Publications

My Google Scholar

Want to cite my work? Check this BibTex file.

Books and Book Chapters

  1. Mu Zhang and Heng Yin. Android Application Security: A Context and Semantics-Aware Approach, SpringerBriefs in Computer Science, September 2016.
  2. Heng Yin and Dawn Song. Automatic Malware Analysis: An Emulator based Approach, SpringerBriefs in Computer Science, September 2012.
  3. David Brumley, Cody Hartwig, Zhenkai Liang, James Newsome, Dawn Song, and Heng Yin. ``Botnet Detection'', chapter ``Automatically Identifying Trigger-based Behavior in Malware'', 2007.

Journal Papers

  1. Andrew Henderson, Lok Kwong Yan, Xunchao Hu, Aravind Prakash, Heng Yin, and Stephen McCamant. DECAF: A Platform-Neutral Whole-System Dynamic Binary Analysis Platform, IEEE Transactions on Software Engineering (TSE), Vol 43, No. 2, February 2017.
  2. Aravind Prakash, Eknath Venkataramani, Heng Yin, and Zhiqiang Lin. On the Trustworthiness of Memory Analysis---An Empirical Study from the Perspective of Binary Execution, IEEE Transactions on Dependable and Secure Computing (TDSC), Volume 12, Issue 5, September/October 2015.
  3. Yufei Gu, Yangchun Fu, Aravind Prakash, Zhiqiang Lin, and Heng Yin. Multi-Aspect, Robust, and Memory Exclusive Guest OS Fingerprinting, IEEE Transactions on Cloud Computing (TCC), July 2014.
  4. Heng Yin, Bo Sheng, Haining Wang, and Jianping Pan. Keychain-based Signatures for Securing BGP, IEEE Journal on Selected Areas in Communications (J-SAC), Internet Routing Scalability, October 2010.
  5. Mengjun Xie, Heng Yin, and Haining Wang. Thwarting Email Spam Laundering, ACM Transactions on Information and System Security (TISSEC), December 2008.
  6. Heng Yin and Haining Wang. Building an Application-aware IPsec Policy System, IEEE/ACM Transactions on Networking (TON), December 2007.

Conference and Workshop Papers

  1. Yue Duan, Mu Zhang, Abhishek Vasist Bhaskar, Heng Yin, Xiaorui Pan, Tongxin Li, Xueqiang Wang, and Xiaofeng Wang. Things You May Not Know About Android (Un)Packers: A Systematic Study based on Whole-System Emulation, to appear in the Network and Distributed System Security Symposium (NDSS'18), February 2018.
  2. Shitong Zhu, Xunchao Hu, Zhiyun Qian, Zubair Shafiq, and Heng Yin. Large-Scale Analysis of Anti Ad-blockers Using Differential Execution Trace Analysis, to appear in the Network and Distributed System Security Symposium (NDSS'18), February 2018.
  3. Xiaojun Xu, Chang Liu, Qian Feng, Heng Yin, Le Song and Dawn Song. Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection, to appear in the 24th ACM Conference on Computer and Communications Security (CCS'17), October 2017.
  4. David Korczynski and Heng Yin. Capturing Malware Propagations with Code Injections and Code-Reuse Attacks, to appear in the 24th ACM Conference on Computer and Communications Security (CCS'17), October 2017.
  5. Xunchao Hu, Yao Cheng, Yue Duan, Andrew Henderson and Heng Yin. JSForce: A Forced Execution Engine for Malicious JavaScript Detection, to appear in the 13th EAI International Conference on Security and Privacy in Communication Networks (SecureComm'17), October 2017.
  6. Andrew Henderson, Heng Yin, Guang Jin, Hao Han, and Hongmei Deng. VDF: Targeted Evolutionary Fuzz Testing of Virtual Devices, to appear in the 20th International Symposium on Research on Attacks, Intrusions and Defenses (RAID'17), September 2017.
  7. Xudong He, Zhijiang Dong, Heng Yin and Yujian Fu. A Framework for Developing Cyber Physical Systems, appeared in the 29th International Conference on Software Engineering & Knowledge Engineering (SEKE'17), July 2017. Best Paper Award
  8. Qian Feng, Minghua Wang, Mu Zhang, Rundong Zhou, Andrew Henderson, and Heng Yin. Extracting Conditional Formulas for Cross-Platform Bug Search, appeared in ACM Asia Conference on Computer and Communications Security (ASIACCS'17), April 2017.
  9. Xiaorui Pan, Xueqiang Wang, Yue Duan, Xiaofeng Wang, and Heng Yin. Dark Hazard: Large-Scale Discovery of Unknown Hidden Sensitive Operations in Android Apps, appeared in the Network and Distributed System Security Symposium (NDSS'17), February 2017.
  10. Qian Feng, Rundong Zhou, Chengcheng Xu, Yao Cheng, Brian Testa, and Heng Yin. Scalable Graph-based Bug Search for Firmware Images, in the 23rd ACM Conference on Computer and Communications Security (CCS'16), October 2016.
  11. Xunchao Hu, Aravind Prakash, Jinghan Wang, Rundong Zhou, Yao Cheng, and Heng Yin. Semantics-Preserving Dissection of JavaScript Exploits via Dynamic JS-Binary Analysis, in the 19th Symposium on Research in Attacks, Intrusions and Defenses (RAID'16), September 2016.
  12. Qian Feng, Aravind Prakash, Minghua Wang, Curtis Carmony and Heng Yin. ORIGEN: Automatic Extraction of Offset-Revealing Instructions for Cross-Version Memory Analysis, In Proceedings of the 11th ACM Asia Conference on Computer and Communications Security (ASIACCS'16), May 2016.
  13. Curtis Carmony, Mu Zhang, Xunchao Hu, Abhishek Vasisht Bhaskar, and Heng Yin, Extract Me If You Can: Abusing PDF Parsers in Malware Detectors, In Proceedings of Network and Distributed System Security Symposium (NDSS'16), February 2016.
  14. Aravind Prakash and Heng Yin. Defeating ROP Through Denial of Stack Pivot, In Proceedings of 2015 Annual Computer Security Applications Conference (ACSAC'15), December 2015.
  15. Minghua Wang, Heng Yin, Abhishek Vasisht Bhaskar, Purui Su, and Dengguo Feng. Binary Code Continent: Finer-Grained Control Flow Integrity for Stripped Binaries, In Proceedings of 2015 Annual Computer Security Applications Conference (ACSAC'15), December 2015.
  16. Mu Zhang, Yue Duan, Qian Feng, and Heng Yin. Towards Automatic Generation of Security-Centric Descriptions for Android Apps, In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS'15), November 2015.
  17. Yue Duan, Mu Zhang, Heng Yin, and Yuzhe Tang, Privacy-Preserving Offloading of Mobile App to the Public Cloud, In The 7th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud'15), Santa Clara, CA, July 2015.
  18. Aravind Prakash, Xunchao Hu, and Heng Yin, vfGuard: Strict Protection for Virtual Function Calls in COTS C++ Binaries, In Proceedings of ISOC Network and Distributed System Security Symposium (NDSS'15), February 2015.
  19. Qian Feng, Aravind Prakash, Heng Yin, and Zhiqiang Lin, MACE: High-Coverage and Robust Memory Analysis for Commodity Operating Systems, In Proceedings of Annual Computer Security Applications Conference (ACSAC'14), December 2014.
  20. Mu Zhang, Yue Duan, Heng Yin, and Zhiruo Zhao. Semantics-Aware Android Malware Classification using Weighted Contextual API Dependency Graphs, In Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS'14), November 2014.
  21. Xing Jin, Xunchao Hu, Kailiang Ying, Wenliang Du, Heng Yin, and Gautam Nagesh Peri. Code Injection Attacks in HTML5-based Mobile Apps: Characterization, Detection and Mitigation, In Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS'14), November 2014.
  22. Andrew Henderson, Aravind Prakash, Lok Kwong Yan, Xunchao Hu, Xujiewen Wang, Rundong Zhou, and Heng Yin, Make It Work, Make It Right, Make It Fast: Building a Platform-Neutral Whole-System Dynamic Binary Analysis Platform, In Proceedings of International Symposium on Software Testing and Analysis (ISSTA'14), San Jose, CA, July 2014.
  23. Xiaolei Li, Guangdong Bai, Benjamin Thian, Zhenkai Liang, and Heng Yin, A light-weight software environment for confining android malware, In Proceedings of the Eighth International Conference on Software Security and Reliability (SERE'14), Trustworthy Computing Workshop, July 2014.
  24. Mu Zhang and Heng Yin. Efficient, Context-Aware Privacy Leakage Confinement for Android Applications without Firmware Modding, In Proceedings of the 9th ACM Symposium on Information, Computer and Communication Security (ASIACCS'14), Kyoto, Japan, June 2014.
  25. Mu Zhang and Heng Yin, AppSealer: Automatic generation of vulnerability-specific patches for preventing component hijacking attacks in Android applications, In Proceedings of the 21st Annual Network and Distributed System Security Symposium (NDSS'14), February 2014.
  26. Yousra Aafer, Wenliang Du, and Heng Yin, DroidAPIMiner: Mining API-Level features for robust malware detection in Android, In Proceedings of the 9th International Conference on Security and Privacy in Communication Networks (SecureComm'13), September 2013.
  27. Aravind Prakash, Eknath Venkataramani, Heng Yin, and Zhiqiang Lin, Manipulating semantic values in kernel data structures: Attack assessments and implications, In Proceedings of the 43rd IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'13), June 2013.
  28. Xiaolei Li, Guangdong Bai, Zhenkai Liang, and Heng Yin, A Software Environment for Confining Malicious Android Applications via Resource Virtualization, In the 18th International Conference on Engineering of Complex Computer Systems (ICECCS'13), July 2013.
  29. Aravind Prakash, Heng Yin, and Zhenkai Liang, Enforcing system-wide control flow integrity for exploit detection and diagnosis, In Proceedings of the 8th ACM Symposium on Information, Computer and Communication Security (ASIACCS'13), May 2013.
  30. Yufei Gu, Yangchun Fu, Aravind Prakash, Zhiqiang Lin, and Heng Yin, OS-Sommelier: Memory-only operating system fingerprinting in the cloud, In Proceedings of the 3rd ACM Symposium on Cloud Computing (SOCC'12), October 2012.
  31. Lok Kwong Yan and Heng Yin, DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis, In Proceedings of the 21st USENIX Security Symposium (USENIX Security'12), August 2012.
  32. Lok Kwong Yan, Manjukumar Jayachandra, Mu Zhang, and Heng Yin, V2E: Combining hardware virtualization and software emulation for transparent and extensible malware analysis, In Proceedings of the Eighth Annual International Conference on Virtual Execution Environments (VEE'12), March 2012.
  33. Lok Kwong Yan, Manjukumar Jayachandra, Mu Zhang, and Heng Yin, Transparent and extensible malware analysis by combining hardware virtualization and software emulation, In Proceedings of the 19th Annual Network and Distributed System Security Symposium (NDSS'12), Invited Paper, February 2012.
  34. Mingwei Zhang, Aravind Prakash, Xiaolei Li, Zhenkai Liang, and Heng Yin, Identifying and analysing pointer misuses for sophisticated memory-corruption exploit diagnosis, In Proceedings of the 19th Annual Network and Distributed System Security Symposium (NDSS'12), February 2012.
  35. Tongbo Luo, Hao Hao, Wenliang Du, Yifei Wang, and Heng Yin, Attacks on webview in the android system, In Proceedings of the 27th Annual Computer Security Application Conference (ACSAC'11), December 2011.
  36. Heng Yin, Pongsin Poosankam, Steve Hanna, and Dawn Song, HookScout: Proactive binary-centric hook detection, In Proceedings of Seventh Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'10), July 2010.
  37. Min Gyung Kang, Heng Yin, Steve Hanna, Stephen McCamant, and Dawn Song. Emulating emulation-resistant malware, In Proceedings of the 2nd Workshop on Virtual Machine Security (VMSec'09), November 2009.
  38. Dawn Song, David Brumley, Heng Yin, Juan Caballero, Ivan Jager, Min Gyung Kang, Zhenkai Liang, James Newsome, Pongsin Poosankam, and Prateek Saxena. BitBlaze: A new approach to computer security via binary analysis, In Proceedings of the 4th International Conference on Information Systems Security, Hyderabad, India, December 2008.
  39. Heng Yin, Zhenkai Liang, and Dawn Song. HookFinder: Identifying and understanding malware hooking behaviors, In Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08), February 2008.
  40. Min Gyung Kang, Pongsin Poosankam, and Heng Yin, Renovo: A hidden code extractor for packed executables, In Proceedings of the 5th ACM Workshop on Recurring Malcode (WORM'07), October 2007.
  41. Heng Yin, Dawn Song, Egele Manuel, Christopher Kruegel, and Engin Kirda, Panorama: capturing system-wide information flow for malware detection and analysis, In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS'07), October 2007.
  42. Juan Caballero, Heng Yin, Zhenkai Liang, and Dawn Song. Polyglot: Automatic extraction of protocol message format using dynamic binary analysis, In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS'07), October 2007.
  43. Manual Egele, Christopher Kruegel, Engin Kirda, Heng Yin, and Dawn Song, Dynamic spyware analysis, In Proceedings of the 2007 Usenix Annual Conference (ATC'07), June 2007.
  44. Heng Yin, Bo Sheng, Haining Wang, and Jianping Pan. Securing BGP through keychain-based signatures, In Proceedings of the 15th IEEE International Workshop on Quality of Service (IWQoS'07), June 2007.
  45. Mengjun Xie, Heng Yin, and Haining Wang, An effective defense against spam laundering, In Proceedings of the 13th ACM Conference on Computer and Communication Security (CCS'06), October 2006.
  46. Heng Yin and Haining Wang, Building an application-aware IPsec policy, In Proceedings of the 14th USENIX Security Symposium (USENIX Security'05), August 2005.