{"id":"https://openalex.org/W4214808250","doi":"https://doi.org/10.1109/iscisc53448.2021.9720476","title":"A machine learning approach for detecting and categorizing evasion sources in Android malware","display_name":"A machine learning approach for detecting and categorizing evasion sources in Android malware","publication_year":2021,"publication_date":"2021-09-01","ids":{"openalex":"https://openalex.org/W4214808250","doi":"https://doi.org/10.1109/iscisc53448.2021.9720476"},"language":"en","primary_location":{"id":"doi:10.1109/iscisc53448.2021.9720476","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iscisc53448.2021.9720476","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 18th International ISC Conference on Information Security and Cryptology (ISCISC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5078172795","display_name":"Hasan Deeb","orcid":"https://orcid.org/0000-0002-2737-6660"},"institutions":[{"id":"https://openalex.org/I137613304","display_name":"Al-Baath University","ror":"https://ror.org/01pwpsf61","country_code":"SY","type":"education","lineage":["https://openalex.org/I137613304"]}],"countries":["SY"],"is_corresponding":true,"raw_author_name":"Hasan Deeb","raw_affiliation_strings":["Albaath University,Faculty of Informatics Engineering","Faculty of Informatics Engineering, Albaath University"],"affiliations":[{"raw_affiliation_string":"Albaath University,Faculty of Informatics Engineering","institution_ids":["https://openalex.org/I137613304"]},{"raw_affiliation_string":"Faculty of Informatics Engineering, Albaath University","institution_ids":["https://openalex.org/I137613304"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5041128791","display_name":"Hayyan Hasan","orcid":null},"institutions":[{"id":"https://openalex.org/I39268498","display_name":"University of Isfahan","ror":"https://ror.org/05h9t7759","country_code":"IR","type":"education","lineage":["https://openalex.org/I39268498"]},{"id":"https://openalex.org/I137613304","display_name":"Al-Baath University","ror":"https://ror.org/01pwpsf61","country_code":"SY","type":"education","lineage":["https://openalex.org/I137613304"]}],"countries":["IR","SY"],"is_corresponding":false,"raw_author_name":"Hayyan Hasan","raw_affiliation_strings":["University of Isfahan, MDSE Research Group,Faculty of Computer Engineering","Faculty of Mechanical and Electrical Engineering, Albaath University","Faculty of Computer Engineering, University of Isfahan, MDSE Research Group"],"affiliations":[{"raw_affiliation_string":"University of Isfahan, MDSE Research Group,Faculty of Computer Engineering","institution_ids":["https://openalex.org/I39268498"]},{"raw_affiliation_string":"Faculty of Mechanical and Electrical Engineering, Albaath University","institution_ids":["https://openalex.org/I137613304"]},{"raw_affiliation_string":"Faculty of Computer Engineering, University of Isfahan, MDSE Research Group","institution_ids":["https://openalex.org/I39268498"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5054438232","display_name":"Behrouz Tork Ladani","orcid":"https://orcid.org/0000-0003-2280-8839"},"institutions":[{"id":"https://openalex.org/I39268498","display_name":"University of Isfahan","ror":"https://ror.org/05h9t7759","country_code":"IR","type":"education","lineage":["https://openalex.org/I39268498"]}],"countries":["IR"],"is_corresponding":false,"raw_author_name":"Behrouz Tork Ladani","raw_affiliation_strings":["University of Isfahan, MDSE Research Group,Faculty of Computer Engineering","Faculty of Computer Engineering, University of Isfahan, MDSE Research Group"],"affiliations":[{"raw_affiliation_string":"University of Isfahan, MDSE Research Group,Faculty of Computer Engineering","institution_ids":["https://openalex.org/I39268498"]},{"raw_affiliation_string":"Faculty of Computer Engineering, University of Isfahan, MDSE Research Group","institution_ids":["https://openalex.org/I39268498"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5025430523","display_name":"Bahman Zamani","orcid":"https://orcid.org/0000-0001-6424-1442"},"institutions":[{"id":"https://openalex.org/I39268498","display_name":"University of Isfahan","ror":"https://ror.org/05h9t7759","country_code":"IR","type":"education","lineage":["https://openalex.org/I39268498"]}],"countries":["IR"],"is_corresponding":false,"raw_author_name":"Bahman Zamani","raw_affiliation_strings":["University of Isfahan, MDSE Research Group,Faculty of Computer Engineering","Faculty of Computer Engineering, University of Isfahan, MDSE Research Group"],"affiliations":[{"raw_affiliation_string":"University of Isfahan, MDSE Research Group,Faculty of Computer Engineering","institution_ids":["https://openalex.org/I39268498"]},{"raw_affiliation_string":"Faculty of Computer Engineering, University of Isfahan, MDSE Research Group","institution_ids":["https://openalex.org/I39268498"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5078172795"],"corresponding_institution_ids":["https://openalex.org/I137613304"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.19492901,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"2","issue":null,"first_page":"28","last_page":"34"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8245016932487488},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.816344141960144},{"id":"https://openalex.org/keywords/evasion","display_name":"Evasion (ethics)","score":0.7218006253242493},{"id":"https://openalex.org/keywords/android-malware","display_name":"Android malware","score":0.6932014226913452},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.653295636177063},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.6436486840248108},{"id":"https://openalex.org/keywords/categorization","display_name":"Categorization","score":0.5421280860900879},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5258712768554688},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5015974044799805},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.45354241132736206},{"id":"https://openalex.org/keywords/android-application","display_name":"Android application","score":0.44554203748703003},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.35199251770973206},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3252815008163452},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.15308383107185364}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8245016932487488},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.816344141960144},{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.7218006253242493},{"id":"https://openalex.org/C2989133298","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android malware","level":3,"score":0.6932014226913452},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.653295636177063},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.6436486840248108},{"id":"https://openalex.org/C94124525","wikidata":"https://www.wikidata.org/wiki/Q912550","display_name":"Categorization","level":2,"score":0.5421280860900879},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5258712768554688},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5015974044799805},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.45354241132736206},{"id":"https://openalex.org/C3017891749","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android application","level":3,"score":0.44554203748703003},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.35199251770973206},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3252815008163452},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.15308383107185364},{"id":"https://openalex.org/C203014093","wikidata":"https://www.wikidata.org/wiki/Q101929","display_name":"Immunology","level":1,"score":0.0},{"id":"https://openalex.org/C8891405","wikidata":"https://www.wikidata.org/wiki/Q1059","display_name":"Immune system","level":2,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/iscisc53448.2021.9720476","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iscisc53448.2021.9720476","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 18th International ISC Conference on Information Security and Cryptology (ISCISC)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6000000238418579,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":23,"referenced_works":["https://openalex.org/W273955616","https://openalex.org/W2017025011","https://openalex.org/W2078197322","https://openalex.org/W2083755826","https://openalex.org/W2571682498","https://openalex.org/W2590489721","https://openalex.org/W2608204476","https://openalex.org/W2618126787","https://openalex.org/W2620844046","https://openalex.org/W2811511039","https://openalex.org/W2883902095","https://openalex.org/W2901217160","https://openalex.org/W2904583559","https://openalex.org/W2963989339","https://openalex.org/W2990954041","https://openalex.org/W3044551040","https://openalex.org/W3108389992","https://openalex.org/W3119955105","https://openalex.org/W3132284896","https://openalex.org/W3135174262","https://openalex.org/W3160345471","https://openalex.org/W4248587618","https://openalex.org/W6610017368"],"related_works":["https://openalex.org/W2783112941","https://openalex.org/W2526398307","https://openalex.org/W2782775281","https://openalex.org/W2439951656","https://openalex.org/W2470029541","https://openalex.org/W2560361988","https://openalex.org/W4387065217","https://openalex.org/W2507113366","https://openalex.org/W1573526548","https://openalex.org/W4368275542"],"abstract_inverted_index":{"Evasion":[0],"techniques":[1],"are":[2,86,96,216,221,231],"used":[3,140,156,233],"by":[4,28,218,224,234],"some":[5,83],"Android":[6,121,148,179],"malware":[7,71,235],"to":[8,14,41,60,113,132,141,157,171],"hide":[9],"their":[10,16],"malicious":[11],"behavior":[12,68],"and":[13,64,115,198],"hinder":[15],"execution":[17],"during":[18],"the":[19,53,66,70,89,98,143,147,152,159,168,195,201,214,225],"dynamic":[20,99,227],"analysis":[21,100,228],"process.":[22],"Many":[23],"tools":[24],"tackle":[25],"such":[26],"evasions":[27,63,189,215],"using":[29],"a":[30,109,127,172],"manually":[31,128],"created":[32],"list":[33,74,90],"of":[34,39,69,75,146,175,188,192,213],"API":[35,94,149,180],"functions":[36,95],"(as":[37],"sources":[38,77,85,119,162],"evasions)":[40],"detect":[42,114,142,186],"these":[43,62],"evasions.":[44],"As":[45],"an":[46],"important":[47],"consequence,":[48],"no":[49],"matter":[50],"how":[51],"good":[52],"tool":[54],"is,":[55],"it":[56],"can":[57,101],"only":[58],"guarantee":[59],"defeat":[61],"extract":[65],"real":[67],"if":[72,82],"its":[73],"evasion":[76,84,118,144,161],"is":[78,139,155],"complete.":[79],"This":[80],"way,":[81],"missing":[87],"from":[88,178],"or":[91],"when":[92],"similar":[93],"used,":[97],"be":[102],"hindered.":[103],"In":[104],"this":[105],"paper,":[106],"we":[107],"propose":[108],"machine":[110],"learning":[111],"approach":[112,125,170,184],"categorize":[116,158],"various":[117],"in":[120],"malware.":[122],"The":[123,136,182,204],"proposed":[124,169,183],"uses":[126],"collected":[129],"training":[130],"dataset":[131],"train":[133],"two":[134],"classifiers.":[135],"first":[137,196],"classifier":[138,154,197],"nature":[145],"methods,":[150],"while":[151],"second":[153,202],"detected":[160,217],"into":[163],"predefined":[164],"categories.":[165],"We":[166],"applied":[167],"large":[173],"number":[174],"methods":[176],"extracted":[177],"27.":[181],"could":[185],"hundreds":[187],"with":[190],"accuracy":[191],"92.8%":[193],"for":[194,200,206],"90.5%":[199],"classifier.":[203],"evaluation":[205],"500":[207],"real-world":[208],"samples":[209],"showed":[210],"that":[211,230],"many":[212],"our":[219],"approach,":[220],"not":[222],"considered":[223],"state-of-the-art":[226],"frameworks":[229],"indeed":[232],"samples.":[236]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}