2025
Adversarial Observations in Weather Forecasting.
CoRR, April, 2025
2024
Pitfalls in Machine Learning for Computer Security.
Commun. ACM, November, 2024
I still know it's you! On Challenges in Anonymizing Source Code.
Proc. Priv. Enhancing Technol., 2024
Manipulating Feature Visualizations with Gradient Slingshots.
CoRR, 2024
Dancer in the Dark: Synthesizing and Evaluating Polyglots for Blind Cross-Site Scripting.
Proceedings of the 33rd USENIX Security Symposium, 2024
Listening Between the Bits: Privacy Leaks in Audio Fingerprints.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2024
SoK: Where to Fuzz? Assessing Target Selection Methods in Directed Fuzzing.
Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, 2024
Cross-Language Differential Testing of JSON Parsers.
Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, 2024
On the Role of Pre-trained Embeddings in Binary Code Analysis.
Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, 2024
Evil from Within: Machine Learning Backdoors Through Dormant Hardware Trojans.
Proceedings of the Annual Computer Security Applications Conference, 2024
2023
Lessons Learned on Machine Learning for Computer Security.
IEEE Secur. Priv., 2023
Evil from Within: Machine Learning Backdoors through Hardware Trojans.
CoRR, 2023
No more Reviewer #2: Subverting Automatic Paper-Reviewer Assignment using Adversarial Learning.
Proceedings of the 32nd USENIX Security Symposium, 2023
Machine Unlearning of Features and Labels.
Proceedings of the 30th Annual Network and Distributed System Security Symposium, 2023
Lazy Gatekeepers: A Large-Scale Study on SPF Configuration in the Wild.
Proceedings of the 2023 ACM on Internet Measurement Conference, 2023
Hunting for Truth: Analyzing Explanation Methods in Learning-based Vulnerability Discovery.
Proceedings of the 8th IEEE European Symposium on Security and Privacy, 2023
Learning Type Inference for Enhanced Dataflow Analysis.
Proceedings of the Computer Security - ESORICS 2023, 2023
CodeGraphSMOTE - Data Augmentation for Vulnerability Discovery.
Proceedings of the Data and Applications Security and Privacy XXXVII, 2023
Detecting Backdoors in Collaboration Graphs of Software Repositories.
Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy, 2023
Broken Promises: Measuring Confounding Effects in Learning-based Vulnerability Discovery.
Proceedings of the 16th ACM Workshop on Artificial Intelligence and Security, 2023
When Papers Choose Their Reviewers: Adversarial Machine Learning in Peer Review.
Proceedings of the 2023 Workshop on Recent Advances in Resilient and Trustworthy ML Systems in Autonomous Networks, 2023
On the Detection of Image-Scaling Attacks in Machine Learning.
Proceedings of the Annual Computer Security Applications Conference, 2023
PAVUDI: Patch-based Vulnerability Discovery using Machine Learning.
Proceedings of the Annual Computer Security Applications Conference, 2023
2022
Security of Machine Learning (Dagstuhl Seminar 22281).
Dagstuhl Reports, July, 2022
Dos and Don'ts of Machine Learning in Computer Security.
Proceedings of the 31st USENIX Security Symposium, 2022
Misleading Deep-Fake Detection with GAN Fingerprints.
Proceedings of the 43rd IEEE Security and Privacy, 2022
Quantifying the Risk of Wormhole Attacks on Bluetooth Contact Tracing.
Proceedings of the CODASPY '22: Twelveth ACM Conference on Data and Application Security and Privacy, Baltimore, MD, USA, April 24, 2022
2021
LogPicker: Strengthening Certificate Transparency Against Covert Adversaries.
Proc. Priv. Enhancing Technol., 2021
Towards Intelligent Context-Aware 6G Security.
,
,
,
,
,
,
,
,
,
,
CoRR, 2021
TagVet: Vetting Malware Tags using Explainable Machine Learning.
Proceedings of the EuroSec '21: Proceedings of the 14th European Workshop on Systems Security, 2021
Spying through Virtual Backgrounds of Video Calls.
Proceedings of the AISec@CCS 2021: Proceedings of the 14th ACM Workshop on Artificial Intelligence and Security, 2021
Explaining Graph Neural Networks for Vulnerability Discovery.
Proceedings of the AISec@CCS 2021: Proceedings of the 14th ACM Workshop on Artificial Intelligence and Security, 2021
LaserShark: Establishing Fast, Bidirectional Communication into Air-Gapped Systems.
Proceedings of the ACSAC '21: Annual Computer Security Applications Conference, Virtual Event, USA, December 6, 2021
2020
Against All Odds: Winning the Defense Challenge in an Evasion Competition with Diversification.
CoRR, 2020
Adversarial Preprocessing: Understanding and Preventing Image-Scaling Attacks in Machine Learning.
Proceedings of the 29th USENIX Security Symposium, 2020
Backdooring and Poisoning Neural Networks with Image-Scaling Attacks.
Proceedings of the 2020 IEEE Security and Privacy Workshops, 2020
Explanation-Driven Characterization of Android Ransomware.
Proceedings of the Pattern Recognition. ICPR International Workshops and Challenges, 2020
Evaluating Explanation Methods for Deep Learning in Security.
Proceedings of the IEEE European Symposium on Security and Privacy, 2020
What's all that noise: analysis and detection of propaganda on Twitter.
Proceedings of the 13th European Workshop on Systems Security, 2020
2019
Yes, Machine Learning Can Be More Secure! A Case Study on Android Malware Detection.
IEEE Trans. Dependable Secur. Comput., 2019
Political Elections Under (Social) Fire? Analysis and Detection of Propaganda on Twitter.
CoRR, 2019
Don't Paint It Black: White-Box Explanations for Deep Learning in Computer Security.
CoRR, 2019
Misleading Authorship Attribution of Source Code using Adversarial Learning.
Proceedings of the 28th USENIX Security Symposium, 2019
False Sense of Security: A Study on the Effectivity of Jailbreak Detection in Banking Apps.
Proceedings of the IEEE European Symposium on Security and Privacy, 2019
On the Security and Applicability of Fragile Camera Fingerprints.
Proceedings of the Computer Security - ESORICS 2019, 2019
New Kid on the Web: A Study on the Prevalence of WebAssembly in the Wild.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2019
TypeMiner: Recovering Types in Binary Programs Using Machine Learning.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2019
Thieves in the Browser: Web-based Cryptojacking in the Wild.
Proceedings of the 14th International Conference on Availability, Reliability and Security, 2019
2018
Web-based Cryptojacking in the Wild.
CoRR, 2018
Privacy-Enhanced Fraud Detection with Bloom Filters.
Proceedings of the Security and Privacy in Communication Networks, 2018
Reading Between the Lines: Content-Agnostic Detection of Spear-Phishing Emails.
Proceedings of the Research in Attacks, Intrusions, and Defenses, 2018
When Coding Style Survives Compilation: De-anonymizing Programmers from Executable Binaries.
Proceedings of the 25th Annual Network and Distributed System Security Symposium, 2018
Adversarial Machine Learning Against Digital Watermarking.
Proceedings of the 26th European Signal Processing Conference, 2018
Forgotten Siblings: Unifying Attacks on Machine Learning and Digital Watermarking.
Proceedings of the 2018 IEEE European Symposium on Security and Privacy, 2018
ZOE: Content-Based Anomaly Detection for Industrial Control Systems.
Proceedings of the 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, 2018
Family Reunion: Adversarial Machine Learning meets Digital Watermarking.
Proceedings of the 2nd International Workshop on Multimedia Privacy and Security, 2018
2017
64-Bit Migration Vulnerabilities.
it Inf. Technol., 2017
Fraternal Twins: Unifying Attacks on Machine Learning and Digital Watermarking.
CoRR, 2017
Leveraging Flawed Tutorials for Seeding Large-Scale Web Vulnerability Discovery.
Proceedings of the 11th USENIX Workshop on Offensive Technologies, 2017
Static Exploration of Taint-Style Vulnerabilities Found by Fuzzing.
Proceedings of the 11th USENIX Workshop on Offensive Technologies, 2017
Static Program Analysis as a Fuzzing Aid.
Proceedings of the Research in Attacks, Intrusions, and Defenses, 2017
Privacy Threats through Ultrasonic Side Channels on Mobile Devices.
Proceedings of the 2017 IEEE European Symposium on Security and Privacy, 2017
Efficient and Flexible Discovery of PHP Application Vulnerabilities.
Proceedings of the 2017 IEEE European Symposium on Security and Privacy, 2017
Looking Back on Three Years of Flash-based Malware.
Proceedings of the 10th European Workshop on Systems Security, 2017
TrustJS: Trusted Client-side Execution of JavaScript.
Proceedings of the 10th European Workshop on Systems Security, 2017
Mining Attributed Graphs for Threat Intelligence.
Proceedings of the Seventh ACM Conference on Data and Application Security and Privacy, 2017
Automatically Inferring Malware Signatures for Anti-Virus Assisted Attacks.
Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, 2017
2016
Fingerprinting Mobile Devices Using Personalized Configurations.
Proc. Priv. Enhancing Technol., 2016
Harry: A Tool for Measuring String Similarity.
J. Mach. Learn. Res., 2016
Die Codeanalyseplattform "Octopus".
Datenschutz und Datensicherheit, 2016
From Malware Signatures to Anti-Virus Assisted Attacks.
CoRR, 2016
Monte Carlo Localization for path-based mobility in mobile wireless sensor networks.
Proceedings of the IEEE Wireless Communications and Networking Conference, 2016
Comprehensive Analysis and Detection of Flash-Based Malware.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2016
Towards Vulnerability Discovery Using Staged Program Analysis.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2016
Twice the Bits, Twice the Trouble: Vulnerabilities Induced by Migrating to 64-Bit Platforms.
Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016
2015
Automatic Inference of Search Patterns for Taint-Style Vulnerabilities.
Proceedings of the 2015 IEEE Symposium on Security and Privacy, 2015
Pulsar: Stateful Black-Box Fuzzing of Proprietary Network Protocols.
Proceedings of the Security and Privacy in Communication Networks, 2015
VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits.
Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015
Torben: A Practical Side-Channel Attack for Deanonymizing Tor Communication.
Proceedings of the 10th ACM Symposium on Information, 2015
2014
Special issue on threat detection, analysis and defense.
J. Inf. Secur. Appl., 2014
Modeling and Discovering Vulnerabilities with Code Property Graphs.
Proceedings of the 2014 IEEE Symposium on Security and Privacy, 2014
Continuous Authentication on Mobile Devices by Analysis of Typing Motion Behavior.
Proceedings of the Sicherheit 2014: Sicherheit, 2014
DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket.
Proceedings of the 21st Annual Network and Distributed System Security Symposium, 2014
Poisoning behavioral malware clustering.
Proceedings of the 2014 Workshop on Artificial Intelligent and Security Workshop, 2014
2013
Toward Supervised Anomaly Detection.
J. Artif. Intell. Res., 2013
Deobfuscating Embedded Malware Using Probable-Plaintext Attacks.
Proceedings of the Research in Attacks, Intrusions, and Defenses, 2013
Chucky: exposing missing checks in source code for vulnerability discovery.
Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, 2013
A close look on <i>n</i>-grams in intrusion detection: anomaly detection vs. classification.
Proceedings of the AISec'13, 2013
Off the beaten path: machine learning for offensive security.
Proceedings of the AISec'13, 2013
Structural detection of android malware using embedded call graphs.
Proceedings of the AISec'13, 2013
2012
Intelligent Defense against Malicious JavaScript Code.
Prax. Inf.verarb. Kommun., 2012
Sally: a tool for embedding strings in vector spaces.
J. Mach. Learn. Res., 2012
Autonomous learning for detection of JavaScript attacks: vision or reality?
Proceedings of the 5th ACM Workshop on Security and Artificial Intelligence, 2012
Early detection of malicious behavior in JavaScript code.
Proceedings of the 5th ACM Workshop on Security and Artificial Intelligence, 2012
Learning stateful models for network honeypots.
Proceedings of the 5th ACM Workshop on Security and Artificial Intelligence, 2012
Generalized vulnerability extrapolation using abstract syntax trees.
Proceedings of the 28th Annual Computer Security Applications Conference, 2012
2011
Similarity measures for sequential data.
WIREs Data Mining Knowl. Discov., 2011
Automatic analysis of malware behavior using machine learning.
J. Comput. Secur., 2011
Self-Learning Network Intrusion Detection.
it Inf. Technol., 2011
Vulnerability Extrapolation: Assisted Discovery of Vulnerabilities Using Machine Learning.
Proceedings of the 5th USENIX Workshop on Offensive Technologies, 2011
Adaptive Detection of Covert Communication in HTTP Requests.
Proceedings of the Seventh European Conference on Computer Network Defense, 2011
Computer Security and Machine Learning: Worst Enemies or Best Friends?
Proceedings of the First SysSec Workshop 2011, 2011
Smart metering de-pseudonymization.
Proceedings of the Twenty-Seventh Annual Computer Security Applications Conference, 2011
2010
Approximate Tree Kernels.
J. Mach. Learn. Res., 2010
A Malware Instruction Set for Behavior-Based Analysis.
Proceedings of the Sicherheit 2010: Sicherheit, 2010
Botzilla: detecting the "phoning home" of malicious software.
Proceedings of the 2010 ACM Symposium on Applied Computing (SAC), 2010
TokDoc: a self-healing web application firewall.
Proceedings of the 2010 ACM Symposium on Applied Computing (SAC), 2010
ASAP: Automatic Semantics-Aware Analysis of Network Payloads.
Proceedings of the Privacy and Security Issues in Data Mining and Machine Learning, 2010
Cujo: efficient detection and prevention of drive-by-download attacks.
Proceedings of the Twenty-Sixth Annual Computer Security Applications Conference, 2010
2009
Machine learning for application layer intrusion detection.
PhD thesis, 2009
Securing IMS against novel threats.
Bell Labs Tech. J., 2009
Active learning for network intrusion detection.
Proceedings of the 2nd ACM Workshop on Security and Artificial Intelligence, 2009
2008
Linear-Time Computation of Similarity Measures for Sequential Data.
J. Mach. Learn. Res., 2008
Measuring and Detecting Fast-Flux Service Networks.
Proceedings of the Network and Distributed System Security Symposium, 2008
A Self-learning System for Detection of Anomalous SIP Messages.
Proceedings of the Principles, 2008
Incorporation of Application Layer Protocol Syntax into Anomaly Detection.
Proceedings of the Information Systems Security, 4th International Conference, 2008
Learning and Classification of Malware Behavior.
Proceedings of the Detection of Intrusions and Malware, 2008
8102 Working Group -- Attack Taxonomy.
Proceedings of the Perspectives Workshop: Network Attack Detection and Defense, 2.3., 2008
08102 Working Group -- Requirements for Network Monitoring from an IDS Perspective.
Proceedings of the Perspectives Workshop: Network Attack Detection and Defense, 2.3., 2008
2007
Language models for detection of unknown attacks in network traffic.
J. Comput. Virol., 2007
Machine Learning for Intrusion Detection.
Proceedings of the Mining Massive Data Sets for Security, 2007
2006
Computation of Similarity Measures for Sequential Data using Generalized Suffix Trees.
Proceedings of the Advances in Neural Information Processing Systems 19, 2006
Detecting Unknown Network Attacks Using Language Models.
Proceedings of the Detection of Intrusions and Malware & Vulnerability Assessment, 2006
Efficient Algorithms for Similarity Measures over Sequential Data: A Look Beyond Kernels.
Proceedings of the Pattern Recognition, 2006
2005
Visualization of anomaly detection using prediction sensitivity.
Proceedings of the Sicherheit 2005: Sicherheit, 2005
Learning Intrusion Detection: Supervised or Unsupervised?.
Proceedings of the Image Analysis and Processing, 2005