{"id":"https://openalex.org/W2583329118","doi":"https://doi.org/10.1109/tifs.2017.2661723","title":"Auditing Anti-Malware Tools by Evolving Android Malware and Dynamic Loading Technique","display_name":"Auditing Anti-Malware Tools by Evolving Android Malware and Dynamic Loading Technique","publication_year":2017,"publication_date":"2017-01-31","ids":{"openalex":"https://openalex.org/W2583329118","doi":"https://doi.org/10.1109/tifs.2017.2661723","mag":"2583329118"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2017.2661723","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2017.2661723","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://ink.library.smu.edu.sg/sis_research/4853","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5083669929","display_name":"Yinxing Xue","orcid":"https://orcid.org/0000-0002-2979-7151"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":true,"raw_author_name":"Yinxing Xue","raw_affiliation_strings":["Nanyang Technological University, Singapore"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5017417068","display_name":"Guozhu Meng","orcid":"https://orcid.org/0000-0001-6388-2571"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Guozhu Meng","raw_affiliation_strings":["Nanyang Technological University, Singapore"],"raw_orcid":"https://orcid.org/0000-0001-6388-2571","affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100355692","display_name":"Yang Liu","orcid":"https://orcid.org/0000-0001-7300-9215"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Yang Liu","raw_affiliation_strings":["Nanyang Technological University, Singapore"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5007391734","display_name":"Tian Tan","orcid":"https://orcid.org/0009-0009-3792-1237"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Tian Huat Tan","raw_affiliation_strings":["Acronis Software, Singapore"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Acronis Software, Singapore","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5107243315","display_name":"Hongxu Chen","orcid":"https://orcid.org/0000-0001-7983-2544"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Hongxu Chen","raw_affiliation_strings":["Nanyang Technological University, Singapore"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100429004","display_name":"Jun Sun","orcid":"https://orcid.org/0000-0002-3545-1392"},"institutions":[{"id":"https://openalex.org/I152815399","display_name":"Singapore University of Technology and Design","ror":"https://ror.org/05j6fvn87","country_code":"SG","type":"education","lineage":["https://openalex.org/I152815399"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Jun Sun","raw_affiliation_strings":["Singapore University of Technology and Design, Singapore"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Singapore University of Technology and Design, Singapore","institution_ids":["https://openalex.org/I152815399"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100436880","display_name":"Jie Zhang","orcid":"https://orcid.org/0000-0003-2979-3182"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Jie Zhang","raw_affiliation_strings":["Nanyang Technological University, Singapore"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore","institution_ids":["https://openalex.org/I172675005"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5083669929"],"corresponding_institution_ids":["https://openalex.org/I172675005"],"apc_list":null,"apc_paid":null,"fwci":6.338,"has_fulltext":false,"cited_by_count":92,"citation_normalized_percentile":{"value":0.97287165,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":100},"biblio":{"volume":"12","issue":"7","first_page":"1529","last_page":"1544"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9955000281333923,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9840999841690063,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.9232250452041626},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8738380670547485},{"id":"https://openalex.org/keywords/cryptovirology","display_name":"Cryptovirology","score":0.6949271559715271},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.6556777954101562},{"id":"https://openalex.org/keywords/android-malware","display_name":"Android malware","score":0.6342336535453796},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.5264047980308533},{"id":"https://openalex.org/keywords/evasion","display_name":"Evasion (ethics)","score":0.5001735687255859},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.45927080512046814},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.44920364022254944},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.4325740933418274},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.41875866055488586},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.31819212436676025},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.1523558497428894}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.9232250452041626},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8738380670547485},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.6949271559715271},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.6556777954101562},{"id":"https://openalex.org/C2989133298","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android malware","level":3,"score":0.6342336535453796},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.5264047980308533},{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.5001735687255859},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.45927080512046814},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.44920364022254944},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.4325740933418274},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.41875866055488586},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.31819212436676025},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.1523558497428894},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C8891405","wikidata":"https://www.wikidata.org/wiki/Q1059","display_name":"Immune system","level":2,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C203014093","wikidata":"https://www.wikidata.org/wiki/Q101929","display_name":"Immunology","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/tifs.2017.2661723","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2017.2661723","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},{"id":"pmh:oai:ink.library.smu.edu.sg:sis_research-5856","is_oa":true,"landing_page_url":"https://ink.library.smu.edu.sg/sis_research/4853","pdf_url":null,"source":{"id":"https://openalex.org/S4377196871","display_name":"Institutional Knowledge (InK) - Institutional Knowledge at Singapore Management University (Singapore Management University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I79891267","host_organization_name":"Singapore Management University","host_organization_lineage":["https://openalex.org/I79891267"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"https://doi.org/10.1109/TIFS.2017.2661723","raw_type":"Journal Article"}],"best_oa_location":{"id":"pmh:oai:ink.library.smu.edu.sg:sis_research-5856","is_oa":true,"landing_page_url":"https://ink.library.smu.edu.sg/sis_research/4853","pdf_url":null,"source":{"id":"https://openalex.org/S4377196871","display_name":"Institutional Knowledge (InK) - Institutional Knowledge at Singapore Management University (Singapore Management University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I79891267","host_organization_name":"Singapore Management University","host_organization_lineage":["https://openalex.org/I79891267"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"https://doi.org/10.1109/TIFS.2017.2661723","raw_type":"Journal Article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G4277038479","display_name":null,"funder_award_id":"NRF2014NCR-NCR001-30","funder_id":"https://openalex.org/F4320320709","funder_display_name":"National Research Foundation Singapore"}],"funders":[{"id":"https://openalex.org/F4320320709","display_name":"National Research Foundation Singapore","ror":"https://ror.org/03cpyc314"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":65,"referenced_works":["https://openalex.org/W183494281","https://openalex.org/W1502575381","https://openalex.org/W1535984709","https://openalex.org/W1847288881","https://openalex.org/W1963971515","https://openalex.org/W1966150547","https://openalex.org/W1982773740","https://openalex.org/W1993828811","https://openalex.org/W2014390890","https://openalex.org/W2014938705","https://openalex.org/W2023975773","https://openalex.org/W2025525377","https://openalex.org/W2031666744","https://openalex.org/W2038165128","https://openalex.org/W2043410321","https://openalex.org/W2044258615","https://openalex.org/W2045673642","https://openalex.org/W2064038877","https://openalex.org/W2065304158","https://openalex.org/W2067547021","https://openalex.org/W2070386561","https://openalex.org/W2071536101","https://openalex.org/W2085577046","https://openalex.org/W2088983597","https://openalex.org/W2089735638","https://openalex.org/W2090403712","https://openalex.org/W2092375860","https://openalex.org/W2097536098","https://openalex.org/W2099213660","https://openalex.org/W2101550520","https://openalex.org/W2109877485","https://openalex.org/W2113201637","https://openalex.org/W2121008990","https://openalex.org/W2122672392","https://openalex.org/W2125011234","https://openalex.org/W2135048318","https://openalex.org/W2140095007","https://openalex.org/W2152149943","https://openalex.org/W2158874007","https://openalex.org/W2167003418","https://openalex.org/W2168103835","https://openalex.org/W2182729154","https://openalex.org/W2199478250","https://openalex.org/W2245314115","https://openalex.org/W2248270447","https://openalex.org/W2334842536","https://openalex.org/W2400528202","https://openalex.org/W2403995870","https://openalex.org/W2462192250","https://openalex.org/W2465557945","https://openalex.org/W2477378326","https://openalex.org/W2505939533","https://openalex.org/W2951606663","https://openalex.org/W4230126391","https://openalex.org/W4239799938","https://openalex.org/W4242210993","https://openalex.org/W4255176593","https://openalex.org/W6607414916","https://openalex.org/W6630193162","https://openalex.org/W6632122400","https://openalex.org/W6641190993","https://openalex.org/W6646093935","https://openalex.org/W6677127361","https://openalex.org/W6713182605","https://openalex.org/W6724791921"],"related_works":["https://openalex.org/W4285357405","https://openalex.org/W2731848812","https://openalex.org/W3135174262","https://openalex.org/W2183925834","https://openalex.org/W3200508744","https://openalex.org/W4283578543","https://openalex.org/W4387065217","https://openalex.org/W4225094272","https://openalex.org/W2965893286","https://openalex.org/W2803049783"],"abstract_inverted_index":{"Although":[0],"a":[1,62,151],"previous":[2,49],"paper":[3],"shows":[4],"that":[5,28,98,136,202],"existing":[6,20,100,203,220],"anti-malware":[7],"tools":[8],"(AMTs)":[9],"may":[10],"have":[11,40,96],"high":[12],"detection":[13,104],"rate,":[14],"the":[15,67,99,119,125,140,167,217],"report":[16],"is":[17,37],"based":[18,117],"on":[19,118,174,191,198],"malware":[21,53,57,63,91,112,153],"and":[22,71,129,165,180],"thus":[23],"it":[24],"does":[25],"not":[26],"imply":[27],"AMTs":[29,101,141,204],"can":[30,138],"effectively":[31],"deal":[32],"with":[33,82],"future":[34],"malware.":[35,213],"It":[36],"desirable":[38],"to":[39,60,132],"an":[41,83],"alternative":[42],"way":[43,88],"of":[44,106,189,207,210],"auditing":[45],"AMTs.":[46,221],"In":[47,114],"our":[48,146,211],"paper,":[50,116],"we":[51,89,123,137,215],"use":[52],"samples":[54],"from":[55],"android":[56],"collection":[58],"Genome":[59],"summarize":[61],"meta-model":[64],"for":[65,92,108,219],"modularizing":[66],"common":[68],"attack":[69,121,159],"behaviors":[70],"evasion":[72],"techniques":[73,131],"in":[74,86],"reusable":[75],"features.":[76],"We":[77,144],"then":[78],"combine":[79],"different":[80],"features":[81,160],"evolutionary":[84],"algorithm,":[85],"which":[87],"evolve":[90],"variants.":[93,113],"Previous":[94],"results":[95,197],"shown":[97],"only":[102],"exhibit":[103],"rate":[105],"20%-30%":[107],"10":[109],"000":[110],"evolved":[111],"this":[115],"modularized":[120],"features,":[122],"apply":[124],"dynamic":[126,175,187],"code":[127,176],"generation":[128,154],"loading":[130,181],"produce":[133],"malware,":[134],"so":[135],"audit":[139],"at":[142,171,194],"runtime.":[143,172,195],"implement":[145],"approach,":[147],"named":[148],"Mystique-S,":[149],"as":[150],"service-oriented":[152],"system.":[155],"Mystique-S":[156,185],"automatically":[157],"selects":[158],"under":[161],"various":[162],"user":[163,192],"scenarios":[164],"delivers":[166],"corresponding":[168],"malicious":[169],"payloads":[170,190],"Relying":[173],"binding":[177],"(via":[178,182],"service)":[179],"reflection)":[183],"techniques,":[184],"enables":[186],"execution":[188],"devices":[193,200],"Experimental":[196],"real-world":[199],"show":[201],"are":[205],"incapable":[206],"detecting":[208],"most":[209],"generated":[212],"Last,":[214],"propose":[216],"enhancements":[218]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":9},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":22},{"year":2021,"cited_by_count":16},{"year":2020,"cited_by_count":11},{"year":2019,"cited_by_count":10},{"year":2018,"cited_by_count":7},{"year":2017,"cited_by_count":6}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}