Publications

2023

1. USENIX

   xNIDS: Explaining Deep Learning-based Network Intrusion Detection Systems for Active Intrusion Responses

   Feng Wei, Hongda Li, Ziming Zhao, and Hongxin Hu

   USENIX Security Symposium, 2023

   Bib PDF

   @inproceedings{wei2023xNIDS,
     title = {xNIDS: Explaining Deep Learning-based Network Intrusion Detection Systems for Active Intrusion Responses},
     author = {Wei, Feng and Li, Hongda and Zhao, Ziming and Hu, Hongxin},
     booktitle = {USENIX Security Symposium},
     year = {2023},
   }

2. DAC

   Return-to-Non-Secure Vulnerabilities on ARM Cortex-M TrustZone: Attack and Defense

   Zheyuan Ma, Xi Tan, Lukasz Ziarek, Ning Zhang, Hongxin Hu, and Ziming Zhao

   ACM/IEEE Design Automation Conference, 2023

   Bib PDF

   @inproceedings{ma2023dac,
     title = {Return-to-Non-Secure Vulnerabilities on ARM Cortex-M TrustZone: Attack and Defense},
     author = {Ma, Zheyuan and Tan, Xi and Ziarek, Lukasz and Zhang, Ning and Hu, Hongxin and Zhao, Ziming},
     booktitle = {ACM/IEEE Design Automation Conference},
     year = {2023},
   }

2022

1. CCS

   EchoHand: High Accuracy and Presentation Attack Resistant Hand Authentication on Commodity Mobile Devices

   Cong Wu, Jing Chen, Kun He, Ziming Zhao, Ruiying Du, and Chen Zhang

   ACM Conference on Computer and Communications Security, Nov 2022

   Bib PDF

   @inproceedings{wu2022echohand,
     title = {EchoHand: High Accuracy and Presentation Attack Resistant Hand Authentication on Commodity Mobile Devices},
     author = {Wu, Cong and Chen, Jing and He, Kun and Zhao, Ziming and Du, Ruiying and Zhang, Chen},
     booktitle = {ACM Conference on Computer and Communications Security},
     pages = {2931--2945},
     year = {2022},
     month = nov,
     doi = {10.1145/3548606.3560553},
   }

2. ICMLA

   Understanding the Generalizability of Hateful Memes Detection Models Against COVID-19-related Hateful Memes

   Keyan Guo, Wentai Zhao, Jaden Mu, Nishant Vishwamitra, Ziming Zhao, and Hongxin Hu

   IEEE International Conference on Machine Learning and Applications, Nov 2022

   Bib

   @inproceedings{keyan2022Understanding,
     title = {Understanding the Generalizability of Hateful Memes Detection Models Against COVID-19-related Hateful Memes},
     author = {Guo, Keyan and Zhao, Wentai and Mu, Jaden and Vishwamitra, Nishant and Zhao, Ziming and Hu, Hongxin},
     booktitle = {IEEE International Conference on Machine Learning and Applications},
     year = {2022},
   }

3. TDSC

   FIDO Gets Verified: A Formal Analysis of the Universal Authentication Framework Protocol

   Haonan Feng, Jingjing Guan, Hui Li, Xuesong Pan, and Ziming Zhao

   IEEE Transactions on Dependable and Secure Computing, Nov 2022

   Bib PDF

   @article{feng2022fido,
     title = {FIDO Gets Verified: A Formal Analysis of the Universal Authentication Framework Protocol},
     author = {Feng, Haonan and Guan, Jingjing and Li, Hui and Pan, Xuesong and Zhao, Ziming},
     journal = {IEEE Transactions on Dependable and Secure Computing},
     year = {2022},
     publisher = {IEEE},
   }

4. ESORICS

   A Formal Analysis of the FIDO2 Protocols

   Jingjing Guan, Hui Li, Haisong Ye, and Ziming Zhao

   European Symposium on Research in Computer Security, Nov 2022

   Bib PDF

   @inproceedings{fido2,
     author = {Guan, Jingjing and Li, Hui and Ye, Haisong and Zhao, Ziming},
     title = {A Formal Analysis of the FIDO2 Protocols},
     booktitle = {European Symposium on Research in Computer Security},
     year = {2022},
     address = {Cham},
     pages = {3--21},
   }

5. arXiv

   BYOTee: Towards Building Your Own Trusted Execution Environments Using FPGA

   Md Armanuzzaman, and Ziming Zhao

   Mar 2022

   Bib PDF

   @misc{byotee22,
     author = {Armanuzzaman, Md and Zhao, Ziming},
     year = {2022},
     month = mar,
     pages = {},
     title = {BYOTee: Towards Building Your Own Trusted Execution Environments Using FPGA},
   }

6. arXiv

   SoK: On the Semantic AI Security in Autonomous Driving

   Junjie Shen, Ningfei Wang, Ziwen Wan, Yunpeng Luo, Takami Sato, Zhisheng Hu, Xinyang Zhang, Shengjian Guo, Zhenyu Zhong, Kang Li, Ziming Zhao, Chunming Qiao, and Qi Alfred Chen

   Mar 2022

   Bib PDF

   @misc{autosok22,
     author = {Shen, Junjie and Wang, Ningfei and Wan, Ziwen and Luo, Yunpeng and Sato, Takami and Hu, Zhisheng and Zhang, Xinyang and Guo, Shengjian and Zhong, Zhenyu and Li, Kang and Zhao, Ziming and Qiao, Chunming and Chen, Qi Alfred},
     year = {2022},
     month = mar,
     pages = {},
     title = {SoK: On the Semantic AI Security in Autonomous Driving},
   }

7. arXiv

   Understanding and Measuring Robustness of Multimodal Learning

   Nishant Vishwamitra, Hongxin Hu, Ziming Zhao, Long Cheng, and Feng Luo

   Dec 2022

   Bib PDF

   @misc{multimodal22,
     author = {Vishwamitra, Nishant and Hu, Hongxin and Zhao, Ziming and Cheng, Long and Luo, Feng},
     year = {2022},
     month = dec,
     pages = {},
     title = {Understanding and Measuring Robustness of Multimodal Learning},
   }

8. AsiaCCSBest Paper Award

   Understanding and Detecting Remote Infection on Linux-based IoT Devices

   Hongda Li, Qiqing Huang, Fei Ding, Hongxin Hu, Long Cheng, Guofei Gu, and Ziming Zhao

   ACM Asia Conference on Computer and Communications Security, Jun 2022

   Bib PDF

   @inproceedings{li2022understanding,
     title = {Understanding and Detecting Remote Infection on Linux-based IoT Devices},
     author = {Li, Hongda and Huang, Qiqing and Ding, Fei and Hu, Hongxin and Cheng, Long and Gu, Guofei and Zhao, Ziming},
     booktitle = {ACM Asia Conference on Computer and Communications Security},
     pages = {873--887},
     year = {2022},
     month = jun,
     best = {Best Paper Award}
   }

9. TDSC

   Toward Robust Detection of Puppet Attacks via Characterizing Fingertip-Touch Behaviors

   Cong Wu, Kun He, Jing Chen, Ziming Zhao, and Ruiying Du

   IEEE Transactions on Dependable and Secure Computing, Sep 2022

   Bib PDF

   @article{puppet22,
     author = {Wu, Cong and He, Kun and Chen, Jing and Zhao, Ziming and Du, Ruiying},
     year = {2022},
     month = sep,
     pages = {1-1},
     title = {Toward Robust Detection of Puppet Attacks via Characterizing Fingertip-Touch Behaviors},
     journal = {IEEE Transactions on Dependable and Secure Computing},
     doi = {10.1109/TDSC.2021.3116552},
   }

10. CODASPY

    Towards Automated Content-based Photo Privacy Control in User-Centered Social Networks

    Nishant Vishwamitra, Yifang Li, Hongxin Hu, Kelly Caine, Long Cheng, Ziming Zhao, and Gail-Joon Ahn

    ACM Conference on Data and Application Security and Privacy, Apr 2022

    Bib PDF

    @inproceedings{vishwamitra2022towards,
      title = {Towards Automated Content-based Photo Privacy Control in User-Centered Social Networks},
      author = {Vishwamitra, Nishant and Li, Yifang and Hu, Hongxin and Caine, Kelly and Cheng, Long and Zhao, Ziming and Ahn, Gail-Joon},
      booktitle = {ACM Conference on Data and Application Security and Privacy},
      pages = {65--76},
      year = {2022},
      month = apr,
    }

2021

1. USENIX

   Having Your Cake and Eating It: An Analysis of Concession-Abuse-as-a-Service

   Zhibo Sun, Adam Oest, Penghui Zhang, Carlos Rubio-Medrano, Tiffany Bao, Ruoyu Wang, Ziming Zhao, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn

   USENIX Security Symposium, Apr 2021

   Bib PDF

   @inproceedings{sun2021cake,
     title = {Having Your Cake and Eating It: An Analysis of Concession-Abuse-as-a-Service},
     author = {Sun, Zhibo and Oest, Adam and Zhang, Penghui and Rubio-Medrano, Carlos and Bao, Tiffany and Wang, Ruoyu and Zhao, Ziming and Shoshitaishvili, Yan and Doup{\'e}, Adam and Ahn, Gail-Joon},
     booktitle = {USENIX Security Symposium},
     year = {2021},
     organization = {USENIX},
   }

2. DTRAP

   ExSol: Collaboratively Assessing Cybersecurity Risks for Protecting Energy Delivery Systems

   Josephine Lamp, Carlos E Rubio-Medrano, Ziming Zhao, and Gail-Joon Ahn

   Digital Threats: Research and Practice, Apr 2021

   Bib PDF

   @article{lamp2021exsol,
     title = {ExSol: Collaboratively Assessing Cybersecurity Risks for Protecting Energy Delivery Systems},
     author = {Lamp, Josephine and Rubio-Medrano, Carlos E and Zhao, Ziming and Ahn, Gail-Joon},
     journal = {Digital Threats: Research and Practice},
     volume = {2},
     number = {3},
     pages = {1--23},
     year = {2021},
     publisher = {ACM New York, NY, USA},
   }

3. NDSS

   A Formal Analysis of the FIDO UAF Protocol

   Haonan Feng, Hui Li, Xuesong Pan, and Ziming Zhao

   Network and Distributed System Security Symposium, Apr 2021

   Bib PDF

   @inproceedings{fengformal2021,
     title = {A Formal Analysis of the FIDO UAF Protocol},
     author = {Feng, Haonan and Li, Hui and Pan, Xuesong and Zhao, Ziming},
     booktitle = {Network and Distributed System Security Symposium},
     year = {2021},
   }

2020

1. TPS

   Toward Automated Enforcement of Cyber-Physical Security Requirements for Energy Delivery Systems

   Carlos Rubio-Medrano, Ziming Zhao, and Gail-Joon Ahn

   IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications , Apr 2020

   Bib PDF

   @inproceedings{rubio2020toward,
     title = {Toward Automated Enforcement of Cyber-Physical Security Requirements for Energy Delivery Systems},
     author = {Rubio-Medrano, Carlos and Zhao, Ziming and Ahn, Gail-Joon},
     booktitle = {IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications },
     pages = {319--322},
     year = {2020},
     organization = {IEEE},
   }

2. USENIX

   Liveness is Not Enough: Enhancing Fingerprint Authentication with Behavioral Biometrics to Defeat Puppet Attacks

   Cong Wu, Kun He, Jing Chen, Ziming Zhao, and Ruiying Du

   USENIX Security Symposium, Apr 2020

   Bib PDF

   @inproceedings{wu2020liveness,
     title = {Liveness is Not Enough: Enhancing Fingerprint Authentication with Behavioral Biometrics to Defeat Puppet Attacks},
     author = {Wu, Cong and He, Kun and Chen, Jing and Zhao, Ziming and Du, Ruiying},
     booktitle = {USENIX Security Symposium},
     pages = {2219--2236},
     year = {2020},
   }

3. MobiSys

   SmokeBomb: Effective Mitigation Against Cache Side-channel Attacks on the ARM Architecture

   Haehyun Cho, Jinbum Park, Donguk Kim, Ziming Zhao, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn

   International Conference on Mobile Systems, Applications, and Services, Apr 2020

   Bib PDF

   @inproceedings{cho2020smokebomb,
     title = {SmokeBomb: Effective Mitigation Against Cache Side-channel Attacks on the ARM Architecture},
     author = {Cho, Haehyun and Park, Jinbum and Kim, Donguk and Zhao, Ziming and Shoshitaishvili, Yan and Doup{\'e}, Adam and Ahn, Gail-Joon},
     booktitle = {International Conference on Mobile Systems, Applications, and Services},
     pages = {107--120},
     year = {2020},
   }

4. Book Chapter

   Mitigating the CacheKit Attack

   Mauricio Gutierrez, Ziming Zhao, Adam Doupé, Yan Shoshitaishvili, and Gail-Joon Ahn

   Frontiers in Hardware Security and Trust: Theory, Design and Practice, Apr 2020

   Bib

   @article{gutierrez2020mitigating,
     title = {Mitigating the CacheKit Attack},
     author = {Gutierrez, Mauricio and Zhao, Ziming and Doup{\'e}, Adam and Shoshitaishvili, Yan and Ahn, Gail-Joon},
     journal = {Frontiers in Hardware Security and Trust: Theory, Design and Practice},
     pages = {173},
     year = {2020},
     publisher = {Materials, Circuits and Device},
   }

5. CODASPY

   DANdroid: A Multi-View Discriminative Adversarial Network for Obfuscated Android Malware Detection

   Stuart Millar, Niall McLaughlin, Jesus Rincon, Paul Miller, and Ziming Zhao

   ACM Conference on Data and Application Security and Privacy, Apr 2020

   Bib PDF

   @inproceedings{millar2020dandroid,
     title = {DANdroid: A Multi-View Discriminative Adversarial Network for Obfuscated Android Malware Detection},
     author = {Millar, Stuart and McLaughlin, Niall and Martinez del Rincon, Jesus and Miller, Paul and Zhao, Ziming},
     booktitle = {ACM Conference on Data and Application Security and Privacy},
     pages = {353--364},
     year = {2020},
   }

2019

1. CCS

   Matched and Mismatched SOCs: A Qualitative Study on Security Operations Center Issues

   Faris Bugra Kokulu, Ananta Soneji, Tiffany Bao, Yan Shoshitaishvili, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn

   ACM Conference on Computer and Communications Security, Apr 2019

   Bib PDF

   @inproceedings{kokulu2019matched,
     title = {Matched and Mismatched SOCs: A Qualitative Study on Security Operations Center Issues},
     author = {Kokulu, Faris Bugra and Soneji, Ananta and Bao, Tiffany and Shoshitaishvili, Yan and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon},
     booktitle = {ACM Conference on Computer and Communications Security},
     pages = {1955--1970},
     year = {2019},
   }

2. US Patent

   Systems and methods for authenticating caller identity and call request header information for outbound telephony communications

   Huahong Tu, Adam Doupé, Gail-Joon Ahn, and Ziming Zhao

   Oct 2019

   Bib

   @misc{tu2019systems,
     title = {Systems and methods for authenticating caller identity and call request header information for outbound telephony communications},
     author = {Tu, Huahong and Doup{\'e}, Adam and Ahn, Gail-Joon and Zhao, Ziming},
     year = {2019},
     month = oct,
     publisher = {Google Patents},
     note = {US Patent 10,447,481},
   }

3. USENIXDistinguished Paper Award

   Users Really Do Answer Telephone Scams

   Huahong Tu, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn

   USENIX Security Symposium, Oct 2019

   Bib PDF

   @inproceedings{tu2019security,
     title = {Users Really Do Answer Telephone Scams},
     author = {Tu, Huahong and Doup{\'e}, Adam and Zhao, Ziming and Ahn, Gail-Joon},
     booktitle = {USENIX Security Symposium},
     year = {2019},
     organization = {USENIX},
     distinguished = {Distinguished Paper Award}
   }

4. COSE

   Towards a Reliable Firewall for Software-Defined Networks

   Hongxin Hu, Wonkyu Han, Sukwha Kyung, Juan Wang, Gail-Joon Ahn, Ziming Zhao, and Hongda Li

   Computers & Security, Oct 2019

   Bib PDF

   @article{hu2019towards,
     title = {Towards a Reliable Firewall for Software-Defined Networks},
     author = {Hu, Hongxin and Han, Wonkyu and Kyung, Sukwha and Wang, Juan and Ahn, Gail-Joon and Zhao, Ziming and Li, Hongda},
     journal = {Computers \& Security},
     volume = {87},
     pages = {101597},
     year = {2019},
     publisher = {Elsevier},
   }

5. SACMAT

   Effectively Enforcing Authorization Constraints for Emerging Space-Sensitive Technologies

   Carlos E Rubio-Medrano, Shaishavkumar Jogani, Maria Leitner, Ziming Zhao, and Gail-Joon Ahn

   ACM Symposium on Access Control Models and Technologies, Oct 2019

   Bib PDF

   @inproceedings{rubio2019effectively,
     title = {Effectively Enforcing Authorization Constraints for Emerging Space-Sensitive Technologies},
     author = {Rubio-Medrano, Carlos E and Jogani, Shaishavkumar and Leitner, Maria and Zhao, Ziming and Ahn, Gail-Joon},
     booktitle = {ACM Symposium on Access Control Models and Technologies},
     pages = {195--206},
     year = {2019},
   }

6. MSCPES

   ExSol: Collaboratively Assessing Cybersecurity Risks for Protecting Energy Delivery Systems

   Josephine Lamp, Carlos Rubio-Medrano, Ziming Zhao, and Gail-Joon Ahn

   IEEE Workshop on Modeling and Simulation of Cyber-Physical Energy Systems, Oct 2019

   Bib PDF

   @inproceedings{lamp2019exsol,
     title = {ExSol: Collaboratively Assessing Cybersecurity Risks for Protecting Energy Delivery Systems},
     author = {Lamp, Josephine and Rubio-Medrano, Carlos and and Zhao, Ziming and Ahn, Gail-Joon},
     booktitle = {IEEE Workshop on Modeling and Simulation of Cyber-Physical Energy Systems},
     year = {2019},
     organization = {IEEE},
   }

7. SAC

   iCORE: Continuous and Proactive Extrospection on Multi-core IoT Devices

   Penghui Zhang, Haehyun Cho, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn

   ACM/SIGAPP Symposium on Applied Computing, Oct 2019

   Bib PDF

   @inproceedings{zhang2019ic,
     title = {{iCORE: Continuous and Proactive Extrospection on Multi-core IoT Devices}},
     author = {Zhang, Penghui and Cho, Haehyun and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon},
     booktitle = {ACM/SIGAPP Symposium on Applied Computing},
     pages = {851--860},
     year = {2019},
     organization = {ACM},
   }

8. CODASPY

   Understanding and Predicting Private Interactions in Underground Forums

   Zhibo Sun, Carlos E Rubio-Medrano, Ziming Zhao, Tiffany Bao, Adam Doupé, and Gail-Joon Ahn

   ACM Conference on Data and Application Security and Privacy, Oct 2019

   Bib PDF

   @inproceedings{sun2019understanding,
     title = {Understanding and Predicting Private Interactions in Underground Forums},
     author = {Sun, Zhibo and Rubio-Medrano, Carlos E and Zhao, Ziming and Bao, Tiffany and Doup{\'e}, Adam and Ahn, Gail-Joon},
     booktitle = {ACM Conference on Data and Application Security and Privacy},
     pages = {303--314},
     year = {2019},
   }

2018

1. TDSC

   Semantics-Aware Privacy Risk Assessment Using Self-Learning Weight Assignment for Mobile Apps

   Jing Chen, Chiheng Wang, Kun He, Ziming Zhao, Min Chen, Ruiying Du, and Gail-Joon Ahn

   IEEE Transactions on Dependable and Secure Computing, Oct 2018

   Bib PDF

   @article{chen2018semantics,
     title = {Semantics-Aware Privacy Risk Assessment Using Self-Learning Weight Assignment for Mobile Apps},
     author = {Chen, Jing and Wang, Chiheng and He, Kun and Zhao, Ziming and Chen, Min and Du, Ruiying and Ahn, Gail-Joon},
     journal = {IEEE Transactions on Dependable and Secure Computing},
     volume = {18},
     number = {1},
     pages = {15--29},
     year = {2018},
     publisher = {IEEE},
   }

2. ACSAC

   Wi Not Calling: Practical Privacy and Availability Atacks in Wi-Fi Calling

   Jaejong Baek, Sukwha Kyung, Haehyun Cho, Ziming Zhao, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn

   Annual Computer Security Applications Conference, Oct 2018

   Bib PDF

   @inproceedings{baek2018wi,
     title = {Wi Not Calling: Practical Privacy and Availability Atacks in Wi-Fi Calling},
     author = {Baek, Jaejong and Kyung, Sukwha and Cho, Haehyun and Zhao, Ziming and Shoshitaishvili, Yan and Doup{\'e}, Adam and Ahn, Gail-Joon},
     booktitle = {Annual Computer Security Applications Conference},
     pages = {278--288},
     year = {2018},
   }

3. ACSAC

   Prime+Count: Novel Cross-world Covert Channels on ARM TrustZone

   Haehyun Cho, Penghui Zhang, Donguk Kim, Jinbum Park, Choong-Hoon Lee, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn

   Annual Computer Security Applications Conference, Oct 2018

   Bib PDF

   @inproceedings{cho2018prime,
     title = {{Prime+Count: Novel Cross-world Covert Channels on ARM TrustZone}},
     author = {Cho, Haehyun and Zhang, Penghui and Kim, Donguk and Park, Jinbum and Lee, Choong-Hoon and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon},
     booktitle = {Annual Computer Security Applications Conference},
     pages = {441--452},
     year = {2018},
     organization = {ACM},
   }

4. ASHES

   CacheLight: Defeating the CacheKit Attack

   Mauricio Gutierrez, Ziming Zhao, Adam Doupé, Yan Shoshitaishvili, and Gail-Joon Ahn

   Workshop on Attacks and Solutions in Hardware Security, Oct 2018

   Bib PDF

   @inproceedings{gutierrez2018cachelight,
     title = {CacheLight: Defeating the CacheKit Attack},
     author = {Gutierrez, Mauricio and Zhao, Ziming and Doup{\'e}, Adam and Shoshitaishvili, Yan and Ahn, Gail-Joon},
     booktitle = {Workshop on Attacks and Solutions in Hardware Security},
     pages = {65--74},
     year = {2018},
   }

5. CCS

   AIM-SDN: Attacking Information Mismanagement in SDN-datastores

   Vaibhav Hemant Dixit, Adam Doupé, Yan Shoshitaishvili, Ziming Zhao, and Gail-Joon Ahn

   ACM Conference on Computer and Communications Security, Oct 2018

   Bib PDF

   @inproceedings{Vaibhav:2018:AIM,
     author = {Dixit, Vaibhav Hemant and Doup{\'e}, Adam and Shoshitaishvili, Yan and Zhao, Ziming and Ahn, Gail-Joon},
     title = {AIM-SDN: Attacking Information Mismanagement in SDN-datastores},
     booktitle = {ACM Conference on Computer and Communications Security},
     year = {2018},
     location = {Toronto, Canada},
     publisher = {ACM},
   }

6. MedSPT

   The Danger of Missing Instructions: A Systematic Analysis of Security Requirements for MCPS

   Josephine Lamp, Carlos E Rubio-Medrano, Ziming Zhao, and Gail-Joon Ahn

   IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies, Oct 2018

   Bib PDF

   @inproceedings{lamp2018danger,
     title = {The Danger of Missing Instructions: A Systematic Analysis of Security Requirements for MCPS},
     author = {Lamp, Josephine and Rubio-Medrano, Carlos E and Zhao, Ziming and Ahn, Gail-Joon},
     booktitle = {IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies},
     pages = {94--99},
     year = {2018},
     organization = {IEEE},
   }

7. TIFS

   Uncovering the Face of Android Ransomware: Characterization and Real-Time Detection

   Jing Chen, Chiheng Wang, Ziming Zhao, Kai Chen, Ruiying Du, and Gail-Joon Ahn

   IEEE Transactions on Information Forensics and Security, Oct 2018

   Bib PDF

   @article{chen2018uncovering,
     title = {Uncovering the Face of Android Ransomware: Characterization and Real-Time Detection},
     author = {Chen, Jing and Wang, Chiheng and Zhao, Ziming and Chen, Kai and Du, Ruiying and Ahn, Gail-Joon},
     journal = {IEEE Transactions on Information Forensics and Security},
     volume = {13},
     number = {5},
     pages = {1286--1300},
     year = {2018},
     publisher = {IEEE},
   }

8. SAC

   Measuring E-Mail Header Injections on the World Wide Web

   Sai Prashanth Chandramouli, Pierre-Marie Bajan, Christopher Kruegel, Giovanni Vigna, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn

   ACM/SIGAPP Symposium On Applied Computing, Oct 2018

   Bib PDF

   @inproceedings{chandramouli2018measuring,
     title = {Measuring E-Mail Header Injections on the World Wide Web},
     author = {Chandramouli, Sai Prashanth and Bajan, Pierre-Marie and Kruegel, Christopher and Vigna, Giovanni and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon},
     booktitle = {ACM/SIGAPP Symposium On Applied Computing},
     year = {2018},
     organization = {ACM},
   }

9. 11.9 Digital Forensics

   Challenges, Opportunities and a Framework for Web Environment Forensics

   Mike Mabey, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn

   IFIP International Conference on Digital Forensics, Oct 2018

   Bib HTML

   @inproceedings{mabey2018challenges,
     title = {Challenges, Opportunities and a Framework for Web Environment Forensics},
     author = {Mabey, Mike and Doup{\'e}, Adam and Zhao, Ziming and Ahn, Gail-Joon},
     booktitle = {IFIP International Conference on Digital Forensics},
     pages = {11--33},
     year = {2018},
     organization = {Springer},
   }

10. ABAC

    RiskPol: A Risk Assessment Framework for Preventing Attribute-Forgery Attacks to ABAC Policies

    Carlos E Rubio-Medrano, Ziming Zhao, and Gail-Joon Ahn

    ACM Workshop on Attribute-Based Access Control, Oct 2018

    Bib PDF

    @inproceedings{rubio2018riskpol,
      title = {RiskPol: A Risk Assessment Framework for Preventing Attribute-Forgery Attacks to ABAC Policies},
      author = {Rubio-Medrano, Carlos E and Zhao, Ziming and Ahn, Gail-Joon},
      booktitle = {ACM Workshop on Attribute-Based Access Control},
      pages = {54--60},
      year = {2018},
    }

11. SDNNFV

    Challenges and Preparedness of SDN-based Firewalls

    Vaibhav Hemant Dixit, Sukwha Kyung, Ziming Zhao, Adam Doupé, Yan Shoshitaishvili, and Gail-Joon Ahn

    ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, Oct 2018

    Bib PDF

    @inproceedings{dixit2018challenges,
      title = {Challenges and Preparedness of SDN-based Firewalls},
      author = {Dixit, Vaibhav Hemant and Kyung, Sukwha and Zhao, Ziming and Doup{\'e}, Adam and Shoshitaishvili, Yan and Ahn, Gail-Joon},
      booktitle = {ACM International Workshop on Security in Software Defined Networks \& Network Function Virtualization},
      pages = {33--38},
      year = {2018},
      organization = {ACM},
    }

2017

1. CIC

   OntoEDS: Protecting Energy Delivery Systems by Collaboratively Analyzing Security Requirements

   Josephine Lamp, Carlos E Rubio-Medrano, Ziming Zhao, and Gail-Joon Ahn

   IEEE International Conference on Collaboration and Internet Computing (CIC), Oct 2017

   Bib PDF

   @inproceedings{lamp2017ontoeds,
     title = {OntoEDS: Protecting Energy Delivery Systems by Collaboratively Analyzing Security Requirements},
     author = {Lamp, Josephine and Rubio-Medrano, Carlos E and Zhao, Ziming and Ahn, Gail-Joon},
     booktitle = {IEEE International Conference on Collaboration and Internet Computing (CIC)},
     pages = {1--10},
     year = {2017},
     organization = {IEEE},
   }

2. MTD

   Mutated Policies: Towards Proactive Attribute-based Defenses for Access Control

   Carlos E Rubio-Medrano, Josephine Lamp, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn

   Workshop on Moving Target Defense, Oct 2017

   Bib PDF

   @inproceedings{rubio2017mutated,
     title = {Mutated Policies: Towards Proactive Attribute-based Defenses for Access Control},
     author = {Rubio-Medrano, Carlos E and Lamp, Josephine and Doup{\'e}, Adam and Zhao, Ziming and Ahn, Gail-Joon},
     booktitle = {Workshop on Moving Target Defense},
     pages = {39--49},
     year = {2017},
   }

3. CNS

   HoneyProxy: Design and Implementation of Next-Generation Honeynet via SDN

   Sukwha Kyung, Wonkyu Han, Naveen Tiwari, Vaibhav Dixit, Lakshmi Srinivas, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn

   IEEE Conference on Communications and Network Security, Oct 2017

   Bib PDF

   @inproceedings{sukwha2017Honey,
     title = {HoneyProxy: Design and Implementation of Next-Generation Honeynet via SDN},
     author = {Kyung, Sukwha and Han, Wonkyu and Tiwari, Naveen and Dixit, Vaibhav and Srinivas, Lakshmi and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon},
     booktitle = {IEEE Conference on Communications and Network Security},
     year = {2017},
   }

4. CSM

   Toward Standardization of Authenticated Caller ID Transmission

   Huahong Tu, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn

   IEEE Communications Standards Magazine, Oct 2017

   Bib PDF

   @article{tu2017toward,
     title = {Toward Standardization of Authenticated Caller ID Transmission},
     author = {Tu, Huahong and Doup{\'e}, Adam and Zhao, Ziming and Ahn, Gail-Joon},
     journal = {IEEE Communications Standards Magazine},
     volume = {1},
     number = {3},
     pages = {30--36},
     year = {2017},
     publisher = {IEEE},
   }

5. ITIT

   E-mail Header Injection Vulnerabilities

   Sai Prashanth Chandramouli, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn

   it - Information Technology, Oct 2017

   Bib

   @article{chandramouli2017mail,
     title = {E-mail Header Injection Vulnerabilities},
     author = {Chandramouli, Sai Prashanth and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon},
     journal = {it - Information Technology},
     volume = {59},
     number = {2},
     pages = {67--72},
     year = {2017},
     publisher = {De Gruyter Oldenbourg},
   }

6. AAMAS

   A Game Theoretic Approach to Strategy Generation for Moving Target Defense in Web Applications.

   Sailik Sengupta, Satya Gautam Vadlamudi, Subbarao Kambhampati, Adam Doupé, Ziming Zhao, Marthony Taguinod, and Gail-Joon Ahn

   AAMAS, Oct 2017

   Bib PDF

   @inproceedings{sengupta2017game,
     title = {A Game Theoretic Approach to Strategy Generation for Moving Target Defense in Web Applications.},
     author = {Sengupta, Sailik and Vadlamudi, Satya Gautam and Kambhampati, Subbarao and Doup{\'e}, Adam and Zhao, Ziming and Taguinod, Marthony and Ahn, Gail-Joon},
     booktitle = {AAMAS},
     volume = {1},
     pages = {178--186},
     year = {2017},
   }

7. CODASPY

   Deep Android Malware Detection

   Niall McLaughlin, Jesus Rincon, Yeganeh Safaei, Erik Trickel, Ziming Zhao, and Adam Doupé

   ACM Conference on Data and Application Security and Privacy, Oct 2017

   Bib PDF

   @inproceedings{mclaughlin2017deep,
     title = {Deep Android Malware Detection},
     author = {McLaughlin, Niall and Martinez del Rincon, Jesus and Safaei, Yeganeh and Trickel, Erik and Zhao, Ziming and Doup{\'e}, Adam},
     booktitle = {ACM Conference on Data and Application Security and Privacy},
     pages = {301--308},
     year = {2017},
     organization = {ACM},
   }

8. ICST

   NIVAnalyzer: A Tool for Automatically Detecting and Verifying Next-Intent Vulnerabilities in Android Apps

   Junjie Tang, Xingmin Cui, Ziming Zhao, Shanqing Guo, Xinshun Xu, Chengyu Hu, Tao Ban, and Bing Mao

   IEEE Conference on Software Testing, Verification and Validation, Oct 2017

   Bib HTML

   @inproceedings{tang2017nivanalyzer,
     title = {{NIVAnalyzer: A Tool for Automatically Detecting and Verifying Next-Intent Vulnerabilities in Android Apps}},
     author = {Tang, Junjie and Cui, Xingmin and Zhao, Ziming and Guo, Shanqing and Xu, Xinshun and Hu, Chengyu and Ban, Tao and Mao, Bing},
     booktitle = {IEEE Conference on Software Testing, Verification and Validation},
     pages = {492--499},
     year = {2017},
     organization = {IEEE},
   }

9. NDSS

   On the Safety and Efficiency of Virtual Firewall Elasticity Control

   Juan Deng, Hongda Li, Hongxin Hu, Kuang-Ching Wang, Gail-Joon Ahn, Ziming Zhao, and Wonkyu Han

   Network and Distributed System Security Symposium, Oct 2017

   Bib PDF

   @inproceedings{deng2017on,
     title = {On the Safety and Efficiency of Virtual Firewall Elasticity Control},
     author = {Deng, Juan and Li, Hongda and Hu, Hongxin and Wang, Kuang-Ching and Ahn, Gail-Joon and Zhao, Ziming and Han, Wonkyu},
     booktitle = {Network and Distributed System Security Symposium},
     year = {2017},
   }

10. US Patent

    Systems and Methods for Authenticating Caller Identity and Call Request Header Information for Outbound Telephony Communications

    Huahong Tu, Adam Doupé, Gail-Joon Ahn, and Ziming Zhao

    Oct 2017

    Bib PDF

    @misc{tu2017systems,
      title = {Systems and Methods for Authenticating Caller Identity and Call Request Header Information for Outbound Telephony Communications},
      author = {Tu, Huahong and Doup{\'e}, Adam and Ahn, Gail-Joon and Zhao, Ziming},
      year = {2017},
      publisher = {Google Patents},
      note = {US Patent App. 15/459,597},
    }

2016

1. ITUBest Paper Award

   Toward Authenticated Caller ID Transmission: The Need for a Standardized Authentication Scheme in Q.731.3 Calling Line Identification Presentation

   Huahong Tu, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn

   ITU Kaleidoscope: ICTs for a Sustainable World, Oct 2016

   Bib PDF

   @inproceedings{tu2016toward,
     title = {Toward Authenticated Caller ID Transmission: The Need for a Standardized Authentication Scheme in Q.731.3 Calling Line Identification Presentation},
     author = {Tu, Huahong and Doup{\'e}, Adam and Zhao, Ziming and Ahn, Gail-Joon},
     booktitle = {ITU Kaleidoscope: ICTs for a Sustainable World},
     pages = {1--8},
     year = {2016},
     organization = {IEEE},
     best = {Best Paper Award}
   }

2. CIC

   Towards Automated Threat Intelligence Fusion

   Ajay Modi, Zhibo Sun, Anupam Panwar, Tejas Khairnar, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn

   IEEE International Conference on Collaboration and Internet Computing, Oct 2016

   Bib PDF

   @inproceedings{modi2016towards,
     title = {Towards Automated Threat Intelligence Fusion},
     author = {Modi, Ajay and Sun, Zhibo and Panwar, Anupam and Khairnar, Tejas and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon},
     booktitle = {IEEE International Conference on Collaboration and Internet Computing},
     year = {2016},
   }

3. JCS

   TripleMon: A Multi-layer Security Framework for Mediating Inter-Process Communication on Android

   Yiming Jing, Gail-Joon Ahn, Hongxin Hu, Haehyun Cho, and Ziming Zhao

   Journal of Computer Security, Oct 2016

   Bib PDF

   @article{jing2016triplemon,
     title = {TripleMon: A Multi-layer Security Framework for Mediating Inter-Process Communication on Android},
     author = {Jing, Yiming and Ahn, Gail-Joon and Hu, Hongxin and Cho, Haehyun and Zhao, Ziming},
     journal = {Journal of Computer Security},
     pages = {1--22},
     year = {2016},
     publisher = {IOS Press},
   }

4. DFRWS

   dbling: Identifying Extensions Installed on Encrypted Web Thin Clients

   Mike Mabey, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn

   Digital Investigation, Oct 2016

   Bib PDF

   @article{mabey2016dbling,
     title = {dbling: Identifying Extensions Installed on Encrypted Web Thin Clients},
     author = {Mabey, Mike and Doup{\'e}, Adam and Zhao, Ziming and Ahn, Gail-Joon},
     journal = {Digital Investigation},
     volume = {18},
     pages = {S55--S65},
     year = {2016},
     publisher = {Elsevier},
   }

5. ICWS

   Toward Discovering and Exploiting Private Server-Side Web APIs

   Jia Chen, Xingmin Cui, Ziming Zhao, Jie Liang, and Shanqing Guo

   IEEE International Conference on Web Services, Oct 2016

   Bib PDF

   @inproceedings{chen2016toward,
     title = {Toward Discovering and Exploiting Private Server-Side Web APIs},
     author = {Chen, Jia and Cui, Xingmin and Zhao, Ziming and Liang, Jie and Guo, Shanqing},
     booktitle = {IEEE International Conference on Web Services},
     pages = {420--427},
     year = {2016},
     organization = {IEEE},
   }

6. SACMAT

   State-aware Network Access Management for Software-Defined Networks

   Wonkyu Han, Hongxin Hu, Ziming Zhao, Adam Doupé, Gail-Joon Ahn, Kuang-Ching Wang, and Juan Deng

   ACM Symposium on Access Control Models and Technologies, Oct 2016

   Bib PDF

   @inproceedings{han2016state,
     title = {State-aware Network Access Management for Software-Defined Networks},
     author = {Han, Wonkyu and Hu, Hongxin and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon and Wang, Kuang-Ching and Deng, Juan},
     booktitle = {ACM Symposium on Access Control Models and Technologies},
     year = {2016},
     organization = {ACM},
   }

7. eCrime

   Behind Closed Doors: Measurement and Analysis of CryptoLocker Ransoms in Bitcoin

   Kevin Liao, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn

   APWG Symposium on Electronic Crime Research, Oct 2016

   Bib PDF

   @inproceedings{liao2016behind,
     title = {Behind Closed Doors: Measurement and Analysis of CryptoLocker Ransoms in Bitcoin},
     author = {Liao, Kevin and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon},
     booktitle = {APWG Symposium on Electronic Crime Research},
     year = {2016},
   }

8. SPM

   Mules, Seals, and Attacking Tools: Analyzing 12 Online Marketplaces

   Ziming Zhao, Mukund Sankaran, Gail-Joon Ahn, Thomas J. Holt, Yiming Jing, and Hongxin Hu

   IEEE Security & Privacy Magazine, Oct 2016

   Bib PDF

   @article{zhao2016mules,
     title = {Mules, Seals, and Attacking Tools: Analyzing 12 Online Marketplaces},
     author = {Zhao, Ziming and Sankaran, Mukund and Ahn, Gail-Joon and Holt, Thomas J. and Jing, Yiming and Hu, Hongxin},
     journal = {IEEE Security \& Privacy Magazine},
     year = {2016},
     publisher = {IEEE},
   }

9. Oakland

   SoK: Everyone Hates Robocalls: A Survey of Techniques against Telephone Spam

   Huahong Tu, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn

   IEEE Symposium on Security and Privacy, Oct 2016

   Bib PDF

   @inproceedings{tu2016sok,
     title = {SoK: Everyone Hates Robocalls: A Survey of Techniques against Telephone Spam},
     author = {Tu, Huahong and Doup{\'e}, Adam and Zhao, Ziming and Ahn, Gail-Joon},
     booktitle = {IEEE Symposium on Security and Privacy},
     year = {2016},
   }

10. AAMAS

    Moving Target Defense for Web Applications using Bayesian Stackelberg Games

    Satya Gautam Vadlamudi, Sailik Sengupta, Marthony Taguinod, Ziming Zhao, Adam Doupé, Gail-Joon Ahn, and Subbarao Kambhampati

    International Conference on Autonomous Agents & Multiagent Systems, Oct 2016

    Bib PDF

    @inproceedings{vadlamudi2016moving,
      title = {Moving Target Defense for Web Applications using Bayesian Stackelberg Games},
      author = {Vadlamudi, Satya Gautam and Sengupta, Sailik and Taguinod, Marthony and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon and Kambhampati, Subbarao},
      booktitle = {International Conference on Autonomous Agents \& Multiagent Systems},
      pages = {1377--1378},
      year = {2016},
      organization = {International Foundation for Autonomous Agents and Multiagent Systems},
    }

11. ABAC

    Towards a Moving Target Defense Approach for Attribute-based Access Control

    Carlos E Rubio-Medrano, Josephine Lamp, Marthony Taguinod, Ziming Zhao, Adam Doupe, and Gail-Joon Ahn

    ACM Workshop on Attribute-based Access Control, Oct 2016

    Bib PDF

    @inproceedings{rubio2016towards,
      title = {Towards a Moving Target Defense Approach for Attribute-based Access Control},
      author = {Rubio-Medrano, Carlos E and Lamp, Josephine and Taguinod, Marthony and Zhao, Ziming and Doupe, Adam and Ahn, Gail-Joon},
      booktitle = {ACM Workshop on Attribute-based Access Control},
      pages = {--},
      year = {2016},
      organization = {ACM},
    }

12. CODASPY

    HoneyMix: Toward SDN-based Intelligent Honeynet

    Wonkyu Han, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn

    ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, Oct 2016

    Bib PDF

    @inproceedings{han2016honeymix,
      title = {HoneyMix: Toward SDN-based Intelligent Honeynet},
      author = {Han, Wonkyu and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon},
      booktitle = {ACM International Workshop on Security in Software Defined Networks \& Network Function Virtualization},
      pages = {1--6},
      year = {2016},
    }

2015

1. IRI

   Toward a Moving Target Defense for Web Applications

   Marthony Taguinod, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn

   IEEE International Conference on Information Reuse and Integration, Oct 2015

   Bib PDF

   @inproceedings{taguinod2015toward,
     title = {Toward a Moving Target Defense for Web Applications},
     author = {Taguinod, Marthony and Doup{\'e}, Adam and Zhao, Ziming and Ahn, Gail-Joon},
     booktitle = {IEEE International Conference on Information Reuse and Integration},
     year = {2015},
   }

2. US Patent

   Methods, Systems, and Media for Measuring Quality of Gesture-based Passwords

   Gail-Joon Ahn, and Ziming Zhao

   Oct 2015

   Bib HTML

   @misc{ahn2015methods,
     title = {Methods, Systems, and Media for Measuring Quality of Gesture-based Passwords},
     author = {Ahn, Gail-Joon and Zhao, Ziming},
     year = {2015},
     note = {US Patent US9069948 B2},
   }

3. TISSEC

   Picture Gesture Authentication: Empirical Analysis, Automated Attacks, and Scheme Evaluation

   Ziming Zhao, Gail-Joon Ahn, and Hongxin Hu

   ACM Transactions on Information and System Security, Oct 2015

   Bib PDF

   @article{zhao2015picture,
     title = {Picture Gesture Authentication: Empirical Analysis, Automated Attacks, and Scheme Evaluation},
     author = {Zhao, Ziming and Ahn, Gail-Joon and Hu, Hongxin},
     journal = {ACM Transactions on Information and System Security},
     year = {2015},
     publisher = {ACM},
   }

4. SACMAT

   Federated Access Management for Collaborative Network Environments: Framework and Case Study

   Carlos Rubio-Medrano, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn

   ACM Symposium on Access control Models and Technologies, Oct 2015

   Bib PDF

   @inproceedings{rubio2015federated,
     title = {Federated Access Management for Collaborative Network Environments: Framework and Case Study},
     author = {Rubio-Medrano, Carlos and Zhao, Ziming and Doup{\'e}, Adam and Ahn, Gail-Joon},
     booktitle = {ACM Symposium on Access control Models and Technologies},
     year = {2015},
     organization = {ACM},
   }

5. TDSC

   Towards Automated Risk Assessment and Mitigation of Mobile Applications

   Yiming Jing, Gail-Joon Ahn, Ziming Zhao, and Hongxin Hu

   IEEE Transactions on Dependable and Secure Computing, Oct 2015

   Bib PDF

   @article{jing2015towards,
     title = {Towards Automated Risk Assessment and Mitigation of Mobile Applications},
     author = {Jing, Yiming and Ahn, Gail-Joon and Zhao, Ziming and Hu, Hongxin},
     journal = {IEEE Transactions on Dependable and Secure Computing},
     year = {2015},
   }

2013

1. CNS

   Using Instruction Sequence Abstraction for Shellcode Detection and Attribution

   Ziming Zhao, and Gail-Joon Ahn

   IEEE Conference on Communications and Network Security, Oct 2013

   Bib PDF

   @inproceedings{zhao2013using,
     author = {Zhao, Ziming and Ahn, Gail-Joon},
     booktitle = {IEEE Conference on Communications and Network Security},
     year = {2013},
   }

2. USENIX

   On the Security of Picture Gesture Authentication

   Ziming Zhao, Gail-Joon Ahn, Jeong-Jin Seo, and Hongxin Hu

   USENIX Security Symposium, Oct 2013

   Bib PDF

   @inproceedings{zhao2013security,
     title = {On the Security of Picture Gesture Authentication},
     author = {Zhao, Ziming and Ahn, Gail-Joon and Seo, Jeong-Jin and Hu, Hongxin},
     booktitle = {USENIX Security Symposium},
     year = {2013},
     organization = {USENIX},
   }

3. Book Chapter

   Examining Social Dynamics and Malware Secrets to Mitigate Net-centric Attacks

   Ziming Zhao, Gail-Joon Ahn, and Hongxin Hu

   Hackers and Hacking: A Reference Handbook, Oct 2013

   Bib

   @inproceedings{zhao2013examining,
     title = {Examining Social Dynamics and Malware Secrets to Mitigate Net-centric Attacks},
     author = {Zhao, Ziming and Ahn, Gail-Joon and Hu, Hongxin},
     booktitle = {Hackers and Hacking: A Reference Handbook},
     year = {2013},
   }

2014

1. ACSAC

   Morpheus: Automatically Generating Heuristics to Detect Android Emulators

   Yiming Jing, Ziming Zhao, Gail-Joon Ahn, and Hongxin Hu

   Annual Computer Security Applications Conference, Oct 2014

   Bib PDF

   @inproceedings{jing2014morpheus,
     title = {Morpheus: Automatically Generating Heuristics to Detect Android Emulators},
     author = {Jing, Yiming and Zhao, Ziming and Ahn, Gail-Joon and Hu, Hongxin},
     booktitle = {Annual Computer Security Applications Conference},
     year = {2014},
   }

2. HotSDN

   FlowGuard: Building Robust Firewalls for Software-Defined Networks

   Hongxin Hu, Wonkyu Han, Gail-Joon Ahn, and Ziming Zhao

   ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, Oct 2014

   Bib PDF

   @inproceedings{hu2014flowguard,
     title = {FlowGuard: Building Robust Firewalls for Software-Defined Networks},
     author = {Hu, Hongxin and Han, Wonkyu and Ahn, Gail-Joon and Zhao, Ziming},
     booktitle = {ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking},
     year = {2014},
   }

3. SACMAT

   Game Theoretic Analysis of Multiparty Access Control in Online Social Networks

   Hongxin Hu, Gail-Joon Ahn, Ziming Zhao, and Dejun Yang

   ACM Symposium on Access Control Models and Technologies, Oct 2014

   Bib PDF

   @inproceedings{hu2014game,
     title = {Game Theoretic Analysis of Multiparty Access Control in Online Social Networks},
     author = {Hu, Hongxin and Ahn, Gail-Joon and Zhao, Ziming and Yang, Dejun},
     booktitle = {ACM Symposium on Access Control Models and Technologies},
     year = {2014},
     organization = {ACM},
   }

4. ONS

   Towards a Reliable SDN Firewall

   Hongxin Hu, Gail-Joon Ahn, Wonkyu Han, and Ziming Zhao

   Open Networking Summit Research Track, Oct 2014

   Bib PDF

   @inproceedings{hu2014towards,
     title = {Towards a Reliable SDN Firewall},
     author = {Hu, Hongxin and Ahn, Gail-Joon and Han, Wonkyu and Zhao, Ziming},
     booktitle = {Open Networking Summit Research Track},
     year = {2014},
     organization = {USENIX},
   }

5. CODASPYBest Paper Award

   RiskMon: Continuous and Automated Risk Assessment for Mobile Applications

   Yiming Jing, Gail-Joon Ahn, Ziming Zhao, and Hongxin Hu

   ACM Conference on Data and Application Security and Privacy, Oct 2014

   Bib PDF

   @inproceedings{jing2014riskmon,
     title = {RiskMon: Continuous and Automated Risk Assessment for Mobile Applications},
     author = {Jing, Yiming and Ahn, Gail-Joon and Zhao, Ziming and Hu, Hongxin},
     booktitle = {ACM Conference on Data and Application Security and Privacy},
     year = {2014},
     organization = {ACM},
     best = {Best Paper Award}
   }

2013

1. CNS

   Using Instruction Sequence Abstraction for Shellcode Detection and Attribution

   Ziming Zhao, and Gail-Joon Ahn

   IEEE Conference on Communications and Network Security, Oct 2013

   Bib PDF

   @inproceedings{zhao2013using,
     author = {Zhao, Ziming and Ahn, Gail-Joon},
     booktitle = {IEEE Conference on Communications and Network Security},
     year = {2013},
   }

2. USENIX

   On the Security of Picture Gesture Authentication

   Ziming Zhao, Gail-Joon Ahn, Jeong-Jin Seo, and Hongxin Hu

   USENIX Security Symposium, Oct 2013

   Bib PDF

   @inproceedings{zhao2013security,
     title = {On the Security of Picture Gesture Authentication},
     author = {Zhao, Ziming and Ahn, Gail-Joon and Seo, Jeong-Jin and Hu, Hongxin},
     booktitle = {USENIX Security Symposium},
     year = {2013},
     organization = {USENIX},
   }

3. Book Chapter

   Examining Social Dynamics and Malware Secrets to Mitigate Net-centric Attacks

   Ziming Zhao, Gail-Joon Ahn, and Hongxin Hu

   Hackers and Hacking: A Reference Handbook, Oct 2013

   Bib

   @inproceedings{zhao2013examining,
     title = {Examining Social Dynamics and Malware Secrets to Mitigate Net-centric Attacks},
     author = {Zhao, Ziming and Ahn, Gail-Joon and Hu, Hongxin},
     booktitle = {Hackers and Hacking: A Reference Handbook},
     year = {2013},
   }

2012

1. ESORICS

   SocialImpact: Systematic Analysis of Underground Social Dynamics

   Ziming Zhao, Gail-Joon Ahn, Hongxin Hu, and Deepinder Mahi

   European Conference on Research in Computer Security, Oct 2012

   Bib PDF

   @inproceedings{zhao2012socialimpact,
     title = {SocialImpact: Systematic Analysis of Underground Social Dynamics},
     author = {Zhao, Ziming and Ahn, Gail-Joon and Hu, Hongxin and Mahi, Deepinder},
     booktitle = {European Conference on Research in Computer Security},
     pages = {877--895},
     year = {2012},
   }

2. TDSC

   Risk-Aware Mitigation for MANET Routing Attacks

   Ziming Zhao, Hongxin Hu, Gail-Joon Ahn, and Ruoyu Wu

   IEEE Transactions on Dependable and Secure Computing, Oct 2012

   Bib PDF

   @article{zhao2012risk,
     title = {Risk-Aware Mitigation for MANET Routing Attacks},
     author = {Zhao, Ziming and Hu, Hongxin and Ahn, Gail-Joon and Wu, Ruoyu},
     journal = {IEEE Transactions on Dependable and Secure Computing},
     volume = {9},
     number = {2},
     pages = {250--260},
     year = {2012},
     publisher = {IEEE},
   }

2011

1. GLOBECOM

   Examining Social Dynamics for Countering Botnet Attacks

   Ziming Zhao, Gail-Joon Ahn, and Hongxin Hu

   IEEE Global Telecommunications Conference, Oct 2011

   Bib PDF

   @inproceedings{zhao2011examining,
     title = {Examining Social Dynamics for Countering Botnet Attacks},
     author = {Zhao, Ziming and Ahn, Gail-Joon and Hu, Hongxin},
     booktitle = {IEEE Global Telecommunications Conference},
     pages = {1--6},
     year = {2011},
     organization = {IEEE},
   }

2. WCRE

   Automatic Extraction of Secrets from Malware

   Ziming Zhao, Gail-Joon Ahn, and Hongxin Hu

   Working Conference on Reverse Engineering, Oct 2011

   Bib PDF

   @inproceedings{zhao2011automatic,
     title = {Automatic Extraction of Secrets from Malware},
     author = {Zhao, Ziming and Ahn, Gail-Joon and Hu, Hongxin},
     booktitle = {Working Conference on Reverse Engineering},
     pages = {159--168},
     year = {2011},
     organization = {IEEE},
   }

2010

1. GLOBECOM

   Risk-Aware Response for Mitigating MANET Routing Attacks

   Ziming Zhao, Hongxin Hu, Gail-Joon Ahn, and Ruoyu Wu

   IEEE Global Telecommunications Conference, Oct 2010

   Bib PDF

   @inproceedings{zhao2010risk,
     title = {Risk-Aware Response for Mitigating MANET Routing Attacks},
     author = {Zhao, Ziming and Hu, Hongxin and Ahn, Gail-Joon and Wu, Ruoyu},
     booktitle = {IEEE Global Telecommunications Conference},
     pages = {1--6},
     year = {2010},
     organization = {IEEE},
   }