• Publications
  • Influence
DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android
TLDR
The increasing popularity of Android apps makes them the target of malware authors. Expand
  • 494
  • 72
  • PDF
BitBlaze: A New Approach to Computer Security via Binary Analysis
TLDR
In this paper, we give an overview of the BitBlaze project, a new approach to computer security via binary analysis, offering novel and effective solutions, as demonstrated with over a dozen different security applications. Expand
  • 694
  • 53
  • PDF
DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis
TLDR
We present DroidScope, an Android analysis platform that continues the tradition of virtualization-based malware analysis. Expand
  • 613
  • 48
  • PDF
Semantics-Aware Android Malware Classification Using Weighted Contextual API Dependency Graphs
TLDR
We propose a novel semantic-based approach that classifies Android malware via dependency graphs. Expand
  • 319
  • 36
  • PDF
Scalable Graph-based Bug Search for Firmware Images
TLDR
We propose a new bug search scheme which addresses the scalability challenge in existing cross-platform bug search techniques and further improves search accuracy. Expand
  • 132
  • 35
  • PDF
Panorama: capturing system-wide information flow for malware detection and analysis
TLDR
We observe that malicious information access and processing behavior is the fundamental trait of numerous malware categories breaching users' privacy (including keyloggers, password thieves, network sniffers, stealth backdoors, spyware and rootkits). Expand
  • 743
  • 34
  • PDF
Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection
TLDR
We propose a novel neural network-based approach to compute the embedding, i.e., generating embedding for a binary function, as a neural network whose parameters can be trained in previous approaches. Expand
  • 158
  • 27
  • PDF
Renovo: a hidden code extractor for packed executables
TLDR
We propose a fully dynamic approach that captures an intrinsic nature of hidden code execution that the original code should be present in memory and executed at some point at run-time. Expand
  • 290
  • 24
  • PDF
Polyglot: automatic extraction of protocol message format using dynamic binary analysis
TLDR
We propose a new protocol reverse engineering method that uses dynamic analysis of program binaries to extract the message format of an implementation of a protocol without access to the specification. Expand
  • 327
  • 17
  • PDF
Attacks on WebView in the Android system
TLDR
WebView is an essential component in both Android and iOS platforms, enabling smartphone and tablet apps to embed a simple but powerful browser inside them. Expand
  • 168
  • 16
  • PDF