Search for: All records

The deployment of deep learning-based malware detection systems has transformed cybersecurity, offering sophisticated pattern recognition capabilities that surpass traditional signature-based approaches. However, these systems introduce new vulnerabilities requiring systematic investigation. This chapter examines adversarial attacks against graph neural network-based malware detection systems, focusing on semantics-preserving methodologies that evade detection while maintaining program functionality. We introduce a reinforcement learning (RL) framework that formulates the attack as a sequential decision making problem, optimizing the insertion of no-operation (NOP) instructions to manipulate graph structure without altering program behavior. Comparative analysis includes three baseline methods: random insertion, hill-climbing, and gradient-approximation attacks. Our experimental evaluation on real world malware datasets reveals significant differences in effectiveness, with the reinforcement learning approach achieving perfect evasion rates against both Graph Convolutional Network and Deep Graph Convolutional Neural Network architectures while requiring minimal program modifications. Our findings reveal three critical research gaps: transitioning from abstract Control Flow Graph representations to executable binary manipulation, developing universal vulnerability discovery across different architectures, and systematically translating adversarial insights into defensive enhancements. This work contributes to understanding adversarial vulnerabilities in graph-based security systems while establishing frameworks for evaluating machine learning-based malware detection robustness. 

Abstract Cooperative catalysis with an enzyme and a small‐molecule photocatalyst has recently emerged as a potentially general activation mode to advance novel biocatalytic reactions with synthetic utility. Herein, we report cooperative photobiocatalysis involving an engineered nonheme Fe enzyme and a tailored photoredox catalyst to achieve enantioconvergent decarboxylative azidation, thiocyanation, and isocyanation of redox‐active esters via a radical mechanism. We repurposed and further evolved metapyrocatechase (MPC), a nonheme Fe extradiol dioxygenase not previously studied in new‐to‐nature biocatalysis, for the enantioselective C─N₃, C─SCN, and C─NCO bond formation via an enzymatic Fe─X intermediate (X═N₃, NCS, and NCO). A range of primary, secondary, and tertiary alkyl radical precursors were effectively converted by our engineered MPC, allowing the syntheses of organic azides, thiocyanates, and isocyanates with good to excellent enantiocontrol. Further derivatization of these products furnished valuable compounds including enantioenriched amines, triazoles, ureas, and SCF₃‐containing products. DFT and MD simulations shed light on the mechanism as well as the binding poses of the alkyl radical intermediate in the enzyme active site and the π‐facial selectivity in the enantiodetermining radical rebound. Overall, cooperative photometallobiocatalysis with nonheme Fe enzymes provides a means to develop challenging asymmetric radical transformations eluding small‐molecule catalysis. 

Abstract Binary analysis, the process of examining software without its source code, plays a crucial role in understanding program behavior, e.g., evaluating the security properties of commercial software, and analyzing malware. One challenging aspect of this process is to classify data encoding schemes, such as encryption and compression, due to the absence of high-level semantic information. Existing approaches either rely on code similarity, which only works for known schemes, or heuristic rules, which lack scalability. In this paper, we propose DESCG, a novel deep learning-based method for automatically classifying four widely employed kinds of data encoding schemes in binary programs: encryption, compression, decompression, and hashing. Our approach leverages dynamic analysis to extract execution traces from binary programs, builds data dependency graphs from these traces, and incorporates critical feature engineering. By combining the specialized graph representation with the Graph Neural Network (GNN), our approach enables accurate classification without requiring prior knowledge of specific encoding schemes. The Evaluation result shows that DESCG achieves 97.7% accuracy and an F1 score of 97.67%, outperforming baseline models. We also conducted an extensive evaluation of DESCG to explore which feature is more important for it and examine its performance and overhead. 

We report transition metal catalysis using novel chiral metal-chelating ligands featuring a silanol coordinating group and peptide-like aminoamide scaffold. The catalytic properties of the silanol ligand are demonstrated through an enantioselective Cu-catalyzed N–H insertion affording unnatural amino acid derivatives in high selectivity. Our investigations into the silanol coordination mode include DFT calculations, ligand structure investigations, and X-ray structure analyses, which support the formation of an H-bond stabilized silanol-chelating copper carbenoid complex. A p–p stacking interaction revealed by DFT calculations is proposed to enable selectivity for aryl diazoacetate substrates, overcoming some of the traditional limitations of using these substrates. 

As IoT devices with microcontroller (MCU)-based firmware become more common in our lives, memory corruption vulnerabilities in their firmware are increasingly targeted by adversaries. Fuzzing is a powerful method for detecting these vulnerabilities, but it poses unique challenges when applied to IoT devices. Direct fuzzing on these devices is inefficient, and recent efforts have shifted towards creating emulation environments for dynamic firmware testing. However, unlike traditional software, firmware interactions with peripherals that are significantly more diverse presents new challenges for achieving scalable full-system emulation and effective fuzzing. This paper reviews 27 state-of-the-art works in MCU-based firmware emulation and its applications in fuzzing. Instead of classifying existing techniques based on their capabilities and features, we first identify the fundamental challenges faced by firmware emulation and fuzzing. We then revisit recent studies, organizing them according to the specific challenges they address, and discussing how each specific challenge is addressed. We compare the emulation fidelity and bug detection capabilities of various techniques to clearly demonstrate their strengths and weaknesses, aiding users in selecting or combining tools to meet their needs. Finally, we highlight the remaining technical gaps and point out important future research directions in firmware emulation and fuzzing.