Computer Science Seminar: Yue Duan

This event is open to all Illinois Tech faculty and students. 

Abstract

Programs are not immutable. In fact, most programs are under constant changes for security (e.g, vulnerability fix) and non-security (e.g., new features) reasons. These code changes have exposed great security challenges. In this talk, Yue Duan will present his unique approach that combines static/dynamic program analysis with other techniques, including deep learning and virtual machine introspection (VMI), to understand code changes from a security perspective in mobile and PC software domains. First, Android packers, as a set of code transformation techniques, are gaining increasingly popularity among Android malware, rendering existing malware detection techniques obsolete. We propose DroidUnpack, which is a VMI-based Android packing analysis framework, to perform the first large-scale systematic study on Android packing techniques, and report some surprising findings. Second, Android third-party libraries (TPL) that can provide complementary functionalities and ease the app developments have become one of the major sources of Android security issues, due to the pervasive outdatedness issue. Prior efforts have been made to understand and mitigate specific types of security issues in TPLs, but there exists no generic solution to solve the issues and keep them up-to-date. We propose LibBandAid to automatically generate updates for TPLs in Android apps in a non-intrusive fashion without the need of source code. Third, binary code differential analysis, a.k.a, binary diffing, is a fundamental analysis capability that aims to quantitatively measure the similarity between two given binaries and produce the fine-grained block level matching. It has enabled many critical security usages including patch analysis and malware analysis. Existing binary diffing techniques suffer from low accuracy, poor scalability, coarse granularity, or require extensive labeled training data to function. Duan will present a novel technique named DeepBinDiff as an unsupervised deep neural network based program-wide code representation learning technique for binary diffing. It relies on both the code semantic information as well as the program-wide control flow information to generate basic block embeddings, and further performs a K-hop greedy matching to find the optimal diffing results using the generated embeddings.

Bio

Duan is currently a postdoctoral researcher at Cornell University. He received his Ph.D in computer science from University of California, Riverside in 2019. He earned his M.S and B.S from Syracuse University and Xi'an Jiaotong University, respectively. His research interests mainly lie in system security, mobile security, deep learning, and blockchain. His work has been extensively published in leading security conferences including ACM CCS, NDSS, and RAID.