Ching-Hao Mao

Learn More
Recently, the threat of Android malware is spreading rapidly, especially those repackaged Android malware. Although understanding Android malware using dynamic analysis can provide a comprehensive view, it is still subjected to high cost in environment deployment and manual efforts in investigation. In this study, we propose a static feature-based mechanism(More)
Capturing Fast-Flux Service Networks (FFSNs) by temporal variances is an intuitive way for seeking to identify rapid changes of DNS records. Unfortunately, the features regard to temporal variances would lead to the delay detection (more than one hour) of FFSN which could cause more damages, such as Botnet propagation and malware delivery. In this study, we(More)
Although there is immense data available from networks and hosts, a very small proportion of this data is labeled due to the cost of obtaining expert labels. This proves to be a significant bottle-neck for developing supervised intrusion detection systems that rely solely on labeled data. In spite of the data being collected from real network environments(More)
The rapid growth of smartphones has lead to a renaissance for mobile application services. Android and iOS now as the most popular smartphone platforms offer a public marketplace respectively, the Android Market and App Store- but operate with dramatically different approaches to prevent malware on their devices. In Android platform, developer not only can(More)
What are the patterns that typical network attackers exhibit? For a given malicious network behaviors, are its attacks spread uniformly over time? In this work, we develop MalSpot, multi-resolution and multi-linear (Multi) network analysis system in order to discover such malicious patterns, so that we can use them later for attack detection, when attacks(More)
Through the rapid evaluation of spam, no fully successful solution for filtering spam has been found. However, the spammers still spread spam by using the same intentions such as advertising and phishing. In this investigation, we propose a mechanism of E-mail Words Social Network (EWSN) for profiling users' intentions related to interesting and(More)
Web applications suffer from cross-site scripting (XSS) attacks that resulting from incomplete or incorrect input sanitization. Learning the structure of attack vectors could enrich the variety of manifestations in generated XSS attacks. In this study, we focus on generating more threatening XSS attacks for the state-of-the-art detection approaches that can(More)
We propose a graphical signature for intrusion detection given alert sequences. By correlating alerts with their temporal proximity, we build a probabilistic graph-based model to describe a group of alerts that form an attack or normal behavior. Using the models, we design a pairwise measure based on manifold learning to measure the dissimilarities between(More)
Fast-flux service networks (FFSNs), broadly used by botnets, are an evasive technique for conducting malicious behavior via rapid activities. FFSN detection easily fails in the case of poor performance and causes a high incidence of false positives due to the similarity of an FFSN to a content distribution network (CDN), a normal behavior for load balance.(More)