* ICSE 2018 *
Sun 27 May - Sun 3 June 2018 Gothenburg, Sweden
Wed 30 May 2018 17:00 - 17:20 at J1 room - Empirical Software Engineering Chair(s): Marija Mikic

The Android platform has been the dominant mobile platform in recent years resulting in millions of apps and security threats against those apps. Anti-malware products aim to protect smartphone users from these threats, especially from malicious apps. However, malware authors use code obfuscation on their apps to evade detection by anti-malware products. To assess the effects of code obfuscation on Android apps and anti-malware products, we have conducted a large-scale empirical study that evaluates the effectiveness of the top anti-malware products against various obfuscation tools and strategies. To that end, we have obfuscated 3,000 benign apps and 3,000 malicious apps and generated 73,362 obfuscated apps using 29 obfuscation strategies from 7 open-source, academic, and commercial obfuscation tools. The findings of our study indicate that (1) code obfuscation significantly impacts Android anti-malware products; (2) the majority of anti-malware products are severely impacted by even trivial obfuscations; (3) in general, combined obfuscation strategies do not successfully evade anti-malware products more than individual strategies; (4) the detection of anti-malware products depend not only on the applied obfuscation strategy but also on the leveraged obfuscation tool; (5) anti-malware products are slow to adopt signatures of malicious apps; and (6) code obfuscation often results in changes to an app’s semantic behaviors.

Presentation Slides (icse2018_obfuscation_v6.pptx)6.77MiB

Wed 30 May

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

16:00 - 18:00
Empirical Software EngineeringJournal first papers / Technical Papers at J1 room
Chair(s): Marija Mikic Google
16:00
20m
Full-paper
Does the Propagation of Artifact Changes across Tasks reflect Work Dependencies?
Technical Papers
Christoph Mayr-Dorn Johannes Kepler University Linz, Alexander Egyed
DOI Pre-print
16:20
20m
Talk
Large-Scale Analysis of Framework-Specific Exceptions in Android AppsAward
Technical Papers
Lingling Fan East China Normal University, China/Nanyang Technological University, Singapore, Ting Su Nanyang Technological University, Singapore, Sen Chen Nanyang Technological University, Guozhu Meng Nanyang Technological University, Singapore, Yang Liu Nanyang Technological University, Singapore, Lihua Xu , Geguang Pu , Zhendong Su University of California, Davis
DOI Pre-print File Attached
16:40
20m
Talk
Effect Sizes and their Variance for AB/BA Crossover Design Studies
Journal first papers
Link to publication DOI
17:00
20m
Talk
A Large-Scale Empirical Study on the Effects of Code Obfuscations on Android Apps and Anti-Malware Products
Technical Papers
Mahmoud Hammad University of California, Irvine, Joshua Garcia , Sam Malek University of California, Irvine
DOI Pre-print Media Attached File Attached
17:20
20m
Talk
An empirical study on the interplay between semantic coupling and co-change of software classes
Journal first papers
Nemitari Ajienka , Andrea Capiluppi Brunel University, Steve Counsell Brunel University London
Link to publication DOI Media Attached
17:40
20m
Talk
Q&A in groups
Technical Papers