{"id":"https://openalex.org/W4385627058","doi":"https://doi.org/10.1109/tifs.2023.3302509","title":"Obfuscation-Resilient Android Malware Analysis Based on Complementary Features","display_name":"Obfuscation-Resilient Android Malware Analysis Based on Complementary Features","publication_year":2023,"publication_date":"2023-01-01","ids":{"openalex":"https://openalex.org/W4385627058","doi":"https://doi.org/10.1109/tifs.2023.3302509"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2023.3302509","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2023.3302509","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5008919430","display_name":"Cuiying Gao","orcid":"https://orcid.org/0000-0003-0709-3361"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Cuiying Gao","raw_affiliation_strings":["School of Electronic Information and Communications, Huazhong University of Science and Technology, Wuhan, China"],"affiliations":[{"raw_affiliation_string":"School of Electronic Information and Communications, Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5074663989","display_name":"Minghui Cai","orcid":"https://orcid.org/0000-0001-5396-1057"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Minghui Cai","raw_affiliation_strings":["School of Electronic Information and Communications, Huazhong University of Science and Technology, Wuhan, China"],"affiliations":[{"raw_affiliation_string":"School of Electronic Information and Communications, Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5067172848","display_name":"S.Y. Yin","orcid":"https://orcid.org/0009-0006-8185-0999"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shuijun Yin","raw_affiliation_strings":["School of Electronic Information and Communications, Huazhong University of Science and Technology, Wuhan, China"],"affiliations":[{"raw_affiliation_string":"School of Electronic Information and Communications, Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101721318","display_name":"G. Huang","orcid":"https://orcid.org/0000-0002-8090-6210"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Gaozhun Huang","raw_affiliation_strings":["School of Electronic Information and Communications, Huazhong University of Science and Technology, Wuhan, China"],"affiliations":[{"raw_affiliation_string":"School of Electronic Information and Communications, Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5027427522","display_name":"Heng Li","orcid":"https://orcid.org/0000-0001-8045-8983"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Heng Li","raw_affiliation_strings":["School of Electronic Information and Communications, Huazhong University of Science and Technology, Wuhan, China"],"affiliations":[{"raw_affiliation_string":"School of Electronic Information and Communications, Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101957538","display_name":"Wei Yuan","orcid":"https://orcid.org/0000-0002-5867-5364"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wei Yuan","raw_affiliation_strings":["School of Electronic Information and Communications, Huazhong University of Science and Technology, Wuhan, China"],"affiliations":[{"raw_affiliation_string":"School of Electronic Information and Communications, Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100400376","display_name":"Xiapu Luo","orcid":"https://orcid.org/0000-0002-9082-3208"},"institutions":[{"id":"https://openalex.org/I14243506","display_name":"Hong Kong Polytechnic University","ror":"https://ror.org/0030zas98","country_code":"HK","type":"education","lineage":["https://openalex.org/I14243506"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Xiapu Luo","raw_affiliation_strings":["Department of Computing, The Hong Kong Polytechnic University, Hong Kong, China"],"affiliations":[{"raw_affiliation_string":"Department of Computing, The Hong Kong Polytechnic University, Hong Kong, China","institution_ids":["https://openalex.org/I14243506"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5008919430"],"corresponding_institution_ids":["https://openalex.org/I47720641"],"apc_list":null,"apc_paid":null,"fwci":7.9858,"has_fulltext":false,"cited_by_count":41,"citation_normalized_percentile":{"value":0.98374034,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":100},"biblio":{"volume":"18","issue":null,"first_page":"5056","last_page":"5068"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9800000190734863,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9754999876022339,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/opcode","display_name":"Opcode","score":0.9190411567687988},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.878549337387085},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8484134674072266},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8356033563613892},{"id":"https://openalex.org/keywords/android-malware","display_name":"Android malware","score":0.7141230702400208},{"id":"https://openalex.org/keywords/bytecode","display_name":"Bytecode","score":0.7125420570373535},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.7060079574584961},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.4715699553489685},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.4603087902069092},{"id":"https://openalex.org/keywords/cryptovirology","display_name":"Cryptovirology","score":0.4314672350883484},{"id":"https://openalex.org/keywords/reverse-engineering","display_name":"Reverse engineering","score":0.4143160283565521},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2577468156814575},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.23186281323432922},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.21510493755340576},{"id":"https://openalex.org/keywords/virtual-machine","display_name":"Virtual machine","score":0.11662432551383972}],"concepts":[{"id":"https://openalex.org/C52173422","wikidata":"https://www.wikidata.org/wiki/Q766483","display_name":"Opcode","level":2,"score":0.9190411567687988},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.878549337387085},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8484134674072266},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8356033563613892},{"id":"https://openalex.org/C2989133298","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android malware","level":3,"score":0.7141230702400208},{"id":"https://openalex.org/C2779818221","wikidata":"https://www.wikidata.org/wiki/Q837330","display_name":"Bytecode","level":3,"score":0.7125420570373535},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.7060079574584961},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.4715699553489685},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.4603087902069092},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.4314672350883484},{"id":"https://openalex.org/C207850805","wikidata":"https://www.wikidata.org/wiki/Q269608","display_name":"Reverse engineering","level":2,"score":0.4143160283565521},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2577468156814575},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.23186281323432922},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.21510493755340576},{"id":"https://openalex.org/C25344961","wikidata":"https://www.wikidata.org/wiki/Q192726","display_name":"Virtual machine","level":2,"score":0.11662432551383972}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tifs.2023.3302509","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2023.3302509","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1540945245","display_name":null,"funder_award_id":"2022YFF0712300","funder_id":"https://openalex.org/F4320335777","funder_display_name":"National Key Research and Development Program of China"},{"id":"https://openalex.org/G4235129361","display_name":null,"funder_award_id":"2022JYCXJJ035","funder_id":"https://openalex.org/F4320329878","funder_display_name":"Central University Basic Research Fund of China"}],"funders":[{"id":"https://openalex.org/F4320329878","display_name":"Central University Basic Research Fund of China","ror":null},{"id":"https://openalex.org/F4320335777","display_name":"National Key Research and Development Program of China","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":72,"referenced_works":["https://openalex.org/W1614298861","https://openalex.org/W2092942461","https://openalex.org/W2121434426","https://openalex.org/W2122672392","https://openalex.org/W2140095007","https://openalex.org/W2167003418","https://openalex.org/W2264131323","https://openalex.org/W2475731385","https://openalex.org/W2514847810","https://openalex.org/W2560361988","https://openalex.org/W2601621757","https://openalex.org/W2619383789","https://openalex.org/W2625739732","https://openalex.org/W2765793020","https://openalex.org/W2782312689","https://openalex.org/W2783327762","https://openalex.org/W2791541601","https://openalex.org/W2794652108","https://openalex.org/W2794718534","https://openalex.org/W2885070483","https://openalex.org/W2885072546","https://openalex.org/W2955425717","https://openalex.org/W2963383024","https://openalex.org/W2964015378","https://openalex.org/W2964136807","https://openalex.org/W2966342255","https://openalex.org/W2971299916","https://openalex.org/W2972317931","https://openalex.org/W2997690675","https://openalex.org/W2998906013","https://openalex.org/W3000239448","https://openalex.org/W3002912819","https://openalex.org/W3004280948","https://openalex.org/W3006800307","https://openalex.org/W3009677746","https://openalex.org/W3009931536","https://openalex.org/W3021426193","https://openalex.org/W3023980642","https://openalex.org/W3027678336","https://openalex.org/W3029868457","https://openalex.org/W3080555959","https://openalex.org/W3088054835","https://openalex.org/W3097192014","https://openalex.org/W3097730806","https://openalex.org/W3105429705","https://openalex.org/W3111533025","https://openalex.org/W3112311055","https://openalex.org/W3147879240","https://openalex.org/W3161331107","https://openalex.org/W3174906557","https://openalex.org/W3177605005","https://openalex.org/W3185024416","https://openalex.org/W3212677680","https://openalex.org/W3215132138","https://openalex.org/W4212883601","https://openalex.org/W4213449907","https://openalex.org/W4239799938","https://openalex.org/W4281293216","https://openalex.org/W4284673343","https://openalex.org/W4292622305","https://openalex.org/W4295312788","https://openalex.org/W4328028524","https://openalex.org/W6636510571","https://openalex.org/W6668642437","https://openalex.org/W6721237251","https://openalex.org/W6726873649","https://openalex.org/W6762718338","https://openalex.org/W6766978945","https://openalex.org/W6767288045","https://openalex.org/W6778140923","https://openalex.org/W6781932242","https://openalex.org/W6797613833"],"related_works":["https://openalex.org/W4390188637","https://openalex.org/W4385749679","https://openalex.org/W4225094272","https://openalex.org/W2292240422","https://openalex.org/W4226281314","https://openalex.org/W2128389850","https://openalex.org/W3135174262","https://openalex.org/W4226034576","https://openalex.org/W2183925834","https://openalex.org/W4200629572"],"abstract_inverted_index":{"Existing":[0],"Android":[1,24,29,75,126],"malware":[2,25,30,76,137],"detection":[3,52,145,166],"methods":[4,32,167],"are":[5,64],"usually":[6],"hard":[7],"to":[8,22,38,143],"simultaneously":[9],"resist":[10],"various":[11,42],"obfuscation":[12,17,43,142,158],"techniques.":[13],"Therefore,":[14],"bytecode-based":[15],"code":[16,50,68,141],"becomes":[18],"an":[19,73],"effective":[20],"means":[21],"circumvent":[23],"analysis.":[26],"Building":[27],"obfuscation-resilient":[28,74],"analysis":[31,77,138],"is":[33,179],"a":[34],"challenging":[35],"task,":[36],"due":[37],"the":[39,108,122,133,164,197,205],"fact":[40],"that":[41,63],"techniques":[44],"have":[45],"vastly":[46],"different":[47,129,157],"effects":[48],"on":[49,84],"and":[51,94,117,160,171,188,201,203],"features.":[53,146],"To":[54,147],"mitigate":[55],"this":[56],"problem,":[57],"we":[58,71,150],"propose":[59],"combining":[60],"multiple":[61],"features":[62],"complementary":[65],"in":[66],"combating":[67],"obfuscation.":[69],"Accordingly,":[70],"develop":[72],"method":[78],"<italic":[79],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[80],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">CorDroid</i>":[81],",":[82],"based":[83],"two":[85],"new":[86],"features:":[87],"Enhanced":[88],"Sensitive":[89],"Function":[90],"Call":[91],"Graph":[92],"(E-SFCG)":[93],"Opcode-based":[95],"Markov":[96],"transition":[97,111],"Matrix":[98],"(OMM).":[99],"The":[100],"first":[101],"describes":[102],"sensitive":[103],"function":[104],"call":[105],"relationships,":[106],"while":[107],"second":[109],"reflects":[110],"probabilities":[112],"among":[113],"opcodes.":[114],"Combining":[115],"E-SFCG":[116,200],"OMM":[118],"can":[119],"well":[120],"characterize":[121],"runtime":[123],"behavior":[124],"of":[125,135,175,209],"apps":[127],"from":[128],"perspectives,":[130],"hence":[131],"increasing":[132],"difficulty":[134],"misleading":[136],"through":[139],"using":[140],"affect":[144],"evaluate":[148],"CorDroid,":[149],"generate":[151],"74,138":[152],"obfuscated":[153],"samples":[154],"with":[155,163],"14":[156],"techniques,":[159],"compare":[161],"CorDroid":[162,178],"state-of-the-art":[165],"(e.g.,":[168],"MaMaDroid,":[169,183],"RevealDroid":[170],"APIGraph).":[172],"In":[173],"terms":[174],"average":[176],"F1-Score,":[177],"29.69%":[180],"higher":[181,185,190],"than":[182,186,191],"21.80%":[184],"APIGraph,":[187],"9.71%":[189],"RevealDroid,":[192],"respectively.":[193],"Experiments":[194],"also":[195],"validate":[196],"complementarity":[198],"between":[199],"OMM,":[202],"exhibit":[204],"high":[206],"execution":[207],"efficiency":[208],"CorDroid.":[210]},"counts_by_year":[{"year":2026,"cited_by_count":4},{"year":2025,"cited_by_count":18},{"year":2024,"cited_by_count":17},{"year":2023,"cited_by_count":2}],"updated_date":"2026-04-18T07:56:08.524223","created_date":"2025-10-10T00:00:00"}