Browsing by Author "Zhang, Hao"

Now showing 1 - 6 of 6
  • Thumbnail Image
    Detection of stealthy malware activities with traffic causality and scalable triggering relation discovery
    (United States Patent and Trademark Office, 2018-02-06)
    A computer system for distinguishing user-initiated network traffic from malware-initiated network traffic comprising at least one central processing unit (CPU) and a memory communicatively coupled to the CPU. The memory includes a program code executable by the CPU to monitor individual network events to determine for an individual network event whether the event has a legitimate root-trigger. Malware-initiated traffic is identified as an individual network event that does not have a legitimate root-trigger.
  • Thumbnail Image
    Discovery of Triggering Relations and Its Applications in Network Security and Android Malware Detection
    Zhang, Hao (Virginia Tech, 2015-11-30)
    An increasing variety of malware, including spyware, worms, and bots, threatens data confidentiality and system integrity on computing devices ranging from backend servers to mobile devices. To address these threats, exacerbated by dynamic network traffic patterns and growing volumes, network security has been undergoing major changes to improve accuracy and scalability in the security analysis techniques. This dissertation addresses the problem of detecting the network anomalies on a single device by inferring the traffic dependence to ensure the root-triggers. In particular, we propose a dependence model for illustrating the network traffic causality. This model depicts the triggering relation of network requests, and thus can be used to reason about the occurrences of network events and pinpoint stealthy malware activities. The triggering relationships can be inferred by means of both rule-based and learning-based approaches. The rule-based approach originates from several heuristic algorithms based on the domain knowledge. The learning-based approach discovers the triggering relationship using a pairwise comparison operation that converts the requests into event pairs with comparable attributes. Machine learning classifiers predict the triggering relationship and further reason about the legitimacy of requests by enforcing their root-triggers. We apply our dependence model on the network traffic from a single host and a mobile device. Evaluated with real-world malware samples and synthetic attacks, our findings confirm that the traffic dependence model provides a significant source of semantic and contextual information that detects zero-day malicious applications. This dissertation also studies the usability of visualizing the traffic causality for domain experts. We design and develop a tool with a visual locality property. It supports different levels of visual based querying and reasoning required for the sensemaking process on complex network data. The significance of this dissertation research is in that it provides deep insights on the dependency of network requests, and leverages structural and semantic information, allowing us to reason about network behaviors and detect stealthy anomalies.
  • Thumbnail Image
    Quantitative Genetic Background of the Host Influences Gut Microbiomes in Chickens
    Zhao, Lele; Wang, Gang; Siegel, Paul B.; He, Chuan; Wang, Hezhong; Zhao, Wenjing; Zhai, Zhengxiao; Tian, Fengwei; Zhao, Jianxin; Zhang, Hao; Sun, Zikui; Chen, Wei; Zhang, Yan; Meng, He (Nature Publishing Group, 2013-01)
    Host genotype and gender are among the factors that influence the composition of gut microbiota. We studied the population structure of gut microbiota in two lines of chickens maintained under the same husbandry and dietary regimes. The lines, which originated from a common founder population, had undergone 54 generations of selection for high (HW) or low (LW) 56-day body weight, and now differ by more than 10-fold in body weight at selection age. Of 190 microbiome species, 68 were affected by genotype (line), gender, and genotype by gender interactions. Fifteen of the 68 species belong to Lactobacillus. Species affected by genotype, gender, and the genotype by gender interaction, were 29, 48, and 12, respectively. Species affected by gender were 30 and 17 in the HW and LW lines, respectively. Thus, under a common diet and husbandry host quantitative genotype and gender influenced gut microbiota composite.
  • Thumbnail Image
    Quantum K theory of partial flag manifolds
    Mihalcea, Constantin; Sharpe, Eric; Gu, Wei; Zhang, Hao; Xu, Weihong; Zou, Hao (Elsevier, 2024-04)
    In this paper we use three-dimensional gauged linear sigma models to make physical predictions for Whitney-type presentations of equivariant quantum K theory rings of partial flag manifolds, as quantum products of universal subbundles and various ratios, extending previous work for Grassmannians. Physically, these arise as OPEs of Wilson lines for certain Chern-Simons levels. We also include a simplified method for computing Chern-Simons levels pertinent to standard quantum K theory.
  • Thumbnail Image
    Quantum K Whitney relations for partial flag varieties
    Gu, Wei; Mihalcea, Leonardo C.; Sharpe, Eric; Xu, Weihong; Zhang, Hao; Zou, Hao (2023-10-05)
    In a recent paper, we stated conjectural presentations for the equivariant quantum K ring of partial flag varieties, motivated by physics considerations. In this companion paper, we analyze these presentations mathematically. We prove that if the conjectured relations hold, then they must form a complete set of relations. Our main result is a proof of the conjectured presentation in the case of the incidence varieties. We also show that if a quantum K divisor axiom holds (as conjectured by Buch and Mihalcea), then the conjectured presentation also holds for the complete flag variety.
  • Thumbnail Image
    User Intention-Based Traffic Dependence Analysis for Anomaly Detection
    Zhang, Hao; Banick, William; Yao, Danfeng (Daphne); Ramakrishnan, Naren (Department of Computer Science, Virginia Polytechnic Institute & State University, 2012)
    This paper describes an approach for enforcing dependencies between network traffic and user activities for anomaly detection. We present a framework and algorithms that analyze user actions and network events on a host according to their dependencies. Discovering these relations is useful in identifying anomalous events on a host that are caused by software flaws or malicious code. To demonstrate the feasibility of user intention-based traffic dependence analysis, we implement a prototype called CR-Miner and perform extensive experimental evaluation of the accuracy, security, and efficiency of our algorithm. The results show that our algorithm can identify user intention-based traffic dependence with high accuracy (average 99:6% for 20 users) and low false alarms. Our prototype can successfully detect several pieces of HTTP-based real-world spyware. Our dependence analysis is fast with a minimal storage requirement. We give a thorough analysis on the security and robustness of the user intention-based traffic dependence approach.