Write a Blog >>
MOBILESoft 2020
Mon 13 - Wed 15 July 2020
co-located with ICSE 2020
Wed 15 Jul 2020 13:30 - 13:45 at MobileSoft - Security and Privacy Chair(s): Ivano Malavolta

Android applications rely heavily on strings for sensitive operations like reflection, access to system resources, URL connections, database access, among others. Thus, insight into application behavior can be gained through not only an analysis of what strings an application creates but also the structure of the computation used to create theses strings, and in what manner are these strings used. In this paper we introduce a static analysis of Android applications to discover strings, how they are created, and their usage. The output of our static analysis contains all of this information in the form of a graph which we call a string computation. We leverage the results to classify individual application behavior with respect to malicious or benign intent. Unlike previous work that has focused only on extraction of string values, our approach leverages the structure of the computation used to generate string values as features to perform classification of Android applications. That is, we use none of the static analysis computed string values, rather using only the graph structures of created strings to do classification of an arbitrary Android application as malware or benign.
Our results show that leveraging string computation structures as features can yield precision and recall rates as high as 97% on modern malware. We also provide baseline results using other malware detection techniques using the same corpus of applications.

Wed 15 Jul
Times are displayed in time zone: (UTC) Coordinated Universal Time change

13:30 - 15:00: Security and PrivacyPaper Presentations / Visions / Technical Papers / Plenary at MobileSoft
Chair(s): Ivano MalavoltaVrije Universiteit Amsterdam
Virtualization chair: Ferdian Thung
13:30 - 13:45
Representing String Computations as GraphsTechnical Papers
Technical Papers
Justin Del VecchioThe State University of New York, Lukasz ZiarekSUNY Buffalo, USA, Steve KoUniversity at Buffalo, The State University of New York
13:45 - 13:55
On the Elicitation of Privacy and Ethics Preferences of Mobile UsersVisions
Patrizio MigliariniUniversity of L'Aquila, Gian Luca ScocciaUniversity of L'Aquila, Marco AutiliUniversity of L'Aquila, Italy, Paola InverardiUniversity of L'Aquila
13:55 - 14:05
Vision : Alleviating Android Developer Burden on ObfuscationVisions
Geoffrey HechtUniversity of Chile, Cyprien NeverovUniversity of Chile, Alexandre BergelUniversity of Chile
Pre-print Media Attached
14:05 - 14:20
Q&A - Security and Privacy
Paper Presentations
14:20 - 14:30
Closing and MOBILESoft 2021
14:30 - 15:00
Discussion with Authors / Attendees
Paper Presentations