Due to the enormous popularity of Android as a mobile platform, the number of Android malware has skyrocketed. In this talk, I will focus on techniques for performing semantics based malware detection through program analysis and program synthesis.
In the first part of my talk, I will present Apposcopy, a new semantics-based approach for identifying a prevalent class of Android malware that steals private user information. Apposcopy incorporates (i) a high-level language for specifying signatures that describe semantic characteristics of malware families and (ii) a static analysis for deciding if a given application matches a malware signature. To reduce the manual effort of writing malware signatures in Apposcopy, in the second part of my talk, I will present a technique for automatically synthesizing malware signatures from very few samples of a malware family. The key idea underlying our technique is to look for a maximally suspicious common subgraph (MSCS) that is shared between all known instances of a malware family.
Yu Feng is a Ph.D. candidate in Computer Science at UT Austin. His research to date focuses on developing automated programming techniques that combine program synthesis and program analysis to improve software usability, reliability, and security. Yu has developed systems for tackling security vulnerabilities (FSE'14, NDSS'17, CCS'17), automating complex programming tasks (PLDI'17, POPL'17, PLDI'18), and challenging the limits of existing program analysis (OOPSLA'15, APLAS'15).