Peng Gao

Madeline: Continuous and Low-cost Monitoring with Graph-free Representations to Combat Cyber Threats
Wenjia Song, Hailun Ding, Na Meng, Peng Gao, Danfeng (Daphne) Yao
Annual Computer Security Applications Conference (ACSAC)
October 2024
[paper]

ThreatKG: An AI-Powered System for Automated Open-Source Cyber Threat Intelligence Gathering and Management
Peng Gao*, Xiaoyuan Liu* (* equal contribution), Edward Choi, Sibo Ma, Xinyu Yang, Dawn Song
Workshop on Large AI Systems and Models with Privacy and Safety Analysis (LAMPS), co-located with CCS
October 2024
[paper]

vFix: Facilitating Software Maintenance of Smart Contracts via Automatically Fixing Vulnerabilities
Pengcheng Fang, Peng Gao, Yun Peng, Qingzhao Zhang, Tao Xie, Dawn Song, Prateek Mittal, Sanjeev Kulkarni, Zhuotao Liu, Xusheng Xiao
International Conference on Software Maintenance and Evolution (ICSME)
October 2024
[paper] [code and data]

P4Control: Line-Rate Cross-Host Attack Prevention via In-Network Information Flow Control Enabled by Programmable Switches and eBPF
Osama Bajaber, Bo Ji, Peng Gao
IEEE Symposium on Security and Privacy (S&P / Oakland)
May 2024
[paper] [code] [video]
• We demonstrate the use of programmable data planes to enforce information flow control policies at the network level, to prevent cross-host attacks (e.g., APTs) in real time at line rate.

An Analysis of Recent Advances in Deepfake Image Detection in an Evolving Threat Landscape
Sifat Muhammad Abdullah, Aravind Cheruvu, Shravya Kanchi, Taejoong Chung, Peng Gao, Murtuza Jadliwala, Bimal Viswanath
IEEE Symposium on Security and Privacy (S&P / Oakland)
May 2024
[paper] [code and data] [video]
• We show that the emergence of user-customized generative models and vision foundation models presents new security challenges and opportunities in detecting deepfake media.

PrivMon: A Stream-Based System for Real-Time Privacy Attack Detection for Machine Learning Models
Myeongseob Ko*, Xinyu Yang* (* equal contribution), Zhengjie Ji, Hoang Anh Just, Peng Gao, Anoop Kumar, Ruoxi Jia
International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
October 2023
[paper] [code]

PrivGuard: Privacy Regulation Compliance Made Easier
Lun Wang, Usmann Khan, Joseph P. Near, Qi Pang, Jithendaraa Subramanian, Neel Somani, Peng Gao, Andrew Low, Dawn Song
USENIX Security Symposium (USENIX Security)
August 2022
[paper] [code]

Back-Propagating System Dependency Impact for Attack Investigation
Pengcheng Fang*, Peng Gao* (* equal contribution), Changlin Liu, Erman Ayday, Kangkook Jee, Ting Wang, Yanfang (Fanny) Ye, Zhuotao Liu, Xusheng Xiao
USENIX Security Symposium (USENIX Security)
August 2022
[paper] [code]

Make Web3.0 Connected
Zhuotao Liu, Yangxi Xiang, Jian Shi, Peng Gao, Haoyu Wang, Xusheng Xiao, Bihan Wen, Qi Li, Yih-Chun Hu
IEEE Transactions on Dependable and Secure Computing (TDSC)
2021
[paper]
• Featured in Wikipedia

A System for Automated Open-Source Threat Intelligence Gathering and Management
Peng Gao*, Xiaoyuan Liu* (* equal contribution), Edward Choi, Bhavna Soman, Chinmaya Mishra, Kate Farris, Dawn Song
ACM SIGMOD International Conference on Management of Data (SIGMOD Demo), Demonstrations Track
June 2021
[paper] [demo] [data]
• 2020 Microsoft Security AI Research Award (Acceptance Rate: 3/55 = 5.5%)

CHAMP: Characterizing Undesired App Behaviors from User Comments based on Market Policies
Yangyu Hu, Haoyu Wang, Tiantong Ji, Xusheng Xiao, Xiapu Luo, Peng Gao, Yao Guo
IEEE/ACM International Conference on Software Engineering (ICSE)
May 2021
[paper] [code]

Enabling Efficient Cyber Threat Hunting With Cyber Threat Intelligence
Peng Gao, Fei Shao, Xiaoyuan Liu, Xusheng Xiao, Zheng Qin, Fengyuan Xu, Prateek Mittal, Sanjeev R. Kulkarni, Dawn Song
IEEE International Conference on Data Engineering (ICDE)
April 2021
[paper] [demo] [code]

DeepIntent: Deep Icon-Behavior Learning for Detecting Intention-Behavior Discrepancy in Mobile Apps
Shengqu Xi, Shao Yang, Xusheng Xiao, Yuan Yao, Yayuan Xiong, Fengyuan Xu, Haoyu Wang, Peng Gao, Zhuotao Liu, Feng Xu, Jian Lu
ACM Conference on Computer and Communications Security (CCS)
November 2019
[paper] [code]

HyperService: Interoperability and Programmability Across Heterogeneous Blockchains
Zhuotao Liu, Yangxi Xiang, Jian Shi, Peng Gao, Haoyu Wang, Xusheng Xiao, Bihan Wen, Yih-Chun Hu
ACM Conference on Computer and Communications Security (CCS)
November 2019
[paper] [long technical report] [code] [website]

Data Capsule: A New Paradigm for Automatic Compliance with Data Privacy Regulations
Lun Wang, Joseph P. Near, Neel Somani, Peng Gao, Andrew Low, David Dao, Dawn Song
Workshop on Polystores Including Managing Privacy, Security and Policy for Heterogenous Data (POLY), co-located with VLDB
August 2019
[paper]

IconIntent: Automatic Identification of Sensitive UI Widgets based on Icon Classification for Android Apps
Xusheng Xiao, Xiaoyin Wang, Zhihao Cao, Hanlin Wang, Peng Gao
IEEE/ACM International Conference on Software Engineering (ICSE)
May 2019
[paper]

SAQL: A Stream-based Query System for Real-Time Abnormal System Behavior Detection
Peng Gao, Xusheng Xiao, Ding Li, Zhichun Li, Kangkook Jee, Zhenyu Wu, Chung Hwan Kim, Sanjeev R. Kulkarni, Prateek Mittal
USENIX Security Symposium (USENIX Security)
August 2018
[paper] [demo] [website]
• CSAW Best Applied Security Paper Award Top-10 Finalists, 2018 (Acceptance Rate: 10/74 = 13.5%)
• Deployed in NEC Laboratories America
• U.S. patent

AIQL: Enabling Efficient Attack Investigation from System Monitoring Data
Peng Gao, Xusheng Xiao, Zhichun Li, Kangkook Jee, Fengyuan Xu, Sanjeev R. Kulkarni, Prateek Mittal
USENIX Annual Technical Conference (ATC)
July 2018
[paper] [demo] [website]
• Integrated in the NEC Corporation's Automated Security Intelligence solution as its attack query system and was commercialized
• Deployed in NEC Laboratories America
• U.S. patent

Exploiting Temporal Dynamics in Sybil Defenses
Changchang Liu*, Peng Gao* (* equal contribution), Matthew Wright, Prateek Mittal
ACM Conference on Computer and Communications Security (CCS)
October 2015
[paper]

Publications