{"id":"https://openalex.org/W2134693988","doi":"https://doi.org/10.1145/1866886.1866892","title":"Reverse engineering for mobile systems forensics with Ares","display_name":"Reverse engineering for mobile systems forensics with Ares","publication_year":2010,"publication_date":"2010-10-08","ids":{"openalex":"https://openalex.org/W2134693988","doi":"https://doi.org/10.1145/1866886.1866892","mag":"2134693988"},"language":"en","primary_location":{"id":"doi:10.1145/1866886.1866892","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1866886.1866892","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2010 ACM workshop on Insider threats","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://works.bepress.com/erik_learned_miller/54/download/","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5026599501","display_name":"J. R. Tuttle","orcid":null},"institutions":[{"id":"https://openalex.org/I24603500","display_name":"University of Massachusetts Amherst","ror":"https://ror.org/0072zz521","country_code":"US","type":"education","lineage":["https://openalex.org/I24603500"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"John Tuttle","raw_affiliation_strings":["University of Massachusetts Amherst, Amherst, MA, USA","University Of Massachusetts Amherst, Amherst, MA, USA#TAB#"],"affiliations":[{"raw_affiliation_string":"University of Massachusetts Amherst, Amherst, MA, USA","institution_ids":["https://openalex.org/I24603500"]},{"raw_affiliation_string":"University Of Massachusetts Amherst, Amherst, MA, USA#TAB#","institution_ids":["https://openalex.org/I24603500"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5076667950","display_name":"Robert J. Walls","orcid":"https://orcid.org/0000-0002-1338-6403"},"institutions":[{"id":"https://openalex.org/I24603500","display_name":"University of Massachusetts Amherst","ror":"https://ror.org/0072zz521","country_code":"US","type":"education","lineage":["https://openalex.org/I24603500"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Robert J. Walls","raw_affiliation_strings":["University of Massachusetts Amherst, Amherst, MA, USA","University Of Massachusetts Amherst, Amherst, MA, USA#TAB#"],"affiliations":[{"raw_affiliation_string":"University of Massachusetts Amherst, Amherst, MA, USA","institution_ids":["https://openalex.org/I24603500"]},{"raw_affiliation_string":"University Of Massachusetts Amherst, Amherst, MA, USA#TAB#","institution_ids":["https://openalex.org/I24603500"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045674062","display_name":"Erik Learned-Miller","orcid":"https://orcid.org/0000-0002-3778-9135"},"institutions":[{"id":"https://openalex.org/I24603500","display_name":"University of Massachusetts Amherst","ror":"https://ror.org/0072zz521","country_code":"US","type":"education","lineage":["https://openalex.org/I24603500"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Erik Learned-Miller","raw_affiliation_strings":["University of Massachusetts Amherst, Amherst, MA, USA","University Of Massachusetts Amherst, Amherst, MA, USA#TAB#"],"affiliations":[{"raw_affiliation_string":"University of Massachusetts Amherst, Amherst, MA, USA","institution_ids":["https://openalex.org/I24603500"]},{"raw_affiliation_string":"University Of Massachusetts Amherst, Amherst, MA, USA#TAB#","institution_ids":["https://openalex.org/I24603500"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5102976517","display_name":"Brian Neil Levine","orcid":"https://orcid.org/0000-0003-2262-0617"},"institutions":[{"id":"https://openalex.org/I24603500","display_name":"University of Massachusetts Amherst","ror":"https://ror.org/0072zz521","country_code":"US","type":"education","lineage":["https://openalex.org/I24603500"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Brian Neil Levine","raw_affiliation_strings":["University of Massachusetts Amherst, Amherst, MA, USA","University Of Massachusetts Amherst, Amherst, MA, USA#TAB#"],"affiliations":[{"raw_affiliation_string":"University of Massachusetts Amherst, Amherst, MA, USA","institution_ids":["https://openalex.org/I24603500"]},{"raw_affiliation_string":"University Of Massachusetts Amherst, Amherst, MA, USA#TAB#","institution_ids":["https://openalex.org/I24603500"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5026599501"],"corresponding_institution_ids":["https://openalex.org/I24603500"],"apc_list":null,"apc_paid":null,"fwci":0.3382,"has_fulltext":true,"cited_by_count":6,"citation_normalized_percentile":{"value":0.60993268,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":"462","issue":null,"first_page":"21","last_page":"28"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9976999759674072,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7917755842208862},{"id":"https://openalex.org/keywords/reverse-engineering","display_name":"Reverse engineering","score":0.7188145518302917},{"id":"https://openalex.org/keywords/insider","display_name":"Insider","score":0.6288108229637146},{"id":"https://openalex.org/keywords/phone","display_name":"Phone","score":0.5641059875488281},{"id":"https://openalex.org/keywords/mobile-phone","display_name":"Mobile phone","score":0.48342740535736084},{"id":"https://openalex.org/keywords/instrumentation","display_name":"Instrumentation (computer programming)","score":0.44993096590042114},{"id":"https://openalex.org/keywords/digital-forensics","display_name":"Digital forensics","score":0.44751593470573425},{"id":"https://openalex.org/keywords/focus","display_name":"Focus (optics)","score":0.4405456483364105},{"id":"https://openalex.org/keywords/parsing","display_name":"Parsing","score":0.42873716354370117},{"id":"https://openalex.org/keywords/executable","display_name":"Executable","score":0.4118820130825043},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.32804006338119507},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.26145872473716736},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.13740390539169312}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7917755842208862},{"id":"https://openalex.org/C207850805","wikidata":"https://www.wikidata.org/wiki/Q269608","display_name":"Reverse engineering","level":2,"score":0.7188145518302917},{"id":"https://openalex.org/C2778971194","wikidata":"https://www.wikidata.org/wiki/Q1664551","display_name":"Insider","level":2,"score":0.6288108229637146},{"id":"https://openalex.org/C2778707766","wikidata":"https://www.wikidata.org/wiki/Q202064","display_name":"Phone","level":2,"score":0.5641059875488281},{"id":"https://openalex.org/C2777421447","wikidata":"https://www.wikidata.org/wiki/Q17517","display_name":"Mobile phone","level":2,"score":0.48342740535736084},{"id":"https://openalex.org/C118530786","wikidata":"https://www.wikidata.org/wiki/Q1134732","display_name":"Instrumentation (computer programming)","level":2,"score":0.44993096590042114},{"id":"https://openalex.org/C84418412","wikidata":"https://www.wikidata.org/wiki/Q3246940","display_name":"Digital forensics","level":2,"score":0.44751593470573425},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.4405456483364105},{"id":"https://openalex.org/C186644900","wikidata":"https://www.wikidata.org/wiki/Q194152","display_name":"Parsing","level":2,"score":0.42873716354370117},{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.4118820130825043},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.32804006338119507},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.26145872473716736},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.13740390539169312},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C120665830","wikidata":"https://www.wikidata.org/wiki/Q14620","display_name":"Optics","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/1866886.1866892","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1866886.1866892","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2010 ACM workshop on Insider threats","raw_type":"proceedings-article"},{"id":"pmh:oai:works.bepress.com:erik_learned_miller-1107","is_oa":true,"landing_page_url":"https://works.bepress.com/erik_learned_miller/54","pdf_url":"https://works.bepress.com/erik_learned_miller/54/download/","source":{"id":"https://openalex.org/S4306402240","display_name":"ScholarWorks@UMassAmherst (University of Massachusetts Amherst)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I24603500","host_organization_name":"University of Massachusetts Amherst","host_organization_lineage":["https://openalex.org/I24603500"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Erik G Learned-Miller","raw_type":"text"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.185.3777","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.185.3777","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://prisms.cs.umass.edu/brian/pubs/tuttle.ares.2010.pdf","raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:works.bepress.com:erik_learned_miller-1107","is_oa":true,"landing_page_url":"https://works.bepress.com/erik_learned_miller/54","pdf_url":"https://works.bepress.com/erik_learned_miller/54/download/","source":{"id":"https://openalex.org/S4306402240","display_name":"ScholarWorks@UMassAmherst (University of Massachusetts Amherst)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I24603500","host_organization_name":"University of Massachusetts Amherst","host_organization_lineage":["https://openalex.org/I24603500"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Erik G Learned-Miller","raw_type":"text"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.6200000047683716,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2134693988.pdf","grobid_xml":"https://content.openalex.org/works/W2134693988.grobid-xml"},"referenced_works_count":20,"referenced_works":["https://openalex.org/W182734301","https://openalex.org/W1538375546","https://openalex.org/W1969005071","https://openalex.org/W1982280055","https://openalex.org/W1996099185","https://openalex.org/W2002089154","https://openalex.org/W2049309829","https://openalex.org/W2049867480","https://openalex.org/W2098465784","https://openalex.org/W2134633067","https://openalex.org/W2140839850","https://openalex.org/W2143472559","https://openalex.org/W2146280225","https://openalex.org/W2156453323","https://openalex.org/W2619911338","https://openalex.org/W2732894000","https://openalex.org/W3127289673","https://openalex.org/W4239813889","https://openalex.org/W4302339081","https://openalex.org/W6607492917"],"related_works":["https://openalex.org/W2350278424","https://openalex.org/W2071432835","https://openalex.org/W4239401009","https://openalex.org/W4234371507","https://openalex.org/W1628824497","https://openalex.org/W2363831530","https://openalex.org/W4299534542","https://openalex.org/W2053441600","https://openalex.org/W2112192942","https://openalex.org/W2132081528"],"abstract_inverted_index":{"We":[0,121,139],"present":[1],"Ares,":[2],"a":[3,73,141,148,168],"reverse":[4,101,146,175],"engineering":[5,102,147],"technique":[6],"for":[7,15,189],"assisting":[8],"in":[9,69],"the":[10,16,34,38,60,63,84,123,165,187],"analysis":[11],"of":[12,18,25,62,86,107,125,164,167],"data":[13,35,88,161],"recovered":[14],"investigation":[17],"mobile":[19],"and":[20,41,53,130,177],"embedded":[21],"systems.":[22],"The":[23],"focus":[24],"investigations":[26],"into":[27],"insider":[28],"activity":[29],"is":[30,67],"most":[31,159],"often":[32],"on":[33,37,59,105,127,173],"stored":[36],"insider's":[39],"computers":[40],"digital":[42],"device":[43],"-":[44,56],"call":[45,128],"logs,":[46],"email":[47],"messaging,":[48],"calendar":[49],"entries,":[50],"text":[51],"messages,":[52],"browser":[54],"history":[55],"rather":[57],"than":[58],"status":[61],"system's":[64],"security.":[65],"Ares":[66,126,157],"novel":[68],"that":[70,76,89,155],"it":[71],"uses":[72],"data-driven":[74],"approach":[75],"incorporates":[77],"natural":[78],"language":[79],"processing":[80],"techniques":[81,103],"to":[82,94,115,117,154],"infer":[83],"layout":[85],"input":[87],"has":[90],"been":[91],"created":[92,140],"according":[93],"some":[95,99],"unknown":[96],"specification.":[97],"While":[98],"other":[100],"based":[104,172],"instrumentation":[106],"executables":[108],"offer":[109],"high":[110],"accuracy,":[111],"they":[112],"are":[113],"hard":[114],"apply":[116],"proprietary":[118],"phone":[119,191],"architectures.":[120],"evaluated":[122],"effectiveness":[124],"logs":[129],"contact":[131],"lists":[132],"from":[133],"ten":[134],"used":[135],"Nokia":[136,150],"cell":[137],"phones.":[138],"rule":[142],"set":[143],"by":[144],"manually":[145],"single":[149],"phone.":[151],"Without":[152],"modification":[153],"grammar,":[156],"parsed":[158],"phones'":[160],"with":[162,180],"90%":[163],"accuracy":[166,184],"commercial":[169],"forensics":[170],"tool":[171],"manual":[174],"engineering,":[176],"all":[178],"phones":[179],"at":[181],"least":[182],"50%":[183],"even":[185],"though":[186],"endianess":[188],"one":[190],"changed.":[192]},"counts_by_year":[{"year":2021,"cited_by_count":1},{"year":2019,"cited_by_count":1},{"year":2017,"cited_by_count":1},{"year":2015,"cited_by_count":1},{"year":2014,"cited_by_count":1}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}