Internetware 2025
Fri 20 - Sun 22 June 2025 Trondheim, Norway
co-located with FSE 2025

It is well known that antivirus engines are vulnerable to evasion techniques (e.g., obfuscation) that transform malware into its variants. However, it cannot be necessarily attributed to the effectiveness of these evasions, and the limits of engines may also make this unsatisfactory result. In this study, we propose a data-driven approach to measure the effect of app transformations to malware detection, and further explain why the detection result is produced by these engines. First, we develop an interaction model for antivirus engines, illustrating how they respond with different detection results in terms of varying inputs. Six app transformation techniques are implemented in order to generate a large number of Android apps with traceable changes. Then we undertake a onemonth tracking of app detection results from multiple antivirus engines, through which we obtain over 971K detection reports from VirusTotal for 179K apps in total. Last, we conduct a comprehensive analysis of antivirus engines based on these reports from the perspectives of signature-based, static analysis-based, and dynamic analysis-based detection techniques. The results, together with 7 highlighted findings, identify a number of sealed working mechanisms occurring inside antivirus engines and what are the indicators of compromise in apps during malware detection.

Fri 20 Jun

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

11:00 - 13:00
Keynote & Session1: Software Vulnerability and Security IResearch Track / Plenary Events at Cosmos 3A
Chair(s): William Chu Tunghai University
11:00
60m
Keynote
Keynote 2: Coding with the Machine: Promises and Perils in AI-Driven Software Engineering
Plenary Events
Leon Moonen Simula Research Laboratory
12:00
15m
Talk
Towards understanding the security issues of Python programs
Research Track
Hongcheng Fan Nanjing University, di liu Jiangsu Police Institute, Jielun Wu Nanjing University, Yang Feng Nanjing University, Qingkai Shi Nanjing University, Baowen Xu Nanjing University
12:15
15m
Talk
A Novel LLM Approach of Cybersecurity Threat Analysis and Response
Research Track
TIAN HU Institute of Information Engineering, Chinese Academy of Sciences;School of Cyber Security, University of Chinese Academy of Sciences, Shangyuan Zhuang Institute of Information Engineering, Chinese Academy of Sciences;School of Cyber Security, University of Chinese Academy of Sciences, zhaorui Guo Institute of Information Engineering, Chinese Academy of Sciences;School of Cyber Security, University of Chinese Academy of Sciences, Jiyan Sun Institute of Information Engineering, Chinese Academy of Sciences,School of Cyber Security, University of Chinese Academy of Sciences, Yinlong Liu Institute of Information Engineering, Chinese Academy of Sciences,School of Cyber Security, University of Chinese Academy of Sciences, Wei Ma Institute of Information Engineering, Chinese Academy of Sciences;School of Cyber Security, University of Chinese Academy of Sciences, Hongchao Wang Institute of Information Engineering, Chinese Academy of Sciences;School of Cyber Security, University of Chinese Academy of Sciences, zhaolingfeng Innovation Academy for Microsatellites of Chinese Academy of Science, zhangxiaojie Innovation Academy for Microsatellites of Chinese Academy of Science
12:30
15m
Talk
Measuring and Explaining the Effects of Android App Transformations in Online Malware Detection
Research Track
Guozhu Meng Institute of Information Engineering, Chinese Academy of Sciences, Zhixiu Guo Institute of Information Engineering, Chinese Academy of Sciences, China, Xiaodong Zhang University of Chinese Academy of Science, Haoyu Wang Huazhong University of Science and Technology, Kai Chen Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Yang Liu Nanyang Technological University
Pre-print
12:45
15m
Talk
Leveraging Visible Widget Sizes for Detecting Repackaged Android Apps
Research Track
Jun Ma Nanjing University, Weixiang Huang Nanjing University, Chun Cao Nanjing University
Pre-print

Information for Participants
Fri 20 Jun 2025 11:00 - 13:00 at Cosmos 3A - Keynote & Session1: Software Vulnerability and Security I Chair(s): William Chu
Info for room Cosmos 3A:

Cosmos 3A is the first room in the Cosmos 3 wing.

When facing the main Cosmos Hall, access to the Cosmos 3 wing is on the left, close to the stairs. The area is accessed through a large door with the number “3”, which will stay open during the event.

:
:
:
: