Tue 6 Nov 2018 16:37 - 17:00 at Horizons 6-9F - Security Chair(s): Lucas Bang

Although mobile ad frauds have been widespread, state-of-the-art approaches in the literature have mainly focused on detecting the so-called \emph{static placement frauds}, where only a single UI state is involved and can be identified based on static information such as the size or location of ad views. Other types of fraud exist that involve multiple UI states and are performed dynamically while users interact with the app. Such \emph{dynamic interaction frauds}, although now widely spread in apps, have not yet been explored nor addressed in the literature. In this work, we investigate a wide range of mobile ad frauds to provide a comprehensive taxonomy to the research community. We then propose, FraudDroid, a novel hybrid approach to detect ad frauds in mobile Android apps. FraudDroid analyses apps dynamically to build UI state transition graphs and collects their associated runtime network traffics, which are then leveraged to check against a set of heuristic-based rules for identifying ad fraudulent behaviours. We show empirically that FraudDroid detects ad frauds with a high precision ($\sim 93%$) and recall ($\sim 92%$). Experimental results further show that FraudDroid is capable of detecting ad frauds across the spectrum of fraud types. By analysing 12,000 ad-supported Android apps, FraudDroid identified 335 cases of fraud associated with 20 ad networks that are further confirmed to be true positive results and are shared with our fellow researchers to promote advanced ad fraud detection.

Tue 6 Nov

 15:30 - 17:00: Research Papers - Security at Horizons 6-9F Chair(s): Lucas Bang 15:30 - 15:52Talk Text Filtering and Ranking for Security Bug Report PredictionFayola PetersLero - The Irish Software Research Centre and University of Limerick, Thein Than Tun, Yijun YuThe Open University, UK, Bashar NuseibehThe Open University (UK) & Lero (Ireland) DOI 15:52 - 16:15Talk STADS: Software Testing as Species DiscoveryMarcel BöhmeMonash University DOI 16:15 - 16:37Talk The Impact of Regular Expression Denial of Service (ReDoS) in Practice: An Empirical Study at the Ecosystem ScaleJames C. DavisVirginia Tech, USA, Christy A. CoghlanVirginia Tech, USA, Francisco ServantVirginia Tech, Dongyoon LeeVirginia Tech, USA 16:37 - 17:00Talk FraudDroid: Automated Ad Fraud Detection for Android AppsFeng DongBeijing University of Posts and Telecommunications, China, Haoyu Wang, Li LiMonash University, Australia, Yao GuoPeking University, Tegawendé F. BissyandéUniversity of Luxembourg, Luxembourg, Tianming LiuBeijing University of Posts and Telecommunications, China, Guoai Xu , Jacques KleinUniversity of Luxembourg, SnT