{"id":"https://openalex.org/W7127089978","doi":"https://doi.org/10.1109/trustcom66490.2025.00082","title":"MalShield: Enhancing Android Malware Detection with Stateful Defense against Query Attacks","display_name":"MalShield: Enhancing Android Malware Detection with Stateful Defense against Query Attacks","publication_year":2025,"publication_date":"2025-11-14","ids":{"openalex":"https://openalex.org/W7127089978","doi":"https://doi.org/10.1109/trustcom66490.2025.00082"},"language":null,"primary_location":{"id":"doi:10.1109/trustcom66490.2025.00082","is_oa":false,"landing_page_url":"https://doi.org/10.1109/trustcom66490.2025.00082","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE 24th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5124770939","display_name":"Hengyu Zhang","orcid":null},"institutions":[{"id":"https://openalex.org/I76569877","display_name":"Southeast University","ror":"https://ror.org/04ct4d772","country_code":"CN","type":"education","lineage":["https://openalex.org/I76569877"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Hengyu Zhang","raw_affiliation_strings":["Southeast University,School of Cyber Science and Engineering,Nanjing,China,211189"],"affiliations":[{"raw_affiliation_string":"Southeast University,School of Cyber Science and Engineering,Nanjing,China,211189","institution_ids":["https://openalex.org/I76569877"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5042490620","display_name":"Guang Cheng","orcid":"https://orcid.org/0000-0002-6860-4420"},"institutions":[{"id":"https://openalex.org/I76569877","display_name":"Southeast University","ror":"https://ror.org/04ct4d772","country_code":"CN","type":"education","lineage":["https://openalex.org/I76569877"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Guang Cheng","raw_affiliation_strings":["Southeast University,School of Cyber Science and Engineering,Nanjing,China,211189"],"affiliations":[{"raw_affiliation_string":"Southeast University,School of Cyber Science and Engineering,Nanjing,China,211189","institution_ids":["https://openalex.org/I76569877"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5124771032","display_name":"Yuyang Zhou","orcid":null},"institutions":[{"id":"https://openalex.org/I76569877","display_name":"Southeast University","ror":"https://ror.org/04ct4d772","country_code":"CN","type":"education","lineage":["https://openalex.org/I76569877"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yuyang Zhou","raw_affiliation_strings":["Southeast University,School of Cyber Science and Engineering,Nanjing,China,211189"],"affiliations":[{"raw_affiliation_string":"Southeast University,School of Cyber Science and Engineering,Nanjing,China,211189","institution_ids":["https://openalex.org/I76569877"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5124766466","display_name":"Zongyao Chen","orcid":null},"institutions":[{"id":"https://openalex.org/I76569877","display_name":"Southeast University","ror":"https://ror.org/04ct4d772","country_code":"CN","type":"education","lineage":["https://openalex.org/I76569877"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zongyao Chen","raw_affiliation_strings":["Southeast University,School of Cyber Science and Engineering,Nanjing,China,211189"],"affiliations":[{"raw_affiliation_string":"Southeast University,School of Cyber Science and Engineering,Nanjing,China,211189","institution_ids":["https://openalex.org/I76569877"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5124770939"],"corresponding_institution_ids":["https://openalex.org/I76569877"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.69585537,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"681","last_page":"689"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9696000218391418,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9696000218391418,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.007699999958276749,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.003700000001117587,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/stateful-firewall","display_name":"Stateful firewall","score":0.7753999829292297},{"id":"https://openalex.org/keywords/android-malware","display_name":"Android malware","score":0.6011999845504761},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.48030000925064087},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.4352000057697296},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.4302999973297119},{"id":"https://openalex.org/keywords/query-expansion","display_name":"Query expansion","score":0.4036000072956085},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.40209999680519104},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.3864000141620636}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8324000239372253},{"id":"https://openalex.org/C22927095","wikidata":"https://www.wikidata.org/wiki/Q1784206","display_name":"Stateful firewall","level":3,"score":0.7753999829292297},{"id":"https://openalex.org/C2989133298","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android malware","level":3,"score":0.6011999845504761},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.48030000925064087},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4657999873161316},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.4352000057697296},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.4302999973297119},{"id":"https://openalex.org/C99016210","wikidata":"https://www.wikidata.org/wiki/Q5488129","display_name":"Query expansion","level":2,"score":0.4036000072956085},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.40209999680519104},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.3864000141620636},{"id":"https://openalex.org/C157692150","wikidata":"https://www.wikidata.org/wiki/Q2919848","display_name":"Query optimization","level":2,"score":0.3497999906539917},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.32580000162124634},{"id":"https://openalex.org/C118689300","wikidata":"https://www.wikidata.org/wiki/Q7978614","display_name":"Web query classification","level":4,"score":0.32170000672340393},{"id":"https://openalex.org/C194222762","wikidata":"https://www.wikidata.org/wiki/Q114486","display_name":"Query by Example","level":4,"score":0.3215999901294708},{"id":"https://openalex.org/C186967261","wikidata":"https://www.wikidata.org/wiki/Q5082128","display_name":"Mobile device","level":2,"score":0.2930999994277954},{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.290800005197525},{"id":"https://openalex.org/C192028432","wikidata":"https://www.wikidata.org/wiki/Q845739","display_name":"Query language","level":2,"score":0.289000004529953},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.28209999203681946},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.27399998903274536},{"id":"https://openalex.org/C164120249","wikidata":"https://www.wikidata.org/wiki/Q995982","display_name":"Web search query","level":3,"score":0.25929999351501465},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.2574000060558319},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.25440001487731934}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/trustcom66490.2025.00082","is_oa":false,"landing_page_url":"https://doi.org/10.1109/trustcom66490.2025.00082","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE 24th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.7571731805801392,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320321543","display_name":"China Postdoctoral Science Foundation","ror":"https://ror.org/0426zh255"},{"id":"https://openalex.org/F4320335787","display_name":"Fundamental Research Funds for the Central Universities","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":18,"referenced_works":["https://openalex.org/W2122672392","https://openalex.org/W2744095836","https://openalex.org/W2776884785","https://openalex.org/W2963777745","https://openalex.org/W2969695741","https://openalex.org/W3015481738","https://openalex.org/W3015625436","https://openalex.org/W3035379805","https://openalex.org/W3036294592","https://openalex.org/W3091857398","https://openalex.org/W3107235539","https://openalex.org/W3113062381","https://openalex.org/W3152624640","https://openalex.org/W3173859330","https://openalex.org/W4362703128","https://openalex.org/W4381233012","https://openalex.org/W4383754176","https://openalex.org/W4411337484"],"related_works":[],"abstract_inverted_index":{"Machine":[0],"learning":[1],"(ML)":[2],"models":[3,211],"for":[4],"Android":[5],"malware":[6,18,47],"detection":[7,148],"face":[8],"escalating":[9],"threats":[10],"from":[11],"adversarial":[12],"query":[13,34,93,108,150,169,189],"attacks,":[14,170,190],"which":[15,100],"iteratively":[16],"perturb":[17],"samples":[19],"guided":[20],"solely":[21],"by":[22,32,212],"model":[23,89],"outputs.":[24],"Existing":[25],"stateful":[26,87,203],"defenses":[27,204],"primarily":[28],"detect":[29],"such":[30,128],"attacks":[31],"analyzing":[33],"similarities":[35],"or":[36,66],"distribution":[37,67],"anomalies.":[38],"However,":[39],"these":[40],"methods":[41],"are":[42],"less":[43],"effective":[44],"in":[45,142,198],"the":[46,74,92,106,178],"domain,":[48],"where":[49],"discrete":[50],"feature":[51,133,143],"spaces":[52],"and":[53,114,132,140,165,183,205],"strict":[54],"functional":[55],"constraints":[56],"combine":[57],"with":[58],"their":[59],"reliance":[60],"on":[61,181],"only":[62,157],"a":[63,86],"single":[64],"similarity":[65,130],"metric,":[68],"making":[69],"it":[70],"difficult":[71],"to":[72,105,110,135,167],"capture":[73,136],"varied":[75,168],"patterns":[76,139],"of":[77,118,149],"query-based":[78],"attacks.":[79,151],"In":[80],"this":[81],"paper,":[82],"we":[83],"introduce":[84],"MalShield,":[85],"defense":[88,175,210],"that":[90],"monitors":[91],"stream":[94],"through":[95],"an":[96],"adaptive":[97],"sliding":[98],"window,":[99],"adjusts":[101],"its":[102],"span":[103],"according":[104],"incoming":[107],"rate":[109],"preserve":[111],"relevant":[112],"context":[113],"enable":[115],"real-time":[116],"computation":[117],"multiple":[119,124],"anomaly":[120,126],"indicators.":[121],"We":[122],"design":[123],"complementary":[125],"indicators,":[127],"as":[129],"decay":[131],"growth,":[134],"both":[137],"temporal":[138],"deviations":[141],"space,":[144],"enabling":[145],"more":[146,194],"sensitive":[147],"The":[152],"K-of-N":[153],"voting":[154],"rule":[155],"alerts":[156],"when":[158],"enough":[159],"indicators":[160],"agree,":[161],"cutting":[162],"false":[163],"positives":[164],"adapting":[166],"thus":[171],"providing":[172],"robust,":[173],"interpretable":[174],"without":[176],"changing":[177],"classifier.":[179],"Experiments":[180],"Androzoo":[182],"Drebin":[184],"datasets,":[185],"against":[186],"eight":[187],"black-box":[188],"show":[191],"MalShield":[192],"achieves":[193],"than":[195],"96%":[196],"reduction":[197],"evasion":[199],"rates,":[200],"surpassing":[201],"existing":[202,209],"at":[206],"best":[207],"outperforms":[208],"100%.":[213]},"counts_by_year":[],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2026-02-03T00:00:00"}