{"id":"https://openalex.org/W4406302397","doi":"https://doi.org/10.1145/3711899","title":"Level Up with ML Vulnerability Identification: Leveraging Domain Constraints in Feature Space for Robust Android Malware Detection","display_name":"Level Up with ML Vulnerability Identification: Leveraging Domain Constraints in Feature Space for Robust Android Malware Detection","publication_year":2025,"publication_date":"2025-01-13","ids":{"openalex":"https://openalex.org/W4406302397","doi":"https://doi.org/10.1145/3711899"},"language":"en","primary_location":{"id":"doi:10.1145/3711899","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3711899","pdf_url":null,"source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://repository.ubn.ru.nl/bitstream/handle/2066/316848/1/316848.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5082304173","display_name":"Hamid Bostani","orcid":"https://orcid.org/0000-0002-2097-5521"},"institutions":[{"id":"https://openalex.org/I145872427","display_name":"Radboud University Nijmegen","ror":"https://ror.org/016xsfp80","country_code":"NL","type":"education","lineage":["https://openalex.org/I145872427"]}],"countries":["NL"],"is_corresponding":true,"raw_author_name":"Hamid Bostani","raw_affiliation_strings":["Digital Security Group, Institute for Computing and Information Sciences, Radboud University, Nijmegen, Netherlands"],"affiliations":[{"raw_affiliation_string":"Digital Security Group, Institute for Computing and Information Sciences, Radboud University, Nijmegen, Netherlands","institution_ids":["https://openalex.org/I145872427"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058084433","display_name":"Zhengyu Zhao","orcid":"https://orcid.org/0000-0003-0745-4294"},"institutions":[{"id":"https://openalex.org/I87445476","display_name":"Xi'an Jiaotong University","ror":"https://ror.org/017zhmm22","country_code":"CN","type":"education","lineage":["https://openalex.org/I87445476"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhengyu Zhao","raw_affiliation_strings":["Faculty of Electronic and Information Engineering, Xi'an Jiaotong University, Xi'an, China"],"affiliations":[{"raw_affiliation_string":"Faculty of Electronic and Information Engineering, Xi'an Jiaotong University, Xi'an, China","institution_ids":["https://openalex.org/I87445476"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5081854217","display_name":"Zhuoran Liu","orcid":"https://orcid.org/0000-0003-0049-7080"},"institutions":[{"id":"https://openalex.org/I145872427","display_name":"Radboud University Nijmegen","ror":"https://ror.org/016xsfp80","country_code":"NL","type":"education","lineage":["https://openalex.org/I145872427"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Zhuoran Liu","raw_affiliation_strings":["Digital Security Group, Institute for Computing and Information Sciences, Radboud University, Nijmegen, Netherlands"],"affiliations":[{"raw_affiliation_string":"Digital Security Group, Institute for Computing and Information Sciences, Radboud University, Nijmegen, Netherlands","institution_ids":["https://openalex.org/I145872427"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5016041143","display_name":"Veelasha Moonsamy","orcid":"https://orcid.org/0000-0001-6296-2182"},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Veelasha Moonsamy","raw_affiliation_strings":["Horst G\u00f6rtz Institute for IT Security, Ruhr University Bochum, Bochum, Germany"],"affiliations":[{"raw_affiliation_string":"Horst G\u00f6rtz Institute for IT Security, Ruhr University Bochum, Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5082304173"],"corresponding_institution_ids":["https://openalex.org/I145872427"],"apc_list":null,"apc_paid":null,"fwci":4.0913,"has_fulltext":true,"cited_by_count":3,"citation_normalized_percentile":{"value":0.9195985,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":95,"max":98},"biblio":{"volume":"28","issue":"2","first_page":"1","last_page":"32"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.993399977684021,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9904999732971191,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/android-malware","display_name":"Android malware","score":0.8626174926757812},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7215650677680969},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.7009533643722534},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6965301036834717},{"id":"https://openalex.org/keywords/feature-vector","display_name":"Feature vector","score":0.5107579231262207},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.509636640548706},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.4713320732116699},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.441513329744339},{"id":"https://openalex.org/keywords/cryptovirology","display_name":"Cryptovirology","score":0.42008256912231445},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3951752185821533},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.3332410454750061},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.2199447751045227}],"concepts":[{"id":"https://openalex.org/C2989133298","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android malware","level":3,"score":0.8626174926757812},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7215650677680969},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.7009533643722534},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6965301036834717},{"id":"https://openalex.org/C83665646","wikidata":"https://www.wikidata.org/wiki/Q42139305","display_name":"Feature vector","level":2,"score":0.5107579231262207},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.509636640548706},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.4713320732116699},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.441513329744339},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.42008256912231445},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3951752185821533},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3332410454750061},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.2199447751045227},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C59822182","wikidata":"https://www.wikidata.org/wiki/Q441","display_name":"Botany","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3711899","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3711899","pdf_url":null,"source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},{"id":"pmh:oai:repository.ubn.ru.nl:2066/316848","is_oa":true,"landing_page_url":"https://hdl.handle.net/2066/316848","pdf_url":"https://repository.ubn.ru.nl/bitstream/handle/2066/316848/1/316848.pdf","source":{"id":"https://openalex.org/S4306401067","display_name":"Radboud Repository (Radboud University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I145872427","host_organization_name":"Radboud University Nijmegen","host_organization_lineage":["https://openalex.org/I145872427"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Article / Letter to editor"}],"best_oa_location":{"id":"pmh:oai:repository.ubn.ru.nl:2066/316848","is_oa":true,"landing_page_url":"https://hdl.handle.net/2066/316848","pdf_url":"https://repository.ubn.ru.nl/bitstream/handle/2066/316848/1/316848.pdf","source":{"id":"https://openalex.org/S4306401067","display_name":"Radboud Repository (Radboud University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I145872427","host_organization_name":"Radboud University Nijmegen","host_organization_lineage":["https://openalex.org/I145872427"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Article / Letter to editor"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1231421488","display_name":null,"funder_award_id":"under","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G18682879","display_name":null,"funder_award_id":"390781972","funder_id":"https://openalex.org/F4320320879","funder_display_name":"Deutsche Forschungsgemeinschaft"},{"id":"https://openalex.org/G2087396116","display_name":null,"funder_award_id":"China","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G3317480652","display_name":null,"funder_award_id":"Science","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G391238517","display_name":null,"funder_award_id":", and","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G3959558830","display_name":null,"funder_award_id":"EXC 2092 CASA-390781972","funder_id":"https://openalex.org/F4320320879","funder_display_name":"Deutsche Forschungsgemeinschaft"},{"id":"https://openalex.org/G5106512922","display_name":null,"funder_award_id":"Deutsche Forschungsgemeinschaft (DFG","funder_id":"https://openalex.org/F4320320879","funder_display_name":"Deutsche Forschungsgemeinschaft"},{"id":"https://openalex.org/G5188059367","display_name":null,"funder_award_id":"NWA.1215.18.014","funder_id":"https://openalex.org/F4320321800","funder_display_name":"Nederlandse Organisatie voor Wetenschappelijk Onderzoek"},{"id":"https://openalex.org/G5470638907","display_name":"PREDATOR: Predicting hardware vulnerabilities during design phase","funder_award_id":"19782","funder_id":"https://openalex.org/F4320321800","funder_display_name":"Nederlandse Organisatie voor Wetenschappelijk Onderzoek"},{"id":"https://openalex.org/G5717916917","display_name":null,"funder_award_id":"39078197","funder_id":"https://openalex.org/F4320320879","funder_display_name":"Deutsche Forschungsgemeinschaft"},{"id":"https://openalex.org/G5994120800","display_name":null,"funder_award_id":"Natural","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G6009445997","display_name":null,"funder_award_id":"unknown","funder_id":"https://openalex.org/F4320321800","funder_display_name":"Nederlandse Organisatie voor Wetenschappelijk Onderzoek"},{"id":"https://openalex.org/G620206685","display_name":null,"funder_award_id":"024.006.037","funder_id":"https://openalex.org/F4320321800","funder_display_name":"Nederlandse Organisatie voor Wetenschappelijk Onderzoek"},{"id":"https://openalex.org/G629491556","display_name":null,"funder_award_id":"(NWO)","funder_id":"https://openalex.org/F4320321800","funder_display_name":"Nederlandse Organisatie voor Wetenschappelijk Onderzoek"},{"id":"https://openalex.org/G6743243744","display_name":null,"funder_award_id":"unknown","funder_id":"https://openalex.org/F4320320879","funder_display_name":"Deutsche Forschungsgemeinschaft"},{"id":"https://openalex.org/G8481015266","display_name":null,"funder_award_id":"62406240","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320320879","display_name":"Deutsche Forschungsgemeinschaft","ror":"https://ror.org/018mejw64"},{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320321800","display_name":"Nederlandse Organisatie voor Wetenschappelijk Onderzoek","ror":"https://ror.org/04jsz6e67"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4406302397.pdf","grobid_xml":"https://content.openalex.org/works/W4406302397.grobid-xml"},"referenced_works_count":82,"referenced_works":["https://openalex.org/W569478347","https://openalex.org/W1943233084","https://openalex.org/W1996374694","https://openalex.org/W2007857904","https://openalex.org/W2092942461","https://openalex.org/W2122672392","https://openalex.org/W2141198770","https://openalex.org/W2171389360","https://openalex.org/W2180612164","https://openalex.org/W2244109919","https://openalex.org/W2313513770","https://openalex.org/W2407313496","https://openalex.org/W2611170103","https://openalex.org/W2737578512","https://openalex.org/W2744095836","https://openalex.org/W2744097819","https://openalex.org/W2772265308","https://openalex.org/W2775261393","https://openalex.org/W2776884785","https://openalex.org/W2792991556","https://openalex.org/W2805757971","https://openalex.org/W2808213427","https://openalex.org/W2809895662","https://openalex.org/W2849849680","https://openalex.org/W2885070483","https://openalex.org/W2898252236","https://openalex.org/W2910470804","https://openalex.org/W2911377781","https://openalex.org/W2943642558","https://openalex.org/W2962880130","https://openalex.org/W2963204406","https://openalex.org/W2963777745","https://openalex.org/W2963857521","https://openalex.org/W2964082701","https://openalex.org/W2964159373","https://openalex.org/W2966342255","https://openalex.org/W3011711787","https://openalex.org/W3013371788","https://openalex.org/W3015481738","https://openalex.org/W3022269570","https://openalex.org/W3036294592","https://openalex.org/W3036847733","https://openalex.org/W3037141777","https://openalex.org/W3080913164","https://openalex.org/W3083836500","https://openalex.org/W3094831905","https://openalex.org/W3099091571","https://openalex.org/W3102844060","https://openalex.org/W3104141960","https://openalex.org/W3120848642","https://openalex.org/W3120979750","https://openalex.org/W3132401297","https://openalex.org/W3135662895","https://openalex.org/W3152624640","https://openalex.org/W3164181717","https://openalex.org/W3168097936","https://openalex.org/W3168146198","https://openalex.org/W3173360194","https://openalex.org/W3174673808","https://openalex.org/W3176065393","https://openalex.org/W3201749075","https://openalex.org/W3202406575","https://openalex.org/W3211085214","https://openalex.org/W3212419298","https://openalex.org/W4248916828","https://openalex.org/W4250320908","https://openalex.org/W4281293216","https://openalex.org/W4283825910","https://openalex.org/W4285327165","https://openalex.org/W4287324272","https://openalex.org/W4287328773","https://openalex.org/W4296557784","https://openalex.org/W4307415696","https://openalex.org/W4320086597","https://openalex.org/W4321649718","https://openalex.org/W4362703128","https://openalex.org/W4379512492","https://openalex.org/W4381487014","https://openalex.org/W4382318785","https://openalex.org/W4390045019","https://openalex.org/W6733645847","https://openalex.org/W6786190841"],"related_works":["https://openalex.org/W3195312353","https://openalex.org/W4383468964","https://openalex.org/W3200508744","https://openalex.org/W2717179875","https://openalex.org/W4249118297","https://openalex.org/W4312234627","https://openalex.org/W2507113366","https://openalex.org/W3199551743","https://openalex.org/W2462192250","https://openalex.org/W2311926078"],"abstract_inverted_index":{"Machine":[0],"Learning":[1],"(ML)":[2],"promises":[3],"to":[4,18,38,51,56,116,128,243],"enhance":[5],"the":[6,43,103,130,146],"efficacy":[7],"of":[8,99,132,141,167,176,223],"Android":[9,28,142,183],"Malware":[10],"Detection":[11],"(AMD);":[12],"however,":[13],"ML":[14,34,47],"models":[15,48],"are":[16,49],"vulnerable":[17,58,100,133],"realistic":[19],"evasion":[20,162],"attacks\u2014crafting":[21],"realizable":[22,62,86,225,234,250],"Adversarial":[23],"Examples":[24],"(AEs)":[25],"that":[26,154,187,202,214],"satisfy":[27],"malware":[29,184,217],"domain":[30,111,143,171,191],"constraints.":[31],"To":[32,120],"eliminate":[33],"vulnerabilities,":[35],"defenders":[36],"aim":[37],"identify":[39],"susceptible":[40],"regions":[41,59,108],"in":[42,88,145,193,228],"feature":[44,147],"space":[45],"where":[46],"prone":[50],"deception.":[52],"The":[53,91],"primary":[54],"approach":[55,127],"identifying":[57],"involves":[60],"investigating":[61],"AEs,":[63],"but":[64,95,113],"generating":[65,79],"these":[66,107,122],"feasible":[67],"apps":[68],"poses":[69],"a":[70,138,151,216,220,229],"challenge.":[71],"For":[72],"instance,":[73],"previous":[74],"work":[75],"has":[76],"relied":[77],"on":[78,181,204],"either":[80],"feature-space":[81,224],"norm-bounded":[82,205],"AEs":[83,87,168,206,226,235],"or":[84,207],"problem-space":[85,239,249],"adversarial":[89,194,198],"hardening.":[90],"former":[92],"is":[93,114],"efficient":[94],"lacks":[96],"full":[97],"coverage":[98],"regions,":[101],"whereas":[102],"latter":[104],"can":[105],"uncover":[106],"by":[109,150,237],"satisfying":[110],"constraints":[112,144,192],"known":[115],"be":[117],"time":[118],"consuming.":[119],"address":[121],"limitations,":[123],"we":[124,136,212],"propose":[125],"an":[126,174],"facilitate":[129],"identification":[131],"regions.":[134],"Specifically,":[135],"introduce":[137],"new":[139],"interpretation":[140],"space,":[148],"followed":[149],"novel":[152],"technique":[153],"learns":[155],"them.":[156],"Our":[157],"empirical":[158],"evaluations":[159],"across":[160],"various":[161],"attacks":[163],"indicate":[164],"effective":[165],"detection":[166],"using":[169,248],"learned":[170,190],"constraints,":[172],"with":[173,219,241],"average":[175],"89.6%.":[177],"Furthermore,":[178],"extensive":[179],"experiments":[180],"different":[182],"detectors":[185],"demonstrate":[186],"utilizing":[188],"our":[189],"training":[195,199,246],"outperforms":[196],"other":[197],"based":[200],"defenses":[201],"rely":[203],"state-of-the-art":[208],"non-uniform":[209],"perturbations.":[210],"Finally,":[211],"show":[213],"retraining":[215],"detector":[218],"wide":[221],"variety":[222],"results":[227],"77.9%":[230],"robustness":[231],"improvement":[232],"against":[233],"generated":[236],"unknown":[238],"transformations,":[240],"up":[242],"70\u00d7":[244],"faster":[245],"than":[247],"AEs.":[251]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2}],"updated_date":"2026-04-18T07:56:08.524223","created_date":"2025-10-10T00:00:00"}