{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,30]],"date-time":"2025-08-30T16:53:15Z","timestamp":1756572795339,"version":"3.40.3"},"publisher-location":"Cham","reference-count":56,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319288642"},{"type":"electronic","value":"9783319288659"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-28865-9_4","type":"book-chapter","created":{"date-parts":[[2016,1,23]],"date-time":"2016-01-23T03:40:02Z","timestamp":1453520402000},"page":"58-77","source":"Crossref","is-referenced-by-count":15,"title":["Using Provenance Patterns to Vet Sensitive Behaviors in Android Apps"],"prefix":"10.1007","author":[{"given":"Chao","family":"Yang","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Guangliang","family":"Yang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ashish","family":"Gehani","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Vinod","family":"Yegneswaran","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dawood","family":"Tariq","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Guofei","family":"Gu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"4_CR1","unstructured":"Antutu benchmark. \n                    https:\/\/play.google.com\/store\/apps\/details?id=com.antutu.ABenchMark&hl=en"},{"key":"4_CR2","unstructured":"Graphviz - graph visualization software. \n                    http:\/\/www.graphviz.org\/"},{"key":"4_CR3","unstructured":"National security agency. security-enhanced linux. \n                    http:\/\/www.nsa.gov\/research\/selinux"},{"key":"4_CR4","unstructured":"Neo4j. \n                    http:\/\/www.neo4j.org\/?gclid=CIXUs_D-xb0CFQaBfgodIAMARw"},{"key":"4_CR5","unstructured":"Obfuscating embedded malware on android. \n                    http:\/\/www.symantec.com\/connect\/blogs\/obfuscating-embedded-malware-android"},{"key":"4_CR6","unstructured":"The proc filesystem. \n                    http:\/\/en.wikipedia.org\/wiki\/Procfs"},{"key":"4_CR7","unstructured":"Strace - trace system calls and signals. \n                    http:\/\/linux.die.net\/man\/1\/strace"},{"key":"4_CR8","unstructured":"Sysfs. \n                    http:\/\/en.wikipedia.org\/wiki\/Sysfs"},{"key":"4_CR9","unstructured":"Ui\/application exerciser monkey. \n                    http:\/\/developer.android.com\/tools\/help\/monkey.html"},{"key":"4_CR10","doi-asserted-by":"crossref","unstructured":"Andrus, J., Dall, C., Hof, A.V., Laadan, O., Nieh, J.: Cells: a virtual mobile smartphone architecture. In: Proceedings of 23rd SOSP (2011)","DOI":"10.1145\/2043556.2043574"},{"key":"4_CR11","doi-asserted-by":"crossref","unstructured":"Au, K., Zhou, Y., Huang, Z., Lie, D., Gong, X., Han, X., Zhou, W.: Pscout: analyzing the android permission specification. In: Proceedings of the 19th CCS (2012)","DOI":"10.1145\/2382196.2382222"},{"key":"4_CR12","doi-asserted-by":"crossref","unstructured":"Backes, M., Bugiel, S., Gerling, S.: Scippa: system-centric IPC provenance on Android. In: 30th Annual Computer Security Applications Conference (2014)","DOI":"10.1145\/2664243.2664264"},{"key":"4_CR13","doi-asserted-by":"crossref","unstructured":"Bose, A., Hu, X., Shin, K.G., Park, T.: Behavioral detection of malware on mobile handsets. In: Proceedings of the 6th MobiSys (2008)","DOI":"10.1145\/1378600.1378626"},{"key":"4_CR14","unstructured":"Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.-R., Shastry, B.: Towards taming privilege-escalation attacks on android. In: Proceedings of the 19th NDSS (2012)"},{"key":"4_CR15","doi-asserted-by":"crossref","unstructured":"Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for android. In: Proceedings of the 1st Workshop on CCSSPSM (2011)","DOI":"10.1145\/2046614.2046619"},{"key":"4_CR16","doi-asserted-by":"crossref","unstructured":"Chan, P.P., Hui, L.C., Yiu, S.M.: Droidchecker: analyzing android applications for capability leak. In: Proceedings of the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks (2012)","DOI":"10.1145\/2185448.2185466"},{"key":"4_CR17","unstructured":"Chen, K., Johnson, N., Silva, V., Dai, S., MacNamara, K., Magrino, T., Wu, E., Rinard, M., Song, D.: Contextual policy enforcement in android applications with permission event graphs. In: Proceedings of the NDSS (2013)"},{"key":"4_CR18","unstructured":"Chenxiong, Q., Xiapu, L., Yuru, S., Alvin, C.: Ndroid: on tracking information flows through jni in android applications. In: Proceedings of the 44th DSN (2014)"},{"key":"4_CR19","doi-asserted-by":"crossref","unstructured":"Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in android. In: Proceedings of the 9th MobiSys (2011)","DOI":"10.1145\/1999995.2000018"},{"key":"4_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"331","DOI":"10.1007\/978-3-642-18178-8_29","volume-title":"Information Security","author":"M Conti","year":"2011","unstructured":"Conti, M., Nguyen, V.T.N., Crispo, B.: CRePE: context-related policy enforcement for Android. In: Burmester, M., Tsudik, G., Magliveras, S., Ili\u0107, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 331\u2013345. Springer, Heidelberg (2011)"},{"key":"4_CR21","unstructured":"Dietz, M., Shekhar, S., Pisetsky, Y., Shu, A., Wallach, D.S.: Quire: lightweight provenance for smart phone operating systems. In: Proceedings of the USENIX Security (2011)"},{"key":"4_CR22","unstructured":"Enck, W., Gilbert, P., Chun, B.G., Cox, L.P., Jung, J., Mc-Daniel, P., Sheth, A.N.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th OSDI (2010)"},{"key":"4_CR23","doi-asserted-by":"crossref","unstructured":"Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of the 16th CCS (2009)","DOI":"10.1145\/1653662.1653691"},{"key":"4_CR24","doi-asserted-by":"crossref","unstructured":"Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystied. In: Proceedings of the 18th CCS (2011)","DOI":"10.1145\/2046707.2046779"},{"key":"4_CR25","unstructured":"Felt, A.P., Wang, H.J., Moshchuk, A., Hanna, S., Chin, E.: Permission re-delegation: attacks and defenses. In: Proceedings of the USENIX Security (2011)"},{"key":"4_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1007\/978-3-642-35170-9_6","volume-title":"Middleware 2012","author":"D Tariq","year":"2012","unstructured":"Tariq, D., Gehani, A.: SPADE: support for provenance auditing in distributed environments. In: Narasimhan, P., Triantafillou, P. (eds.) Middleware 2012. LNCS, vol. 7662, pp. 101\u2013120. Springer, Heidelberg (2012)"},{"key":"4_CR27","doi-asserted-by":"crossref","unstructured":"Joung Ham, Y., Moon, D., Lee, H.-W., Deok Lim, J., Nyeo Kim, J.: Android mobile application system call event pattern analysis for determination of malicious attack. International Journal of Security and Its Applications 8(1) (2014)","DOI":"10.14257\/ijsia.2014.8.1.22"},{"key":"4_CR28","doi-asserted-by":"crossref","unstructured":"Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These are not the droids you are looking for: retrofitting android to protect data from imperious applications. In: Proceedings of the 18th CCS (2011)","DOI":"10.1145\/2046707.2046780"},{"key":"4_CR29","doi-asserted-by":"crossref","unstructured":"Jing, Y., Zhao, Z., Ahn, G., Hu, H.: Morpheus: automatically generating heuristics to detect Android emulators. In: Proceedings of ACSAC (2014)","DOI":"10.1145\/2664243.2664250"},{"key":"4_CR30","doi-asserted-by":"crossref","unstructured":"Karami, M., Elsabagh, M., Najafiborazjani, P., Stavrou, A.: Behavioral analysis of Android applications using automated instrumentation. In: 7th International Conference on Software Security and Reliability Companion (2013)","DOI":"10.1109\/SERE-C.2013.35"},{"key":"4_CR31","doi-asserted-by":"crossref","unstructured":"Lange, M., Liebergeld, S., Lackorzynski, A., Warg, A., Peter, M.: L4android: a generic operating system framework for secure smartphones. In: Proceedings of the 1st Workshop on Security and Privacy in Smartphones and Mobile Devices (2011)","DOI":"10.1145\/2046614.2046623"},{"key":"4_CR32","doi-asserted-by":"crossref","unstructured":"Lu, L., Li, Z., Wu, Z., Lee, W., Jiang, G.: Chex: statically vetting android apps for component hijacking vulnerablilities. In: Proceedings of the 19th CCS (2012)","DOI":"10.1145\/2382196.2382223"},{"key":"4_CR33","unstructured":"Mengtao, S., Gang, T.: Nativeguard: protecting android applications from third-party native libraries. In: Proceedings of ACM Conference on Security and Privacy in Wireless & Mobile Networks (2014)"},{"key":"4_CR34","doi-asserted-by":"crossref","unstructured":"Moreau, L., Clifford, B., Freire, J., Futrelle, J., Gil, Y., Groth, P., Kwasnikowska, N., Miles, S., Missier, P., Myers, J., Plale, B., Simmhan, Y., Stephan, E., Van, J.: The open provenance model core specification (v1.1). In: Future Generation Computer Systems (2010)","DOI":"10.1016\/j.future.2010.07.005"},{"key":"4_CR35","doi-asserted-by":"crossref","unstructured":"Nauman, M., Khan, S., Zhang, X.: Apex: extending android permission model and enforcement with user-defined runtime constraints. In: Proceedings of the 5th ACM Symposium on ICCS (2010)","DOI":"10.1145\/1755688.1755732"},{"key":"4_CR36","doi-asserted-by":"crossref","unstructured":"Ongtang, M., Butler, K., McDaniel, P.: Porscha: policy oriented secure content handling in android. In: Proceedings of the 26th ACSAC (2010)","DOI":"10.1145\/1920261.1920295"},{"key":"4_CR37","doi-asserted-by":"crossref","unstructured":"Ongtang, M., McLaughlin, S., Enck, W., McDaniel, P.: Semantically rich application-centric security in android. In: Proceedings of the 25th ACSAC (2009)","DOI":"10.1109\/ACSAC.2009.39"},{"key":"4_CR38","doi-asserted-by":"crossref","unstructured":"Peng, H., Gates, C., Sarm, B., Li, N., Qi, Y., Potharaju, R., Nita-Rotaru, C., Molloy, I.: Using probabilistic generative models for ranking risks of android apps. In: Proceedings of the 19th CCS (2012)","DOI":"10.1145\/2382196.2382224"},{"key":"4_CR39","doi-asserted-by":"crossref","unstructured":"Portokalidis, G., Homburg, P., Anagnostakis, K., Bos, H.: Paranoid Android: versatile protection for smartphones. In: Proceedings of the 26th ACSAC (2010)","DOI":"10.1145\/1920261.1920313"},{"key":"4_CR40","doi-asserted-by":"crossref","unstructured":"Rastogi, V., Chen, Y., Jiang, X.: Droidchameleon: evaluating android anti-malware against transformation attacks. In: Proceedings of the 8th ICCS (2013)","DOI":"10.1145\/2484313.2484355"},{"key":"4_CR41","unstructured":"Reina, A., Fattori, A., Cavallaro, L.: A system call-centric analysis and stimulation technique to automatically reconstruct android malware behaviors. In: Proceedings of the EUROSEC (2013)"},{"key":"4_CR42","doi-asserted-by":"crossref","unstructured":"Schmidt, A., Bye, R., Schmidt, H., Clausen, J., Kiraz, O., Yxksel, K., Camtepe, S., Sahin, A.: Static analysis of executables for collaborative malware detection on android. In: ICC Communication and Information Systems Security Symposium (2009)","DOI":"10.1109\/ICC.2009.5199486"},{"key":"4_CR43","unstructured":"Schmidt, A., Schmidt, H., Clausen, J., Yuksel, K., Kiraz, O., Sahin, A., Camtepe, S.: Enhancing security of linux-based android devices. In: Proceedings of 15th International Linux Kongress (2008)"},{"key":"4_CR44","doi-asserted-by":"crossref","unstructured":"Shabtai, A., Fledel, Y., Elovici, Y.: Securing android- powered mobile devices using selinux. In: Proceedings of 31th IEEE Security and Privacy (2010)","DOI":"10.1109\/MSP.2009.144"},{"key":"4_CR45","doi-asserted-by":"crossref","unstructured":"Vidas, T., Christin, N.: Evading Android runtime analysis via sandbox detection. In: Proceedings of ASIACCS (2014)","DOI":"10.1145\/2590296.2590325"},{"key":"4_CR46","doi-asserted-by":"crossref","unstructured":"Wei, X., Gomez, L., Neamtiu, I., Faloutsos, M.: Profiledroid: multi-layer profiling of Android applications. In: 18th Annual International Conference on Mobile Computing and Networking (2012)","DOI":"10.1145\/2348543.2348563"},{"key":"4_CR47","doi-asserted-by":"crossref","unstructured":"Wu, D., Mao, C., Wei, T., Lee, H., Wu, K.: Droidmat: Android malware detection through manifest and api calls tracing. In: Proceedings of the 7th Asia JCIS (2012)","DOI":"10.1109\/AsiaJCIS.2012.18"},{"key":"4_CR48","doi-asserted-by":"crossref","unstructured":"Wu, L., Grace, M., Zhou, Y., Wu, C., Jiang, X.: The impact of vendor customizations on android security. In: Proceedings of the CCS (2013)","DOI":"10.1145\/2508859.2516728"},{"key":"4_CR49","unstructured":"Xu, R., Saidi, H., Anderson, R.: Aurasium: practical policy enforcement for android applications. In: Proceedings of the USENIX Security Symposium (2012)"},{"key":"4_CR50","unstructured":"Yan, L., Yin, H.: Droidscope: seamlessly reconstructing the os and dalvik semantic views for dynamic android malware analysis. In: Proceedings of the 21st USENIX Security Symposium (2012)"},{"key":"4_CR51","doi-asserted-by":"crossref","unstructured":"Zhang, Y., Yang, M., Xu, B., Yang, Z., Gu, G., Ning, P., Wang, X., Zang, B.: Vetting undesirable behaviors in android apps with permission use analysis. In: Proceedings of CCS (2013)","DOI":"10.1145\/2508859.2516689"},{"key":"4_CR52","doi-asserted-by":"crossref","unstructured":"Zheng, C., Zhu, S., Dai, S., Gu, G., Gong, X., Han, X., Zhou, W.: Smartdroid: an automatic system for revealing ui-based trigger conditions in android applications. In: Proceedings of the 2nd edn. ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (2012)","DOI":"10.1145\/2381934.2381950"},{"key":"4_CR53","doi-asserted-by":"crossref","unstructured":"Zhou, W., Zhou, Y., Jiang, X., Ning, P.: Detecting repackaged smartphone applications in third-party Android marketplaces. In: CODASPY (2012)","DOI":"10.1145\/2133601.2133640"},{"key":"4_CR54","doi-asserted-by":"crossref","unstructured":"Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: Proceedings of the 2012 IEEE Symposium on Security and Privacy (2012)","DOI":"10.1109\/SP.2012.16"},{"key":"4_CR55","unstructured":"Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, you, get off of my market: detecting malicious apps in official and alternative android markets. In: Proceedings of the 19th NDSS (2012)"},{"key":"4_CR56","unstructured":"Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: Riskranker: scalable and accurate zero-day android malware detection. In: Proceedings of the 10th MobiSys (2012)"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Security and Privacy in Communication Networks"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-28865-9_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,1]],"date-time":"2019-06-01T07:21:51Z","timestamp":1559373711000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-28865-9_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319288642","9783319288659"],"references-count":56,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-28865-9_4","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"type":"print","value":"1867-8211"},{"type":"electronic","value":"1867-822X"}],"subject":[],"published":{"date-parts":[[2015]]}}}