• Publications
  • Influence
Dissecting Android Malware: Characterization and Evolution
TLDR
Systematize or characterize existing Android malware from various aspects, including their installation methods, activation mechanisms as well as the nature of carried malicious payloads reveal that they are evolving rapidly to circumvent the detection from existing mobile anti-virus software. Expand
Jump-oriented programming: a new class of code-reuse attack
TLDR
This paper introduces a new class of code-reuse attack, called jump-oriented programming, which eliminates the reliance on the stack and ret instructions (including ret-like instructions such as pop+jmp) seen in return- oriented programming without sacrificing expressive power. Expand
Detecting repackaged smartphone applications in third-party android marketplaces
TLDR
An app similarity measurement system called DroidMOSS is implemented that applies a fuzzy hashing technique to effectively localize and detect the changes from app-repackaging behavior, which shows a worrisome fact that 5% to 13% of apps hosted on six popular Android-based third-party marketplaces are repackaged. Expand
Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets
TLDR
A permissionbased behavioral footprinting scheme to detect new samples of known Android malware families and a heuristics-based filtering scheme to identify certain inherent behaviors of unknown malicious families are proposed. Expand
RiskRanker: scalable and accurate zero-day android malware detection
TLDR
An automated system called RiskRanker is developed to scalably analyze whether a particular app exhibits dangerous behavior and is used to produce a prioritized list of reduced apps that merit further investigation, demonstrating the efficacy and scalability of riskRanker to police Android markets of all stripes. Expand
HyperSentry: enabling stealthy in-context measurement of hypervisor integrity
TLDR
A key contribution of HyperSentry is the set of novel techniques that overcome SMM's limitation, providing an integrity measurement agent with the same contextual information available to the hypervisor, completely protected execution, and attestation to its output. Expand
DroidChameleon: evaluating Android anti-malware against transformation attacks
TLDR
This paper evaluates the state-of-the-art commercial mobile antimalware products for Android and test how resistant they are against various common obfuscation techniques and proposes possible remedies for improving the current state of malware detection on mobile devices. Expand
Unsafe exposure analysis of mobile in-app advertisements
TLDR
The investigation indicates the symbiotic relationship between embedded ad libraries and host apps is one main reason behind these exposed risks, and clearly shows the need for better regulating the way ad libraries are integrated in Android apps. Expand
HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity
TLDR
This paper presents HyperSafe, a lightweight approach that endows existing Type-I bare-metal hypervisors with a unique self-protection capability to provide lifetime control flow integrity and shows HyperSafe can reliably enable the hypervisor self- protection and provide the integrity guarantee with a small performance overhead. Expand
Stealthy malware detection through vmm-based "out-of-the-box" semantic view reconstruction
TLDR
VMwatcher is presented - an "out-of-the-box" approach that overcomes the semantic gap challenge and identifies two unique malware detection capabilities: view comparison-based malware detection and its demonstration in rootkit detection and "out of the box" deployment of host-based anti-malware software with improved detection accuracy and tamper-resistance. Expand
...
1
2
3
4
5
...