Sitemap

A list of all the posts and pages found on the site. For you robots out there is an XML version available for digesting as well.

Pages

Posts

Blog Post number 4

less than 1 minute read

Published:

This is a sample blog post. Lorem ipsum I can’t remember the rest of lorem ipsum and don’t have an internet connection right now. Testing testing testing this blog post. Blog posts are cool.

Blog Post number 3

less than 1 minute read

Published:

This is a sample blog post. Lorem ipsum I can’t remember the rest of lorem ipsum and don’t have an internet connection right now. Testing testing testing this blog post. Blog posts are cool.

Blog Post number 2

less than 1 minute read

Published:

This is a sample blog post. Lorem ipsum I can’t remember the rest of lorem ipsum and don’t have an internet connection right now. Testing testing testing this blog post. Blog posts are cool.

Blog Post number 1

less than 1 minute read

Published:

This is a sample blog post. Lorem ipsum I can’t remember the rest of lorem ipsum and don’t have an internet connection right now. Testing testing testing this blog post. Blog posts are cool.

publications

AuthScan: Automatic Extraction of Web Authentication Protocols from Implementations

Published in Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS), 2013

It is a work of protocol verifcation to detect vulnerabilities in web protocols

Recommended citation: Guangdong Bai, Jike Lei, Guozhu Meng, Sai Sathyanarayan Venkatraman, Prateek Saxena, Jun Sun, Yang Liu, and Jin Song Dong. (2013). "AuthScan: Automatic Extraction of Web Authentication Protocols from Implementations." Proceedings of the 20th Annual Network and Distributed System Security Symposium http://impillar.github.io/files/ndss2013authscan.pdf

talks

Mystique: Evolving Android Malware for Auditing Anti-Malware Tools

Published in Xi'an, China, 2016

In the arms race of attackers and defenders, the defense is usually more challenging than the attack due to the unpredicted vulnerabilities and newly emerging attacks every day. Currently, most of existing malware detection solutions are individually proposed to address certain types of attacks or certain evasion techniques. Thus, it is desired to conduct a systematic investigation and evaluation of anti-malware solutions and tools based on different attacks and evasion techniques. In this paper, we first propose a meta model for Android malware to capture the common attack features and evasion features in the malware. Based on this model, we develop a framework, MYSTIQUE, to automatically generate malware covering four attack features and two evasion features, by adopting the software product line engineering approach. With the help of MYSTIQUE, we conduct experiments to 1) understand Android malware and the associated attack features as well as evasion techniques; 2) evaluate and compare the 57 off-the-shelf anti-malware tools, 9 academic solutions and 4 App market vetting processes in terms of accuracy in detecting attack features and capability in addressing evasion. Last but not least, we provide a benchmark of Android malware with proper labeling of contained attack and evasion features.

Semantic Modelling of Android Malware for Malware Comprehension, Detection, and Classification

Published in Saarland University, Germany, 2016

Malware has posed a major threat to the Android ecosystem. Existing malware detection tools mainly rely on signature- or feature- based approaches, failing to provide detailed information beyond the mere detection. In this work, we propose a precise semantic model of Android malware based on Deterministic Symbolic Automaton (DSA) for the purpose of malware comprehension, detection and classification. It shows that DSA can capture the common malicious behaviors of a malware family, as well as the malware variants. Based on DSA, we develop an automatic analysis framework, named SMART, which learns DSA by detecting and summarizing semantic clones from malware families, and then extracts semantic features from the learned DSA to classify malware according to the attack patterns. We conduct the experiments in both malware benchmark and 223,170 real-world apps. The results show that SMART builds meaningful semantic models and outperforms both state-of-the-art approaches and anti-virus tools in malware detection. SMART identifies 4583 new malware in real-world apps that are missed by most anti-virus tools. The classification step further identifies new malware variants and unknown families.

Ensuring Android Security: From Malware Detection, Anvirus Software Assessment, to Android Security Testing

Published in University of Beihang, Beijing, China, 2017

Due to the wide use of mobile devices, the security issues existing on mobile devices become more serious and harmful. It is a non-trival task to improve the security in Android such as malware detection, vulnerability detection. This talk will explain three key works dedicted to address security problems in Android: malware detection, performance assessment of anti-malware tools and Android security testing. This talk starts with the study of malware detection, in which we propose a sematic model to represent malicious behaviors in Android malware, and combine static analysia and machine learning to detect malware in an accurate and efficient manner. Then, we conducted another work to assess the performance of existing anti-malware tools by automatically generating a large number of Android malware. We identified many weaknesses of these anti-malware tools, and proposed several advices for improving their performance. Last, we propose a dynamic analysis based approach to explore bugs hidden deep in the code of Android apps.

Guided, Stochastic Model-based GUI Testing of Android Apps

Published in University of Luxembourg, Luxembourg, 2017

Mobile apps are ubiquitous, operate in complex environments and are developed under the time-to-market pressure. Ensuring their correctness and reliability thus becomes an important challenge. This paper introduces Stoat, a novel guided approach to perform stochastic model-based testing on Android apps. Stoat operates in two phases: (1) Given an app as input, it uses dynamic analysis enhanced by a weighted UI exploration strategy and static analysis to reverse engineer a stochastic model of the app’s GUI interactions; and (2) it adapts Gibbs sampling to iteratively mutate/refine the stochastic model and guides test generation from the mutated models toward achieving high code and model coverage and exhibiting diverse sequences. During testing, system-level events are randomly injected to further enhance the testing effectiveness.

teaching