Hello! Welcome to my Homepage
I'm Yugeng(Eastbrook) Liu

a senior student from Shanghai Jiao Tong University
Department of Computer Science
NSEC Laboratory

Address Room 326, SEIEE Building 3, 800 Dongchuan Rd, Minhang, Shanghai, P.R.China

About Me

Hello, my friend, My name is Yugeng Liu and I am a student from Shanghai Jiaotong University. I am also a researcher majoring in security in the NSEC laboratory lead by Prof. Haojin Zhu. Since 2016, I have cooperated with Prof. Yinqian Zhang from OHIO State University and we have a paper on the submission in IEEE Symposium on Security and Privacy. Currently, I am doing the research on Android Third-Party Library Detection which is cooperating with Dr. Zhushou Tang from Shanghai Pwnzen Infotech LTD. I also write some blogs in Chinese and you can click learn more if you have interests.


Now, I have two papers on the submission. One is about the third-party library detection in ICSE and anthor is about IoT security in Oakland S&P. If you are interested in these two parts, we can discuss more.


Personal Experience

Research Experience

1. IoT Security on SmartThings
Smart home is an emerging technology for intelligently connecting a large variety of smart sensors and devices to facilitate automation of home appliance, lighting, heating and cooling systems, and security and safety systems. In recent years, the smart home market has experienced a rapid growth. Our research revolves around Samsung SmartThings, a smart home platform which has the largest number of apps among currently available smart home platforms, and supports a broad range of devices including motion sensors, door locks and fire alarms. In particular, we study side-channel inference on smart home wireless traffic. Unlike traditional use of such side channels, we leverage the inference capabilities to design and develop a smart home anomaly detection systems, dubbed SMARTDETECTOR, which, by exploiting side-channel information of the wireless traffic in the smart home network, infers the activities of the installed SmartApps. Moreover, by comparing with their expected behaviors as dictated in their source code or UI interfaces, SMARTDETECTOR detects anomaly in their interaction with the smart devices. To evaluate the effectiveness of SMARTDETECTOR, we analyzed 181 official SmartApps and performed evaluation on 60 malicious SmartApps developed by ourselves, which either performed over-privileged accesses to smart devices or conducted event-spoofing attacks. The evaluation results suggest that SMARTDETECTOR can effectively validate the working logic of SmartApps and achieve a high accuracy in the detection of SmartApp misbehaviors. Moreover, as the same side-channel vector can be exploited by a closeby attacker to breach the privacy of the residents, we further propose an enhancement of SMARTDETECTOR. By injecting spoofing traffic, SMARTDETECTOR obfuscates the SmartApp traffic pattern sufficiently to defeat inference attacks against the smart home network, while preserving the capability of detecting misbehaved SmartApps.

2. Third-Party Library Detection
Third-party library (TPL) detection in Android has been a hot topic to security researchers for a long time. A precise yet scalable detection of TPLs in applications can greatly facilitate other security activities such as malware detection, and privacy leakage detection. Since TPLs of specific versions may exhibit their own security issues, the identification of TPL as well as its concrete version, can help assess the security of Android APPs. However in reality, existing approaches of TPL detection suffer from low efficiency and accuracy due to insufficient analysis data, inappropriate features, or the disturbance from code obfuscation, shrinkage, and optimization.
We present an automated approach, named PanGuard, to detect TPLs from an enormous number of Android APPs. We propose a novel combination of features including both structural and content information for packages in APPs to characterize TPLs. In order to address the difficulties caused by code obfuscation, shrinkage, and optimization, we identify the invariants that are unchanged during mutation, separate TPLs from the primary code in APPs, and use these invariants to determine the contained TPLs as well as their versions. The extensive experiments show that PanGuard achieves a high accuracy and scalability simultaneously in TPL detection.
PanGuard is implemented and applied on an industrial platform Janus, and powers the identification of TPL. Based on the detection results from millions of Android APPs, we successfully identify over 800 TPLs with 12 versions on average. By investigating the differences amongst these versions, we identify over 10 security issues in TPLs, and shed light on the significance of TPL detection with the caused harmful impacts on the Android ecosystem.


1. Using Bluetooth in iPhone to control the car
In this project, I use Swift3.0 to write an APP to control a car by bluetooth. It is uesd CC2531 in the car to connect with my iPhone. In this APP, you can control the car by voice, gesture (slide to up, down, left and right), the control kryboard, gravity sensor or inputting the command. For iPhone 6s or latter, you can also use 3D Touch to change the different speed of the car.


[2014-2015] Academic Excellence Scholarship of Shanghai Jiao Tong University (Top 25% student)
[2014-2017] Commissary in Charge of Publicity in Class
[2014-2016] SEIEE Excellent Student Cadre
[2015] Second Award of Ericsson Hackathon
[2015] Runner-up of the Shuiyuan Basketball Game
[2016-2017] Staff and Hacker of Mobile Security Conference Organized by Team Pangu
[2017] Honorable Award of MCM/ICM Contest
[2017] Volunteer of ACM Turing 50th Celebration Conference
[2017] Champion of the TiZong Basketball Game
[2014-2017] Volunteer of Shanghai International Marathon


You can send sjtu email or gmail to me if you want ot contect with me no matter in research or in life. And also welcome to our lab communicating with me if you want.