Repackaged Malware Detection in Android

Graph partition for 30-fold improvement in the detection of repackaged malware!

Read about our solution to appear at IEEE S&P workshop.

Joint work by Ke Tian, Barbara Ryder, Gang Tan (PSU), and Daphne.

→ download

Recognition for Daphne

Daphne is grateful that she is appointed the Elizabeth and James E. Turner Jr. '56 Faculty Fellow!

Probabilistic Program Anomaly Detection

Daphne is to present program anomaly detection at IEEE Dependable Systems and Networks (DSN). Our system CMarkov provides context-sensitive and probabilistic classification of program traces for security.

Joint work with Ke Tian, Kui Xu, Barbara Ryder.

→ download

Our People

Dr. Danfeng (Daphne) Yao (PI)

Dr. Daphne Yao (PI)

Xiaokui Shu (PhD)

Xiaokui Shu (PhD)

Fang Liu (PhD)

Fang Liu (PhD)

Ke Tian (PhD)

Ke Tian (PhD)

Sazzadur Rahaman (PhD)

Sazzadur Rahaman (PhD)

Long Cheng (PhD)

Long Cheng (PhD)

Stefan Nagy (PhD)

Stefan Nagy (PhD)

Dr. Haipeng Cai (Postdoc)

Dr. Haipeng Cai (Postdoc)

Daniel Barton (MS)

Daniel Barton (MS)

Alex Kedrowitsch (MS)

Alex Kedrowitsch (MS)

Andres Pico (MS)

Andres Pico (MS)

Hannah Roth (BS/MS)

Hannah Roth (BS/MS)

Former Yao Group Members

+ Learn more

Android Malware Collusion Detection

The conventional attack model assuming a stand-alone malware app may be inadequate for mobile security. Multiple apps can collude to leak sensitive information or abuse system resources.

Existing methods are not designed to defend against such sophisticated collusion attacks on Android. New program analysis and classification techniques on pairs or chains of apps are needed.

Scalability and false alarms are two foremost research challenges.

+ Learn more

Storytelling Security

Context is a key for security analysts to reason about the legitimacy of observed system and network events.

Finding out why things occur and why they occur in a specific order are like telling stories about the computers and users.

We coined the phrase storytelling security to refer to a general causal reasoning approach for security. Our group has successfully demonstrated several concrete embodiments for network security, web security, and Android security.

+ Learn more

Learning-based Program Anomaly Detection

Attackers hijacking or abusing the execution of programs may be rather subtle, thus challenging to detect. Scanning based detection cannot detect new attack patterns.

We show program analysis can guide machine learning techniques for high-precision anomaly detection, with ultra low false alarms.

Our program anomaly detection supports probabilistic reasoning of execution sequences, code reuse attacks as well as data-oriented exploits.

+ Learn more