He, Yiling; She, Hongyu; Qian, Xingzhi; Zheng, Xinran; Chen, Zhuo; Qin, Zhan; Cavallaro, Lorenzo; (2025) On Benchmarking Code LLMs for Android Malware Analysis. In: Proceedings of the 34th ACM SIGSOFT International Symposium on Software Testing and Analysis. (pp. pp. 153-160). ACM: New York, NY, USA.

Preview

Text 2504.00694v2.pdf - Accepted Version Download (1MB) | Preview

Abstract

Large Language Models (LLMs) have demonstrated strong capabilities in various code intelligence tasks. However, their effectiveness for Android malware analysis remains underexplored. Decompiled Android malware code presents unique challenges for analysis, due to the malicious logic being buried within a large number of functions and the frequent lack of meaningful function names. This paper presents Cama, a benchmarking framework designed to systematically evaluate the effectiveness of Code LLMs in Android malware analysis. Cama specifies structured model outputs to support key malware analysis tasks, including malicious function identification and malware purpose summarization. Built on these, it integrates three domain-specific evaluation metrics—consistency, fidelity, and semantic relevance—enabling rigorous stability and effectiveness assessment and cross-model comparison. We construct a benchmark dataset of 118 Android malware samples from 13 families collected in recent years, encompassing over 7.5 million distinct functions, and use Cama to evaluate four popular open-source Code LLMs. Our experiments provide insights into how Code LLMs interpret decompiled code and quantify the sensitivity to function renaming, highlighting both their potential and current limitations in malware analysis.

Download activity - last month

Export as XMLJSONCSV

Download activity - last 12 months

Export as JSONXMLCSV

Downloads by country - last 12 months

Export as XMLJSONCSV

Archive Staff Only

View Item