{"id":"https://openalex.org/W4406388019","doi":"https://doi.org/10.1109/tdsc.2025.3529119","title":"RansomSentry: Runtime Detection of Android Ransomware With Compiler-Based Instrumentation","display_name":"RansomSentry: Runtime Detection of Android Ransomware With Compiler-Based Instrumentation","publication_year":2025,"publication_date":"2025-01-15","ids":{"openalex":"https://openalex.org/W4406388019","doi":"https://doi.org/10.1109/tdsc.2025.3529119"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2025.3529119","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2025.3529119","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5016190080","display_name":"Boyang Ma","orcid":"https://orcid.org/0000-0002-9849-4576"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Boyang Ma","raw_affiliation_strings":["School of Cyber Engineering, Xidian University, Xi’an, China","School of Cyber Engineering, Xidian University, Xi'an, China"],"affiliations":[{"raw_affiliation_string":"School of Cyber Engineering, Xidian University, Xi’an, China","institution_ids":["https://openalex.org/I149594827"]},{"raw_affiliation_string":"School of Cyber Engineering, Xidian University, Xi'an, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5055509811","display_name":"Linxuan Zhou","orcid":null},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Linxuan Zhou","raw_affiliation_strings":["School of Cyber Engineering, Xidian University, Xi’an, China","School of Cyber Engineering, Xidian University, Xi'an, China"],"affiliations":[{"raw_affiliation_string":"School of Cyber Engineering, Xidian University, Xi’an, China","institution_ids":["https://openalex.org/I149594827"]},{"raw_affiliation_string":"School of Cyber Engineering, Xidian University, Xi'an, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5077314690","display_name":"Chien-Hsiang Liao","orcid":null},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chong Liao","raw_affiliation_strings":["School of Cyber Engineering, Xidian University, Xi’an, China","School of Cyber Engineering, Xidian University, Xi'an, China"],"affiliations":[{"raw_affiliation_string":"School of Cyber Engineering, Xidian University, Xi’an, China","institution_ids":["https://openalex.org/I149594827"]},{"raw_affiliation_string":"School of Cyber Engineering, Xidian University, Xi'an, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088790914","display_name":"Yajin Zhou","orcid":"https://orcid.org/0000-0001-7610-4736"},"institutions":[{"id":"https://openalex.org/I168879160","display_name":"Zhejiang University of Science and Technology","ror":"https://ror.org/05mx0wr29","country_code":"CN","type":"education","lineage":["https://openalex.org/I168879160"]},{"id":"https://openalex.org/I55712492","display_name":"Zhejiang University of Technology","ror":"https://ror.org/02djqfd08","country_code":"CN","type":"education","lineage":["https://openalex.org/I55712492"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yajin Zhou","raw_affiliation_strings":["College of Computer Science and Technology, School of Cyber Space and Technology, Zhejiang University, Hangzhou, China","College of Computer Science and Technology and the School of Cyber Space and Technology, Zhejiang University, Hangzhou, China"],"affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, School of Cyber Space and Technology, Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I168879160","https://openalex.org/I55712492"]},{"raw_affiliation_string":"College of Computer Science and Technology and the School of Cyber Space and Technology, Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I168879160"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102839957","display_name":"Jinku Li","orcid":"https://orcid.org/0000-0003-0709-7434"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jinku Li","raw_affiliation_strings":["School of Cyber Engineering, Xidian University, Xi’an, China","School of Cyber Engineering, Xidian University, Xi'an, China"],"affiliations":[{"raw_affiliation_string":"School of Cyber Engineering, Xidian University, Xi’an, China","institution_ids":["https://openalex.org/I149594827"]},{"raw_affiliation_string":"School of Cyber Engineering, Xidian University, Xi'an, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5012016098","display_name":"Jianfeng Ma","orcid":"https://orcid.org/0000-0003-4251-1143"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jianfeng Ma","raw_affiliation_strings":["School of Cyber Engineering, Xidian University, Xi’an, China","School of Cyber Engineering, Xidian University, Xi'an, China"],"affiliations":[{"raw_affiliation_string":"School of Cyber Engineering, Xidian University, Xi’an, China","institution_ids":["https://openalex.org/I149594827"]},{"raw_affiliation_string":"School of Cyber Engineering, Xidian University, Xi'an, China","institution_ids":["https://openalex.org/I149594827"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5016190080"],"corresponding_institution_ids":["https://openalex.org/I149594827"],"apc_list":null,"apc_paid":null,"fwci":4.7229,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.93112519,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":91,"max":100},"biblio":{"volume":"22","issue":"4","first_page":"3354","last_page":"3370"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12799","display_name":"Mobile and Web Applications","score":0.9821000099182129,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9363999962806702,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8393998742103577},{"id":"https://openalex.org/keywords/compiler","display_name":"Compiler","score":0.7042316198348999},{"id":"https://openalex.org/keywords/ransomware","display_name":"Ransomware","score":0.6978106498718262},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.6365448236465454},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.6223418712615967},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.5801360011100769},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.22604802250862122}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8393998742103577},{"id":"https://openalex.org/C169590947","wikidata":"https://www.wikidata.org/wiki/Q47506","display_name":"Compiler","level":2,"score":0.7042316198348999},{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.6978106498718262},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.6365448236465454},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.6223418712615967},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.5801360011100769},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.22604802250862122}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2025.3529119","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2025.3529119","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":22,"referenced_works":["https://openalex.org/W2034102017","https://openalex.org/W2043777221","https://openalex.org/W2158874007","https://openalex.org/W2166743230","https://openalex.org/W2296579688","https://openalex.org/W2332561139","https://openalex.org/W2493960021","https://openalex.org/W2533311740","https://openalex.org/W2619422284","https://openalex.org/W2738263528","https://openalex.org/W3003543339","https://openalex.org/W3016101473","https://openalex.org/W3128652290","https://openalex.org/W6639024520","https://openalex.org/W6641190993","https://openalex.org/W6678217462","https://openalex.org/W6681764063","https://openalex.org/W6700850430","https://openalex.org/W6747828546","https://openalex.org/W6766320688","https://openalex.org/W6787188330","https://openalex.org/W6834397530"],"related_works":["https://openalex.org/W3201228709","https://openalex.org/W2922354075","https://openalex.org/W4389157351","https://openalex.org/W4232561318","https://openalex.org/W3202245533","https://openalex.org/W4253977752","https://openalex.org/W2942879794","https://openalex.org/W2964829536","https://openalex.org/W2904586340","https://openalex.org/W1565885216"],"abstract_inverted_index":{"In":[0],"recent":[1,164],"years,":[2],"mobile":[3],"ransomware":[4,15,51,73,166,181],"attacks":[5,182],"have":[6],"become":[7],"increasingly":[8],"prevalent,":[9],"especially":[10],"in":[11,52],"Android":[12,14,61,165],"systems.":[13],"extorts":[16],"users":[17],"by":[18,72,129],"maliciously":[19],"locking":[20],"infected":[21],"devices":[22],"or":[23,141],"encrypting":[24],"user":[25],"files":[26],"on":[27],"the":[28,68,75,83,107,117,122],"devices.":[29],"To":[30,149],"address":[31],"this":[32],"problem,":[33],"we":[34,153],"propose":[35],"RansomSentry,":[38],"a":[39,59,78,133,155],"runtime":[40,91],"detection":[41],"system":[42],"with":[43,183],"compiler-based":[44],"instrumentation":[45],"against":[46],"both":[47],"lock-screen":[48],"and":[49,81,86,111,144,161],"crypto":[50],"Android.":[53],"Specifically,":[54],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">RansomSentry":[57,101,160],"leverages":[58],"modified":[60],"dex2oat":[64],"compiler":[65],"to":[66,92,96,105,139,168],"instrument":[67],"sensitive":[69],"APIs":[70],"invoked":[71],"during":[74],"installation":[76],"of":[77,121,157],"target":[79],"app,":[80,123],"monitors":[82],"app's":[84,108],"screen-related":[85],"file":[87,110],"access":[88],"operations":[89],"at":[90],"detect":[93,180],"attacks.":[94],"Compared":[95],"previous":[97],"solutions,":[98],"does":[102],"not":[103],"require":[104],"change":[106],"APK":[109],"bytecode,":[112],"thus":[113],"it":[114,126],"will":[115],"pass":[116],"original":[118],"integrity":[119],"check":[120],"which":[124],"makes":[125],"readily":[127],"deployed":[128],"users.":[130],"Further,":[131],"such":[132],"dynamic":[134],"approach":[135],"is":[136],"naturally":[137],"immune":[138],"code":[140],"data":[142],"obfuscation":[143],"can":[145,178],"provide":[146],"real-time":[147],"protection.":[148],"validate":[150],"our":[151,176],"approach,":[152],"implement":[154],"prototype":[156,177],"collect":[162],"2,376":[163],"samples":[167],"evaluate":[169],"it.":[170],"The":[171],"evaluation":[172],"results":[173],"show":[174],"that":[175],"effectively":[179],"an":[184],"acceptable":[185],"performance":[186],"overhead.":[187]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}