DroidCat: Effective Android Malware Detection and Categorization via App-Level Profiling

Most existing Android malware detection and categorization techniques are static approaches, which suffer from evasion attacks, such as obfuscation. By analyzing program behaviors, dynamic approaches are potentially more resilient against these attacks. Yet existing dynamic approaches mostly rely on...

Full description

Saved in:
Bibliographic Details
Published inIEEE transactions on information forensics and security Vol. 14; no. 6; pp. 1455 - 1470
Main Authors Haipeng Cai, Na Meng, Ryder, Barbara, Yao, Daphne
Format Journal Article
LanguageEnglish
Published New York IEEE 01.06.2019
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
Android
categorization
Classification
Communications systems
Cybersecurity
detection
dynamic analysis
Feature extraction
Libraries
Malware
obfuscation
profiling
Robustness
Security
stability
Stability analysis
State of the art
Static analysis
Online AccessGet full text

Cover

Abstract Most existing Android malware detection and categorization techniques are static approaches, which suffer from evasion attacks, such as obfuscation. By analyzing program behaviors, dynamic approaches are potentially more resilient against these attacks. Yet existing dynamic approaches mostly rely on characterizing system calls which are subject to system-call obfuscation. This paper presents DroidCat, a novel dynamic app classification technique, to complement existing approaches. By using a diverse set of dynamic features based on method calls and inter-component communication (ICC) Intents without involving permission, app resources, or system calls while fully handling reflection, DroidCat achieves superior robustness than static approaches as well as dynamic approaches relying on system calls. The features were distilled from a behavioral characterization study of benign versus malicious apps. Through three complementary evaluation studies with 34 343 apps from various sources and spanning the past nine years, we demonstrated the stability of DroidCat in achieving high classification performance and superior accuracy compared with the two state-of-the-art peer techniques that represent both static and dynamic approaches. Overall, DroidCat achieved 97% F1-measure accuracy consistently for classifying apps evolving over the nine years, detecting or categorizing malware, 16%-27% higher than any of the two baselines compared. Furthermore, our experiments with obfuscated benchmarks confirmed higher robustness of DroidCat over these baseline techniques. We also investigated the effects of various design decisions on DroidCat's effectiveness and the most important features for our dynamic classification. We found that features capturing app execution structure such as the distribution of method calls over user code and libraries are much more important than typical security features such as sensitive flows.
AbstractList Most existing Android malware detection and categorization techniques are static approaches, which suffer from evasion attacks, such as obfuscation. By analyzing program behaviors, dynamic approaches are potentially more resilient against these attacks. Yet existing dynamic approaches mostly rely on characterizing system calls which are subject to system-call obfuscation. This paper presents DroidCat, a novel dynamic app classification technique, to complement existing approaches. By using a diverse set of dynamic features based on method calls and inter-component communication (ICC) Intents without involving permission, app resources, or system calls while fully handling reflection, DroidCat achieves superior robustness than static approaches as well as dynamic approaches relying on system calls. The features were distilled from a behavioral characterization study of benign versus malicious apps. Through three complementary evaluation studies with 34 343 apps from various sources and spanning the past nine years, we demonstrated the stability of DroidCat in achieving high classification performance and superior accuracy compared with the two state-of-the-art peer techniques that represent both static and dynamic approaches. Overall, DroidCat achieved 97% F1-measure accuracy consistently for classifying apps evolving over the nine years, detecting or categorizing malware, 16%–27% higher than any of the two baselines compared. Furthermore, our experiments with obfuscated benchmarks confirmed higher robustness of DroidCat over these baseline techniques. We also investigated the effects of various design decisions on DroidCat’s effectiveness and the most important features for our dynamic classification. We found that features capturing app execution structure such as the distribution of method calls over user code and libraries are much more important than typical security features such as sensitive flows.
Author Haipeng Cai
Ryder, Barbara
Yao, Daphne
Na Meng
Author_xml – sequence: 1
  surname: Haipeng Cai
  fullname: Haipeng Cai
  email: haipeng.cai@wsu.edu
  organization: Sch. of Electr. Eng. & Comput. Sci., Washington State Univ., Pullman, WA, USA
– sequence: 2
  surname: Na Meng
  fullname: Na Meng
  organization: Dept. of Comput. Sci., Virginia Tech, Blacksburg, VA, USA
– sequence: 3
  givenname: Barbara
  surname: Ryder
  fullname: Ryder, Barbara
  organization: Dept. of Comput. Sci., Virginia Tech, Blacksburg, VA, USA
– sequence: 4
  givenname: Daphne
  surname: Yao
  fullname: Yao, Daphne
  organization: Dept. of Comput. Sci., Virginia Tech, Blacksburg, VA, USA
BookMark eNp9UE1Lw0AQXaSCbfUHiJcFz6m7m2yy6630QwsVBSt4WzabSdkSs3GTVvTXm7SlBw8ehhnevDfzeAPUK10JCF1TMqKUyLvVYv46YoSKEROJDAk7Q33KeRzEhNHeaabhBRrU9YaQKKKx6KP3qXc2m-jmHs_yHExjd4DHZdah-EkXX9oDnkLTbVyJdZnhlgxr5-2P3kM7q_G4qoIl7KDAL97ltrDl-hKd57qo4erYh-htPltNHoPl88NiMl4GJuSyCURCOaSCxpFmeUg504lJtIhMapIQNCMC0jySGWecZ8REaWuS65iJVIZSSBkO0e3hbuXd5xbqRm3c1pftS8WoIIS01bGSA8t4V9cecmVss_ffeG0LRYnqYlRdjKqLUR1jbJX0j7Ly9kP77381NweNBYATX3Aqk4iFv2X5f3I
CODEN ITIFA6
CitedBy_id crossref_primary_10_1016_j_compeleceng_2020_106886
crossref_primary_10_1109_ACCESS_2020_3006143
crossref_primary_10_1109_ACCESS_2023_3244656
crossref_primary_10_1145_3371924
crossref_primary_10_1145_3725810
crossref_primary_10_1016_j_jnca_2019_102420
crossref_primary_10_1080_1206212X_2023_2270804
crossref_primary_10_1016_j_jisa_2024_103880
crossref_primary_10_1016_j_eswa_2023_119593
crossref_primary_10_1145_3417978
crossref_primary_10_56294_piii2025378
crossref_primary_10_1155_2022_1830201
crossref_primary_10_1093_comjnl_bxae114
crossref_primary_10_1016_j_jer_2024_04_008
crossref_primary_10_1109_TIFS_2021_3124725
crossref_primary_10_1109_JIOT_2024_3394555
crossref_primary_10_1109_ACCESS_2021_3123187
crossref_primary_10_1109_TKDE_2024_3436891
crossref_primary_10_3390_app112110244
crossref_primary_10_1109_ACCESS_2022_3189645
crossref_primary_10_1007_s10515_023_00378_w
crossref_primary_10_3233_JCS_220044
crossref_primary_10_1155_2021_5538841
crossref_primary_10_3934_era_2024192
crossref_primary_10_1016_j_jisa_2020_102718
crossref_primary_10_1007_s10207_022_00626_2
crossref_primary_10_1109_TIFS_2020_2976556
crossref_primary_10_1016_j_cose_2022_102785
crossref_primary_10_1016_j_eswa_2022_117200
crossref_primary_10_1007_s11416_023_00505_x
crossref_primary_10_3390_e24070919
crossref_primary_10_1109_ACCESS_2024_3390612
crossref_primary_10_1016_j_future_2019_03_007
crossref_primary_10_1109_TPDS_2020_3046092
crossref_primary_10_1016_j_infsof_2020_106291
crossref_primary_10_1109_ACCESS_2021_3113711
crossref_primary_10_23919_cje_2021_00_451
crossref_primary_10_3390_s20247013
crossref_primary_10_1186_s42400_022_00119_8
crossref_primary_10_1016_j_eswa_2023_122255
crossref_primary_10_1016_j_jisa_2021_103063
crossref_primary_10_1109_ACCESS_2021_3082173
crossref_primary_10_1007_s00521_023_08303_8
crossref_primary_10_1007_s10489_024_05911_2
crossref_primary_10_1109_JIOT_2024_3477442
crossref_primary_10_1016_j_cose_2022_102757
crossref_primary_10_1111_exsy_12468
crossref_primary_10_1109_TIFS_2024_3414339
crossref_primary_10_1155_2022_7775917
crossref_primary_10_1109_TIFS_2022_3180184
crossref_primary_10_4018_IJISP_319018
crossref_primary_10_1109_JSYST_2023_3238678
crossref_primary_10_3233_JIFS_231969
crossref_primary_10_4018_IJSI_309719
crossref_primary_10_1016_j_eswa_2022_118404
crossref_primary_10_1007_s42979_023_02000_y
crossref_primary_10_4018_IJSSCI_312554
crossref_primary_10_1109_JIOT_2023_3262594
crossref_primary_10_1007_s42044_023_00136_x
crossref_primary_10_1109_ACCESS_2020_3033026
crossref_primary_10_32604_cmc_2023_028316
crossref_primary_10_1109_TIFS_2023_3328431
crossref_primary_10_1109_JIOT_2021_3109785
crossref_primary_10_1109_ACCESS_2022_3149053
crossref_primary_10_1088_1742_6596_1911_1_012031
crossref_primary_10_1109_TNSM_2021_3112056
crossref_primary_10_3390_s23104729
crossref_primary_10_1109_TSC_2024_3496333
crossref_primary_10_1016_j_procs_2022_12_095
crossref_primary_10_3390_electronics10222881
crossref_primary_10_1016_j_cose_2020_101750
crossref_primary_10_1016_j_jisa_2023_103556
crossref_primary_10_1016_j_cose_2025_104364
crossref_primary_10_1109_ACCESS_2021_3107903
crossref_primary_10_32604_cmc_2023_038639
crossref_primary_10_1109_TMC_2021_3079433
crossref_primary_10_3233_JIFS_230186
crossref_primary_10_7717_peerj_cs_2616
crossref_primary_10_3390_app122110755
crossref_primary_10_1049_cmu2_12754
crossref_primary_10_1051_e3sconf_202339904056
crossref_primary_10_1016_j_cose_2024_103807
crossref_primary_10_1109_ACCESS_2019_2927552
crossref_primary_10_1007_s11042_024_19390_7
crossref_primary_10_1007_s10664_021_09955_7
crossref_primary_10_1007_s13042_021_01393_7
crossref_primary_10_1016_j_comnet_2021_108595
crossref_primary_10_32604_cmc_2022_024540
crossref_primary_10_3390_e22070792
crossref_primary_10_1109_ACCESS_2021_3139334
crossref_primary_10_1142_S2196888824500039
crossref_primary_10_1109_TC_2022_3143439
crossref_primary_10_1016_j_iot_2024_101300
crossref_primary_10_1109_ACCESS_2021_3049819
crossref_primary_10_32604_cmc_2024_058168
crossref_primary_10_1016_j_comnet_2022_109320
crossref_primary_10_1007_s11042_024_20455_w
crossref_primary_10_2197_ipsjjip_29_801
crossref_primary_10_1016_j_cose_2019_101573
crossref_primary_10_1109_ACCESS_2019_2946392
crossref_primary_10_1016_j_jisa_2023_103617
crossref_primary_10_1016_j_comnet_2021_107932
crossref_primary_10_1016_j_cose_2023_103654
crossref_primary_10_1038_s41598_022_23766_w
crossref_primary_10_1109_TETCI_2023_3281833
crossref_primary_10_3390_info14070374
crossref_primary_10_1016_j_future_2019_11_034
crossref_primary_10_1109_TC_2023_3292001
crossref_primary_10_1016_j_eswa_2023_120952
crossref_primary_10_1109_TIFS_2019_2947861
crossref_primary_10_1016_j_asoc_2020_107069
crossref_primary_10_1016_j_engappai_2023_107390
crossref_primary_10_1007_s11042_020_10367_w
crossref_primary_10_1007_s11227_025_07055_7
crossref_primary_10_1016_j_cose_2020_102072
crossref_primary_10_1007_s42979_024_02637_3
crossref_primary_10_1080_08839514_2021_2007327
crossref_primary_10_1109_ACCESS_2019_2918139
crossref_primary_10_1016_j_cose_2022_102833
crossref_primary_10_1016_j_cose_2021_102399
crossref_primary_10_1016_j_iot_2024_101320
crossref_primary_10_1007_s10922_021_09634_4
crossref_primary_10_3390_make7010023
crossref_primary_10_1109_TDSC_2021_3094824
crossref_primary_10_1016_j_cose_2023_103277
crossref_primary_10_1109_ACCESS_2020_2965954
crossref_primary_10_1016_j_inffus_2024_102662
crossref_primary_10_1016_j_jocs_2022_101839
crossref_primary_10_1016_j_cose_2021_102264
crossref_primary_10_1007_s13042_020_01238_9
crossref_primary_10_1051_sands_2022010
crossref_primary_10_1109_TNSE_2023_3292855
crossref_primary_10_1111_exsy_13488
crossref_primary_10_1016_j_cose_2020_101792
crossref_primary_10_1109_TIFS_2023_3267666
crossref_primary_10_1111_exsy_13482
crossref_primary_10_1016_j_future_2021_11_030
crossref_primary_10_1016_j_cose_2022_102835
crossref_primary_10_1002_ett_4840
Cites_doi 10.1109/BADGERS.2014.7
10.14722/ndss.2014.23247
10.1145/1774088.1774505
10.1109/ICSE.2015.50
10.1145/2517312.2517315
10.1007/s11416-014-0226-7
10.1145/2295136.2295141
10.1145/3017427
10.1007/s11416-015-0244-0
10.1137/1.9781611972788.54
10.1109/SP.2005.20
10.1109/ACSAC.2008.54
10.1109/ICSE.2017.35
10.1109/AsiaJCIS.2012.18
10.1109/CSCloud.2016.27
10.1109/ICSE.2015.30
10.1145/3029806.3029825
10.1007/3-540-49538-X_5
10.1109/TIFS.2016.2523912
10.1145/2875475.2875481
10.14722/ndss.2015.23287
10.1109/COMPSAC.2015.103
10.14722/ndss.2017.23353
10.1145/2307636.2307663
10.1145/2642937.2642950
10.1145/2818000.2818038
10.1145/2660267.2660359
10.1155/2015/479174
10.1109/ICMLA.2014.10
10.1109/ACSAC.2007.21
10.1007/BF00116251
10.1145/2635868.2635869
10.1109/TDSC.2016.2536605
10.1007/s10844-010-0148-x
10.14722/ndss.2015.23145
10.1016/j.cose.2015.02.007
10.1145/212094.212114
10.1145/2382196.2382224
10.2307/2685209
10.1109/PST.2018.8514191
10.1109/SP.2012.16
10.1007/s11416-011-0157-5
10.1007/978-3-642-22424-9_13
10.1145/1653662.1653691
10.1109/SPW.2016.25
10.1007/s11416-016-0281-3
10.1007/s10664-014-9352-6
10.1145/2046614.2046619
10.1007/BF00994018
10.1145/2976749.2978422
10.1007/978-3-319-11203-9_10
ContentType Journal Article
Copyright Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2019
Copyright_xml – notice: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2019
DBID 97E
RIA
RIE
AAYXX
CITATION
7SC
7SP
7TB
8FD
FR3
JQ2
KR7
L7M
L~C
L~D
DOI 10.1109/TIFS.2018.2879302
DatabaseName IEEE All-Society Periodicals Package (ASPP) 2005–Present
IEEE All-Society Periodicals Package (ASPP) 1998–Present
IEEE Electronic Library (IEL)
CrossRef
Computer and Information Systems Abstracts
Electronics & Communications Abstracts
Mechanical & Transportation Engineering Abstracts
Technology Research Database
Engineering Research Database
ProQuest Computer Science Collection
Civil Engineering Abstracts
Advanced Technologies Database with Aerospace
Computer and Information Systems Abstracts – Academic
Computer and Information Systems Abstracts Professional
DatabaseTitle CrossRef
Civil Engineering Abstracts
Technology Research Database
Computer and Information Systems Abstracts – Academic
Mechanical & Transportation Engineering Abstracts
Electronics & Communications Abstracts
ProQuest Computer Science Collection
Computer and Information Systems Abstracts
Engineering Research Database
Advanced Technologies Database with Aerospace
Computer and Information Systems Abstracts Professional
DatabaseTitleList Civil Engineering Abstracts
Database_xml – sequence: 1
  dbid: RIE
  name: IEEE Electronic Library (IEL)
  url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/
  sourceTypes: Publisher
DeliveryMethod fulltext_linktorsrc
Discipline Engineering
Computer Science
EISSN 1556-6021
EndPage 1470
ExternalDocumentID 10_1109_TIFS_2018_2879302
8519742
Genre orig-research
GrantInformation_xml – fundername: Washington State University
  grantid: NFSG-131074-002
  funderid: 10.13039/100007588
GroupedDBID 0R~
29I
4.4
5GY
5VS
6IK
97E
AAJGR
AARMG
AASAJ
AAWTH
ABAZT
ABQJQ
ABVLG
ACGFS
ACIWK
AENEX
AETIX
AGQYO
AGSQL
AHBIQ
AKJIK
AKQYR
ALMA_UNASSIGNED_HOLDINGS
ATWAV
BEFXN
BFFAM
BGNUA
BKEBE
BPEOZ
CS3
DU5
EBS
EJD
HZ~
IFIPE
IPLJI
JAVBF
LAI
M43
O9-
OCL
P2P
PQQKQ
RIA
RIE
RNS
AAYXX
CITATION
RIG
7SC
7SP
7TB
8FD
FR3
JQ2
KR7
L7M
L~C
L~D
ID FETCH-LOGICAL-c359t-8715eb8164a2f3152a7c7a84cbc73ea208ebf49d5255d0c4bffe5a628b9398993
IEDL.DBID RIE
ISSN 1556-6013
IngestDate Sun Jun 29 15:23:19 EDT 2025
Tue Jul 01 02:34:14 EDT 2025
Thu Apr 24 23:07:31 EDT 2025
Wed Aug 27 06:00:43 EDT 2025
IsPeerReviewed true
IsScholarly true
Issue 6
Language English
License https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/IEEE.html
https://doi.org/10.15223/policy-029
https://doi.org/10.15223/policy-037
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c359t-8715eb8164a2f3152a7c7a84cbc73ea208ebf49d5255d0c4bffe5a628b9398993
Notes ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ORCID 0000-0002-5224-9970
0000-0002-4755-6941
PQID 2180008009
PQPubID 85506
PageCount 16
ParticipantIDs ieee_primary_8519742
crossref_citationtrail_10_1109_TIFS_2018_2879302
crossref_primary_10_1109_TIFS_2018_2879302
proquest_journals_2180008009
ProviderPackageCode CITATION
AAYXX
PublicationCentury 2000
PublicationDate 2019-06-01
PublicationDateYYYYMMDD 2019-06-01
PublicationDate_xml – month: 06
  year: 2019
  text: 2019-06-01
  day: 01
PublicationDecade 2010
PublicationPlace New York
PublicationPlace_xml – name: New York
PublicationTitle IEEE transactions on information forensics and security
PublicationTitleAbbrev TIFS
PublicationYear 2019
Publisher IEEE
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Publisher_xml – name: IEEE
– name: The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
References ref13
ref12
ref15
(ref42) 2012
ref14
ref52
ho (ref40) 1995
ref55
ref11
(ref19) 2015
ref17
allix (ref60) 2016
ref18
bayer (ref31) 2009
(ref2) 2018
(ref46) 2015
(ref1) 2015
ref51
aafer (ref16) 2013
cai (ref47) 2017
ref41
(ref53) 2015
ref44
russell (ref69) 2016
(ref45) 2018
ref43
lam (ref50) 2011
ref49
jenkins (ref56) 2017
avdiienko (ref79) 2015
ref7
ref9
(ref65) 2018
cai (ref81) 2017
ref4
ref3
venkataraman (ref76) 2008
square (ref25) 2017
pedregosa (ref59) 2011; 12
ref6
(ref85) 2016
ref5
ref82
ref83
(ref48) 0
(ref62) 2018
cournapeau (ref67) 2016
ref80
cai (ref8) 2018
ref35
ref78
ref34
ref37
ref36
ref75
ref74
ref30
ref77
ref33
ref32
cai (ref66) 2017
ref39
ref38
dilhara (ref84) 2018
ref71
ref70
ref73
ref72
(ref61) 2018
griffin (ref10) 2009
chen (ref26) 2016
ref68
ref24
ref23
kotsiantis (ref58) 2007
ref64
ref20
ref63
ref22
ref21
ref28
ref27
ref29
octeau (ref54) 2013
jenkins (ref57) 2018
References_xml – year: 2017
  ident: ref25
  publication-title: DexGuard
– ident: ref75
  doi: 10.1109/BADGERS.2014.7
– ident: ref15
  doi: 10.14722/ndss.2014.23247
– ident: ref22
  doi: 10.1145/1774088.1774505
– ident: ref4
  doi: 10.1109/ICSE.2015.50
– year: 0
  ident: ref48
  publication-title: VirusTotal
– start-page: 543
  year: 2013
  ident: ref54
  article-title: Effective inter-component communication mapping in Android with Epicc: An essential step towards holistic security analysis
  publication-title: Proc Usenix Secur Symp
– ident: ref6
  doi: 10.1145/2517312.2517315
– start-page: 468
  year: 2016
  ident: ref60
  article-title: AndroZoo: Collecting Millions of Android Apps for the Research Community
  publication-title: 2016 IEEE/ACM 13th Conference on Mining Software Repositories (MSR)
– year: 2015
  ident: ref19
  publication-title: Requesting permissions at run time
– ident: ref27
  doi: 10.1007/s11416-014-0226-7
– start-page: 519
  year: 2017
  ident: ref56
  article-title: Dissecting Android inter-component communications via interactive visual explorations
  publication-title: Proc ICS
– year: 2015
  ident: ref53
  publication-title: Android Emulator
– ident: ref13
  doi: 10.1145/2295136.2295141
– ident: ref41
  doi: 10.1145/3017427
– ident: ref33
  doi: 10.1007/s11416-015-0244-0
– ident: ref64
  doi: 10.1137/1.9781611972788.54
– ident: ref21
  doi: 10.1109/SP.2005.20
– start-page: 265
  year: 2018
  ident: ref8
  article-title: Leveraging historical versions of Android apps for efficient and precise taint analysis
  publication-title: Proc MSR
– ident: ref37
  doi: 10.1109/ACSAC.2008.54
– start-page: 67
  year: 2018
  ident: ref84
  article-title: Automated detection and repair of incompatible uses of runtime permissions in Android apps
  publication-title: Proc MOBILE
– ident: ref74
  doi: 10.1109/ICSE.2017.35
– year: 2018
  ident: ref62
  publication-title: VirusShare
– ident: ref17
  doi: 10.1109/AsiaJCIS.2012.18
– year: 2018
  ident: ref2
  publication-title: The Ultimate Android Malware Guide What It Does Where It Came From and How to Protect Your Phone or Tablet
– ident: ref39
  doi: 10.1109/CSCloud.2016.27
– ident: ref43
  doi: 10.1109/ICSE.2015.30
– year: 2016
  ident: ref67
  publication-title: Machine Learning in Python
– start-page: 364
  year: 2017
  ident: ref81
  article-title: Understanding Android application programming and security: A dynamic study
  publication-title: Proc ICS
– ident: ref23
  doi: 10.1145/3029806.3029825
– ident: ref51
  doi: 10.1007/3-540-49538-X_5
– ident: ref55
  doi: 10.1109/TIFS.2016.2523912
– year: 2016
  ident: ref69
  publication-title: Artificial Intelligence A Modern Approach
– start-page: 1
  year: 2008
  ident: ref76
  article-title: Limits of learning-based signature generation with adversaries
  publication-title: Proc NDSS
– year: 2012
  ident: ref42
  publication-title: Over 60 Percent of Android Malware Comes from One Malware Family Fakeinstaller
– year: 2016
  ident: ref85
  publication-title: Android Developers Dashboards
– year: 2018
  ident: ref65
  publication-title: Contagio Dataset
– year: 2018
  ident: ref45
  publication-title: Android app components
– start-page: 426
  year: 2015
  ident: ref79
  article-title: Mining apps for abnormal usage of sensitive data
  publication-title: Proceedings of the International Conference on Software Engineering ICSE'94
– start-page: 101
  year: 2009
  ident: ref10
  article-title: Automatic generation of string signatures for malware detection
  publication-title: Proc RAID
– ident: ref82
  doi: 10.1145/2875475.2875481
– start-page: 278
  year: 1995
  ident: ref40
  article-title: Random decision forests
  publication-title: Proc 3rd Int Conf Document Anal Recognition
– ident: ref3
  doi: 10.14722/ndss.2015.23287
– start-page: 86
  year: 2013
  ident: ref16
  article-title: DroidAPIMiner: Mining API-level features for robust malware detection in Android
  publication-title: Proc Securecomm
– ident: ref18
  doi: 10.1109/COMPSAC.2015.103
– ident: ref80
  doi: 10.14722/ndss.2017.23353
– year: 2017
  ident: ref66
  article-title: DroidCat: Unified dynamic detection of Android malware
– ident: ref7
  doi: 10.1145/2307636.2307663
– ident: ref52
  doi: 10.1145/2642937.2642950
– start-page: 377
  year: 2016
  ident: ref26
  article-title: StormDroid: A streaminglized machine learning-based system for detecting Android malware
  publication-title: Proc Asia CCS
– ident: ref72
  doi: 10.1145/2818000.2818038
– ident: ref78
  doi: 10.1145/2660267.2660359
– year: 2018
  ident: ref61
  publication-title: Google Play Store
– ident: ref11
  doi: 10.1155/2015/479174
– ident: ref9
  doi: 10.1109/ICMLA.2014.10
– ident: ref20
  doi: 10.1109/ACSAC.2007.21
– ident: ref70
  doi: 10.1007/BF00116251
– ident: ref5
  doi: 10.1145/2635868.2635869
– ident: ref35
  doi: 10.1109/TDSC.2016.2536605
– ident: ref28
  doi: 10.1007/s10844-010-0148-x
– ident: ref32
  doi: 10.14722/ndss.2015.23145
– ident: ref24
  doi: 10.1016/j.cose.2015.02.007
– start-page: 8
  year: 2009
  ident: ref31
  article-title: Scalable, behavior-based malware clustering
  publication-title: Proc NDSS
– ident: ref63
  doi: 10.1145/212094.212114
– start-page: 3
  year: 2007
  ident: ref58
  article-title: Supervised machine learning: A review of classification techniques
  publication-title: Emerg Artif Intell Appl Comput Eng
– ident: ref12
  doi: 10.1145/2382196.2382224
– ident: ref71
  doi: 10.2307/2685209
– ident: ref83
  doi: 10.1109/PST.2018.8514191
– year: 2015
  ident: ref1
  publication-title: Android Malware Accounts for 97% of Malicious Mobile Apps
– ident: ref49
  doi: 10.1109/SP.2012.16
– start-page: 80
  year: 2018
  ident: ref57
  article-title: ICC-inspect: Supporting runtime inspection of Android inter-component communications
  publication-title: Proc MOBILE
– ident: ref36
  doi: 10.1007/s11416-011-0157-5
– ident: ref38
  doi: 10.1007/978-3-642-22424-9_13
– ident: ref14
  doi: 10.1145/1653662.1653691
– year: 2015
  ident: ref46
  publication-title: Android Monkey
– start-page: 1
  year: 2011
  ident: ref50
  article-title: Soot-A Java bytecode optimization framework
  publication-title: Proc Cetus Users and Compiler Infrastructure Workshop
– ident: ref34
  doi: 10.1109/SPW.2016.25
– ident: ref30
  doi: 10.1007/s11416-016-0281-3
– ident: ref73
  doi: 10.1007/s10664-014-9352-6
– ident: ref29
  doi: 10.1145/2046614.2046619
– start-page: 643
  year: 2017
  ident: ref47
  article-title: DroidFax: A toolkit for systematic characterization of Android applications
  publication-title: Proc ICS
– ident: ref68
  doi: 10.1007/BF00994018
– ident: ref44
  doi: 10.1145/2976749.2978422
– volume: 12
  start-page: 2825
  year: 2011
  ident: ref59
  article-title: Scikit-learn: Machine learning in Python
  publication-title: J Mach Learn Res
– ident: ref77
  doi: 10.1007/978-3-319-11203-9_10
SSID ssj0044168
Score 2.6127217
Snippet Most existing Android malware detection and categorization techniques are static approaches, which suffer from evasion attacks, such as obfuscation. By...
SourceID proquest
crossref
ieee
SourceType Aggregation Database
Enrichment Source
Index Database
Publisher
StartPage 1455
SubjectTerms Android
categorization
Classification
Communications systems
Cybersecurity
detection
dynamic analysis
Feature extraction
Libraries
Malware
obfuscation
profiling
Robustness
Security
stability
Stability analysis
State of the art
Static analysis
Title DroidCat: Effective Android Malware Detection and Categorization via App-Level Profiling
URI https://ieeexplore.ieee.org/document/8519742
https://www.proquest.com/docview/2180008009
Volume 14
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3dS8MwED_UJ33wW5xOyYNPYmfWpm3im0zHFCeCCnsr-SqIo5PZKfjXe2nTISriWylJOLjk7n7J7-4AjiiTnOuEB4ZKBChG2UAwxgJLJUYfjg0l3YX-8DYZPLLrUTxagJN5Loy1tiKf2Y77rN7yzUTP3FXZKXdZlgwN7iICtzpXq7G66NXrtLc4TgIEGZF_wexScfpw1b93JC7eQXggIn-D0vigqqnKD0tcuZf-GgwbwWpWyXNnVqqO_vhWs_G_kq_Dqo8zyXm9MTZgwRabsNb0cCD-SG_CypeChFswuphOnkxPlmekLmuMtpA4ziP-JUM5fpdTSy5sWfG3CiILQ3qu1MRk6tM5yduTJBjZBjeOjETuqo7guPQ2PPYvH3qDwPdeCHQUixKNZDe2iiOYkmEeoZOXqU4lZ1rpNLIypNyqnAkTIyQxVDOFQsUyCbkSkUAMF-3AUjEp7C4QkcpQI7LLEy1YnHOlcpVqnVORdw0NTQtoo41M-8Lkrj_GOKsAChWZU2DmFJh5BbbgeD7lpa7K8dfgLaeQ-UCvixa0G5Vn_ty-Zhjw1EG02Pt91j4s49qiJou1YamczuwBhiWlOqz24ye3q93G
linkProvider IEEE
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3dT9swED8h9gA8jPElytjmB54QKW5iJ_beprKqQIuQKFLfIn9FqkDpVFKQ9tfvnDjVxBDaWxTZiaWz7-53_t0dwAllSgiTishShQDFahdJxljkqELvw7OhlA_oj2_S4T27mvLpGpytcmGcczX5zHX9Y32Xb-dm6UNl58JnWTJUuB_Q7vO4ydZq9S7a9SbxjfM0QpiRhDvMHpXnk8vBnadxiS4CBJmEGEprheq2Kv_o4trADLZh3C6t4ZU8dJeV7prfr6o2_u_aP8HH4GmSH83W2IE1V-7CdtvFgYRDvQtbf5Uk3IPpxWI-s31VfSdNYWPUhsSzHvEtGavHF7Vw5MJVNYOrJKq0pO-LTcwXIaGTPM8UQd82Gnk6Ermte4Ljp_fhfvBz0h9GoftCZBIuK1STPe60QDil4iJBM68ykynBjDZZ4lRMhdMFk5YjKLHUMI2L4iqNhZaJRBSXHMB6OS_dIRCZqdggtitSIxkvhNaFzowpqCx6lsa2A7SVRm5CaXLfIeMxryEKlbkXYO4FmAcBduB0NeVXU5fjvcF7XiCrgUEWHThuRZ6Hk_uUo8vTuNHy6O1Z32BjOBmP8tHlzfVn2MT_yIY6dgzr1WLpvqCTUumv9d78A3Py4RA
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=DroidCat%3A+Effective+Android+Malware+Detection+and+Categorization+via+App-Level+Profiling&rft.jtitle=IEEE+transactions+on+information+forensics+and+security&rft.au=Cai%2C+Haipeng&rft.au=Meng%2C+Na&rft.au=Ryder%2C+Barbara&rft.au=Yao%2C+Daphne&rft.date=2019-06-01&rft.pub=The+Institute+of+Electrical+and+Electronics+Engineers%2C+Inc.+%28IEEE%29&rft.issn=1556-6013&rft.eissn=1556-6021&rft.volume=14&rft.issue=6&rft.spage=1455&rft_id=info:doi/10.1109%2FTIFS.2018.2879302&rft.externalDBID=NO_FULL_TEXT
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1556-6013&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1556-6013&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1556-6013&client=summon