Peng Xu
M. Sc. Peng Xu
Alumni
E-Mail: | Peng Xu |
Huawei-2012, Principle Engineer & Field Expert |
About me
I am a Ph.D. candidate at the Chair of IT Security at the Technical University of Munich(TUM) headed by Prof. Dr. Claudia Eckert. Previously, I received my M.Sc. degree from the Institute of Microelectronics of Chinese Academy of Sciences, where I focused on hardware security as well as networking and telecommunication security.
Visiting Research
I did my visiting at Institute for Interdisciplinary Information Sciences(IIIS), Tsinghua Univerisity. At the IIIS, my topic mainly concentrated on privacy-preserving machine learning, especially multi-party computation(MPC) and hardware-assistant(TEE-based, e.g., Intel SGX,) schemes. Additionally, I am also extending my graph-based malware detection with the privacy-preserving scheme.
Research Interests
- Malware Detection with Graph Neural Network
Nowadays, the Control Flow Graph (CFG) is widely utilized in the areas of static code analysis of software applications, as it is able to correctly express the flow inside of a program unit. Further, it is considered to be an effective technique to mitigate software vulnerabilities, particularly for code reuse attacks. Yet, there is an open question that can arise: How can we leverage CFG, or graph structure in general to detect malware? What are the pros and cons of this methodology? And How about the robustness of the graph-based anomaly detection system under the influence of the adversarial samples?In these research topics, we introduce malware detection systems using graphs data on DEX files and native code levels for both Android and Desktop. To this end, we use Natural Language Processing (NLP) concepts, particularly, embedding techniques to transform graphs into numerical vectors to feed our classifiers. In a nutshell, our research direction is associated with machine learning as well as natural language processing.
-
Private Computation
With the rapid development of machine learning/deep learning in many fields, the data privacy issue raises concern increasingly. Therefore, privacy-preserving machine learning, as one of the primary applications of private computation, attracts much attention from the academic community and industrial partners. To leverage the convenience and efficiency of the conventional machine learning and deep learning system, but not to degrade the data privacy. In my work, I am primarily concentrating on the optimization of those MPC, HE and TEE-based solutions in order to reduce the gap between the academic results and industrial usage.
- Sofware Vulnerabilities Mitigation
I am interested in static/dynamic source code and binary analysis in order to detect/harden/prevent Code Reuse Attacks (CRAs)* in applications developed in C/C++ as well as Linux Kernel and Android System. Currently, I am interested in preventing Return Oriented Programming (ROP), Just-in-Time (JIT)-ROP and vTable hijacking attacks by using source code recompilation and binary rewriting techniques. For more detailed information about the prevention of CRAs attacks, please refer to the research description.
On the other hand, I also work for the Virtual Machine Introspection (VMI) based dynamic analysis for the mobile devices (mostly for the Android system), from both Apps and OS standpoints. Depending on the virtualization technique, two-level VMI is used in order to reconstruct the OS level and Apps level dynamic behaviors. For more detailed information about VMI, please refer to here.
PGP Key
Fingerprint: 8DE6 5F6A EBF2 6F5D 66E7 8485 A390 2B5F AD62 8236
Teaching
- Summer Semester 2019
- Practical Course: Trusted Execution Environment(TEE) and software security
- Winter Semester 2018/19
- Seminar Course: Control-Flow Integrity based Security
- Seminar Course: Trusted Execution Environment and Software Security
- Summer Semester 2018
- Seminar Course: Control-Flow Integrity based Security
- Summer Semester 2017
- Seminar Course: Control-Flow Integrity based Security
- Seminar Course: Code Reuse Attacks and Defenses against them
- Winter Semester 2016/17
- Seminar Course: Control-Flow Integrity based Security
Supervised Work
- Layered Android Malware Detection Using Program Dependence Graph Embedding and Manifest Features
- Malware Detection with hybrid Control Flow Graph and Graph Embedding
- Machine Learning for Android Malware Detection in an Adversarial Environment
- HardExVTD - Hardware extended defense mechanism against Virtual Table Hijacking attacks