{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,24]],"date-time":"2026-03-24T16:04:30Z","timestamp":1774368270620,"version":"3.50.1"},"publisher-location":"Cham","reference-count":24,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030616373","type":"print"},{"value":"9783030616380","type":"electronic"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-61638-0_26","type":"book-chapter","created":{"date-parts":[[2020,10,13]],"date-time":"2020-10-13T23:29:01Z","timestamp":1602631741000},"page":"473-489","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":12,"title":["DaVinci: Android App Analysis Beyond Frida via Dynamic System Call Instrumentation"],"prefix":"10.1007","author":[{"given":"Alexander","family":"Druffel","sequence":"first","affiliation":[]},{"given":"Kris","family":"Heid","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,10,14]]},"reference":[{"key":"26_CR1","unstructured":"Android platform based linux kernel rootkit. \nhttp:\/\/www.phrack.org\/issues\/68\/6.html"},{"key":"26_CR2","unstructured":"Apkid github. \nhttps:\/\/github.com\/rednaga\/APKiD"},{"key":"26_CR3","unstructured":"Bypassing integrity checking systems. \nhttp:\/\/phrack.org\/issues\/51\/9.html#article"},{"key":"26_CR4","unstructured":"Collection of android security related resources. \nhttps:\/\/github.com\/ashishb\/android-security-awesome"},{"key":"26_CR5","unstructured":"Cuckoodroid. \nhttps:\/\/github.com\/idanr1986\/cuckoodroid-2.0"},{"key":"26_CR6","unstructured":"Dissecting the android bouncer. \nhttps:\/\/jon.oberheide.org\/files\/summercon12-bouncer.pdf"},{"key":"26_CR7","unstructured":"Frida binary instrumentation toolkit. \nhttps:\/\/frida.re"},{"key":"26_CR8","unstructured":"Kernel debugging with kprobes. \nhttps:\/\/www.ibm.com\/developerworks\/library\/l-kprobes\/index.html"},{"key":"26_CR9","unstructured":"Kernel tracing with ebpf - unlocking god mode on linux. \nhttps:\/\/media.ccc.de\/v\/35c3-9532-kernel_tracing_with_ebpf"},{"key":"26_CR10","unstructured":"Lttng. \nhttps:\/\/lttng.org\/"},{"key":"26_CR11","unstructured":"Magisk. \nhttps:\/\/github.com\/topjohnwu\/Magisk"},{"key":"26_CR12","unstructured":"Rootbeer. \nhttps:\/\/github.com\/scottyab\/rootbeer"},{"key":"26_CR13","unstructured":"Smartphone market share (2020). \nhttps:\/\/www.idc.com\/promo\/smartphone-market-share\/os"},{"key":"26_CR14","unstructured":"Xposed framework. \nhttps:\/\/repo.xposed.info\/"},{"key":"26_CR15","unstructured":"Borek, M.: Intrusion detection system for android: linux kernel system calls analysis. G2 pro gradu, diplomity, Aalto University (2017). \nhttp:\/\/urn.fi\/URN:NBN:fi:aalto-201709046813"},{"issue":"1","key":"26_CR16","doi-asserted-by":"publisher","first-page":"135","DOI":"10.1145\/2189750.2150992","volume":"40","author":"P Feiner","year":"2012","unstructured":"Feiner, P., Brown, A.D., Goel, A.: Comprehensive kernel instrumentation via dynamic binary translation. SIGARCH CAN 40(1), 135\u2013146 (2012). \nhttps:\/\/doi.org\/10.1145\/2189750.2150992","journal-title":"SIGARCH CAN"},{"key":"26_CR17","series-title":"IFIP \u2014 The International Federation for Information Processing","doi-asserted-by":"publisher","first-page":"107","DOI":"10.1007\/978-0-387-73742-3_7","volume-title":"Advances in Digital Forensics III","author":"D Wampler","year":"2007","unstructured":"Wampler, D., Graham, J.: A method for detecting linux kernel module rootkits. In: Craiger, P., Shenoi, S. (eds.) DigitalForensics 2007. ITIFIP, vol. 242, pp. 107\u2013116. Springer, New York (2007). \nhttps:\/\/doi.org\/10.1007\/978-0-387-73742-3_7"},{"key":"26_CR18","doi-asserted-by":"crossref","unstructured":"Holl, T., Klocke, P., Franzen, F., Kirsch, J.: Kernel-assisted debugging of linux applications. In: 2nd Reversing and Offensive-oriented Trends Symposium 2018 (ROOTS), November 2018","DOI":"10.1145\/3289595.3289596"},{"key":"26_CR19","unstructured":"Mieghem, V.V.: Detecting malicious behaviour using system calls. Master thesis, TU Delft (2016). \nhttp:\/\/resolver.tudelft.nl\/uuid:c71c85bc-d742-449b-88e7-33e172392ec2"},{"key":"26_CR20","doi-asserted-by":"publisher","unstructured":"Petsas, T., Voyatzis, G., Athanasopoulos, E., Polychronakis, M., Ioannidis, S.: Rage against the virtual machine: hindering dynamic analysis of android malware. In: EuroSec. Association for Computing Machinery, New York (2014). \nhttps:\/\/doi.org\/10.1145\/2592791.2592796","DOI":"10.1145\/2592791.2592796"},{"key":"26_CR21","doi-asserted-by":"publisher","unstructured":"Singh, B., Evtyushkin, D., Elwell, J., Riley, R., Cervesato, I.: On the detection of kernel-level rootkits using hardware performance counters. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, ASIA CCS 2017, pp. 483\u2013493. Association for Computing Machinery, New York (2017). \nhttps:\/\/doi.org\/10.1145\/3052973.3052999","DOI":"10.1145\/3052973.3052999"},{"key":"26_CR22","doi-asserted-by":"crossref","unstructured":"Tam, K., Khan, S.J., Fattori, A., Cavallaro, L.: CopperDroid: automatic reconstruction of android malware behaviors. In: NDSS (2015)","DOI":"10.14722\/ndss.2015.23145"},{"key":"26_CR23","doi-asserted-by":"publisher","unstructured":"Vidas, T., Christin, N.: Evading android runtime analysis via sandbox detection. In: ASIA CCS, pp. 447\u2013458. Association for Computing Machinery, New York (2014). \nhttps:\/\/doi.org\/10.1145\/2590296.2590325","DOI":"10.1145\/2590296.2590325"},{"key":"26_CR24","doi-asserted-by":"publisher","unstructured":"Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: IEEE Symposium on Security and Privacy, vol. 4, pp. 95\u2013109, May 2012. \nhttps:\/\/doi.org\/10.1109\/SP.2012.16","DOI":"10.1109\/SP.2012.16"}],"container-title":["Lecture Notes in Computer Science","Applied Cryptography and Network Security Workshops"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-61638-0_26","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,10,13]],"date-time":"2020-10-13T23:29:24Z","timestamp":1602631764000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-61638-0_26"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030616373","9783030616380"],"references-count":24,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-61638-0_26","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"14 October 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ACNS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Applied Cryptography and Network Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Rome","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Italy","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 October 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 October 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"acns2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/sites.google.com\/di.uniroma1.it\/ACNS2020","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"214","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"46","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"21% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.7","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"10","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Due to the Corona pandemic the conference was held virtually.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}