Matthias Neugschwandtner

Matthias Neugschwandtner

I am no longer with the Vienna University of Technology. I am now working at IBM Research, Zurich.

I was a research assistant at the Secure Systems Lab at the Vienna University of Technology, where I pursued my Ph.D. From Oct-2013 to Apr-2014 I visited the Northeastern University Systems Security Lab in Boston. From Oct-2011 to Feb-2012 I visited the system and network security group at the Vrije Universiteit Amsterdam.

Projects

The main focus of my research lies on system security. This encompasses developing novel methods for malware analysis, detecting vulnerabilities in programs and hardening systems against attacks. Results of my work on aspects of malware analysis contribute to the Anubis project:

  • Andrubis: dynamic analysis of Android apps.
  • ForeCast: identifying “valuable” malware samples by means of clustering and machine learning.
  • Squeeze: detection and exploration of the various C&C failover strategies employed by malware through targeted blocking of network connections.
  • dAnubis: monitoring suspicious (rootkit-related) kernel-mode activity.

Contact

You can reach me under mneug (at) iseclab (dot) org

My PGP key

Publications

Matthias Neugschwandtner, Paolo Milani Comparetti, Istvan Haller, Herbert Bos
The BORG: Nanoprobing Binaries for Buffer Overreads (to appear)
Proceedings of the 5th ACM Conference on Data and Application Security and Privacy (CODASPY), San Antonio, Texas, March 2015
Martina Lindorfer, Matthias Neugschwandtner, Lukas Weichselbaum, Yanick Fratantonio, Victor van der Veen, Christian Platzer
Andrubis - 1,000,000 Apps Later: A View on Current Android Malware Behaviors
Proceedings of the 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), Wroclaw, Poland, September 2014
[Article] [Bibtex]
Martin Jauernig, Matthias Neugschwandtner, Christian Platzer, Paolo Milani Comparetti
Lobotomy: An Architecture for JIT Spraying Mitigation
International Conference on Availability, Reliability and Security (ARES), Fribourg, Switzerland, September 2014
Martina Lindorfer, Stamatis Volanis, Alessandro Sisto, Matthias Neugschwandtner, Elias Athanasopoulos, Federico Maggi, Christian Platzer, Stefano Zanero, Sotiris Ioannidis
AndRadar: Fast Discovery of Android Applications in Alternative Markets
11th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Egham, UK, July 2014
Martina Lindorfer, Bernhard Miller, Matthias Neugschwandtner, Christian Platzer
Take a Bite - Finding the Worm in the Apple
International Conference on Information, Communications and Signal Processing (ICICS), Tainan, Taiwan, December 2013
Matthias Neugschwandtner, Martina Lindorfer, Christian Platzer
A View to a Kill: WebView exploitation
6th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), Washington DC, August 2013
[paper] [slides]
Istvan Haller, Asia Slowinska, Matthias Neugschwandtner, Herbert Bos
Dowsing for overflows: A guided fuzzer to find buffer boundary violations
22nd USENIX Security Symposium, Washington DC, August 2013
Gregoire Jacob, Paolo Milani, Matthias Neugschwandtner, Christopher Kruegel, Giovanni Vigna
A Static, Packer-Agnostic Filter to Detect Similar Malware Sample
9th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Heraklion, Greece, July 2012
Matthias Neugschwandtner, Paolo Milani Comparetti, Gregoire Jacob, Christopher Kruegel
ForeCast - Skimming off the Malware Cream
27th Annual Computer Security Applications Conference (ACSAC), Orlando, Florida, December 2011
[paper] [techreport] [slides]
Matthias Neugschwandtner, Paolo Milani Comparetti, Christian Platzer
Detecting Malware's Failover C&C Strategies with SQUEEZE
27th Annual Computer Security Applications Conference (ACSAC), Orlando, Florida, December 2011
[paper] [slides]
Matthias Neugschwandtner, Christian Platzer, Paolo Milani Comparetti, Ulrich Bayer
dAnubis - Dynamic Device Driver Analysis Based on Virtual Machine Introspection
Seventh Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Bonn, Germany, July 2010
[paper] [slides]



International Secure Systems Lab www.iseclab.org