{"id":"https://openalex.org/W4293637555","doi":"https://doi.org/10.1145/3538969.3544413","title":"An Early Detection of Android Malware Using System Calls based Machine Learning Model","display_name":"An Early Detection of Android Malware Using System Calls based Machine Learning Model","publication_year":2022,"publication_date":"2022-08-17","ids":{"openalex":"https://openalex.org/W4293637555","doi":"https://doi.org/10.1145/3538969.3544413"},"language":"en","primary_location":{"id":"doi:10.1145/3538969.3544413","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3538969.3544413","pdf_url":null,"source":{"id":"https://openalex.org/S4363608926","display_name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://doi.org/10.1145/3538969.3544413","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5030931282","display_name":"Xinrun Zhang","orcid":null},"institutions":[{"id":"https://openalex.org/I117015748","display_name":"Purdue University Northwest","ror":"https://ror.org/04keq6987","country_code":"US","type":"education","lineage":["https://openalex.org/I117015748"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Xinrun Zhang","raw_affiliation_strings":["Purdue University Northwest, United States"],"affiliations":[{"raw_affiliation_string":"Purdue University Northwest, United States","institution_ids":["https://openalex.org/I117015748"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103109951","display_name":"Akshay Mathur","orcid":"https://orcid.org/0009-0000-7020-9385"},"institutions":[{"id":"https://openalex.org/I90871651","display_name":"University of Toledo","ror":"https://ror.org/01pbdzh19","country_code":"US","type":"education","lineage":["https://openalex.org/I90871651"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Akshay Mathur","raw_affiliation_strings":["The University of Toledo, United States"],"affiliations":[{"raw_affiliation_string":"The University of Toledo, United States","institution_ids":["https://openalex.org/I90871651"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100344069","display_name":"Lei Zhao","orcid":"https://orcid.org/0000-0003-2524-7643"},"institutions":[{"id":"https://openalex.org/I117015748","display_name":"Purdue University Northwest","ror":"https://ror.org/04keq6987","country_code":"US","type":"education","lineage":["https://openalex.org/I117015748"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Lei Zhao","raw_affiliation_strings":["Purdue University Northwest, United States"],"affiliations":[{"raw_affiliation_string":"Purdue University Northwest, United States","institution_ids":["https://openalex.org/I117015748"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5013049040","display_name":"Safia Rahmat","orcid":null},"institutions":[{"id":"https://openalex.org/I90871651","display_name":"University of Toledo","ror":"https://ror.org/01pbdzh19","country_code":"US","type":"education","lineage":["https://openalex.org/I90871651"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Safia Rahmat","raw_affiliation_strings":["The University of Toledo, United States"],"affiliations":[{"raw_affiliation_string":"The University of Toledo, United States","institution_ids":["https://openalex.org/I90871651"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5021217990","display_name":"Quamar Niyaz","orcid":null},"institutions":[{"id":"https://openalex.org/I117015748","display_name":"Purdue University Northwest","ror":"https://ror.org/04keq6987","country_code":"US","type":"education","lineage":["https://openalex.org/I117015748"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Quamar Niyaz","raw_affiliation_strings":["Purdue University Northwest, United States"],"affiliations":[{"raw_affiliation_string":"Purdue University Northwest, United States","institution_ids":["https://openalex.org/I117015748"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5078681299","display_name":"Ahmad Y. Javaid","orcid":"https://orcid.org/0000-0003-4719-4941"},"institutions":[{"id":"https://openalex.org/I90871651","display_name":"University of Toledo","ror":"https://ror.org/01pbdzh19","country_code":"US","type":"education","lineage":["https://openalex.org/I90871651"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ahmad Javaid","raw_affiliation_strings":["The University of Toledo, United States"],"affiliations":[{"raw_affiliation_string":"The University of Toledo, United States","institution_ids":["https://openalex.org/I90871651"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5014194501","display_name":"Xiaoli Yang","orcid":null},"institutions":[{"id":"https://openalex.org/I117015748","display_name":"Purdue University Northwest","ror":"https://ror.org/04keq6987","country_code":"US","type":"education","lineage":["https://openalex.org/I117015748"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xiaoli Yang","raw_affiliation_strings":["Purdue University Northwest, United States"],"affiliations":[{"raw_affiliation_string":"Purdue University Northwest, United States","institution_ids":["https://openalex.org/I117015748"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5030931282"],"corresponding_institution_ids":["https://openalex.org/I117015748"],"apc_list":null,"apc_paid":null,"fwci":2.5774,"has_fulltext":false,"cited_by_count":21,"citation_normalized_percentile":{"value":0.92227488,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"9"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9979000091552734,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9768000245094299,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8718199729919434},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8319718837738037},{"id":"https://openalex.org/keywords/naive-bayes-classifier","display_name":"Naive Bayes classifier","score":0.7334026098251343},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.678719699382782},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.6773120760917664},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.6740880012512207},{"id":"https://openalex.org/keywords/random-forest","display_name":"Random forest","score":0.6312623023986816},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.613751232624054},{"id":"https://openalex.org/keywords/support-vector-machine","display_name":"Support vector machine","score":0.5970367193222046},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.5802294015884399},{"id":"https://openalex.org/keywords/perceptron","display_name":"Perceptron","score":0.5574037432670593},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5556918978691101},{"id":"https://openalex.org/keywords/android-malware","display_name":"Android malware","score":0.5462354421615601},{"id":"https://openalex.org/keywords/decision-tree","display_name":"Decision tree","score":0.4725472629070282},{"id":"https://openalex.org/keywords/mobile-malware","display_name":"Mobile malware","score":0.44624418020248413},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.37054187059402466},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.2898300290107727}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8718199729919434},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8319718837738037},{"id":"https://openalex.org/C52001869","wikidata":"https://www.wikidata.org/wiki/Q812530","display_name":"Naive Bayes classifier","level":3,"score":0.7334026098251343},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.678719699382782},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.6773120760917664},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.6740880012512207},{"id":"https://openalex.org/C169258074","wikidata":"https://www.wikidata.org/wiki/Q245748","display_name":"Random forest","level":2,"score":0.6312623023986816},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.613751232624054},{"id":"https://openalex.org/C12267149","wikidata":"https://www.wikidata.org/wiki/Q282453","display_name":"Support vector machine","level":2,"score":0.5970367193222046},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.5802294015884399},{"id":"https://openalex.org/C60908668","wikidata":"https://www.wikidata.org/wiki/Q690207","display_name":"Perceptron","level":3,"score":0.5574037432670593},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5556918978691101},{"id":"https://openalex.org/C2989133298","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android malware","level":3,"score":0.5462354421615601},{"id":"https://openalex.org/C84525736","wikidata":"https://www.wikidata.org/wiki/Q831366","display_name":"Decision tree","level":2,"score":0.4725472629070282},{"id":"https://openalex.org/C2780967490","wikidata":"https://www.wikidata.org/wiki/Q1291200","display_name":"Mobile malware","level":3,"score":0.44624418020248413},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.37054187059402466},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.2898300290107727}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3538969.3544413","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3538969.3544413","pdf_url":null,"source":{"id":"https://openalex.org/S4363608926","display_name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3538969.3544413","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3538969.3544413","pdf_url":null,"source":{"id":"https://openalex.org/S4363608926","display_name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/15","display_name":"Life in Land","score":0.4399999976158142}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":19,"referenced_works":["https://openalex.org/W1731093136","https://openalex.org/W1981738628","https://openalex.org/W1997201541","https://openalex.org/W2101234009","https://openalex.org/W2101746535","https://openalex.org/W2125011234","https://openalex.org/W2167240430","https://openalex.org/W2298292381","https://openalex.org/W2306706380","https://openalex.org/W2318851192","https://openalex.org/W2577741565","https://openalex.org/W2620844046","https://openalex.org/W2781887747","https://openalex.org/W2946231165","https://openalex.org/W2962936633","https://openalex.org/W2963989339","https://openalex.org/W2999422148","https://openalex.org/W3136767761","https://openalex.org/W6675354045"],"related_works":["https://openalex.org/W3114980949","https://openalex.org/W2899515883","https://openalex.org/W4311925398","https://openalex.org/W4295815887","https://openalex.org/W3075942746","https://openalex.org/W4385625076","https://openalex.org/W2785978842","https://openalex.org/W4313469614","https://openalex.org/W2879068529","https://openalex.org/W3134203460"],"abstract_inverted_index":{"Several":[0],"host":[1],"intrusion":[2],"detection":[3,74,124,134,147,175],"systems":[4],"(HIDSs)":[5],"based":[6,160],"on":[7,32,45,161],"system":[8,60,81,92,135,141],"call":[9,61,82,93],"analysis":[10],"have":[11,29],"been":[12,30],"proposed":[13,167],"in":[14,176],"the":[15,37,42,122,166],"past":[16],"to":[17,35,169],"detect":[18],"intrusions":[19],"and":[20,65,79,86,89,97,115],"malware":[21,66,87,123,133,174],"using":[22,137],"relevant":[23],"datasets.":[24],"Machine":[25],"learning":[26],"(ML)":[27],"techniques":[28],"applied":[31],"those":[33],"datasets":[34],"improve":[36],"performances":[38],"of":[39,72,75,139,145,152],"HIDSs.":[40],"However,":[41],"emphasis":[43],"given":[44],"their":[46,91],"real-world":[47],"deployment":[48,172],"is":[49,143],"limited.":[50],"To":[51],"address":[52],"this":[53],"issue,":[54],"we":[55],"propose":[56],"a":[57,162],"framework":[58],"for":[59,63,84,121,165,173],"processing":[62],"benign":[64,85],"Android":[67,132,158],"apps":[68],"with":[69,95,148],"an":[70,149,157],"ability":[71],"early":[73,146],"malware.":[76],"We":[77,154],"extracted":[78],"analyzed":[80],"traces":[83,94,138],"apps,":[88],"processed":[90],"N-gram":[96],"TF-IDF":[98],"models.":[99],"Six":[100],"ML":[101],"algorithms":[102],"\u2013":[103,118],"Decision":[104],"Trees,":[105],"Random":[106],"Forest,":[107],"K-Nearest":[108],"Neighbors,":[109],"Naive":[110],"Bayes,":[111],"Support":[112],"Vector":[113],"Machines,":[114],"Multi-layer":[116],"Perceptron":[117],"were":[119],"trained":[120],"system.":[125],"The":[126],"experimental":[127],"results":[128],"demonstrate":[129,170],"that":[130],"our":[131],"(AMDS),":[136],"3000":[140],"calls,":[142],"capable":[144],"average":[150],"accuracy":[151],"99.34%.":[153],"also":[155],"implemented":[156],"app":[159],"client-server":[163],"architecture":[164],"AMDS":[168],"its":[171],"real-time.":[177]},"counts_by_year":[{"year":2025,"cited_by_count":7},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":7},{"year":2022,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}