TUM Logo

Peng Xu

M. Sc. Peng Xu


Huawei-2012, Principle Engineer & Field Expert

About me

I am a Ph.D. candidate at the Chair of IT Security at the Technical University of Munich(TUM) headed by Prof. Dr. Claudia Eckert. Previously, I received my M.Sc. degree from the Institute of Microelectronics of Chinese Academy of Sciences, where I focused on hardware security as well as networking and telecommunication security.

Visiting Research

I did my visiting at Institute for Interdisciplinary Information Sciences(IIIS), Tsinghua Univerisity. At the IIIS, my topic mainly concentrated on privacy-preserving machine learning, especially multi-party computation(MPC) and hardware-assistant(TEE-based, e.g., Intel SGX,) schemes. Additionally, I am also extending my graph-based malware detection with the privacy-preserving scheme.

Research Interests

  • Malware Detection with Graph Neural Network
    Nowadays, the Control Flow Graph (CFG) is widely utilized in the areas of static code analysis of software applications, as it is able to correctly express the flow inside of a program unit. Further, it is considered to be an effective technique to mitigate software vulnerabilities, particularly for code reuse attacks. Yet, there is an open question that can arise: How can we leverage CFG, or graph structure in general to detect malware? What are the pros and cons of this methodology? And How about the robustness of the graph-based anomaly detection system under the influence of the adversarial samples? 

    In these research topics, we introduce malware detection systems using graphs data on DEX files and native code levels for both Android and Desktop. To this end, we use Natural Language Processing (NLP) concepts, particularly, embedding techniques to transform graphs into numerical vectors to feed our classifiers. In a nutshell, our research direction is associated with machine learning as well as natural language processing. 
  • Private Computation
    With the rapid development of machine learning/deep learning in many fields, the data privacy issue raises concern increasingly. Therefore, privacy-preserving machine learning, as one of the primary applications of private computation, attracts much attention from the academic community and industrial partners. To leverage the convenience and efficiency of the conventional machine learning and deep learning system, but not to degrade the data privacy. In my work, I am primarily concentrating on the optimization of those MPC, HE and TEE-based solutions in order to reduce the gap between the academic results and industrial usage. 
  • Sofware Vulnerabilities Mitigation 
    I am interested in static/dynamic source code and binary analysis in order to detect/harden/prevent Code Reuse Attacks (CRAs)* in applications developed in C/C++ as well as Linux Kernel and Android System. Currently, I am interested in preventing Return Oriented Programming (ROP), Just-in-Time (JIT)-ROP and vTable hijacking attacks by using source code recompilation and binary rewriting techniques. For more detailed information about the prevention of CRAs attacks, please refer to the research description.

    On the other hand, I also work for the Virtual Machine Introspection (VMI) based dynamic analysis for the mobile devices (mostly for the Android system), from both Apps and OS standpoints. Depending on the virtualization technique, two-level VMI is used in order to reconstruct the OS level and Apps level dynamic behaviors. For more detailed information about VMI, please refer to here.


Fingerprint: 8DE6 5F6A EBF2 6F5D 66E7  8485 A390 2B5F AD62 8236


Supervised Work


2021 Hybroid: Toward Android Malware Detectionand Categorization with Program Code and Network Traffic
Falcon: Malware Detection and Categorization with Network Traffic Images
HawkEye: Cross-Platform Malware Detection with Representation Learning on Graphs
2020 Detecting and Categorizing Android Malware with Graph Neural Networks
2019 MANIS: Evading Malware Detection System on Graph Structure
2016 POSTER: vTableShield: Precise Protecting of Virtual Function Dispatches in C++ Programs
2013 Analysis and improvment of security services schemes in EPON system
2012 The design and implementation of 128-bit AES encryption in PRIME