{"id":"https://openalex.org/W4416010859","doi":"https://doi.org/10.1109/tse.2025.3626788","title":"FCGHunter: Towards Evaluating Robustness of Graph-Based Android Malware Detection","display_name":"FCGHunter: Towards Evaluating Robustness of Graph-Based Android Malware Detection","publication_year":2025,"publication_date":"2025-11-07","ids":{"openalex":"https://openalex.org/W4416010859","doi":"https://doi.org/10.1109/tse.2025.3626788"},"language":"en","primary_location":{"id":"doi:10.1109/tse.2025.3626788","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2025.3626788","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://ink.library.smu.edu.sg/sis_research/11031","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5104094613","display_name":"Shiwen Song","orcid":null},"institutions":[{"id":"https://openalex.org/I79891267","display_name":"Singapore Management University","ror":"https://ror.org/050qmg959","country_code":"SG","type":"education","lineage":["https://openalex.org/I79891267"]}],"countries":["SG"],"is_corresponding":true,"raw_author_name":"Shiwen Song","raw_affiliation_strings":["Singapore Management University, Singapore"],"raw_orcid":"https://orcid.org/0009-0008-7885-1135","affiliations":[{"raw_affiliation_string":"Singapore Management University, Singapore","institution_ids":["https://openalex.org/I79891267"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084396416","display_name":"Xiaofei Xie","orcid":"https://orcid.org/0000-0002-1288-6502"},"institutions":[{"id":"https://openalex.org/I79891267","display_name":"Singapore Management University","ror":"https://ror.org/050qmg959","country_code":"SG","type":"education","lineage":["https://openalex.org/I79891267"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Xiaofei Xie","raw_affiliation_strings":["Singapore Management University, Singapore"],"raw_orcid":"https://orcid.org/0000-0002-1288-6502","affiliations":[{"raw_affiliation_string":"Singapore Management University, Singapore","institution_ids":["https://openalex.org/I79891267"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5032257261","display_name":"Ruitao Feng","orcid":"https://orcid.org/0000-0001-9080-6865"},"institutions":[{"id":"https://openalex.org/I66809481","display_name":"Southern Cross University","ror":"https://ror.org/001xkv632","country_code":"AU","type":"education","lineage":["https://openalex.org/I66809481"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Ruitao Feng","raw_affiliation_strings":["Faculty of Science and Engineering, Southern Cross University, Coffs Harbour, NSW, Australia","Faculty of Science and Engineering, Southern Cross University, Australia"],"raw_orcid":"https://orcid.org/0000-0001-9080-6865","affiliations":[{"raw_affiliation_string":"Faculty of Science and Engineering, Southern Cross University, Coffs Harbour, NSW, Australia","institution_ids":["https://openalex.org/I66809481"]},{"raw_affiliation_string":"Faculty of Science and Engineering, Southern Cross University, Australia","institution_ids":["https://openalex.org/I66809481"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Qi Guo","orcid":"https://orcid.org/0009-0008-8002-8068"},"institutions":[{"id":"https://openalex.org/I162868743","display_name":"Tianjin University","ror":"https://ror.org/012tb2g32","country_code":"CN","type":"education","lineage":["https://openalex.org/I162868743"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qi Guo","raw_affiliation_strings":["Tianjin University, Tianjin, China","Tianjin University, China"],"raw_orcid":"https://orcid.org/0009-0008-8002-8068","affiliations":[{"raw_affiliation_string":"Tianjin University, Tianjin, China","institution_ids":["https://openalex.org/I162868743"]},{"raw_affiliation_string":"Tianjin University, China","institution_ids":["https://openalex.org/I162868743"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100658276","display_name":"Sen Chen","orcid":"https://orcid.org/0000-0001-9477-4100"},"institutions":[{"id":"https://openalex.org/I205237279","display_name":"Nankai University","ror":"https://ror.org/01y1kjr75","country_code":"CN","type":"education","lineage":["https://openalex.org/I205237279"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Sen Chen","raw_affiliation_strings":["College of Cryptology and Cyber Science, Nankai University, Tianjin, China","College of Cryptology and Cyber Science, Nankai University, China"],"raw_orcid":"https://orcid.org/0000-0001-9477-4100","affiliations":[{"raw_affiliation_string":"College of Cryptology and Cyber Science, Nankai University, Tianjin, China","institution_ids":["https://openalex.org/I205237279"]},{"raw_affiliation_string":"College of Cryptology and Cyber Science, Nankai University, China","institution_ids":["https://openalex.org/I205237279"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5104094613"],"corresponding_institution_ids":["https://openalex.org/I79891267"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.39184969,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"52","issue":"2","first_page":"428","last_page":"448"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9896000027656555,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9896000027656555,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.0017000000225380063,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.0010000000474974513,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7684999704360962},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.7006000280380249},{"id":"https://openalex.org/keywords/android-malware","display_name":"Android malware","score":0.6534000039100647},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.6151000261306763},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.4997999966144562},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.40869998931884766},{"id":"https://openalex.org/keywords/crossover","display_name":"Crossover","score":0.4058000147342682},{"id":"https://openalex.org/keywords/adaboost","display_name":"AdaBoost","score":0.34209999442100525}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8708999752998352},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7684999704360962},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.7006000280380249},{"id":"https://openalex.org/C2989133298","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android malware","level":3,"score":0.6534000039100647},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.6151000261306763},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.4997999966144562},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.43639999628067017},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.40869998931884766},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.40689998865127563},{"id":"https://openalex.org/C122507166","wikidata":"https://www.wikidata.org/wiki/Q628906","display_name":"Crossover","level":2,"score":0.4058000147342682},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.351500004529953},{"id":"https://openalex.org/C141404830","wikidata":"https://www.wikidata.org/wiki/Q2823869","display_name":"AdaBoost","level":3,"score":0.34209999442100525},{"id":"https://openalex.org/C94915269","wikidata":"https://www.wikidata.org/wiki/Q1834857","display_name":"Detector","level":2,"score":0.33809998631477356},{"id":"https://openalex.org/C95922358","wikidata":"https://www.wikidata.org/wiki/Q5432725","display_name":"False positive rate","level":2,"score":0.3167000114917755},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.3151000142097473},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.31139999628067017},{"id":"https://openalex.org/C2989134064","wikidata":"https://www.wikidata.org/wiki/Q288510","display_name":"Execution time","level":2,"score":0.2964000105857849},{"id":"https://openalex.org/C3017891749","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android application","level":3,"score":0.29510000348091125},{"id":"https://openalex.org/C2779797433","wikidata":"https://www.wikidata.org/wiki/Q632959","display_name":"Blacklisting","level":2,"score":0.29019999504089355},{"id":"https://openalex.org/C60692881","wikidata":"https://www.wikidata.org/wiki/Q584529","display_name":"Humanoid robot","level":3,"score":0.28060001134872437},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.28029999136924744},{"id":"https://openalex.org/C131806220","wikidata":"https://www.wikidata.org/wiki/Q852705","display_name":"Evaluation function","level":2,"score":0.2791999876499176},{"id":"https://openalex.org/C40969351","wikidata":"https://www.wikidata.org/wiki/Q3516228","display_name":"Word error rate","level":2,"score":0.2775000035762787},{"id":"https://openalex.org/C2778827112","wikidata":"https://www.wikidata.org/wiki/Q22245680","display_name":"Feature engineering","level":3,"score":0.2524000108242035},{"id":"https://openalex.org/C183003079","wikidata":"https://www.wikidata.org/wiki/Q1000371","display_name":"Personalization","level":2,"score":0.2502000033855438}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/tse.2025.3626788","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2025.3626788","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"},{"id":"pmh:oai:ink.library.smu.edu.sg:sis_research-12033","is_oa":true,"landing_page_url":"https://ink.library.smu.edu.sg/sis_research/11031","pdf_url":null,"source":{"id":"https://openalex.org/S4306401925","display_name":"Singapore Management University Institutional Knowledge (InK) (Singapore Management University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I79891267","host_organization_name":"Singapore Management University","host_organization_lineage":["https://openalex.org/I79891267"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"https://doi.org/10.1109/TSE.2025.3626788","raw_type":"Journal Article"}],"best_oa_location":{"id":"pmh:oai:ink.library.smu.edu.sg:sis_research-12033","is_oa":true,"landing_page_url":"https://ink.library.smu.edu.sg/sis_research/11031","pdf_url":null,"source":{"id":"https://openalex.org/S4306401925","display_name":"Singapore Management University Institutional Knowledge (InK) (Singapore Management University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I79891267","host_organization_name":"Singapore Management University","host_organization_lineage":["https://openalex.org/I79891267"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"https://doi.org/10.1109/TSE.2025.3626788","raw_type":"Journal Article"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320320709","display_name":"National Research Foundation Singapore","ror":"https://ror.org/03cpyc314"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":55,"referenced_works":["https://openalex.org/W861925310","https://openalex.org/W1891117775","https://openalex.org/W1973965874","https://openalex.org/W2122672392","https://openalex.org/W2184379877","https://openalex.org/W2407313496","https://openalex.org/W2616028256","https://openalex.org/W2744095836","https://openalex.org/W2744097819","https://openalex.org/W2783327762","https://openalex.org/W2794652108","https://openalex.org/W2794995912","https://openalex.org/W2915981028","https://openalex.org/W2934018981","https://openalex.org/W2954629067","https://openalex.org/W2957905354","https://openalex.org/W2962711307","https://openalex.org/W2963204406","https://openalex.org/W2963857521","https://openalex.org/W2966342255","https://openalex.org/W2996950444","https://openalex.org/W2997532515","https://openalex.org/W2997690675","https://openalex.org/W2998906013","https://openalex.org/W3000239448","https://openalex.org/W3004280948","https://openalex.org/W3011711787","https://openalex.org/W3014829096","https://openalex.org/W3015481738","https://openalex.org/W3036847733","https://openalex.org/W3096493794","https://openalex.org/W3097730806","https://openalex.org/W3130354627","https://openalex.org/W3152624640","https://openalex.org/W3168561516","https://openalex.org/W3176943954","https://openalex.org/W3180545700","https://openalex.org/W3189071553","https://openalex.org/W3196769790","https://openalex.org/W3212677680","https://openalex.org/W4210499321","https://openalex.org/W4213287115","https://openalex.org/W4285327165","https://openalex.org/W4287644588","https://openalex.org/W4315780196","https://openalex.org/W4384345641","https://openalex.org/W4388856981","https://openalex.org/W4388857307","https://openalex.org/W4389208975","https://openalex.org/W4391558398","https://openalex.org/W4400582828","https://openalex.org/W4400762160","https://openalex.org/W4401457838","https://openalex.org/W4411119290","https://openalex.org/W4412097109"],"related_works":[],"abstract_inverted_index":{"Graph-based":[0],"detection":[1,14],"methods":[2],"leveraging":[3],"Function":[4],"Call":[5],"Graph":[6],"(FCG)":[7],"have":[8],"shown":[9],"promise":[10],"for":[11,77],"Android":[12],"malware":[13,25,110],"(AMD)":[15],"due":[16],"to":[17,86,109,112,127,147],"their":[18,36,50],"semantic":[19],"insights.":[20],"However,":[21],"the":[22,42,55,106,115,129,153],"deployment":[23],"of":[24,44,137,175],"detectors":[26,46],"in":[27],"dynamic":[28],"and":[29,63,91,124,133],"hostile":[30],"environments":[31],"raises":[32],"significant":[33],"concerns":[34],"about":[35],"robustness.":[37],"While":[38],"recent":[39],"approaches":[40],"evaluate":[41],"robustness":[43,74],"FCG-based":[45,78],"using":[47],"adversarial":[48],"attacks,":[49],"effectiveness":[51],"is":[52],"constrained":[53],"by":[54,180],"vast":[56],"perturbation":[57,116],"space,":[58],"particularly":[59],"across":[60,163],"diverse":[61,140],"models":[62,193],"features.":[64],"To":[65],"address":[66],"these":[67],"challenges,":[68],"we":[69],"introduce":[70],"FCGHUNTER,":[71],"a":[72,121,187],"novel":[73],"testing":[75],"framework":[76],"AMD":[79],"systems.":[80],"Specifically,":[81],"FCGHUNTER":[82,143,168,185],"employs":[83],"innovative":[84],"techniques":[85],"enhance":[87,128],"<italic":[88,92,130,134],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[89,93,131,135],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">exploration</i>":[90],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">exploitation</i>":[94],"within":[95,105],"this":[96],"huge":[97],"search":[98,154],"space.":[99,117],"Initially,":[100],"it":[101],"identifies":[102],"critical":[103],"areas":[104],"FCG":[107],"related":[108],"behaviors":[111],"narrow":[113],"down":[114],"We":[118],"then":[119],"develop":[120],"dependency-aware":[122],"crossover":[123],"mutation":[125],"method":[126],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">validity</i>":[132],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">diversity</i>":[136],"perturbations,":[138],"generating":[139],"FCGs.":[141],"Furthermore,":[142],"leverages":[144],"multi-objective":[145],"feedback":[146],"select":[148],"perturbed":[149],"FCGs,":[150],"significantly":[151,177],"improving":[152],"process":[155],"with":[156,196],"interpretation-based":[157],"feature":[158],"change":[159],"feedback.":[160],"Extensive":[161],"evaluations":[162],"40":[164],"scenarios":[165],"demonstrate":[166],"that":[167],"achieves":[169,186],"an":[170],"average":[171],"attack":[172],"success":[173,189],"rate":[174,190],"87.9%,":[176],"outperforming":[178],"baselines":[179,199],"at":[181],"least":[182],"40.9%.":[183],"Notably,":[184],"100%":[188],"on":[191],"robust":[192],"(e.g.,":[194],"AdaBoost":[195],"MalScan),":[197],"where":[198],"achieve":[200],"less":[201],"than":[202],"24%":[203],"or":[204],"are":[205],"inapplicable.":[206]},"counts_by_year":[],"updated_date":"2026-02-13T13:36:01.753593","created_date":"2025-11-07T00:00:00"}