Posts by Collection


AuthScan: Automatic Extraction of Web Authentication Protocols from Implementations

Published in Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS), 2013

It is a work of protocol verifcation to detect vulnerabilities in web protocols

Recommended citation: Guangdong Bai, Jike Lei, Guozhu Meng, Sai Sathyanarayan Venkatraman, Prateek Saxena, Jun Sun, Yang Liu, and Jin Song Dong. (2013). "AuthScan: Automatic Extraction of Web Authentication Protocols from Implementations." Proceedings of the 20th Annual Network and Distributed System Security Symposium


Mystique: Evolving Android Malware for Auditing Anti-Malware Tools

Published in Xi'an, China, 2016

In the arms race of attackers and defenders, the defense is usually more challenging than the attack due to the unpredicted vulnerabilities and newly emerging attacks every day. Currently, most of existing malware detection solutions are individually proposed to address certain types of attacks or certain evasion techniques. Thus, it is desired to conduct a systematic investigation and evaluation of anti-malware solutions and tools based on different attacks and evasion techniques. In this paper, we first propose a meta model for Android malware to capture the common attack features and evasion features in the malware. Based on this model, we develop a framework, MYSTIQUE, to automatically generate malware covering four attack features and two evasion features, by adopting the software product line engineering approach. With the help of MYSTIQUE, we conduct experiments to 1) understand Android malware and the associated attack features as well as evasion techniques; 2) evaluate and compare the 57 off-the-shelf anti-malware tools, 9 academic solutions and 4 App market vetting processes in terms of accuracy in detecting attack features and capability in addressing evasion. Last but not least, we provide a benchmark of Android malware with proper labeling of contained attack and evasion features.

Semantic Modelling of Android Malware for Malware Comprehension, Detection, and Classification

Published in Saarland University, Germany, 2016

Malware has posed a major threat to the Android ecosystem. Existing malware detection tools mainly rely on signature- or feature- based approaches, failing to provide detailed information beyond the mere detection. In this work, we propose a precise semantic model of Android malware based on Deterministic Symbolic Automaton (DSA) for the purpose of malware comprehension, detection and classification. It shows that DSA can capture the common malicious behaviors of a malware family, as well as the malware variants. Based on DSA, we develop an automatic analysis framework, named SMART, which learns DSA by detecting and summarizing semantic clones from malware families, and then extracts semantic features from the learned DSA to classify malware according to the attack patterns. We conduct the experiments in both malware benchmark and 223,170 real-world apps. The results show that SMART builds meaningful semantic models and outperforms both state-of-the-art approaches and anti-virus tools in malware detection. SMART identifies 4583 new malware in real-world apps that are missed by most anti-virus tools. The classification step further identifies new malware variants and unknown families.


Java Programming Language

Published in Tianjin University, China, 2009

<!– This is a description of a teaching experience. You can use markdown like any other post.

Data Structure and Algorithms

Published in Tianjin University, Tianjin, 2010

<!– This is a description of a teaching experience. You can use markdown like any other post.