Shuaike Dong scite author profile

Shuaike Dong

5Publications

104Citation Statements Received

77Citation Statements Given

How they've been cited

175

101

How they cite others

120

Affiliations

Chinese University of Hong Kong

Publications

Order By: Most citations

Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild

Dong

Diao

et al. 2018

View full text Add to dashboard Cite

Program code is a precious asset to its owner. Due to the easyto-reverse nature of Java, code protection for Android apps is of particular importance. To this end, code obfuscation is widely utilized by both legitimate app developers and malware authors, which complicates the representation of source code or machine code in order to hinder the manual investigation and code analysis. Despite many previous studies focusing on the obfuscation techniques, however, our knowledge on how obfuscation is applied by realworld developers is still limited.In this paper, we seek to better understand Android obfuscation and depict a holistic view of the usage of obfuscation through a large-scale investigation in the wild. In particular, we focus on four popular obfuscation approaches: identifier renaming, string encryption, Java reflection, and packing. To obtain the meaningful statistical results, we designed efficient and lightweight detection models for each obfuscation technique and applied them to our massive APK datasets (collected from Google Play, multiple thirdparty markets, and malware databases). We have learned several interesting facts from the result. For example, malware authors use string encryption more frequently, and more apps on third-party markets than Google Play are packed. We are also interested in the explanation of each finding. Therefore we carry out in-depth code analysis on some Android apps after sampling. We believe our study will help developers select the most suitable obfuscation approach, and in the meantime help researchers improve code analysis systems in the right direction.

show abstract

Your Smart Home Can't Keep a Secret: Towards Automated Fingerprinting of IoT Traffic

Dong

Tang

et al. 2020

View full text Add to dashboard Cite

The IoT (Internet of Things) technology has been widely adopted in recent years and has profoundly changed the people's daily lives. However, in the meantime, such a fast-growing technology has also introduced new privacy issues, which need to be better understood and measured. In this work, we look into how private information can be leaked from network traffic generated in the smart home network. Although researchers have proposed techniques to infer IoT device types or user behaviors under clean experiment setup, the effectiveness of such approaches become questionable in the complex but realistic network environment, where common techniques like Network Address and Port Translation (NAPT) and Virtual Private Network (VPN) are enabled. To this aim, we propose a traffic analysis framework based on sequence-learning techniques like LSTM and leveraged the temporal relations between packets for the attack of device identification. We evaluated it under different environment settings (e.g., pure-IoT and noisy environment with multiple non-IoT devices). The results showed our framework was able to differentiate device types with a high accuracy. This result suggests IoT network communications pose prominent challenges to users' privacy, even when they are protected by encryption and morphed by the network gateway. As such, new privacy protection methods on IoT traffic need to be developed towards mitigating this new issue.

show abstract

Your IoTs Are (Not) Mine: On the Remote Binding Between IoT Devices and Users

Chen

Zuo

Diao

et al. 2019

View full text Add to dashboard Cite

Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild

Dong

Diao³

et al. 2018

Preprint

View full text Add to dashboard Cite

Authorisation inconsistency in IoT third‐party integration

Chen

Dong³

et al. 2021

IET Information Security

View full text Add to dashboard Cite

Today's IoT platforms provide rich functionalities by integrating with popular third-party services. Due to the complexity, it is critical to understand whether the IoT platforms have properly managed the authorisation in the cross-cloud IoT environments. In this study, the authors report the first systematic study on authorisation management of IoT third-party integration by: (1) presenting two attacks that leak control permissions of the IoT device in the integration of third-party services; (2) conducting a measurement study over 19 real-world IoT platforms and three major third-party services. Results show that eight of the platforms are vulnerable to the threat. To educate IoT developers, the authors provide in-depth discussion about existing design principles and propose secure design principles for IoT cross-cloud control frameworks.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Shuaike Dong

Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild

Your Smart Home Can't Keep a Secret: Towards Automated Fingerprinting of IoT Traffic

Your IoTs Are (Not) Mine: On the Remote Binding Between IoT Devices and Users

Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild

Authorisation inconsistency in IoT third‐party integration

Contact Info

Product

Resources

About