Tue 6 Nov 2018 16:37 - 17:00 at Horizons 6-9F - Security Chair(s): Lucas Bang

Although mobile ad frauds have been widespread, state-of-the-art approaches in the literature have mainly focused on detecting the so-called \emph{static placement frauds}, where only a single UI state is involved and can be identified based on static information such as the size or location of ad views. Other types of fraud exist that involve multiple UI states and are performed dynamically while users interact with the app. Such \emph{dynamic interaction frauds}, although now widely spread in apps, have not yet been explored nor addressed in the literature. In this work, we investigate a wide range of mobile ad frauds to provide a comprehensive taxonomy to the research community. We then propose, FraudDroid, a novel hybrid approach to detect ad frauds in mobile Android apps. FraudDroid analyses apps dynamically to build UI state transition graphs and collects their associated runtime network traffics, which are then leveraged to check against a set of heuristic-based rules for identifying ad fraudulent behaviours. We show empirically that FraudDroid detects ad frauds with a high precision ($\sim 93%$) and recall ($\sim 92%$). Experimental results further show that FraudDroid is capable of detecting ad frauds across the spectrum of fraud types. By analysing 12,000 ad-supported Android apps, FraudDroid identified 335 cases of fraud associated with 20 ad networks that are further confirmed to be true positive results and are shared with our fellow researchers to promote advanced ad fraud detection.

#### Tue 6 NovDisplayed time zone: Guadalajara, Mexico City, Monterrey change

 15:30 - 17:00 Security at Horizons 6-9F Chair(s): Lucas Bang 15:3022mTalk Text Filtering and Ranking for Security Bug Report PredictionJournal-FirstFayola Peters Lero - The Irish Software Research Centre and University of Limerick, Thein Than Tun , Yijun Yu The Open University, UK, Bashar Nuseibeh The Open University (UK) & Lero (Ireland) DOI 15:5222mTalk STADS: Software Testing as Species DiscoveryJournal-FirstMarcel Böhme Monash University DOI 16:1522mTalk The Impact of Regular Expression Denial of Service (ReDoS) in Practice: An Empirical Study at the Ecosystem ScaleResearch PapersJames C. Davis Virginia Tech, USA, Christy A. Coghlan Virginia Tech, USA, Francisco Servant Virginia Tech, Dongyoon Lee Virginia Tech, USA 16:3722mTalk FraudDroid: Automated Ad Fraud Detection for Android AppsResearch PapersFeng Dong Beijing University of Posts and Telecommunications, China, Haoyu Wang , Li Li Monash University, Australia, Yao Guo Peking University, Tegawendé F. Bissyandé University of Luxembourg, Luxembourg, Tianming Liu Beijing University of Posts and Telecommunications, China, Guoai Xu , Jacques Klein University of Luxembourg, SnT