Automated Risk Detection and Mitigation for Real-World Software

Abstract

Real-world software systems are plagued with errors and susceptible to cyber-crimes. Software vulnerabilities and malicious programs have been spreading to all aspects of the society, ranging from people's daily lives, corporate operation to critical infrastructures. As modern software systems grow large, diverse and complex, automated risk detection mechanisms are highly desired to defend against these emerging threats. In this talk, I will present a unique approach that combines program analysis with machine learning and data mining to automatically detect or mitigate security problems in different software domains. To demonstrate this approach, I will introduce two of its applications that aim to address Android malware: 1) automated generation of security-centric app descriptions and 2) semantics-based Android malware classification. In the end of this talk, I will also introduce my recent application of this approach in the new context of Industrial Control Systems, which enables automated safety vetting of programmable logic controller (PLC) code on the factory floor.

Bio

Mu Zhang is a postdoctoral researcher in the Department of Computer Science at Cornell University. He received his Ph.D. in Computer & Information Science & Engineering from Syracuse University in 2015, and he is a recipient of All University Doctoral Prize. Mu was a research staff member at NEC Labs America from 2015 to 2017. His research interests lie in several aspects of Computer Security and he is particularly interested in Software Security, Mobile Security and Cyber-Physical Systems Security. His work has been extensively published in top-tier security conferences including IEEE S&P, CCS and NDSS.