Publications

2025

1. INFOCOM

   Formally Verifying the State Machine of TLS 1.3 Handshake in OpenSSL

   Jingjing Guan, Hui Li, Xiangdong Li, Xiaolei Wang, Binghan Wang, Qiuye Wang, Shengchao Qin, Mengda He, Md Armanuzzaman, and Ziming Zhao

   In IEEE Conference on Computer Communications, 2025
2. TIFS

   VulsEye: Detect Smart Contract Vulnerabilities via Stateful Directed Graybox Fuzzing

   Ruichao Liang, Jing Chen, Cong Wu, Kun He, Yueming Wu, Ruochen Cao, Ruiying Du, Ziming Zhao, and Yang Liu

   IEEE Transactions on Information Forensics and Security, 2025
3. NDSS

   Defending Against Membership Inference Attacks on Iteratively Pruned Deep Neural Networks

   Jing Shang, Jian Wang, Kailun Wang, Jiqiang Liu, Nan Jiang, Md Armanuzzaman, and Ziming Zhao

   In Network and Distributed System Security Symposium, 2025

   Bib PDF

   @inproceedings{shang2025mia,
     title = {Defending Against Membership Inference Attacks on Iteratively Pruned Deep Neural Networks},
     author = {Shang, Jing and Wang, Jian and Wang, Kailun and Liu, Jiqiang and Jiang, Nan and Armanuzzaman, Md and Zhao, Ziming},
     booktitle = {Network and Distributed System Security Symposium},
     year = {2025},
   }

2024

1. CCS

   TokenScout: Early Detection of Ethereum Scam Tokens via Temporal Graph Learning

   Cong Wu, Jing Chen, Ziming Zhao, Kun He, Guowen Xu, Yueming Wu, Haijun Wang, Hongwei Li, Yang Liu, and Yang Xiang

   In ACM Conference on Computer and Communications Security, 2024

   Bib PDF Code

   @inproceedings{wu2024tokenscout,
     title = {TokenScout: Early Detection of Ethereum Scam Tokens via Temporal Graph Learning},
     author = {Wu, Cong and Chen, Jing and Zhao, Ziming and He, Kun and Xu, Guowen and Wu, Yueming and Wang, Haijun and Li, Hongwei and Liu, Yang and Xiang, Yang},
     booktitle = {ACM Conference on Computer and Communications Security},
     year = {2024},
   }

2. TIFS

   Rethinking Membership Inference Attacks Against Transfer Learning

   Cong Wu, Jing Chen, Qianru Fang, Kun He, Ziming Zhao, Hao Ren, Guowen Xu, Yang Liu, and Yang Xiang

   IEEE Transactions on Information Forensics and Security, 2024

   Bib PDF

   @article{wu2024rethinking,
     title = {Rethinking Membership Inference Attacks Against Transfer Learning},
     author = {Wu, Cong and Chen, Jing and Fang, Qianru and He, Kun and Zhao, Ziming and Ren, Hao and Xu, Guowen and Liu, Yang and Xiang, Yang},
     journal = {IEEE Transactions on Information Forensics and Security},
     year = {2024},
     publisher = {IEEE}
   }

3. WOOT

   SoK: Where’s the “up”?! A Comprehensive (bottom-up) Study on the Security of Arm Cortex-M Systems

   Xi Tan, Zheyuan Ma, Sandro Pinto, Le Guan, Ning Zhang, Jun Xu, Zhiqiang Lin, Hongxin Hu, and Ziming Zhao

   In USENIX WOOT Conference on Offensive Technologies, 2024

   Bib PDF

   @inproceedings{tan24sok,
     author = {Tan, Xi and Ma, Zheyuan and Pinto, Sandro and Guan, Le and Zhang, Ning and Xu, Jun and Lin, Zhiqiang and Hu, Hongxin and Zhao, Ziming},
     title = {{SoK: Where's the ``up''?! A Comprehensive (bottom-up) Study on the Security of Arm Cortex-M Systems}},
     booktitle = {{USENIX WOOT Conference on Offensive Technologies}},
     year = {2024}
   }

4. USENIX

   Unveiling IoT Security in Reality: A Firmware-Centric Journey

   Nicolas Nino, Ruibo Lu, Wei Zhou, Kyu Hyung Lee, Ziming Zhao, and Le Guan

   In USENIX Security Symposium, 2024

   Bib PDF

   @inproceedings{nino24firware,
     author = {Nino, Nicolas and Lu, Ruibo and Zhou, Wei and Lee, Kyu Hyung and Zhao, Ziming and Guan, Le},
     title = {{Unveiling IoT Security in Reality: A Firmware-Centric Journey}},
     booktitle = {{USENIX Security Symposium}},
     year = {2024}
   }

5. USENIX

   Moderating Illicit Online Image Promotion for Unsafe User Generated Content Games Using Large Vision Language Models

   Keyan Guo, Ayush Utkarsh, Wenbo Ding, Isabelle Ondracek, Ziming Zhao, Guo Freeman, Nishant Vishwamitra, and Hongxin Hu

   In USENIX Security Symposium, 2024

   Bib PDF

   @inproceedings{guo24image,
     author = {Guo, Keyan and Utkarsh, Ayush and Ding, Wenbo and Ondracek, Isabelle and Zhao, Ziming and Freeman, Guo and Vishwamitra, Nishant and Hu, Hongxin},
     title = {{Moderating Illicit Online Image Promotion for Unsafe User Generated Content Games Using Large Vision Language Models}},
     booktitle = {{USENIX Security Symposium}},
     year = {2024}
   }

6. SEED

   Trusted Execution Environments in Embedded and IoT Systems: A CactiLab Perspective

   Ziming Zhao, Md Armanuzzaman, Xi Tan, and Zheyuan Ma

   In IEEE International Symposium on Secure and Private Execution Environment Design, 2024

   Bib PDF

   @inproceedings{zhao24tee,
     author = {Zhao, Ziming and Armanuzzaman, Md and Tan, Xi and Ma, Zheyuan},
     title = {{Trusted Execution Environments in Embedded and IoT Systems: A CactiLab Perspective}},
     booktitle = {{IEEE International Symposium on Secure and Private Execution Environment Design}},
     year = {2024}
   }

7. RTAS

   InsectACIDE: Debugger-Based Holistic Asynchronous CFI for Embedded System

   Yujie Wang, Cailani Lemieux Mack, Xi Tan, Ning Zhang, Ziming Zhao, Sanjoy Baruah, and Bryan C. Ward

   In IEEE Real-Time and Embedded Technology and Applications Symposium, 2024

   Bib PDF

   @inproceedings{wang24insect,
     author = {Wang, Yujie and Lemieux Mack, Cailani and Tan, Xi and Zhang, Ning and Zhao, Ziming and Baruah, Sanjoy and Ward, Bryan C.},
     title = {{InsectACIDE: Debugger-Based Holistic Asynchronous CFI for Embedded System}},
     booktitle = {{IEEE Real-Time and Embedded Technology and Applications Symposium}},
     year = {2024}
   }

8. SAC

   Is the Canary Dead? On the Effectiveness of Stack Canaries on Microcontroller Systems

   Xi Tan, Sagar Mohan, Md Armanuzzaman, Zheyuan Ma, Gaoxiang Liu, Alex Eastman, Hongxin Hu, and Ziming Zhao

   In ACM/SIGAPP Symposium On Applied Computing, 2024

   Bib PDF

   @inproceedings{tan24canary,
     author = {Tan, Xi and Mohan, Sagar and Armanuzzaman, Md and Ma, Zheyuan and Liu, Gaoxiang and Eastman, Alex and Hu, Hongxin and Zhao, Ziming},
     title = {{Is the Canary Dead? On the Effectiveness of Stack Canaries on Microcontroller Systems}},
     booktitle = {{ACM/SIGAPP Symposium On Applied Computing}},
     year = {2024}
   }

9. AsiaCCS

   Command Hijacking on Voice-Controlled IoT in Amazon Alexa Platform

   Wenbo Ding, Song Liao, Long Cheng, Xianghang Mi, Ziming Zhao, and Hongxin Hu

   In ACM ASIA Conference on Computer and Communications Security, 2024

   Bib PDF

   @inproceedings{ding24command,
     author = {Ding, Wenbo and Liao, Song and Cheng, Long and Mi, Xianghang and Zhao, Ziming and Hu, Hongxin},
     title = {{Command Hijacking on Voice-Controlled IoT in Amazon Alexa Platform}},
     booktitle = {{ACM ASIA Conference on Computer and Communications Security}},
     year = {2024}
   }

10. AsiaCCS

    Building Your Own Trusted Execution Environments Using FPGA

    Md Armanuzzaman, Ahmad-Reza Sadeghi, and Ziming Zhao

    In ACM ASIA Conference on Computer and Communications Security, 2024

    Bib PDF Code

    @inproceedings{byotee24,
      author = {Armanuzzaman, Md and Sadeghi, Ahmad-Reza and Zhao, Ziming},
      title = {{Building Your Own Trusted Execution Environments Using FPGA}},
      booktitle = {{ACM ASIA Conference on Computer and Communications Security}},
      year = {2024}
    }

11. Oakland

    Moderating New Waves of Online Hate with Chain-of-Thought Reasoning in Large Language Models

    Nishant Vishwamitra, Keyan Guo, Farhan Tajwar Romit, Isabelle Ondracek, Long Cheng, Ziming Zhao, and Hongxin Hu

    In IEEE Symposium on Security and Privacy, 2024

    Bib PDF Code

    @inproceedings{nishant2024wave,
      title = {Moderating New Waves of Online Hate with Chain-of-Thought Reasoning in Large Language Models},
      author = {Vishwamitra, Nishant and Guo, Keyan and Romit, Farhan Tajwar and Ondracek, Isabelle and Cheng, Long and Zhao, Ziming and Hu, Hongxin},
      booktitle = {IEEE Symposium on Security and Privacy},
      year = {2024},
    }

2023

1. IMWUT

   LocCams: An Efficient and Robust Approach for Detecting and Localizing Hidden Wireless Cameras via Commodity Devices

   Yangyang Gu, Jing Chen, Cong Wu, Kun He, Ziming Zhao, and Ruiying Du

   In Proceedings of ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, 2023

   Bib PDF

   @inproceedings{gu24locams,
     author = {Gu, Yangyang and Chen, Jing and Wu, Cong and He, Kun and Zhao, Ziming and Du, Ruiying},
     title = {{LocCams: An Efficient and Robust Approach for Detecting and Localizing Hidden Wireless Cameras via Commodity Devices}},
     booktitle = {{Proceedings of ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies}},
     year = {2023}
   }

2. ICMLA

   An Investigation of Large Language Models for Real-World Hate Speech Detection

   Keyan Guo, Alexander Hu, Jaden Mu, Ziheng Shi, Ziming Zhao, Nishant Vishwamitra, and Hongxin Hu

   In IEEE International Conference on Machine Learning and Applications, 2023

   Bib

   @inproceedings{keyan2023hatespeech,
     title = {An Investigation of Large Language Models for Real-World Hate Speech Detection},
     author = {Guo, Keyan and Hu, Alexander and Mu, Jaden and Shi, Ziheng and Zhao, Ziming and Vishwamitra, Nishant and Hu, Hongxin},
     booktitle = {IEEE International Conference on Machine Learning and Applications},
     year = {2023},
   }

3. ASONAM

   Understanding and Analyzing COVID-19-related Online Hate Propagation Through Hateful Memes Shared on Twitter

   Nishant Vishwamitra, Keyan Guo, Liao Song, Jaden Mu, Zheyuan Ma, Long Cheng, Ziming Zhao, and Hongxin Hu

   In IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, 2023

   Bib

   @inproceedings{nishant2023covid,
     title = {Understanding and Analyzing COVID-19-related Online Hate Propagation Through Hateful Memes Shared on Twitter},
     author = {Vishwamitra, Nishant and Guo, Keyan and Song, Liao and Mu, Jaden and Ma, Zheyuan and Cheng, Long and Zhao, Ziming and Hu, Hongxin},
     booktitle = {IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining},
     year = {2023},
   }

4. TMC

   WiFiLeaks: Exposing Stationary Human Presence Through a Wall with Commodity Mobile Devices

   Yangyang Gu, Jing Chen, Kun He, Cong Wu, Ziming Zhao, and Ruiying Du

   IEEE Transactions on Mobile Computing, 2023

   Bib

   @article{gu2023wifileaks,
     title = {WiFiLeaks: Exposing Stationary Human Presence Through a Wall with Commodity Mobile Devices},
     author = {Gu, Yangyang and Chen, Jing and He, Kun and Wu, Cong and Zhao, Ziming and Du, Ruiying},
     journal = {IEEE Transactions on Mobile Computing},
     year = {2023},
     publisher = {IEEE},
   }

5. SmartSP

   Exploring Vulnerabilities in Voice Command Skills for Connected Vehicles

   Wenbo Ding, Song Liao, Long Cheng, Ziming Zhao, Keyan Guo, and Hongxin Hu

   In EAI International Conference on Security and Privacy in Cyber-Physical Systems and Smart Vehicles, 2023

   Bib

   @inproceedings{ding2023skills,
     title = {Exploring Vulnerabilities in Voice Command Skills for Connected Vehicles},
     author = {Ding, Wenbo and Liao, Song and Cheng, Long and Zhao, Ziming and Guo, Keyan and Hu, Hongxin},
     booktitle = {EAI International Conference on Security and Privacy in Cyber-Physical Systems and Smart Vehicles},
     year = {2023},
   }

6. CCS

   SHERLOC: Secure and Holistic Control-Flow Violation Detection on Embedded Systems

   Xi Tan and Ziming Zhao

   In ACM Conference on Computer and Communications Security, 2023

   Bib PDF Code Poster Slides

   @inproceedings{tan2023sherloc,
     title = {SHERLOC: Secure and Holistic Control-Flow Violation Detection on Embedded Systems},
     author = {Tan, Xi and Zhao, Ziming},
     booktitle = {ACM Conference on Computer and Communications Security},
     year = {2023},
   }

7. USENIX

   xNIDS: Explaining Deep Learning-based Network Intrusion Detection Systems for Active Intrusion Responses

   Feng Wei, Hongda Li, Ziming Zhao, and Hongxin Hu

   In USENIX Security Symposium, 2023

   Bib PDF Code

   @inproceedings{wei2023xNIDS,
     title = {xNIDS: Explaining Deep Learning-based Network Intrusion Detection Systems for Active Intrusion Responses},
     author = {Wei, Feng and Li, Hongda and Zhao, Ziming and Hu, Hongxin},
     booktitle = {USENIX Security Symposium},
     year = {2023},
   }

8. DAC

   Return-to-Non-Secure Vulnerabilities on ARM Cortex-M TrustZone: Attack and Defense

   Zheyuan Ma, Xi Tan, Lukasz Ziarek, Ning Zhang, Hongxin Hu, and Ziming Zhao

   In ACM/IEEE Design Automation Conference, 2023

   Bib PDF Code Poster Slides

   @inproceedings{ma2023dac,
     title = {Return-to-Non-Secure Vulnerabilities on ARM Cortex-M TrustZone: Attack and Defense},
     author = {Ma, Zheyuan and Tan, Xi and Ziarek, Lukasz and Zhang, Ning and Hu, Hongxin and Zhao, Ziming},
     booktitle = {ACM/IEEE Design Automation Conference},
     year = {2023},
   }

2022

1. CCS

   EchoHand: High Accuracy and Presentation Attack Resistant Hand Authentication on Commodity Mobile Devices

   Cong Wu, Jing Chen, Kun He, Ziming Zhao, Ruiying Du, and Chen Zhang

   In ACM Conference on Computer and Communications Security, 2022

   DOI Bib PDF

   @inproceedings{wu2022echohand,
     title = {EchoHand: High Accuracy and Presentation Attack Resistant Hand Authentication on Commodity Mobile Devices},
     author = {Wu, Cong and Chen, Jing and He, Kun and Zhao, Ziming and Du, Ruiying and Zhang, Chen},
     booktitle = {ACM Conference on Computer and Communications Security},
     pages = {2931--2945},
     year = {2022},
     doi = {10.1145/3548606.3560553},
   }

2. ICMLA

   Understanding the Generalizability of Hateful Memes Detection Models Against COVID-19-related Hateful Memes

   Keyan Guo, Wentai Zhao, Jaden Mu, Nishant Vishwamitra, Ziming Zhao, and Hongxin Hu

   In IEEE International Conference on Machine Learning and Applications, 2022

   Bib PDF

   @inproceedings{keyan2022Understanding,
     title = {Understanding the Generalizability of Hateful Memes Detection Models Against COVID-19-related Hateful Memes},
     author = {Guo, Keyan and Zhao, Wentai and Mu, Jaden and Vishwamitra, Nishant and Zhao, Ziming and Hu, Hongxin},
     booktitle = {IEEE International Conference on Machine Learning and Applications},
     year = {2022},
   }

3. TDSC

   FIDO Gets Verified: A Formal Analysis of the Universal Authentication Framework Protocol

   Haonan Feng, Jingjing Guan, Hui Li, Xuesong Pan, and Ziming Zhao

   IEEE Transactions on Dependable and Secure Computing, 2022

   Bib PDF

   @article{feng2022fido,
     title = {FIDO Gets Verified: A Formal Analysis of the Universal Authentication Framework Protocol},
     author = {Feng, Haonan and Guan, Jingjing and Li, Hui and Pan, Xuesong and Zhao, Ziming},
     journal = {IEEE Transactions on Dependable and Secure Computing},
     year = {2022},
     publisher = {IEEE},
   }

4. ESORICS

   A Formal Analysis of the FIDO2 Protocols

   Jingjing Guan, Hui Li, Haisong Ye, and Ziming Zhao

   In European Symposium on Research in Computer Security, 2022

   Bib PDF

   @inproceedings{fido2,
     author = {Guan, Jingjing and Li, Hui and Ye, Haisong and Zhao, Ziming},
     title = {A Formal Analysis of the FIDO2 Protocols},
     booktitle = {European Symposium on Research in Computer Security},
     year = {2022},
     address = {Cham},
     pages = {3--21},
   }

5. arXiv

   SoK: On the Semantic AI Security in Autonomous Driving

   Junjie Shen, Ningfei Wang, Ziwen Wan, Yunpeng Luo, Takami Sato, Zhisheng Hu, Xinyang Zhang, Shengjian Guo, Zhenyu Zhong, Kang Li, Ziming Zhao, Chunming Qiao, and Qi Alfred Chen

   2022

   Bib PDF

   @misc{autosok22,
     author = {Shen, Junjie and Wang, Ningfei and Wan, Ziwen and Luo, Yunpeng and Sato, Takami and Hu, Zhisheng and Zhang, Xinyang and Guo, Shengjian and Zhong, Zhenyu and Li, Kang and Zhao, Ziming and Qiao, Chunming and Chen, Qi Alfred},
     year = {2022},
     pages = {},
     title = {SoK: On the Semantic AI Security in Autonomous Driving},
   }

6. arXiv

   Understanding and Measuring Robustness of Multimodal Learning

   Nishant Vishwamitra, Hongxin Hu, Ziming Zhao, Long Cheng, and Feng Luo

   2022

   Bib PDF

   @misc{multimodal22,
     author = {Vishwamitra, Nishant and Hu, Hongxin and Zhao, Ziming and Cheng, Long and Luo, Feng},
     year = {2022},
     pages = {},
     title = {Understanding and Measuring Robustness of Multimodal Learning},
   }

7. AsiaCCS

   Understanding and Detecting Remote Infection on Linux-based IoT Devices

   Hongda Li, Qiqing Huang, Fei Ding, Hongxin Hu, Long Cheng, Guofei Gu, and Ziming Zhao

   In ACM ASIA Conference on Computer and Communications Security, 2022

   Bib PDF

   @inproceedings{li2022understanding,
     title = {Understanding and Detecting Remote Infection on Linux-based IoT Devices},
     author = {Li, Hongda and Huang, Qiqing and Ding, Fei and Hu, Hongxin and Cheng, Long and Gu, Guofei and Zhao, Ziming},
     booktitle = {ACM ASIA Conference on Computer and Communications Security},
     pages = {873--887},
     year = {2022},
     best = {Best Paper Award}
   }

8. TDSC

   Toward Robust Detection of Puppet Attacks via Characterizing Fingertip-Touch Behaviors

   Cong Wu, Kun He, Jing Chen, Ziming Zhao, and Ruiying Du

   IEEE Transactions on Dependable and Secure Computing, 2022

   DOI Bib PDF

   @article{puppet22,
     author = {Wu, Cong and He, Kun and Chen, Jing and Zhao, Ziming and Du, Ruiying},
     year = {2022},
     pages = {1-1},
     title = {Toward Robust Detection of Puppet Attacks via Characterizing Fingertip-Touch Behaviors},
     journal = {IEEE Transactions on Dependable and Secure Computing},
     doi = {10.1109/TDSC.2021.3116552},
   }

9. CODASPY

   Towards Automated Content-based Photo Privacy Control in User-Centered Social Networks

   Nishant Vishwamitra, Yifang Li, Hongxin Hu, Kelly Caine, Long Cheng, Ziming Zhao, and Gail-Joon Ahn

   In ACM Conference on Data and Application Security and Privacy, 2022

   Bib PDF

   @inproceedings{vishwamitra2022towards,
     title = {Towards Automated Content-based Photo Privacy Control in User-Centered Social Networks},
     author = {Vishwamitra, Nishant and Li, Yifang and Hu, Hongxin and Caine, Kelly and Cheng, Long and Zhao, Ziming and Ahn, Gail-Joon},
     booktitle = {ACM Conference on Data and Application Security and Privacy},
     pages = {65--76},
     year = {2022},
   }

2021

1. USENIX

   Having Your Cake and Eating It: An Analysis of Concession-Abuse-as-a-Service

   Zhibo Sun, Adam Oest, Penghui Zhang, Carlos Rubio-Medrano, Tiffany Bao, Ruoyu Wang, Ziming Zhao, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn

   In USENIX Security Symposium, 2021

   Bib PDF

   @inproceedings{sun2021cake,
     title = {Having Your Cake and Eating It: An Analysis of Concession-Abuse-as-a-Service},
     author = {Sun, Zhibo and Oest, Adam and Zhang, Penghui and Rubio-Medrano, Carlos and Bao, Tiffany and Wang, Ruoyu and Zhao, Ziming and Shoshitaishvili, Yan and Doup{\'e}, Adam and Ahn, Gail-Joon},
     booktitle = {USENIX Security Symposium},
     year = {2021},
     organization = {USENIX},
   }

2. DTRAP

   ExSol: Collaboratively Assessing Cybersecurity Risks for Protecting Energy Delivery Systems

   Josephine Lamp, Carlos E Rubio-Medrano, Ziming Zhao, and Gail-Joon Ahn

   Digital Threats: Research and Practice, 2021

   Bib PDF

   @article{lamp2021exsol,
     title = {ExSol: Collaboratively Assessing Cybersecurity Risks for Protecting Energy Delivery Systems},
     author = {Lamp, Josephine and Rubio-Medrano, Carlos E and Zhao, Ziming and Ahn, Gail-Joon},
     journal = {Digital Threats: Research and Practice},
     volume = {2},
     number = {3},
     pages = {1--23},
     year = {2021},
     publisher = {ACM New York, NY, USA},
   }

3. NDSS

   A Formal Analysis of the FIDO UAF Protocol

   Haonan Feng, Hui Li, Xuesong Pan, and Ziming Zhao

   In Network and Distributed System Security Symposium, 2021

   Bib PDF

   @inproceedings{fengformal2021,
     title = {A Formal Analysis of the FIDO UAF Protocol},
     author = {Feng, Haonan and Li, Hui and Pan, Xuesong and Zhao, Ziming},
     booktitle = {Network and Distributed System Security Symposium},
     year = {2021},
   }

2020

1. TPS

   Toward Automated Enforcement of Cyber-Physical Security Requirements for Energy Delivery Systems

   Carlos Rubio-Medrano, Ziming Zhao, and Gail-Joon Ahn

   In IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications , 2020

   Bib PDF

   @inproceedings{rubio2020toward,
     title = {Toward Automated Enforcement of Cyber-Physical Security Requirements for Energy Delivery Systems},
     author = {Rubio-Medrano, Carlos and Zhao, Ziming and Ahn, Gail-Joon},
     booktitle = {IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications },
     pages = {319--322},
     year = {2020},
     organization = {IEEE},
   }

2. USENIX

   Liveness is Not Enough: Enhancing Fingerprint Authentication with Behavioral Biometrics to Defeat Puppet Attacks

   Cong Wu, Kun He, Jing Chen, Ziming Zhao, and Ruiying Du

   In USENIX Security Symposium, 2020

   Bib PDF

   @inproceedings{wu2020liveness,
     title = {Liveness is Not Enough: Enhancing Fingerprint Authentication with Behavioral Biometrics to Defeat Puppet Attacks},
     author = {Wu, Cong and He, Kun and Chen, Jing and Zhao, Ziming and Du, Ruiying},
     booktitle = {USENIX Security Symposium},
     pages = {2219--2236},
     year = {2020},
   }

3. MobiSys

   SmokeBomb: Effective Mitigation Against Cache Side-channel Attacks on the ARM Architecture

   Haehyun Cho, Jinbum Park, Donguk Kim, Ziming Zhao, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn

   In ACM International Conference on Mobile Systems, Applications, and Services, 2020

   Bib PDF Code

   @inproceedings{cho2020smokebomb,
     title = {SmokeBomb: Effective Mitigation Against Cache Side-channel Attacks on the ARM Architecture},
     author = {Cho, Haehyun and Park, Jinbum and Kim, Donguk and Zhao, Ziming and Shoshitaishvili, Yan and Doup{\'e}, Adam and Ahn, Gail-Joon},
     booktitle = {ACM International Conference on Mobile Systems, Applications, and Services},
     pages = {107--120},
     year = {2020},
   }

4. Book Chapter

   Mitigating the CacheKit Attack

   Mauricio Gutierrez, Ziming Zhao, Adam Doupé, Yan Shoshitaishvili, and Gail-Joon Ahn

   Frontiers in Hardware Security and Trust: Theory, Design and Practice, 2020

   Bib

   @article{gutierrez2020mitigating,
     title = {Mitigating the CacheKit Attack},
     author = {Gutierrez, Mauricio and Zhao, Ziming and Doup{\'e}, Adam and Shoshitaishvili, Yan and Ahn, Gail-Joon},
     journal = {Frontiers in Hardware Security and Trust: Theory, Design and Practice},
     pages = {173},
     year = {2020},
     publisher = {Materials, Circuits and Device},
   }

5. CODASPY

   DANdroid: A Multi-View Discriminative Adversarial Network for Obfuscated Android Malware Detection

   Stuart Millar, Niall McLaughlin, Jesus Rincon, Paul Miller, and Ziming Zhao

   In ACM Conference on Data and Application Security and Privacy, 2020

   Bib PDF

   @inproceedings{millar2020dandroid,
     title = {DANdroid: A Multi-View Discriminative Adversarial Network for Obfuscated Android Malware Detection},
     author = {Millar, Stuart and McLaughlin, Niall and Martinez del Rincon, Jesus and Miller, Paul and Zhao, Ziming},
     booktitle = {ACM Conference on Data and Application Security and Privacy},
     pages = {353--364},
     year = {2020},
   }

2019

1. CCS

   Matched and Mismatched SOCs: A Qualitative Study on Security Operations Center Issues

   Faris Bugra Kokulu, Ananta Soneji, Tiffany Bao, Yan Shoshitaishvili, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn

   In ACM Conference on Computer and Communications Security, 2019

   Bib PDF

   @inproceedings{kokulu2019matched,
     title = {Matched and Mismatched SOCs: A Qualitative Study on Security Operations Center Issues},
     author = {Kokulu, Faris Bugra and Soneji, Ananta and Bao, Tiffany and Shoshitaishvili, Yan and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon},
     booktitle = {ACM Conference on Computer and Communications Security},
     pages = {1955--1970},
     year = {2019},
   }

2. US Patent

   Systems and methods for authenticating caller identity and call request header information for outbound telephony communications

   Huahong Tu, Adam Doupé, Gail-Joon Ahn, and Ziming Zhao

   2019

   US Patent 10,447,481

   Bib

   @misc{tu2019systems,
     title = {Systems and methods for authenticating caller identity and call request header information for outbound telephony communications},
     author = {Tu, Huahong and Doup{\'e}, Adam and Ahn, Gail-Joon and Zhao, Ziming},
     year = {2019},
     publisher = {Google Patents},
     note = {US Patent 10,447,481},
   }

3. USENIX

   Users Really Do Answer Telephone Scams

   Huahong Tu, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn

   In USENIX Security Symposium, 2019

   Bib PDF

   @inproceedings{tu2019security,
     title = {Users Really Do Answer Telephone Scams},
     author = {Tu, Huahong and Doup{\'e}, Adam and Zhao, Ziming and Ahn, Gail-Joon},
     booktitle = {USENIX Security Symposium},
     year = {2019},
     organization = {USENIX},
     distinguished = {Distinguished Paper Award}
   }

4. COSE

   Towards a Reliable Firewall for Software-Defined Networks

   Hongxin Hu, Wonkyu Han, Sukwha Kyung, Juan Wang, Gail-Joon Ahn, Ziming Zhao, and Hongda Li

   Computers & Security, 2019

   Bib PDF

   @article{hu2019towards,
     title = {Towards a Reliable Firewall for Software-Defined Networks},
     author = {Hu, Hongxin and Han, Wonkyu and Kyung, Sukwha and Wang, Juan and Ahn, Gail-Joon and Zhao, Ziming and Li, Hongda},
     journal = {Computers \& Security},
     volume = {87},
     pages = {101597},
     year = {2019},
     publisher = {Elsevier},
   }

5. SACMAT

   Effectively Enforcing Authorization Constraints for Emerging Space-Sensitive Technologies

   Carlos E Rubio-Medrano, Shaishavkumar Jogani, Maria Leitner, Ziming Zhao, and Gail-Joon Ahn

   In ACM Symposium on Access Control Models and Technologies, 2019

   Bib PDF

   @inproceedings{rubio2019effectively,
     title = {Effectively Enforcing Authorization Constraints for Emerging Space-Sensitive Technologies},
     author = {Rubio-Medrano, Carlos E and Jogani, Shaishavkumar and Leitner, Maria and Zhao, Ziming and Ahn, Gail-Joon},
     booktitle = {ACM Symposium on Access Control Models and Technologies},
     pages = {195--206},
     year = {2019},
   }

6. MSCPES

   ExSol: Collaboratively Assessing Cybersecurity Risks for Protecting Energy Delivery Systems

   Josephine Lamp, Carlos Rubio-Medrano, Ziming Zhao, and Gail-Joon Ahn

   In IEEE Workshop on Modeling and Simulation of Cyber-Physical Energy Systems, 2019

   Bib PDF

   @inproceedings{lamp2019exsol,
     title = {ExSol: Collaboratively Assessing Cybersecurity Risks for Protecting Energy Delivery Systems},
     author = {Lamp, Josephine and Rubio-Medrano, Carlos and and Zhao, Ziming and Ahn, Gail-Joon},
     booktitle = {IEEE Workshop on Modeling and Simulation of Cyber-Physical Energy Systems},
     year = {2019},
     organization = {IEEE},
   }

7. SAC

   iCORE: Continuous and Proactive Extrospection on Multi-core IoT Devices

   Penghui Zhang, Haehyun Cho, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn

   In ACM/SIGAPP Symposium on Applied Computing, 2019

   Bib PDF

   @inproceedings{zhang2019ic,
     title = {{iCORE: Continuous and Proactive Extrospection on Multi-core IoT Devices}},
     author = {Zhang, Penghui and Cho, Haehyun and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon},
     booktitle = {ACM/SIGAPP Symposium on Applied Computing},
     pages = {851--860},
     year = {2019},
     organization = {ACM},
   }

8. CODASPY

   Understanding and Predicting Private Interactions in Underground Forums

   Zhibo Sun, Carlos E Rubio-Medrano, Ziming Zhao, Tiffany Bao, Adam Doupé, and Gail-Joon Ahn

   In ACM Conference on Data and Application Security and Privacy, 2019

   Bib PDF

   @inproceedings{sun2019understanding,
     title = {Understanding and Predicting Private Interactions in Underground Forums},
     author = {Sun, Zhibo and Rubio-Medrano, Carlos E and Zhao, Ziming and Bao, Tiffany and Doup{\'e}, Adam and Ahn, Gail-Joon},
     booktitle = {ACM Conference on Data and Application Security and Privacy},
     pages = {303--314},
     year = {2019},
   }

2018

1. TDSC

   Semantics-Aware Privacy Risk Assessment Using Self-Learning Weight Assignment for Mobile Apps

   Jing Chen, Chiheng Wang, Kun He, Ziming Zhao, Min Chen, Ruiying Du, and Gail-Joon Ahn

   IEEE Transactions on Dependable and Secure Computing, 2018

   Bib PDF

   @article{chen2018semantics,
     title = {Semantics-Aware Privacy Risk Assessment Using Self-Learning Weight Assignment for Mobile Apps},
     author = {Chen, Jing and Wang, Chiheng and He, Kun and Zhao, Ziming and Chen, Min and Du, Ruiying and Ahn, Gail-Joon},
     journal = {IEEE Transactions on Dependable and Secure Computing},
     volume = {18},
     number = {1},
     pages = {15--29},
     year = {2018},
     publisher = {IEEE},
   }

2. ACSAC

   Wi Not Calling: Practical Privacy and Availability Atacks in Wi-Fi Calling

   Jaejong Baek, Sukwha Kyung, Haehyun Cho, Ziming Zhao, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn

   In Annual Computer Security Applications Conference, 2018

   Bib PDF

   @inproceedings{baek2018wi,
     title = {Wi Not Calling: Practical Privacy and Availability Atacks in Wi-Fi Calling},
     author = {Baek, Jaejong and Kyung, Sukwha and Cho, Haehyun and Zhao, Ziming and Shoshitaishvili, Yan and Doup{\'e}, Adam and Ahn, Gail-Joon},
     booktitle = {Annual Computer Security Applications Conference},
     pages = {278--288},
     year = {2018},
   }

3. ACSAC

   Prime+Count: Novel Cross-world Covert Channels on ARM TrustZone

   Haehyun Cho, Penghui Zhang, Donguk Kim, Jinbum Park, Choong-Hoon Lee, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn

   In Annual Computer Security Applications Conference, 2018

   Bib PDF

   @inproceedings{cho2018prime,
     title = {{Prime+Count: Novel Cross-world Covert Channels on ARM TrustZone}},
     author = {Cho, Haehyun and Zhang, Penghui and Kim, Donguk and Park, Jinbum and Lee, Choong-Hoon and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon},
     booktitle = {Annual Computer Security Applications Conference},
     pages = {441--452},
     year = {2018},
     organization = {ACM},
   }

4. ASHES

   CacheLight: Defeating the CacheKit Attack

   Mauricio Gutierrez, Ziming Zhao, Adam Doupé, Yan Shoshitaishvili, and Gail-Joon Ahn

   In Workshop on Attacks and Solutions in Hardware Security, 2018

   Bib PDF

   @inproceedings{gutierrez2018cachelight,
     title = {CacheLight: Defeating the CacheKit Attack},
     author = {Gutierrez, Mauricio and Zhao, Ziming and Doup{\'e}, Adam and Shoshitaishvili, Yan and Ahn, Gail-Joon},
     booktitle = {Workshop on Attacks and Solutions in Hardware Security},
     pages = {65--74},
     year = {2018},
   }

5. CCS

   AIM-SDN: Attacking Information Mismanagement in SDN-datastores

   Vaibhav Hemant Dixit, Adam Doupé, Yan Shoshitaishvili, Ziming Zhao, and Gail-Joon Ahn

   In ACM Conference on Computer and Communications Security, Toronto, Canada, 2018

   Bib PDF

   @inproceedings{Vaibhav:2018:AIM,
     author = {Dixit, Vaibhav Hemant and Doup{\'e}, Adam and Shoshitaishvili, Yan and Zhao, Ziming and Ahn, Gail-Joon},
     title = {AIM-SDN: Attacking Information Mismanagement in SDN-datastores},
     booktitle = {ACM Conference on Computer and Communications Security},
     year = {2018},
     location = {Toronto, Canada},
     publisher = {ACM},
   }

6. MedSPT

   The Danger of Missing Instructions: A Systematic Analysis of Security Requirements for MCPS

   Josephine Lamp, Carlos E Rubio-Medrano, Ziming Zhao, and Gail-Joon Ahn

   In IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies, 2018

   Bib PDF

   @inproceedings{lamp2018danger,
     title = {The Danger of Missing Instructions: A Systematic Analysis of Security Requirements for MCPS},
     author = {Lamp, Josephine and Rubio-Medrano, Carlos E and Zhao, Ziming and Ahn, Gail-Joon},
     booktitle = {IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies},
     pages = {94--99},
     year = {2018},
     organization = {IEEE},
   }

7. TIFS

   Uncovering the Face of Android Ransomware: Characterization and Real-Time Detection

   Jing Chen, Chiheng Wang, Ziming Zhao, Kai Chen, Ruiying Du, and Gail-Joon Ahn

   IEEE Transactions on Information Forensics and Security, 2018

   Bib PDF

   @article{chen2018uncovering,
     title = {Uncovering the Face of Android Ransomware: Characterization and Real-Time Detection},
     author = {Chen, Jing and Wang, Chiheng and Zhao, Ziming and Chen, Kai and Du, Ruiying and Ahn, Gail-Joon},
     journal = {IEEE Transactions on Information Forensics and Security},
     volume = {13},
     number = {5},
     pages = {1286--1300},
     year = {2018},
     publisher = {IEEE},
   }

8. SAC

   Measuring E-Mail Header Injections on the World Wide Web

   Sai Prashanth Chandramouli, Pierre-Marie Bajan, Christopher Kruegel, Giovanni Vigna, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn

   In ACM/SIGAPP Symposium On Applied Computing, 2018

   Bib PDF

   @inproceedings{chandramouli2018measuring,
     title = {Measuring E-Mail Header Injections on the World Wide Web},
     author = {Chandramouli, Sai Prashanth and Bajan, Pierre-Marie and Kruegel, Christopher and Vigna, Giovanni and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon},
     booktitle = {ACM/SIGAPP Symposium On Applied Computing},
     year = {2018},
     organization = {ACM},
   }

9. 11.9 Digital Forensics

   Challenges, Opportunities and a Framework for Web Environment Forensics

   Mike Mabey, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn

   In IFIP International Conference on Digital Forensics, 2018

   Bib HTML

   @inproceedings{mabey2018challenges,
     title = {Challenges, Opportunities and a Framework for Web Environment Forensics},
     author = {Mabey, Mike and Doup{\'e}, Adam and Zhao, Ziming and Ahn, Gail-Joon},
     booktitle = {IFIP International Conference on Digital Forensics},
     pages = {11--33},
     year = {2018},
     organization = {Springer},
   }

10. ABAC

    RiskPol: A Risk Assessment Framework for Preventing Attribute-Forgery Attacks to ABAC Policies

    Carlos E Rubio-Medrano, Ziming Zhao, and Gail-Joon Ahn

    In ACM Workshop on Attribute-Based Access Control, 2018

    Bib PDF

    @inproceedings{rubio2018riskpol,
      title = {RiskPol: A Risk Assessment Framework for Preventing Attribute-Forgery Attacks to ABAC Policies},
      author = {Rubio-Medrano, Carlos E and Zhao, Ziming and Ahn, Gail-Joon},
      booktitle = {ACM Workshop on Attribute-Based Access Control},
      pages = {54--60},
      year = {2018},
    }

11. SDNNFV

    Challenges and Preparedness of SDN-based Firewalls

    Vaibhav Hemant Dixit, Sukwha Kyung, Ziming Zhao, Adam Doupé, Yan Shoshitaishvili, and Gail-Joon Ahn

    In ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, 2018

    Bib PDF

    @inproceedings{dixit2018challenges,
      title = {Challenges and Preparedness of SDN-based Firewalls},
      author = {Dixit, Vaibhav Hemant and Kyung, Sukwha and Zhao, Ziming and Doup{\'e}, Adam and Shoshitaishvili, Yan and Ahn, Gail-Joon},
      booktitle = {ACM International Workshop on Security in Software Defined Networks \& Network Function Virtualization},
      pages = {33--38},
      year = {2018},
      organization = {ACM},
    }

2017

1. CIC

   OntoEDS: Protecting Energy Delivery Systems by Collaboratively Analyzing Security Requirements

   Josephine Lamp, Carlos E Rubio-Medrano, Ziming Zhao, and Gail-Joon Ahn

   In IEEE International Conference on Collaboration and Internet Computing (CIC), 2017

   Bib PDF

   @inproceedings{lamp2017ontoeds,
     title = {OntoEDS: Protecting Energy Delivery Systems by Collaboratively Analyzing Security Requirements},
     author = {Lamp, Josephine and Rubio-Medrano, Carlos E and Zhao, Ziming and Ahn, Gail-Joon},
     booktitle = {IEEE International Conference on Collaboration and Internet Computing (CIC)},
     pages = {1--10},
     year = {2017},
     organization = {IEEE},
   }

2. MTD

   Mutated Policies: Towards Proactive Attribute-based Defenses for Access Control

   Carlos E Rubio-Medrano, Josephine Lamp, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn

   In Workshop on Moving Target Defense, 2017

   Bib PDF

   @inproceedings{rubio2017mutated,
     title = {Mutated Policies: Towards Proactive Attribute-based Defenses for Access Control},
     author = {Rubio-Medrano, Carlos E and Lamp, Josephine and Doup{\'e}, Adam and Zhao, Ziming and Ahn, Gail-Joon},
     booktitle = {Workshop on Moving Target Defense},
     pages = {39--49},
     year = {2017},
   }

3. CNS

   HoneyProxy: Design and Implementation of Next-Generation Honeynet via SDN

   Sukwha Kyung, Wonkyu Han, Naveen Tiwari, Vaibhav Dixit, Lakshmi Srinivas, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn

   In IEEE Conference on Communications and Network Security, 2017

   Bib PDF

   @inproceedings{sukwha2017Honey,
     title = {HoneyProxy: Design and Implementation of Next-Generation Honeynet via SDN},
     author = {Kyung, Sukwha and Han, Wonkyu and Tiwari, Naveen and Dixit, Vaibhav and Srinivas, Lakshmi and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon},
     booktitle = {IEEE Conference on Communications and Network Security},
     year = {2017},
   }

4. CSM

   Toward Standardization of Authenticated Caller ID Transmission

   Huahong Tu, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn

   IEEE Communications Standards Magazine, 2017

   Bib PDF

   @article{tu2017toward,
     title = {Toward Standardization of Authenticated Caller ID Transmission},
     author = {Tu, Huahong and Doup{\'e}, Adam and Zhao, Ziming and Ahn, Gail-Joon},
     journal = {IEEE Communications Standards Magazine},
     volume = {1},
     number = {3},
     pages = {30--36},
     year = {2017},
     publisher = {IEEE},
   }

5. ITIT

   E-mail Header Injection Vulnerabilities

   Sai Prashanth Chandramouli, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn

   it - Information Technology, 2017

   Bib PDF

   @article{chandramouli2017mail,
     title = {E-mail Header Injection Vulnerabilities},
     author = {Chandramouli, Sai Prashanth and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon},
     journal = {it - Information Technology},
     volume = {59},
     number = {2},
     pages = {67--72},
     year = {2017},
     publisher = {De Gruyter Oldenbourg},
   }

6. AAMAS

   A Game Theoretic Approach to Strategy Generation for Moving Target Defense in Web Applications.

   Sailik Sengupta, Satya Gautam Vadlamudi, Subbarao Kambhampati, Adam Doupé, Ziming Zhao, Marthony Taguinod, and Gail-Joon Ahn

   In AAMAS, 2017

   Bib PDF

   @inproceedings{sengupta2017game,
     title = {A Game Theoretic Approach to Strategy Generation for Moving Target Defense in Web Applications.},
     author = {Sengupta, Sailik and Vadlamudi, Satya Gautam and Kambhampati, Subbarao and Doup{\'e}, Adam and Zhao, Ziming and Taguinod, Marthony and Ahn, Gail-Joon},
     booktitle = {AAMAS},
     volume = {1},
     pages = {178--186},
     year = {2017},
   }

7. CODASPY

   Deep Android Malware Detection

   Niall McLaughlin, Jesus Rincon, Yeganeh Safaei, Erik Trickel, Ziming Zhao, and Adam Doupé

   In ACM Conference on Data and Application Security and Privacy, 2017

   Bib PDF

   @inproceedings{mclaughlin2017deep,
     title = {Deep Android Malware Detection},
     author = {McLaughlin, Niall and Martinez del Rincon, Jesus and Safaei, Yeganeh and Trickel, Erik and Zhao, Ziming and Doup{\'e}, Adam},
     booktitle = {ACM Conference on Data and Application Security and Privacy},
     pages = {301--308},
     year = {2017},
     organization = {ACM},
   }

8. ICST

   NIVAnalyzer: A Tool for Automatically Detecting and Verifying Next-Intent Vulnerabilities in Android Apps

   Junjie Tang, Xingmin Cui, Ziming Zhao, Shanqing Guo, Xinshun Xu, Chengyu Hu, Tao Ban, and Bing Mao

   In IEEE Conference on Software Testing, Verification and Validation, 2017

   Bib HTML

   @inproceedings{tang2017nivanalyzer,
     title = {{NIVAnalyzer: A Tool for Automatically Detecting and Verifying Next-Intent Vulnerabilities in Android Apps}},
     author = {Tang, Junjie and Cui, Xingmin and Zhao, Ziming and Guo, Shanqing and Xu, Xinshun and Hu, Chengyu and Ban, Tao and Mao, Bing},
     booktitle = {IEEE Conference on Software Testing, Verification and Validation},
     pages = {492--499},
     year = {2017},
     organization = {IEEE},
   }

9. NDSS

   On the Safety and Efficiency of Virtual Firewall Elasticity Control

   Juan Deng, Hongda Li, Hongxin Hu, Kuang-Ching Wang, Gail-Joon Ahn, Ziming Zhao, and Wonkyu Han

   In Network and Distributed System Security Symposium, 2017

   Bib PDF

   @inproceedings{deng2017on,
     title = {On the Safety and Efficiency of Virtual Firewall Elasticity Control},
     author = {Deng, Juan and Li, Hongda and Hu, Hongxin and Wang, Kuang-Ching and Ahn, Gail-Joon and Zhao, Ziming and Han, Wonkyu},
     booktitle = {Network and Distributed System Security Symposium},
     year = {2017},
   }

10. US Patent

    Systems and Methods for Authenticating Caller Identity and Call Request Header Information for Outbound Telephony Communications

    Huahong Tu, Adam Doupé, Gail-Joon Ahn, and Ziming Zhao

    2017

    US Patent App. 15/459,597

    Bib PDF

    @misc{tu2017systems,
      title = {Systems and Methods for Authenticating Caller Identity and Call Request Header Information for Outbound Telephony Communications},
      author = {Tu, Huahong and Doup{\'e}, Adam and Ahn, Gail-Joon and Zhao, Ziming},
      year = {2017},
      publisher = {Google Patents},
      note = {US Patent App. 15/459,597},
    }

2016

1. ITU

   Toward Authenticated Caller ID Transmission: The Need for a Standardized Authentication Scheme in Q.731.3 Calling Line Identification Presentation

   Huahong Tu, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn

   In ITU Kaleidoscope: ICTs for a Sustainable World, 2016

   Bib PDF

   @inproceedings{tu2016toward,
     title = {Toward Authenticated Caller ID Transmission: The Need for a Standardized Authentication Scheme in Q.731.3 Calling Line Identification Presentation},
     author = {Tu, Huahong and Doup{\'e}, Adam and Zhao, Ziming and Ahn, Gail-Joon},
     booktitle = {ITU Kaleidoscope: ICTs for a Sustainable World},
     pages = {1--8},
     year = {2016},
     organization = {IEEE},
     best = {Best Paper Award}
   }

2. CIC

   Towards Automated Threat Intelligence Fusion

   Ajay Modi, Zhibo Sun, Anupam Panwar, Tejas Khairnar, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn

   In IEEE International Conference on Collaboration and Internet Computing, 2016

   Bib PDF

   @inproceedings{modi2016towards,
     title = {Towards Automated Threat Intelligence Fusion},
     author = {Modi, Ajay and Sun, Zhibo and Panwar, Anupam and Khairnar, Tejas and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon},
     booktitle = {IEEE International Conference on Collaboration and Internet Computing},
     year = {2016},
   }

3. JCS

   TripleMon: A Multi-layer Security Framework for Mediating Inter-Process Communication on Android

   Yiming Jing, Gail-Joon Ahn, Hongxin Hu, Haehyun Cho, and Ziming Zhao

   Journal of Computer Security, 2016

   Bib PDF

   @article{jing2016triplemon,
     title = {TripleMon: A Multi-layer Security Framework for Mediating Inter-Process Communication on Android},
     author = {Jing, Yiming and Ahn, Gail-Joon and Hu, Hongxin and Cho, Haehyun and Zhao, Ziming},
     journal = {Journal of Computer Security},
     pages = {1--22},
     year = {2016},
     publisher = {IOS Press},
   }

4. DFRWS

   dbling: Identifying Extensions Installed on Encrypted Web Thin Clients

   Mike Mabey, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn

   Digital Investigation, 2016

   Bib PDF

   @article{mabey2016dbling,
     title = {dbling: Identifying Extensions Installed on Encrypted Web Thin Clients},
     author = {Mabey, Mike and Doup{\'e}, Adam and Zhao, Ziming and Ahn, Gail-Joon},
     journal = {Digital Investigation},
     volume = {18},
     pages = {S55--S65},
     year = {2016},
     publisher = {Elsevier},
   }

5. ICWS

   Toward Discovering and Exploiting Private Server-Side Web APIs

   Jia Chen, Xingmin Cui, Ziming Zhao, Jie Liang, and Shanqing Guo

   In IEEE International Conference on Web Services, 2016

   Bib PDF

   @inproceedings{chen2016toward,
     title = {Toward Discovering and Exploiting Private Server-Side Web APIs},
     author = {Chen, Jia and Cui, Xingmin and Zhao, Ziming and Liang, Jie and Guo, Shanqing},
     booktitle = {IEEE International Conference on Web Services},
     pages = {420--427},
     year = {2016},
     organization = {IEEE},
   }

6. SACMAT

   State-aware Network Access Management for Software-Defined Networks

   Wonkyu Han, Hongxin Hu, Ziming Zhao, Adam Doupé, Gail-Joon Ahn, Kuang-Ching Wang, and Juan Deng

   In ACM Symposium on Access Control Models and Technologies, 2016

   Bib PDF

   @inproceedings{han2016state,
     title = {State-aware Network Access Management for Software-Defined Networks},
     author = {Han, Wonkyu and Hu, Hongxin and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon and Wang, Kuang-Ching and Deng, Juan},
     booktitle = {ACM Symposium on Access Control Models and Technologies},
     year = {2016},
     organization = {ACM},
   }

7. eCrime

   Behind Closed Doors: Measurement and Analysis of CryptoLocker Ransoms in Bitcoin

   Kevin Liao, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn

   In APWG Symposium on Electronic Crime Research, 2016

   Bib PDF

   @inproceedings{liao2016behind,
     title = {Behind Closed Doors: Measurement and Analysis of CryptoLocker Ransoms in Bitcoin},
     author = {Liao, Kevin and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon},
     booktitle = {APWG Symposium on Electronic Crime Research},
     year = {2016},
   }

8. SPM

   Mules, Seals, and Attacking Tools: Analyzing 12 Online Marketplaces

   Ziming Zhao, Mukund Sankaran, Gail-Joon Ahn, Thomas J. Holt, Yiming Jing, and Hongxin Hu

   IEEE Security & Privacy Magazine, 2016

   Bib PDF

   @article{zhao2016mules,
     title = {Mules, Seals, and Attacking Tools: Analyzing 12 Online Marketplaces},
     author = {Zhao, Ziming and Sankaran, Mukund and Ahn, Gail-Joon and Holt, Thomas J. and Jing, Yiming and Hu, Hongxin},
     journal = {IEEE Security \& Privacy Magazine},
     year = {2016},
     publisher = {IEEE},
   }

9. Oakland

   SoK: Everyone Hates Robocalls: A Survey of Techniques against Telephone Spam

   Huahong Tu, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn

   In IEEE Symposium on Security and Privacy, 2016

   Bib PDF

   @inproceedings{tu2016sok,
     title = {SoK: Everyone Hates Robocalls: A Survey of Techniques against Telephone Spam},
     author = {Tu, Huahong and Doup{\'e}, Adam and Zhao, Ziming and Ahn, Gail-Joon},
     booktitle = {IEEE Symposium on Security and Privacy},
     year = {2016},
   }

10. AAMAS

    Moving Target Defense for Web Applications using Bayesian Stackelberg Games

    Satya Gautam Vadlamudi, Sailik Sengupta, Marthony Taguinod, Ziming Zhao, Adam Doupé, Gail-Joon Ahn, and Subbarao Kambhampati

    In International Conference on Autonomous Agents & Multiagent Systems, 2016

    Bib PDF

    @inproceedings{vadlamudi2016moving,
      title = {Moving Target Defense for Web Applications using Bayesian Stackelberg Games},
      author = {Vadlamudi, Satya Gautam and Sengupta, Sailik and Taguinod, Marthony and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon and Kambhampati, Subbarao},
      booktitle = {International Conference on Autonomous Agents \& Multiagent Systems},
      pages = {1377--1378},
      year = {2016},
      organization = {International Foundation for Autonomous Agents and Multiagent Systems},
    }

11. ABAC

    Towards a Moving Target Defense Approach for Attribute-based Access Control

    Carlos E Rubio-Medrano, Josephine Lamp, Marthony Taguinod, Ziming Zhao, Adam Doupe, and Gail-Joon Ahn

    In ACM Workshop on Attribute-based Access Control, 2016

    Bib PDF

    @inproceedings{rubio2016towards,
      title = {Towards a Moving Target Defense Approach for Attribute-based Access Control},
      author = {Rubio-Medrano, Carlos E and Lamp, Josephine and Taguinod, Marthony and Zhao, Ziming and Doupe, Adam and Ahn, Gail-Joon},
      booktitle = {ACM Workshop on Attribute-based Access Control},
      pages = {--},
      year = {2016},
      organization = {ACM},
    }

12. CODASPY

    HoneyMix: Toward SDN-based Intelligent Honeynet

    Wonkyu Han, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn

    In ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, 2016

    Bib PDF

    @inproceedings{han2016honeymix,
      title = {HoneyMix: Toward SDN-based Intelligent Honeynet},
      author = {Han, Wonkyu and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon},
      booktitle = {ACM International Workshop on Security in Software Defined Networks \& Network Function Virtualization},
      pages = {1--6},
      year = {2016},
    }

2015

1. IRI

   Toward a Moving Target Defense for Web Applications

   Marthony Taguinod, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn

   In IEEE International Conference on Information Reuse and Integration, 2015

   Bib PDF

   @inproceedings{taguinod2015toward,
     title = {Toward a Moving Target Defense for Web Applications},
     author = {Taguinod, Marthony and Doup{\'e}, Adam and Zhao, Ziming and Ahn, Gail-Joon},
     booktitle = {IEEE International Conference on Information Reuse and Integration},
     year = {2015},
   }

2. US Patent

   Methods, Systems, and Media for Measuring Quality of Gesture-based Passwords

   Gail-Joon Ahn and Ziming Zhao

   2015

   US Patent US9069948 B2

   Bib HTML

   @misc{ahn2015methods,
     title = {Methods, Systems, and Media for Measuring Quality of Gesture-based Passwords},
     author = {Ahn, Gail-Joon and Zhao, Ziming},
     year = {2015},
     note = {US Patent US9069948 B2},
   }

3. TISSEC

   Picture Gesture Authentication: Empirical Analysis, Automated Attacks, and Scheme Evaluation

   Ziming Zhao, Gail-Joon Ahn, and Hongxin Hu

   ACM Transactions on Information and System Security, 2015

   Bib PDF

   @article{zhao2015picture,
     title = {Picture Gesture Authentication: Empirical Analysis, Automated Attacks, and Scheme Evaluation},
     author = {Zhao, Ziming and Ahn, Gail-Joon and Hu, Hongxin},
     journal = {ACM Transactions on Information and System Security},
     year = {2015},
     publisher = {ACM},
   }

4. SACMAT

   Federated Access Management for Collaborative Network Environments: Framework and Case Study

   Carlos Rubio-Medrano, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn

   In ACM Symposium on Access control Models and Technologies, 2015

   Bib PDF

   @inproceedings{rubio2015federated,
     title = {Federated Access Management for Collaborative Network Environments: Framework and Case Study},
     author = {Rubio-Medrano, Carlos and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon},
     booktitle = {ACM Symposium on Access control Models and Technologies},
     year = {2015},
     organization = {ACM},
   }

5. TDSC

   Towards Automated Risk Assessment and Mitigation of Mobile Applications

   Yiming Jing, Gail-Joon Ahn, Ziming Zhao, and Hongxin Hu

   IEEE Transactions on Dependable and Secure Computing, 2015

   Bib PDF

   @article{jing2015towards,
     title = {Towards Automated Risk Assessment and Mitigation of Mobile Applications},
     author = {Jing, Yiming and Ahn, Gail-Joon and Zhao, Ziming and Hu, Hongxin},
     journal = {IEEE Transactions on Dependable and Secure Computing},
     year = {2015},
   }

2014

1. ACSAC

   Morpheus: Automatically Generating Heuristics to Detect Android Emulators

   Yiming Jing, Ziming Zhao, Gail-Joon Ahn, and Hongxin Hu

   In Annual Computer Security Applications Conference, 2014

   Bib PDF

   @inproceedings{jing2014morpheus,
     title = {Morpheus: Automatically Generating Heuristics to Detect Android Emulators},
     author = {Jing, Yiming and Zhao, Ziming and Ahn, Gail-Joon and Hu, Hongxin},
     booktitle = {Annual Computer Security Applications Conference},
     year = {2014},
   }

2. HotSDN

   FlowGuard: Building Robust Firewalls for Software-Defined Networks

   Hongxin Hu, Wonkyu Han, Gail-Joon Ahn, and Ziming Zhao

   In ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, 2014

   Bib PDF

   @inproceedings{hu2014flowguard,
     title = {FlowGuard: Building Robust Firewalls for Software-Defined Networks},
     author = {Hu, Hongxin and Han, Wonkyu and Ahn, Gail-Joon and Zhao, Ziming},
     booktitle = {ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking},
     year = {2014},
   }

3. SACMAT

   Game Theoretic Analysis of Multiparty Access Control in Online Social Networks

   Hongxin Hu, Gail-Joon Ahn, Ziming Zhao, and Dejun Yang

   In ACM Symposium on Access Control Models and Technologies, 2014

   Bib PDF

   @inproceedings{hu2014game,
     title = {Game Theoretic Analysis of Multiparty Access Control in Online Social Networks},
     author = {Hu, Hongxin and Ahn, Gail-Joon and Zhao, Ziming and Yang, Dejun},
     booktitle = {ACM Symposium on Access Control Models and Technologies},
     year = {2014},
     organization = {ACM},
     best = {Test-of-Time Award}
   }

4. ONS

   Towards a Reliable SDN Firewall

   Hongxin Hu, Gail-Joon Ahn, Wonkyu Han, and Ziming Zhao

   In Open Networking Summit Research Track, 2014

   Bib PDF

   @inproceedings{hu2014towards,
     title = {Towards a Reliable SDN Firewall},
     author = {Hu, Hongxin and Ahn, Gail-Joon and Han, Wonkyu and Zhao, Ziming},
     booktitle = {Open Networking Summit Research Track},
     year = {2014},
     organization = {USENIX},
   }

5. CODASPY

   RiskMon: Continuous and Automated Risk Assessment for Mobile Applications

   Yiming Jing, Gail-Joon Ahn, Ziming Zhao, and Hongxin Hu

   In ACM Conference on Data and Application Security and Privacy, 2014

   Bib PDF

   @inproceedings{jing2014riskmon,
     title = {RiskMon: Continuous and Automated Risk Assessment for Mobile Applications},
     author = {Jing, Yiming and Ahn, Gail-Joon and Zhao, Ziming and Hu, Hongxin},
     booktitle = {ACM Conference on Data and Application Security and Privacy},
     year = {2014},
     organization = {ACM},
     best = {Best Paper Award}
   }

2013

1. CNS

   Using Instruction Sequence Abstraction for Shellcode Detection and Attribution

   Ziming Zhao and Gail-Joon Ahn

   In IEEE Conference on Communications and Network Security, 2013

   Bib PDF

   @inproceedings{zhao2013using,
     title = {Using Instruction Sequence Abstraction for Shellcode Detection and Attribution},
     author = {Zhao, Ziming and Ahn, Gail-Joon},
     booktitle = {IEEE Conference on Communications and Network Security},
     year = {2013},
   }

2. USENIX

   On the Security of Picture Gesture Authentication

   Ziming Zhao, Gail-Joon Ahn, Jeong-Jin Seo, and Hongxin Hu

   In USENIX Security Symposium, 2013

   Bib PDF

   @inproceedings{zhao2013security,
     title = {On the Security of Picture Gesture Authentication},
     author = {Zhao, Ziming and Ahn, Gail-Joon and Seo, Jeong-Jin and Hu, Hongxin},
     booktitle = {USENIX Security Symposium},
     year = {2013},
     organization = {USENIX},
   }

3. Book Chapter

   Examining Social Dynamics and Malware Secrets to Mitigate Net-centric Attacks

   Ziming Zhao, Gail-Joon Ahn, and Hongxin Hu

   In Hackers and Hacking: A Reference Handbook, 2013

   Bib

   @inproceedings{zhao2013examining,
     title = {Examining Social Dynamics and Malware Secrets to Mitigate Net-centric Attacks},
     author = {Zhao, Ziming and Ahn, Gail-Joon and Hu, Hongxin},
     booktitle = {Hackers and Hacking: A Reference Handbook},
     year = {2013},
   }

2012

1. ESORICS

   SocialImpact: Systematic Analysis of Underground Social Dynamics

   Ziming Zhao, Gail-Joon Ahn, Hongxin Hu, and Deepinder Mahi

   In European Conference on Research in Computer Security, 2012

   Bib PDF

   @inproceedings{zhao2012socialimpact,
     title = {SocialImpact: Systematic Analysis of Underground Social Dynamics},
     author = {Zhao, Ziming and Ahn, Gail-Joon and Hu, Hongxin and Mahi, Deepinder},
     booktitle = {European Conference on Research in Computer Security},
     pages = {877--895},
     year = {2012},
   }

2. TDSC

   Risk-Aware Mitigation for MANET Routing Attacks

   Ziming Zhao, Hongxin Hu, Gail-Joon Ahn, and Ruoyu Wu

   IEEE Transactions on Dependable and Secure Computing, 2012

   Bib PDF

   @article{zhao2012risk,
     title = {Risk-Aware Mitigation for MANET Routing Attacks},
     author = {Zhao, Ziming and Hu, Hongxin and Ahn, Gail-Joon and Wu, Ruoyu},
     journal = {IEEE Transactions on Dependable and Secure Computing},
     volume = {9},
     number = {2},
     pages = {250--260},
     year = {2012},
     publisher = {IEEE},
   }

2011

1. GLOBECOM

   Examining Social Dynamics for Countering Botnet Attacks

   Ziming Zhao, Gail-Joon Ahn, and Hongxin Hu

   In IEEE Global Telecommunications Conference, 2011

   Bib PDF

   @inproceedings{zhao2011examining,
     title = {Examining Social Dynamics for Countering Botnet Attacks},
     author = {Zhao, Ziming and Ahn, Gail-Joon and Hu, Hongxin},
     booktitle = {IEEE Global Telecommunications Conference},
     pages = {1--6},
     year = {2011},
     organization = {IEEE},
   }

2. WCRE

   Automatic Extraction of Secrets from Malware

   Ziming Zhao, Gail-Joon Ahn, and Hongxin Hu

   In Working Conference on Reverse Engineering, 2011

   Bib PDF

   @inproceedings{zhao2011automatic,
     title = {Automatic Extraction of Secrets from Malware},
     author = {Zhao, Ziming and Ahn, Gail-Joon and Hu, Hongxin},
     booktitle = {Working Conference on Reverse Engineering},
     pages = {159--168},
     year = {2011},
     organization = {IEEE},
   }

2010

1. GLOBECOM

   Risk-Aware Response for Mitigating MANET Routing Attacks

   Ziming Zhao, Hongxin Hu, Gail-Joon Ahn, and Ruoyu Wu

   In IEEE Global Telecommunications Conference, 2010

   Bib PDF

   @inproceedings{zhao2010risk,
     title = {Risk-Aware Response for Mitigating MANET Routing Attacks},
     author = {Zhao, Ziming and Hu, Hongxin and Ahn, Gail-Joon and Wu, Ruoyu},
     booktitle = {IEEE Global Telecommunications Conference},
     pages = {1--6},
     year = {2010},
     organization = {IEEE},
   }