{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,21]],"date-time":"2026-03-21T17:56:23Z","timestamp":1774115783521,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":41,"publisher":"ACM","license":[{"start":{"date-parts":[[2014,6,4]],"date-time":"2014-06-04T00:00:00Z","timestamp":1401840000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000143","name":"Division of Computing and Communication Foundations","doi-asserted-by":"publisher","award":["CCF-0424422"],"award-info":[{"award-number":["CCF-0424422"]}],"id":[{"id":"10.13039\/100000143","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2014,6,4]]},"DOI":"10.1145\/2590296.2590325","type":"proceedings-article","created":{"date-parts":[[2014,5,30]],"date-time":"2014-05-30T18:18:31Z","timestamp":1401473911000},"page":"447-458","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":153,"title":["Evading android runtime analysis via sandbox detection"],"prefix":"10.1145","author":[{"given":"Timothy","family":"Vidas","sequence":"first","affiliation":[{"name":"Carnegie Mellon University, Pittsburgh, PA, USA"}]},{"given":"Nicolas","family":"Christin","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, Pittsburgh, PA, USA"}]}],"member":"320","published-online":{"date-parts":[[2014,6,4]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"AMAT\n  : Android Malware Analysis Toolkit. http:\/\/sourceforge.net\/projects\/amatlinux\/.  AMAT: Android Malware Analysis Toolkit. http:\/\/sourceforge.net\/projects\/amatlinux\/."},{"key":"e_1_3_2_1_2_1","unstructured":"Andrubis. http:\/\/anubis.iseclab.org\/.  Andrubis. http:\/\/anubis.iseclab.org\/."},{"key":"e_1_3_2_1_3_1","unstructured":"CopperDroid. http:\/\/copperdroid.isg.rhul.ac.uk\/copperdroid\/.  CopperDroid. http:\/\/copperdroid.isg.rhul.ac.uk\/copperdroid\/."},{"key":"e_1_3_2_1_4_1","unstructured":"DroidBox. https:\/\/code.google.com\/p\/droidbox\/.  DroidBox. https:\/\/code.google.com\/p\/droidbox\/."},{"key":"e_1_3_2_1_5_1","unstructured":"Droidbox device identifier patch. https:\/\/code.google.com\/p\/droidbox\/source\/browse\/trunk\/droidbox23\/framework_base.patch?r=82.  Droidbox device identifier patch. https:\/\/code.google.com\/p\/droidbox\/source\/browse\/trunk\/droidbox23\/framework_base.patch?r=82."},{"key":"e_1_3_2_1_6_1","unstructured":"Foresafe. http:\/\/www.foresafe.com\/scan.  Foresafe. http:\/\/www.foresafe.com\/scan."},{"key":"e_1_3_2_1_7_1","unstructured":"mobile-sandbox. http:\/\/mobilesandbox.org\/.  mobile-sandbox. http:\/\/mobilesandbox.org\/."},{"key":"e_1_3_2_1_8_1","unstructured":"Monitoring the Battery Level and Charging State | Android Developers. http:\/\/developer.android.com\/training\/monitoring-device-state\/battery-monitoring.html.  Monitoring the Battery Level and Charging State | Android Developers. http:\/\/developer.android.com\/training\/monitoring-device-state\/battery-monitoring.html."},{"key":"e_1_3_2_1_9_1","unstructured":"North American Numbering Plan Adminstration search. www.nanpa.com\/enas\/area_code_query.do.  North American Numbering Plan Adminstration search. www.nanpa.com\/enas\/area_code_query.do."},{"key":"e_1_3_2_1_10_1","unstructured":"SandDroid. http:\/\/sanddroid.xjtu.edu.cn\/.  SandDroid. http:\/\/sanddroid.xjtu.edu.cn\/."},{"key":"e_1_3_2_1_11_1","unstructured":"Using the Android Emulator | Android Developers. http:\/\/developer.android.com\/tools\/devices\/emulator.html.  Using the Android Emulator | Android Developers. http:\/\/developer.android.com\/tools\/devices\/emulator.html."},{"key":"e_1_3_2_1_12_1","volume-title":"NDSS","author":"Bayer U.","year":"2009","unstructured":"U. Bayer , P. Comparetti , C. Hlauschek , C. Kruegel , and E. Kirda . Scalable, behavior-based malware clustering . In NDSS , 2009 . U. Bayer, P. Comparetti, C. Hlauschek, C. Kruegel, and E. Kirda. Scalable, behavior-based malware clustering. In NDSS, 2009."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2010.5665792"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2006.159"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2008.4630086"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1030083.1030086"},{"key":"e_1_3_2_1_17_1","volume-title":"Aug","author":"Schulz M. F.","year":"2012","unstructured":"M. F. and P. Schulz . Detecting android sandboxes , Aug 2012 . https:\/\/www.dexlabs.org\/blog\/btdetect. M. F. and P. Schulz. Detecting android sandboxes, Aug 2012. https:\/\/www.dexlabs.org\/blog\/btdetect."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046614.2046618"},{"key":"e_1_3_2_1_19_1","volume-title":"Symantec Technology Exchange","author":"Ferrie P.","year":"2007","unstructured":"P. Ferrie . Attacks on more virtual machine emulators . Symantec Technology Exchange , 2007 . P. Ferrie. Attacks on more virtual machine emulators. Symantec Technology Exchange, 2007."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180414"},{"key":"e_1_3_2_1_21_1","volume-title":"Proc. USENIX Security","author":"Handley M.","year":"2001","unstructured":"M. Handley , V. Paxson , and C. Kreibich . Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics . In Proc. USENIX Security , 2001 . M. Handley, V. Paxson, and C. Kreibich. Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics. In Proc. USENIX Security, 2001."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/IAW.2005.1495930"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-34638-5_6"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-008-0096-y"},{"key":"e_1_3_2_1_25_1","unstructured":"H. Lockheimer. Android and Security Feb 2012. http:\/\/googlemobile.blogspot.com\/2012\/02\/android-and-security.html.  H. Lockheimer. Android and Security Feb 2012. http:\/\/googlemobile.blogspot.com\/2012\/02\/android-and-security.html."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.17"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.5555\/956415.956465"},{"key":"e_1_3_2_1_28_1","volume-title":"SummerCon2012","author":"Oberheide J.","year":"2012","unstructured":"J. Oberheide and C. Miller . Dissecting the android bouncer . SummerCon2012 , New York , 2012 . J. Oberheide and C. Miller. Dissecting the android bouncer. SummerCon2012, New York, 2012."},{"issue":"4","key":"e_1_3_2_1_29_1","first-page":"165","article-title":"Improvement of the pi calculation algorithm and implementation of fast multiple precision computation","volume":"9","author":"Ooura T.","year":"1999","unstructured":"T. Ooura . Improvement of the pi calculation algorithm and implementation of fast multiple precision computation . Transactions-Japan Society for Industrial and Applied Mathematics , 9 ( 4 ): 165 -- 172 , 1999 . T. Ooura. Improvement of the pi calculation algorithm and implementation of fast multiple precision computation. Transactions-Japan Society for Industrial and Applied Mathematics, 9(4):165--172, 1999.","journal-title":"Transactions-Japan Society for Industrial and Applied Mathematics"},{"key":"e_1_3_2_1_30_1","first-page":"86","volume-title":"Proc. WOOT","volume":"41","author":"Paleari R.","unstructured":"R. Paleari , L. Martignoni , G. F. Roglia , and D. Bruschi . A fistful of red-pills: How to automatically generate procedures to detect cpu emulators . In Proc. WOOT , volume 41 , page 86 . USENIX, 2009. R. Paleari, L. Martignoni, G. F. Roglia, and D. Bruschi. A fistful of red-pills: How to automatically generate procedures to detect cpu emulators. In Proc. WOOT, volume 41, page 86. USENIX, 2009."},{"key":"e_1_3_2_1_31_1","volume-title":"Black Hat USA","author":"Percoco N. J.","year":"2012","unstructured":"N. J. Percoco and S. Schulte . Adventures in bouncerland . Black Hat USA , 2012 . N. J. Percoco and S. Schulte. Adventures in bouncerland. Black Hat USA, 2012."},{"key":"e_1_3_2_1_32_1","volume-title":"DTIC Document","author":"Ptacek T. H.","year":"1998","unstructured":"T. H. Ptacek and T. N. Newsham . Insertion, evasion, and denial of service: Eluding network intrusion detection. Technical report , DTIC Document , 1998 . T. H. Ptacek and T. N. Newsham. Insertion, evasion, and denial of service: Eluding network intrusion detection. Technical report, DTIC Document, 1998."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.5555\/2396231.2396233"},{"key":"e_1_3_2_1_34_1","volume-title":"Invisible Things","author":"Rutkowska J.","year":"2004","unstructured":"J. Rutkowska . Red pill... or how to detect vmm using (almost) one cpu instruction . Invisible Things , 2004 . J. Rutkowska. Red pill... or how to detect vmm using (almost) one cpu instruction. Invisible Things, 2004."},{"key":"e_1_3_2_1_35_1","volume-title":"Sept","author":"Strazzere T.","year":"2013","unstructured":"T. Strazzere . Dex education 201 anti-emulation , Sept 2013 . http:\/\/hitcon.org\/2013\/download\/TimStrazzere-DexEducation.pdf. T. Strazzere. Dex education 201 anti-emulation, Sept 2013. http:\/\/hitcon.org\/2013\/download\/TimStrazzere-DexEducation.pdf."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2435349.2435378"},{"key":"e_1_3_2_1_37_1","volume-title":"Proc. WOOT. USENIX","author":"Vidas T.","year":"2011","unstructured":"T. Vidas , D. Votipka , and N. Christin . All your droid are belong to us: A survey of current android attacks . In Proc. WOOT. USENIX , 2011 . T. Vidas, D. Votipka, and N. Christin. All your droid are belong to us: A survey of current android attacks. In Proc. WOOT. USENIX, 2011."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2011.05.003"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2007.45"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.16"},{"key":"e_1_3_2_1_41_1","volume-title":"Proc. NDSS","author":"Zhou Y.","year":"2012","unstructured":"Y. Zhou , Z. Wang , W. Zhou , and X. Jiang . Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets . In Proc. NDSS , 2012 . Y. Zhou, Z. Wang, W. Zhou, and X. Jiang. Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets. In Proc. NDSS, 2012."}],"event":{"name":"ASIA CCS '14: 9th ACM Symposium on Information, Computer and Communications Security","location":"Kyoto Japan","acronym":"ASIA CCS '14","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 9th ACM symposium on Information, computer and communications security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2590296.2590325","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2590296.2590325","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T06:55:51Z","timestamp":1750229751000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2590296.2590325"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,6,4]]},"references-count":41,"alternative-id":["10.1145\/2590296.2590325","10.1145\/2590296"],"URL":"https:\/\/doi.org\/10.1145\/2590296.2590325","relation":{},"subject":[],"published":{"date-parts":[[2014,6,4]]},"assertion":[{"value":"2014-06-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}