Adversarial Learning and Mobile Security System.


For too long, researchers have often tackled security in an attack-driven, ad hoc, and reactionary manner with large manual efforts devoted by security analysts. In order to make substantial progress in security, I advocate to shift such manner to be systematic, intelligent, and adversarial resilient. I have developed software engineering techniques to automate decision makings in security systems, and built defenses and testing methodologies to guard against emerging attacks specifically adversarial to these newly-proposed techniques. In this talk, I will first highlight one of these systems for mobile security: AppContext, a malware detection system extracting execution contexts of an app’s security-sensitive behaviors through program analysis. Then I will show how an adaptive adversary can attack these systems and how we can generate adversarial inputs ahead of time for testing and further strengthening these systems. I will conclude by discussing how future research efforts can leverage the interplay among software engineering, security, and AI techniques toward a defense-driven security ecosystem.

Shanghai, China