@inproceedings{JSForce:SecureComm2017, author = {Xunchao Hu and Yao Cheng and Yue Duan and Andrew Henderson and Heng Yin}, title = {{JSForce}: A Forced Execution Engine for Malicious JavaScript Detection}, booktitle = {Proceedings of the 13th {EAI} International Conference on Security and Privacy in Communication Networks ({SecureComm'17})}, month = oct, year = 2017, } @inproceedings{Gemini:ccs17, author = {Xiaojun Xu and Chang Liu and Qian Feng and Heng Yin and Le Song and Dawn Song}, title = {Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection}, booktitle = {Proceedings of the 24th ACM Conference on Computer and Communications Security ({CCS'17})}, month = oct, year = 2017, } @inproceedings{Tarturas:ccs17, author = {David Korczynski and Heng Yin}, title = {Capturing Malware Propagations with Code Injections and Code-Reuse Attacks}, booktitle = {Proceedings of the 24th ACM Conference on Computer and Communications Security ({CCS'17})}, month = oct, year = 2017, } @inproceedings{VDF:RAID2017, author = {Andrew Henderson and Heng Yin and Guang Jin and Hao Han and Hongmei Deng}, title = {{VDF}: Targeted Evolutionary Fuzz Testing of Virtual Devices}, booktitle = {Proceedings of the 20th International Symposium on Research on Attacks, Intrusions and Defenses ({RAID'17})}, month = sep, year = 2017, } @inproceedings{Feng:AsiaCCS2017, author = {Qian Feng and Minghua Wang and Mu Zhang and Rundong Zhou and Andrew Henderson and Heng Yin}, title = {Extracting Conditional Formulas for Cross-Platform Bug Search}, booktitle = {Proceedings of ACM Asia Conference on Computer and Communications Security ({ASIACCS'17})}, month = apr, year = 2017 } @inproceedings{FaultInjection:SELSE2017, author = {Xunchao Hu and Qiang Guan and Heng Yin and Nathan Debardeleben}, title = {A Fine-grained, Accountable, Flexible, and Efficient Soft Error Fault Injection Framework for Profiling Application Vulnerability}, booktitle = {Proceedings of the 13th Workshop on Silicon Errors in Logic - System Effects ({SELSE-13})}, month = mar, year = 2017 } @inproceedings{HSO:ndss17, author = {Xiaorui Pan and Xueqiang Wang and Yue Duan and Xiaofeng Wang and Heng Yin}, title = {Dark Hazard: Large-Scale Discovery of Unknown Hidden Sensitive Operations in Android Apps}, booktitle = {Proceedings of the Annual Network and Distributed System Security Symposium ({NDSS'17})}, year = 2017, month = feb } @inproceedings{Genius:ccs16, author = {Qian Feng and Rundong Zhou and Chengcheng Xu and Yao Cheng and Brian Testa and Heng Yin}, title = {Scalable Graph-based Bug Search for Firmware Images}, booktitle = {Proceedings of the 23d {ACM} Conference on Computer and Communications Security({CCS'16})}, year = 2016, month = oct, } @inproceedings{JScalpel:raid16, author = {Xunchao Hu and Aravind Prakash and Jinghan Wang and Rundong Zhou and Yao Cheng and Heng Yin}, title = {Semantics-Preserving Dissection of JavaScript Exploits via Dynamic JS-Binary Analysis}, booktitle = {Proceedings of the 19th Symposium on Research in Attacks, Intrusions and Defense ({RAID'16})}, year = 2016, month = sep, } @inproceedings{Origen:asiaccs16, author = {Qian Feng, Aravind Prakash, Minghua Wang, Curtis Carmony and Heng Yin}, title = {{ORIGEN}: Automatic Extraction of Offset-Revealing Instructions for Cross-Version Memory Analysis}, booktitle = {Proceedings of the 11th {ACM} Asia Conference on Computer and Communications Security ({ASIACCS'16})}, year = 2016, month = may, } @inproceedings{Carmony:ndss16, author = {Curtis Carmony and Mu Zhang and Xunchao Hu and Abhishek Vasisht Bhaskar and Heng Yin}, title = {Extract Me If You Can: Abusing {PDF} Parsers in Malware Detectors}, booktitle = {Proceedings of the 23rd Annual Network and Distributed System Security Symposium ({NDSS'16})}, year = 2016, month = feb } @inproceedings{BinCC:acsac15, author = {Minghua Wang and Heng Yin and Abhishek Vasisht Bhaskar and Purui Su and Dengguo Feng}, title = {Binary Code Continent: Finer-Grained Control Flow Integrity for Stripped Binaries}, booktitle = {2015 Annual Computer Security Applications Conference}, year = 2015, month = dec, } @inproceedings{Prakash:acsac15, author = {Aravind Prakash and Heng Yin}, title = {Defeating {ROP} Through Denial of Stack Pivot}, booktitle = {2015 Annual Computer Security Applications Conference}, year = 2015, month = dec, } @inproceedings{DescribeMe:ccs15, author = {Mu Zhang and Yue Duan and Qian Feng and Heng Yin}, title = {Towards Automatic Generation of Security-Centric Descriptions for Android Apps}, booktitle = {Proceedings of the 22nd {ACM} Conference on Computer and Communications Security ({CCS'15})}, month = oct, year = 2015 } @inproceedings{vfGuard:ndss15, author = {Aravind Prakash and Xunchao Hu and Heng Yin}, title = {vfGuard: Strict Protection for Virtual Function Calls in {COTS} Binaries}, booktitle = {Proceedings of the 22nd Annual Network and Distributed System Security Symposium (NDSS'15)}, year = 2015, month = feb } @inproceedings{DroidSIFT:ccs14, author = {Mu Zhang and Yue Duan and Heng Yin and Zhiruo Zhao}, title = {Semantics-Aware Android Malware Classification Using Weighted Contextual {API} Dependency Graphs}, booktitle = {Proceedings of the 21st {ACM} Conference on Computer and Communications Security ({CCS'14})}, month = nov, year = 2014 } @inproceedings{CodeInjection:ccs14, author = {Xing Jin and Xunchao Hu and Kailiang Ying and Wenliang Du and Heng Yin and Gautam Nagesh Peri}, title = {Code Injection Attacks in HTML5-based Mobile Apps: Characterization, Detection and Mitigation}, booktitle = {Proceedings of the 21st {ACM} Conference on Computer and Communications Security ({CCS'14})}, month = nov, year = 2014 } @inproceedings{DECAF:issta14, author = {Andrew Henderson and Aravind Prakash and Lok Kwong Yan and Xunchao Hu and Xujiewen Wang and Rundong Zhou and Heng Yin}, title = {``Make It Work, Make It Right, Make It Fast'', Building a Platform-Neutral Whole-System Dynamic Binary Analysis Platform}, booktitle = {Proceedings of the 2014 International Symposium on Software Testing and Analysis ({ISSTA'14})}, year = 2014, month = jul, } @article{memanal:tdsc15, author = {Aravind Prakash and Eknath Venkataramani and Heng Yin and Zhiqiang Lin}, title = {On the Trustworthiness of Memory Analysis---An Empirical Study from the Perspective of Binary Execution}, journal = {{IEEE} Transactions on Dependable and Secure Computing}, volume = 12, number = 5, year = 2015, } @inproceedings{MACE:acsac14, author = {Qian Feng and Aravind Prakash and Heng Yin and Zhiqiang Lin}, title = {{MACE}: High-Coverage and Robust Memory Analysis For Commodity Operating Systems}, booktitle = {2014 Annual Computer Security Applications Conference}, year = 2014, month = dec, } @inproceedings{Capper:asiaccs14, author = {Mu Zhang and Heng Yin}, title = {Efficient, Context-Aware Privacy Leakage Confinement for Android Applications without Firmware Modding}, booktitle = {Proceedings of the 9th ACM Symposium on Information, Computer and Communication Security}, year = 2014, month = jun, } @TechReport{formaltaint:TR2014, author = {Lok Kwong Yan and Andrew Henderson and Xunchao Hu and Heng Yin and Stephen McCamant}, title = {On Soundness and Precision of Dynamic Taint Analysis}, institution = {Syracuse University}, year = 2014, number = {SYR-EECS-2014-04}, month = jan, } @techreport{temu:TR, author = {Yin, Heng and Song, Dawn}, title = {TEMU: Binary Code Analysis via Whole-System Layered Annotative Execution}, institution = {EECS Department, University of California, Berkeley}, year = {2010}, month = {Jan}, url = {http://www.eecs.berkeley.edu/Pubs/TechRpts/2010/EECS-2010-3.html}, number = {UCB/EECS-2010-3} } @misc{decaf:link, key = {DECAF}, title = {{DECAF Binary Analysis Platform - ``Taking the jitters out of dynamic binary analysis''}}, howpublished = "\url{https://code.google.com/p/decaf-platform/}", } @inproceedings{appsealer:ndss14, author = {Mu Zhang and Heng Yin}, title = {{AppSealer}: Automatic Generation of Vulnerability-Specific Patches for Preventing Component Hijacking Attacks in {Android} Applications}, booktitle = {Proceedings of the 21st Annual Network and Distributed System Security Symposium (NDSS'14)}, year = 2014, month = feb } @inproceedings{Aafer:securecomm13, author = {Yousra Aafer and Wenliang Du and Heng Yin}, title = {{DroidAPIMiner}: Mining {API}-Level Features for Robust Malware Detection in {Android}}, booktitle = {Proceedings of the 9th International Conference on Security and Privacy in Communication Networks}, year = 2013, month = sep, pdf = {http://www.cis.syr.edu/~wedu/Research/paper/Malware_Analysis_2013.pdf} } @inproceedings{svm:dsn13, author = {Aravind Prakash and Eknath Venkataramani and Heng Yin and Zhiqiang Lin}, title = {Manipulating Semantic Values in Kernel Data Structures: Attack Assessments and Implications}, booktitle = {Proceedings of the 43rd IEEE/IFIP International Conference on Dependable Systems and Networks}, year = 2013, month = jun, pdf = {http://lcs3.syr.edu/faculty/yin/pubs/dsn13aprakash.pdf} } @inproceedings{CFI:asiaccs13, author = {Aravind Prakash and Heng Yin and Zhenkai Liang}, title = {Enforcing System-Wide Control Flow Integrity for Exploit Detection and Diagnosis}, booktitle = {Proceedings of the 8th ACM Symposium on Information, Computer and Communication Security}, year = 2013, month = may, pdf = {http://lcs.syr.edu/faculty/yin/pubs/cfi-asiaccs13.pdf} } @inproceedings{OSFP:SoCC12, author = {Yufei Gu and Yangchun Fu and Aravind Prakash and Zhiqiang Lin and Heng Yin}, title = {{OS-Sommelier}: Memory-Only Operating System Fingerprinting in the Cloud}, booktitle = {Proceedings of the 3rd ACM Symposium on Cloud Computing}, year = 2012, month = {October}, pdf = {http://www.utdallas.edu/~zxl111930/file/SOCC12.pdf} } @book{automatic_malware:springer12, author = {Heng Yin and Dawn Song}, title = {Automatic Malware Analysis: An Emulator based Approach}, publisher = {Springer Briefs in Computer Science}, month = {September}, year = 2012, documenturl = {http://www.amazon.com/Automatic-Malware-Analysis-Emulator-SpringerBriefs/dp/1461455227} } @inproceedings{droidscope:sec12, author = {Lok-Kwong Yan and Heng Yin}, title = {{DroidScope}: Seamlessly Reconstructing OS and Dalvik Semantic Views for Dynamic Android Malware Analysis}, booktitle = {Proceedings of the 21st USENIX Security Symposium}, year = 2012, month = {August}, pdf = {https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final107.pdf} } @inproceedings{v2e:vee12, author = {Lok-Kwong Yan and Manjukumar Jayachandra and Mu Zhang and Heng Yin}, title = {{V2E}: Combining Hardware Virtualization and Software Emulation for Transparent and Extensible Malware Analysis}, booktitle = {Proceedings of the Eighth Annual International Conference on Virtual Execution Environments (VEE'12)}, year = 2012, month = {March}, pdf = {http://www.cl.cam.ac.uk/research/srg/netos/vee_2012/papers/p227.pdf} } @inproceedings{v2e:ndss12, author = {Lok-Kwong Yan and Manjukumar Jayachandra and Mu Zhang and Heng Yin}, title = {Transparent and Extensible Malware Analysis by Combining Hardware Virtualization and Software Emulation}, booktitle = {Proceedings of the 19th Annual Network and Distributed System Security Symposium (NDSS'12), Invited Paper}, year = 2012, month = {February}, pdf = {http://www.internetsociety.org/sites/default/files/05_1.pdf} } @inproceedings{pointerscope:ndss12, author = {Mingwei Zhang and Aravind Prakash and Xiaolei Li and Zhenkai Liang and Heng Yin}, title = {Identifying and Analysing Pointer Misuses for Sophisticated Memory-corruption Exploit Diagnosis}, booktitle = {Proceedings of the 19th Annual Network and Distributed System Security Symposium (NDSS'12)}, year = 2012, month = {February}, pdf = {http://www.internetsociety.org/sites/default/files/14_3.pdf} } @inproceedings{webview:acsac11, author = {Tongbo Luo and Hao Hao and Wenliang Du and Yifei Wang and Heng Yin}, title = {Attacks on WebView in the Android System}, booktitle = {Proceedings of the 27th Annual Computer Security Application Conference ({ACSAC'11})}, year = 2011, month = {December}, pdf = {http://www.cis.syr.edu/~wedu/Research/paper/webview_acsac2011.pdf} } @article{yin:jsac10, author = {Heng Yin and Bo Sheng and Haining Wang and Jianping Pan}, title = {Keychain-based Signatures for Securing BGP}, journal = {{IEEE} Journal on Selected Areas in Communications ({J-SAC}), Internet Routing Scalability}, month = {October}, year = 2010, url = {http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5586443&tag=1} } @inproceedings{yin:dimva10, author = {Heng Yin and Pongsin Poosankam and Steve Hanna and Dawn Song}, title = {{HookScout}: Proactive Binary-Centric Hook Detection}, booktitle = {Proceedings of Seventh Conference on Detection of Intrusions and Malware \& Vulnerability Assessment ({DIMVA'10})}, month = {July}, year = {2010}, pdf = {pubs/hookscout-dimva10.pdf} } @techreport{Yin:EECS-2010-3, author = {Yin, Heng and Song, Dawn}, title = {TEMU: Binary Code Analysis via Whole-System Layered Annotative Execution}, institution = {EECS Department, University of California, Berkeley}, year = {2010}, month = {Jan}, url = {http://www.eecs.berkeley.edu/Pubs/TechRpts/2010/EECS-2010-3.html}, number = {UCB/EECS-2010-3} } @inproceedings{Kang:vmsec09, author = {Min Gyung Kang and Heng Yin and Steve Hanna and Stephen McCamant and Dawn Song}, title = {Emulating Emulation-Resistant Malware}, booktitle = {Proceedings of the 2nd Workshop on Virtual Machine Security ({VMSec'09})}, month = {November}, year = {2009}, pdf = {http://bitblaze.cs.berkeley.edu/papers/VMSec02-kang.pdf} } @phdthesis{yin:dissertation09, author = {Heng Yin}, title = {Malware Detection and Analysis via Layered Annotative Execution}, school = {College of William and Mary}, type = {{PhD} Dissertation}, address = {Department of Computer Science}, month = {July}, year = 2009 } @inproceedings{SBYCJKLNPS2008, author = {Dawn Song and David Brumley and Heng Yin and Juan Caballero and Ivan Jager and Min Gyung Kang and Zhenkai Liang and James Newsome and Pongsin Poosankam and Prateek Saxena}, title = {{BitBlaze}: A New Approach to Computer Security via Binary Analysis}, booktitle = {Proceedings of the 4th International Conference on Information Systems Security}, address = {Hyderabad, India}, year = 2008, month = dec } @article{xie:tissec08, author = {Mengjun Xie and Heng Yin and Haining Wang}, title = {Thwarting Email Spam Laundering}, journal = {{ACM} Transactions on Information and System Security ({TISSEC})}, year = 2008, month = {December}, url = {http://dl.acm.org/citation.cfm?id=1455525&bnc=1} } @inproceedings{yin:ndss08, author = {Heng Yin and Zhenkai Liang and Dawn Song}, title = {{HookFinder}: Identifying and Understanding Malware Hooking Behaviors}, booktitle = {Proceedings of the 15th Annual Network and Distributed System Security Symposium ({NDSS'08})}, year = {2008}, month = {February}, pdf = {pubs/hookfinder-ndss08.pdf} } @article{yin:ton07, author = {Heng Yin and Haining Wang}, title = {Building an Application-aware IPsec Policy System}, journal = {{IEEE/ACM} Transactions on Networking}, year = 2007, month = {December}, url = {http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=04359154} } @inproceedings{kang:worm07, author = {Min Gyung Kang and Pongsin Poosankam and Heng Yin}, title = {Renovo: A Hidden Code Extractor for Packed Executables}, booktitle = {Proceedings of the 5th ACM Workshop on Recurring Malcode ({WORM'07})}, year = 2007, month = oct, pdf = {http://bitblaze.cs.berkeley.edu/papers/renovo.pdf} } @inbook{minesweeper, author = {David Brumley and Cody Hartwig and Zhenkai Liang and James Newsome and Dawn Song and Heng Yin}, chapter = {Automatically Identifying Trigger-based Behavior in Malware}, title = {Botnet Detection}, year = {2007}, http = {http://www.springerlink.com/content/l81528x0350wx777/} } @inproceedings{yin:ccs07, author = {Heng Yin and Dawn Song and Egele Manuel and Christopher Kruegel and Engin Kirda}, title = {Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis}, booktitle = {Proceedings of the 14th {ACM} Conferences on Computer and Communication Security ({CCS'07})}, year = {2007}, month = {October}, pdf = {pubs/panorama-ccs07.pdf} } @inproceedings{polyglot, author = {Juan Caballero and Heng Yin and Zhenkai Liang and Dawn Song}, title = {Polyglot: Automatic Extraction of Protocol Message Format using Dynamic Binary Analysis}, booktitle = {Proceedings of the 14th {ACM} Conferences on Computer and Communication Security ({CCS'07})}, year = {2007}, month = {October}, pdf = {pubs/polyglot-ccs07.pdf} } @inproceedings{egele07:spyware, author = {M. Egele and C. Kruegel and E. Kirda and H. Yin and D. Song}, title = {{Dynamic Spyware Analysis}}, booktitle = {Proceedings of the 2007 Usenix Annual Conference (Usenix'07)}, year = {2007}, month = {June}, pdf = {pubs/spyware-usenix07.pdf} } @inproceedings{yin:iwqos07, author = {Heng Yin and Bo Sheng and Haining Wang and Jianping Pan}, title = {Securing {BGP} through Keychain-based Signatures}, booktitle = {Proceedings of the 15th {IEEE} International Workshop on Quality of Service ({IWQoS'07})}, year = {2007}, month = {June}, pdf = {www.cs.wm.edu/~hnw/paper/bgp.pdf} } @techreport{minesweeper2007, author = {David Brumley and Cody Hartwig and Zhenkai Liang and James Newsome and Dawn Song and Heng Yin}, title = {Towards Automatically Identifying Trigger-based Behavior in Malware using Symbolic Execution and Binary Analysis}, year = {2007}, month = {January}, number = {CMU-CS-07-105}, institution = {Carnegie Mellon University School of Computer Science} } @inproceedings{xie:ccs06, author = {Mengjun Xie and Heng Yin and Haining Wang}, title = {An Effective Defense Against Email Spam Laundering}, booktitle = {Proceedings of the 13th {ACM} Conference on Computer and Communication Security ({CCS'06})}, year = {2006}, month = {October}, pdf = {pubs/spam_ccs06.pdf} } @inproceedings{yin:sec05, author = {Heng Yin and Haining Wang}, title = {Building an Application-aware {IPsec} Policy System}, booktitle = {Proceedings of the 14th {USENIX} Security Symposium}, month = {August}, year = {2005}, pdf = {pubs/ipsec-sec05.pdf} }