Static Attribution of Android Residential Proxy Malware Using Graph Kernels

Android residential proxy applications represent a growing class of potentially-unwanted programs PUPs that covertly route third-party traffic through end-user devices, enabling ad fraud, credential abuse, and evasion of geolocation controls by sophisticated threat actors. Attributing an unknown...

Explainability-Guided Adversarial Attacks on Transformer-Based Malware Detectors Using Control Flow Graphs

Transformer-based malware detection systems operating on graph modalities such as control flow graphs CFGs achieve strong performance by modeling structural relationships in program behavior. However, their robustness to adversarial evasion attacks remains underexplored. This paper examines the...

ContractShield: Bridging Semantic-Structural Gaps Via Hierarchical Cross-Modal Fusion for Multi-Label Vulnerability Detection in Obfuscated Smart Contracts

Smart contracts are increasingly targeted by adversaries employing obfuscation techniques such as bogus code injection and control flow manipulation to evade vulnerability detection. Existing multimodal methods often process semantic, temporal, and structural features in isolation and fuse them...

Routing-Aware Explanations for Mixture of Experts Graph Models in Malware Detection

Mixture-of-Experts MoE offers flexible graph reasoning by combining multiple views of a graph through a learned router. We investigate routing-aware explanations for MoE graph models in malware detection using control flow graphs CFGs. Our architecture builds diversity at two levels. At the node...

A Research and Development Portfolio of GNN Centric Malware Detection, Explainability, and Dataset Curation

Graph Neural Networks GNNs have become an effective tool for malware detection by capturing program execution through graph-structured representations. However, important challenges remain regarding scalability, interpretability, and the availability of reliable datasets. This paper brings togeth...

Explainable Ensemble Learning for Graph-Based Malware Detection

Malware detection in modern computing environments demands models that are not only accurate but also interpretable and robust to evasive techniques. Graph neural networks GNNs have shown promise in this domain by modeling rich structural dependencies in graph-based program representations such a...

RetDec - A Retargetable Machine-Code Decompiler Based On LLVM

RetDec is a retargetable machine-code decompiler based on LLVM. The decompiler is not limited to any particular target architecture, operating system, or executable file format: Supported file formats: ELF, PE, Mach-O, COFF, AR archive, Intel HEX, and raw machine code Supported architectures:...

Retargetable Machine-Code Decompiler: RetDec

RetDec is a retargetable machine-code decompiler based on LLVM . The decompiler is not limited to any particular target architecture, operating system, or executable file format: Supported file formats: ELF, PE, Mach-O, COFF, AR archive, Intel HEX, and raw machine code. Supported architectures 32...

Python Taint - A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

Static analysis of Python web applications based on theoretical foundations Control flow graphs, fixed point, dataflow analysis Features Detect Command injection Detect SQL injection Detect XSS Detect directory traversal Get a control flow graph Get a def-use and/or a use-def chain Search GitHub...

Reverse Engineering Cross Platform Disassembler: Panopticon

Reverse Engineering Cross Platform Disassembler Panopticon is a disassembler that understands the semantics of opcodes. This way it’s able to help the user by discovering and displaying invariants that would have to be discovered “by hand” in traditional disassemblers. This allows an interactive...