* ICSE 2018 *
Sun 27 May - Sun 3 June 2018 Gothenburg, Sweden
Wed 30 May 2018 17:00 - 17:20 at J1 room - Empirical Software Engineering Chair(s): Marija Mikic

The Android platform has been the dominant mobile platform in recent years resulting in millions of apps and security threats against those apps. Anti-malware products aim to protect smartphone users from these threats, especially from malicious apps. However, malware authors use code obfuscation on their apps to evade detection by anti-malware products. To assess the effects of code obfuscation on Android apps and anti-malware products, we have conducted a large-scale empirical study that evaluates the effectiveness of the top anti-malware products against various obfuscation tools and strategies. To that end, we have obfuscated 3,000 benign apps and 3,000 malicious apps and generated 73,362 obfuscated apps using 29 obfuscation strategies from 7 open-source, academic, and commercial obfuscation tools. The findings of our study indicate that (1) code obfuscation significantly impacts Android anti-malware products; (2) the majority of anti-malware products are severely impacted by even trivial obfuscations; (3) in general, combined obfuscation strategies do not successfully evade anti-malware products more than individual strategies; (4) the detection of anti-malware products depend not only on the applied obfuscation strategy but also on the leveraged obfuscation tool; (5) anti-malware products are slow to adopt signatures of malicious apps; and (6) code obfuscation often results in changes to an app’s semantic behaviors.

Presentation Slides (icse2018_obfuscation_v6.pptx)6.77MiB

Wed 30 May
Times are displayed in time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

16:00 - 18:00: Empirical Software EngineeringTechnical Papers / Journal first papers at J1 room
Chair(s): Marija MikicGoogle
16:00 - 16:20
Does the Propagation of Artifact Changes across Tasks reflect Work Dependencies?
Technical Papers
Christoph Mayr-DornJohannes Kepler University Linz, Alexander Egyed
DOI Pre-print
16:20 - 16:40
Large-Scale Analysis of Framework-Specific Exceptions in Android AppsAward
Technical Papers
Lingling FanEast China Normal University, China/Nanyang Technological University, Singapore, Ting SuNanyang Technological University, Singapore, Sen ChenNanyang Technological University, Guozhu MengNanyang Technological University, Singapore, Yang LiuNanyang Technological University, Singapore, Lihua Xu, Geguang Pu, Zhendong SuUniversity of California, Davis
DOI Pre-print File Attached
16:40 - 17:00
Effect Sizes and their Variance for AB/BA Crossover Design Studies
Journal first papers
Link to publication DOI
17:00 - 17:20
A Large-Scale Empirical Study on the Effects of Code Obfuscations on Android Apps and Anti-Malware Products
Technical Papers
Mahmoud HammadUniversity of California, Irvine, Joshua Garcia, Sam MalekUniversity of California, Irvine
DOI Pre-print Media Attached File Attached
17:20 - 17:40
An empirical study on the interplay between semantic coupling and co-change of software classes
Journal first papers
Nemitari Ajienka, Andrea CapiluppiBrunel University, Steve CounsellBrunel University London
Link to publication DOI Media Attached
17:40 - 18:00
Q&A in groups
Technical Papers