Publications

  1. Duc-Ly Vu, Zack Newman, John Speed Meyers. Hunting malware on package repositories Chainguard's blog post.Blog
  2. Duc-Ly Vu, Zack Newman, John Speed Meyers. A Benchmark Comparison of Python Malware Detection Approaches Arxiv.Preprint (Accepted at ICSE 2023)
  3. . neverworkintheory.org
  4. Duc-Ly Vu, Zack Newman, John Speed Meyers. Taming Bad Python Packages: Assessing Python Malware Detectors with a Benchmark Dataset Chainguard's blog post.Blog
  5. Simone Scalco, Duc-Ly Vu, Ranindya Paramitha, Fabio Massacci. On the feasibility of detecting injections in malicious npm packages. To Appear In Proceedings of The 17th International Conference on Availability, Reliability and Security (ARES 2022).Preprint
  6. Duc-Ly Vu. Towards Understanding and Securing the OSS Supply Chain Ph.D Thesis
  7. Duc-Ly Vu. py2src: Towards the Automatic (and Reliable) Identification of Sources for PyPI Package. To Appear In Proceedings of The 36th IEEE/ACM International Conference on Automated Software Engineering, Student Research Competition Track. Preprint
  8. Duc-Ly Vu, Ivan Pashchenko, Fabio Massacci, Henrik Plate, Antonino Sabetta. LastPyMile: identifying the discrepancy between sources and packages. In Proceedings of The ACM 2021 Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE). Preprint, Video
  9. Duc-Ly Vu, Ivan Pashchenko, Fabio Massacci Please hold on: more time = more patches? Automated program repair as anytime algorithms. In Proceedings of the 2nd International Workshop on Automated Program Repair (APR 2021) In conjunction with 43rd International Conference on Software Engineering (ICSE 2021). Camera-ready, Code, Video
  10. Duc-Ly Vu, Ivan Pashchenko, Fabio Massacci, Henrik Plate, Antonino Sabetta. Towards Using Source Code Repositories to Identify Software Supply Chain Attacks. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. Paper
  11. Duc-Ly Vu. What Developers Want for FOSS Dependency Management? Open Problems from a Qualitative Study. REFSQ 2020 Doctoral Symposium.
  12. Duc-Ly Vu, Ivan Pashchenko, Fabio Massacci, Henrik Plate, Antonino Sabetta. Typosquatting and Combosquatting Attacks on the Python Ecosystem. In Proceedings of the 2nd Workshop on Attackers and Cyber-Crime Operations (WACCO 2020), 2020 is co-located with the 5th IEEE European Symposium on Security and Privacy (EuroS&P 2020). Camera-ready Paper
  13. Ivan Pashchenko, Duc-Ly Vu, Fabio Massacci. A Qualitative Study of Dependency Management and Its Security Implications. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2020.Camera-ready Paper
  14. Ivan Pashchenko, Duc-Ly Vu, Fabio Massacci. Preliminary Findings on FOSS Dependencies and Security A Qualitative Study on Developers’ Attitudes and Experience. 2020 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion). Paper
  15. Duc‐Ly Vu, Trong‐Kha Nguyen, Tam V Nguyen, Tu N Nguyen, Fabio Massacci, Phu H Phung. HIT4Mal: Hybrid image transformation for malware classification. Transactions on Emerging Telecommunications Technologies, 2019. Paper, Code
  16. Duc-Ly Vu and Trong‐Kha Nguyen and Tam V Nguyen and Tu N Nguyen and Fabio Massacci and Phu H Phung. A Convolutional Transformation Network for Malware Classification. 6th NAFOSTED Conference on Information and Computer Science (NICS), 2019. Paper
  17. Pham, Duy-Phuc and Duc-Ly Vu and Massacci, Fabio. Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques. Journal of Computer Virology and Hacking Techniques, 2019. Paper
  18. Trong-Kha Nguyen and Duc-Ly Vu and Seong Oun Hwang. Effective feature selection based on MANOVA International Journal of Internet Technology and Secured Transactions 2020. Paper
  19. Trong-Kha Nguyen and Duc-Ly Vu and Seong Oun Hwang. An efficient neural network model for time series forecasting of malware Journal of Intelligent & Fuzzy Systems, 2018. Paper
  20. Duc-Ly Study Windows rootkits Bachelor thesis, 2015. Thesis

Talks

  1. MAL2IMAGE: Hybrid Image Transformation for Malware Classification Joint DIMVA / ESSoS Poster Session, 2018 (Paris, France)
  2. Requirements from the Trenches: What Developers Want for FOSS Dependency Management? REFSQ, 2020 (Virtual)
  3. Typosquatting and Combosquatting Attacks on the Python Ecosystem WACCO, 2020 (Virtual)
  4. Please hold on: more time = more patches? Automated program repair as anytime algorithms 2nd International Workshop on Automated Program Repair (Virtual)
  5. LastPyMile: Identifying the Discrepancy between Sources and Packages ESEC/FSE 2021 (Virtual)
  6. LastPyMile: a lightweight approach for securing Python ecosystem from software supply chain attacks SFSCon 2021 (Bolzano, Italy)
  7. py2src: Towards the Automatic (and Reliable) Identification of Sources for PyPI Package ASE SRC 2021 (Virtual)