{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T17:58:28Z","timestamp":1773511108214,"version":"3.50.1"},"publisher-location":"Cham","reference-count":30,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030004699","type":"print"},{"value":"9783030004705","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-030-00470-5_1","type":"book-chapter","created":{"date-parts":[[2018,9,6]],"date-time":"2018-09-06T06:43:19Z","timestamp":1536216199000},"page":"3-24","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":15,"title":["Proteus: Detecting Android Emulators from Instruction-Level Profiles"],"prefix":"10.1007","author":[{"given":"Onur","family":"Sahin","sequence":"first","affiliation":[]},{"given":"Ayse K.","family":"Coskun","sequence":"additional","affiliation":[]},{"given":"Manuel","family":"Egele","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,9,7]]},"reference":[{"key":"1_CR1","unstructured":"Analyzing Xavier: An Information-Stealing Ad Library on Android. https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/analyzing-xavier-information-stealing-ad-library-android\/"},{"key":"1_CR2","unstructured":"Android Native Development Kit (NDK). https:\/\/developer.android.com\/ndk\/guides\/index.html"},{"key":"1_CR3","unstructured":"ARM Fast Models. https:\/\/developer.arm.com\/products\/system-design\/fast-models"},{"key":"1_CR4","unstructured":"ARMv7-A\/R Architecture Reference Manual. http:\/\/infocenter.arm.com\/help\/index.jsp?topic=\/com.arm.doc.ddi0406c\/index.html"},{"key":"1_CR5","unstructured":"Exploration Tools, A-Profile Architectures. https:\/\/developer.arm.com\/products\/architecture\/a-profile\/exploration-tools"},{"key":"1_CR6","unstructured":"Google has 2 billion users on Android. https:\/\/techcrunch.com\/2017\/05\/17\/google-has-2-billion-users-on-android-500m-on-google-photos\/"},{"key":"1_CR7","unstructured":"Grabos Malware. https:\/\/securingtomorrow.mcafee.com\/consumer\/consumer-threat-notices\/grabos-malware\/"},{"key":"1_CR8","unstructured":"NetWinder Floating Point Notes. http:\/\/netwinder.osuosl.org\/users\/s\/scottb\/public_html\/notes\/FP-Notes-all.html"},{"key":"1_CR9","unstructured":"Number of Android applications. https:\/\/www.appbrain.com\/stats\/number-of-android-apps"},{"key":"1_CR10","unstructured":"QEMU emulation detection. https:\/\/wiki.koeln.ccc.de\/images\/d\/d5\/Openchaos_qemudetect.pdf"},{"key":"1_CR11","unstructured":"Balzarotti, D., Cova, M., Karlberger, C., Kruegel, C., Kirda, E., Vigna, G.: Efficient detection of split personalities in malware. In: NDSS (2010). http:\/\/www.eurecom.fr\/publication\/3022"},{"key":"1_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"278","DOI":"10.1007\/978-3-319-66402-6_17","volume-title":"Computer Security \u2013 ESORICS 2017","author":"L Bordoni","year":"2017","unstructured":"Bordoni, L., Conti, M., Spolaor, R.: Mirage: toward a stealthier and modular malware analysis sandbox for android. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10492, pp. 278\u2013296. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-66402-6_17"},{"key":"1_CR13","unstructured":"Branco, R.R., Barbosa, G.N., Neto, P.D.: Scientific but not academical overview of malware anti-debugging, anti-disassembly and Anti-VM technologies. In: BlackHat (2012)"},{"issue":"2","key":"1_CR14","doi-asserted-by":"publisher","first-page":"6:1","DOI":"10.1145\/2089125.2089126","volume":"44","author":"M Egele","year":"2008","unstructured":"Egele, M., Scholte, T., Kirda, E., Kruegel, C.: A survey on automated dynamic malware-analysis techniques and tools. ACM Comput. Surv. (CSUR) 44(2), 6:1\u20136:42 (2008). https:\/\/doi.org\/10.1145\/2089125.2089126","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"1_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"338","DOI":"10.1007\/978-3-642-32347-8_23","volume-title":"Interactive Theorem Proving","author":"A Fox","year":"2012","unstructured":"Fox, A.: Directions in ISA specification. In: Beringer, L., Felty, A. (eds.) ITP 2012. LNCS, vol. 7406, pp. 338\u2013344. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-32347-8_23"},{"key":"1_CR16","doi-asserted-by":"crossref","unstructured":"Guthaus, M.R., Ringenberg, J.S., Ernst, D., Austin, T.M., Mudge, T., Brown, R.B.: MiBench: a free, commercially representative embedded benchmark suite. In: IEEE International Workshop on Workload Characterization (IISWC) (2001)","DOI":"10.1109\/WWC.2001.990739"},{"key":"1_CR17","doi-asserted-by":"crossref","unstructured":"Jing, Y., Zhao, Z., Ahn, G.J., Hu, H.: Morpheus: automatically generating heuristics to detect android mulators. In: Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC), pp. 216\u2013225. ACM (2014). https:\/\/doi.org\/10.1145\/2664243.2664250","DOI":"10.1145\/2664243.2664250"},{"key":"1_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"338","DOI":"10.1007\/978-3-642-23644-0_18","volume-title":"Recent Advances in Intrusion Detection","author":"M Lindorfer","year":"2011","unstructured":"Lindorfer, M., Kolbitsch, C., Milani Comparetti, P.: Detecting environment-sensitive malware. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) RAID 2011. LNCS, vol. 6961, pp. 338\u2013357. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-23644-0_18"},{"key":"1_CR19","doi-asserted-by":"publisher","unstructured":"Liu, L., Gu, Y., Li, Q., Su, P.: RealDroid: large-scale evasive malware detection on \u201creal devices\u201d. In: 26th International Conference on Computer Communication and Networks (ICCCN), pp. 1\u20138, July 2017. https:\/\/doi.org\/10.1109\/ICCCN.2017.8038419","DOI":"10.1109\/ICCCN.2017.8038419"},{"key":"1_CR20","doi-asserted-by":"publisher","unstructured":"Martignoni, L., McCamant, S., Poosankam, P., Song, D., Maniatis, P.: Path-exploration lifting: hi-fi tests for lo-fi emulators. In: International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), pp. 337\u2013348. ACM, New York (2012). https:\/\/doi.org\/10.1145\/2150976.2151012","DOI":"10.1145\/2150976.2151012"},{"key":"1_CR21","doi-asserted-by":"publisher","unstructured":"Martignoni, L., Paleari, R., Roglia, G.F., Bruschi, D.: Testing CPU emulators. In: International Symposium on Software Testing and Analysis (ISSTA) (2009). https:\/\/doi.org\/10.1145\/1572272.1572303","DOI":"10.1145\/1572272.1572303"},{"key":"1_CR22","doi-asserted-by":"publisher","unstructured":"Mutti, S., et al.: Baredroid: large-scale analysis of android apps on real devices. In: Annual Computer Security Applications Conference, ACSAC (2015). https:\/\/doi.org\/10.1145\/2818000.2818036","DOI":"10.1145\/2818000.2818036"},{"key":"1_CR23","unstructured":"Oberheide, J., Miller, C.: Dissecting the android bouncer. In: SummerCon (2012)"},{"key":"1_CR24","doi-asserted-by":"crossref","unstructured":"Paleari, R., Martignoni, L., Roglia, G.F., Bruschi, D.: A fistful of red-pills: how to automatically generate procedures to detect CPU emulators. In: Proceedings of the 3rd USENIX Conference on Offensive Technologies (WOOT) (2009)","DOI":"10.1145\/1572272.1572303"},{"key":"1_CR25","doi-asserted-by":"publisher","unstructured":"Petsas, T., Voyatzis, G., Athanasopoulos, E., Polychronakis, M., Ioannidis, S.: Rage against the virtual machine: hindering dynamic analysis of android malware. In: European Workshop on System Security (EuroSec), pp. 5:1\u20135:6 (2014). https:\/\/doi.org\/10.1145\/2592791.2592796","DOI":"10.1145\/2592791.2592796"},{"key":"1_CR26","doi-asserted-by":"crossref","unstructured":"Poeplau, S., Fratantonio, Y., Bianchi, A., Kruegel, C., Vigna, G.: Execute this! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications. In: Network and Distributed System Security Symposium (NDSS) (2014)","DOI":"10.14722\/ndss.2014.23328"},{"key":"1_CR27","unstructured":"Shi, H., Alwabel, A., Mirkovic, J.: Cardinal pill testing of system virtual machines. In: 23rd USENIX Conference on Security Symposium (2014)"},{"key":"1_CR28","doi-asserted-by":"crossref","unstructured":"Tam, K., Khan, S.J., Fattori, A., Cavallaro, L.: Copperdroid: Automatic reconstruction of android malware behaviors. In: NDSS (2015)","DOI":"10.14722\/ndss.2015.23145"},{"key":"1_CR29","doi-asserted-by":"publisher","unstructured":"Vidas, T., Christin, N.: Evading android runtime analysis via sandbox detection. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security (ASIA CCS), pp. 447\u2013458. ACM (2014). https:\/\/doi.org\/10.1145\/2590296.2590325","DOI":"10.1145\/2590296.2590325"},{"key":"1_CR30","unstructured":"Yan, L.K., Yin, H.: DroidScope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic android malware analysis. In: 21st USENIX Security Symposium, Bellevue, WA, pp. 569\u2013584. USENIX (2012). https:\/\/www.usenix.org\/conference\/usenixsecurity12\/technical-sessions\/presentation\/yan"}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions, and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-00470-5_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,23]],"date-time":"2019-10-23T16:37:07Z","timestamp":1571848627000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-00470-5_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783030004699","9783030004705"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-00470-5_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]}}}