HomDroid: Detecting Android Covert Malware by Social-Network Homophily Analysis
Fri 16 Jul 2021 11:00 - 11:20 at ISSTA 2 - Session 18 (time band 3) Android Application Testing 2 Chair(s): Shin Hwei Tan
Android has become the most popular mobile operating system. Correspondingly, an increasing number of Android malware has been developed and spread to steal users’ private information. There exists one type of malware whose benign behaviors are developed to camouflage malicious behaviors. The malicious component occupies a small part of the entire code of the application (app for short), and the malicious part is strongly coupled with the benign part. In this case, the malware may cause false negatives when malware detectors extract features from the entire apps to conduct classification because the malicious features of these apps may be hidden among benign features. Moreover, some previous work aims to divide the entire app into several parts to discover the malicious part. However, the premise of these methods to commence app partition is that the connections between the normal part and the malicious part are weak (e.g., repackaged malware).
In this paper, we call this type of malware as Android covert malware and generate the first dataset of covert malware. To detect covert malware samples, we first conduct static analysis to extract the function call graphs. Through the deep analysis on call graphs, we observe that although the correlations between the normal part and the malicious part in these graphs are high, the degree of these correlations has a unique range of distribution. Based on the observation, we design a novel system, HomDroid, to detect covert malware by analyzing the homophily of call graphs. We identify the ideal threshold of correlation to distinguish the normal part and the malicious part based on the evaluation results on a dataset of 4,840 benign apps and 3,385 covert malicious apps. According to our evaluation results, HomDroid is capable of detecting 96.8% of covert malware while the False Negative Rates of another four state-of-the-art systems (i.e., PerDroid, Drebin, MaMaDroid, and IntDroid) are 30.7%, 16.3%, 15.2%, and 10.4%, respectively.
Thu 15 JulDisplayed time zone: Brussels, Copenhagen, Madrid, Paris change
00:20 - 01:20 | Session 5 (time band 2) Android Application Analysis and TestingTechnical Papers at ISSTA 1 Chair(s): William G.J. Halfond University of Southern California | ||
00:20 20mTalk | GUIDER: GUI Structure and Vision Co-Guided Test Script Repair for Android Apps Technical Papers Tongtong Xu Nanjing University, Minxue Pan Nanjing University, Yu Pei Hong Kong Polytechnic University, Guiyin Li Nanjing University, Xia Zeng Tencent, Tian Zhang Nanjing University, Yuetang Deng Tencent, Xuandong Li Nanjing University DOI | ||
00:40 20mTalk | Understanding and Finding System Setting-Related Defects in Android Apps Technical Papers Jingling Sun East China Normal University, Ting Su East China Normal University, Junxin Li East China Normal University, Zhen Dong National University of Singapore, Geguang Pu East China Normal University, Tao Xie Peking University, Zhendong Su ETH Zurich DOI Media Attached | ||
01:00 20mTalk | HomDroid: Detecting Android Covert Malware by Social-Network Homophily Analysis Technical Papers Yueming Wu Huazhong University of Science and Technology, Deqing Zou Huazhong University of Science and Technology, Wei Yang University of Texas at Dallas, Xiang Li Huazhong University of Science and Technology, Hai Jin Huazhong University of Science and Technology DOI |
Fri 16 JulDisplayed time zone: Brussels, Copenhagen, Madrid, Paris change
10:00 - 11:20 | Session 18 (time band 3) Android Application Testing 2Technical Papers at ISSTA 2 Chair(s): Shin Hwei Tan Southern University of Science and Technology | ||
10:00 20mTalk | GUIDER: GUI Structure and Vision Co-Guided Test Script Repair for Android Apps Technical Papers Tongtong Xu Nanjing University, Minxue Pan Nanjing University, Yu Pei Hong Kong Polytechnic University, Guiyin Li Nanjing University, Xia Zeng Tencent, Tian Zhang Nanjing University, Yuetang Deng Tencent, Xuandong Li Nanjing University DOI | ||
10:20 20mTalk | Understanding and Finding System Setting-Related Defects in Android Apps Technical Papers Jingling Sun East China Normal University, Ting Su East China Normal University, Junxin Li East China Normal University, Zhen Dong National University of Singapore, Geguang Pu East China Normal University, Tao Xie Peking University, Zhendong Su ETH Zurich DOI Media Attached | ||
10:40 20mTalk | Parema: An Unpacking Framework for Demystifying VM-Based Android Packers Technical Papers Lei Xue Hong Kong Polytechnic University, Yuxiao Yan Xi'an Jiaotong University; Hong Kong Polytechnic University, Luyi Yan Hong Kong Polytechnic University, Muhui Jiang Hong Kong Polytechnic University, Xiapu Luo Hong Kong Polytechnic University, Dinghao Wu Pennsylvania State University, Yajin Zhou Zhejiang University DOI | ||
11:00 20mTalk | HomDroid: Detecting Android Covert Malware by Social-Network Homophily Analysis Technical Papers Yueming Wu Huazhong University of Science and Technology, Deqing Zou Huazhong University of Science and Technology, Wei Yang University of Texas at Dallas, Xiang Li Huazhong University of Science and Technology, Hai Jin Huazhong University of Science and Technology DOI |