{"id":"https://openalex.org/W2603591188","doi":"https://doi.org/10.1145/3052973.3052984","title":"DroidForensics","display_name":"DroidForensics","publication_year":2017,"publication_date":"2017-03-31","ids":{"openalex":"https://openalex.org/W2603591188","doi":"https://doi.org/10.1145/3052973.3052984","mag":"2603591188"},"language":"en","primary_location":{"id":"doi:10.1145/3052973.3052984","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3052973.3052984","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5087004360","display_name":"Xingzi Yuan","orcid":"https://orcid.org/0000-0001-6690-2646"},"institutions":[{"id":"https://openalex.org/I165733156","display_name":"University of Georgia","ror":"https://ror.org/00te3t702","country_code":"US","type":"education","lineage":["https://openalex.org/I165733156"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Xingzi Yuan","raw_affiliation_strings":["University of Georgia, Athens, GA, USA"],"affiliations":[{"raw_affiliation_string":"University of Georgia, Athens, GA, USA","institution_ids":["https://openalex.org/I165733156"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034740133","display_name":"Omid Setayeshfar","orcid":null},"institutions":[{"id":"https://openalex.org/I165733156","display_name":"University of Georgia","ror":"https://ror.org/00te3t702","country_code":"US","type":"education","lineage":["https://openalex.org/I165733156"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Omid Setayeshfar","raw_affiliation_strings":["University of Georgia, Athens, GA, USA"],"affiliations":[{"raw_affiliation_string":"University of Georgia, Athens, GA, USA","institution_ids":["https://openalex.org/I165733156"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5068442275","display_name":"Hongfei Yan","orcid":null},"institutions":[{"id":"https://openalex.org/I165733156","display_name":"University of Georgia","ror":"https://ror.org/00te3t702","country_code":"US","type":"education","lineage":["https://openalex.org/I165733156"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Hongfei Yan","raw_affiliation_strings":["University of Georgia, Athens, GA, USA"],"affiliations":[{"raw_affiliation_string":"University of Georgia, Athens, GA, USA","institution_ids":["https://openalex.org/I165733156"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5060397238","display_name":"Pranav Panage","orcid":null},"institutions":[{"id":"https://openalex.org/I165733156","display_name":"University of Georgia","ror":"https://ror.org/00te3t702","country_code":"US","type":"education","lineage":["https://openalex.org/I165733156"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Pranav Panage","raw_affiliation_strings":["University of Georgia, Athens, GA, USA"],"affiliations":[{"raw_affiliation_string":"University of Georgia, Athens, GA, USA","institution_ids":["https://openalex.org/I165733156"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5003379167","display_name":"Xuetao Wei","orcid":"https://orcid.org/0000-0002-4450-2251"},"institutions":[{"id":"https://openalex.org/I63135867","display_name":"University of Cincinnati","ror":"https://ror.org/01e3m7079","country_code":"US","type":"education","lineage":["https://openalex.org/I63135867"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xuetao Wei","raw_affiliation_strings":["University of Cincinnati, Cincinnati, OH, USA"],"affiliations":[{"raw_affiliation_string":"University of Cincinnati, Cincinnati, OH, USA","institution_ids":["https://openalex.org/I63135867"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5033440818","display_name":"Kyu Hyoung Lee","orcid":"https://orcid.org/0000-0001-6843-6706"},"institutions":[{"id":"https://openalex.org/I165733156","display_name":"University of Georgia","ror":"https://ror.org/00te3t702","country_code":"US","type":"education","lineage":["https://openalex.org/I165733156"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kyu Hyung Lee","raw_affiliation_strings":["University of Georgia, Athens, GA, USA"],"affiliations":[{"raw_affiliation_string":"University of Georgia, Athens, GA, USA","institution_ids":["https://openalex.org/I165733156"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5087004360"],"corresponding_institution_ids":["https://openalex.org/I165733156"],"apc_list":null,"apc_paid":null,"fwci":0.5607,"has_fulltext":false,"cited_by_count":12,"citation_normalized_percentile":{"value":0.63549997,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"666","last_page":"677"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9957000017166138,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.8385912179946899},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7976453304290771},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.49988794326782227},{"id":"https://openalex.org/keywords/data-logger","display_name":"Data logger","score":0.4777987599372864},{"id":"https://openalex.org/keywords/sql","display_name":"SQL","score":0.4691076874732971},{"id":"https://openalex.org/keywords/mobile-device","display_name":"Mobile device","score":0.42103588581085205},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.3782253861427307},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.34994155168533325},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.2816592752933502}],"concepts":[{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.8385912179946899},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7976453304290771},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.49988794326782227},{"id":"https://openalex.org/C159234332","wikidata":"https://www.wikidata.org/wiki/Q1172468","display_name":"Data logger","level":2,"score":0.4777987599372864},{"id":"https://openalex.org/C510870499","wikidata":"https://www.wikidata.org/wiki/Q47607","display_name":"SQL","level":2,"score":0.4691076874732971},{"id":"https://openalex.org/C186967261","wikidata":"https://www.wikidata.org/wiki/Q5082128","display_name":"Mobile device","level":2,"score":0.42103588581085205},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.3782253861427307},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.34994155168533325},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.2816592752933502}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3052973.3052984","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3052973.3052984","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6700000166893005,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320332467","display_name":"U.S. Air Force","ror":"https://ror.org/006gmme17"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":56,"referenced_works":["https://openalex.org/W47175211","https://openalex.org/W98723903","https://openalex.org/W187572568","https://openalex.org/W1450860479","https://openalex.org/W1491356120","https://openalex.org/W1499241274","https://openalex.org/W1522250664","https://openalex.org/W1582716752","https://openalex.org/W1865564993","https://openalex.org/W1943233084","https://openalex.org/W1963971515","https://openalex.org/W1972796262","https://openalex.org/W1985752637","https://openalex.org/W1988036170","https://openalex.org/W1995362840","https://openalex.org/W2014390890","https://openalex.org/W2016996406","https://openalex.org/W2025721496","https://openalex.org/W2027538101","https://openalex.org/W2049722158","https://openalex.org/W2070386561","https://openalex.org/W2071672346","https://openalex.org/W2089735638","https://openalex.org/W2093406244","https://openalex.org/W2096347345","https://openalex.org/W2102970979","https://openalex.org/W2116669623","https://openalex.org/W2122672392","https://openalex.org/W2126667017","https://openalex.org/W2134346134","https://openalex.org/W2144801589","https://openalex.org/W2159357881","https://openalex.org/W2163643194","https://openalex.org/W2166743230","https://openalex.org/W2169904926","https://openalex.org/W2213728018","https://openalex.org/W2293351723","https://openalex.org/W2295705535","https://openalex.org/W2296051993","https://openalex.org/W2362396924","https://openalex.org/W2397699236","https://openalex.org/W2398354233","https://openalex.org/W2398484989","https://openalex.org/W2487419968","https://openalex.org/W2489881394","https://openalex.org/W2491928626","https://openalex.org/W2518060702","https://openalex.org/W2531970759","https://openalex.org/W2533311740","https://openalex.org/W2574401928","https://openalex.org/W2579106964","https://openalex.org/W2616594753","https://openalex.org/W2912412735","https://openalex.org/W2951116536","https://openalex.org/W4245671428","https://openalex.org/W4255411440"],"related_works":["https://openalex.org/W4377700003","https://openalex.org/W1592339263","https://openalex.org/W2886367137","https://openalex.org/W4234405480","https://openalex.org/W2380271133","https://openalex.org/W2921947140","https://openalex.org/W3148865947","https://openalex.org/W2040377563","https://openalex.org/W2133733179","https://openalex.org/W1565885216"],"abstract_inverted_index":{"The":[0],"goal":[1,88],"of":[2,12,106,111,125,200],"cyber":[3,71],"attack":[4,45,72,98],"investigation":[5,54,105],"is":[6,36,60,67,89,195],"to":[7,20,90,134,162],"fully":[8],"reconstruct":[9],"the":[10,25,28,32,53,92,152,156,198],"details":[11],"an":[13,126,164],"attack,":[14],"so":[15],"we":[16,58,77,204],"can":[17,101,158],"trace":[18],"back":[19],"its":[21],"origin,":[22],"and":[23,39,55,140,179],"recover":[24],"system":[26,141,147],"from":[27],"damage":[29],"caused":[30],"by":[31],"attack.":[33,165],"However,":[34],"it":[35],"often":[37],"difficult":[38],"requires":[40],"tremendous":[41],"manual":[42],"efforts":[43],"because":[44],"events":[46],"occurred":[47],"days":[48],"or":[49],"even":[50],"weeks":[51],"before":[52],"detailed":[56,95],"information":[57,96],"need":[59],"not":[61],"available":[62],"anymore.":[63],"Consequently,":[64],"forensic":[65,82],"logging":[66,83,113],"significantly":[68],"important":[69],"for":[70,85],"investigation.":[73],"In":[74],"this":[75],"paper,":[76],"present":[78],"DroidForensics,":[79],"a":[80],"multi-layer":[81],"technique":[84],"Android.":[86],"Our":[87,166],"provide":[91,151],"user":[93,153,157],"with":[94],"about":[97],"behaviors":[99],"that":[100,121,155,169],"enable":[102],"accurate":[103],"post-mortem":[104],"Android":[107,118,192,202],"attacks.":[108],"DroidForensics":[109],"consists":[110],"three":[112],"modules.":[114],"API":[115,119],"logger":[116,129,143],"captures":[117],"calls":[120],"contain":[122],"high-level":[123],"semantics":[124],"application.":[127],"Binder":[128],"records":[130],"interactions":[131],"between":[132,138],"applications":[133],"identify":[135],"causal":[136],"relations":[137],"processes,":[139],"call":[142],"efficiently":[144],"monitors":[145],"low-level":[146],"events.":[148],"We":[149],"also":[150],"interface":[154],"compose":[159],"SQL-like":[160],"queries":[161],"inspect":[163],"experiments":[167],"show":[168],"Droid":[170],"Forensics":[171],"has":[172],"low":[173,180],"runtime":[174],"overhead":[175,182],"(2.9%":[176],"on":[177,190],"average)":[178],"space":[181],"(105":[183],"~":[184],"169":[185],"MByte":[186],"during":[187],"24":[188],"hours)":[189],"real":[191],"devices.":[193],"It":[194],"effective":[196],"in":[197],"reconstruction":[199],"realworld":[201],"attacks":[203],"have":[205],"studied.":[206]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":4},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":2},{"year":2019,"cited_by_count":1}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2017-04-07T00:00:00"}