Android malware detection is a fundamental aspect of software security, ensuring the protection of applications and user data from evolving threats. Within this domain, malware classification plays a crucial role by categorizing malicious software into distinct families. Effective classification aids in understanding attack techniques and developing robust defenses, ensuring application security and timely mitigation of software vulnerabilities. The dynamic nature of malware demands adaptive classification techniques that can handle the continuous emergence of new families. Traditionally, this is done by retraining models on all historical samples, which requires significant resources in terms of time and storage. An alternative approach is Class-Incremental Learning (CIL), which focuses on progressively learning new classes (malware families) while preserving knowledge from previous training steps. However, CIL assumes that each class appears only once in training and is not revisited, an assumption that does not hold for malware families, which often persist across multiple time intervals. This leads to shifts in the data distribution for the same family over time, a challenge that is not addressed by traditional CIL methods. We formulate this problem as Temporal-Incremental Malware Learning (TIML), which adapts to these shifts and effectively classifies new variants. To support this, we organize the MalNet dataset, consisting of over a million entries of Android malware data collected over a decade, in chronological order. We first adapt state-of-the-art CIL approaches to meet TIML’s requirements, serving as baseline methods. Then, we propose a novel multimodal TIML approach that leverages multiple malware modalities for improved performance. Extensive evaluations show that our TIML approaches outperform traditional CIL methods and demonstrate the feasibility of periodically updating malware classifiers at a low cost. This process is efficient and requires minimal storage and computational resources, with only a slight dip in performance compared to full retraining with historical data.
Mon 23 JunDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
16:00 - 18:00 | Mobile AppsIdeas, Visions and Reflections / Industry Papers / Demonstrations / Research Papers / Journal First at Aurora A Chair(s): Kelly Blincoe University of Auckland | ||
16:00 10mTalk | DynDebloater: Dynamically Debloating Unwanted Features of Android Apps without APK Modification Demonstrations Zicheng Zhang School of Computing and Information Systems, Singapore Management University, Jiakun Liu Singapore Management University, Ferdian Thung Singapore Management University, Xing Hu Zhejiang University, Wei Minn Singapore Management University, Yan Naing Tun Singapore Management University, Lwin Khin Shar Singapore Management University, David Lo Singapore Management University, Debin Gao Singapore Management University | ||
16:10 20mTalk | HapRepair: Learn to Repair OpenHarmony Apps Industry Papers Zhihao Lin , Mingyi Zhou Beihang University, Wei Ma , chichen , Yun Yang Yunnan University, Jun Wang Post Luxembourg, Chunming Hu Beihang University, Li Li Beihang University File Attached | ||
16:30 20mTalk | Are iOS Apps Immune to Abusive Advertising Practices? Industry Papers Tianming Liu Monash Univerisity, Jiapeng Deng Huazhong University of Science and Technology, Yanjie Zhao Huazhong University of Science and Technology, Xiao Chen University of Newcastle, Xiaoning Du Monash University, Li Li Beihang University, Haoyu Wang Huazhong University of Science and Technology | ||
16:50 10mTalk | Toward LLM-Driven GDPR Compliance Checking for Android Apps Ideas, Visions and Reflections Marco Alecci University of Luxembourg, Nicolas Sannier University of Luxembourg, SnT, Marcello Ceci University of Luxembourg, Sallam Abualhaija University of Luxembourg, Jordan Samhi University of Luxembourg, Luxembourg, Domenico Bianculli University of Luxembourg, Tegawendé F. Bissyandé University of Luxembourg, Jacques Klein University of Luxembourg | ||
17:00 20mTalk | MiniScope: Automated UI Exploration and Privacy Inconsistency Detection of MiniApps via Two-phase Iterative Hybrid Analysis Journal First Shenao Wang Huazhong University of Science and Technology, Yuekang Li UNSW, Kailong Wang Huazhong University of Science and Technology, Yi Liu Nanyang Technological University, Hui Li Samsung Electronics (China) R&D Centre, Yang Liu Nanyang Technological University, Haoyu Wang Huazhong University of Science and Technology | ||
17:20 20mTalk | Temporal-Incremental Learning for Android Malware Detection Journal First Tiezhu Sun University of Luxembourg, Nadia Daoudi Luxembourg Institute of Science and Technology, Weiguo Pian University of Luxembourg, Kisub Kim Singapore Management University, Singapore, Kevin Allix Independent Researcher, Tegawendé F. Bissyandé University of Luxembourg, Jacques Klein University of Luxembourg | ||
17:40 20mTalk | Mitigating Emergent Malware Label Noise in DNN-Based Android Malware Detection Research Papers haodong li Beijing University of Posts and Telecommunications, Xiao Cheng Macquarie University, Guohan Zhang Beijing University of Posts and Telecommunications, Guosheng Xu Beijing University of Posts and Telecommunications, Guoai Xu Harbin Institute of Technology, Shenzhen, Haoyu Wang Huazhong University of Science and Technology DOI | ||
Aurora A is the first room in the Aurora wing.
When facing the main Cosmos Hall, access to the Aurora wing is on the right, close to the side entrance of the hotel.