Tom Ganz

Latest Post

Oct 4, 2022

Short story about evading Antivirus Detection

Lately I came across an interesting paper where the authors use Reinforcement Learning (RL) to obfuscate malicious Portable Executable (PE) files to evade detection by antivirus (AV) scanners. The authors use actions as, for instance, random byte padding, packing the binary, adding benign strings to the .text section, modifying timestamps, adding function imports, etc… to obfuscate the binary file. After applying these actions, the modified PE file will be checked against an AV to see if the detection rate decreases. Read more

About

My name is Tom Ganz and I am currently living in London. I am pursuing my PhD in computer security and machine learning. Feel free to send me an E-Mail using my PGP key.

Academical Merits

Currently: Network Security Engineer @ Amazon UK and PhD Candidate @ TU Berlin
Msc. Computer Science @University of Applied Sciences Karlsruhe
Bsc. Applied Computer Science @Corporate State University Karlsruhe

Publications

Felix Weißberg, Jonas Möller, Tom Ganz, Erik Imgrund, Lukas Pirch, Lukas Seidel, Moritz Schloegel, Thorsten Eisenhofer and Konrad Rieck: SoK: Where to Fuzz? Assessing Target Selection Methods in Directed Fuzzing (ASIACCS 2024)
Tom Ganz, Erik Imgrund, Martin Härterich, Konrad Rieck: PAVUDI: Patch-based Vulnerability Discovery using Machine Learning (ACSAC 2023)
Erik Imgrund, Tom Ganz, Martin Härterich, Lukas Pirch, Niklas Risse, Konrad Rieck: Broken Promises: Measuring Confounding Effects in Learning-based Vulnerability Discovery (CCS AISec 2023)
Tom Ganz, Erik Imgrund, Martin Härterich, Konrad Rieck: CodeGraphSMOTE - Data Augmentation for Vulnerability Discovery (DBSEC 2023)
Tom Ganz, Philipp Rall, Martin Härterich, Konrad Rieck: Hunting for Truth: Analyzing Explanation Methods in Learning-based Vulnerability Discovery (Euro S&P 2023)
Tom Ganz, Inaam Ashraf, Martin Härterich, Konrad Rieck: Detecting Backdoors in Collaboration Graphs of Software Repositories (CODASPY 2023)
Tom Ganz, Martin Härterich, Alexander Warnecke, Konrad Rieck: Explaining Graph Neural Networks for Vulnerability Discovery (CCS AISec 2021)

Academic Services

Reviews for IEEE Access
Subreviews for S&P
Reviews for CCS AISec

Other Stuff

Awards

AISec CCS Best Paper Award 2021

Invited Talks

Cooperate State University Karlsruhe 2022: Lecturer for Compiler Engineering
SAP Conference on Machine Learning 2022: Explainable Fuzzing
SAP Conference on Machine Learning 2022: Graph Autoencoders - on the Hunt for Malicious Commits
SAP Development Kick-Off Meeting: Automated Analysis of Source Code Repositories using Machine Learning
SAP Conference on Machine Learning 2021: Intelligently Protect the Enterprise - What machines may learn about graphs in your software
SAP Security Expert Summit 2021: Intelligently Protect the Enterprise - What machines may learn about graphs in your software

Check out my LinkedIn to see my current CV.

Introduction theme for Hugo. Made with and by open source contributors.

Hi, I’m Tom