12月11日(上午)：More semantics more robustness: improving Android malware classifiers

报告题目：More semantics more robustness: improving Android malware classifiers

报告人：陈炜 研究员(英国爱丁堡大学信息学院)

主持人：吴恒洋

报告时间：2017年12月11日10:00—11:00

报告地点：中北校区数学馆301室

报告简介：

随着智能手机的普及，移动应用安全正在变得日益严峻。自2011年以来，越来越多的基于安卓平台的恶意软件被识别和研究，并被组织成近两百多个家族。这些恶意软件往往会盗取用户隐私，随机发送付费短信，甚至可以进行监听和监控。如何利用这些已经被识别的恶意软件，构建有效的健壮的自动恶意软件检测工具，成为亟待解决的问题。基于机器学习的恶意软件分类器，在检测新的恶意软件时，其分类的准确性往往远低于预期，即这类分类器的健壮性较差。本研究以安卓平台上的应用程序为例，调查和对比了，常见的基于语法的特征，基于语义的特征，以及这些训练输入特征在各种机器学习方法上的性能。揭示出一个重要的影响分类器健壮性的因素：训练输入特征未能捕获恶意软件的一般行为。一个基本的结论为，通过使用较难计算的基于语义的特征，比如：应用接口函数的先后调用顺序，恶意软件分类器的健壮性可以得到大幅度的提高。

Abstract:

Smart phones are becoming more and more popular. With the growth ofmobile apps mobile security is attracting attentions from industriesand academics. From 2011 more and more Android malware instances areidentified, studied, and organized into around 200 malware families.These malware instances often steal personal information or sendpremium SMS messages. Some of them are able to eavesdrop end users.The challenging problem is to develop effective and robust tools toautomatically detect new malware by exploiting behaviour ofidentified malware.  Machine learning based malwareclassifiers often perform badly on detecting new malware, that is,their robustness is poor. This research takes Android apps asvehicle, investigates popular syntax-based features, somesemantics-based features, and compares performance of classifierscombining popular machine learning methods and these features. Wereveal one important reason affecting the robustness of malwareclassifiers: they do not capture general behavioural patterns ofidentified malware. One conclusion is: by using semantics-basedfeatures which are often hard to compute, i.e., sequences of APIcalls, the robustness of malware classifiers can be improveddramatically.

12月11日(下午)：Stochastic Buechi Types for Infinite Traces

报告题目：Stochastic Buechi Types for Infinite Traces

报告人：陈炜 研究员(英国爱丁堡大学信息学院)

主持人：吴恒洋

报告时间：2017年12月11日15:00—16:00

报告地点：中北校区数学馆301室

报告摘要：

 We describe the analysis of distributions of infinite traces generated by programs in a small language which allows stochastic  choices and infinite recursions. This enables one to compute the  accepting probability of infinite traces with respect to properties  specified in Buechi automata by using abstract lattices derived from  Buechi automata. This gives rise to a compositional method that lends itself to a formulation as a type-and-effect system. It also improves on an existing  algorithm by Brazdil et al for model checking probabilistic pushdown automata  in that no determinization of the  Buechi automaton is required. Also in the special case of finite traces which is well understood in the context of model checking of pushdown systems we get a compositional formulation which may be of independent interest.

报告人简介：

       陈炜，自2013年起担任英国爱丁堡大学信息学院研究员。南京理工大学学士，清华大学硕士，英国诺丁汉大学博士。曾供职于德国慕尼黑大学信息学院，深圳华为技术有限公司，以及上海贝尔阿尔卡特。主要研究兴趣包括：形式化方法，软件验证，定理证明，类型论，以及计算机安全。目前的主要研究方向为：形式化方法和机器学习在网络安全和移动安全中的应用。主要研究成果为：商类型中的环及其在组合学中的应用（博士论文和MPC 2010），Büchi自动机中的抽象解释（LICS 2014），以及移动应用程序行为分析（iFM 2016和WiSec 2016）。

Brief biography:

       Dr. Wei Chen, a Research Associate in School of Informatics at University of Edinburgh UK since 2013. He graduated from Nanjing University of Science and Technology China, obtained MSc and PhD respectively from Tsinghua University China and University of Nottingham UK. Wei used to work in Institute of Informatics at Ludwig-Maximillian University Munich Germany, Shenzhen Huawei Technology Ltd., and Shanghai Alcatel-Bell Ltd. His main research interest includes: formal methods, software verification, theorem proving, type theory, and computer security. Wei’s current research direction is: applying formal methods and machine learning methods in communication and mobile security. His main research results are: rings in quotient types with its application in combinatorics (PhD thesis and MPC 2010), abstract interpretation from Büchi automata (LICS 2014), and behavioural analysis for mobile apps (iFM 2016 and WiSec 2016).