Join our CCI Experiential Learning Program focused on Mobile Security with an emphasis on the Android system. Gain hands-on experience tackling real-world cybersecurity challenges in the rapidly evolving mobile landscape, in collaboration with industry experts from Google and Visa.
Develop a tool that statically identifies potentially dead code within Android applications. By excluding this dead code from computationally intensive static analysis, the tool can significantly improve static analysis efficiency.
Design a Pyramid of Pain specifically for Android app features, illustrating which indicators of compromise (IOCs) are easier or harder for attackers to modify. Evaluate the stability of these IOCs using real datasets to assess how they change or persist as malware evolves and adapts.
Evaluate the performance of large language models (LLMs) on deobfuscated code. First, obfuscate SDKs from the Maven repository, then use LLMs to deobfuscate the code—focusing on restoring original names for variables, methods, and other identifiers. Assess the effectiveness of the LLMs in accurately recovering the original code structure.
Given an obfuscated binary, try to recreate which packages map to which SDKs and which classes/packages map to which modules inside SDKs.
The program is supported by The Commonwealth Cyber Initiative (CCI), supervised by Dr. Yanhai Xiong from W&M and Dr. Kun Sun from GMU. Students interested in participating should complete the Google form to submit their information by Febraury 19th. Eligible candidates will be contacted via email before March for the next steps.