Repackaged Malware Detection in Android

Graph partition for 30-fold improvement in the detection of repackaged malware!

Read about our solution to appear at IEEE S&P workshop.

Joint work by Ke Tian, Barbara Ryder, Gang Tan (PSU), and Daphne.

→ download

Program Anomaly Detection Tutorial

Daphne and Xiaokui will give a tutorial on program anomaly detection at ACM CCS in October. It will be useful for all researchers and practitioners who are interested in utilizing data analytic and program analysis tools to design innovative security methods.

+ Learn more

Probabilistic Program Anomaly Detection

Daphne is to present program anomaly detection at IEEE Dependable Systems and Networks (DSN). Our system CMarkov provides context-sensitive and probabilistic classification of program traces for security.

Joint work with Ke Tian, Kui Xu, Barbara Ryder.

→ download

Our People

Dr. Danfeng (Daphne) Yao (PI)

Dr. Daphne Yao (PI)

Fang Liu (PhD)

Fang Liu (PhD)

Ke Tian (PhD)

Ke Tian (PhD)

Sazzadur Rahaman (PhD)

Sazzadur Rahaman (PhD)

Long Cheng (PhD)

Long Cheng (PhD)

Stefan Nagy (PhD)

Stefan Nagy (PhD)

Alex Kedrowitsch (MS)

Alex Kedrowitsch (MS)

Andres Pico (MS)

Andres Pico (MS)

Hannah Roth (MS)

Hannah Roth (MS)

Former Yao Group Members

+ Learn more

Android Malware Collusion Detection

The conventional attack model assuming a stand-alone malware app may be inadequate for mobile security. Multiple apps can collude to leak sensitive information or abuse system resources.

Existing methods are not designed to defend against such sophisticated collusion attacks on Android. New program analysis and classification techniques on pairs or chains of apps are needed.

Scalability and false alarms are two foremost research challenges.

+ Learn more

Storytelling Security

Context is a key for security analysts to reason about the legitimacy of observed system and network events.

Finding out why things occur and why they occur in a specific order are like telling stories about the computers and users.

We coined the phrase storytelling security to refer to a general causal reasoning approach for security. Our group has successfully demonstrated several concrete embodiments for network security, web security, and Android security.

+ Learn more

Learning-based Program Anomaly Detection

Attackers hijacking or abusing the execution of programs may be rather subtle, thus challenging to detect. Scanning based detection cannot detect new attack patterns.

We show program analysis can guide machine learning techniques for high-precision anomaly detection, with ultra low false alarms.

Our program anomaly detection supports probabilistic reasoning of execution sequences, code reuse attacks as well as data-oriented exploits.

+ Learn more