Write a Blog >>
MOBILESoft 2020
Mon 13 - Wed 15 July 2020
co-located with ICSE 2020
Wed 15 Jul 2020 13:30 - 13:45 at MobileSoft - Security and Privacy Chair(s): Ivano Malavolta

Android applications rely heavily on strings for sensitive operations like reflection, access to system resources, URL connections, database access, among others. Thus, insight into application behavior can be gained through not only an analysis of what strings an application creates but also the structure of the computation used to create theses strings, and in what manner are these strings used. In this paper we introduce a static analysis of Android applications to discover strings, how they are created, and their usage. The output of our static analysis contains all of this information in the form of a graph which we call a string computation. We leverage the results to classify individual application behavior with respect to malicious or benign intent. Unlike previous work that has focused only on extraction of string values, our approach leverages the structure of the computation used to generate string values as features to perform classification of Android applications. That is, we use none of the static analysis computed string values, rather using only the graph structures of created strings to do classification of an arbitrary Android application as malware or benign.
Our results show that leveraging string computation structures as features can yield precision and recall rates as high as 97% on modern malware. We also provide baseline results using other malware detection techniques using the same corpus of applications.

Wed 15 Jul

Displayed time zone: (UTC) Coordinated Universal Time change

13:30 - 15:00
Security and PrivacyVisions / Technical Papers / Paper Presentations / Plenary at MobileSoft
Chair(s): Ivano Malavolta Vrije Universiteit Amsterdam
Virtualization chair: Ferdian Thung
Representing String Computations as GraphsTechnical Papers
Technical Papers
Justin Del Vecchio The State University of New York, Lukasz Ziarek SUNY Buffalo, USA, Steve Ko University at Buffalo, The State University of New York
On the Elicitation of Privacy and Ethics Preferences of Mobile UsersVisions
Patrizio Migliarini University of L'Aquila, Gian Luca Scoccia University of L'Aquila, Marco Autili University of L'Aquila, Italy, Paola Inverardi University of L'Aquila
Vision : Alleviating Android Developer Burden on ObfuscationVisions
Geoffrey Hecht University of Chile, Cyprien Neverov University of Chile, Alexandre Bergel University of Chile
Pre-print Media Attached
Q&A - Security and Privacy
Paper Presentations

Closing and MOBILESoft 2021

Discussion with Authors / Attendees
Paper Presentations