{"id":"https://openalex.org/W2617190760","doi":"https://doi.org/10.32657/10356/72122","title":"A semantic-based analysis of Android malware for detection, generation, and trend analysis","display_name":"A semantic-based analysis of Android malware for detection, generation, and trend analysis","publication_year":2017,"publication_date":"2017-01-01","ids":{"openalex":"https://openalex.org/W2617190760","doi":"https://doi.org/10.32657/10356/72122","mag":"2617190760"},"language":"en","primary_location":{"id":"doi:10.32657/10356/72122","is_oa":true,"landing_page_url":"https://doi.org/10.32657/10356/72122","pdf_url":"https://dr.ntu.edu.sg/bitstream/10356/72122/1/thesis.pdf","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Nanyang Technological University","raw_type":"dissertation"},"type":"dissertation","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dr.ntu.edu.sg/bitstream/10356/72122/1/thesis.pdf","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5017417068","display_name":"Guozhu Meng","orcid":"https://orcid.org/0000-0001-6388-2571"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]},{"id":"https://openalex.org/I17747738","display_name":"Beijing University of Chinese Medicine","ror":"https://ror.org/05damtm70","country_code":"CN","type":"education","lineage":["https://openalex.org/I17747738"]}],"countries":["CN","SG"],"is_corresponding":true,"raw_author_name":"Meng, Guozhu","raw_affiliation_strings":["Doctor of Philosophy School of Computer Science and Engineering Nanyang Technological University , Singapore Chinese China Chinese China Chinese China Chinese China","Chinese China","Doctor of Philosophy School of Computer Science and Engineering Nanyang Technological University, Singapore"],"affiliations":[{"raw_affiliation_string":"Doctor of Philosophy School of Computer Science and Engineering Nanyang Technological University , Singapore Chinese China Chinese China Chinese China Chinese China","institution_ids":["https://openalex.org/I17747738"]},{"raw_affiliation_string":"Chinese China","institution_ids":[]},{"raw_affiliation_string":"Doctor of Philosophy School of Computer Science and Engineering Nanyang Technological University, Singapore","institution_ids":["https://openalex.org/I172675005"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5017417068"],"corresponding_institution_ids":["https://openalex.org/I172675005","https://openalex.org/I17747738"],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":true,"cited_by_count":3,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9940999746322632,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9890999794006348,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/android-malware","display_name":"Android malware","score":0.7865645289421082},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.6506502628326416},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5451107025146484},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.5343773365020752},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.49823689460754395},{"id":"https://openalex.org/keywords/semantic-analysis","display_name":"Semantic analysis (machine learning)","score":0.46199774742126465},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.38671165704727173},{"id":"https://openalex.org/keywords/information-retrieval","display_name":"Information retrieval","score":0.3169006407260895},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.22080397605895996},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.1806463599205017}],"concepts":[{"id":"https://openalex.org/C2989133298","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android malware","level":3,"score":0.7865645289421082},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.6506502628326416},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5451107025146484},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.5343773365020752},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.49823689460754395},{"id":"https://openalex.org/C2777946921","wikidata":"https://www.wikidata.org/wiki/Q7449044","display_name":"Semantic analysis (machine learning)","level":2,"score":0.46199774742126465},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.38671165704727173},{"id":"https://openalex.org/C23123220","wikidata":"https://www.wikidata.org/wiki/Q816826","display_name":"Information retrieval","level":1,"score":0.3169006407260895},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.22080397605895996},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.1806463599205017}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.32657/10356/72122","is_oa":true,"landing_page_url":"https://doi.org/10.32657/10356/72122","pdf_url":"https://dr.ntu.edu.sg/bitstream/10356/72122/1/thesis.pdf","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Nanyang Technological University","raw_type":"dissertation"},{"id":"pmh:oai:dr.ntu.edu.sg:10356/72122","is_oa":false,"landing_page_url":"http://hdl.handle.net/10356/72122","pdf_url":null,"source":{"id":"https://openalex.org/S4306402609","display_name":"DR-NTU (Nanyang Technological University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I172675005","host_organization_name":"Nanyang Technological University","host_organization_lineage":["https://openalex.org/I172675005"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Thesis"}],"best_oa_location":{"id":"doi:10.32657/10356/72122","is_oa":true,"landing_page_url":"https://doi.org/10.32657/10356/72122","pdf_url":"https://dr.ntu.edu.sg/bitstream/10356/72122/1/thesis.pdf","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Nanyang Technological University","raw_type":"dissertation"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2617190760.pdf","grobid_xml":"https://content.openalex.org/works/W2617190760.grobid-xml"},"referenced_works_count":125,"referenced_works":["https://openalex.org/W34283345","https://openalex.org/W54929040","https://openalex.org/W58852127","https://openalex.org/W79696261","https://openalex.org/W135031542","https://openalex.org/W155698376","https://openalex.org/W183494281","https://openalex.org/W202924988","https://openalex.org/W794140516","https://openalex.org/W1026502902","https://openalex.org/W1059665266","https://openalex.org/W1445387515","https://openalex.org/W1494019345","https://openalex.org/W1502575381","https://openalex.org/W1521923248","https://openalex.org/W1535984709","https://openalex.org/W1538001410","https://openalex.org/W1578479379","https://openalex.org/W1630356589","https://openalex.org/W1731774687","https://openalex.org/W1756737887","https://openalex.org/W1912565424","https://openalex.org/W1923961922","https://openalex.org/W1943233084","https://openalex.org/W1963971515","https://openalex.org/W1969153299","https://openalex.org/W1969840808","https://openalex.org/W1971497680","https://openalex.org/W1976596267","https://openalex.org/W1980767016","https://openalex.org/W1990090830","https://openalex.org/W1993673250","https://openalex.org/W1993828811","https://openalex.org/W2002478203","https://openalex.org/W2002961312","https://openalex.org/W2003276999","https://openalex.org/W2004126468","https://openalex.org/W2010452235","https://openalex.org/W2010749389","https://openalex.org/W2014390890","https://openalex.org/W2017025011","https://openalex.org/W2025525377","https://openalex.org/W2025786423","https://openalex.org/W2026973889","https://openalex.org/W2031666744","https://openalex.org/W2038165128","https://openalex.org/W2038189819","https://openalex.org/W2043410321","https://openalex.org/W2045002320","https://openalex.org/W2064038877","https://openalex.org/W2065304158","https://openalex.org/W2067547021","https://openalex.org/W2067868328","https://openalex.org/W2070386561","https://openalex.org/W2071536101","https://openalex.org/W2074019188","https://openalex.org/W2077202047","https://openalex.org/W2077278164","https://openalex.org/W2078197322","https://openalex.org/W2083755826","https://openalex.org/W2087970742","https://openalex.org/W2088479623","https://openalex.org/W2089735638","https://openalex.org/W2090403712","https://openalex.org/W2091932246","https://openalex.org/W2092942461","https://openalex.org/W2093882311","https://openalex.org/W2099213660","https://openalex.org/W2101550520","https://openalex.org/W2109877485","https://openalex.org/W2113201637","https://openalex.org/W2117477833","https://openalex.org/W2119467398","https://openalex.org/W2121008990","https://openalex.org/W2122672392","https://openalex.org/W2125011234","https://openalex.org/W2125260159","https://openalex.org/W2127723417","https://openalex.org/W2128782367","https://openalex.org/W2129364433","https://openalex.org/W2135048318","https://openalex.org/W2154021641","https://openalex.org/W2163643194","https://openalex.org/W2167003418","https://openalex.org/W2168103835","https://openalex.org/W2168649891","https://openalex.org/W2168924027","https://openalex.org/W2182729154","https://openalex.org/W2187373861","https://openalex.org/W2189638487","https://openalex.org/W2191468669","https://openalex.org/W2238533956","https://openalex.org/W2247654784","https://openalex.org/W2248270447","https://openalex.org/W2334842536","https://openalex.org/W2343570721","https://openalex.org/W2356780433","https://openalex.org/W2398484989","https://openalex.org/W2399891510","https://openalex.org/W2400528202","https://openalex.org/W2462192250","https://openalex.org/W2470806257","https://openalex.org/W2474828096","https://openalex.org/W2487124337","https://openalex.org/W2491147894","https://openalex.org/W2491928626","https://openalex.org/W2506226457","https://openalex.org/W2510008933","https://openalex.org/W2514847810","https://openalex.org/W2516747399","https://openalex.org/W2517814849","https://openalex.org/W2583329118","https://openalex.org/W2607911734","https://openalex.org/W2701225458","https://openalex.org/W2963208797","https://openalex.org/W2963463723","https://openalex.org/W2998066361","https://openalex.org/W3139990154","https://openalex.org/W4230126391","https://openalex.org/W4239358516","https://openalex.org/W4239799938","https://openalex.org/W4245027182","https://openalex.org/W4299585926","https://openalex.org/W6605502080","https://openalex.org/W6678413391"],"related_works":["https://openalex.org/W2469507153","https://openalex.org/W2782775281","https://openalex.org/W2008790809","https://openalex.org/W2768892939","https://openalex.org/W2560361988","https://openalex.org/W2717179875","https://openalex.org/W4249118297","https://openalex.org/W3200508744","https://openalex.org/W2791662519","https://openalex.org/W2026973889"],"abstract_inverted_index":{"Android":[0,32,43,55,78,144,160,219,250,368,420,446,471,574,594,600],"has":[1,80],"grown":[2],"to":[3,16,42,64,67,127,147,195,222,298,302,370,390,417,486,488,572,636,657,669,676],"be":[4],"the":[5,68,75,114,129,138,152,168,188,197,218,237,259,295,303,307,372,380,404,410,423,436,490,511,530,586,617,663,682,686,690,695],"most":[6,347,554],"popular":[7],"mobile":[8],"operating":[9],"system":[10],"since":[11],"its":[12,17,65,163],"release":[13],"in":[14,73,84,143,240,309,333,340,379,450,454,460,681,697],"2008.Due":[15],"openness":[18],"and":[19,28,52,119,131,140,162,175,181,202,212,265,282,289,313,325,330,357,376,398,422,434,444,458,479,509,523,582,584,608,619,624,633,655,661,679,694],"ease":[20],"of":[21,26,35,40,61,71,77,159,170,190,199,204,249,261,412,452,470,476,492,533,552,555,599,621,685,692],"use,":[22],"it":[23,192],"attracts":[24],"thousands":[25],"vendors":[27],"developers":[29],"working":[30],"on":[31,233,253,267,382,517,535,541,616,648],"application":[33],"development.Millions":[34],"apps":[36,342,595,671],"provide":[37,467,637],"a":[38,57,104,156,208,228,245,364,387,468,569,597,638],"variety":[39,598],"functionalities":[41],"users,":[44,153],"such":[45],"as":[46,427,429],"online":[47],"shopping,":[48],"instant":[49],"messaging,":[50],"gaming":[51],"map":[53],"service.However,":[54],"becomes":[56],"hot":[58],"attack":[59,304,374,396,425,456,478,503],"target":[60],"cybercriminals":[62,99],"due":[63],"prevalence.According":[66],"security":[69,213,577],"report":[70],"Symantec":[72],"2016,":[74],"number":[76],"malware":[79,86,107,149,161,178,180,210,231,251,262,287,300,311,334,339,355,369,393,421,472,496,604,651,653],"reached":[81],"13":[82],"million":[83],"2015.Android":[85],"is":[87,125,137,193,215],"uploaded":[88],"into":[89],"either":[90],"Google":[91],"official":[92],"market":[93,447],"or":[94],"unofficial":[95],"markets":[96],"everyday":[97],"by":[98,280,346,402,630],"which":[100,165,277,699],"put":[101],"users":[102],"under":[103,505],"high":[105],"risk.The":[106],"may":[108],"steal":[109],"users'":[110,121],"sensitive":[111],"information,":[112],"elevate":[113],"privilege,":[115],"remote":[116],"control":[117],"devices,":[118],"encrypt":[120],"files":[122],"for":[123,217,258,367,563,589,641,672],"ransom.It":[124],"non-trivial":[126,141],"understand":[128,419],"risks":[130],"develop":[132,270,386],"effective":[133],"mitigation":[134],"against":[135],"them.Malware":[136],"critical":[139],"issue":[142],"security.In":[145],"order":[146,221,635],"prevent":[148],"from":[150,173,286,294,596,610],"attacking":[151],"we":[154,226,269,385,414,466,482,559,644,665],"need":[155],"better":[157],"understanding":[158],"behaviors,":[164],"can":[166,700],"facilitate":[167],"extraction":[169],"representative":[171],"features":[172,293,375,378,397,426,457,504],"malware,":[174,201,575],"thereby":[176],"enhance":[177],"detection.The":[179],"anti-malware":[182,206,439,493,565],"tools":[183,332,494],"are":[184,344,550,606],"keeping":[185],"evolving":[186,200],"during":[187],"process":[189],"competition.Therefore,":[191],"valuable":[194],"learn":[196],"characteristics":[198,691],"weakness":[203],"existing":[205,546,564],"tools.Moreover,":[207],"sustaining":[209],"analysis":[211,232,273,674],"assessment":[214],"lacking":[216],"world.In":[220],"address":[223],"these":[224,234,642],"problems,":[225],"propose":[227,244,363,560,568,645,666],"semantic":[229,247,284,292,323],"based":[230,252],"topics":[235],"with":[236,473,497],"following":[238],"achievements":[239],"this":[241,383,484,613],"thesis:1.":[242],"We":[243,361,567],"precise":[246],"model":[248,366],"Deterministic":[254],"Symbolic":[255],"Automaton":[256],"(DSA)":[257],"purpose":[260],"comprehension,":[263],"detection":[264],"classification.Based":[266],"DSA,":[268],"an":[271],"automatic":[272],"framework,":[274,388],"named":[275],"SMART,":[276],"learns":[278],"DSA":[279,297],"detecting":[281,455,495,553],"summarizing":[283],"clones":[285],"families,":[288],"then":[290],"extracts":[291],"learned":[296],"classify":[299],"according":[301],"patterns.We":[305],"conduct":[306,415,658],"experiments":[308,416],"both":[310,327,631],"benchmark":[312,469],"223,170":[314],"real-world":[315,341,542],"apps.The":[316],"results":[317,540],"show":[318,544],"that":[319,343,545],"SMART":[320],"builds":[321],"meaningful":[322],"models":[324],"outperforms":[326],"state-of-the-art":[328],"approaches":[329],"anti-virus":[331,348],"detection.SMART":[335],"identifies":[336,353,625],"4583":[337],"new":[338,354],"missed":[345],"tools.The":[349],"classification":[350],"step":[351],"further":[352],"variants":[356,605],"unknown":[358],"families.iv":[359],"2.":[360],"first":[362],"meta":[365],"capture":[371],"common":[373],"evasion":[377,400,430,480],"malware.Based":[381],"model,":[384],"MYSTIQUE,":[389,413],"automatically":[391,501],"generate":[392],"covering":[394],"four":[395,646],"two":[399],"features,":[401],"adopting":[403],"software":[405],"product":[406],"line":[407],"engineering":[408],"approach.With":[409],"help":[411],"1)":[418],"associated":[424],"well":[428],"techniques;":[431],"2)":[432],"evaluate":[433],"compare":[435],"57":[437],"off-the-shelf":[438],"tools,":[440],"9":[441],"academic":[442],"solutions":[443],"4":[445],"vetting":[448],"processes":[449],"terms":[451],"accuracy":[453,680],"capability":[459],"addressing":[461],"evasion.Last":[462],"but":[463],"not":[464],"least,":[465],"proper":[474],"labeling":[475],"contained":[477],"features.Moreover,":[481],"extend":[483],"work":[485,614],"MYSTIQUE-S":[487,528],"explore":[489],"capabilities":[491],"dynamic":[498,518,531],"code":[499,519],"loading.MYSTIQUE-S":[500],"selects":[502],"various":[506],"user":[507,536],"scenarios":[508],"delivers":[510],"corresponding":[512],"malicious":[513],"payloads":[514,534],"at":[515,538],"runtime.Relying":[516],"binding":[520],"(via":[521,525],"service)":[522],"loading":[524],"reflection)":[526],"techniques,":[527],"enables":[529],"execution":[532],"devices":[537,543],"runtime.Experimental":[539],"Anti-Malware":[547],"Tools":[548],"(AMTs)":[549],"incapable":[551],"our":[556,659],"generated":[557],"malware.Last,":[558],"some":[561],"enhancements":[562],"tools.3.":[566],"systematic":[570],"approach":[571],"study":[573,660],"unveil":[576],"issues,":[578,643],"obtain":[579],"insightful":[580],"conclusions":[581],"highlights,":[583],"predict":[585],"future":[587],"trend":[588],"research.We":[590],"have":[591],"collected":[592],"4,267,178":[593],"marketplaces,":[601],"where":[602],"1,004,550":[603],"identified":[607],"analyzed.Different":[609],"previous":[611],"works,":[612],"focuses":[615],"differences":[618],"evolution":[620],"apps'":[622],"characteristics,":[623],"multiple":[626],"security-related":[627],"issues":[628],"concerned":[629],"academia":[632],"industry.In":[634],"comprehensive":[639],"view":[640],"analyses":[647],"individual":[649],"app,":[650],"family,":[652],"author,":[654],"market,":[656],"guide":[662],"analysis.Furthermore,":[664],"six":[667],"dimensions":[668],"cluster":[670],"different":[673],"tasks":[675],"achieve":[677],"efficiency":[678],"large-scale":[683],"analysis.Some":[684],"key":[687],"findings":[688],"reflect":[689],"attacks,":[693],"weaknesses":[696],"protection,":[698],"benefit":[701],"all":[702],"stakeholders.x":[703]},"counts_by_year":[{"year":2023,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":1}],"updated_date":"2026-03-25T13:04:00.132906","created_date":"2017-06-05T00:00:00"}