{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,21]],"date-time":"2025-11-21T18:00:33Z","timestamp":1763748033738,"version":"3.37.3"},"reference-count":120,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"6","license":[{"start":{"date-parts":[[2021,11,1]],"date-time":"2021-11-01T00:00:00Z","timestamp":1635724800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2021,11,1]],"date-time":"2021-11-01T00:00:00Z","timestamp":1635724800000},"content-version":"am","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2021,11,1]],"date-time":"2021-11-01T00:00:00Z","timestamp":1635724800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2021,11,1]],"date-time":"2021-11-01T00:00:00Z","timestamp":1635724800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-1850278","CNS-1815144","CNS-1856380","CNS-1828363"],"award-info":[{"award-number":["CNS-1850278","CNS-1815144","CNS-1856380","CNS-1828363"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"name":"University of South Carolina ASPIRE-I Program"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2021,11,1]]},"DOI":"10.1109\/tdsc.2019.2957787","type":"journal-article","created":{"date-parts":[[2019,12,5]],"date-time":"2019-12-05T21:16:03Z","timestamp":1575580563000},"page":"2582-2600","source":"Crossref","is-referenced-by-count":13,"title":["Resilient User-Side Android Application Repackaging and Tampering Detection Using Cryptographically Obfuscated Logic Bombs"],"prefix":"10.1109","volume":"18","author":[{"given":"Qiang","family":"Zeng","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2476-7831","authenticated-orcid":false,"given":"Lannan","family":"Luo","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1506-2522","authenticated-orcid":false,"given":"Zhiyun","family":"Qian","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4235-9671","authenticated-orcid":false,"given":"Xiaojiang","family":"Du","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9603-9713","authenticated-orcid":false,"given":"Zhoujun","family":"Li","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3983-972X","authenticated-orcid":false,"given":"Chin-Tser","family":"Huang","sequence":"additional","affiliation":[]},{"given":"Csilla","family":"Farkas","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"year":"2019","key":"ref39","article-title":"Roger Needham"},{"year":"2017","key":"ref38","article-title":"Rooting your Android: Advantages, disadvantages, and snags"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.30"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/1168918.1168862"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-68768-1_4"},{"article-title":"BitScope: Automatically dissecting malicious binaries","year":"2007","author":"brumley","key":"ref30"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-74320-0_12"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23066"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23368"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/3081333.3081361"},{"article-title":"American Fuzzy Lop.","year":"0","author":"zalewski","key":"ref28"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/2491411.2491450"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.17"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/2090147.2094081"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1093\/comjnl\/bxm021"},{"journal-title":"The Art of Software Testing","year":"2011","author":"myers","key":"ref21"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/2699026.2699109"},{"key":"ref23","first-page":"317","article-title":"Tamper resistant software: An implementation","author":"aucsmith","year":"2005","journal-title":"Proc Int Workshop Inf Hiding"},{"key":"ref101","doi-asserted-by":"publisher","DOI":"10.1145\/2642937.2642977"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/2536853.2536881"},{"key":"ref100","doi-asserted-by":"publisher","DOI":"10.1145\/2484313.2484315"},{"key":"ref25","first-page":"1","article-title":"Tamper resistant software through dynamic integrity checking","author":"wang","year":"2005","journal-title":"Proc Symp Cryptography Inf Security"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884863"},{"key":"ref51","first-page":"691","article-title":"Boxify: Full-fledged app sandboxing for stock android","author":"backes","year":"2015","journal-title":"Proc 24th USENIX Conf Security Symp"},{"year":"2017","key":"ref59"},{"year":"2017","key":"ref58"},{"year":"2017","key":"ref57"},{"year":"2017","key":"ref56"},{"year":"2017","key":"ref55"},{"year":"2017","key":"ref54"},{"year":"2017","key":"ref53"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1145\/2808117.2808122"},{"year":"2017","key":"ref40"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-38908-5_13"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33167-1_3"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/2523514.2523539"},{"key":"ref5","first-page":"27","article-title":"Aurasium: Practical policy enforcement for Android applications","author":"xu","year":"2012","journal-title":"Proc 21st USENIX Conf Security Symp"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCN.2014.6911743"},{"article-title":"Hooking Java methods and native functions to enhance android applications security","year":"2016","author":"brandolini","key":"ref49"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2014.6883666"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2014.6766089"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1145\/2523649.2523679"},{"year":"0","key":"ref45","article-title":"Xposed Framework."},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/3081333.3081341"},{"key":"ref47","first-page":"24","article-title":"ARTDroid: A virtual-method hooking framework on android ART runtime","author":"costamagna","year":"2016","journal-title":"Proc Workshop Innovations Mobile Privacy Security"},{"key":"ref42","first-page":"1","article-title":"Impeding malware analysis using conditional code obfuscation","author":"sharif","year":"2008","journal-title":"Proc Symp Network and Distributed System Security"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-54242-8_1"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/93.959097"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-47870-1_10"},{"key":"ref73","article-title":"Metamorphic virus: Analysis and detection","volume":"15","author":"konstantinou","year":"2008","journal-title":"Roy Holloway Univ London"},{"article-title":"A brief history of malware obfuscation","year":"2010","author":"schiffman","key":"ref72"},{"key":"ref71","doi-asserted-by":"crossref","first-page":"211","DOI":"10.1007\/s11416-006-0028-7","article-title":"Hunting for metamorphic engines","volume":"2","author":"stamp","year":"2006","journal-title":"J Comput Virol"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.21236\/ADA449067"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-013-0185-4"},{"key":"ref77","first-page":"645","article-title":"Investigation of malware defence and detection techniques","volume":"1","author":"daryabar","year":"2011","journal-title":"Int J Dig Inf Wirel Comm"},{"key":"ref74","first-page":"74","article-title":"Camouflage in malware: From encryption to metamorphism","volume":"12","author":"rad","year":"2012","journal-title":"Int J Comput Sci Netw Security"},{"key":"ref75","first-page":"95","article-title":"Dissecting android malware: Characterization and evolution","author":"jiang","year":"2012","journal-title":"Proc IEEE Symp Security Privacy"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1109\/IWISA.2009.5072713"},{"key":"ref79","first-page":"49","article-title":"Metamorphic malware detection using statistical analysis","volume":"2","author":"kaushal","year":"2012","journal-title":"Int J Soft Comput Eng"},{"year":"2017","key":"ref60","article-title":"Free and open source software apps for android"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1145\/2594368.2594390"},{"year":"2017","key":"ref61"},{"year":"2016","key":"ref63"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1145\/2307636.2307663"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1109\/AsiaJCIS.2012.18"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1145\/2046614.2046619"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23247"},{"article-title":"A taxonomy of obfuscating transformations","year":"1997","author":"collberg","key":"ref68"},{"year":"2018","key":"ref2","article-title":"Know thy enemy: Using data to push back against app piracy"},{"key":"ref69","article-title":"Code obfuscation literature survey","volume":"19","author":"balakrishnan","year":"2005","journal-title":"CS701 Construction of Compilers"},{"key":"ref1","first-page":"50","article-title":"Resilient decentralized android application repackaging detection using Logic Bombs","author":"zeng","year":"2018","journal-title":"Proc IEEE\/ACM Int Symp Code Gener Optim"},{"key":"ref109","first-page":"400","article-title":"Oblivious hashing: A stealthy software integrity verification primitive","author":"chen","year":"2002","journal-title":"Proc Int Workshop Inf Hiding"},{"key":"ref95","doi-asserted-by":"publisher","DOI":"10.1145\/2771783.2771795"},{"key":"ref108","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-47870-1_9"},{"key":"ref94","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCN.2014.6911805"},{"article-title":"Method for runtime code integrity validation using code block checksums","year":"2005","author":"cronce","key":"ref107"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1145\/2627393.2627395"},{"key":"ref106","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2005.2"},{"key":"ref92","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-45744-4_11"},{"key":"ref105","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2005.53"},{"key":"ref91","doi-asserted-by":"crossref","first-page":"185","DOI":"10.1145\/2435349.2435377","article-title":"Fast, scalable detection of “Piggybacked","author":"zhou","year":"2013","journal-title":"Proc 3rd ACM Conf Data Appl Security Privacy"},{"key":"ref104","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-77370-2_7"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40203-6_11"},{"key":"ref103","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04846-3_9"},{"key":"ref102","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2011.24"},{"key":"ref111","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-79104-1_7"},{"key":"ref112","doi-asserted-by":"crossref","first-page":"338","DOI":"10.1007\/978-3-642-23644-0_18","article-title":"Detecting environment-sensitive malware","author":"lindorfer","year":"2011","journal-title":"Proc Int Workshop Recent Advances Intrusion Detection"},{"key":"ref110","doi-asserted-by":"publisher","DOI":"10.1145\/1241761.1241762"},{"key":"ref98","doi-asserted-by":"publisher","DOI":"10.1109\/APSEC.2017.54"},{"key":"ref99","first-page":"262","article-title":"Detection of repackaged android malware with code-heterogeneity features","author":"tian","year":"2016","journal-title":"IEEE Security and Privacy Workshops"},{"key":"ref96","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664275"},{"key":"ref97","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-43936-4_9"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.16"},{"article-title":"Kemoge: Another mobile malicious adware infecting over 20 countries","year":"2015","author":"zhang","key":"ref11"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/2627393.2627395"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-37300-8_4"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/2568225.2568286"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/2133601.2133640"},{"article-title":"Eight of the most hilarious anti-piracy measures in video games","year":"2013","author":"davis","key":"ref118"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-28166-2_11"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-014-0225-8"},{"key":"ref117","doi-asserted-by":"publisher","DOI":"10.1145\/2535813.2535824"},{"key":"ref17","first-page":"51","article-title":"AndRadar: Fast discovery of android applications in alternative markets","author":"lindorfer","year":"2014","journal-title":"Detection of Intrusions and Malware and Vulnerability Assessment"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2014.2386139"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2016.56"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.9"},{"key":"ref119","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.46"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1080\/07421222.1997.11518141"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2012.65"},{"key":"ref114","doi-asserted-by":"publisher","DOI":"10.1145\/2381934.2381950"},{"key":"ref113","first-page":"1","article-title":"Efficient detection of split personalities in malware","author":"balzarotti","year":"2010","journal-title":"Proc Symp Network and Distributed System Security"},{"key":"ref116","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23265"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.15"},{"key":"ref115","first-page":"4","article-title":"Impeding automated malware analysis with environment-sensitive malware","author":"song","year":"2012","journal-title":"Proc 7th USENIX Conf Hot Topics Security"},{"key":"ref120","doi-asserted-by":"publisher","DOI":"10.1145\/1314276.1314290"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2016.33"},{"key":"ref85","doi-asserted-by":"publisher","DOI":"10.1109\/BWCCA.2010.85"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2007.48"},{"key":"ref87","doi-asserted-by":"publisher","DOI":"10.1109\/AINA.2010.121"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1109\/ICPC.2017.16"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"https:\/\/ieeexplore.ieee.org\/ielam\/8858\/9610161\/8924634-aam.pdf","content-type":"application\/pdf","content-version":"am","intended-application":"syndication"},{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8858\/9610161\/08924634.pdf?arnumber=8924634","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,9,23]],"date-time":"2023-09-23T18:02:26Z","timestamp":1695492146000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8924634\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,1]]},"references-count":120,"journal-issue":{"issue":"6"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2019.2957787","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"type":"print","value":"1545-5971"},{"type":"electronic","value":"1941-0018"},{"type":"electronic","value":"2160-9209"}],"subject":[],"published":{"date-parts":[[2021,11,1]]}}}