ident: 10.1016/j.cose.2021.102399_bib0033
  article-title: Toward developing a systematic approach to generate benchmark android malware datasets and classification
– ident: 10.1016/j.cose.2021.102399_bib0134
– ident: 10.1016/j.cose.2021.102399_bib0010
– volume: 7
  start-page: 239
  year: 1994
  ident: 10.1016/j.cose.2021.102399_bib0017
  article-title: Limits on learning machine accuracy imposed by data quality
  publication-title: Advances in Neural Information Processing Systems
– ident: 10.1016/j.cose.2021.102399_bib0004
– volume: 27
  start-page: 48
  year: 2020
  ident: 10.1016/j.cose.2021.102399_bib0042
  article-title: Mviidroid: A multiple view information integration approach for android malware detection and family identification
  publication-title: IEEE MultiMedia
  doi: 10.1109/MMUL.2020.3022702
– volume: 65
  start-page: 121
  year: 2017
  ident: 10.1016/j.cose.2021.102399_bib0079
  article-title: Androdialysis: Analysis of android intent effectiveness in malware detection
  publication-title: computers security
  doi: 10.1016/j.cose.2016.11.007
– ident: 10.1016/j.cose.2021.102399_bib0127
– start-page: 281
  year: 2012
  ident: 10.1016/j.cose.2021.102399_bib0015
  article-title: Riskranker: scalable and accurate zero-day android malware detection
– ident: 10.1016/j.cose.2021.102399_bib0056
– start-page: 66
  year: 2014
  ident: 10.1016/j.cose.2021.102399_bib0086
  article-title: Malware detection using network traffic analysis in android based mobile devices
– start-page: 152
  year: 2013
  ident: 10.1016/j.cose.2021.102399_bib0016
  article-title: Androsimilar: robust statistical feature signature for android malware detection
– ident: 10.1016/j.cose.2021.102399_bib0030
– ident: 10.1016/j.cose.2021.102399_bib0005
– volume: 2017
  year: 2017
  ident: 10.1016/j.cose.2021.102399_bib0098
  article-title: The concept drift problem in android malware detection and its solution
  publication-title: Security and Communication Networks
  doi: 10.1155/2017/4956386
– start-page: 364
  year: 2017
  ident: 10.1016/j.cose.2021.102399_bib0100
  article-title: Understanding android application programming and security: A dynamic study
– year: 2017
  ident: 10.1016/j.cose.2021.102399_bib0101
  article-title: Artifacts for dynamic analysis of android apps
– ident: 10.1016/j.cose.2021.102399_bib0116
  doi: 10.1109/MSR52588.2021.00076
– start-page: 803
  year: 2017
  ident: 10.1016/j.cose.2021.102399_bib0073
  article-title: Deep neural networks for automatic android malware detection
– ident: 10.1016/j.cose.2021.102399_bib0011
– ident: 10.1016/j.cose.2021.102399_bib0143
– ident: 10.1016/j.cose.2021.102399_bib0024
– start-page: 78
  year: 2015
  ident: 10.1016/j.cose.2021.102399_bib0025
  article-title: Android botnets: What urls are telling us
– ident: 10.1016/j.cose.2021.102399_bib0124
– ident: 10.1016/j.cose.2021.102399_bib0019
– start-page: 350
  year: 2018
  ident: 10.1016/j.cose.2021.102399_bib0105
  article-title: Towards sustainable android malware detection
– volume: 6
  start-page: 6668
  year: 2019
  ident: 10.1016/j.cose.2021.102399_bib0108
  article-title: Evedroid: Event-aware android malware detection against model degrading for iot devices
  publication-title: IEEE Internet of Things Journal
  doi: 10.1109/JIOT.2019.2909745
– ident: 10.1016/j.cose.2021.102399_bib0118
– start-page: 31
  year: 2020
  ident: 10.1016/j.cose.2021.102399_bib0114
– start-page: 627
  year: 2011
  ident: 10.1016/j.cose.2021.102399_bib0063
  article-title: Android permissions demystified
– ident: 10.1016/j.cose.2021.102399_bib0110
– start-page: 515
  year: 2020
  ident: 10.1016/j.cose.2021.102399_bib0039
  article-title: Dynamic android malware category classification using semi-supervised deep learning
– ident: 10.1016/j.cose.2021.102399_bib0038
– start-page: 438
  year: 2017
  ident: 10.1016/j.cose.2021.102399_bib0069
  article-title: Deepflow: Deep learning-based malware detection by mining android application for abnormal usage of sensitive data
– volume: 22
  start-page: 1
  year: 2019
  ident: 10.1016/j.cose.2021.102399_bib0102
  article-title: Mamadroid: Detecting android malware by building markov chains of behavioral models (extended version)
  publication-title: ACM Transactions on Privacy and Security (TOPS)
  doi: 10.1145/3313391
– ident: 10.1016/j.cose.2021.102399_bib0002
– start-page: 10
  year: 2021
  ident: 10.1016/j.cose.2021.102399_bib0071
  article-title: Android malware detection based on structural features of the function call graph
  publication-title: Electronics
– ident: 10.1016/j.cose.2021.102399_bib0050
– volume: 24
  start-page: 25
  year: 2018
  ident: 10.1016/j.cose.2021.102399_bib0093
  article-title: An in-depth analysis of android malware using hybrid techniques
  publication-title: Digital Investigation
  doi: 10.1016/j.diin.2018.01.001
– volume: 13
  start-page: 22
  year: 2015
  ident: 10.1016/j.cose.2021.102399_bib0014
  article-title: Wahab, A review on feature selection in mobile malware detection
  publication-title: Digital investigation
  doi: 10.1016/j.diin.2015.02.001
– start-page: 354
  year: 2014
  ident: 10.1016/j.cose.2021.102399_bib0080
  article-title: Investigating the android intents and permissions for malware detection
– volume: 6
  start-page: 485
  year: 2006
  ident: 10.1016/j.cose.2021.102399_bib0018
  article-title: The effects of data quality on machine learning algorithms
  publication-title: ICIQ
– volume: 14
  start-page: 1455
  year: 2019
  ident: 10.1016/j.cose.2021.102399_bib0104
  article-title: Droidcat: Effec- tive android malware detection and categorization via app-level profiling
  publication-title: IEEE Transactions on Information Forensics and Security
  doi: 10.1109/TIFS.2018.2879302
– start-page: 104
  year: 2016
  ident: 10.1016/j.cose.2021.102399_bib0083
  article-title: Deep4maldroid: A deep learning framework for android malware detection based on linux kernel system call graphs
– volume: 14
  start-page: 245
  year: 2018
  ident: 10.1016/j.cose.2021.102399_bib0121
  article-title: The duplication issue within the drebin dataset
  publication-title: Journal of Computer Virology and Hacking Techniques
  doi: 10.1007/s11416-018-0316-z
– ident: 10.1016/j.cose.2021.102399_bib0146
– start-page: 399
  year: 2019
  ident: 10.1016/j.cose.2021.102399_bib0044
  article-title: Differences in android behavior between real device and emulator: A malware detection perspective
– ident: 10.1016/j.cose.2021.102399_bib0129
– ident: 10.1016/j.cose.2021.102399_bib0132
– year: 2020
  ident: 10.1016/j.cose.2021.102399_bib0115
  article-title: A longitudinal study of application structure and behaviors in android
  publication-title: IEEE Transactions on Software Engineering
– ident: 10.1016/j.cose.2021.102399_bib0058
– volume: 9
  start-page: 313
  year: 2015
  ident: 10.1016/j.cose.2021.102399_bib0067
  article-title: High accuracy android malware detection using ensemble learning
  publication-title: IET Information Security
  doi: 10.1049/iet-ifs.2014.0099
– start-page: 235
  year: 2009
  ident: 10.1016/j.cose.2021.102399_bib0075
  article-title: On lightweight mobile phone application certification
SSID ssj0017688
Score 2.523617
Snippet Android malware evolution has been neglected by the available data sets, thus providing a static snapshot of a non-stationary phenomenon. The impact of the...
SourceID proquest
crossref
elsevier
SourceType Aggregation Database
Enrichment Source
Index Database
Publisher
StartPage 102399
SubjectTerms Android malware
Data
Data collection
Dataset
Datasets
Emulators
Families & family life
Machine learning
Malware
Malware analysis
Malware detection
Mobile malware
System effectiveness
Title KronoDroid: Time-based Hybrid-featured Dataset for Effective Android Malware Detection and Characterization
URI https://dx.doi.org/10.1016/j.cose.2021.102399
https://www.proquest.com/docview/2582437823
Volume 110
WOSCitedRecordID wos000703432300003&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
journalDatabaseRights – providerCode: PRVESC
  databaseName: Elsevier SD Freedom Collection Journals 2021
  customDbUrl:
  eissn: 1872-6208
  dateEnd: 99991231
  omitProxy: false
  ssIdentifier: ssj0017688
  issn: 0167-4048
  databaseCode: AIEXJ
  dateStart: 19950101
  isFulltext: true
  titleUrlDefault: https://www.sciencedirect.com
  providerName: Elsevier
link http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV1Nj9MwELVKlwMXvhELC_KBPVWu8tHEDrdCWy3QLUjbRb1ZTuxoW0raTdOyy7_hnzKOnZStoIIDl6hy6ibyvNrP45k3CL1yA-bJ2I-JChOHdGjoEAErKwlUIIHOxiEtdQs-D-loxCaT6FOj8aPKhdnMaZaxq6to-V9NDW1gbJ06-w_mrn8UGuAzGB2uYHa4_pXhP-SLbNHLF9OyerNO8SB6qZKtk2udnUVSVWp5SjB4Ae1FGWhoRIx1FJGOcIS-rVMx_6ajwnqqULaceCbL03mj7_x9a9JK6MAWiFiVcFrZwnh1gM9a5bkgp8BFRaaTnmx6zUzoB24dqhcrU0dbXOeqkNMauyN9pP8m-Fri92xjM9isv8JzbeJe7USrEmnO1OV6MRWts3b3V_-mlmF3jPhmW5k5mVGPhJ7DbkzaNhjWTLvubxcD45eYtXXkf1u_SqlTYeox3VTeHn3kg_PhkI_7k_GxP1heEl2WTB_fH_s9A5Fb6MCjQcSa6KD7rj95Xx9VwX6N1QLy8OY2M8sEEe4--k_sZ4cHlORmfB_dtbsS3DVoeoAaKnuI7lUGxXYBeIS-bMH1Gm-hhXeghS20MEAL19DCFlrYQgvX0MKAAbwLrcfofNAfvz0htlwHSXzqFYSFMo4jD7gQS5SbOoJ6MvFkEPs0hX1EIGMRd6AlpTA2Mk0Y7DyEUr7TSYTrxon_BDWzRaaeIgycNZAy0mwz7LCURiIBogtkX3iCRiw-RG41jDyxWva6pMqcV0GLM66Hnuuh52boD1Gr7rM0Si57vx1U1uGWixqOyQFde_sdVabkdlJYcQ8mxI4PXNx_tv_2c3Rn-5c5Qs0iX6sX6HayKaar_KVF3k8D_bJx
linkProvider Elsevier
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=KronoDroid%3A+Time-based+Hybrid-featured+Dataset+for+Effective+Android+Malware+Detection+and+Characterization&rft.jtitle=Computers+%26+security&rft.au=Guerra-Manzanares%2C+Alejandro&rft.au=Bahsi%2C+Hayretdin&rft.au=N%C3%B5mm%2C+Sven&rft.date=2021-11-01&rft.pub=Elsevier+Sequoia+S.A&rft.issn=0167-4048&rft.eissn=1872-6208&rft.volume=110&rft.spage=1&rft_id=info:doi/10.1016%2Fj.cose.2021.102399&rft.externalDBID=NO_FULL_TEXT
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0167-4048&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0167-4048&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0167-4048&client=summon