Publications | CyberspACe securiTy and forensIcs lab (CactiLab)

2023

SmartSP

Exploring Vulnerabilities in Voice Command Skills for Connected Vehicles

Wenbo Ding, Song Liao, Long Cheng, Ziming Zhao, Keyan Guo, and Hongxin Hu

EAI International Conference on Security and Privacy in Cyber-Physical Systems and Smart Vehicles, 2023

@inproceedings{ding2023skills,
  title = {Exploring Vulnerabilities in Voice Command Skills for Connected Vehicles},
  author = {Ding, Wenbo and Liao, Song and Cheng, Long and Zhao, Ziming and Guo, Keyan and Hu, Hongxin},
  booktitle = {EAI International Conference on Security and Privacy in Cyber-Physical Systems and Smart Vehicles},
  year = {2023},
}

CCS

SHERLOC: Secure and Holistic Control-Flow Violation Detection on Embedded Systems

Xi Tan, and Ziming Zhao

ACM Conference on Computer and Communications Security, 2023

Bib PDF

@inproceedings{tan2023sherloc,
  title = {SHERLOC: Secure and Holistic Control-Flow Violation Detection on Embedded Systems},
  author = {Tan, Xi and Zhao, Ziming},
  booktitle = {ACM Conference on Computer and Communications Security},
  year = {2023},
}

USENIX

xNIDS: Explaining Deep Learning-based Network Intrusion Detection Systems for Active Intrusion Responses

Feng Wei, Hongda Li, Ziming Zhao, and Hongxin Hu

USENIX Security Symposium, 2023

Bib PDF

@inproceedings{wei2023xNIDS,
  title = {xNIDS: Explaining Deep Learning-based Network Intrusion Detection Systems for Active Intrusion Responses},
  author = {Wei, Feng and Li, Hongda and Zhao, Ziming and Hu, Hongxin},
  booktitle = {USENIX Security Symposium},
  year = {2023},
}

DAC

Return-to-Non-Secure Vulnerabilities on ARM Cortex-M TrustZone: Attack and Defense

Zheyuan Ma, Xi Tan, Lukasz Ziarek, Ning Zhang, Hongxin Hu, and Ziming Zhao

ACM/IEEE Design Automation Conference, 2023

Bib PDF

@inproceedings{ma2023dac,
  title = {Return-to-Non-Secure Vulnerabilities on ARM Cortex-M TrustZone: Attack and Defense},
  author = {Ma, Zheyuan and Tan, Xi and Ziarek, Lukasz and Zhang, Ning and Hu, Hongxin and Zhao, Ziming},
  booktitle = {ACM/IEEE Design Automation Conference},
  year = {2023},
}

2022

CCS

EchoHand: High Accuracy and Presentation Attack Resistant Hand Authentication on Commodity Mobile Devices

Cong Wu, Jing Chen, Kun He, Ziming Zhao, Ruiying Du, and Chen Zhang

ACM Conference on Computer and Communications Security, Nov 2022

Bib PDF

@inproceedings{wu2022echohand,
  title = {EchoHand: High Accuracy and Presentation Attack Resistant Hand Authentication on Commodity Mobile Devices},
  author = {Wu, Cong and Chen, Jing and He, Kun and Zhao, Ziming and Du, Ruiying and Zhang, Chen},
  booktitle = {ACM Conference on Computer and Communications Security},
  pages = {2931--2945},
  year = {2022},
  month = nov,
  doi = {10.1145/3548606.3560553},
}

ICMLA

Understanding the Generalizability of Hateful Memes Detection Models Against COVID-19-related Hateful Memes

Keyan Guo, Wentai Zhao, Jaden Mu, Nishant Vishwamitra, Ziming Zhao, and Hongxin Hu

IEEE International Conference on Machine Learning and Applications, Nov 2022

Bib

@inproceedings{keyan2022Understanding,
  title = {Understanding the Generalizability of Hateful Memes Detection Models Against COVID-19-related Hateful Memes},
  author = {Guo, Keyan and Zhao, Wentai and Mu, Jaden and Vishwamitra, Nishant and Zhao, Ziming and Hu, Hongxin},
  booktitle = {IEEE International Conference on Machine Learning and Applications},
  year = {2022},
}

TDSC

FIDO Gets Verified: A Formal Analysis of the Universal Authentication Framework Protocol

Haonan Feng, Jingjing Guan, Hui Li, Xuesong Pan, and Ziming Zhao

IEEE Transactions on Dependable and Secure Computing, Nov 2022

Bib PDF

@article{feng2022fido,
  title = {FIDO Gets Verified: A Formal Analysis of the Universal Authentication Framework Protocol},
  author = {Feng, Haonan and Guan, Jingjing and Li, Hui and Pan, Xuesong and Zhao, Ziming},
  journal = {IEEE Transactions on Dependable and Secure Computing},
  year = {2022},
  publisher = {IEEE},
}

ESORICS

A Formal Analysis of the FIDO2 Protocols

Jingjing Guan, Hui Li, Haisong Ye, and Ziming Zhao

European Symposium on Research in Computer Security, Nov 2022

Bib PDF

@inproceedings{fido2,
  author = {Guan, Jingjing and Li, Hui and Ye, Haisong and Zhao, Ziming},
  title = {A Formal Analysis of the FIDO2 Protocols},
  booktitle = {European Symposium on Research in Computer Security},
  year = {2022},
  address = {Cham},
  pages = {3--21},
}

arXiv

BYOTee: Towards Building Your Own Trusted Execution Environments Using FPGA

Md Armanuzzaman, and Ziming Zhao

Mar 2022

Bib PDF

@misc{byotee22,
  author = {Armanuzzaman, Md and Zhao, Ziming},
  year = {2022},
  month = mar,
  pages = {},
  title = {BYOTee: Towards Building Your Own Trusted Execution Environments Using FPGA},
}

arXiv

SoK: On the Semantic AI Security in Autonomous Driving

Junjie Shen, Ningfei Wang, Ziwen Wan, Yunpeng Luo, Takami Sato, Zhisheng Hu, Xinyang Zhang, Shengjian Guo, Zhenyu Zhong, Kang Li, Ziming Zhao, Chunming Qiao, and Qi Alfred Chen

Mar 2022

Bib PDF

@misc{autosok22,
  author = {Shen, Junjie and Wang, Ningfei and Wan, Ziwen and Luo, Yunpeng and Sato, Takami and Hu, Zhisheng and Zhang, Xinyang and Guo, Shengjian and Zhong, Zhenyu and Li, Kang and Zhao, Ziming and Qiao, Chunming and Chen, Qi Alfred},
  year = {2022},
  month = mar,
  pages = {},
  title = {SoK: On the Semantic AI Security in Autonomous Driving},
}

arXiv

Understanding and Measuring Robustness of Multimodal Learning

Nishant Vishwamitra, Hongxin Hu, Ziming Zhao, Long Cheng, and Feng Luo

Dec 2022

Bib PDF

@misc{multimodal22,
  author = {Vishwamitra, Nishant and Hu, Hongxin and Zhao, Ziming and Cheng, Long and Luo, Feng},
  year = {2022},
  month = dec,
  pages = {},
  title = {Understanding and Measuring Robustness of Multimodal Learning},
}

AsiaCCSBest Paper Award

Understanding and Detecting Remote Infection on Linux-based IoT Devices

Hongda Li, Qiqing Huang, Fei Ding, Hongxin Hu, Long Cheng, Guofei Gu, and Ziming Zhao

ACM Asia Conference on Computer and Communications Security, Jun 2022

Bib PDF

@inproceedings{li2022understanding,
  title = {Understanding and Detecting Remote Infection on Linux-based IoT Devices},
  author = {Li, Hongda and Huang, Qiqing and Ding, Fei and Hu, Hongxin and Cheng, Long and Gu, Guofei and Zhao, Ziming},
  booktitle = {ACM Asia Conference on Computer and Communications Security},
  pages = {873--887},
  year = {2022},
  month = jun,
  best = {Best Paper Award}
}

TDSC

Toward Robust Detection of Puppet Attacks via Characterizing Fingertip-Touch Behaviors

Cong Wu, Kun He, Jing Chen, Ziming Zhao, and Ruiying Du

IEEE Transactions on Dependable and Secure Computing, Sep 2022

Bib PDF

@article{puppet22,
  author = {Wu, Cong and He, Kun and Chen, Jing and Zhao, Ziming and Du, Ruiying},
  year = {2022},
  month = sep,
  pages = {1-1},
  title = {Toward Robust Detection of Puppet Attacks via Characterizing Fingertip-Touch Behaviors},
  journal = {IEEE Transactions on Dependable and Secure Computing},
  doi = {10.1109/TDSC.2021.3116552},
}

CODASPY

Towards Automated Content-based Photo Privacy Control in User-Centered Social Networks

Nishant Vishwamitra, Yifang Li, Hongxin Hu, Kelly Caine, Long Cheng, Ziming Zhao, and Gail-Joon Ahn

ACM Conference on Data and Application Security and Privacy, Apr 2022

Bib PDF

@inproceedings{vishwamitra2022towards,
  title = {Towards Automated Content-based Photo Privacy Control in User-Centered Social Networks},
  author = {Vishwamitra, Nishant and Li, Yifang and Hu, Hongxin and Caine, Kelly and Cheng, Long and Zhao, Ziming and Ahn, Gail-Joon},
  booktitle = {ACM Conference on Data and Application Security and Privacy},
  pages = {65--76},
  year = {2022},
  month = apr,
}

2021

USENIX

Having Your Cake and Eating It: An Analysis of Concession-Abuse-as-a-Service

Zhibo Sun, Adam Oest, Penghui Zhang, Carlos Rubio-Medrano, Tiffany Bao, Ruoyu Wang, Ziming Zhao, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn

USENIX Security Symposium, Apr 2021

Bib PDF

@inproceedings{sun2021cake,
  title = {Having Your Cake and Eating It: An Analysis of Concession-Abuse-as-a-Service},
  author = {Sun, Zhibo and Oest, Adam and Zhang, Penghui and Rubio-Medrano, Carlos and Bao, Tiffany and Wang, Ruoyu and Zhao, Ziming and Shoshitaishvili, Yan and Doup{\'e}, Adam and Ahn, Gail-Joon},
  booktitle = {USENIX Security Symposium},
  year = {2021},
  organization = {USENIX},
}

DTRAP

ExSol: Collaboratively Assessing Cybersecurity Risks for Protecting Energy Delivery Systems

Josephine Lamp, Carlos E Rubio-Medrano, Ziming Zhao, and Gail-Joon Ahn

Digital Threats: Research and Practice, Apr 2021

Bib PDF

@article{lamp2021exsol,
  title = {ExSol: Collaboratively Assessing Cybersecurity Risks for Protecting Energy Delivery Systems},
  author = {Lamp, Josephine and Rubio-Medrano, Carlos E and Zhao, Ziming and Ahn, Gail-Joon},
  journal = {Digital Threats: Research and Practice},
  volume = {2},
  number = {3},
  pages = {1--23},
  year = {2021},
  publisher = {ACM New York, NY, USA},
}

NDSS

A Formal Analysis of the FIDO UAF Protocol

Haonan Feng, Hui Li, Xuesong Pan, and Ziming Zhao

Network and Distributed System Security Symposium, Apr 2021

Bib PDF

@inproceedings{fengformal2021,
  title = {A Formal Analysis of the FIDO UAF Protocol},
  author = {Feng, Haonan and Li, Hui and Pan, Xuesong and Zhao, Ziming},
  booktitle = {Network and Distributed System Security Symposium},
  year = {2021},
}

2020

TPS

Toward Automated Enforcement of Cyber-Physical Security Requirements for Energy Delivery Systems

Carlos Rubio-Medrano, Ziming Zhao, and Gail-Joon Ahn

IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications , Apr 2020

Bib PDF

@inproceedings{rubio2020toward,
  title = {Toward Automated Enforcement of Cyber-Physical Security Requirements for Energy Delivery Systems},
  author = {Rubio-Medrano, Carlos and Zhao, Ziming and Ahn, Gail-Joon},
  booktitle = {IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications },
  pages = {319--322},
  year = {2020},
  organization = {IEEE},
}

USENIX

Liveness is Not Enough: Enhancing Fingerprint Authentication with Behavioral Biometrics to Defeat Puppet Attacks

Cong Wu, Kun He, Jing Chen, Ziming Zhao, and Ruiying Du

USENIX Security Symposium, Apr 2020

Bib PDF

@inproceedings{wu2020liveness,
  title = {Liveness is Not Enough: Enhancing Fingerprint Authentication with Behavioral Biometrics to Defeat Puppet Attacks},
  author = {Wu, Cong and He, Kun and Chen, Jing and Zhao, Ziming and Du, Ruiying},
  booktitle = {USENIX Security Symposium},
  pages = {2219--2236},
  year = {2020},
}

MobiSys

SmokeBomb: Effective Mitigation Against Cache Side-channel Attacks on the ARM Architecture

Haehyun Cho, Jinbum Park, Donguk Kim, Ziming Zhao, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn

International Conference on Mobile Systems, Applications, and Services, Apr 2020

Bib PDF

@inproceedings{cho2020smokebomb,
  title = {SmokeBomb: Effective Mitigation Against Cache Side-channel Attacks on the ARM Architecture},
  author = {Cho, Haehyun and Park, Jinbum and Kim, Donguk and Zhao, Ziming and Shoshitaishvili, Yan and Doup{\'e}, Adam and Ahn, Gail-Joon},
  booktitle = {International Conference on Mobile Systems, Applications, and Services},
  pages = {107--120},
  year = {2020},
}

Book Chapter

Mitigating the CacheKit Attack

Mauricio Gutierrez, Ziming Zhao, Adam Doupé, Yan Shoshitaishvili, and Gail-Joon Ahn

Frontiers in Hardware Security and Trust: Theory, Design and Practice, Apr 2020

Bib

@article{gutierrez2020mitigating,
  title = {Mitigating the CacheKit Attack},
  author = {Gutierrez, Mauricio and Zhao, Ziming and Doup{\'e}, Adam and Shoshitaishvili, Yan and Ahn, Gail-Joon},
  journal = {Frontiers in Hardware Security and Trust: Theory, Design and Practice},
  pages = {173},
  year = {2020},
  publisher = {Materials, Circuits and Device},
}

CODASPY

DANdroid: A Multi-View Discriminative Adversarial Network for Obfuscated Android Malware Detection

Stuart Millar, Niall McLaughlin, Jesus Rincon, Paul Miller, and Ziming Zhao

ACM Conference on Data and Application Security and Privacy, Apr 2020

Bib PDF

@inproceedings{millar2020dandroid,
  title = {DANdroid: A Multi-View Discriminative Adversarial Network for Obfuscated Android Malware Detection},
  author = {Millar, Stuart and McLaughlin, Niall and Martinez del Rincon, Jesus and Miller, Paul and Zhao, Ziming},
  booktitle = {ACM Conference on Data and Application Security and Privacy},
  pages = {353--364},
  year = {2020},
}

2019

CCS

Matched and Mismatched SOCs: A Qualitative Study on Security Operations Center Issues

Faris Bugra Kokulu, Ananta Soneji, Tiffany Bao, Yan Shoshitaishvili, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn

ACM Conference on Computer and Communications Security, Apr 2019

Bib PDF

@inproceedings{kokulu2019matched,
  title = {Matched and Mismatched SOCs: A Qualitative Study on Security Operations Center Issues},
  author = {Kokulu, Faris Bugra and Soneji, Ananta and Bao, Tiffany and Shoshitaishvili, Yan and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon},
  booktitle = {ACM Conference on Computer and Communications Security},
  pages = {1955--1970},
  year = {2019},
}

US Patent

Systems and methods for authenticating caller identity and call request header information for outbound telephony communications

Huahong Tu, Adam Doupé, Gail-Joon Ahn, and Ziming Zhao

Oct 2019

Bib

@misc{tu2019systems,
  title = {Systems and methods for authenticating caller identity and call request header information for outbound telephony communications},
  author = {Tu, Huahong and Doup{\'e}, Adam and Ahn, Gail-Joon and Zhao, Ziming},
  year = {2019},
  month = oct,
  publisher = {Google Patents},
  note = {US Patent 10,447,481},
}

USENIXDistinguished Paper Award

Users Really Do Answer Telephone Scams

Huahong Tu, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn

USENIX Security Symposium, Oct 2019

Bib PDF

@inproceedings{tu2019security,
  title = {Users Really Do Answer Telephone Scams},
  author = {Tu, Huahong and Doup{\'e}, Adam and Zhao, Ziming and Ahn, Gail-Joon},
  booktitle = {USENIX Security Symposium},
  year = {2019},
  organization = {USENIX},
  distinguished = {Distinguished Paper Award}
}

COSE

Towards a Reliable Firewall for Software-Defined Networks

Hongxin Hu, Wonkyu Han, Sukwha Kyung, Juan Wang, Gail-Joon Ahn, Ziming Zhao, and Hongda Li

Computers & Security, Oct 2019

Bib PDF

@article{hu2019towards,
  title = {Towards a Reliable Firewall for Software-Defined Networks},
  author = {Hu, Hongxin and Han, Wonkyu and Kyung, Sukwha and Wang, Juan and Ahn, Gail-Joon and Zhao, Ziming and Li, Hongda},
  journal = {Computers \& Security},
  volume = {87},
  pages = {101597},
  year = {2019},
  publisher = {Elsevier},
}

SACMAT

Effectively Enforcing Authorization Constraints for Emerging Space-Sensitive Technologies

Carlos E Rubio-Medrano, Shaishavkumar Jogani, Maria Leitner, Ziming Zhao, and Gail-Joon Ahn

ACM Symposium on Access Control Models and Technologies, Oct 2019

Bib PDF

@inproceedings{rubio2019effectively,
  title = {Effectively Enforcing Authorization Constraints for Emerging Space-Sensitive Technologies},
  author = {Rubio-Medrano, Carlos E and Jogani, Shaishavkumar and Leitner, Maria and Zhao, Ziming and Ahn, Gail-Joon},
  booktitle = {ACM Symposium on Access Control Models and Technologies},
  pages = {195--206},
  year = {2019},
}

MSCPES

ExSol: Collaboratively Assessing Cybersecurity Risks for Protecting Energy Delivery Systems

Josephine Lamp, Carlos Rubio-Medrano, Ziming Zhao, and Gail-Joon Ahn

IEEE Workshop on Modeling and Simulation of Cyber-Physical Energy Systems, Oct 2019

Bib PDF

@inproceedings{lamp2019exsol,
  title = {ExSol: Collaboratively Assessing Cybersecurity Risks for Protecting Energy Delivery Systems},
  author = {Lamp, Josephine and Rubio-Medrano, Carlos and and Zhao, Ziming and Ahn, Gail-Joon},
  booktitle = {IEEE Workshop on Modeling and Simulation of Cyber-Physical Energy Systems},
  year = {2019},
  organization = {IEEE},
}

SAC

iCORE: Continuous and Proactive Extrospection on Multi-core IoT Devices

Penghui Zhang, Haehyun Cho, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn

ACM/SIGAPP Symposium on Applied Computing, Oct 2019

Bib PDF

@inproceedings{zhang2019ic,
  title = {{iCORE: Continuous and Proactive Extrospection on Multi-core IoT Devices}},
  author = {Zhang, Penghui and Cho, Haehyun and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon},
  booktitle = {ACM/SIGAPP Symposium on Applied Computing},
  pages = {851--860},
  year = {2019},
  organization = {ACM},
}

CODASPY

Understanding and Predicting Private Interactions in Underground Forums

Zhibo Sun, Carlos E Rubio-Medrano, Ziming Zhao, Tiffany Bao, Adam Doupé, and Gail-Joon Ahn

ACM Conference on Data and Application Security and Privacy, Oct 2019

Bib PDF

@inproceedings{sun2019understanding,
  title = {Understanding and Predicting Private Interactions in Underground Forums},
  author = {Sun, Zhibo and Rubio-Medrano, Carlos E and Zhao, Ziming and Bao, Tiffany and Doup{\'e}, Adam and Ahn, Gail-Joon},
  booktitle = {ACM Conference on Data and Application Security and Privacy},
  pages = {303--314},
  year = {2019},
}

2018

TDSC

Semantics-Aware Privacy Risk Assessment Using Self-Learning Weight Assignment for Mobile Apps

Jing Chen, Chiheng Wang, Kun He, Ziming Zhao, Min Chen, Ruiying Du, and Gail-Joon Ahn

IEEE Transactions on Dependable and Secure Computing, Oct 2018

Bib PDF

@article{chen2018semantics,
  title = {Semantics-Aware Privacy Risk Assessment Using Self-Learning Weight Assignment for Mobile Apps},
  author = {Chen, Jing and Wang, Chiheng and He, Kun and Zhao, Ziming and Chen, Min and Du, Ruiying and Ahn, Gail-Joon},
  journal = {IEEE Transactions on Dependable and Secure Computing},
  volume = {18},
  number = {1},
  pages = {15--29},
  year = {2018},
  publisher = {IEEE},
}

ACSAC

Wi Not Calling: Practical Privacy and Availability Atacks in Wi-Fi Calling

Jaejong Baek, Sukwha Kyung, Haehyun Cho, Ziming Zhao, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn

Annual Computer Security Applications Conference, Oct 2018

Bib PDF

@inproceedings{baek2018wi,
  title = {Wi Not Calling: Practical Privacy and Availability Atacks in Wi-Fi Calling},
  author = {Baek, Jaejong and Kyung, Sukwha and Cho, Haehyun and Zhao, Ziming and Shoshitaishvili, Yan and Doup{\'e}, Adam and Ahn, Gail-Joon},
  booktitle = {Annual Computer Security Applications Conference},
  pages = {278--288},
  year = {2018},
}

ACSAC

Prime+Count: Novel Cross-world Covert Channels on ARM TrustZone

Haehyun Cho, Penghui Zhang, Donguk Kim, Jinbum Park, Choong-Hoon Lee, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn

Annual Computer Security Applications Conference, Oct 2018

Bib PDF

@inproceedings{cho2018prime,
  title = {{Prime+Count: Novel Cross-world Covert Channels on ARM TrustZone}},
  author = {Cho, Haehyun and Zhang, Penghui and Kim, Donguk and Park, Jinbum and Lee, Choong-Hoon and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon},
  booktitle = {Annual Computer Security Applications Conference},
  pages = {441--452},
  year = {2018},
  organization = {ACM},
}

ASHES

CacheLight: Defeating the CacheKit Attack

Mauricio Gutierrez, Ziming Zhao, Adam Doupé, Yan Shoshitaishvili, and Gail-Joon Ahn

Workshop on Attacks and Solutions in Hardware Security, Oct 2018

Bib PDF

@inproceedings{gutierrez2018cachelight,
  title = {CacheLight: Defeating the CacheKit Attack},
  author = {Gutierrez, Mauricio and Zhao, Ziming and Doup{\'e}, Adam and Shoshitaishvili, Yan and Ahn, Gail-Joon},
  booktitle = {Workshop on Attacks and Solutions in Hardware Security},
  pages = {65--74},
  year = {2018},
}

CCS

AIM-SDN: Attacking Information Mismanagement in SDN-datastores

Vaibhav Hemant Dixit, Adam Doupé, Yan Shoshitaishvili, Ziming Zhao, and Gail-Joon Ahn

ACM Conference on Computer and Communications Security, Oct 2018

Bib PDF

@inproceedings{Vaibhav:2018:AIM,
  author = {Dixit, Vaibhav Hemant and Doup{\'e}, Adam and Shoshitaishvili, Yan and Zhao, Ziming and Ahn, Gail-Joon},
  title = {AIM-SDN: Attacking Information Mismanagement in SDN-datastores},
  booktitle = {ACM Conference on Computer and Communications Security},
  year = {2018},
  location = {Toronto, Canada},
  publisher = {ACM},
}

MedSPT

The Danger of Missing Instructions: A Systematic Analysis of Security Requirements for MCPS

Josephine Lamp, Carlos E Rubio-Medrano, Ziming Zhao, and Gail-Joon Ahn

IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies, Oct 2018

Bib PDF

@inproceedings{lamp2018danger,
  title = {The Danger of Missing Instructions: A Systematic Analysis of Security Requirements for MCPS},
  author = {Lamp, Josephine and Rubio-Medrano, Carlos E and Zhao, Ziming and Ahn, Gail-Joon},
  booktitle = {IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies},
  pages = {94--99},
  year = {2018},
  organization = {IEEE},
}

TIFS

Uncovering the Face of Android Ransomware: Characterization and Real-Time Detection

Jing Chen, Chiheng Wang, Ziming Zhao, Kai Chen, Ruiying Du, and Gail-Joon Ahn

IEEE Transactions on Information Forensics and Security, Oct 2018

Bib PDF

@article{chen2018uncovering,
  title = {Uncovering the Face of Android Ransomware: Characterization and Real-Time Detection},
  author = {Chen, Jing and Wang, Chiheng and Zhao, Ziming and Chen, Kai and Du, Ruiying and Ahn, Gail-Joon},
  journal = {IEEE Transactions on Information Forensics and Security},
  volume = {13},
  number = {5},
  pages = {1286--1300},
  year = {2018},
  publisher = {IEEE},
}

SAC

Measuring E-Mail Header Injections on the World Wide Web

Sai Prashanth Chandramouli, Pierre-Marie Bajan, Christopher Kruegel, Giovanni Vigna, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn

ACM/SIGAPP Symposium On Applied Computing, Oct 2018

Bib PDF

@inproceedings{chandramouli2018measuring,
  title = {Measuring E-Mail Header Injections on the World Wide Web},
  author = {Chandramouli, Sai Prashanth and Bajan, Pierre-Marie and Kruegel, Christopher and Vigna, Giovanni and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon},
  booktitle = {ACM/SIGAPP Symposium On Applied Computing},
  year = {2018},
  organization = {ACM},
}

11.9 Digital Forensics

Challenges, Opportunities and a Framework for Web Environment Forensics

Mike Mabey, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn

IFIP International Conference on Digital Forensics, Oct 2018

Bib HTML

@inproceedings{mabey2018challenges,
  title = {Challenges, Opportunities and a Framework for Web Environment Forensics},
  author = {Mabey, Mike and Doup{\'e}, Adam and Zhao, Ziming and Ahn, Gail-Joon},
  booktitle = {IFIP International Conference on Digital Forensics},
  pages = {11--33},
  year = {2018},
  organization = {Springer},
}

ABAC

RiskPol: A Risk Assessment Framework for Preventing Attribute-Forgery Attacks to ABAC Policies

Carlos E Rubio-Medrano, Ziming Zhao, and Gail-Joon Ahn

ACM Workshop on Attribute-Based Access Control, Oct 2018

Bib PDF

@inproceedings{rubio2018riskpol,
  title = {RiskPol: A Risk Assessment Framework for Preventing Attribute-Forgery Attacks to ABAC Policies},
  author = {Rubio-Medrano, Carlos E and Zhao, Ziming and Ahn, Gail-Joon},
  booktitle = {ACM Workshop on Attribute-Based Access Control},
  pages = {54--60},
  year = {2018},
}

SDNNFV

Challenges and Preparedness of SDN-based Firewalls

Vaibhav Hemant Dixit, Sukwha Kyung, Ziming Zhao, Adam Doupé, Yan Shoshitaishvili, and Gail-Joon Ahn

ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, Oct 2018

Bib PDF

@inproceedings{dixit2018challenges,
  title = {Challenges and Preparedness of SDN-based Firewalls},
  author = {Dixit, Vaibhav Hemant and Kyung, Sukwha and Zhao, Ziming and Doup{\'e}, Adam and Shoshitaishvili, Yan and Ahn, Gail-Joon},
  booktitle = {ACM International Workshop on Security in Software Defined Networks \& Network Function Virtualization},
  pages = {33--38},
  year = {2018},
  organization = {ACM},
}

2017

CIC

OntoEDS: Protecting Energy Delivery Systems by Collaboratively Analyzing Security Requirements

Josephine Lamp, Carlos E Rubio-Medrano, Ziming Zhao, and Gail-Joon Ahn

IEEE International Conference on Collaboration and Internet Computing (CIC), Oct 2017

Bib PDF

@inproceedings{lamp2017ontoeds,
  title = {OntoEDS: Protecting Energy Delivery Systems by Collaboratively Analyzing Security Requirements},
  author = {Lamp, Josephine and Rubio-Medrano, Carlos E and Zhao, Ziming and Ahn, Gail-Joon},
  booktitle = {IEEE International Conference on Collaboration and Internet Computing (CIC)},
  pages = {1--10},
  year = {2017},
  organization = {IEEE},
}

MTD

Mutated Policies: Towards Proactive Attribute-based Defenses for Access Control

Carlos E Rubio-Medrano, Josephine Lamp, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn

Workshop on Moving Target Defense, Oct 2017

Bib PDF

@inproceedings{rubio2017mutated,
  title = {Mutated Policies: Towards Proactive Attribute-based Defenses for Access Control},
  author = {Rubio-Medrano, Carlos E and Lamp, Josephine and Doup{\'e}, Adam and Zhao, Ziming and Ahn, Gail-Joon},
  booktitle = {Workshop on Moving Target Defense},
  pages = {39--49},
  year = {2017},
}

CNS

HoneyProxy: Design and Implementation of Next-Generation Honeynet via SDN

Sukwha Kyung, Wonkyu Han, Naveen Tiwari, Vaibhav Dixit, Lakshmi Srinivas, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn

IEEE Conference on Communications and Network Security, Oct 2017

Bib PDF

@inproceedings{sukwha2017Honey,
  title = {HoneyProxy: Design and Implementation of Next-Generation Honeynet via SDN},
  author = {Kyung, Sukwha and Han, Wonkyu and Tiwari, Naveen and Dixit, Vaibhav and Srinivas, Lakshmi and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon},
  booktitle = {IEEE Conference on Communications and Network Security},
  year = {2017},
}

CSM

Toward Standardization of Authenticated Caller ID Transmission

Huahong Tu, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn

IEEE Communications Standards Magazine, Oct 2017

Bib PDF

@article{tu2017toward,
  title = {Toward Standardization of Authenticated Caller ID Transmission},
  author = {Tu, Huahong and Doup{\'e}, Adam and Zhao, Ziming and Ahn, Gail-Joon},
  journal = {IEEE Communications Standards Magazine},
  volume = {1},
  number = {3},
  pages = {30--36},
  year = {2017},
  publisher = {IEEE},
}

ITIT

E-mail Header Injection Vulnerabilities

Sai Prashanth Chandramouli, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn

it - Information Technology, Oct 2017

Bib

@article{chandramouli2017mail,
  title = {E-mail Header Injection Vulnerabilities},
  author = {Chandramouli, Sai Prashanth and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon},
  journal = {it - Information Technology},
  volume = {59},
  number = {2},
  pages = {67--72},
  year = {2017},
  publisher = {De Gruyter Oldenbourg},
}

AAMAS

A Game Theoretic Approach to Strategy Generation for Moving Target Defense in Web Applications.

Sailik Sengupta, Satya Gautam Vadlamudi, Subbarao Kambhampati, Adam Doupé, Ziming Zhao, Marthony Taguinod, and Gail-Joon Ahn

AAMAS, Oct 2017

Bib PDF

@inproceedings{sengupta2017game,
  title = {A Game Theoretic Approach to Strategy Generation for Moving Target Defense in Web Applications.},
  author = {Sengupta, Sailik and Vadlamudi, Satya Gautam and Kambhampati, Subbarao and Doup{\'e}, Adam and Zhao, Ziming and Taguinod, Marthony and Ahn, Gail-Joon},
  booktitle = {AAMAS},
  volume = {1},
  pages = {178--186},
  year = {2017},
}

CODASPY

Deep Android Malware Detection

Niall McLaughlin, Jesus Rincon, Yeganeh Safaei, Erik Trickel, Ziming Zhao, and Adam Doupé

ACM Conference on Data and Application Security and Privacy, Oct 2017

Bib PDF

@inproceedings{mclaughlin2017deep,
  title = {Deep Android Malware Detection},
  author = {McLaughlin, Niall and Martinez del Rincon, Jesus and Safaei, Yeganeh and Trickel, Erik and Zhao, Ziming and Doup{\'e}, Adam},
  booktitle = {ACM Conference on Data and Application Security and Privacy},
  pages = {301--308},
  year = {2017},
  organization = {ACM},
}

ICST

NIVAnalyzer: A Tool for Automatically Detecting and Verifying Next-Intent Vulnerabilities in Android Apps

Junjie Tang, Xingmin Cui, Ziming Zhao, Shanqing Guo, Xinshun Xu, Chengyu Hu, Tao Ban, and Bing Mao

IEEE Conference on Software Testing, Verification and Validation, Oct 2017

Bib HTML

@inproceedings{tang2017nivanalyzer,
  title = {{NIVAnalyzer: A Tool for Automatically Detecting and Verifying Next-Intent Vulnerabilities in Android Apps}},
  author = {Tang, Junjie and Cui, Xingmin and Zhao, Ziming and Guo, Shanqing and Xu, Xinshun and Hu, Chengyu and Ban, Tao and Mao, Bing},
  booktitle = {IEEE Conference on Software Testing, Verification and Validation},
  pages = {492--499},
  year = {2017},
  organization = {IEEE},
}

NDSS

On the Safety and Efficiency of Virtual Firewall Elasticity Control

Juan Deng, Hongda Li, Hongxin Hu, Kuang-Ching Wang, Gail-Joon Ahn, Ziming Zhao, and Wonkyu Han

Network and Distributed System Security Symposium, Oct 2017

Bib PDF

@inproceedings{deng2017on,
  title = {On the Safety and Efficiency of Virtual Firewall Elasticity Control},
  author = {Deng, Juan and Li, Hongda and Hu, Hongxin and Wang, Kuang-Ching and Ahn, Gail-Joon and Zhao, Ziming and Han, Wonkyu},
  booktitle = {Network and Distributed System Security Symposium},
  year = {2017},
}

US Patent

Systems and Methods for Authenticating Caller Identity and Call Request Header Information for Outbound Telephony Communications

Huahong Tu, Adam Doupé, Gail-Joon Ahn, and Ziming Zhao

Oct 2017

Bib PDF

@misc{tu2017systems,
  title = {Systems and Methods for Authenticating Caller Identity and Call Request Header Information for Outbound Telephony Communications},
  author = {Tu, Huahong and Doup{\'e}, Adam and Ahn, Gail-Joon and Zhao, Ziming},
  year = {2017},
  publisher = {Google Patents},
  note = {US Patent App. 15/459,597},
}

2016

ITUBest Paper Award

Toward Authenticated Caller ID Transmission: The Need for a Standardized Authentication Scheme in Q.731.3 Calling Line Identification Presentation

Huahong Tu, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn

ITU Kaleidoscope: ICTs for a Sustainable World, Oct 2016

Bib PDF

@inproceedings{tu2016toward,
  title = {Toward Authenticated Caller ID Transmission: The Need for a Standardized Authentication Scheme in Q.731.3 Calling Line Identification Presentation},
  author = {Tu, Huahong and Doup{\'e}, Adam and Zhao, Ziming and Ahn, Gail-Joon},
  booktitle = {ITU Kaleidoscope: ICTs for a Sustainable World},
  pages = {1--8},
  year = {2016},
  organization = {IEEE},
  best = {Best Paper Award}
}

CIC

Towards Automated Threat Intelligence Fusion

Ajay Modi, Zhibo Sun, Anupam Panwar, Tejas Khairnar, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn

IEEE International Conference on Collaboration and Internet Computing, Oct 2016

Bib PDF

@inproceedings{modi2016towards,
  title = {Towards Automated Threat Intelligence Fusion},
  author = {Modi, Ajay and Sun, Zhibo and Panwar, Anupam and Khairnar, Tejas and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon},
  booktitle = {IEEE International Conference on Collaboration and Internet Computing},
  year = {2016},
}

JCS

TripleMon: A Multi-layer Security Framework for Mediating Inter-Process Communication on Android

Yiming Jing, Gail-Joon Ahn, Hongxin Hu, Haehyun Cho, and Ziming Zhao

Journal of Computer Security, Oct 2016

Bib PDF

@article{jing2016triplemon,
  title = {TripleMon: A Multi-layer Security Framework for Mediating Inter-Process Communication on Android},
  author = {Jing, Yiming and Ahn, Gail-Joon and Hu, Hongxin and Cho, Haehyun and Zhao, Ziming},
  journal = {Journal of Computer Security},
  pages = {1--22},
  year = {2016},
  publisher = {IOS Press},
}

DFRWS

dbling: Identifying Extensions Installed on Encrypted Web Thin Clients

Mike Mabey, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn

Digital Investigation, Oct 2016

Bib PDF

@article{mabey2016dbling,
  title = {dbling: Identifying Extensions Installed on Encrypted Web Thin Clients},
  author = {Mabey, Mike and Doup{\'e}, Adam and Zhao, Ziming and Ahn, Gail-Joon},
  journal = {Digital Investigation},
  volume = {18},
  pages = {S55--S65},
  year = {2016},
  publisher = {Elsevier},
}

ICWS

Toward Discovering and Exploiting Private Server-Side Web APIs

Jia Chen, Xingmin Cui, Ziming Zhao, Jie Liang, and Shanqing Guo

IEEE International Conference on Web Services, Oct 2016

Bib PDF

@inproceedings{chen2016toward,
  title = {Toward Discovering and Exploiting Private Server-Side Web APIs},
  author = {Chen, Jia and Cui, Xingmin and Zhao, Ziming and Liang, Jie and Guo, Shanqing},
  booktitle = {IEEE International Conference on Web Services},
  pages = {420--427},
  year = {2016},
  organization = {IEEE},
}

SACMAT

State-aware Network Access Management for Software-Defined Networks

Wonkyu Han, Hongxin Hu, Ziming Zhao, Adam Doupé, Gail-Joon Ahn, Kuang-Ching Wang, and Juan Deng

ACM Symposium on Access Control Models and Technologies, Oct 2016

Bib PDF

@inproceedings{han2016state,
  title = {State-aware Network Access Management for Software-Defined Networks},
  author = {Han, Wonkyu and Hu, Hongxin and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon and Wang, Kuang-Ching and Deng, Juan},
  booktitle = {ACM Symposium on Access Control Models and Technologies},
  year = {2016},
  organization = {ACM},
}

eCrime

Behind Closed Doors: Measurement and Analysis of CryptoLocker Ransoms in Bitcoin

Kevin Liao, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn

APWG Symposium on Electronic Crime Research, Oct 2016

Bib PDF

@inproceedings{liao2016behind,
  title = {Behind Closed Doors: Measurement and Analysis of CryptoLocker Ransoms in Bitcoin},
  author = {Liao, Kevin and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon},
  booktitle = {APWG Symposium on Electronic Crime Research},
  year = {2016},
}

SPM

Mules, Seals, and Attacking Tools: Analyzing 12 Online Marketplaces

Ziming Zhao, Mukund Sankaran, Gail-Joon Ahn, Thomas J. Holt, Yiming Jing, and Hongxin Hu

IEEE Security & Privacy Magazine, Oct 2016

Bib PDF

@article{zhao2016mules,
  title = {Mules, Seals, and Attacking Tools: Analyzing 12 Online Marketplaces},
  author = {Zhao, Ziming and Sankaran, Mukund and Ahn, Gail-Joon and Holt, Thomas J. and Jing, Yiming and Hu, Hongxin},
  journal = {IEEE Security \& Privacy Magazine},
  year = {2016},
  publisher = {IEEE},
}

Oakland

SoK: Everyone Hates Robocalls: A Survey of Techniques against Telephone Spam

Huahong Tu, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn

IEEE Symposium on Security and Privacy, Oct 2016

Bib PDF

@inproceedings{tu2016sok,
  title = {SoK: Everyone Hates Robocalls: A Survey of Techniques against Telephone Spam},
  author = {Tu, Huahong and Doup{\'e}, Adam and Zhao, Ziming and Ahn, Gail-Joon},
  booktitle = {IEEE Symposium on Security and Privacy},
  year = {2016},
}

AAMAS

Moving Target Defense for Web Applications using Bayesian Stackelberg Games

Satya Gautam Vadlamudi, Sailik Sengupta, Marthony Taguinod, Ziming Zhao, Adam Doupé, Gail-Joon Ahn, and Subbarao Kambhampati

International Conference on Autonomous Agents & Multiagent Systems, Oct 2016

Bib PDF

@inproceedings{vadlamudi2016moving,
  title = {Moving Target Defense for Web Applications using Bayesian Stackelberg Games},
  author = {Vadlamudi, Satya Gautam and Sengupta, Sailik and Taguinod, Marthony and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon and Kambhampati, Subbarao},
  booktitle = {International Conference on Autonomous Agents \& Multiagent Systems},
  pages = {1377--1378},
  year = {2016},
  organization = {International Foundation for Autonomous Agents and Multiagent Systems},
}

ABAC

Towards a Moving Target Defense Approach for Attribute-based Access Control

Carlos E Rubio-Medrano, Josephine Lamp, Marthony Taguinod, Ziming Zhao, Adam Doupe, and Gail-Joon Ahn

ACM Workshop on Attribute-based Access Control, Oct 2016

Bib PDF

@inproceedings{rubio2016towards,
  title = {Towards a Moving Target Defense Approach for Attribute-based Access Control},
  author = {Rubio-Medrano, Carlos E and Lamp, Josephine and Taguinod, Marthony and Zhao, Ziming and Doupe, Adam and Ahn, Gail-Joon},
  booktitle = {ACM Workshop on Attribute-based Access Control},
  pages = {--},
  year = {2016},
  organization = {ACM},
}

CODASPY

HoneyMix: Toward SDN-based Intelligent Honeynet

Wonkyu Han, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn

ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, Oct 2016

Bib PDF

@inproceedings{han2016honeymix,
  title = {HoneyMix: Toward SDN-based Intelligent Honeynet},
  author = {Han, Wonkyu and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon},
  booktitle = {ACM International Workshop on Security in Software Defined Networks \& Network Function Virtualization},
  pages = {1--6},
  year = {2016},
}

2015

IRI

Toward a Moving Target Defense for Web Applications

Marthony Taguinod, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn

IEEE International Conference on Information Reuse and Integration, Oct 2015

Bib PDF

@inproceedings{taguinod2015toward,
  title = {Toward a Moving Target Defense for Web Applications},
  author = {Taguinod, Marthony and Doup{\'e}, Adam and Zhao, Ziming and Ahn, Gail-Joon},
  booktitle = {IEEE International Conference on Information Reuse and Integration},
  year = {2015},
}

US Patent

Methods, Systems, and Media for Measuring Quality of Gesture-based Passwords

Gail-Joon Ahn, and Ziming Zhao

Oct 2015

Bib HTML

@misc{ahn2015methods,
  title = {Methods, Systems, and Media for Measuring Quality of Gesture-based Passwords},
  author = {Ahn, Gail-Joon and Zhao, Ziming},
  year = {2015},
  note = {US Patent US9069948 B2},
}

TISSEC

Picture Gesture Authentication: Empirical Analysis, Automated Attacks, and Scheme Evaluation

Ziming Zhao, Gail-Joon Ahn, and Hongxin Hu

ACM Transactions on Information and System Security, Oct 2015

Bib PDF

@article{zhao2015picture,
  title = {Picture Gesture Authentication: Empirical Analysis, Automated Attacks, and Scheme Evaluation},
  author = {Zhao, Ziming and Ahn, Gail-Joon and Hu, Hongxin},
  journal = {ACM Transactions on Information and System Security},
  year = {2015},
  publisher = {ACM},
}

SACMAT

Federated Access Management for Collaborative Network Environments: Framework and Case Study

Carlos Rubio-Medrano, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn

ACM Symposium on Access control Models and Technologies, Oct 2015

Bib PDF

@inproceedings{rubio2015federated,
  title = {Federated Access Management for Collaborative Network Environments: Framework and Case Study},
  author = {Rubio-Medrano, Carlos and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon},
  booktitle = {ACM Symposium on Access control Models and Technologies},
  year = {2015},
  organization = {ACM},
}

TDSC

Towards Automated Risk Assessment and Mitigation of Mobile Applications

Yiming Jing, Gail-Joon Ahn, Ziming Zhao, and Hongxin Hu

IEEE Transactions on Dependable and Secure Computing, Oct 2015

Bib PDF

@article{jing2015towards,
  title = {Towards Automated Risk Assessment and Mitigation of Mobile Applications},
  author = {Jing, Yiming and Ahn, Gail-Joon and Zhao, Ziming and Hu, Hongxin},
  journal = {IEEE Transactions on Dependable and Secure Computing},
  year = {2015},
}

2014

ACSAC

Morpheus: Automatically Generating Heuristics to Detect Android Emulators

Yiming Jing, Ziming Zhao, Gail-Joon Ahn, and Hongxin Hu

Annual Computer Security Applications Conference, Oct 2014

Bib PDF

@inproceedings{jing2014morpheus,
  title = {Morpheus: Automatically Generating Heuristics to Detect Android Emulators},
  author = {Jing, Yiming and Zhao, Ziming and Ahn, Gail-Joon and Hu, Hongxin},
  booktitle = {Annual Computer Security Applications Conference},
  year = {2014},
}

HotSDN

FlowGuard: Building Robust Firewalls for Software-Defined Networks

Hongxin Hu, Wonkyu Han, Gail-Joon Ahn, and Ziming Zhao

ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, Oct 2014

Bib PDF

@inproceedings{hu2014flowguard,
  title = {FlowGuard: Building Robust Firewalls for Software-Defined Networks},
  author = {Hu, Hongxin and Han, Wonkyu and Ahn, Gail-Joon and Zhao, Ziming},
  booktitle = {ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking},
  year = {2014},
}

SACMAT

Game Theoretic Analysis of Multiparty Access Control in Online Social Networks

Hongxin Hu, Gail-Joon Ahn, Ziming Zhao, and Dejun Yang

ACM Symposium on Access Control Models and Technologies, Oct 2014

Bib PDF

@inproceedings{hu2014game,
  title = {Game Theoretic Analysis of Multiparty Access Control in Online Social Networks},
  author = {Hu, Hongxin and Ahn, Gail-Joon and Zhao, Ziming and Yang, Dejun},
  booktitle = {ACM Symposium on Access Control Models and Technologies},
  year = {2014},
  organization = {ACM},
}

ONS

Towards a Reliable SDN Firewall

Hongxin Hu, Gail-Joon Ahn, Wonkyu Han, and Ziming Zhao

Open Networking Summit Research Track, Oct 2014

Bib PDF

@inproceedings{hu2014towards,
  title = {Towards a Reliable SDN Firewall},
  author = {Hu, Hongxin and Ahn, Gail-Joon and Han, Wonkyu and Zhao, Ziming},
  booktitle = {Open Networking Summit Research Track},
  year = {2014},
  organization = {USENIX},
}

CODASPYBest Paper Award

RiskMon: Continuous and Automated Risk Assessment for Mobile Applications

Yiming Jing, Gail-Joon Ahn, Ziming Zhao, and Hongxin Hu

ACM Conference on Data and Application Security and Privacy, Oct 2014

Bib PDF

@inproceedings{jing2014riskmon,
  title = {RiskMon: Continuous and Automated Risk Assessment for Mobile Applications},
  author = {Jing, Yiming and Ahn, Gail-Joon and Zhao, Ziming and Hu, Hongxin},
  booktitle = {ACM Conference on Data and Application Security and Privacy},
  year = {2014},
  organization = {ACM},
  best = {Best Paper Award}
}

2013

CNS

Using Instruction Sequence Abstraction for Shellcode Detection and Attribution

Ziming Zhao, and Gail-Joon Ahn

IEEE Conference on Communications and Network Security, Oct 2013

Bib PDF

USENIX

On the Security of Picture Gesture Authentication

Ziming Zhao, Gail-Joon Ahn, Jeong-Jin Seo, and Hongxin Hu

USENIX Security Symposium, Oct 2013

Bib PDF

@inproceedings{zhao2013security,
  title = {On the Security of Picture Gesture Authentication},
  author = {Zhao, Ziming and Ahn, Gail-Joon and Seo, Jeong-Jin and Hu, Hongxin},
  booktitle = {USENIX Security Symposium},
  year = {2013},
  organization = {USENIX},
}

Book Chapter

Examining Social Dynamics and Malware Secrets to Mitigate Net-centric Attacks

Ziming Zhao, Gail-Joon Ahn, and Hongxin Hu

Hackers and Hacking: A Reference Handbook, Oct 2013

Bib

@inproceedings{zhao2013examining,
  title = {Examining Social Dynamics and Malware Secrets to Mitigate Net-centric Attacks},
  author = {Zhao, Ziming and Ahn, Gail-Joon and Hu, Hongxin},
  booktitle = {Hackers and Hacking: A Reference Handbook},
  year = {2013},
}

2012

ESORICS

SocialImpact: Systematic Analysis of Underground Social Dynamics

Ziming Zhao, Gail-Joon Ahn, Hongxin Hu, and Deepinder Mahi

European Conference on Research in Computer Security, Oct 2012

Bib PDF

@inproceedings{zhao2012socialimpact,
  title = {SocialImpact: Systematic Analysis of Underground Social Dynamics},
  author = {Zhao, Ziming and Ahn, Gail-Joon and Hu, Hongxin and Mahi, Deepinder},
  booktitle = {European Conference on Research in Computer Security},
  pages = {877--895},
  year = {2012},
}

TDSC

Risk-Aware Mitigation for MANET Routing Attacks

Ziming Zhao, Hongxin Hu, Gail-Joon Ahn, and Ruoyu Wu

IEEE Transactions on Dependable and Secure Computing, Oct 2012

Bib PDF

@article{zhao2012risk,
  title = {Risk-Aware Mitigation for MANET Routing Attacks},
  author = {Zhao, Ziming and Hu, Hongxin and Ahn, Gail-Joon and Wu, Ruoyu},
  journal = {IEEE Transactions on Dependable and Secure Computing},
  volume = {9},
  number = {2},
  pages = {250--260},
  year = {2012},
  publisher = {IEEE},
}

2011

GLOBECOM

Examining Social Dynamics for Countering Botnet Attacks

Ziming Zhao, Gail-Joon Ahn, and Hongxin Hu

IEEE Global Telecommunications Conference, Oct 2011

Bib PDF

@inproceedings{zhao2011examining,
  title = {Examining Social Dynamics for Countering Botnet Attacks},
  author = {Zhao, Ziming and Ahn, Gail-Joon and Hu, Hongxin},
  booktitle = {IEEE Global Telecommunications Conference},
  pages = {1--6},
  year = {2011},
  organization = {IEEE},
}

WCRE

Automatic Extraction of Secrets from Malware

Ziming Zhao, Gail-Joon Ahn, and Hongxin Hu

Working Conference on Reverse Engineering, Oct 2011

Bib PDF

@inproceedings{zhao2011automatic,
  title = {Automatic Extraction of Secrets from Malware},
  author = {Zhao, Ziming and Ahn, Gail-Joon and Hu, Hongxin},
  booktitle = {Working Conference on Reverse Engineering},
  pages = {159--168},
  year = {2011},
  organization = {IEEE},
}

2010

GLOBECOM

Risk-Aware Response for Mitigating MANET Routing Attacks

Ziming Zhao, Hongxin Hu, Gail-Joon Ahn, and Ruoyu Wu

IEEE Global Telecommunications Conference, Oct 2010

Bib PDF

@inproceedings{zhao2010risk,
  title = {Risk-Aware Response for Mitigating MANET Routing Attacks},
  author = {Zhao, Ziming and Hu, Hongxin and Ahn, Gail-Joon and Wu, Ruoyu},
  booktitle = {IEEE Global Telecommunications Conference},
  pages = {1--6},
  year = {2010},
  organization = {IEEE},
}