Saranya Vijayakumar

Priyanshu Kumar, Saranya Vijayakumar, Elaine Lau, Tu Trinh, Zifan Wang, Matt Fredrikson

Our work investigates whether LLMs' safety training, which makes them refuse harmful instructions in chat contexts, extends to non-chat agent scenarios, particularly browser agents. We show that while LLMs may refuse harmful requests in chat form, the same LLMs when used as browser agents often fail to maintain these safety refusals. Through extensive testing with BrowserART (Browser Agent Red teaming Toolkit) on 100 browser-based harmful behaviors, we demonstrate that browser agents pursue many harmful behaviors that would be refused in chat contexts. We find that GPT-4o and o1-preview based browser agents pursued 98 and 63 harmful behaviors respectively (out of 100) under certain attack conditions, indicating that chat-based safety training does not sufficiently transfer to agent contexts.

Zifan Wang*, Saranya Vijayakumar*, Kaiji Lu, Vijay Ganesh, Somesh Jha, Matt Fredrikson

A novel framework combining neural networks with SMT solvers for enhanced reasoning capabilities while maintaining computational efficiency. Achieved 15% improvement in accuracy on complex reasoning tasks.

Mirela Cazzolato, Saranya Vijayakumar, Meng-Chieh Lee, Namyong Park, Catalina Vajiac, Christos Faloutsos

A system for detecting and visualizing fraud patterns in large-scale telecommunication networks, combining advanced graph mining with interactive visualizations. Successfully deployed with a Portuguese telecom provider.

Saranya Vijayakumar*, Matt Fredrikson, Christos Faloutsos

This paper introduces MalCentroid, a novel framework for tracking malware evolution through behavioral analysis. While existing malware detection approaches achieve high accuracy on known samples, they typically treat each sample in isolation and rely on surface features that are easily manipulated. MalCentroid addresses both limitations by decomposing malware samples into behavioral primitives extracted from control flow graphs and tracking their evolution through a centroid-based embedding space. The framework maintains multiple behavioral prototypes per malware family, enabling it to track behavioral drift over time and identify truly novel variants. Evaluation on large-scale datasets demonstrates two key advantages: the ability to track malware evolution patterns (showing families exhibiting drift rates up to 0.633 and uncovering parallel evolution across distinct families), and inherent robustness against adversarial manipulation (with most attack vectors achieving less than 5% success rate compared to 97% against image-based approaches). These results suggest that focusing on behavioral primitives rather than surface features provides both better evolution tracking and natural security benefits.

Saranya Vijayakumar, Christos Faloutsos, Matt Fredrikson

A comprehensive evaluation of traditional, transformer-based, and visual-textual approaches for detecting AI-generated code across multiple programming languages.

Nils Palumbo, Ravi Mangal, Zifan Wang, Saranya Vijayakumar, Corina Pasareanau, Somesh Jha

In this work we present a formal framework for mechanistically interpreting neural networks, motivated by abstract interpretation from program analysis. We apply this framework to analyze a Transformer model trained to solve the 2-SAT problem. Through our analysis, we uncover that the model learns a systematic algorithm - first parsing input formulas into clause-level representations in initial layers, then evaluating satisfiability by enumerating possible Boolean variable valuations. Our work provides evidence that the extracted mechanistic interpretation satisfies our proposed formal axioms, demonstrating how the model systematically solves 2-SAT problems.