Graph partition for 30-fold improvement in the detection of repackaged malware!
Joint work by Ke Tian, Barbara Ryder, Gang Tan (PSU), and Daphne.
Daphne and Xiaokui gave a tutorial on program anomaly detection at ACM CCS in ACM CCS '16. It is useful for all researchers and practitioners who are interested in data analytic and program analysis tools for designing innovative security methods.
Tutorial video is on YouTube.
Tutorial slides are here.
Daphne is to present program anomaly detection at IEEE Dependable Systems and Networks (DSN). Our system CMarkov provides context-sensitive and probabilistic classification of program traces for security.
Joint work with Ke Tian, Kui Xu, Barbara Ryder.
Sazzadur Rahaman (PhD)
Stefan Nagy (PhD)
Alex Kedrowitsch (MS)
Andres Pico (MS)
Hannah Roth (MS)
The conventional attack model assuming a stand-alone malware app may be inadequate for mobile security. Multiple apps can collude to leak sensitive information or abuse system resources.
Existing methods are not designed to defend against such sophisticated collusion attacks on Android. New program analysis and classification techniques on pairs or chains of apps are needed.
Scalability and false alarms are two foremost research challenges.+ Learn more
Context is a key for security analysts to reason about the legitimacy of observed system and network events.
Finding out why things occur and why they occur in a specific order are like telling stories about the computers and users.
We coined the phrase storytelling security to refer to a general causal reasoning approach for security. Our group has successfully demonstrated several concrete embodiments for network security, web security, and Android security.+ Learn more
Attackers hijacking or abusing the execution of programs may be rather subtle, thus challenging to detect. Scanning based detection cannot detect new attack patterns.
We show program analysis can guide machine learning techniques for high-precision anomaly detection, with ultra low false alarms.
Our program anomaly detection supports probabilistic reasoning of execution sequences, code reuse attacks as well as data-oriented exploits.+ Learn more