Department of Computer and Data Science
Case Western Reserve University
Email: sxy599@case.edu
Address: Olin 503, 10900 Euclid Ave., Cleveland, Ohio 44106, USA
I am a Ph.D. student at Case Western Reserve University, under the supervision of Dr. Xusheng Xiao. My research interests are in the fields of software security, deep learning/AI in software security, and data mining.
Automatic Generation for Android Applications. This project focus on extracting various features from Android apps, including textual information from apps' layout files, source code representations (call graphs), and corpus from apps' privacy policies. By inputing these features to modern NLP models with rich attention mechanisms, the model is able to generate accurate, app-specific sensitive behavior descriptions for the end users to easily understand the functionalities of the apps, and to get insights on the intentions of the sensitive behaviors/the usage of dangerous permissions.
Android Malware Detection. Our goal is to develop a tool to accurately detect and identify various Android malware. Further, we are going to expand our work to identify undesired behaviors of the apps, such as ad disruption, failling to start. Currently, we focus on the representations of the binary of the app because the binaries are more robust against modern code-obfuscation techniques. Our preliminary results shows that state-of-the-art techniques are not able to work on identifying undesired behaviors properly, because SOTA techniques mainly extract features such as texts and intents from the apps, which are also widely used in benign apps. Therefore, it is difficult for the deep learning models to identify malicious behaviors using such features.
2018-present: Ph.D. student in Computer and Data Science, Case Western Reserve University, Cleveland, Ohio, USA.
2016-2018: M.S. in Computer Science, Syracuse University, Syracuse, New York, USA.
2011-2015: B.S. in Computer Science, Tianjin University of Science and Technology, Tianjin, China.
DescribeCTX: Context-Aware Description Synthesis for Sensitive Behaviors in Mobile Apps
Shao Yang, Yuehan Wang, Yuan Yao, Haoyu Wang, Yanfang Ye, Xusheng Xiao.
In Proceedings of the 44th IEEE/ACM International Conference on Software Engineering (ICSE 2022), Pittsburgh, USA, May 2022.
DeepIntent: Deep Icon-Behavior Learning for Detecting Intention-Behavior Discrepancy in Mobile Apps
Shengqu Xi*, Shao Yang*, Xusheng Xiao, Yuan Yao, Yayuan Xiong, Fengyuan Xu, Haoyu Wang, Peng Gao, Zhuotao Liu, Feng Xu, and Jian Lu.
In Proceedings of the 26th ACM Conference on Computer and Communications Security (CCS 2019), London, UK, Nov 2019. [PDF]
An image-inspired and CNN-based Android Malware Detection Approach
Shao Yang
In Proceedings of the 34th IEEE/ACM International Conference on Automated Software, ASE'19, San Diego, USA, Nov 2019. [PDF]