Screening 100K Apps for Collusion Threats

Our DARPA-sponsored work on Android malware collusion detection on >100,000 apps will appear at ACM ASIACCS.

Joint work by Amiangshu Bosu (former postdoc from Yao group), Fang Liu, and Gang Wang.

It is open source! Check it out HERE.

Select media coverage: New Scientist, ACM Technews, International Business Times

→ Read more

Program Anomaly Detection Tutorial and Keynote

Daphne and Xiaokui gave a tutorial on program anomaly detection at ACM CCS in ACM CCS '16. It is useful for all researchers and practitioners who are interested in data analytic and program analysis tools for designing innovative security methods.

Tutorial video is on YouTube.

Tutorial slides are here.

Daphne's 2017 keynote slides on program anomaly detection in the cloud at ASIACCS SCCcan be found here.

+ Learn more

Probabilistic Program Anomaly Detection

Daphne is to present program anomaly detection at IEEE Dependable Systems and Networks (DSN). Our system CMarkov provides context-sensitive and probabilistic classification of program traces for security.

Joint work with Ke Tian, Kui Xu, Barbara Ryder.

→ download

Our People

Dr. Danfeng (Daphne) Yao (PI)

Dr. Daphne Yao (PI)

Fang Liu (PhD)

Fang Liu (PhD)

Ke Tian (PhD)

Ke Tian (PhD)

Sazzadur Rahaman (PhD)

Sazzadur Rahaman (PhD)

Long Cheng (PhD)

Long Cheng (PhD)

Stefan Nagy (PhD)

Stefan Nagy (PhD)

Alex Kedrowitsch (MS)

Alex Kedrowitsch (MS)

Andres Pico (MS)

Andres Pico (MS)

Hannah Roth (MS)

Hannah Roth (MS)

Former Yao Group Members

+ Learn more

Android Malware Collusion Detection

The conventional attack model assuming a stand-alone malware app may be inadequate for mobile security. Multiple apps can collude to leak sensitive information or abuse system resources.

Existing methods are not designed to defend against such sophisticated collusion attacks on Android. New program analysis and classification techniques on pairs or chains of apps are needed.

Scalability and false alarms are two foremost research challenges. Our new AsiaCCS '17 work computes the collusion threats of more than 100,000 Android apps.

+ Learn more

Storytelling Security

Context is a key for security analysts to reason about the legitimacy of observed system and network events.

Finding out why things occur and why they occur in a specific order are like telling stories about the computers and users.

We coined the phrase storytelling security to refer to a general causal reasoning approach for security. Our group has successfully demonstrated several concrete embodiments for network security, web security, and Android security.

+ Learn more

Learning-based Program Anomaly Detection

Attackers hijacking or abusing the execution of programs may be rather subtle, thus challenging to detect. Scanning based detection cannot detect new attack patterns.

We show program analysis can guide machine learning techniques for high-precision anomaly detection, with ultra low false alarms.

Our program anomaly detection supports probabilistic reasoning of execution sequences, code reuse attacks as well as data-oriented exploits.

+ Learn more