{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,12]],"date-time":"2026-02-12T16:49:13Z","timestamp":1770914953222,"version":"3.50.1"},"reference-count":85,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"5","license":[{"start":{"date-parts":[[2024,5,1]],"date-time":"2024-05-01T00:00:00Z","timestamp":1714521600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2024,5,1]],"date-time":"2024-05-01T00:00:00Z","timestamp":1714521600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,5,1]],"date-time":"2024-05-01T00:00:00Z","timestamp":1714521600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62227805"],"award-info":[{"award-number":["62227805"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62072398"],"award-info":[{"award-number":["62072398"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62172405"],"award-info":[{"award-number":["62172405"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"SUTD-ZJU IDEA","award":["SUTD-ZJUVP201901"],"award-info":[{"award-number":["SUTD-ZJUVP201901"]}]},{"name":"National Key R&amp;D Program of China","award":["2020AAA0107700"],"award-info":[{"award-number":["2020AAA0107700"]}]},{"name":"Alibaba-Zhejiang University Joint Institute of Frontier Technologies"},{"name":"Zhejiang Key R&amp;D Plan","award":["2021C01116"],"award-info":[{"award-number":["2021C01116"]}]},{"name":"Leading Innovative and Entrepreneur Team Introduction Program of Zhejiang","award":["2018R01005"],"award-info":[{"award-number":["2018R01005"]}]},{"DOI":"10.13039\/501100004835","name":"Zhejiang University","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100004835","id-type":"DOI","asserted-by":"publisher"}]},{"name":"National Key Laboratory of Science and Technology on Information System Security","award":["6142111210301"],"award-info":[{"award-number":["6142111210301"]}]},{"name":"State Key Laboratory of Mathematical Engineering and Advanced Computing"},{"name":"Key Laboratory of Cyberspace Situation Awareness of Henan Province","award":["HNTS2022001"],"award-info":[{"award-number":["HNTS2022001"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. on Mobile Comput."],"published-print":{"date-parts":[[2024,5]]},"DOI":"10.1109\/tmc.2023.3311012","type":"journal-article","created":{"date-parts":[[2023,9,1]],"date-time":"2023-09-01T17:37:35Z","timestamp":1693589855000},"page":"5589-5603","source":"Crossref","is-referenced-by-count":17,"title":["CMD: Co-Analyzed IoT Malware Detection and Forensics via Network and Hardware Domains"],"prefix":"10.1109","volume":"23","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1455-4330","authenticated-orcid":false,"given":"Ziming","family":"Zhao","sequence":"first","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2195-0799","authenticated-orcid":false,"given":"Zhaoxuan","family":"Li","sequence":"additional","affiliation":[{"name":"State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2888-4499","authenticated-orcid":false,"given":"Jiongchi","family":"Yu","sequence":"additional","affiliation":[{"name":"School of Computing and Information Systems, Singapore Management University, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6087-8243","authenticated-orcid":false,"given":"Fan","family":"Zhang","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1288-6502","authenticated-orcid":false,"given":"Xiaofei","family":"Xie","sequence":"additional","affiliation":[{"name":"School of Computing and Information Systems, Singapore Management University, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0353-3879","authenticated-orcid":false,"given":"Haitao","family":"Xu","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Zhejiang University, Hangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9584-0082","authenticated-orcid":false,"given":"Binbin","family":"Chen","sequence":"additional","affiliation":[{"name":"Advanced Digital Sciences Center, Singapore"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00054"},{"key":"ref2","first-page":"1169","article-title":"All things considered: An analysis of IoT devices on home networks","volume-title":"Proc. USENIX Secur. Symp.","author":"Kumar","year":"2019"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1016\/j.sysarc.2021.102143"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23415"},{"key":"ref5","first-page":"4223","article-title":"Hawatcher: Semantics-aware anomaly detection for appified smart homes","volume-title":"Proc. USENIX Secur. Symp.","author":"Fu","year":"2021"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/2897937.2905020"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/2744769.2747942."},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/DAC18072.2020.9218559"},{"key":"ref9","first-page":"3505","article-title":"The circle of life: A large-scale study of the IoT malware lifecycle","volume-title":"Proc. USENIX Secur. Symp.","author":"Alrawi","year":"2021"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.5555\/3241189.3241275"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23488"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM41043.2020.9155459"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM41043.2020.9155424"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23204"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24167"},{"key":"ref16","first-page":"1057","article-title":"Needles in a haystack: Mining information from public dynamic analysis sandboxes for malware intelligence","volume-title":"Proc. USENIX Secur. Symp.","author":"Graziano","year":"2015"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/3061639.3062202"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/DAC.2018.8465828"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/2485922.2485970"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.25"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/3199673"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24329"},{"key":"ref23","first-page":"2461","article-title":"Back-propagating system dependency impact for attack investigation","volume-title":"Proc. USENIX Secur. Symp.","author":"Fang","year":"2022"},{"key":"ref24","first-page":"2987","article-title":"SEAL: Storage-efficient causality analysis on enterprise logs with query-friendly compression","volume-title":"Proc. USENIX Secur. Symp.","author":"Fei","year":"2021"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24445"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23282"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23326"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102500"},{"key":"ref29","first-page":"1","article-title":"Protocol-independent adaptive replay of application dialog","volume-title":"Proc. Netw. Distrib. Syst. Secur. Symp.","author":"Cui","year":"2006"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.24133"},{"key":"ref31","first-page":"3856","article-title":"Dynamic routing between capsules","volume-title":"Proc. Int. Conf. Neural Inf. Process. Syst.","author":"Sabour","year":"2017"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/3488932.3517423"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom50675.2020.00080"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417862"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1016\/j.adhoc.2019.102061"},{"key":"ref36","article-title":"Mirai-source-code","year":"2017"},{"key":"ref37","first-page":"73","article-title":"AVFS: An on-access anti-virus file system","volume-title":"Proc. USENIX Secur. Symp.","author":"Miretskiy","year":"2004"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23247"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23164"},{"key":"ref40","first-page":"1","article-title":"JFFS: The journalling flash file system","volume-title":"Proc. Ottawa linux Symp.","author":"David","year":"2001"},{"key":"ref41","first-page":"1723","article-title":"Dependence-preserving data compaction for scalable forensic analysis","volume-title":"Proc. 27th USENIX Secur. Symp.","author":"Hossain","year":"2018"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00064"},{"key":"ref43","article-title":"Code storage flash memory","year":"2023"},{"key":"ref44","article-title":"Saleae logic analyzer","year":"2023"},{"key":"ref45","article-title":"W25Q128FV datasheet","year":"2023"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2020.3036232"},{"key":"ref47","article-title":"The GNU C, library reference manual","year":"2023"},{"key":"ref48","article-title":"LZO","year":"2023"},{"key":"ref49","article-title":"OpenWrt Porject","year":"2021"},{"key":"ref50","article-title":"A labeled dataset with malicious and benign IoT network traffic","year":"2020"},{"key":"ref51","article-title":"Intrusion detectionevaluation dataset (CICIDS2017)","year":"2018"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM48880.2022.9796936"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24067"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484585"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2019.8737507"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1145\/3485447.3512217"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOMW.2019.8845315"},{"key":"ref58","article-title":"Syslog"},{"key":"ref59","first-page":"317","article-title":"Efficient data structures for tamper-evident logging","volume-title":"Proc. USENIX Secur. Symp.","author":"Crosby","year":"2009"},{"key":"ref60","first-page":"91","article-title":"CloudAV: N-version antivirus in the network cloud","volume-title":"Proc. USENIX Secur. Symp.","author":"Oberheide","year":"2008"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.23102"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24549"},{"key":"ref63","first-page":"3319","article-title":"Axiomatic attribution for deep networks","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Sundararajan","year":"2017"},{"key":"ref64","article-title":"Captum: Model interpretability for PyTorch","year":"2023"},{"key":"ref65","article-title":"Selenium automates browsers","year":"2023"},{"key":"ref66","article-title":"A lightning fast multithreaded network scanner framework with modules","year":"2019"},{"key":"ref67","article-title":"Hydra","year":"2023"},{"key":"ref68","first-page":"1751","article-title":"Back to the whiteboard: A principled approach for the assessment and design of memory forensic techniques","volume-title":"Proc. USENIX Secur. Symp.","author":"Pagani","year":"2019"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1145\/3422575.3422775"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23324"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2019.8737622"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2016.2623950"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2016.2594295"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2020.2991876"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2014.6848005"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2017.2692682"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2014.6848129"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1109\/tdsc.2023.3242134"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1109\/tdsc.2023.3245411"},{"key":"ref80","first-page":"1151","article-title":"Looking from the mirror: Evaluating IoT device security through mobile companion apps","volume-title":"Proc. USENIX Secur. Symp.","author":"Wang","year":"2019"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-22390-7_22"},{"key":"ref82","article-title":"Perf Tutorial","year":"2023"},{"key":"ref83","first-page":"1","article-title":"PREEMPT: Preempting malware by examining embedded processor traces","volume-title":"Proc. Annu. Des. Automat. Conf.","author":"Basu","year":"2019"},{"key":"ref84","first-page":"95","article-title":"A large-scale analysis of the security of embedded firmwares","volume-title":"Proc. USENIX Secur. Symp.","author":"Costin","year":"2014"},{"key":"ref85","first-page":"1751","article-title":"Back to the whiteboard: A principled approach for the assessment and design of memory forensic techniques","volume-title":"Proc. USENIX Secur. Symp.","author":"Pagani","year":"2019"}],"container-title":["IEEE Transactions on Mobile Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/7755\/10491282\/10237298.pdf?arnumber=10237298","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,4,9]],"date-time":"2024-04-09T19:51:38Z","timestamp":1712692298000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10237298\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,5]]},"references-count":85,"journal-issue":{"issue":"5"},"URL":"https:\/\/doi.org\/10.1109\/tmc.2023.3311012","relation":{},"ISSN":["1536-1233","1558-0660","2161-9875"],"issn-type":[{"value":"1536-1233","type":"print"},{"value":"1558-0660","type":"electronic"},{"value":"2161-9875","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,5]]}}}