Measuring and Explaining the Effects of Android App Transformations in Online Malware Detection
It is well known that antivirus engines are vulnerable to evasion techniques (e.g., obfuscation) that transform malware into its variants. However, it cannot be necessarily attributed to the effectiveness of these evasions, and the limits of engines may also make this unsatisfactory result. In this study, we propose a data-driven approach to measure the effect of app transformations to malware detection, and further explain why the detection result is produced by these engines. First, we develop an interaction model for antivirus engines, illustrating how they respond with different detection results in terms of varying inputs. Six app transformation techniques are implemented in order to generate a large number of Android apps with traceable changes. Then we undertake a onemonth tracking of app detection results from multiple antivirus engines, through which we obtain over 971K detection reports from VirusTotal for 179K apps in total. Last, we conduct a comprehensive analysis of antivirus engines based on these reports from the perspectives of signature-based, static analysis-based, and dynamic analysis-based detection techniques. The results, together with 7 highlighted findings, identify a number of sealed working mechanisms occurring inside antivirus engines and what are the indicators of compromise in apps during malware detection.
Fri 20 JunDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
11:00 - 13:00 | Keynote & Session1: Software Vulnerability and Security IResearch Track / Plenary Events at Cosmos 3A Chair(s): William Chu Tunghai University | ||
11:00 60mKeynote | Keynote 2: Coding with the Machine: Promises and Perils in AI-Driven Software Engineering Plenary Events Leon Moonen Simula Research Laboratory | ||
12:00 15mTalk | Towards understanding the security issues of Python programs Research Track Hongcheng Fan Nanjing University, di liu Jiangsu Police Institute, Jielun Wu Nanjing University, Yang Feng Nanjing University, Qingkai Shi Nanjing University, Baowen Xu Nanjing University | ||
12:15 15mTalk | A Novel LLM Approach of Cybersecurity Threat Analysis and Response Research Track TIAN HU Institute of Information Engineering, Chinese Academy of Sciences;School of Cyber Security, University of Chinese Academy of Sciences, Shangyuan Zhuang Institute of Information Engineering, Chinese Academy of Sciences;School of Cyber Security, University of Chinese Academy of Sciences, zhaorui Guo Institute of Information Engineering, Chinese Academy of Sciences;School of Cyber Security, University of Chinese Academy of Sciences, Jiyan Sun Institute of Information Engineering, Chinese Academy of Sciences,School of Cyber Security, University of Chinese Academy of Sciences, Yinlong Liu Institute of Information Engineering, Chinese Academy of Sciences,School of Cyber Security, University of Chinese Academy of Sciences, Wei Ma Institute of Information Engineering, Chinese Academy of Sciences;School of Cyber Security, University of Chinese Academy of Sciences, Hongchao Wang Institute of Information Engineering, Chinese Academy of Sciences;School of Cyber Security, University of Chinese Academy of Sciences, zhaolingfeng Innovation Academy for Microsatellites of Chinese Academy of Science, zhangxiaojie Innovation Academy for Microsatellites of Chinese Academy of Science | ||
12:30 15mTalk | Measuring and Explaining the Effects of Android App Transformations in Online Malware Detection Research Track Guozhu Meng Institute of Information Engineering, Chinese Academy of Sciences, Zhixiu Guo Institute of Information Engineering, Chinese Academy of Sciences, China, Xiaodong Zhang University of Chinese Academy of Science, Haoyu Wang Huazhong University of Science and Technology, Kai Chen Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Yang Liu Nanyang Technological University Pre-print | ||
12:45 15mTalk | Leveraging Visible Widget Sizes for Detecting Repackaged Android Apps Research Track Pre-print |
Cosmos 3A is the first room in the Cosmos 3 wing.
When facing the main Cosmos Hall, access to the Cosmos 3 wing is on the left, close to the stairs. The area is accessed through a large door with the number “3”, which will stay open during the event.