A5100414046- Advanced Malware Detection Techniques
- Network Security and Intrusion Detection
- Security and Verification in Computing
- Software Testing and Debugging Techniques
- Digital and Cyber Forensics
- Internet Traffic Analysis and Secure E-voting
- Information and Cyber Security
- Mobile and Web Applications
- Spam and Phishing Detection
- Web Application Security Vulnerabilities
- Anomaly Detection Techniques and Applications
- User Authentication and Security Systems
- Complex Network Analysis Techniques
- Peer-to-Peer Network Technologies
- Web Data Mining and Analysis
- Software Reliability and Analysis Research
- Advanced Data Storage Technologies
- Software System Performance and Reliability
- Natural Language Processing Techniques
- Innovation in Digital Healthcare Systems
- Context-Aware Activity Recognition Systems
- Software Engineering Research
- Educational Methods and Media Use
- Opinion Dynamics and Social Influence
- Topic Modeling
Tsinghua University
2012-2024
University of Chinese Academy of Sciences
2016-2020
Chinese Academy of Sciences
2008-2017
Institute of Software
2011-2017
Package registries host reusable code assets, allowing developers to share and reuse packages easily, thus accelerating the software development process. Current registry ecosystems involve multiple independent stakeholders for package management. Unfortunately, abnormal behavior information inconsistency inevitably exist, enabling adversaries conduct malicious activities with minimal effort covertly. In this paper, we investigate potential security vulnerabilities in six popular ecosystems....
Due to the cost-efficient communicating manner and attractive user experience, messenger applications have dominated every smartphone in recent years. Nowadays, Address Book Matching, a new feature that helps people keep touch with real world contacts, has been loaded many popular applications, which unfortunately as well brings severe privacy issues users. In this paper, we propose novel method abuse such automatically collect profiles. This can be applied any application equipped Matching...
APT(Advanced persist threat) is an emerging attack on the Internet. Attackers may combine phishing emails, malware, social engineering and botnets to create a series of attacks in one APT which makes it quite difficult for detection. In this way, attackers can remotely control infected host, or steal sensitive information. paper, we proposed time transform features approach distinguishing based observation that malicious payload must be transferred target hosts attack. By comparing normal...
Nowadays, the popular Android is so closely involved in people's daily lives that people rely on to perform critical operations and trust with sensitive information. It of great importance guarantee usability security which, however, such a huge system potential threat may arise from any part it. In this paper, we focus Free Floating window (FF window) which category windows can appear freely above other applications. share screen space FF windows, dialogs, activities. An flexible both its...
Android is the most popular smartphone platform with over 85% market share. Its success built on openness, and phone vendors can utilize source code to make products unique software/hardware features. On other hand, fragmentation customization of also bring many security risks that have attracted attention researchers. Many efforts were put in investigate customized firmware. However, previous work focuses designing efficient analysis tools or analyzing particular aspects There still lacks a...
Macro malware has always been a severe threat to cyber security although the Microsoft Office suite applies default macro-disabling policy. Among defense solutions at different stages of attack chain, document analysis is more targeted through detecting malicious documents with macro malware. It effective, especially machine learning methods, but still faces problems handling variants, supporting file formats, and countermeasures advanced techniques (e.g., Excel 4.0 remote template injection).
Android system applies a permission-based security model to restrict unauthorized apps from accessing services, however, this cannot constrain authorized sending excessive service requests exhaust the limited resource allocated for each service. As references native code Java object, JNI Global References (JGR) are prone memory leaks, since they not automatically garbage collected. Moreover, JGR exhaustion may lead process abort or even reboot when victim could afford triggered by malicious...
With the development of artificial intelligence algorithms like deep learning models and successful applications in many different fields, further similar trails technology have been made cyber security area. It shows preferable performance not only academic research but also industry practices when dealing with part issues by methods compared to those conventional rules. Especially for malware detection classification tasks, it saves generous time cost promotes accuracy a total pipeline...
Continuous Integration (CI) is a widely-adopted software development practice for automated code integration. A typical CI workflow involves multiple independent stakeholders, including hosting platforms (CHPs), (CPs), and third party services. While can significantly improve efficiency, unfortunately, it also exposes new attack surfaces. As the executed by task may come from less-trusted user, improperly configured with weak isolation mechanisms might enable attackers to inject malicious...
In recent years, PowerShell has been widely used in cyber attacks and malicious scripts can easily evade the detection of anti-virus software through obfuscation. Existing deobfuscation tools often fail to recover obfuscated correctly due imprecise obfuscation identification, improper recovery wrong replacement. this paper, we propose an AST-based semantics-preserving approach, Invoke-Deobfuscation. It utilizes recoverable nodes Abstract Syntax Tree identify pieces precisely, simulates...
P2P Botnet is quite robust against various attacks once very effective centralized network. In this paper, we concentrate on the tracking of botnets, investigate botnet victims which are routable Internet, also known as super peers. The peers backbone to disseminate its commands and payload updates. Through three typical live botnets over 6 months analysis their network dynamics, outline a number descriptive statistical characterization peers, such geo-location, peer session time...
PDF HTML阅读 XML下载 导出引用 引用提醒 基于行为依赖特征的恶意代码相似性比较方法 DOI: 10.3724/SP.J.1001.2011.03888 作者: 作者单位: 作者简介: 通讯作者: 中图分类号: 基金项目: 国家自然科学基金(60703076); 国家高技术研究发展计划(863)(2007AA01Z451, 2009AA01Z435) Dependency-Based Malware Similarity Comparison Method Author: Affiliation: Fund Project: 摘要 | 图/表 访问统计 参考文献 相似文献 引证文献 资源附件 文章评论...
PDF HTML阅读 XML下载 导出引用 引用提醒 基于MapReduce 的大规模在线社交网络蠕虫仿真 DOI: 10.3724/SP.J.1001.2013.04295 作者: 作者单位: 作者简介: 通讯作者: 中图分类号: 基金项目: 国家重点基础研究发展计划(973)(2012CB315804); 国家自然科学基金(61073179); 国家科技重大专项(2011ZX03002-005-2); 国家高技术研究发展计划(863)(2011AA01A203); 北京市自然科学基金(4122086) MapReduce-Based Large-Scale Online Social Network Worm Simulation Author: Affiliation: Fund Project: 摘要 | 图/表 访问统计 参考文献 相似文献 引证文献 资源附件 文章评论 摘要:利用云计算中的核心技术MapReduce,提出了一种在线社交网络(online social network,简称OSN)蠕虫的仿真方法.为了提高仿真精度,首先提出利用节点属性可调节的OSN...
Android is the most popular smartphone platform with over 85% market share. Its success built on openness, and phone vendors can utilize source code to make customized products unique software/hardware features. On other hand, fragmentation customization of also bring many security risks that have attracted attention researchers. Many efforts were put in investigate firmware. However, previous works focus designing efficient analysis tools or analyzing particular aspects There still lacks a...
Leveraging DNS for covert communications is appealing since most networks allow traffic, especially the ones directed toward renowned hosting services. Unfortunately, services overlook domain ownership verification, enabling miscreants to host undelegated records of a they do not own. Consequently, can conduct communication through such whitelisted domains on reputable providers. In this paper, we shed light emerging threat posed by and demonstrate their exploitation in wild. To best our...