Quick links to:
Tutorial: Investigating Advanced Exploits for System Security Assurance
CryptoGuard: A program analysis tool to find cryptographic misuses in Java
BuggyCart: A customized version of OpenCart
PciCheckerLite: Tool to detect the 17 most crucial PCI related vulnerabilities in a website
Java Security Posts from StackOverflow
n-gram and FSA Anomaly Detection
-
DIALDroid-IC3 for Android ICC Resolution.
Available HERE
Owner: Amiangshu Bosu
Paper to cite: Same as above (ASIACCS ’17)
-
DIALDroid-Bench for Android Malware Collusion Benchmark.
Available HERE
Owner: Amiangshu Bosu
Paper to cite: Same as above (ASIACCS ’17)
-
Android Repackaged Malware Detection Tools.
Available HERE
Owner: Ke Tian
Paper to cite:
Ke Tian, Danfeng Yao, Barbara Ryder, and Gang Tan. Analysis of Code Heterogeneity for High-Precision Classification of Repackaged Malware. In Proceedings of Mobile Security Technologies (MoST), in conjunction with the IEEE Symposium on Security and Privacy. San Jose, CA. May 2016.
-
Context-sensitive STILO (CS-STILO) for Program Anomaly Detection
Available HERE
Owner: Kui Xu and Ke Tian
Paper to cite:
Kui Xu, Ke Tian, Danfeng Yao, and Barbara Ryder. A Sharper Sense of Self: Probabilistic Reasoning of Program Behaviors for Anomaly Detection with Context Sensitivity. In Proceedings of the 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). Toulouse, France. Jun., 2016.
-
Call Tracing and Call Traces.
Available HERE
Owner: Ke Tian and Long Cheng
Papers to cite:
Kui Xu, Ke Tian, Danfeng Yao, and Barbara Ryder. A Sharper Sense of Self: Probabilistic Reasoning of Program Behaviors for Anomaly Detection with Context Sensitivity. In Proceedings of the 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). Toulouse, France. Jun., 2016.Kui Xu, Danfeng Yao, Barbara Ryder, and Ke Tian. Probabilistic Program Modeling for High-Precision Anomaly Classification. In Proceedings of the 2015 IEEE Computer Security Foundations Symposium (CSF). Verona, Italy. Jul. 2015.
-
Labs for n-gram and FSA-based program anomaly detection.Available HERE
Owner: Xiaokui Shu
Paper to cite:
Program Anomaly Detection: Methodology and Practices. Xiaokui Shu and Danfeng Yao. In ACM CCS Tutorials. Vienna, Austria. Oct. 2016.
-
Traffic causality dataset: HTTP requests and user events.
Data used in our network causality work (below). Please contact us if you would like to access the dataset.
Owner: Hao Zhang
Papers to cite:
Hao Zhang, Danfeng Yao, Naren Ramakrishnan, and Zhibin Zhang. Causality Reasoning about Network Events for Detecting Stealthy Malware Activities. Computers & Security (C&S). 58: 180-198. Elsevier. 2016.Hao Zhang, Danfeng Yao and Naren Ramakrishnan. Detection of Stealthy Malware Activities with Traffic Causality and Scalable Triggering Relation Discovery. In Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security (ASIACCS). Kyoto, Japan. Jun. 2014.
Tutorial: Investigating Advanced Exploits for System Security Assurance
In this tutorial, we provide hands-on demonstration on finding various kinds of gadgets from different gadget sets, time to find these gadgets, and impact of the location of code address or pointer leak. All the instructions are available in the repository to perform the hands-on. We also demonstrate a data-oriented exploit demonstrated on ProFTPD server. The dop directory in the repository has the instructions to reproduce the exploit.
Link to the tutorial HERE
Owner: Salman Ahmed
Apache Crypto API Benchmark
Source code is available HERE
Owner: Sharmin Afrose
CryptoGuard: A program analysis tool to find cryptographic misuses in Java
Source code is available HERE
Owner: Sazzadur Rahman
Paper to cite:
Sazzadur Rahaman, Ya Xiao, Sharmin Afrose, Fahad Shaon, Ke Tian, Miles Frantz, Murat Kantarcioglu, and Danfeng (Daphne) Yao.
CryptoGuard: High Precision Detection of Cryptographic Vulnerabilities in Massive-sized Java Projects.
ACM Conference on Computer and Communications Security (CCS). London, UK. Nov. 2019.
Java crypto API benchmark
Source code is available HERE
Owner: Sharmin Afrose
Paper to cite:
Sharmin Afrose, Sazzadur Rahaman, Danfeng (Daphne) Yao.
CryptoAPI-Bench: A Comprehensive Benchmark on Java Cryptographic API Misuses.
IEEE Secure Development Conference (SecDev). McLean, VA. Sept. 2019. (Acceptance rate: 36%)
BuggyCart: A customized version of OpenCart
Source code is available HERE
Owner: Sazzadur Rahman
Paper to cite:
Sazzadur Rahaman, Gang Wang, and Daphne Yao.
Security Certification in Payment Card Industry: Testbeds, Measurements, and Recommendations.
ACM Conference on Computer and Communications Security (CCS). London, UK. Nov. 2019.
PciCheckerLite: Tool to detect the 17 most crucial PCI related vulnerabilities in a website
Source code is available HERE
Owner: Sazzadur Rahman
Paper to cite:
Sazzadur Rahaman, Gang Wang, and Daphne Yao.
Security Certification in Payment Card Industry: Testbeds, Measurements, and Recommendations.
ACM Conference on Computer and Communications Security (CCS). London, UK. Nov. 2019.
Java Security Posts from StackOverflow
Excel file is available HERE
Owner: Na Meng
Paper to cite:
Na Meng, Stefan Nagy, Danfeng Yao, Wenjie Zhuang, and Gustavo Argoty.
Secure Coding Practices in Java: Challenges and Vulnerabilities.
International Conference on Software Engineering (ICSE). Gothenburg, Sweden. May, 2018.
DIALDroid Database.
If you are interested in getting a copy of the database, please fill out this REQUEST FORM.
Schemas and queries are available HERE
Owner: Amiangshu Bosu
Paper to cite:
Amiangshu Bosu, Fang Liu, Danfeng Yao, and Gang Wang.
Collusive Data Leak and More: Large-scale Threat Analysis of Inter-app Communications.
In Proceedings of ACM Symposium on Information, Computer & Communication Security (ASIACCS).
Apr. 2017.