Paper-Conference

In our paper, “MalwarePT: A Robust Binary-Level Foundation Model for Malware Analysis,” we introduce MalwarePT, a novel foundation model designed to enhance malware analysis by addressing key limitations of existing machine learning (ML) approaches.

DeepCapa is an automated post-detection framework that identifies and maps potentially malicious capabilities in malware to the code that implements these capabilities. It proposes a novel feature engineering approach that statically extracts API-call sequences from multiple memory snapshots taken during a sample’s dynamic execution. This approach allows for more comprehensive code coverage and effectively counters anti-sandbox techniques. Deepcapa also proposes a neural network architecture to not only accurately detects capabilities but also provide interpretable detections.

Image watermarks embed hidden messages that are only detectable by the owners, preventing misuse of images, especially those generated by AI models. In this paper we introduce a family of regeneration attacks to remove these invisible watermarks. By adding random noise to an image and then reconstructing it, this approach effectively eliminates watermarks. The study highlights the vulnerability of all invisible watermarks to this proposed attack, emphasizing the need for a shift toward semantically similar watermarking methods.

Android apps are event-driven, and generating various types of events through app interfaces for testing purposes can be challenging. To address this, in this paper we introduce COLUMBUS, a callback-driven testing technique. COLUMBUS automatically identifies callbacks, uses symbolic execution and dynamic heap introspection to generate valid inputs, and incorporates feedback mechanisms to enhance crash detection and coverage. In evaluations, COLUMBUS outperforms existing testing tools in terms of both crashes and coverage.

we propose PHPIL a fuzzing framework to find potential bugs and vulnerabilities in the PHP interpreter. Unlike previous work PHPIL generates both syntactically and semantically correct PHP code samples, using an intermediate language composed of custom opcodes. The code generator, governed by rules ensuring PHP syntax and conventions, drives the mutator to perform mutations on the generated intermediate language. These mutated samples are then lifted to PHP code, executed, and monitored for any unexpected behavior, with a report generated if any anomalies are detected.