A Review of Static Detection Methods for Android Malicious Application

Pan Jianwen; Cui Zhanqi; Lin Gaoyi; Chen Xiang; Zheng Liwei

doi:10.7544/issn1000-1239.202220297

Journal of Computer Research and Development > 2023 > 60(8): 1875-1894. > DOI: 10.7544/issn1000-1239.202220297 CSTR: 32373.14.issn1000-1239.202220297

Pan Jianwen, Cui Zhanqi, Lin Gaoyi, Chen Xiang, Zheng Liwei. A Review of Static Detection Methods for Android Malicious Application[J]. Journal of Computer Research and Development, 2023, 60(8): 1875-1894. DOI: 10.7544/issn1000-1239.202220297

Citation:

PDF (1162 KB)

A Review of Static Detection Methods for Android Malicious Application

1.
Computer School, Beijing Information Science and Technology University, Beijing 100101
2.
School of Information Science and Technology, Nantong University, Nantong, Jiangsu 226019

Funds: This work was supported by the Jiangsu Provincial Frontier Leading Technology Fundamental Research Project (BK20202001), the National Natural Science Foundation of China (61702041), and the Beijing Information Science and Technology University "Qin-Xin Talent" Cultivation Plan Project (QXTCP C201906).

More Information

Author Bio:
Pan Jianwen: born in 1994. Master candidate. Student member of CCF. His main research interest includes intelligent software analysis and testing technology

Cui Zhanqi: born in 1984. PhD, professor, master supervisor. Senior member of CCF. His main research interestincludes intelligent software analysis and testing technology

Lin Gaoyi: born in 1998. Master candidate. Student member of CCF. His main research interest includes intelligent software analysis and testing technology

Chen Xiang: born in 1980. PhD, associate professor, master supervisor. Senior member of CCF. His main research interests include software testing, software maintenance, empirical software engineering, and software repository mining

Zheng Liwei: born in 1979. PhD, associate professor, master supervisor. Member of CCF. His main research interests include requirement engineering and trusted computing
Received Date: April 11, 2022
Revised Date: October 09, 2022
Available Online: May 22, 2023

Graphical Abstract

Abstract

Abstract

Due to the openness of the Android system and the diversity of the third-party application markets, Android system has achieved a high market share while brought huge risks. As a result, Android malware emerge endlessly and spread widely, which seriously threaten users’ privacy and economic security. How to effectively detect Android malware has been widely concerned by researchers. According to whether the application is executed or not, the existing malware detection methods are divided into static detection and dynamic detection. Between the two, the static detection methods outperform the dynamic detection methods in terms of efficiency and code coverage, Drebin and other static detection tools have been widely used. We systematically review the research progress in the field of static Android malware detection. First, the static features of Android applications are introduced. Then, according to different static features used for detecting Android malware, the static Android malware detection methods are classified into three categories: permissions, application programming interface（API）, and opcode based approaches, and the Android application data sets and indicators commonly used to evaluate the detection performance of Android malware are summarized. Finally, potential research directions of static Android malware detection techniques in the future are discussed, which provides references for researchers in related directions.
- Android malware,
- static detection,
- permission,
- application programming interface (API),
- opcode

FullText(HTML)

References (117)

References

[1]	中国互联网络信息中心. 中国互联网络发展状况统计报告 [EB/OL]. 2022[2022-07-10].https://www.cnnic.net.cn/hlwfzyj/hlwxzbg/hlwtjbg/ 202202/P020220407403488048001.pdf China Internet Network Information Center. Statistical report on the development of Internet in China [EB/OL]. 2022[2022-07-10].https://www.cnnic.net.cn/hlwfzyj/hlwxzbg/hlwtjbg/202202/P020220407403488048001.pdf (in Chinese)
[2]	International Data Corporation. Smartphone market share [EB/OL]. 2021[2021-12-09].https://www.idc.com/promo/smartphone-market-share
[3]	中国国家计算机网络应急响应技术团队/协调中心. 2020年中国互联网网络安全报告 [EB/OL]. 2021[2022-07-08].https://www.cert.or g.cn/publish/main/upload/File/2020%20Annual%20Report.pdf The National Computer Network Emergency Response Technical Team/Coordination Center of China. 2020 China Internet network security report[EB/OL]. 2021[2022-07-08].https://www.cert.org.cn/p ublish/main/upload/File/2020%20Annual%20Report.pdf
[4]	Project Zero Team at Google. Bad binder: Android in the wild exploit [EB/OL]. 2019[2021-11-05].https://googleprojectzero.blogspot.com/20 19/11/bad-binder-android-in-wild-exploit.html
[5]	Hasan H, Ladani B T, Zamani B. MEGDroid: A model-driven event generation framework for dynamic Android malware analysis[J]. Information and Software Technology, 2021, 135: 106569 doi: 10.1016/j.infsof.2021.106569
[6]	Feng Pingbin, Ma Jianfen, Sun Cong, et al. A novel dynamic Android malware detection system with ensemble learning[J]. IEEE Access, 2018, 6: 30996−31011 doi: 10.1109/ACCESS.2018.2844349
[7]	Arp D, Spreitzenbarth M, Hubner M, et al. Drebin: Effective and explainable detection of Android malware in your pocket[C] //Proc of the 14th Symp of Network & Distributed System Security Symp. San Diego, CA: ISOC, 2014: 23−26
[8]	Samra A A A, Qunoo H N, Al-Rubaie F, et al. A survey of static Android malware detection techniques[C/OL] //Proc of the 7th IEEE Palestinian Int Conf on Electrical and Computer Engineering (PICECE). Piscataway, NJ: IEEE, 2019[2022-09-03].https://ieeexplore.ieee.org/ document/8747224
[9]	Bayazit E C, Sahingoz O K, Dogan B. Malware detection in Android systems with traditional machine learning models: A survey[C/OL] //Proc of the 2020 Int Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA). Piscataway, NJ: IEEE, 2020[2022-09-03].https://ieeexplore.ieee.org/abstract/document/9152840
[10]	Desnos A, Gueguen G, Bachmann S. Androguard [EB/OL]. 2018[2022-09-03].https://androguard.readthedocs.io/
[11]	Tumbleson C. Apktool [EB/OL]. 2022[2022-09-03].https://ibotpeache s.github.io/Apktool/
[12]	Android Developers. Android runtime (ART) and Dalvik [EB/OL]. (2022-08-11)[2022-09-03].https://source.android.com/docs/core/dalvik
[13]	Peruma A, Palmerino J, Krutz D E. Investigating user perception and comprehension of Android permission models[C] //Proc of the 5th Int Conf on Mobile Software Engineering and Systems. New York: ACM, 2018: 56−66
[14]	Sanz B, Santos I, Laorden C, et al. Puma: Permission usage to detect malware in Android[C] //Proc of the 5th the Int Joint Conf Computational Intelligence in Security for Information Systems. Berlin: Springer, 2012: 289–298
[15]	Ilham S, Abderrahim G, Abdelhakim B A. Permission based malware detection in Android devices[C/OL] //Proc of the 3rd Int Conf on Smart City Applications. New York: ACM, 2018[2022-09-03].https://dl.ac m.org/doi/abs/10.1145/3286606.3286860
[16]	Android Developers. Intent [EB/OL]. (2022-06-08)[2022-09-03].https://developer.android.com/reference/android/content/Intent
[17]	杨宏宇,徐晋. 基于改进随机森林算法的Android恶意软件检测[J]. 通信学报,2017,38(4):8−16 doi: 10.11959/j.issn.1000-436x.2017073 Yang Hongyu, Xu Jin. Android malware detection based on improved random forest[J]. Journal on Communications, 2017, 38(4): 8−16 (in Chinese) doi: 10.11959/j.issn.1000-436x.2017073
[18]	Feizollah A, Nor B A, Rosli S, et al. AndroDialysis: Analysis of Android intent effectiveness in malware detection[J]. Computers & Security, 2017, 65: 121−134
[19]	Idrees F, Rajarajan M, Conti M, et al. PIndroid: A novel Android malware detection system using ensemble learning methods[J]. Computers & Security, 2017, 68: 36−46
[20]	Zhang Li, Thing V L L, Cheng Yao. A scalable and extensible framework for Android malware detection and family attribution[J]. Computers & Security, 2019, 80: 120−133
[21]	Wang Wei, Wang Xing, Feng Dawei, et al. Exploring permission-induced risk in Android applications for malicious application detection[J]. IEEE Transactions on Information Forensics and Security, 2014, 9(11): 1869−1882 doi: 10.1109/TIFS.2014.2353996
[22]	杨欢, 张玉清, 胡予濮, 等. 基于权限频繁模式挖掘算法的Android恶意应用检测方法[J]. 通信学报, 2013, 34（S1）: 106−115 Yang Huan, Zhang Yuqing, Hu Yupu, et al. Android malware detection method based on permission sequential pattern mining algorithm[J] Journal on Communications, 2013, 34(S1): 106−115 (in Chinese)
[23]	Arora A, Peddoju S K, Conti M. PermPair: Android malware detection using permission pairs[J]. IEEE Transactions on Information Forensics and Security, 2019, 15: 1968−1982
[24]	Android Developers. Android API[EB/OL]. (2022-05-11)[2022-09-03].https://developer.android.com/reference/packages
[25]	Scalas M, Maiorca D, Mercaldo F, et al. On the effectiveness of system API-related information for Android ransomware detection[J]. Computers & Security, 2019, 86: 168−182
[26]	Wu Songyang, Wang Pan, Li Xun, et al. Effective detection of Android malware based on the usage of data flow APIs and machine learning[J]. Information and Software Technology, 2016, 75: 17−25 doi: 10.1016/j.infsof.2016.03.004
[27]	Shen Feng, Del Vecchio J, Mohaisen A, et al. Android malware detection using complex-flows[J]. IEEE Transactions on Mobile Computing, 2018, 18(6): 1231−1245
[28]	Junaid M, Liu Donggang, Kung D. Dexteroid: Detecting malicious behaviors in Android apps using reverse-engineered life cycle models[J]. Computers & Security, 2016, 59: 92−117
[29]	Feng Yu, Anand S, Dillig I, et al. Apposcopy: Semantics-based detection of Android malware through static analysis[C] //Proc of the 22nd ACM SIGSOFT Int Symp on Foundations of Software Engineering. New York: ACM, 2014: 576−587
[30]	张捷,田聪,段振华. 基于污染变量关系图的Android应用污点分析工具[J]. 软件学报,2021,32(6):1701−1716 doi: 10.13328/j.cnki.jos.006245 Zhang Jie, Tian Cong, Duan Zhenhua. Taint analysis tool of Android applications based on tainted value graph[J]. Journal of Software, 2021, 32(6): 1701−1716 (in Chinese) doi: 10.13328/j.cnki.jos.006245
[31]	缪小川,汪睿,许蕾,等. 使用敏感路径识别方法分析安卓应用安全性[J]. 软件学报,2017,28(9):2248−2263 doi: 10.13328/j.cnki.jos.005177 Miao Xiaochuan, Wang Rui, Xu Lei, et al. Security analysis for Android applications using sensitive path identification[J]. Journal of Software, 2017, 28(9): 2248−2263 (in Chinese) doi: 10.13328/j.cnki.jos.005177
[32]	王蕾,周卿,何冬杰,等. 面向Android应用隐私泄露检测的多源污点分析技术[J]. 软件学报,2019,30(2):211−230 doi: 10.13328/j.cnki.jos.005581 Wang Lei, Zhou Qin, He Dongjie, et al. Multi-source taint analysis technique for privacy leak detection of Android APPs[J]. Journal of Software, 2019, 30(2): 211−230 (in Chinese) doi: 10.13328/j.cnki.jos.005581
[33]	Elish K O, Shu Xiaokui, Yao Dangfen, et al. Profiling user-trigger dependence for Android malware detection[J]. Computers & Security, 2015, 49: 255−273
[34]	Alam S, Alharbi S A, Yildirim S. Mining nested flow of dominant APIs for detecting Android malware[J]. Computer Networks, 2020, 167: 107026 doi: 10.1016/j.comnet.2019.107026
[35]	Mariconti E, Onwuzurike L, Andriotis P, et al. MaMaDroid: Metecting Android malware by building Markov chains of behavioral models[C/OL] //Proc of the 23rd Annual Network and Distributed System Security Symp(NDSS). San Diego, CA: ISOC, 2017[2022-07-03].https://www.ndss-symposium.org/ndss2017/nd ss-2017-programme/mamadroid-detecting-android-malware-building-markov-chains-behavioral-models/
[36]	Zhang Xiaohan, Zhang Yuan, Zhong Ming, et al. Enhancing state-of-the-art classifiers with API semantics to detect evolved Android malware[C] //Proc of the 2020 ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2020: 757−770
[37]	Xu Jiayun, Li Yingjiu, Deng R, et al. SDAC: A slow-aging solution for Android malware detection using semantic distance based API clustering[J]. IEEE Transactions on Dependable and Secure Computing, 2020, 19(2): 1149−1163
[38]	Wu Yueming, Li Xiaodi, Zou Deqing, et al. MalScan: Fast market-wide mobile malware scanning by social-network centrality analysis[C] //Proc of the 34th IEEE/ACM Int Conf on Automated Software Engineering (ASE). Piscataway, NJ: IEEE, 2019: 139−150
[39]	Zou Deqing, Wu Yueming, Yang Siru, et al. IntDroid: Android malware detection based on API intimacy analysis[J]. ACM Transactions on Software Engineering and Methodology, 2021, 30(3): 1−32
[40]	Wu Yueming, Zou Deqing, Yang Wei, et al. HomDroid: Detecting Android covert malware by social-network homophily analysis[C] //Proc of the 30th ACM SIGSOFT Int Symp on Software Testing and Analysis. New York: ACM, 2021: 216−229
[41]	Zhao Kaifa, Zhou Hao, Zhu Yulin, et al. Structural attack against graph based Android malware detection[C] //Proc of the 9th ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2021: 3218−3235
[42]	Demontis A, Melis M, Biggio B, et al. Yes, machine learning can be more secure! A case study on Android malware detection[J]. IEEE Transactions on Dependable and Secure Computing, 2017, 16(4): 711−724
[43]	D’Angelo G, Ficco M, Palmieri F. Malware detection in mobile environments based on autoencoders and API-images[J]. Journal of Parallel and Distributed Computing, 2020, 137: 26−33 doi: 10.1016/j.jpdc.2019.11.001
[44]	Gao Tianchong, Peng Wei, Sisodia D, et al. Android malware detection via graphlet sampling[J]. IEEE Transactions on Mobile Computing, 2018, 18(12): 2754−2767
[45]	徐冰冰,岑科廷,黄俊杰,等. 图卷积神经网络综述[J]. 计算机学报,2020,43(5):755−780 doi: 10.11897/SP.J.1016.2020.00755 Xu Bingbing, Cen Keting, Huang Junjie, et al. A survey on graph convolutional neural network[J]. Chinese Journal of Computers, 2020, 43(5): 755−780 (in Chinese) doi: 10.11897/SP.J.1016.2020.00755
[46]	Gao Han, Cheng Shaoyin, Zhang Weiming. GDroid: Android malware detection and classification with graph convolutional network[J]. Computers & Security, 2021, 106: 102264
[47]	Li Shanxi, Zhou Qinguo, Zhou Rui, et al. Intelligent malware detection based on graph convolutional network[J]. The Journal of Supercomputing, 2021, 78: 4182−4198
[48]	Pei Xinjun, Yu Long, Tian Shengwei. AMalNet: A deep learning framework based on graph convolutional networks for malware detection[J]. Computers & Security, 2020, 93: 101792
[49]	Ou Fan, Xu Jian. S³Feature: A static sensitive subgraph-based feature for Android malware detection[J]. Computers & Security, 2021, 112: 102513
[50]	Fan Ming, Liu Jun, Luo Xiapu, et al. Android malware familial classification and representative sample selection via frequent subgraph analysis[J]. IEEE Transactions on Information Forensics and Security, 2018, 13(8): 1890−1905 doi: 10.1109/TIFS.2018.2806891
[51]	Lu Xiaofeng, Zhao Jinglun, Lio P. Robust Android malware detection based on subgraph network and denoising GCN network[C] //Proc of the 20th Annual Int Conf on Mobile Systems, Applications and Services. New York: ACM, 2022: 549−550
[52]	Amer E, Zelinka I, El-Sappagh S. A multi-perspective malware detection approach through behavioral fusion of API call sequence[J]. Computers & Security, 2021, 110: 102449
[53]	Allen J, Landen M, Chaba S, et al. Improving accuracy of Android malware detection with lightweight contextual awareness[C] //Proc of the 34th Annual Computer Security Applications Conf. New York: ACM, 2018: 210−221
[54]	Zhang Mu, Duan Yue, Yin Heng, et al. Semantics-aware Android malware classification using weighted contextual API dependency graphs[C] //Proc of the 2014 ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2014: 1105−1116
[55]	Narayanan A, Chandramohan M, Chen Lihui, et al. A multi-view context-aware approach to Android malware detection and malicious code localization[J]. Empirical Software Engineering, 2018, 23(3): 1222−1274 doi: 10.1007/s10664-017-9539-8
[56]	Frenklach T, Cohen D, Shabtai A, et al. Android malware detection via an app similarity graph[J]. Computers & Security, 2021, 109: 102386
[57]	Karbab E M B, Debbabi M, Derhab A, et al. Scalable and robust unsupervised Android malware fingerprinting using community-based network partitioning[J]. Computers & Security, 2020, 97: 101965
[58]	Karbab E M B, Debbabi M, Derhab A, et al. Cypider: Building community-based cyber-defense infrastructure for Android malware detection[C] //Proc of the 32nd Annual Conf on Computer Security Applications. New York: ACM, 2016: 348−362
[59]	Badhani S, Muttoo S K. CENDroid—A cluster-ensemble classifier for detecting malicious Android applications[J]. Computers & Security, 2019, 85: 25−40
[60]	Mahindru A, Sangal A L. HybriDroid: An empirical analysis on effective malware detection model developed using ensemble methods[J]. The Journal of Supercomputing, 2021, 77: 8209−8251 doi: 10.1007/s11227-020-03569-4
[61]	Zhu Huijuan, Wang Liangmin, Zhong Sheng, et al. A hybrid deep network framework for Android malware detection[J/OL]. IEEE Transactions on Knowledge and Data Engineering, 2021[2022-09-03].https://ieeexplore.ieee.org/abstract/document/9387579
[62]	Cen Lei, Gates C S, Si Luo, et al. A probabilistic discriminative model for Android malware detection with decompiled source code[J]. IEEE Transactions on Dependable and Secure Computing, 2014, 12(4): 400−412
[63]	Peynirci G, Eminağaoğlu M, Karabulut K. Feature selection for malware detection on the Android platform based on differences of IDF values[J]. Journal of Computer Science and Technology, 2020, 35(4): 946−962 doi: 10.1007/s11390-020-9323-x
[64]	Kong Ke, Zhang Zhichao, Yang Ziyuan, et al. FCSCNN: Feature centralized Siamese CNN-based Android malware identification[J]. Computers & Security, 2021, 112: 102514
[65]	Cai Lingru, Li Yao, Xiong Zhi. JOWMDroid: Android malware detection based on feature weighting with joint optimization of weight-mapping and classifier parameters[J]. Computers & Security, 2021, 100: 102086
[66]	Feng Rui, Chen Sen, Xie Xiaofei, et al. A performance-sensitive malware detection system using deep learning on mobile devices[J]. IEEE Transactions on Information Forensics and Security, 2020, 16: 1563−1578
[67]	Garcia J, Hammad M, Malek S. Lightweight, obfuscation-resilient detection and family identification of Android malware[J]. ACM Transactions on Software Engineering and Methodology, 2018, 26(3): 1−29
[68]	Hei Yiming, Yang Renyu, Peng Hao, et al. HAWK: Rapid Android malware detection through heterogeneous graph attention networks[J/OL]. IEEE Transactions on Neural Networks and Learning Systems, 2021[2022-09-03].https://ieeexplore.ieee.org/abstract/docu ment/9524453
[69]	Tang Junwei, Li Ruixuan, Jiang Yu, et al. Android malware obfuscation variants detection method based on multi-granularity opcode features[J]. Future Generation Computer Systems, 2022, 129: 141−151 doi: 10.1016/j.future.2021.11.005
[70]	陈铁明,杨益敏,陈波. Maldetect:基于Dalvik指令抽象的Android恶意代码检测系统[J]. 计算机研究与发展,2016,53(10):2299−2306 doi: 10.7544/issn1000-1239.2016.20160348 Chen Tieming, Yang Yimin, Chen Bo. Maldetect: An Android malware detection system based on abstraction of dalvik instructions[J]. Journal of Computer Research and Development, 2016, 53(10): 2299−2306 (in Chinese) doi: 10.7544/issn1000-1239.2016.20160348
[71]	McLaughlin N, Martinez del Rincon J, Kang B J, et al. Deep Android malware detection[C] //Proc of the 7th ACM on Conf on Data and Application Security and Privacy. New York: ACM, 2017: 301−308
[72]	李挺,董航,袁春阳,等. 基于Dalvik指令的Android恶意代码特征描述及验证[J]. 计算机研究与发展,2014,51(7):1458−1466 doi: 10.7544/issn1000-1239.2014.20131897 Li Tine, Dong Hang, Yuan Chunyang, et al. Description of Android malware feature based on Dalvik instructions[J]. Journal of Computer Research and Development, 2014, 51(7): 1458−1466 (in Chinese) doi: 10.7544/issn1000-1239.2014.20131897
[73]	Mercaldo F, Santone A. Formal equivalence checking for mobile malware detection and family classification[J]. IEEE Transactions on Software Engineering, 2021, 48(7): 2643−2657
[74]	Canfora G, Mercaldo F, Visaggio C A. An HMM and structural entropy based detector for Android malware: An empirical study[J]. Computers & Security, 2016, 61: 1−18
[75]	Xiao Xusheng, Yang Shao. An image-inspired and CNN-based Android malware detection approach[C] //Proc of the 34th IEEE/ACM Int Conf on Automated Software Engineering (ASE). Piscataway, NJ: IEEE, 2019: 1259−1261
[76]	Yadav P, Menon N, Ravi V, et al. EfficientNet convolutional neural networks-based Android malware detection[J]. Computers & Security, 2022, 115: 102622
[77]	Iadarola G, Martinelli F, Mercaldo F, et al. Towards an interpretable deep learning model for mobile malware detection and family identification[J]. Computers & Security, 2021, 105: 102198
[78]	Yuan Baoguo, Wang Junfeng, Liu Dong, et al. Byte-level malware classification based on Markov images and deep learning[J]. Computers & Security, 2020, 92: 101740
[79]	张炳,文峥,魏筱瑜,等. InterDroid:面向概念漂移的可解释性Android恶意软件检测方法[J]. 计算机研究与发展,2021,58(11):2456−2474 doi: 10.7544/issn1000-1239.2021.20210560 Zhang Bing, Wen Zheng, Wei Xiaoyu, et al. InterDroid: An interpretable Android malware detection method for conceptual drift[J]. Journal of Computer Research and Development, 2021, 58(11): 2456−2474 (in Chinese) doi: 10.7544/issn1000-1239.2021.20210560
[80]	Qiu Junyang, Han Qinglong, Luo Wei, et al. Cyber code intelligence for Android malware detection[J/OL]. IEEE Transactions on Cybernetics, 2022[2022-09-03].https://ieeexplore.ieee.org/abstract/document/9764650
[81]	陈波,潘永涛,陈铁明. 基于多层SimHash的Android恶意应用程序检测方法[J]. 通信学报,2017,38(S2):30−36 Chen Bo, Pan Yongtao, Chen Tieming. Android malware detection method based on SimHash[J]. Journal on Communications, 2017, 38(S2): 30−36 (in Chinese)
[82]	Kim T G, Kang B J, Rho M, et al. A multimodal deep learning method for Android malware detection using various features[J]. IEEE Transactions on Information Forensics and Security, 2018, 14(3): 773−788
[83]	Lu Ning, Li Dan, Shi Wenbo, et al. An efficient combined deep neural network based malware detection framework in 5G environment[J]. Computer Networks, 2021, 189: 107932 doi: 10.1016/j.comnet.2021.107932
[84]	杨欢,张玉清,胡予濮,等. 基于多类特征的Android应用恶意行为检测系统[J]. 计算机学报,2014,37(1):15−27 Yang Huan, Zhang Yuqing, Hu Yupu, et al. A malware behavior detection system of Android applications based on multi-class features[J]. Chinese Journal of Computers, 2014, 37(1): 15−27 (in Chinese)
[85]	Android Developers. UI/application exerciser Monkey[EB/OL]. (2022-03-11)[2022-09-03].https://developer.android.com/studio/test/monkey.html
[86]	Alzaylaee M K, Yerima S Y, Sezer S. DL-Droid: Deep learning based Android malware detection using real devices[J]. Computers & Security, 2020, 89: 101663
[87]	Arora A, Peddoju S K, Chouhan V, et al. Hybrid Android malware detection by combining supervised and unsupervised learning[C] //Proc of the 24th Annual Int Conf on Mobile Computing and Networking. New York: ACM, 2018: 798−800
[88]	Tong Fei, Yan Zheng. A hybrid approach of mobile malware detection in Android[J]. Journal of Parallel and Distributed Computing, 2017, 103: 22−31 doi: 10.1016/j.jpdc.2016.10.012
[89]	Wang Shanshan, Chen Zhenxiang, Yan Qiben, et al. Deep and broad URL feature mining for Android malware detection[J]. Information Sciences, 2020, 513: 600−613 doi: 10.1016/j.ins.2019.11.008
[90]	Han Qian, Subrahmanian V S, Xiong Yanhai. Android malware detection via (somewhat) robust irreversible feature transformations[J]. IEEE Transactions on Information Forensics and Security, 2020, 15: 3511−3525 doi: 10.1109/TIFS.2020.2975932
[91]	Chakraborty T, Pierazzi F, Subrahmanian V S. Ec2: Ensemble clustering and classification for predicting Android malware families[J]. IEEE Transactions on Dependable and Secure Computing, 2017, 17(2): 262−277
[92]	Jerbi M, Dagdia Z C, Bechikh S, et al. On the use of artificial malicious patterns for Android malware detection[J]. Computers & Security, 2020, 92: 101743
[93]	李鹏伟,姜宇谦,薛飞扬,等. 一种基于深度学习的强对抗性Android恶意代码检测方法[J]. 电子学报,2020,48(8):1502−1508 Li Pengwei, Jiang Yuqian, Xue Feiyang, et al. A robust approach for Android malware detection based on deep learning[J]. Acta Electronica Sinica, 2020, 48(8): 1502−1508 (in Chinese)
[94]	Costa F H, Medeiros I, Menezes T, et al. Exploring the use of static and dynamic analysis to improve the performance of the mining sandbox approach for Android malware identification[J]. Journal of Systems and Software, 2022, 183: 111092 doi: 10.1016/j.jss.2021.111092
[95]	Yuan Zhenlong, Lu Yongqiang, Wang Zhaoguo, et al. Droid-Sec: Deep learning in Android malware detection[J]. ACM SIGCOMM Computer Communication Review, 2014, 44(4): 371−372
[96]	Amer E, El-Sappagh S. Robust deep learning early alarm prediction model based on the behavioural smell for Android malware[J]. Computers & Security, 2022, 116: 102670
[97]	Zhang Yanxin, Sui Yulei, Pan Shirui, et al. Familial clustering for weakly-labeled Android malware using hybrid representation learning[J]. IEEE Transactions on Information Forensics and Security, 2019, 15: 3401−3414
[98]	Tian Ke, Yao Danfeng, Ryder B G, et al. Detection of repackaged Android malware with code-heterogeneity features[J]. IEEE Transactions on Dependable and Secure Computing, 2017, 17(1): 64−77
[99]	Alam S, Qu Zhengyang, Riley R, et al. DroidNative: Automating and optimizing detection of Android native code malware variants[J]. Computers & Security, 2017, 65: 230−246
[100]	Zhan Xian, Fan Lingling, Liu Tianming, et al. Automated third-party library detection for Android applications: Are we there yet?[C] //Proc of the 35th IEEE/ACM Int Conf on Automated Software Engineering (ASE). Piscataway, NJ: IEEE, 2020: 919−930
[101]	Backes M , Bugiel S , Derr E . Reliable third-party library detection in Android and its security application[C] //Proc of the 23rd ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2016: 356−367
[102]	Ma Ziang , Wang Haoyu , Yao Guo , et al. LibRadar: Fast and accurate detection of third-party libraries in Android apps[C] //Proc of the 38th Int Conf on Software Engineering Companion (ICSE-C). New York: ACM, 2017: 653–656
[103]	Yuan Zhang , Dai Jiarun , Zhang Xiaohan , et al. Detecting third-party libraries in Android applications with high precision and recall[C] //Proc of the 25th IEEE Int Conf on Software Analysis, Evolution and Reengineering (SANER). Piscataway, NJ: IEEE, 2018: 141−152
[104]	He Yiling, Liu Yiping, Wu Lei, et al. MsDroid: Identifying malicious snippets for Android malware detection[J/OL]. IEEE Transactions on Dependable and Secure Computing, 2022[2022-09-03].https://ieeexplore.ieee.org/abstract/document/9762803
[105]	Chen Jian, Alalfi M H, Dean T R, et al. Detecting Android malware using clone detection[J]. Journal of Computer Science and Technology, 2015, 30(5): 942−956 doi: 10.1007/s11390-015-1573-7
[106]	Cordy J R, Roy C K. The NiCad clone detector[C] //Proc of the 19th Int Conf on Program Comprehension. Piscataway, NJ: IEEE, 2011: 219−220
[107]	Meng Guozhu, Xue Yinxing, Xu Zhengzi, et al. Semantic modelling of Android malware for effective malware comprehension, detection, and classification[C] //Proc of the 25th Int Symp on Software Testing and Analysis. New York: ACM, 2016: 306−317
[108]	刘新宇,翁健,张悦,等. 基于APK签名信息反馈的Android恶意应用检测[J]. 通信学报,2017,38(5):190−198 doi: 10.11959/j.issn.1000-436x.2017095 Liu Xinyu, Weng Jian, Zhang Yue, et al. Android malware detection based on APK signature information feedback[J]. Journal on Communications, 2017, 38(5): 190−198 (in Chinese) doi: 10.11959/j.issn.1000-436x.2017095
[109]	Xu Ke, Li Yingjiu, Deng R H. ICCdetector: ICC-based malware detection on Android[J]. IEEE Transactions on Information Forensics and Security, 2016, 11(6): 1252−1264 doi: 10.1109/TIFS.2016.2523912
[110]	Pinhero A, Anupama M L, Vinod P, et al. Malware detection employed by visualization and deep neural network[J]. Computers & Security, 2021, 105: 102247
[111]	Allix K, Bissyandé T F, Klein J, et al. Androzoo: Collecting millions of Android apps for the research community[C] //Proc of the IEEE/ACM 13th Working Conf on Mining Software Repositories (MSR). Piscataway, NJ: IEEE, 2016: 468−471
[112]	Zhou Yajin, Jiang Xuxian. Dissecting Android malware: Characterization and evolution[C] //Proc of the 2012 IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2012: 95−109
[113]	Wei Fengguo, Li Yuping, Roy S, et al. Deep ground truth analysis of current Android malware[C] //Proc of the 14th Int Conf on Detection of Intrusions and Malware, and Vulnerability Assessment. Berlin: Springer, 2017: 252−276
[114]	Kadir A F A, Stakhanova N, Ghorbani A A. Android botnets: What URLs are telling us[C] //Proc of the 9th Int Conf on Network and System Security. Berlin: Springer, 2015: 78−91
[115]	Wang Liu, Wang Haoyu, He Ren, et al. MalRadar: Demystifying Android malware in the new era[J]. Proceedings of the ACM on Measurement and Analysis of Computing Systems, 2022, 6(2): 1−27
[116]	Wang Liu, He Ren, Wang Haoyu, et al. Beyond the virus: A first look at coronavirus-themed Android malware[J]. Empirical Software Engineering, 2021, 26(4): 1−38
[117]	Martín A, Lara-Cabrera R, Camacho D. Android malware detection through hybrid features fusion and ensemble classifiers: The AndroPyTool framework and the OmniDroid dataset[J]. Information Fusion, 2019, 52: 128−142 doi: 10.1016/j.inffus.2018.12.006