Adversarial machine learning


  • JPEG Defense contains our techniques for reproducing the results in Shield.


  • AVPass is a tool for leaking the detection model of Android malware detection systems (i.e., antivirus software), and bypassing their detection logics by using the leaked information coupled with APK obfuscation techniques.

  • NVMTrace is the implementation of a software controller that facilitates automated baremetal malware analysis. It uses open-source software and freely available technologies to operate one or more baremetal malware analysis clusters, each of which comprises one Linux host, eight baremetal processing nodes, and a network switch.

  • Cuckoo-Headless offers all the functionality of Cuckoo without all the overhead.

  • Cuckoo Monitor extends the number of API calls Cuckoo can track.

Robust security analytics

  • Barnum is an offline control flow attack detection system that applies deep learning on hardware execution traces to model a program's behavior and detect control flow anomalies.

  • uCFI is a CFI defense using Intel Processor Trace and dynamic points-to analysis.

  • SGX-Tor is a Tor anonymity network in the SGX environment. This project was be published in NSDI'17.

  • SGX-Shield is a system for supporting ASLR in the SGX environment.

  • T-SGX is a compiler-based tool that protects Intel SGX applications against controlled-channel attacks.