{"id":"https://openalex.org/W4399620348","doi":"https://doi.org/10.1109/tifs.2024.3414339","title":"MTDroid: A Moving Target Defense-Based Android Malware Detector Against Evasion Attacks","display_name":"MTDroid: A Moving Target Defense-Based Android Malware Detector Against Evasion Attacks","publication_year":2024,"publication_date":"2024-01-01","ids":{"openalex":"https://openalex.org/W4399620348","doi":"https://doi.org/10.1109/tifs.2024.3414339"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2024.3414339","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2024.3414339","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5077862885","display_name":"Yuyang Zhou","orcid":"https://orcid.org/0000-0001-8626-0468"},"institutions":[{"id":"https://openalex.org/I4210155350","display_name":"Purple Mountain Laboratories","ror":"https://ror.org/04zcbk583","country_code":"CN","type":"facility","lineage":["https://openalex.org/I4210155350"]},{"id":"https://openalex.org/I76569877","display_name":"Southeast University","ror":"https://ror.org/04ct4d772","country_code":"CN","type":"education","lineage":["https://openalex.org/I76569877"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Yuyang Zhou","raw_affiliation_strings":["School of Cyber Science and Engineering, Southeast University, Nanjing, China","School of Cyber Science and Engineering, Southeast University, Purple Mountain Laboratories, and Jiangsu Province Engineering Research Center of Security for Ubiquitous Network, Nanjing, China"],"affiliations":[{"raw_affiliation_string":"School of Cyber Science and Engineering, Southeast University, Nanjing, China","institution_ids":["https://openalex.org/I76569877"]},{"raw_affiliation_string":"School of Cyber Science and Engineering, Southeast University, Purple Mountain Laboratories, and Jiangsu Province Engineering Research Center of Security for Ubiquitous Network, Nanjing, China","institution_ids":["https://openalex.org/I4210155350","https://openalex.org/I76569877"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043707940","display_name":"Guang Cheng","orcid":"https://orcid.org/0000-0001-8642-4362"},"institutions":[{"id":"https://openalex.org/I4210155350","display_name":"Purple Mountain Laboratories","ror":"https://ror.org/04zcbk583","country_code":"CN","type":"facility","lineage":["https://openalex.org/I4210155350"]},{"id":"https://openalex.org/I76569877","display_name":"Southeast University","ror":"https://ror.org/04ct4d772","country_code":"CN","type":"education","lineage":["https://openalex.org/I76569877"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Guang Cheng","raw_affiliation_strings":["School of Cyber Science and Engineering, Southeast University, Nanjing, China","School of Cyber Science and Engineering, Southeast University, Purple Mountain Laboratories, and Jiangsu Province Engineering Research Center of Security for Ubiquitous Network, Nanjing, China"],"affiliations":[{"raw_affiliation_string":"School of Cyber Science and Engineering, Southeast University, Nanjing, China","institution_ids":["https://openalex.org/I76569877"]},{"raw_affiliation_string":"School of Cyber Science and Engineering, Southeast University, Purple Mountain Laboratories, and Jiangsu Province Engineering Research Center of Security for Ubiquitous Network, Nanjing, China","institution_ids":["https://openalex.org/I4210155350","https://openalex.org/I76569877"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5005228053","display_name":"Shui Yu","orcid":"https://orcid.org/0000-0003-4485-6743"},"institutions":[{"id":"https://openalex.org/I114017466","display_name":"University of Technology Sydney","ror":"https://ror.org/03f0f6041","country_code":"AU","type":"education","lineage":["https://openalex.org/I114017466"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Shui Yu","raw_affiliation_strings":["School of Computer Science, University of Technology Sydney, Ultimo, NSW, Australia"],"affiliations":[{"raw_affiliation_string":"School of Computer Science, University of Technology Sydney, Ultimo, NSW, Australia","institution_ids":["https://openalex.org/I114017466"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103032123","display_name":"Zongyao Chen","orcid":"https://orcid.org/0000-0002-8589-8096"},"institutions":[{"id":"https://openalex.org/I4210155350","display_name":"Purple Mountain Laboratories","ror":"https://ror.org/04zcbk583","country_code":"CN","type":"facility","lineage":["https://openalex.org/I4210155350"]},{"id":"https://openalex.org/I76569877","display_name":"Southeast University","ror":"https://ror.org/04ct4d772","country_code":"CN","type":"education","lineage":["https://openalex.org/I76569877"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zongyao Chen","raw_affiliation_strings":["School of Cyber Science and Engineering, Southeast University, Nanjing, China","School of Cyber Science and Engineering, Southeast University, Purple Mountain Laboratories, and Jiangsu Province Engineering Research Center of Security for Ubiquitous Network, Nanjing, China"],"affiliations":[{"raw_affiliation_string":"School of Cyber Science and Engineering, Southeast University, Nanjing, China","institution_ids":["https://openalex.org/I76569877"]},{"raw_affiliation_string":"School of Cyber Science and Engineering, Southeast University, Purple Mountain Laboratories, and Jiangsu Province Engineering Research Center of Security for Ubiquitous Network, Nanjing, China","institution_ids":["https://openalex.org/I4210155350","https://openalex.org/I76569877"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5110618734","display_name":"Yujia Hu","orcid":null},"institutions":[{"id":"https://openalex.org/I4210155350","display_name":"Purple Mountain Laboratories","ror":"https://ror.org/04zcbk583","country_code":"CN","type":"facility","lineage":["https://openalex.org/I4210155350"]},{"id":"https://openalex.org/I76569877","display_name":"Southeast University","ror":"https://ror.org/04ct4d772","country_code":"CN","type":"education","lineage":["https://openalex.org/I76569877"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yujia Hu","raw_affiliation_strings":["School of Cyber Science and Engineering, Southeast University, Nanjing, China","School of Cyber Science and Engineering, Southeast University, Purple Mountain Laboratories, and Jiangsu Province Engineering Research Center of Security for Ubiquitous Network, Nanjing, China"],"affiliations":[{"raw_affiliation_string":"School of Cyber Science and Engineering, Southeast University, Nanjing, China","institution_ids":["https://openalex.org/I76569877"]},{"raw_affiliation_string":"School of Cyber Science and Engineering, Southeast University, Purple Mountain Laboratories, and Jiangsu Province Engineering Research Center of Security for Ubiquitous Network, Nanjing, China","institution_ids":["https://openalex.org/I4210155350","https://openalex.org/I76569877"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5077862885"],"corresponding_institution_ids":["https://openalex.org/I4210155350","https://openalex.org/I76569877"],"apc_list":null,"apc_paid":null,"fwci":4.5174,"has_fulltext":false,"cited_by_count":13,"citation_normalized_percentile":{"value":0.95362519,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":99},"biblio":{"volume":"19","issue":null,"first_page":"6377","last_page":"6392"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9972000122070312,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9524999856948853,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/android-malware","display_name":"Android malware","score":0.8452067375183105},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8243231773376465},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7799866795539856},{"id":"https://openalex.org/keywords/evasion","display_name":"Evasion (ethics)","score":0.7736786007881165},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.6939157247543335},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6905325651168823},{"id":"https://openalex.org/keywords/detector","display_name":"Detector","score":0.5005099773406982},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.389384388923645},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.20247569680213928},{"id":"https://openalex.org/keywords/telecommunications","display_name":"Telecommunications","score":0.09601092338562012}],"concepts":[{"id":"https://openalex.org/C2989133298","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android malware","level":3,"score":0.8452067375183105},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8243231773376465},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7799866795539856},{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.7736786007881165},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.6939157247543335},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6905325651168823},{"id":"https://openalex.org/C94915269","wikidata":"https://www.wikidata.org/wiki/Q1834857","display_name":"Detector","level":2,"score":0.5005099773406982},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.389384388923645},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.20247569680213928},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.09601092338562012},{"id":"https://openalex.org/C8891405","wikidata":"https://www.wikidata.org/wiki/Q1059","display_name":"Immune system","level":2,"score":0.0},{"id":"https://openalex.org/C203014093","wikidata":"https://www.wikidata.org/wiki/Q101929","display_name":"Immunology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tifs.2024.3414339","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2024.3414339","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1793682622","display_name":null,"funder_award_id":"62072100","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G498661955","display_name":null,"funder_award_id":"2022M710677","funder_id":"https://openalex.org/F4320321543","funder_display_name":"China Postdoctoral Science Foundation"},{"id":"https://openalex.org/G6062750719","display_name":null,"funder_award_id":"CMYJY-202100163","funder_id":"https://openalex.org/F4320330084","funder_display_name":"Research and Innovation Foundation"},{"id":"https://openalex.org/G6188450572","display_name":null,"funder_award_id":"62202097","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320321543","display_name":"China Postdoctoral Science Foundation","ror":"https://ror.org/0426zh255"},{"id":"https://openalex.org/F4320330084","display_name":"Research and Innovation Foundation","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":65,"referenced_works":["https://openalex.org/W9657784","https://openalex.org/W2017025011","https://openalex.org/W2060692877","https://openalex.org/W2122672392","https://openalex.org/W2744095836","https://openalex.org/W2775261393","https://openalex.org/W2800912855","https://openalex.org/W2803054784","https://openalex.org/W2885070483","https://openalex.org/W2900275727","https://openalex.org/W2903660849","https://openalex.org/W2913770005","https://openalex.org/W2945645805","https://openalex.org/W2949639282","https://openalex.org/W2962847335","https://openalex.org/W2963204406","https://openalex.org/W2963777745","https://openalex.org/W2963857521","https://openalex.org/W2964082701","https://openalex.org/W2964159373","https://openalex.org/W2966342255","https://openalex.org/W2969244304","https://openalex.org/W2986232939","https://openalex.org/W2988796733","https://openalex.org/W2996903041","https://openalex.org/W2998279441","https://openalex.org/W3013219028","https://openalex.org/W3015481738","https://openalex.org/W3022563222","https://openalex.org/W3032638893","https://openalex.org/W3035579498","https://openalex.org/W3036847733","https://openalex.org/W3044900311","https://openalex.org/W3087792431","https://openalex.org/W3097192014","https://openalex.org/W3103836116","https://openalex.org/W3104141960","https://openalex.org/W3105429705","https://openalex.org/W3152624640","https://openalex.org/W3162825625","https://openalex.org/W3163963286","https://openalex.org/W3180545700","https://openalex.org/W3198840923","https://openalex.org/W3202406575","https://openalex.org/W3210353517","https://openalex.org/W3210387949","https://openalex.org/W3212789951","https://openalex.org/W4224231904","https://openalex.org/W4244726870","https://openalex.org/W4245027182","https://openalex.org/W4293846201","https://openalex.org/W4308529607","https://openalex.org/W4312740545","https://openalex.org/W4316021890","https://openalex.org/W4362703128","https://openalex.org/W4365801590","https://openalex.org/W4382119126","https://openalex.org/W4383754176","https://openalex.org/W4391897266","https://openalex.org/W6639024520","https://openalex.org/W6640425456","https://openalex.org/W6743618022","https://openalex.org/W6745480919","https://openalex.org/W6754733991","https://openalex.org/W6756896497"],"related_works":["https://openalex.org/W2783112941","https://openalex.org/W4387298227","https://openalex.org/W2526398307","https://openalex.org/W2782775281","https://openalex.org/W2470029541","https://openalex.org/W2560361988","https://openalex.org/W4387065217","https://openalex.org/W2507113366","https://openalex.org/W2717179875","https://openalex.org/W4249118297"],"abstract_inverted_index":{"Machine":[0],"learning":[1,207],"(ML)":[2],"has":[3,23],"been":[4,24],"widely":[5],"adopted":[6],"for":[7,61],"Android":[8,91,124],"malware":[9,19,125],"detection":[10,29,126],"to":[11,34,45,84,102,141,157,182,203,215],"deal":[12],"with":[13,173],"serious":[14],"threats":[15],"brought":[16],"by":[17,166],"explosive":[18],"attacks.":[20,147],"However,":[21],"it":[22],"recently":[25],"proven":[26],"that":[27,224],"ML-based":[28],"systems":[30],"exhibit":[31],"inherent":[32],"vulnerabilities":[33],"evasion":[35,146],"attacks,":[36,188],"which":[37,130],"inject":[38],"adversarial":[39],"perturbations":[40],"into":[41],"a":[42,122,133,153,163,199,211,231],"malicious":[43,48],"app":[44],"hide":[46],"its":[47],"behaviors":[49],"and":[50,90,112,139,168,189,209,236],"evade":[51],"detection.":[52],"To":[53,148],"date,":[54],"researchers":[55],"have":[56],"not":[57],"found":[58],"effective":[59],"solutions":[60],"this":[62,94,149],"critical":[63],"problem.":[64],"Although":[65],"there":[66],"are":[67],"some":[68],"similar":[69],"works":[70],"in":[71],"the":[72,85,105,109,116,143,159,205,217,228,238],"image":[73],"classification":[74],"field,":[75],"most":[76],"of":[77,108,136,145,162,234],"those":[78],"ideas":[79],"cannot":[80],"be":[81],"borrowed":[82],"due":[83],"significant":[86],"differences":[87],"between":[88],"images":[89],"apps.":[92],"In":[93],"paper,":[95],"we":[96,151,197],"exploit":[97],"Moving":[98],"Target":[99],"Defense":[100],"(MTD)":[101],"continually":[103],"change":[104],"attack":[106],"surface":[107],"protected":[110],"detector":[111],"create":[113],"uncertainty":[114],"on":[115],"attacker":[117],"side.":[118],"We":[119,176],"thus":[120],"propose":[121,198],"novel":[123],"framework":[127,218],"named":[128],"MTDroid,":[129],"fully":[131],"leverages":[132],"seamless":[134],"blend":[135],"dynamicity,":[137],"diversity,":[138],"heterogeneity":[140],"mitigate":[142],"impact":[144],"end,":[150],"develop":[152],"dynamic":[154],"model":[155],"pool":[156],"decrease":[158],"exposure":[160],"time":[161],"single":[164],"classifier,":[165],"building":[167],"rebuilding":[169],"multiple":[170],"heterogeneous":[171],"models":[172,181],"distinct":[174],"data.":[175],"then":[177],"generate":[178],"diversified":[179],"variant":[180],"provide":[183],"defensive":[184],"measures":[185],"against":[186,230],"various":[187],"further":[190],"improve":[191],"robustness":[192,229],"through":[193],"ensemble":[194,206],"learning.":[195],"Specifically,":[196],"two-stage":[200],"selection":[201],"algorithm":[202],"optimize":[204],"process,":[208],"design":[210],"hybrid":[212],"update":[213],"strategy":[214],"refresh":[216],"dynamically.":[219],"The":[220],"experimental":[221],"results":[222],"show":[223],"MTDroid":[225],"significantly":[226],"enhances":[227],"wide":[232],"range":[233],"attacks":[235],"outperforms":[237],"state-of-the-art":[239],"methods":[240],"upon":[241],"three":[242],"popular":[243],"practical":[244],"datasets.":[245]},"counts_by_year":[{"year":2025,"cited_by_count":9},{"year":2024,"cited_by_count":4}],"updated_date":"2026-04-02T15:55:50.835912","created_date":"2025-10-10T00:00:00"}