Saastha Vasan

PhD student in Computer Science

University of California, Santa Barbara

Biography

I am a third-year PhD student at University of California, Santa Barbara. I am supervised by Dr. Giovanni Vigna and Dr. Christopher Kruegel. My research focuses on the intersection of machine learning and computer security, frequently integrating concepts from program analysis. My work aims to create novel frameworks that surpass current methodologies in the domains of malware analysis and vulnerability assessment.

Interests

Malware Analysis
Machine Learning
Artificial Intelligence (AI)
Program Analysis
Threat Intelligence
Vulnerability Assessment

Education

Doctor of Philosophy(Ph.D), Computer Science, 2021 - present
University of California, Santa Barbara
Bachelor of Technology, Computer Science, 2016 - 2020
Amrita Vishwa Vidyapeetham, Kerala, India

Publications

MalwarePT: A Robust Binary-Level Foundation Model for Malware Analysis

In our paper, “MalwarePT: A Robust Binary-Level Foundation Model for Malware Analysis,” we introduce MalwarePT, a novel foundation model designed to enhance malware analysis by addressing key limitations of existing machine learning (ML) approaches.

Saastha Vasan, Yuzhou Nie, Kaie Chen, Yigitcan Kaya, Hojjat Aghakhani, Wenbo Guo, Christopher Kruegel, Giovanni Vigna

DeepCapa: Identifying Malicious Capabilities in Windows Malware

DeepCapa is an automated post-detection framework that identifies and maps potentially malicious capabilities in malware to the code that implements these capabilities. It proposes a novel feature engineering approach that statically extracts API-call sequences from multiple memory snapshots taken during a sample’s dynamic execution. This approach allows for more comprehensive code coverage and effectively counters anti-sandbox techniques. Deepcapa also proposes a neural network architecture to not only accurately detects capabilities but also provide interpretable detections.

Saastha Vasan, Hojjat Aghakhani, Stefano Ortolani, Roman Vasilenko, Ilya Grishchenko, Christopher Kruegel, Giovanni Vigna

Invisible Image Watermarks Are Provably Removable Using Generative AI

Image watermarks embed hidden messages that are only detectable by the owners, preventing misuse of images, especially those generated by AI models. In this paper we introduce a family of regeneration attacks to remove these invisible watermarks. By adding random noise to an image and then reconstructing it, this approach effectively eliminates watermarks. The study highlights the vulnerability of all invisible watermarks to this proposed attack, emphasizing the need for a shift toward semantically similar watermarking methods.

Xuandong Zhao, Kexun Zhang, Zihao Su, Saastha Vasan, Ilya Grishchenko, Christopher Kruegel, Giovanni Vigna, Yu-Xiang Wang, Lei Li

Columbus: Android App Testing Through Systematic Callback Exploration

Android apps are event-driven, and generating various types of events through app interfaces for testing purposes can be challenging. To address this, in this paper we introduce COLUMBUS, a callback-driven testing technique. COLUMBUS automatically identifies callbacks, uses symbolic execution and dynamic heap introspection to generate valid inputs, and incorporates feedback mechanisms to enhance crash detection and coverage. In evaluations, COLUMBUS outperforms existing testing tools in terms of both crashes and coverage.

Priyanka Bose, Dipanjan Das, Saastha Vasan, Sebastiano Mariani, Ilya Grishchenko, Andrea Continella, Antonio Bianchi, Christopher Kruegel, Giovanni Vigna

PHPIL: Fuzzing the PHP Interpreter with Custom Bytecode

we propose PHPIL a fuzzing framework to find potential bugs and vulnerabilities in the PHP interpreter. Unlike previous work PHPIL generates both syntactically and semantically correct PHP code samples, using an intermediate language composed of custom opcodes. The code generator, governed by rules ensuring PHP syntax and conventions, drives the mutator to perform mutations on the generated intermediate language. These mutated samples are then lifted to PHP code, executed, and monitored for any unexpected behavior, with a report generated if any anomalies are detected.

Vignesh Rao, Tarunkant Gupta, Saastha Vasan, LR Deepthi

Experience

Graduate Researcher

University of California Santa Barbara

October 2021 – Present Santa Barbara, California

* Performing independent and collaborative research in malware analysis, threat intelligence, and LLMs for vulnerability assessment.
* Authoring academic papers and journals for top system security conferences.
* Participating in Capture The Flag (CTF) competitions as a member of team Shellphish

Infosec Engineer

Aspirify Enterprises Pvt

December 2020 – July 2021 New Delhi, India

* Collaborated with the in-house red team to develop and maintain a red teaming framework.
* Developed new modules to increase the attack surface, enhancing the effectiveness of red teaming efforts.
* Ensured the compatibility of existing modules and maintaining the effectiveness of the framework in an evolving threat landscape.

Research Intern

University of California Santa Barbara

March 2020 – September 2020 Santa Barbara, California

* Designed and developed a novel malware post-detection framework that identifies potentially malicious capabilities in Windows malware, outperforming existing solutions by 20% in precision and 80% in recall.
* Reverse-engineered malware executables and mapped their attack implementations to the MITRE ATT&CK Framework.

Student Researcher

Amrita Vishwa Vidyapeetham

December 2016 – February 2020 Kerala, India

* Conducted malware analysis, documented results, and developed proof-of-concept attack methods.
* Fostered collaborative learning by teaching reverse engineering and malware analysis, promoting ongoing education.
* Participated actively in Capture The Flag (CTF) competitions as part of team bi0s