{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,26]],"date-time":"2025-06-26T16:10:04Z","timestamp":1750954204147,"version":"3.41.0"},"publisher-location":"Cham","reference-count":40,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319696584"},{"type":"electronic","value":"9783319696591"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-69659-1_15","type":"book-chapter","created":{"date-parts":[[2017,10,19]],"date-time":"2017-10-19T08:44:47Z","timestamp":1508402687000},"page":"269-287","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["How to Make Information-Flow Analysis Based Defense Ineffective: An ART Behavior-Mask Attack"],"prefix":"10.1007","author":[{"given":"Xueyi","family":"Yang","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Limin","family":"Liu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lingchen","family":"Zhang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Weiyu","family":"Jiang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shiran","family":"Pan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2017,10,20]]},"reference":[{"key":"15_CR1","series-title":"Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","doi-asserted-by":"publisher","first-page":"86","DOI":"10.1007\/978-3-319-04283-1_6","volume-title":"Security and Privacy in Communication Networks","author":"Y Aafer","year":"2013","unstructured":"Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: mining API-level features for robust malware detection in android. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds.) SecureComm 2013. LNICST, vol. 127, pp. 86\u2013103. Springer, Cham (2013). doi:10.1007\/978-3-319-04283-1_6"},{"key":"15_CR2","doi-asserted-by":"crossref","unstructured":"Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity. In: CCS 2005, pp. 340\u2013353. ACM (2005)","DOI":"10.1145\/1102120.1102165"},{"key":"15_CR3","doi-asserted-by":"crossref","unstructured":"Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K.: Drebin: effective and explainable detection of android malware in your pocket. In: NDSS (2014)","DOI":"10.14722\/ndss.2014.23247"},{"issue":"6","key":"15_CR4","doi-asserted-by":"publisher","first-page":"259","DOI":"10.1145\/2666356.2594299","volume":"49","author":"S Arzt","year":"2014","unstructured":"Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., McDaniel, P.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM SIGPLAN Not. 49(6), 259\u2013269 (2014)","journal-title":"ACM SIGPLAN Not."},{"key":"15_CR5","unstructured":"Backes, M., Bugiel, S., Hammer, C., Schranz, O., von Styp-Rekowsky, P.: Boxify: full-fledged app sandboxing for stock android. In: USENIX Security 2015, pp. 691\u2013706 (2015)"},{"key":"15_CR6","doi-asserted-by":"crossref","unstructured":"Backes, M., Bugiel, S., Schranz, O., von Styp-Rekowsky, P., Weisgerber, S.: Artist: the android runtime instrumentation and security toolkit. arXiv preprint arXiv:1607.06619 (2016)","DOI":"10.1109\/EuroSP.2017.43"},{"key":"15_CR7","unstructured":"Bitdefender: Bitdefender android malware threat report h2 2015 (2015). http:\/\/download.bitdefender.com\/resources\/files\/News\/CaseStudies\/study\/85\/Android-Malware-Threat-Report-H2-2015.pdf"},{"issue":"4","key":"15_CR8","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1145\/1013886.1007518","volume":"29","author":"M Christodorescu","year":"2004","unstructured":"Christodorescu, M., Jha, S.: Testing malware detectors. ACM SIGSOFT Softw. Eng. Notes 29(4), 34\u201344 (2004)","journal-title":"ACM SIGSOFT Softw. Eng. Notes"},{"key":"15_CR9","doi-asserted-by":"crossref","unstructured":"Dimitriadis, A., Efraimidis, P.S., Katos, V.: Malevolent app pairs: an android permission overpassing scheme. In: CF 2016, pp. 431\u2013436. ACM (2016)","DOI":"10.1145\/2903150.2911706"},{"issue":"2","key":"15_CR10","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1145\/2619091","volume":"32","author":"W Enck","year":"2014","unstructured":"Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 5 (2014)","journal-title":"ACM Trans. Comput. Syst. (TOCS)"},{"key":"15_CR11","unstructured":"F-Secure: F-secure threat report 2015 (2015). https:\/\/www.f-secure.com\/documents\/996508\/1030745\/nanhaishu_whitepaper.pdf"},{"key":"15_CR12","unstructured":"Google: Android APIs (2016). https:\/\/developer.android.com\/reference\/"},{"key":"15_CR13","unstructured":"Google: Art (android runtime) (2016). https:\/\/source.android.com\/devices\/tech\/dalvik\/index.html"},{"key":"15_CR14","doi-asserted-by":"crossref","unstructured":"Gordon, M.I., Kim, D., Perkins, J.H., Gilham, L., Nguyen, N., Rinard, M.C.: Information flow analysis of android applications in DroidSafe. In: NDSS (2015)","DOI":"10.14722\/ndss.2015.23089"},{"key":"15_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"62","DOI":"10.1007\/978-3-642-37300-8_4","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"S Hanna","year":"2013","unstructured":"Hanna, S., Huang, L., Wu, E., Li, S., Chen, C., Song, D.: Juxtapp: a scalable system for detecting code reuse among android applications. In: Flegel, U., Markatos, E., Robertson, W. (eds.) DIMVA 2012. LNCS, vol. 7591, pp. 62\u201381. Springer, Heidelberg (2013). doi:10.1007\/978-3-642-37300-8_4"},{"key":"15_CR16","doi-asserted-by":"crossref","unstructured":"Hoffmann, J., Rytilahti, T., Maiorca, D., Winandy, M., Giacinto, G., Holz, T.: Evaluating analysis tools for android apps: status quo and robustness against obfuscation. Technical report TR-HGI-2016-003, Horst Grtz Institute for IT-Security. ACM (2016)","DOI":"10.1145\/2857705.2857737"},{"key":"15_CR17","unstructured":"IDC: Smartphone OS market share, 2016 Q2 (2015). http:\/\/www.idc.com\/prodserv\/smartphone-os-market-share.jsp"},{"key":"15_CR18","doi-asserted-by":"crossref","unstructured":"Kong, D., Cen, L., Jin, H.: Autoreb: automatically understanding the review-to-behavior fidelity in android applications. In: Proceedings of the CCS 2015, pp. 530\u2013541. ACM (2015)","DOI":"10.1145\/2810103.2813689"},{"key":"15_CR19","doi-asserted-by":"crossref","unstructured":"Linares-V\u00e1squez, M., Holtzhauer, A., Bernal-C\u00e1rdenas, C., Poshyvanyk, D.: Revisiting android reuse studies in the context of code obfuscation and library usages. In: MSR 2014, pp. 242\u2013251. ACM (2014)","DOI":"10.1145\/2597073.2597109"},{"key":"15_CR20","unstructured":"McAfee: Mcafee labs threats report first quarter 2016 (2016). http:\/\/www.mcafee.com\/us\/resources\/reports\/rp-quarterly-threats-may-2016.pdf"},{"key":"15_CR21","unstructured":"Norton: Good, bad, and sneaky: do you really know what your apps are doing? (2014). http:\/\/now.symassets.com\/content\/dam\/norton\/global\/pdfs\/whitepapers\/NMI_Whitepaper_Consumer_Version_Fall_2014_D2-Google-Play.pdf"},{"issue":"1","key":"15_CR22","doi-asserted-by":"publisher","first-page":"469","DOI":"10.1145\/2914770.2837661","volume":"51","author":"D Octeau","year":"2016","unstructured":"Octeau, D., Jha, S., Dering, M., McDaniel, P., Bartel, A., Li, L., Klein, J., Le Traon, Y.: Combining static analysis with probabilistic models to enable market-scale android inter-component analysis. ACM SIGPLAN Not. 51(1), 469\u2013484 (2016)","journal-title":"ACM SIGPLAN Not."},{"key":"15_CR23","doi-asserted-by":"crossref","unstructured":"Peng, H., Gates, C., Sarma, B., Li, N., Qi, Y., Potharaju, R., Nita-Rotaru, C., Molloy, I.: Using probabilistic generative models for ranking risks of android apps. In: CCS 2012, pp. 241\u2013252. ACM (2012)","DOI":"10.1145\/2382196.2382224"},{"key":"15_CR24","doi-asserted-by":"crossref","unstructured":"Petsas, T., Voyatzis, G., Athanasopoulos, E., Polychronakis, M., Ioannidis, S.: Rage against the virtual machine: hindering dynamic analysis of android malware. In: EuroSec 2014, p. 5. ACM (2014)","DOI":"10.1145\/2592791.2592796"},{"key":"15_CR25","doi-asserted-by":"crossref","unstructured":"Poeplau, S., Fratantonio, Y., Bianchi, A., Kruegel, C., Vigna, G.: Execute this! analyzing unsafe and malicious dynamic code loading in android applications. In: NDSS, vol. 14, pp. 23\u201326 (2014)","DOI":"10.14722\/ndss.2014.23328"},{"key":"15_CR26","doi-asserted-by":"crossref","unstructured":"Prakash, A., Hu, X., Yin, H.: vfGuard: strict protection for virtual function calls in COTS C++ binaries. In: NDSS (2015)","DOI":"10.14722\/ndss.2015.23297"},{"key":"15_CR27","doi-asserted-by":"crossref","unstructured":"Qu, Z., Rastogi, V., Zhang, X., Chen, Y., Zhu, T., Chen, Z.: Autocog: measuring the description-to-permission fidelity in android applications. In: CCS 2014, pp. 1354\u20131365. ACM (2014)","DOI":"10.1145\/2660267.2660287"},{"key":"15_CR28","doi-asserted-by":"crossref","unstructured":"Rastogi, V., Chen, Y., Jiang, X.: DroidChameleon: evaluating android anti-malware against transformation attacks. In: AISA CCS 2013, pp. 329\u2013334. ACM (2013)","DOI":"10.1145\/2484313.2484355"},{"issue":"1","key":"15_CR29","doi-asserted-by":"publisher","first-page":"99","DOI":"10.1109\/TIFS.2013.2290431","volume":"9","author":"V Rastogi","year":"2014","unstructured":"Rastogi, V., Chen, Y., Jiang, X.: Catch me if you can: evaluating android anti-malware against transformation attacks. IEEE Trans. Inf. Forensics Secur. 9(1), 99\u2013108 (2014)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"15_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"457","DOI":"10.1007\/978-3-319-45719-2_21","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"M Sun","year":"2016","unstructured":"Sun, M., Lui, J.C.S., Zhou, Y.: Blender: self-randomizing address space layout for android apps. In: Monrose, F., Dacier, M., Blanc, G., Garcia-Alfaro, J. (eds.) RAID 2016. LNCS, vol. 9854, pp. 457\u2013480. Springer, Cham (2016). doi:10.1007\/978-3-319-45719-2_21"},{"key":"15_CR31","doi-asserted-by":"crossref","unstructured":"Sun, M., Wei, T., Lui, J.: Taintart: a practical multi-level information-flow tracking system for android runtime. In: CCS 2016, pp. 331\u2013342. ACM (2016)","DOI":"10.1145\/2976749.2978343"},{"key":"15_CR32","doi-asserted-by":"crossref","unstructured":"Sun, M., Zheng, M., Lui, J., Jiang, X.: Design and implementation of an android host-based intrusion prevention system. In: ACSAC 2014, pp. 226\u2013235. ACM (2014)","DOI":"10.1145\/2664243.2664245"},{"key":"15_CR33","doi-asserted-by":"crossref","unstructured":"Tam, K., Khan, S.J., Fattori, A., Cavallaro, L.: Copperdroid: automatic reconstruction of android malware behaviors. In: NDSS (2015)","DOI":"10.14722\/ndss.2015.23145"},{"key":"15_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"333","DOI":"10.1007\/978-3-319-53177-9_18","volume-title":"Information Security and Cryptology \u2013 ICISC 2016","author":"X Tang","year":"2017","unstructured":"Tang, X., Liang, Y., Ma, X., Lin, Y., Gao, D.: On the effectiveness of code-reuse-based android application obfuscation. In: Hong, S., Park, J.H. (eds.) ICISC 2016. LNCS, vol. 10157, pp. 333\u2013349. Springer, Cham (2017). doi:10.1007\/978-3-319-53177-9_18"},{"key":"15_CR35","unstructured":"VirusTotal: Virustotal (2016). https:\/\/www.virustotal.com\/en\/about\/"},{"key":"15_CR36","doi-asserted-by":"crossref","unstructured":"Wang, Z., Li, C., Guan, Y., Xue, Y.: Droidchain: a novel malware detection method for android based on behavior chain. In: CNS 2015, pp. 727\u2013728. IEEE (2015)","DOI":"10.1109\/CNS.2015.7346906"},{"key":"15_CR37","doi-asserted-by":"crossref","unstructured":"Wei, F., Roy, S., Ou, X., et al.: Amandroid: a precise and general inter-component data flow analysis framework for security vetting of android apps. In: CCS 2014, pp. 1329\u20131341. ACM (2014)","DOI":"10.1145\/2660267.2660357"},{"key":"15_CR38","unstructured":"Wijesekera, P., Baokar, A., Hosseini, A., Egelman, S., Wagner, D., Beznosov, K.: Android permissions remystified: a field study on contextual integrity. In: USENIX Security 2015, pp. 499\u2013514 (2015)"},{"key":"15_CR39","doi-asserted-by":"crossref","unstructured":"Zhang, C., Song, C., Chen, K.Z., Chen, Z., Song, D.: Vtint: protecting virtual function tables\u2019 integrity. In: NDSS (2015)","DOI":"10.14722\/ndss.2015.23099"},{"key":"15_CR40","doi-asserted-by":"crossref","unstructured":"Zhang, M., Duan, Y., Yin, H., Zhao, Z.: Semantics-aware android malware classification using weighted contextual API dependency graphs. In: CCS 2014, pp. 1105\u20131116. ACM (2014)","DOI":"10.1145\/2660267.2660359"}],"container-title":["Lecture Notes in Computer Science","Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-69659-1_15","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,26]],"date-time":"2025-06-26T15:31:46Z","timestamp":1750951906000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-69659-1_15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319696584","9783319696591"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-69659-1_15","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"20 October 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ISC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Ho Chi Minh City","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Vietnam","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 November 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 November 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"isw2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/isc2017.vgu.edu.vn\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}