I am currently working at Microsoft. I graduated from Computer Science at Virginia Tech 2018. My advisor is Dr. Danfeng (Daphne) Yao. Before I came to VT, I completed my Bachelor's Degree in Information Security from University of Science and Technology of China in 2013.

My research interests focus mainly on leveraging Program Analysis and Machine Learning techniques to address Cyber Security challenges. My work focuses on detecting Android malware with machine learning and app prioritization/rewriting. Additional research interests consist of anomaly detection, malware detection and intrusion detection.

Here are my links:
OpenSource Contribution: Github.
Research: GoogleScholar, Resume and CV
Social: LinkedIn.


[9/2018] This page is no longer maintained, please refer to my LinkedIn

[8/2018] I achieved 4 certificates for machine learning in AI!

[6/2018] I passed my thesis defense, cheers.

[6/2018] Our framework SquatPhish for squatting domain ident. and phishing page detect. is released (ง'̀-'́)ง.

[5/2018] Will join a Security/Detection Team at Microsoft Cheers

[4/2018] Our tool FrameHanger is released. ( •̀ .̫ •́ )✧

[2/2018] Passed my research defense. Currently working on Web security plus machine/deep learning.

[8/2017] I was a R&D intern at RSA laboratories, under Dell EMC. We plan to file a patent for my internship work.

[5/2017] I passed my prelim exam in May-12-2017. A milestone!

[7/2016] I was a research intern on Android Security at Qualcomm.

[1/2016-6/2016] A visiting student in UCSD, San Deigo, CA. A wonderful place for tourism!

[10/2015] Check our current achievement on rewriting a malware behavior! [YouTube]

Peer-reviewed Publications

  • 2018

  • Needle in a Haystack: Tracking Down Elite Phishing Domains in the Wild. Ke Tian, Steve Jan, Hang Hu, Danfeng Yao, and Gang Wang. In ACM Internet Measurement Conference (IMC). Boston, MA. Oct. 2018.

    PDF | Code (Project)

  • FrameHanger: Evaluating and Classifying Iframe Injection at Large Scale Ke Tian, etc. In the 14th EAI International Conference on Security and Privacy in Communication Networks (SecureComm). Aug, 2018.

    PDF | Code (Project)

  • 2017

  • Detection of Repackaged Android Malware with Code-Heterogeneity Features Ke Tian, Danfeng Yao, Barbara Ryder, Gang Tan, and Guojun Peng. In IEEE Transactions on Dependable and Secure Computing (TDSC). Jul. 2017.

    PDF | Slides | Code (Project)

  • Enforcing Cyber-Physical Execution Semantics to Defend Against Data-Oriented Attacks. Long Cheng, Ke Tian, and Danfeng Yao. In Proceedings of Annual Computer Security Applications Conference (ACSAC). Puerto Rico, US. Dec. 2017.

    PDF | Demo

  • ReDroid: Prioritizing Data Flows and Sinks for App Security Transformation. Ke Tian, Gang Tan, Danfeng Yao, and Barbara Ryder. In Proceedings of workshop on Forming an Ecosystem Around Software Transformation (FEAST). Collocated with the ACM Computer and Communications Security (CCS). Dallas, TX. Nov. 2017.

    PDF | Code (Project) | Demo

  • Breaking the Target: An Analysis of Target Data Breach and Lessons Learned Shu, Xiaokui, Ke Tian, Andrew Ciambrone and Danfeng Yao. In arXiv preprint arXiv:1701.04940. Jan, 2017.


  • 2016

  • Analysis of Code Heterogeneity for High-Precision Classification of Repackaged Malware. Ke Tian, Danfeng Yao, Barbara Ryder, and Gang Tan. In Proceedings of Mobile Security Technologies (MoST), in conjunction with the IEEE Symposium on Security and Privacy. San Jose, CA. May 2016.


  • A Sharper Sense of Self: Probabilistic Reasoning of Program Behaviors for Anomaly Detection Kui Xu, Ke Tian, Danfeng Yao, and Barbara Ryder. In Proceedings of the 46th IEEE/IFIP International Conference on Dependable System and Networks (DSN). Toulouse, France. 2016.

    PDF | Code (Project)

  • Poster: Android-Application Rewriting with Quantitative Information Flow Analysis. Ke Tian, Danfeng(Daphne) Yao, Gang Tan. In Proceedings of The Network and Distributed System Security Symposium (NDSS). San Diego, CA. 2016.


  • Before-2015

  • Probabilistic Program Modeling for High-Precision Anomaly Classification. Kui Xu, Danfeng Yao, Barbara Ryder, and Ke Tian. In Proceedings of the 2015 IEEE Computer Security Foundations Symposium (CSF). Verona, Italy. Jul. 2015.


  • An Efficient Multi-keyword Ranked Retrieval Scheme with Johnson-Lindenstrauss Transform over Encrypted Cloud Data. Ke Li, Weiming Zhang, Ke Tian, Rundong Liu, and Nenghai Yu. In Cloud Computing and Big Data (CloudCom-Asia), 2013 International Conference on, pp. 320-327. IEEE, 2013.


Other Posters

Collusion Attack Implementation by Retrofitting Android Apps, Lance Chao, Ke Tian, Danfeng (Daphne) Yao, VTURCS Spring Symposium 2015. [PDF]

IntrospectDroid: Scalable, Efficient Detection of Repackaged Malware in Android with Call Graph Analysis, Zack Morris, Ke Tian, and Danfeng (Daphne) Yao, VTURCS Spring Symposium 2014. [PDF]


[RSA Security]
May. 2017 - Aug 2017: Research and Development Intern at RSA Laboratories, A security devision of DELL EMC, Bedford, MA.

  • - Working with Mr Kevin Bowers and Dr Zhou Li.
  • - Patent Filed: filing a patent on malicious website detection for classifying malicious iframes!

June. 2016 - Aug 2016: Research and Development Intern at Qualcomm Research, Silicon Valley (QRSV), San Clara, CA.

  • - Working with Dr. Joel Galenson and Dr. Sudha Anil Gathala.
  • - Static Code Analysis: decompiling Android bytecode for control/data flow analysis to detect communication channels. Reverse engineering applications into Intermediate representations.
  • - Dynamic Instrumentation: instrumenting Android Open Source Project (AOSP) to monitoring dynamic inter-app communications (i.e., Intents). Extracting communication features for machine learning models.

[Virginia Tech(VT)]
Sep. 2014 - Now: Graduate Research Assistant at Dept. of Computer Science, Virginia Tech, Blacksburg, VA.

Sep. 2013 - Sep. 2014: Graduate Teaching Assistant at Dept. of Computer Science, Virginia Tech, Blacksburg, VA.

  • Fall 2014: Principle of Computer Security, CS4264
  • Fall 2013, Spring 2014: Introduction to C Programming, CS1044


FrameHanger: Web security tool to extract dynamically and statically injected iframes. [Python/JavaScript][github]

Re-Droid: Android rewriting tool based on FlowDroid and Soot. [Python] [github]

DR-Droid: Android malware detection tool with graph mining and machine learning. [Python] [github]

CS-STILO: Statically initialized Hidden Markov Model (HMM) for program anonaly detection. [Java/C] [github]

AutoRun: Automatic running Apps with events on Android. [Python] [github]

VT-Api: VirusTotal API for Android applications and for a set of URLs.[Python] [github-1] and [github-2]


Security: Advanced Security(A), Crypotography, Network Security, DataBase Security, etc.
Math: Random Process(A), Discrete Math(A), Graph Theory(A), Comp. Number Theory, Information Theory, etc.
Others: Machine Learning, Data Analytics(A), Program Analysis(A), Software Engineering(A), Algorithms, etc

*(A) means the A grade for the course


Journal reviewer: TDSC, TIFS, Computer Security etc.

Conference reviewer: CCS, ACSAC, AsiaCCS, CNS, CloudCom, etc.


Email: ketian at vt.edu | ketian at cs.vt.edu

Affiliation: Department of Computer Science, Virginia Tech

Address: B41, 2202 Kraft Drive, KnowledgeWork II, Blacksburg, VA 24060

Tentative Thesis Committee

Prof Gang Tan, School of Electrical and Computer Engineering, PSU

Prof Barbara G. Ryder, Department of Computer Science, Virginia Tech

Prof Naren Ramakrishnan, Department of Computer Science, Virginia Tech

Prof Na Meng, Department of Computer Science, Virginia Tech