{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,15]],"date-time":"2025-08-15T00:51:05Z","timestamp":1755219065924,"version":"3.43.0"},"reference-count":76,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Science Foundation of China","doi-asserted-by":"publisher","award":["62372086"],"award-info":[{"award-number":["62372086"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100018542","name":"Natural Science Foundation of Sichuan Province","doi-asserted-by":"publisher","award":["2025ZNSFSC0500"],"award-info":[{"award-number":["2025ZNSFSC0500"]}],"id":[{"id":"10.13039\/501100018542","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Chongqing Natural Science Foundation Innovation and Development Joint Fund","award":["CSTB2023NSCQ-LZX0003"],"award-info":[{"award-number":["CSTB2023NSCQ-LZX0003"]}]},{"DOI":"10.13039\/501100019065","name":"Sichuan Science and Technology Program","doi-asserted-by":"publisher","award":["2024NSFTD0031"],"award-info":[{"award-number":["2024NSFTD0031"]}],"id":[{"id":"10.13039\/501100019065","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2025]]},"DOI":"10.1109\/tifs.2025.3594559","type":"journal-article","created":{"date-parts":[[2025,7,31]],"date-time":"2025-07-31T18:31:17Z","timestamp":1753986677000},"page":"8083-8095","source":"Crossref","is-referenced-by-count":0,"title":["BPFDex: Enabling Robust Android Apps Unpacking via Android Kernel"],"prefix":"10.1109","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0009-0008-4604-1787","authenticated-orcid":false,"given":"Mingyang","family":"Li","sequence":"first","affiliation":[{"name":"School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3235-3463","authenticated-orcid":false,"given":"Weina","family":"Niu","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-7970-9968","authenticated-orcid":false,"given":"Jiacheng","family":"Gong","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7961-8502","authenticated-orcid":false,"given":"Song","family":"Li","sequence":"additional","affiliation":[{"name":"State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8863-8751","authenticated-orcid":false,"given":"Mingxue","family":"Zhang","sequence":"additional","affiliation":[{"name":"State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8673-9284","authenticated-orcid":false,"given":"Xiaosong","family":"Zhang","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, China"}]}],"member":"263","reference":[{"volume-title":"Android\u2014Statistics & Facts","key":"ref1"},{"volume-title":"Mobile Threat Report 2022","year":"2022","key":"ref2"},{"volume-title":"PHA Categories, Google Developers. Google.","year":"2023","key":"ref3"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664275"},{"issue":"4","key":"ref5","first-page":"50","article-title":"Hey, you, get off of my market: Detecting malicious apps in official and alternative Android markets","volume-title":"Proc. NDSS","volume":"25","author":"Zhou"},{"key":"ref6","first-page":"22","article-title":"Permission re-delegation: Attacks and defenses","volume-title":"Proc. USENIX Secur. Symp.","author":"Felt"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382223"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23296"},{"volume-title":"Trustlook, Bangle: Android App Packer Unpacking, Trustlook Blog","year":"2023","key":"ref9"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00105"},{"key":"ref11","first-page":"266","article-title":"Android packers: Facing the challenges, building solutions","volume-title":"Proc. 24th Virus Bull. Int. Conf.","author":"Yu"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-24177-7_15"},{"volume-title":"QEMU","year":"2023","key":"ref13"},{"volume-title":"Ptrace\u2013Linux Manual Page","key":"ref14"},{"volume-title":"Frida\u2014A World-Class Dynamic Instrumentation Framework","year":"2023","key":"ref15"},{"volume-title":"Valgrind: An Open-source Memory Debugger","year":"2023","key":"ref16"},{"volume-title":"Android Unpacker: Tools for Unpacking Android APKs","author":"Strazzere","key":"ref17"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2020.2996433"},{"volume-title":"ZjDroid: Dynamic Java Code Instrumentation Tool for Android","year":"2023","key":"ref19"},{"volume-title":"IDA Pro","year":"2023","key":"ref20"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2875694"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2018.02.040"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2018.00075"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/3533767.3534410"},{"volume-title":"What is EBPF?","year":"2023","key":"ref25"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/3371038"},{"volume-title":"Jadx","year":"2023","key":"ref27"},{"key":"ref28","first-page":"11","article-title":"Bringing the power of eBPF to open vSwitch","volume-title":"Proc. Linux Plumbers Conf.","author":"Tu"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/3460319.3464839"},{"volume-title":"BCC","key":"ref30"},{"volume-title":"EBPF Safety","year":"2023","key":"ref31"},{"key":"ref32","article-title":"BPFroid: Robust real time Android malware detection framework","author":"Agman","year":"2021","journal-title":"arXiv:2105.14344"},{"volume-title":"BlackDex","year":"2023","key":"ref33"},{"volume-title":"DumpDex","year":"2023","key":"ref34"},{"volume-title":"Frida-Dexdump","key":"ref35"},{"volume-title":"FART","author":"Lengyue","key":"ref36"},{"volume-title":"Unpacker","year":"2023","author":"Youlor","key":"ref37"},{"volume-title":"Kernel Security Overview","year":"2023","key":"ref38"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2014.163"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660331"},{"key":"ref41","first-page":"744","article-title":"Mobile malware detection in the real world","volume-title":"Proc. IEEE\/ACM 38th Int. Conf. Softw. Eng. Companion (ICSE-C)","author":"Mercaldo"},{"volume-title":"Android NDK","year":"2023","key":"ref42"},{"volume-title":"Kernel BPF | Android Open Source Project","year":"2023","key":"ref43"},{"volume-title":"BPF Verifier","year":"2023","author":"org","key":"ref44"},{"volume-title":"PT_REGS_PARM* Macros","year":"2023","key":"ref45"},{"volume-title":"BPF-Maps","year":"2023","key":"ref46"},{"volume-title":"JEB Decompiler By PNF Software\u2014Android Decompilation","year":"2023","key":"ref47"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2017.04.001"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/AsiaJCIS.2012.18"},{"volume-title":"Eadb: Android Debug Bridge Enhanced","year":"2023","author":"Ni","key":"ref50"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/AINA.2015.238"},{"volume-title":"Smali","year":"2023","author":"Freke","key":"ref52"},{"volume-title":"Xposed","year":"2023","key":"ref53"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/2590296.2590325"},{"key":"ref55","first-page":"33","article-title":"Ninja: Towards transparent tracing and debugging on ARM","volume-title":"Proc. 26th USENIX Secur. Symp. (USENIX Secur.)","author":"Ning"},{"volume-title":"F-Droid\u2014Free and Open Source Android App Repository","year":"2023","key":"ref56"},{"volume-title":"Mobile PaaS\u2014Public Products and Solutions","year":"2023","key":"ref57"},{"volume-title":"APK Protect","year":"2023","key":"ref58"},{"volume-title":"Homepage","year":"2023","key":"ref59"},{"volume-title":"IJiami Security Solutions\u2014Android","year":"2023","key":"ref60"},{"volume-title":"360 JiaGu","year":"2023","key":"ref61"},{"volume-title":"Microservices (MS)\u2014Product Overview","year":"2023","key":"ref62"},{"volume-title":"Kiwi Security","year":"2023","key":"ref63"},{"volume-title":"Nagain Home","year":"2023","key":"ref64"},{"volume-title":"Testin","year":"2023","author":"cn","key":"ref65"},{"volume-title":"APKProtect Project","year":"2023","key":"ref66"},{"volume-title":"Tools for Debugging","key":"ref67"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1145\/2666356.2594299"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2015.61"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1109\/MM.2015.25"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1145\/3017427"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1145\/2963145"},{"volume-title":"Geekbench\u2014Cross-Platform Benchmark","year":"2023","key":"ref73"},{"volume-title":"UI\/Application Exerciser Monkey","year":"2023","key":"ref74"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom50675.2020.00054"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1109\/TNSE.2021.3100750"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/10206\/10810755\/11105512.pdf?arnumber=11105512","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,6]],"date-time":"2025-08-06T17:59:03Z","timestamp":1754503143000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11105512\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":76,"URL":"https:\/\/doi.org\/10.1109\/tifs.2025.3594559","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"type":"print","value":"1556-6013"},{"type":"electronic","value":"1556-6021"}],"subject":[],"published":{"date-parts":[[2025]]}}}