Graph partition for 30-fold improvement in the detection of repackaged malware!
Joint work by Ke Tian, Barbara Ryder, Gang Tan (PSU), and Daphne.
Daphne and Xiaokui will give a tutorial on program anomaly detection at ACM CCS in October. It will be useful for all researchers and practitioners who are interested in utilizing data analytic and program analysis tools to design innovative security methods.
Daphne is to present program anomaly detection at IEEE Dependable Systems and Networks (DSN). Our system CMarkov provides context-sensitive and probabilistic classification of program traces for security.
Joint work with Ke Tian, Kui Xu, Barbara Ryder.
Xiaokui Shu (PhD)
Fang Liu (PhD)
Ke Tian (PhD)
Sazzadur Rahaman (PhD)
Long Cheng (PhD)
Stefan Nagy (PhD)
Dr. Haipeng Cai (Postdoc)
Daniel Barton (MS)
Alex Kedrowitsch (MS)
Andres Pico (MS)
Hannah Roth (BS/MS)
The conventional attack model assuming a stand-alone malware app may be inadequate for mobile security. Multiple apps can collude to leak sensitive information or abuse system resources.
Existing methods are not designed to defend against such sophisticated collusion attacks on Android. New program analysis and classification techniques on pairs or chains of apps are needed.
Scalability and false alarms are two foremost research challenges.+ Learn more
Context is a key for security analysts to reason about the legitimacy of observed system and network events.
Finding out why things occur and why they occur in a specific order are like telling stories about the computers and users.
We coined the phrase storytelling security to refer to a general causal reasoning approach for security. Our group has successfully demonstrated several concrete embodiments for network security, web security, and Android security.+ Learn more
Attackers hijacking or abusing the execution of programs may be rather subtle, thus challenging to detect. Scanning based detection cannot detect new attack patterns.
We show program analysis can guide machine learning techniques for high-precision anomaly detection, with ultra low false alarms.
Our program anomaly detection supports probabilistic reasoning of execution sequences, code reuse attacks as well as data-oriented exploits.+ Learn more