Write a Blog >>
ISSTA 2021
Sun 11 - Sat 17 July 2021 Online
co-located with ECOOP and ISSTA 2021

Android has become the most popular mobile operating system. Correspondingly, an increasing number of Android malware has been developed and spread to steal users’ private information. There exists one type of malware whose benign behaviors are developed to camouflage malicious behaviors. The malicious component occupies a small part of the entire code of the application (app for short), and the malicious part is strongly coupled with the benign part. In this case, the malware may cause false negatives when malware detectors extract features from the entire apps to conduct classification because the malicious features of these apps may be hidden among benign features. Moreover, some previous work aims to divide the entire app into several parts to discover the malicious part. However, the premise of these methods to commence app partition is that the connections between the normal part and the malicious part are weak (e.g., repackaged malware).

In this paper, we call this type of malware as Android covert malware and generate the first dataset of covert malware. To detect covert malware samples, we first conduct static analysis to extract the function call graphs. Through the deep analysis on call graphs, we observe that although the correlations between the normal part and the malicious part in these graphs are high, the degree of these correlations has a unique range of distribution. Based on the observation, we design a novel system, HomDroid, to detect covert malware by analyzing the homophily of call graphs. We identify the ideal threshold of correlation to distinguish the normal part and the malicious part based on the evaluation results on a dataset of 4,840 benign apps and 3,385 covert malicious apps. According to our evaluation results, HomDroid is capable of detecting 96.8% of covert malware while the False Negative Rates of another four state-of-the-art systems (i.e., PerDroid, Drebin, MaMaDroid, and IntDroid) are 30.7%, 16.3%, 15.2%, and 10.4%, respectively.

Thu 15 Jul

Displayed time zone: Brussels, Copenhagen, Madrid, Paris change

00:20 - 01:20
Session 5 (time band 2) Android Application Analysis and TestingTechnical Papers at ISSTA 1
Chair(s): William G.J. Halfond University of Southern California
00:20
20m
Talk
GUIDER: GUI Structure and Vision Co-Guided Test Script Repair for Android Apps
Technical Papers
Tongtong Xu Nanjing University, Minxue Pan Nanjing University, Yu Pei Hong Kong Polytechnic University, Guiyin Li Nanjing University, Xia Zeng Tencent, Tian Zhang Nanjing University, Yuetang Deng Tencent, Xuandong Li Nanjing University
DOI
00:40
20m
Talk
Understanding and Finding System Setting-Related Defects in Android Apps
Technical Papers
Jingling Sun East China Normal University, Ting Su East China Normal University, Junxin Li East China Normal University, Zhen Dong National University of Singapore, Geguang Pu East China Normal University, Tao Xie Peking University, Zhendong Su ETH Zurich
DOI Media Attached
01:00
20m
Talk
HomDroid: Detecting Android Covert Malware by Social-Network Homophily Analysis
Technical Papers
Yueming Wu Huazhong University of Science and Technology, Deqing Zou Huazhong University of Science and Technology, Wei Yang University of Texas at Dallas, Xiang Li Huazhong University of Science and Technology, Hai Jin Huazhong University of Science and Technology
DOI

Fri 16 Jul

Displayed time zone: Brussels, Copenhagen, Madrid, Paris change

10:00 - 11:20
Session 18 (time band 3) Android Application Testing 2Technical Papers at ISSTA 2
Chair(s): Shin Hwei Tan Southern University of Science and Technology
10:00
20m
Talk
GUIDER: GUI Structure and Vision Co-Guided Test Script Repair for Android Apps
Technical Papers
Tongtong Xu Nanjing University, Minxue Pan Nanjing University, Yu Pei Hong Kong Polytechnic University, Guiyin Li Nanjing University, Xia Zeng Tencent, Tian Zhang Nanjing University, Yuetang Deng Tencent, Xuandong Li Nanjing University
DOI
10:20
20m
Talk
Understanding and Finding System Setting-Related Defects in Android Apps
Technical Papers
Jingling Sun East China Normal University, Ting Su East China Normal University, Junxin Li East China Normal University, Zhen Dong National University of Singapore, Geguang Pu East China Normal University, Tao Xie Peking University, Zhendong Su ETH Zurich
DOI Media Attached
10:40
20m
Talk
Parema: An Unpacking Framework for Demystifying VM-Based Android Packers
Technical Papers
Lei Xue Hong Kong Polytechnic University, Yuxiao Yan Xi'an Jiaotong University; Hong Kong Polytechnic University, Luyi Yan Hong Kong Polytechnic University, Muhui Jiang Hong Kong Polytechnic University, Xiapu Luo Hong Kong Polytechnic University, Dinghao Wu Pennsylvania State University, Yajin Zhou Zhejiang University
DOI
11:00
20m
Talk
HomDroid: Detecting Android Covert Malware by Social-Network Homophily Analysis
Technical Papers
Yueming Wu Huazhong University of Science and Technology, Deqing Zou Huazhong University of Science and Technology, Wei Yang University of Texas at Dallas, Xiang Li Huazhong University of Science and Technology, Hai Jin Huazhong University of Science and Technology
DOI