Research Projects

Malware Detection and AnalysisEmulation-based Malware Analysis

Given a piece of unknown malware, the objective of malware analysis is to reverse engineer it and quickly reveal its inner workings. We take an emulation based approach to this problem. We build a dynamic binary analysis platform called DECAF based on a CPU emulator QEMU, and then on top of DECAF, we perform various analyses to analyze spyware, rootkit, etc.  More…

DECAFExploit Detection and Diagnosis

Software exploits are one of the major threats to the Internet security. To quickly respond to these attacks, it is critical to automatically diagnose such exploits to find out how they circumvent existing defense mechanisms and generate patches. More…

Mobile System SecurityMobile System Security

With the increasing adoption of Android devices, the security threats in Android are also increasing. Privacy leaks have caught users’ attentions. Various security vulnerabilities (such as privilege escalation, capability leaks, permission re-delegation, component hijacking, content leaks and pollution, etc.) allow the attackers to compromise the vulnerable apps and even the Android device.  Malicious apps are also increasing. We propose both dynamic and static analysis techniques to tackle these problems. More…

Digital Forensic Analysis Digital Forensic Analysis

Memory forensics has become increasingly valuable in digital forensic analysis, as it extracts live digital evidence from the volatile memory state of a running system, which cannot be obtained from traditional hard disk based forensic analysis. However, memory forensics is an extremely challenging task, especially for closed-source operating systems (e.g.,Microsoft Windows). We aim to use binary analysis and machine learning techniques to improve the quality and robustness of memory forensics. More…