{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,7]],"date-time":"2026-04-07T16:26:41Z","timestamp":1775579201442,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":98,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,7,1]],"date-time":"2024-07-01T00:00:00Z","timestamp":1719792000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,7]]},"DOI":"10.1145\/3634737.3637658","type":"proceedings-article","created":{"date-parts":[[2024,6,28]],"date-time":"2024-06-28T11:51:38Z","timestamp":1719575498000},"page":"383-398","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":20,"title":["Unmasking the Veiled: A Comprehensive Analysis of Android Evasive Malware"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2435-9993","authenticated-orcid":false,"given":"Antonio","family":"Ruggia","sequence":"first","affiliation":[{"name":"University of Genova, Genova, Italy"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3544-1346","authenticated-orcid":false,"given":"Dario","family":"Nisi","sequence":"additional","affiliation":[{"name":"EURECOM, Biot, France"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0988-9366","authenticated-orcid":false,"given":"Savino","family":"Dambra","sequence":"additional","affiliation":[{"name":"EURECOM, Biot, France"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2272-2376","authenticated-orcid":false,"given":"Alessio","family":"Merlo","sequence":"additional","affiliation":[{"name":"CASD - School for Advanced Defense Studies, Roma, Italy"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5957-6213","authenticated-orcid":false,"given":"Davide","family":"Balzarotti","sequence":"additional","affiliation":[{"name":"EURECOM, Biot, France"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9547-3502","authenticated-orcid":false,"given":"Simone","family":"Aonzo","sequence":"additional","affiliation":[{"name":"EURECOM, Biot, France"}]}],"member":"320","published-online":{"date-parts":[[2024,7]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Android Hostile Environment Detection. https:\/\/github.com\/Fuzion24\/AndroidHostileEnvironmentDetection. Accessed","year":"2024","unstructured":"2016. Android Hostile Environment Detection. https:\/\/github.com\/Fuzion24\/AndroidHostileEnvironmentDetection. Accessed June 2, 2024."},{"key":"e_1_3_2_1_2_1","volume-title":"Android Anti Debug. https:\/\/github.com\/GToad\/Android_Anti_Debug. Accessed","year":"2024","unstructured":"2018. Android Anti Debug. https:\/\/github.com\/GToad\/Android_Anti_Debug. Accessed June 2, 2024."},{"key":"e_1_3_2_1_3_1","volume-title":"3 ways to detect the SELinux status in Android natively. https:\/\/erev0s.com\/blog\/3-ways-detect-selinux-status-android-natively\/. Accessed","year":"2024","unstructured":"2020. 3 ways to detect the SELinux status in Android natively. https:\/\/erev0s.com\/blog\/3-ways-detect-selinux-status-android-natively\/. Accessed June 2, 2024."},{"key":"e_1_3_2_1_4_1","volume-title":"Anti Debug and Memory Dump. https:\/\/github.com\/darvincisec\/AntiDebugandMemoryDump. Accessed","year":"2024","unstructured":"2021. Anti Debug and Memory Dump. https:\/\/github.com\/darvincisec\/AntiDebugandMemoryDump. Accessed June 2, 2024."},{"key":"e_1_3_2_1_5_1","unstructured":"2021. GriftHorse Android Trojan Steals Millions from Over 10 Million Victims Globally. https:\/\/www.zimperium.com\/blog\/grifthorse-android-trojan-steals-millions-from-over-10-million-victims-globally\/. Accessed June 2 2024."},{"key":"e_1_3_2_1_6_1","unstructured":"2022. Cybercriminals attack users with 400 000 new malicious files daily. https:\/\/www.kaspersky.com\/about\/press-releases\/2022_cybercriminals-attack-users-with-400000-new-malicious-files-daily---that-is-5-more-than-in-2021. Accessed June 2 2024."},{"key":"e_1_3_2_1_7_1","volume-title":"frida-detection. https:\/\/github.com\/muellerberndt\/frida-detection. Accessed","year":"2024","unstructured":"2022. frida-detection. https:\/\/github.com\/muellerberndt\/frida-detection. Accessed June 2, 2024."},{"key":"e_1_3_2_1_8_1","volume-title":"Google Play Scraper. https:\/\/github.com\/facundoolano\/google-play-scraper. Accessed","year":"2024","unstructured":"2022. Google Play Scraper. https:\/\/github.com\/facundoolano\/google-play-scraper. Accessed June 2, 2024."},{"key":"e_1_3_2_1_9_1","volume-title":"https:\/\/github.com\/LordNoteworthy\/al-khaser. Accessed","year":"2024","unstructured":"2023. Al-Khaser. https:\/\/github.com\/LordNoteworthy\/al-khaser. Accessed June 2, 2024."},{"key":"e_1_3_2_1_10_1","volume-title":"https:\/\/github.com\/eurecom-s3\/AAl-Khaser. Accessed","author":"Al-Khaser Android","year":"2024","unstructured":"2023. Android Al-Khaser. https:\/\/github.com\/eurecom-s3\/AAl-Khaser. Accessed June 2, 2024."},{"key":"e_1_3_2_1_11_1","volume-title":"Android Verified Boot 2.0. https:\/\/android.googlesource.com\/platform\/external\/avb\/+\/master\/README.md. Accessed","year":"2024","unstructured":"2023. Android Verified Boot 2.0. https:\/\/android.googlesource.com\/platform\/external\/avb\/+\/master\/README.md. Accessed June 2, 2024."},{"key":"e_1_3_2_1_12_1","volume-title":"apkeep. https:\/\/github.com\/EFForg\/apkeep. Accessed","year":"2024","unstructured":"2023. apkeep. https:\/\/github.com\/EFForg\/apkeep. Accessed June 2, 2024."},{"key":"e_1_3_2_1_13_1","volume-title":"https:\/\/www.applovin.com\/. Accessed","author":"AppLovin","year":"2024","unstructured":"2023. AppLovin MAX. https:\/\/www.applovin.com\/. Accessed June 2, 2024."},{"key":"e_1_3_2_1_14_1","volume-title":"https:\/\/support.chartboost.com\/en. Accessed","year":"2024","unstructured":"2023. Chartboost. https:\/\/support.chartboost.com\/en. Accessed June 2, 2024."},{"key":"e_1_3_2_1_15_1","volume-title":"https:\/\/www.flurry.com\/. Accessed","year":"2024","unstructured":"2023. Flurry. https:\/\/www.flurry.com\/. Accessed June 2, 2024."},{"key":"e_1_3_2_1_16_1","volume-title":"genuine. https:\/\/github.com\/brevent\/genuine. Accessed","year":"2024","unstructured":"2023. genuine. https:\/\/github.com\/brevent\/genuine. Accessed June 2, 2024."},{"key":"e_1_3_2_1_17_1","volume-title":"https:\/\/ghidra.re\/. Accessed","year":"2024","unstructured":"2023. Ghidra. https:\/\/ghidra.re\/. Accessed June 2, 2024."},{"key":"e_1_3_2_1_18_1","volume-title":"https:\/\/www.inmobi.com\/sdk. Accessed","year":"2024","unstructured":"2023. InMobi. https:\/\/www.inmobi.com\/sdk. Accessed June 2, 2024."},{"key":"e_1_3_2_1_19_1","volume-title":"https:\/\/github.com\/topjohnwu\/Magisk. Accessed","year":"2024","unstructured":"2023. Magisk. https:\/\/github.com\/topjohnwu\/Magisk. Accessed June 2, 2024."},{"key":"e_1_3_2_1_20_1","volume-title":"mbc-markdown. https:\/\/github.com\/MBCProject\/mbc-markdown. Accessed","year":"2024","unstructured":"2023. mbc-markdown. https:\/\/github.com\/MBCProject\/mbc-markdown. Accessed June 2, 2024."},{"key":"e_1_3_2_1_21_1","volume-title":"readelf. https:\/\/man7.org\/linux\/man-pages\/man1\/readelf.1.html. Accessed","year":"2024","unstructured":"2023. readelf. https:\/\/man7.org\/linux\/man-pages\/man1\/readelf.1.html. Accessed June 2, 2024."},{"key":"e_1_3_2_1_22_1","volume-title":"Information Security: 21st International Conference, ISC 2018, Guildford, UK, September 9--12, 2018, Proceedings 21","author":"Afonso Vitor","year":"2018","unstructured":"Vitor Afonso, Anatoli Kalysch, Tilo M\u00fcller, Daniela Oliveira, Andr\u00e9 Gr\u00e9gio, and Paulo L\u00edcio de Geus. 2018. Lumus: Dynamically uncovering evasive Android applications. In Information Security: 21st International Conference, ISC 2018, Guildford, UK, September 9--12, 2018, Proceedings 21. Springer, 47--66."},{"key":"e_1_3_2_1_23_1","volume-title":"30th Annual International Computer Software and Applications Conference (COMPSAC'06)","volume":"1","author":"Aggarwal Ashish","year":"2006","unstructured":"Ashish Aggarwal and Pankaj Jalote. 2006. Integrating static and dynamic analysis for detecting vulnerabilities. In 30th Annual International Computer Software and Applications Conference (COMPSAC'06), Vol. 1. IEEE, 343--350."},{"key":"e_1_3_2_1_24_1","volume-title":"22nd International Symposium on Research in Attacks, Intrusions and Defenses ({RAID}","author":"Ali-Gombe Aisha","year":"2019","unstructured":"Aisha Ali-Gombe, Sneha Sudhakaran, Andrew Case, Golden G Richard III, Sencun Zhu, Peiyi Han, Thenkurussi Kesavadas, Dawu Gu, Kehuan Zhang, XiaoFeng Wang, et al. 2019. DroidScraper: a tool for Android in-memory object recovery and reconstruction. In 22nd International Symposium on Research in Attacks, Intrusions and Defenses ({RAID} 2019). 547--559."},{"key":"e_1_3_2_1_25_1","volume-title":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles. 173--187","author":"Andrus Jeremy","year":"2011","unstructured":"Jeremy Andrus, Christoffer Dall, Alexander Van't Hof, Oren Laadan, and Jason Nieh. 2011. Cells: a virtual mobile smartphone architecture. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles. 173--187."},{"key":"e_1_3_2_1_26_1","volume-title":"Proc. of USENIX-23","author":"Aonzo Simone","year":"2023","unstructured":"Simone Aonzo, Yufei Han, Alessandro Mantovani, and Davide Balzarotti. 2023. Humans vs. machines in malware classification. Proc. of USENIX-23 (2023)."},{"key":"e_1_3_2_1_27_1","volume-title":"Proceedings of the 5th International Conference on Mobile Software Engineering and Systems. 2--12","author":"Bello Luciano","year":"2018","unstructured":"Luciano Bello and Marco Pistoia. 2018. Ares: triggering payload of evasive android malware. In Proceedings of the 5th International Conference on Mobile Software Engineering and Systems. 2--12."},{"key":"e_1_3_2_1_28_1","volume-title":"International Symposium on Cyber Security Cryptography and Machine Learning. Springer, 167--174","author":"Berger Harel","year":"2020","unstructured":"Harel Berger, Chen Hajaj, and Amit Dvir. 2020. Evasion is not enough: A case study of android malware. In International Symposium on Cyber Security Cryptography and Machine Learning. Springer, 167--174."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2020.102463"},{"key":"e_1_3_2_1_30_1","volume-title":"Mirage: Toward a stealthier and modular malware analysis sandbox for android. In Computer Security-ESORICS 2017: 22nd European Symposium on Research in Computer Security","author":"Bordoni Lorenzo","year":"2017","unstructured":"Lorenzo Bordoni, Mauro Conti, and Riccardo Spolaor. 2017. Mirage: Toward a stealthier and modular malware analysis sandbox for android. In Computer Security-ESORICS 2017: 22nd European Symposium on Research in Computer Security, Oslo, Norway, September 11--15, 2017, Proceedings, Part I 22. Springer, 278--296."},{"key":"e_1_3_2_1_31_1","volume-title":"https:\/\/www.qemu.org\/. Accessed","author":"Conservancy Software Freedom","year":"2024","unstructured":"Software Freedom Conservancy. 2023. QEMU. https:\/\/www.qemu.org\/. Accessed June 2, 2024."},{"key":"e_1_3_2_1_32_1","volume-title":"https:\/\/attack.mitre.org\/techniques\/T1633\/001\/. Accessed","author":"The MITRE Corporation","year":"2024","unstructured":"The MITRE Corporation. 2023. EvadeMe. https:\/\/attack.mitre.org\/techniques\/T1633\/001\/. Accessed June 2, 2024."},{"key":"e_1_3_2_1_33_1","volume-title":"System Checks. https:\/\/www.cryptomathic.com\/news-events\/blog\/app-hardening-for-mobile-banking-and-payment-apps-emulator-detection. Accessed","author":"Evasion Sandbox","year":"2024","unstructured":"Cryptomathic. 2022. Virtualization\/Sandbox Evasion: System Checks. https:\/\/www.cryptomathic.com\/news-events\/blog\/app-hardening-for-mobile-banking-and-payment-apps-emulator-detection. Accessed June 2, 2024."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"crossref","first-page":"10","DOI":"10.1007\/s10515-023-00378-w","article-title":"DroidHook: a novel API-hook based Android malware dynamic analysis sandbox","volume":"30","author":"Cui Yuning","year":"2023","unstructured":"Yuning Cui, Yi Sun, and Zhaowen Lin. 2023. DroidHook: a novel API-hook based Android malware dynamic analysis sandbox. Automated Software Engineering 30, 1 (2023), 10.","journal-title":"Automated Software Engineering"},{"key":"e_1_3_2_1_35_1","volume-title":"Proceedings of the 25th ACM Symposium on Access Control Models and Technologies. 25--32","author":"Dai Deshun","year":"2020","unstructured":"Deshun Dai, Ruixuan Li, Junwei Tang, Ali Davanian, and Heng Yin. 2020. Parallel space traveling: A security analysis of app-level virtualization in android. In Proceedings of the 25th ACM Symposium on Access Control Models and Technologies. 25--32."},{"key":"e_1_3_2_1_36_1","volume-title":"Feature Extraction, and Model Performance. arXiv preprint arXiv:2307.14657","author":"Dambra Savino","year":"2023","unstructured":"Savino Dambra, Yufei Han, Simone Aonzo, Platon Kotzias, Antonino Vitale, Juan Caballero, Davide Balzarotti, and Leyla Bilge. 2023. Decoding the Secrets of Machine Learning in Malware Classification: A Deep Dive into Datasets, Feature Extraction, and Model Performance. arXiv preprint arXiv:2307.14657 (2023)."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2020.2976559"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.7717\/peerj-cs.907"},{"key":"e_1_3_2_1_39_1","volume-title":"https:\/\/github.com\/evilthreads669966\/evademe. Accessed","year":"2024","unstructured":"evilthreads669966. 2021. EvadeMe. https:\/\/github.com\/evilthreads669966\/evademe. Accessed June 2, 2024."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.sysarc.2022.102452"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.3390\/info14070374"},{"key":"e_1_3_2_1_42_1","volume-title":"https:\/\/cuckoosandbox.org\/. Accessed","author":"Foundation Stichting Cuckoo","year":"2024","unstructured":"Stichting Cuckoo Foundation. 2023. Cuckoo Sandbox. https:\/\/cuckoosandbox.org\/. Accessed June 2, 2024."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/2799979.2800004"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102550"},{"key":"e_1_3_2_1_45_1","unstructured":"Tal Garfinkel Keith Adams Andrew Warfield Jason Franklin et al. 2007. Compatibility Is Not Transparency: VMM Detection Myths and Realities.. In HotOS."},{"key":"e_1_3_2_1_46_1","volume-title":"https:\/\/www.genymotion.com\/. Accessed","year":"2024","unstructured":"Genymobile. 2023. Genymotion. https:\/\/www.genymotion.com\/. Accessed June 2, 2024."},{"key":"e_1_3_2_1_47_1","volume-title":"Protecting WebView with Safe Browsing. https:\/\/android-developers.googleblog.com\/2018\/04\/protecting-webview-with-safe-browsing.html. Accessed","year":"2024","unstructured":"Google. 2018. Protecting WebView with Safe Browsing. https:\/\/android-developers.googleblog.com\/2018\/04\/protecting-webview-with-safe-browsing.html. Accessed June 2, 2024."},{"key":"e_1_3_2_1_48_1","volume-title":"Configuring ART. https:\/\/source.android.com\/docs\/core\/runtime\/configure. Accessed","year":"2024","unstructured":"Google. 2023. Configuring ART. https:\/\/source.android.com\/docs\/core\/runtime\/configure. Accessed June 2, 2024."},{"key":"e_1_3_2_1_49_1","volume-title":"Google Safe Browsing Service. https:\/\/developer.android.com\/develop\/ui\/views\/layout\/webapps\/managing-webview#safe-browsing. Accessed","year":"2024","unstructured":"Google. 2023. Google Safe Browsing Service. https:\/\/developer.android.com\/develop\/ui\/views\/layout\/webapps\/managing-webview#safe-browsing. Accessed June 2, 2024."},{"key":"e_1_3_2_1_50_1","volume-title":"Play Integrity API. https:\/\/developer.android.com\/google\/play\/integrity. Accessed","year":"2024","unstructured":"Google. 2023. Play Integrity API. https:\/\/developer.android.com\/google\/play\/integrity. Accessed June 2, 2024."},{"key":"e_1_3_2_1_51_1","volume-title":"Protect against security threats with SafetyNet. https:\/\/developer.android.com\/training\/safetynet. Accessed","year":"2024","unstructured":"Google. 2023. Protect against security threats with SafetyNet. https:\/\/developer.android.com\/training\/safetynet. Accessed June 2, 2024."},{"key":"e_1_3_2_1_52_1","volume-title":"https:\/\/www.xda-developers.com\/best-xposed-modules\/. Accessed","author":"Hazarika Skanda","year":"2024","unstructured":"Skanda Hazarika. 2022. Xposed. https:\/\/www.xda-developers.com\/best-xposed-modules\/. Accessed June 2, 2024."},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/3458864.3466627"},{"key":"e_1_3_2_1_54_1","volume-title":"Denuvo Mobile Games Protection. https:\/\/irdeto.com\/denuvo\/mobile-games-protection\/. Accessed","year":"2024","unstructured":"Irdeto. 2023. Denuvo Mobile Games Protection. https:\/\/irdeto.com\/denuvo\/mobile-games-protection\/. Accessed June 2, 2024."},{"key":"e_1_3_2_1_55_1","volume-title":"2018 Second international conference on inventive communication and computational technologies (ICICCT). IEEE, 1056--1060","author":"Jamalpur Sainadh","year":"2018","unstructured":"Sainadh Jamalpur, Yamini Sai Navya, Perla Raja, Gampala Tagore, and G Rama Koteswara Rao. 2018. Dynamic malware analysis using cuckoo sandbox. In 2018 Second international conference on inventive communication and computational technologies (ICICCT). IEEE, 1056--1060."},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664250"},{"key":"e_1_3_2_1_57_1","volume-title":"xdr. https:\/\/man7.org\/linux\/man-pages\/man3\/xdr.3.html. Accessed","author":"Kerrisk Michael","year":"2024","unstructured":"Michael Kerrisk. 2021. xdr. https:\/\/man7.org\/linux\/man-pages\/man3\/xdr.3.html. Accessed June 2, 2024."},{"key":"e_1_3_2_1_58_1","volume-title":"Proceedings of the 29th Network and Distributed System Security Symposium (NDSS).","author":"Kondracki Brian","year":"2022","unstructured":"Brian Kondracki, Babak Amin Azad, Najmeh Miramirkhani, and Nick Nikiforakis. 2022. The droid is in the details: Environment-aware evasion of android sandboxes. In Proceedings of the 29th Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_3_2_1_59_1","volume-title":"2017 26th International Conference on Computer Communication and Networks (ICCCN). IEEE, 1--8.","author":"Liu Lang","year":"2017","unstructured":"Lang Liu, Yacong Gu, Qi Li, and Purui Su. 2017. RealDroid: Large-Scale Evasive Malware Detection on\" Real Devices\". In 2017 26th International Conference on Computer Communication and Networks (ICCCN). IEEE, 1--8."},{"key":"e_1_3_2_1_60_1","volume-title":"https:\/\/github.com\/idanr1986\/cuckoo-droid. Accessed","author":"Software Check Point","year":"2024","unstructured":"Check Point Software Technologies LTD. 2017. CuckooDroid. https:\/\/github.com\/idanr1986\/cuckoo-droid. Accessed June 2, 2024."},{"key":"e_1_3_2_1_61_1","volume-title":"https:\/\/github.com\/asLody\/VirtualApp Accessed online","author":"Jining Luohe Network Technology Co. Ltd. 2020. VirtualApp.","year":"2024","unstructured":"Jining Luohe Network Technology Co. Ltd. 2020. VirtualApp. https:\/\/github.com\/asLody\/VirtualApp Accessed online: June 2, 2024."},{"key":"e_1_3_2_1_62_1","volume-title":"Proceedings of Blackhat Asia","author":"Luo Tongbo","year":"2017","unstructured":"Tongbo Luo, Cong Zheng, Zhi Xu, and Xin Ouyang. 2017. Anti-plugin: Don't let your app play as an android plugin. Proceedings of Blackhat Asia (2017)."},{"key":"e_1_3_2_1_63_1","volume-title":"Longitudinal Study of the Prevalence of Malware Evasive Techniques. arXiv preprint arXiv:2112.11289","author":"Maffia Lorenzo","year":"2021","unstructured":"Lorenzo Maffia, Dario Nisi, Platon Kotzias, Giovanni Lagorio, Simone Aonzo, and Davide Balzarotti. 2021. Longitudinal Study of the Prevalence of Malware Evasive Techniques. arXiv preprint arXiv:2112.11289 (2021)."},{"key":"e_1_3_2_1_64_1","volume-title":"2014 Ninth International Conference on Availability, Reliability and Security. IEEE, 30--39","author":"Maier Dominik","year":"2014","unstructured":"Dominik Maier, Tilo M\u00fcller, and Mykola Protsenko. 2014. Divide-and-conquer: Why android malware cannot be stopped. In 2014 Ninth International Conference on Availability, Reliability and Security. IEEE, 30--39."},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897856"},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102181"},{"key":"e_1_3_2_1_67_1","volume-title":"2017 IEEE Symposium on Security and Privacy (SP). 1009--1024","author":"Miramirkhani Najmeh","unstructured":"Najmeh Miramirkhani, Mahathi Priya Appini, Nick Nikiforakis, and Michalis Polychronakis. [n. d.]. Spotless sandboxes: Evading malware analysis systems using wear-and-tear artifacts. In 2017 IEEE Symposium on Security and Privacy (SP). 1009--1024."},{"key":"e_1_3_2_1_68_1","volume-title":"2021 IEEE 30th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE). IEEE, 125--130","author":"Mirza Samrah","year":"2021","unstructured":"Samrah Mirza, Haider Abbas, Waleed Bin Shahid, Narmeen Shafqat, Mariagrazia Fugini, Zafar Iqbal, and Zia Muhammad. 2021. A malware evasion technique for auditing android anti-malware solutions. In 2021 IEEE 30th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE). IEEE, 125--130."},{"key":"e_1_3_2_1_69_1","volume-title":"22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID","author":"Nisi Dario","year":"2019","unstructured":"Dario Nisi, Antonio Bianchi, and Yanick Fratantonio. 2019. Exploring {Syscall-Based} Semantics Reconstruction of Android Applications. In 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019). 517--531."},{"key":"e_1_3_2_1_70_1","volume-title":"https:\/\/frida.re\/. Accessed","year":"2024","unstructured":"NowSecure. 2023. Frida. https:\/\/frida.re\/. Accessed June 2, 2024."},{"key":"e_1_3_2_1_71_1","volume-title":"Proceedings of the USENIX Workshop on Offensive Technologies (WOOT)","volume":"41","author":"Paleari Roberto","year":"2009","unstructured":"Roberto Paleari, Lorenzo Martignoni, Giampaolo Fresi Roglia, and Danilo Bruschi. 2009. A fistful of red-pills: How to automatically generate procedures to detect CPU emulators. In Proceedings of the USENIX Workshop on Offensive Technologies (WOOT), Vol. 41. 86."},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1145\/2592791.2592796"},{"key":"e_1_3_2_1_73_1","volume-title":"Department of Computer Science","author":"Petukhov Andrey","year":"2008","unstructured":"Andrey Petukhov and Dmitry Kozlov. 2008. Detecting security vulnerabilities in web applications using dynamic analysis with penetration testing. Computing Systems Lab, Department of Computer Science, Moscow State University (2008), 1--120."},{"key":"e_1_3_2_1_74_1","volume-title":"https:\/\/github.com\/pjlantz\/droidbox. Accessed","year":"2024","unstructured":"pjlantz. 2019. DroidBox. https:\/\/github.com\/pjlantz\/droidbox. Accessed June 2, 2024."},{"key":"e_1_3_2_1_75_1","volume-title":"2017 47th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 415--426","author":"Qu Zhengyang","year":"2017","unstructured":"Zhengyang Qu, Shahid Alam, Yan Chen, Xiaoyong Zhou, Wangjun Hong, and Ryan Riley. 2017. DyDroid: Measuring dynamic code loading and its security implications in Android applications. In 2017 47th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 415--426."},{"key":"e_1_3_2_1_76_1","volume-title":"https:\/\/github.com\/rednaga\/APKiD. Accessed","author":"D.","year":"2024","unstructured":"rednaga. 2023. APKiD. https:\/\/github.com\/rednaga\/APKiD. Accessed June 2, 2024."},{"key":"e_1_3_2_1_77_1","volume-title":"Deep reinforcement learning for black-box testing of android apps. ACM Transactions on Software Engineering and Methodology","author":"Romdhana Andrea","year":"2022","unstructured":"Andrea Romdhana, Alessio Merlo, Mariano Ceccato, and Paolo Tonella. 2022. Deep reinforcement learning for black-box testing of android apps. ACM Transactions on Software Engineering and Methodology (2022)."},{"key":"e_1_3_2_1_78_1","volume-title":"8th IEEE European Symposium on Security and Privacy.","author":"Ruggia Antonio","year":"2023","unstructured":"Antonio Ruggia, Andrea Possemato, Alessio Merlo, Dario Nisi, and Simone Aonzo. 2023. Android, Notify Me When It Is Time To Go Phishing. In EUROS&P 2023, 8th IEEE European Symposium on Security and Privacy."},{"key":"e_1_3_2_1_79_1","volume-title":"RAID 2018, Heraklion, Crete, Greece, September 10--12, 2018, Proceedings 21","author":"Sahin Onur","year":"2018","unstructured":"Onur Sahin, Ayse K Coskun, and Manuel Egele. 2018. Proteus: Detecting android emulators from instruction-level profiles. In Research in Attacks, Intrusions, and Defenses: 21st International Symposium, RAID 2018, Heraklion, Crete, Greece, September 10--12, 2018, Proceedings 21. Springer, 3--24."},{"key":"e_1_3_2_1_80_1","volume-title":"https:\/\/github.com\/samohyes\/Anti-vm-in-android. Accessed","year":"2024","unstructured":"samohyes. 2018. Anti-vm-in-Android. https:\/\/github.com\/samohyes\/Anti-vm-in-android. Accessed June 2, 2024."},{"key":"e_1_3_2_1_81_1","volume-title":"https:\/\/github.com\/scottyab\/rootbeer. Accessed","year":"2024","unstructured":"scottyab. 2021. RootBeer. https:\/\/github.com\/scottyab\/rootbeer. Accessed June 2, 2024."},{"key":"e_1_3_2_1_82_1","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427261"},{"key":"e_1_3_2_1_83_1","volume-title":"Android Anti-Reversing Defenses. https:\/\/mas.owasp.org\/MASTG\/Android\/0x05j-Testing-Resiliency-Against-Reverse-Engineering\/. Accessed","author":"Mobile Application Security OWASP","year":"2024","unstructured":"OWASP Mobile Application Security. 2023. Android Anti-Reversing Defenses. https:\/\/mas.owasp.org\/MASTG\/Android\/0x05j-Testing-Resiliency-Against-Reverse-Engineering\/. Accessed June 2, 2024."},{"key":"e_1_3_2_1_84_1","volume-title":"Proceedings of the 17th Annual International Conference on Mobile Systems, Applications, and Services. 222--235","author":"Shi Luman","year":"2019","unstructured":"Luman Shi, Jianming Fu, Zhengwei Guo, and Jiang Ming. 2019. \" Jekyll and Hyde\" is Risky: Shared-Everything Threat Mitigation in Dual-Instance Apps. In Proceedings of the 17th Annual International Conference on Mobile Systems, Applications, and Services. 222--235."},{"key":"e_1_3_2_1_85_1","volume-title":"evadroid. https:\/\/bitbucket.org\/IBMmobile\/evadroid\/src\/master\/. Accessed","author":"Mobile Enterprise Software IBM","year":"2024","unstructured":"IBM Mobile Enterprise Software. 2018. evadroid. https:\/\/bitbucket.org\/IBMmobile\/evadroid\/src\/master\/. Accessed June 2, 2024."},{"key":"e_1_3_2_1_86_1","volume-title":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. 2858--2874","author":"Song Wenna","year":"2021","unstructured":"Wenna Song, Jiang Ming, Lin Jiang, Yi Xiang, Xuanchen Pan, Jianming Fu, and Guojun Peng. 2021. Towards transparent and stealthy android os sandboxing via customizable container-based virtualization. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. 2858--2874."},{"key":"e_1_3_2_1_87_1","doi-asserted-by":"publisher","DOI":"10.1145\/2808117.2808126"},{"key":"e_1_3_2_1_88_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23145"},{"key":"e_1_3_2_1_89_1","doi-asserted-by":"publisher","DOI":"10.1145\/3017427"},{"key":"e_1_3_2_1_90_1","volume-title":"https:\/\/github.com\/DroidPluginTeam\/DroidPlugin Accessed online","author":"Team DroidPlugin","year":"2024","unstructured":"DroidPlugin Team. 2020. DroidPlugin. https:\/\/github.com\/DroidPluginTeam\/DroidPlugin Accessed online: June 2, 2024."},{"key":"e_1_3_2_1_91_1","doi-asserted-by":"publisher","DOI":"10.1145\/2590296.2590325"},{"key":"e_1_3_2_1_92_1","volume-title":"https:\/\/www.virustotal.com. Accessed","year":"2024","unstructured":"VirusTotal. 2023. VirusTotal. https:\/\/www.virustotal.com. Accessed June 2, 2024."},{"key":"e_1_3_2_1_93_1","doi-asserted-by":"publisher","DOI":"10.1145\/2993717.2993720"},{"key":"e_1_3_2_1_94_1","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-191325"},{"key":"e_1_3_2_1_95_1","volume-title":"2015 3rd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering. IEEE, 81--88","author":"Xu Lei","year":"2015","unstructured":"Lei Xu, Guoxi Li, Chuan Li, Weijie Sun, Wenzhi Chen, and Zonghui Wang. 2015. Condroid: a container-based virtualization solution adapted for android devices. In 2015 3rd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering. IEEE, 81--88."},{"key":"e_1_3_2_1_96_1","unstructured":"Lok-Kwong Yan and Heng Yin. 2012. Droidscope: seamlessly reconstructing the os and dalvik semantic views for dynamic android malware analysis.. In USENIX security symposium. 569--584."},{"key":"e_1_3_2_1_97_1","doi-asserted-by":"publisher","DOI":"10.1145\/3322205.3311088"},{"key":"e_1_3_2_1_98_1","doi-asserted-by":"publisher","DOI":"10.1145\/3203422.3203425"}],"event":{"name":"ASIA CCS '24: 19th ACM Asia Conference on Computer and Communications Security","location":"Singapore Singapore","acronym":"ASIA CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 19th ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3634737.3637658","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T23:44:06Z","timestamp":1750290246000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3634737.3637658"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7]]},"references-count":98,"alternative-id":["10.1145\/3634737.3637658","10.1145\/3634737"],"URL":"https:\/\/doi.org\/10.1145\/3634737.3637658","relation":{},"subject":[],"published":{"date-parts":[[2024,7]]},"assertion":[{"value":"2024-07-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}