Author image not provided
 Danfeng(Daphne) Yao

Authors:
Add personal information
  Affiliation history
Bibliometrics: publication history
Average citations per article2.67
Citation Count72
Publication count27
Publication years2010-2017
Available for download20
Average downloads per article244.65
Downloads (cumulative)4,893
Downloads (12 Months)1,903
Downloads (6 Weeks)210
SEARCH
ROLE
Arrow RightAuthor only


AUTHOR'S COLLEAGUES
See all colleagues of this author

SUBJECT AREAS
See all subject areas




BOOKMARK & SHARE


27 results found Export Results: bibtexendnoteacmrefcsv

Result 1 – 20 of 27
Result page: 1 2

Sort by:

1 published by ACM
December 2017 ACSAC 2017: Proceedings of the 33rd Annual Computer Security Applications Conference
Publisher: ACM
Bibliometrics:
Citation Count: 0
Downloads (6 Weeks): 29,   Downloads (12 Months): 69,   Downloads (Overall): 69

Full text available: PDFPDF
Recent studies have revealed that control programs running on embedded devices suffer from both control-oriented attacks (e.g., code-injection or code-reuse attacks) and data-oriented attacks (e.g., non-control data attacks). Unfortunately, existing detection mechanisms are insufficient to detect runtime data-oriented exploits, due to the lack of runtime execution semantics checking. In this ...
Keywords: Cyber-physical systems, Anomaly detection, Data-oriented attacks, Event awareness, Control programs, Execution semantics

2 published by ACM
November 2017 SafeConfig '17: Proceedings of the 2017 Workshop on Automated Decision Making for Active Cyber Defense
Publisher: ACM
Bibliometrics:
Citation Count: 0
Downloads (6 Weeks): 18,   Downloads (12 Months): 47,   Downloads (Overall): 47

Full text available: PDFPDF
The ever-increasing sophistication of malware has made malicious binary collection and analysis an absolute necessity for proactive defenses. Meanwhile, malware authors seek to harden their binaries against analysis by incorporating environment detection techniques, in order to identify if the binary is executing within a virtual environment or in the presence ...
Keywords: linux containers, deception, honeypots, virtual machine

3 published by ACM
October 2017 CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security
Publisher: ACM
Bibliometrics:
Citation Count: 0
Downloads (6 Weeks): 11,   Downloads (12 Months): 51,   Downloads (Overall): 51

Full text available: PDFPDF
The CyberW workshop is motivated by the significant gender imbalance in all security conferences, in terms of the number of publishing authors, PC members, organizers, and attendees. What causes this gender imbalance remains unclear. However, multiple research studies have shown that a diverse group is more creative, diligent, and productive ...
Keywords: career, female, gender gap, gender imbalance, leadership, technical competiveness, diversity, gender bias, gender discrimination, underrepresented groups, women, cyber security, inclusive excellence

4 published by ACM
October 2017 CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security
Publisher: ACM
Bibliometrics:
Citation Count: 0
Downloads (6 Weeks): 9,   Downloads (12 Months): 44,   Downloads (Overall): 44

Full text available: PDFPDF
In this work, we present a new program behavior model, i.e., the event-aware finite-state automaton ( eFSA ), which takes advantage of the event-driven nature of control programs in cyber-physical systems (CPS) and incorporates event checking in anomaly detection. eFSA provides new detection capabilities to detect data-oriented attacks in CPS ...
Keywords: anomaly detection, cyber-physical systems, data-oriented attacks

5 published by ACM
September 2017 ACM Transactions on Privacy and Security (TOPS): Volume 20 Issue 4, October 2017
Publisher: ACM
Bibliometrics:
Citation Count: 1
Downloads (6 Weeks): 30,   Downloads (12 Months): 210,   Downloads (Overall): 210

Full text available: PDFPDF
Intertwined developments between program attacks and defenses witness the evolution of program anomaly detection methods. Emerging categories of program attacks, e.g., non-control data attacks and data-oriented programming, are able to comply with normal trace patterns at local views. This article points out the deficiency of existing program anomaly detection models ...
Keywords: event frequency correlation, machine learning, program analysis, context-sensitive grammar, Intrusion detection, anomaly detection, co-occurrence analysis

6 published by ACM
April 2017 SCC '17: Proceedings of the Fifth ACM International Workshop on Security in Cloud Computing
Publisher: ACM
Bibliometrics:
Citation Count: 0
Downloads (6 Weeks): 10,   Downloads (12 Months): 112,   Downloads (Overall): 112

Full text available: PDFPDF
In this keynote, I describe the emerging need of cloud data analytics for security and call for the security community to devote to closing the gap between research innovation and practical deployment. Cloud data analytics refer to cloud platforms that provide pattern recognition and data discovery services to clients. This ...
Keywords: deployment, exploits and attacks, security practice, software security, anomaly detection, cloud, data analytics, system security

7 published by ACM
April 2017 ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security
Publisher: ACM
Bibliometrics:
Citation Count: 3
Downloads (6 Weeks): 17,   Downloads (12 Months): 263,   Downloads (Overall): 263

Full text available: PDFPDF
Inter-Component Communication (ICC) provides a message passing mechanism for data exchange between Android applications. It has been long believed that inter-app ICCs can be abused by malware writers to launch collusion attacks using two or more apps. However, because of the complexity of performing pairwise program analysis on apps, the ...
Keywords: collusion, ICC, android, intent, inter-component communication, privilege escalation, security

8 published by ACM
March 2017 CODASPY '17: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy
Publisher: ACM
Bibliometrics:
Citation Count: 0
Downloads (6 Weeks): 11,   Downloads (12 Months): 67,   Downloads (Overall): 67

Full text available: PDFPDF
Inter-Component Communication (ICC) enables useful interactions between mobile apps. However, misuse of ICC exposes users to serious threats such as intent hijacking/spoofing and app collusions, allowing malicious apps to access privileged user data via another app. Unfortunately, existing ICC analyses are largely incompetent in both accuracy and scale. This poster ...
Keywords: android security, risk analysis, ICC, spoofing, MapReduce, hijacking

9 published by ACM
October 2016 AISec '16: Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security
Publisher: ACM
Bibliometrics:
Citation Count: 2
Downloads (6 Weeks): 14,   Downloads (12 Months): 201,   Downloads (Overall): 267

Full text available: PDFPDF
Malicious Android applications pose serious threats to mobile security. They threaten the data confidentiality and system integrity on Android devices. Monitoring runtime activities serves as an important technique for analyzing dynamic app behaviors. We design a triggering relation model for dynamically analyzing network traffic on Android devices. Our model enables ...
Keywords: machine learning, network security, mobile security, anomaly detection

10 published by ACM
October 2016 CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security
Publisher: ACM
Bibliometrics:
Citation Count: 1
Downloads (6 Weeks): 12,   Downloads (12 Months): 181,   Downloads (Overall): 272

Full text available: PDFPDF
This tutorial will present an overview of program anomaly detection, which analyzes normal program behaviors and discovers aberrant executions caused by attacks, misconfigurations, program bugs, and unusual usage patterns. It was first introduced as an analogy between intrusion detection for programs and the immune mechanism in biology. Advanced models have ...
Keywords: anomaly detection, detection accuracy, program trace, formal language, intrusion detection, program analysis

11
May 2016 Computers and Security: Volume 58 Issue C, May 2016
Publisher: Elsevier Advanced Technology Publications
Bibliometrics:
Citation Count: 6

Malicious software activities have become more and more clandestine, making them challenging to detect. Existing security solutions rely heavily on the recognition of known code or behavior signatures, which are incapable of detecting new malware patterns. We propose to discover the triggering relations on network requests and leverage the structural ...
Keywords: Stealthy malware, Anomaly detection, Machine learning classification, Network security, Dependence analysis, Traffic analysis

12 published by ACM
March 2016 ANCS '16: Proceedings of the 2016 Symposium on Architectures for Networking and Communications Systems
Publisher: ACM
Bibliometrics:
Citation Count: 1
Downloads (6 Weeks): 11,   Downloads (12 Months): 93,   Downloads (Overall): 208

Full text available: PDFPDF
To match the signatures of malicious traffic across packet boundaries, network-intrusion detection (and prevention) systems (NIDS) typically perform pattern matching after flow reassembly or packet reordering. However, this may lead to the need for large packet buffers, making detection vulnerable to denial-of-service (DoS) attacks, whereby attackers exhaust the buffer capacity ...
Keywords: out-of-order deep packet inspection, intrusion detection systems, regular expressions, finite automata

13
February 2016 AAAI'16: Proceedings of the Thirtieth AAAI Conference on Artificial Intelligence
Publisher: AAAI Press
Bibliometrics:
Citation Count: 0

Internet user behavior models characterize user browsing dynamics or the transitions among web pages. The models help Internet companies improve their services by accurately targeting customers and providing them the information they want. For instance, specific web pages can be customized and prefetched for individuals based on sequences of web ...

14
November 2015 RAID 2015: Proceedings of the 18th International Symposium on Research in Attacks, Intrusions, and Defenses - Volume 9404
Publisher: Springer-Verlag New York, Inc.
Bibliometrics:
Citation Count: 2

Program anomaly detection analyzes normal program behaviors and discovers aberrant executions caused by attacks, misconfigurations, program bugs, and unusual usage patterns. The merit of program anomaly detection is its independence from attack signatures, which enables proactive defense against new and unknown attacks. In this paper, we formalize the general program ...
Keywords: Unified framework, Detection accuracy, Automata theory, Program anomaly detection, Theoretical accuracy limit

15 published by ACM
October 2015 CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security
Publisher: ACM
Bibliometrics:
Citation Count: 7
Downloads (6 Weeks): 9,   Downloads (12 Months): 167,   Downloads (Overall): 578

Full text available: PDFPDF
Modern stealthy exploits can achieve attack goals without introducing illegal control flows, e.g., tampering with non-control data and waiting for the modified data to propagate and alter the control flow legally. Existing program anomaly detection systems focusing on legal control flow attestation and short call sequence verification are inadequate to ...
Keywords: event correlation, function call, intrusion detection, long execution path, machine learning, program attack

16 published by ACM
March 2015 IWSPA '15: Proceedings of the 2015 ACM International Workshop on International Workshop on Security and Privacy Analytics
Publisher: ACM
Bibliometrics:
Citation Count: 2
Downloads (6 Weeks): 5,   Downloads (12 Months): 46,   Downloads (Overall): 248

Full text available: PDFPDF
Monitoring network traffic and detecting anomalies are essential tasks that are carried out routinely by security analysts. The sheer volume of network requests often makes it difficult to detect attacks and pinpoint their causes. We design and develop a tool to visually represent the causal relations for network requests. The ...
Keywords: network traffic analysis, usable security, anomaly detection, information visualization, visual locality

17 published by ACM
March 2015 CODASPY '15: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy
Publisher: ACM
Bibliometrics:
Citation Count: 3
Downloads (6 Weeks): 8,   Downloads (12 Months): 160,   Downloads (Overall): 499

Full text available: PDFPDF
The exposure of sensitive data in storage and transmission poses a serious threat to organizational and personal security. Data leak detection aims at scanning content (in storage or transmission) for exposed sensitive data. Because of the large content and data volume, such a screening algorithm needs to be scalable for ...
Keywords: mapreduce, scalability, collection intersection, data leak detection

18 published by ACM
March 2015 CODASPY '15: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy
Publisher: ACM
Bibliometrics:
Citation Count: 1
Downloads (6 Weeks): 0,   Downloads (12 Months): 24,   Downloads (Overall): 79

Full text available: PDFPDF
The leak of sensitive data on computer systems poses a serious threat to organizational security. Organizations need to identify the exposure of sensitive data by screening the content in storage and transmission, i.e., to detect sensitive information being stored or transmitted in the clear. However, detecting the exposure of sensitive ...
Keywords: content inspection, parallelism, alignment, dynamic programming, algorithm, data leak detection, sampling

19
March 2015 Computers and Security: Volume 49 Issue C, March 2015
Publisher: Elsevier Advanced Technology Publications
Bibliometrics:
Citation Count: 7

As mobile computing becomes an integral part of the modern user experience, malicious applications have infiltrated open marketplaces for mobile platforms. Malware apps stealthily launch operations to retrieve sensitive user or device data or abuse system resources. We describe a highly accurate classification approach for detecting malicious Android apps. Our ...
Keywords: Android malware, Static program analysis, User-trigger dependence, Malware detection, User-intention

20
December 2014 ICMLA '14: Proceedings of the 2014 13th International Conference on Machine Learning and Applications
Publisher: IEEE Computer Society
Bibliometrics:
Citation Count: 0

We present a new method of classifying previously unseen Android applications as malware or benign. The algorithm starts with a large set of features: the frequencies of all possible n-byte sequences in the application's byte code. Principal components analysis is applied to that frequency matrix in order to reduce it ...
Keywords: mobile security, android, principal components analysis, dimensionality reduction



The ACM Digital Library is published by the Association for Computing Machinery. Copyright © 2018 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us