Wei Yang(杨威)

 

Department of Computer Science, 

University of Illinois at Urbana-Champaign,

4217 Siebel Center,

201 N. Goodwin Avenue,

Urbana, IL 61801-2302, USA

E-mail: weiyang3 AT illinois.edu

 

Hi! This is Wei Yang, a PhD student in University of Illinois at Urbana-Champaign since 2013. I am advised by Prof. Carl A. Gunter and Prof. Tao Xie. I am a member of Illinois Security Lab and Illinois Software Engineering Research Group. I received an M.S. in Computer Science from North Carolina State University in 2013, advised by Prof. Tao Xie, and a B.E. in Software Engineering from Shanghai Jiao Tong University in 2011, advised by Prof. Jianjun Zhao. I was also a visiting student researcher in University of California, Berkeley in 2017, invited by Prof. Dawn Song.

 

I will be joining University of Texas at Dallas in Fall 2018.

 

Research Interests

 

I enjoy doing research in software engineering and security in general and mobile security and adversarial machine learning in particular. My past research experience spans the spectrum from automated testing (ORBIT), through text analysis (WHYPER, Pluto), to malware detection (AppContext, EnMobile). I am generally interested in enhancing intelligence of existing security systems to defense against evolving attacks. I have been working on using program analysis, natural language processing, cognitive analysis and machine learning techniques to bridge the gap between user perceptions and security-sensitive behaviors in mobile security systems. Recently, I am focused on enhancing the robustness of these newly-proposed intelligent security techniques in adversarial settings (MRV, EnMobile, Telemade).

 

Publication (Google Scholar)

 

Selected Conference Publication

§  EnMobile Detection of command & control behaviors in mobile applications

o   Wei Yang, Mukul Prasad, and Tao Xie

EnMobile: Entity-based Characterization and Analysis of Mobile Malware

To appear in Proc. of the 40th International Conference on Software Engineering

(ICSE 2018), Gothenburg, Sweden, May 2018. (acceptance rate: 20.9%, 105 out of 502)

§  MRV Generating adversarial samples for mobile-malware detectors

o   Wei Yang, Deguang Kong, Tao Xie and Carl A. Gunter

Malware Detection in Adversarial Settings: Exploiting Feature Evolutions and Confusions in Android Apps

In Proc. of the 33rd Annual Computer Security Applications Conference
(ACSAC 2017), Orlando, Florida, USA, December 2017. (acceptance rate: 19.7%, 48 out of 244)

[PDF]

§  Pluto User data exposure assessment on Android

o   Soteris Demetriou, Whitney Merrill, Wei Yang, Aston Zhang and Carl A. Gunter

Free for All! Assessing User Data Exposure to Advertising Libraries on Android

In Proc. of the 23rd Annual Network and Distributed System Security Symposium
(NDSS 2016), San Diego, CA, USA, February 2016. (acceptance rate: 15.4%, 60 out of 389)

[PDF][BibTeX][Website] [Slides]

§  AppContext Analyzing contextual use of permissions in Android applications

o   Wei Yang, Xusheng Xiao, Benjamin Andow, Sihan Li, Tao Xie and William Enck

AppContext: Differentiating Malicious and Benign Mobile App Behaviors Using Context

In Proc. of 37th International Conference on Software Engineering
(ICSE 2015), Florence, Italy, May 2015. (acceptance rate: 18.5%, 84 out of 452)

[PDF][BibTeX] [Website] [Slides] [Code] [Instruction]

§  WHYPER Automated risk assessment for mobile applications.

o   Rahul Pandita, Xusheng Xiao, Wei Yang, William Enck and Tao Xie

WHYPER: Towards Automating Risk Assessment of Mobile Applications

In Proc. of 22nd USENIX Security Symposium.
(USENIX Security 2013), Washinton, D.C., USA, August 2013. (acceptance rate: 16.2%, 45 out of 277)

[PDF][BibTeX][Website][Slides]

§  ORBIT Automated testing for mobile applications.

o   Wei Yang, Mukul Prasad, and Tao Xie.

A Grey-box Approach for Automated GUI-Model Generation of Mobile Applications

In Proc. of 16th International Conference on Fundamental Approaches to Software Engineering.
(FASE 2013), Rome, Italy, March 2013. (acceptance rate: 23.2%, 26 out of 112) .
[PDF][BibTeX][Website][Slides]

 

Other Conference Publication

o   Haibing Zheng, Dengfeng Li, Beihai Liang, Xia Zeng, Wujie Zheng, Yuetang Deng, Wing Lam, Wei Yang, and Tao Xie.

Automated Test Input Generation for Android: Towards Getting There in an Industrial Case. 

In Proc. of the 39th International Conference on Software Engineering

(ICSE 2017), Software Engineering in Practice (SEIP), Buenos Aires, Argentina, May 2017.

[PDF][BibTeX]

o   Xia Zeng, Dengfeng Li, Wujie Zheng, Fan Xia, Yuetang Deng, Wing Lam, Wei Yang, and Tao Xie.

Automated Test Input Generation for Android: Are We Really There Yet in an Industrial Case? 

In Proc. of the 24th ACM SIGSOFT Symposium on the Foundations of Software Engineering

(FSE 2016), Industrial Track, Seattle, WA, November 2016.

[PDF][BibTeX]

 

        

Journals/Magazines

o   Wei Yang, Xusheng Xiao, Dengfeng Li, Huoran Li, Xuanzhe Liu, Haoyu Wang, Yao Guo, and Tao Xie.

Security Analytics for Mobile Apps: Achievements and Challenges.

In Journal of Cyber Security (in Chinese)1(2), pages 1-14, April 2016.
  [PDF][BibTeX]

 

Workshops

o   Wei Yang and Tao Xie.

Telemade: A Testing Framework for Learning-Based Malware Detection Systems.  

In Proc. of the AAAI-18 Workshop on Engineering Dependable and Secure Machine Learning Systems

(EDSMLS 2018), co-located with AAAI 2018, New Orleans, LA, Feburary 2018.

[PDF]

o   Zexuan Zhong, Jiaqi Guo, Wei Yang, Tao Xie, Jian-Guang Lou, Ting Liu, and Dongmei Zhang.

Generating Regular Expressions from Natural Language Specifications: Are We There Yet? 

In Proc. of Workshop on NLP for Software Engineering

(NL4SE 2018), co-located with AAAI 2018, New Orleans, LA, Feburary 2018.

[PDF]

o   Dengfeng Li, Wing Lam, Wei Yang, Zhengkai Wu, Xusheng Xiao, Tao Xie.

Towards Privacy-Preserving Mobile Apps: A Balancing Act. 

In Proc. of the Symposium and Bootcamp on the Science of Security

(HotSoS 2017), Hanover, Maryland, April 2017.

[PDF]

o   Wei Yang, Xusheng Xiao, Rahul Pandita, William Enck and Tao Xie.

Improving Mobile Application Security via Bridging User Expectations and Application Behaviors.

In Proc. Of Symposium and Bootcamp on the Science of Security.

(HotSoS), Raleigh, NC, April 2014.

[PDF] [Slides]

 

 

Invited Talks (In addition to academic conference talks)

o   Wei Yang.

Improving Mobile Application Security via Bridging User Expectations and Application Behaviors.

In 10th CSL student conference, Champaign, IL, Feburary 2015.

[Talk info]

o   Wei Yang.

AppContext: Differentiating Malicious and Benign Mobile App Behaviors Using Context.

At SRI International, Menlo Park, CA, July 2015.

[Talk]

o   Wei Yang.

AppContext: Differentiating Malicious and Benign Mobile App Behaviors Using Context.

At Shanghai Jiao Tong University, Shanghai, China, December 2015.

o   Wei Yang, Wing Lam.

Validating Application Behavior against User Expectations.

In QualComm Innovation Fellowship Final, San Diego, CA, March 2016.

[Talk] [Video]

o   Wei Yang.

Contextually-Aware Mobile Security: Identification, Variation and Fixing of Mobile Threats.

At IBM Thomas J. Watson Research Center, Yorktown Heights, NY, July 2016.

o   Wei Yang.

Searching Functionally Similar Code via UI Prototype.

At IBM Thomas J. Watson Research Center, Yorktown Heights, NY, August 2016.

o   Wei Yang.

Defense and Attacks on Mobile Malware Detection.

At ShanghaiTech University, Shanghai, China, October 2017.

[Talk info]

o   Wei Yang.

Testing Learning-Based Security System: Generating Adversarial Samples for Static Analysis and Machine Learning.

At East China Normal University, Shanghai, China, October 2017.

o   Wei Yang.

Defense and Attacks on Mobile Malware Detection.

At Fudan University, Shanghai, China, October 2017.

[Talk info]

o   Wei Yang.

Contextually-Aware Mobile Security: Attacks and Defense of Mobile Threats.

At Shanghai Jiaotong University, Shanghai, China, October 2017.

[Talk info]

o   Wei Yang.

Generating Adversarial Examples with Program Transformations: Practical Attacks to Machine Learner.

At Midwest Programming Languages Summit (MWPLS 2017), Bloomington, IN, December 2017.

[Talk info]

Other Project

§  AT-EASE Early usability evaluation of mobile applications.

o   Wei Yang* and Xiao Yu*

AT-EASE: A Tool for Early and Quick Usability Evaluation of Smartphone Application

In progress.
*The name of first two authors are sorted by the alphabetical order of surnames.

§  World up A knowledge based search engine in Chinese. Here is the technical report in Chinese. 

 

Students

I have been supervising many excellent undergraduate and MS students.

Students I am currently working with: Ximin Lin, Evan N. Johnson, Dean Lin, Sherry Wu, Xiang Li, Chaeyun Jung, Sejal K. Parmar, Jonathan S. Kent, Shelby Doty, Yurui Cao.

Students I closely worked with in the past: Rittika Adhikary, Dengfeng Li, Lucas J. Hsiung, Jerry R. Guo

 

Working Experience

Research Intern, Mobile Enterprise Software Group, IBM Thomas J. Watson Research Center, 05/2016-08/2016

Mentor: Peng Liu; Manager: Marco Pistoia; My IBM homepage.

Research Intern, Computing Science Innovation Center, Samsung Research America, 05/2015-08/2015

Mentor: Deguang Kong, Bin Liu; Manager: Hongxia Jin

Research Intern, Trusted Systems Innovation Group, Fujitsu Lab of America, 05/2014-08/2014, 05/2013-08/2013, 05/2012-08/2012

Mentor: Mukul Prasad

ETL Engineer, Data Platform & Delivery Team, eBay Inc., 07/2010 –06/2011

Mentor: Daniel Zhang

 

Academic Activities

·         Program Committee

2018: ISSTA, Artifact Evaluation Committee;

2017: ISSTA, Artifact Evaluation Committee;

2016: IEEE S&P, Student Program Committee; ISSTA, Artifact Evaluation Committee;  OOPSLA, Artifact Evaluation Committee;  Eurosys, Shadow Program Committee;

2015: ECOOP, Artifact Evaluation Committee;

·         Organizing Committee

ASE 2017;

·         External Review

ASE 2012; ISSTA 2012; ISSTA 2013; SPLASH 2013; MSR 2014; ICST 2014; ICSE 2015; ICST 2015; ASE 2015; CCS 2015; ICSE 2016; IEEE S&P 2016; ASE 2016; ASIACCS 2016; FSE 2016; ASE 2017; IEEE S&P 2017; ISSTA 2017; IEEE S&P 2018; 

·         Academic Conference Volunteer

CCS 2012; FSE 2012; POPL 2016; ASE 2017; AAAI 2018

 

Award

·         Qualcomm Innovation Fellowship Finalist

QInF 2016

·         Travel Grant

MVD 2015; RWC 2016; VMCAI 2016; POPL 2016; ACSAC 2017; AAAI 2018

·         Hackathon

Best Pitch Award (Samsung Research Hackathon);

 

Personal