{"id":"https://openalex.org/W2771936560","doi":"https://doi.org/10.1145/3134600.3134647","title":"Supporting Transparent Snapshot for Bare-metal Malware Analysis on Mobile Devices","display_name":"Supporting Transparent Snapshot for Bare-metal Malware Analysis on Mobile Devices","publication_year":2017,"publication_date":"2017-12-04","ids":{"openalex":"https://openalex.org/W2771936560","doi":"https://doi.org/10.1145/3134600.3134647","mag":"2771936560"},"language":"en","primary_location":{"id":"doi:10.1145/3134600.3134647","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3134600.3134647","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 33rd Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5057991555","display_name":"Le Guan","orcid":"https://orcid.org/0000-0002-8205-5616"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Le Guan","raw_affiliation_strings":["Pennsylvania State University, USA"],"affiliations":[{"raw_affiliation_string":"Pennsylvania State University, USA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101824334","display_name":"Shijie Jia","orcid":"https://orcid.org/0000-0002-4262-9478"},"institutions":[{"id":"https://openalex.org/I4210126530","display_name":"Data Assurance and Communication Security","ror":"https://ror.org/02z2gfm30","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210126530","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4391768012","display_name":"State Key Laboratory of Information Security","ror":"https://ror.org/012cr4033","country_code":null,"type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404","https://openalex.org/I4391768012"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shijie Jia","raw_affiliation_strings":["Data Assurance and Communication Security Research Center, CAS, China and State Key Laboratory of Information Security, IIE, CAS, China"],"affiliations":[{"raw_affiliation_string":"Data Assurance and Communication Security Research Center, CAS, China and State Key Laboratory of Information Security, IIE, CAS, China","institution_ids":["https://openalex.org/I4210126530","https://openalex.org/I4391768012"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090264580","display_name":"Bo Chen","orcid":null},"institutions":[{"id":"https://openalex.org/I11957088","display_name":"Michigan Technological University","ror":"https://ror.org/0036rpn28","country_code":"US","type":"education","lineage":["https://openalex.org/I11957088"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Bo Chen","raw_affiliation_strings":["Michigan Technological University, USA"],"affiliations":[{"raw_affiliation_string":"Michigan Technological University, USA","institution_ids":["https://openalex.org/I11957088"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101886601","display_name":"Fengwei Zhang","orcid":"https://orcid.org/0000-0003-3365-2526"},"institutions":[{"id":"https://openalex.org/I185443292","display_name":"Wayne State University","ror":"https://ror.org/01070mq45","country_code":"US","type":"education","lineage":["https://openalex.org/I185443292"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Fengwei Zhang","raw_affiliation_strings":["Wayne State University, USA"],"affiliations":[{"raw_affiliation_string":"Wayne State University, USA","institution_ids":["https://openalex.org/I185443292"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052233895","display_name":"Bo Luo","orcid":"https://orcid.org/0000-0001-8196-2436"},"institutions":[{"id":"https://openalex.org/I146416000","display_name":"University of Kansas","ror":"https://ror.org/001tmjg57","country_code":"US","type":"education","lineage":["https://openalex.org/I146416000"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Bo Luo","raw_affiliation_strings":["The University of Kansas, USA"],"affiliations":[{"raw_affiliation_string":"The University of Kansas, USA","institution_ids":["https://openalex.org/I146416000"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5036002145","display_name":"Jingqiang Lin","orcid":"https://orcid.org/0000-0003-1508-4879"},"institutions":[{"id":"https://openalex.org/I4210126530","display_name":"Data Assurance and Communication Security","ror":"https://ror.org/02z2gfm30","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210126530","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4391768012","display_name":"State Key Laboratory of Information Security","ror":"https://ror.org/012cr4033","country_code":null,"type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404","https://openalex.org/I4391768012"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jingqiang Lin","raw_affiliation_strings":["Data Assurance and Communication Security Research Center, CAS, China and State Key Laboratory of Information Security, IIE, CAS, China"],"affiliations":[{"raw_affiliation_string":"Data Assurance and Communication Security Research Center, CAS, China and State Key Laboratory of Information Security, IIE, CAS, China","institution_ids":["https://openalex.org/I4210126530","https://openalex.org/I4391768012"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100346828","display_name":"Peng Liu","orcid":"https://orcid.org/0000-0002-5091-8464"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Peng Liu","raw_affiliation_strings":["Pennsylvania State University, USA"],"affiliations":[{"raw_affiliation_string":"Pennsylvania State University, USA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5041094652","display_name":"Xinyu Xing","orcid":"https://orcid.org/0000-0001-6733-226X"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xinyu Xing","raw_affiliation_strings":["Pennsylvania State University, USA"],"affiliations":[{"raw_affiliation_string":"Pennsylvania State University, USA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5037919131","display_name":"Luning Xia","orcid":null},"institutions":[{"id":"https://openalex.org/I4391768012","display_name":"State Key Laboratory of Information Security","ror":"https://ror.org/012cr4033","country_code":null,"type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404","https://openalex.org/I4391768012"]},{"id":"https://openalex.org/I4210126530","display_name":"Data Assurance and Communication Security","ror":"https://ror.org/02z2gfm30","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210126530","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Luning Xia","raw_affiliation_strings":["Data Assurance and Communication Security Research Center, CAS, China and State Key Laboratory of Information Security, IIE, CAS, China"],"affiliations":[{"raw_affiliation_string":"Data Assurance and Communication Security Research Center, CAS, China and State Key Laboratory of Information Security, IIE, CAS, China","institution_ids":["https://openalex.org/I4210126530","https://openalex.org/I4391768012"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":9,"corresponding_author_ids":["https://openalex.org/A5057991555"],"corresponding_institution_ids":["https://openalex.org/I130769515"],"apc_list":null,"apc_paid":null,"fwci":1.3079,"has_fulltext":false,"cited_by_count":22,"citation_normalized_percentile":{"value":0.8244186,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"339","last_page":"349"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9976000189781189,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9962000250816345,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8970717191696167},{"id":"https://openalex.org/keywords/reboot","display_name":"Reboot","score":0.8292247653007507},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.7446898818016052},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7358930110931396},{"id":"https://openalex.org/keywords/mobile-malware","display_name":"Mobile malware","score":0.7157812714576721},{"id":"https://openalex.org/keywords/snapshot","display_name":"Snapshot (computer storage)","score":0.5791672468185425},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5626254677772522},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.5549255609512329},{"id":"https://openalex.org/keywords/mobile-device","display_name":"Mobile device","score":0.5469170212745667},{"id":"https://openalex.org/keywords/ransomware","display_name":"Ransomware","score":0.42915740609169006},{"id":"https://openalex.org/keywords/cryptovirology","display_name":"Cryptovirology","score":0.41847479343414307},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.41362449526786804}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8970717191696167},{"id":"https://openalex.org/C120524526","wikidata":"https://www.wikidata.org/wiki/Q1709148","display_name":"Reboot","level":2,"score":0.8292247653007507},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.7446898818016052},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7358930110931396},{"id":"https://openalex.org/C2780967490","wikidata":"https://www.wikidata.org/wiki/Q1291200","display_name":"Mobile malware","level":3,"score":0.7157812714576721},{"id":"https://openalex.org/C55282118","wikidata":"https://www.wikidata.org/wiki/Q252683","display_name":"Snapshot (computer storage)","level":2,"score":0.5791672468185425},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5626254677772522},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.5549255609512329},{"id":"https://openalex.org/C186967261","wikidata":"https://www.wikidata.org/wiki/Q5082128","display_name":"Mobile device","level":2,"score":0.5469170212745667},{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.42915740609169006},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.41847479343414307},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.41362449526786804}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3134600.3134647","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3134600.3134647","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 33rd Annual Computer Security Applications Conference","raw_type":"proceedings-article"},{"id":"pmh:oai:digitalcommons.mtu.edu:cs_fp-1007","is_oa":false,"landing_page_url":"https://digitalcommons.mtu.edu/cs_fp/5","pdf_url":null,"source":{"id":"https://openalex.org/S4377196391","display_name":"Digital Commons - Michigan Tech (Michigan Technological University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I11957088","host_organization_name":"Michigan Technological University","host_organization_lineage":["https://openalex.org/I11957088"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Department of Computer Science Publications","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9","score":0.4300000071525574}],"awards":[{"id":"https://openalex.org/G1130126578","display_name":null,"funder_award_id":"61772518","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G6471190695","display_name":null,"funder_award_id":"W911NF-13-1-0421","funder_id":"https://openalex.org/F4320338281","funder_display_name":"Army Research Office"},{"id":"https://openalex.org/G8903459115","display_name":null,"funder_award_id":"CNS-1422594, CNS-1505664, SBE-1422215, CNS-1422206, DGE-1565570, CNS-1718459 , OAC-1738929","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320338281","display_name":"Army Research Office","ror":"https://ror.org/05epdh915"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":45,"referenced_works":["https://openalex.org/W78162143","https://openalex.org/W147819238","https://openalex.org/W1247015877","https://openalex.org/W1534092936","https://openalex.org/W1537929875","https://openalex.org/W1865564993","https://openalex.org/W1963971515","https://openalex.org/W1985686072","https://openalex.org/W1990360323","https://openalex.org/W1998384031","https://openalex.org/W2000249510","https://openalex.org/W2014517322","https://openalex.org/W2046185165","https://openalex.org/W2068590918","https://openalex.org/W2070041400","https://openalex.org/W2070386561","https://openalex.org/W2083919270","https://openalex.org/W2090534521","https://openalex.org/W2100002952","https://openalex.org/W2104839588","https://openalex.org/W2112731379","https://openalex.org/W2115175195","https://openalex.org/W2119251836","https://openalex.org/W2140807364","https://openalex.org/W2145688371","https://openalex.org/W2168872572","https://openalex.org/W2176830056","https://openalex.org/W2199478250","https://openalex.org/W2273027740","https://openalex.org/W2398749618","https://openalex.org/W2487124337","https://openalex.org/W2510286124","https://openalex.org/W2533311740","https://openalex.org/W2560647998","https://openalex.org/W2574215789","https://openalex.org/W2598640288","https://openalex.org/W2605883969","https://openalex.org/W2612380866","https://openalex.org/W2615082125","https://openalex.org/W2712617220","https://openalex.org/W2752052041","https://openalex.org/W2752858240","https://openalex.org/W2766050426","https://openalex.org/W2771082954","https://openalex.org/W3104862556"],"related_works":["https://openalex.org/W2591653665","https://openalex.org/W3211746486","https://openalex.org/W2771936560","https://openalex.org/W4240330722","https://openalex.org/W2895401392","https://openalex.org/W4293077671","https://openalex.org/W2292240422","https://openalex.org/W2567427693","https://openalex.org/W2968504645","https://openalex.org/W2810666735"],"abstract_inverted_index":{"The":[0],"increasing":[1],"growth":[2],"of":[3,17,23,95,118],"cybercrimes":[4],"targeting":[5],"mobile":[6,79],"devices":[7],"urges":[8],"an":[9],"efficient":[10],"malware":[11,55,110],"analysis":[12,34],"platform.":[13],"With":[14],"the":[15,37,46,64,72,84,96,105,116,119],"emergence":[16],"evasive":[18],"malware,":[19],"which":[20],"is":[21,27,58,111],"capable":[22],"detecting":[24],"that":[25],"it":[26,57],"being":[28],"analyzed":[29],"in":[30],"virtualized":[31],"environments,":[32],"bare-metal":[33,51],"has":[35],"become":[36],"definitive":[38],"resort.":[39],"Existing":[40],"works":[41,98],"mainly":[42],"focus":[43],"on":[44,78],"extracting":[45],"malicious":[47],"behaviors":[48],"exposed":[49],"during":[50],"analysis.":[52],"However,":[53],"after":[54],"analysis,":[56],"equally":[59],"important":[60],"to":[61,66,70,103,114],"quickly":[62],"restore":[63,83],"system":[65,90],"a":[67,88,108],"clean":[68],"state":[69],"examine":[71],"next":[73],"sample.":[74],"Unfortunately,":[75],"state-of-the-art":[76],"solutions":[77],"platforms":[80],"can":[81],"only":[82],"disk,":[85],"and":[86],"require":[87,99],"time-consuming":[89],"reboot.":[91],"In":[92],"addition,":[93],"all":[94],"existing":[97],"some":[100],"in-guest":[101,120],"components":[102],"assist":[104],"restoration.":[106],"Therefore,":[107],"kernel-level":[109],"still":[112],"able":[113],"detect":[115],"presence":[117],"components.":[121]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":5},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":3},{"year":2017,"cited_by_count":1}],"updated_date":"2026-03-17T09:09:15.849793","created_date":"2025-10-10T00:00:00"}