Giovanni Vigna

Orcid: 0000-0002-3422-5369

Affiliations:
  • University of California, Santa Barbara, USA


According to our database1, Giovanni Vigna authored at least 269 papers between 1994 and 2024.

Collaborative distances:

Awards

ACM Fellow

ACM Fellow 2019, "For contributions to improving the security of the Internet and combating cybercrime".

Timeline

Legend:

Book 
In proceedings 
Article 
PhD thesis 
Dataset
Other 

Links

Online presence:

On csauthors.net:

Bibliography

2024
Remote Keylogging Attacks in Multi-user VR Applications.
Proceedings of the 33rd USENIX Security Symposium, 2024

GuideEnricher: Protecting the Anonymity of Ethereum Mixing Service Users with Deep Reinforcement Learning.
Proceedings of the 33rd USENIX Security Symposium, 2024

ChainReactor: Automated Privilege Escalation Chain Discovery via AI Planning.
Proceedings of the 33rd USENIX Security Symposium, 2024

Operation Mango: Scalable Discovery of Taint-Style Vulnerabilities in Binary Firmware Services.
Proceedings of the 33rd USENIX Security Symposium, 2024

TrojanPuzzle: Covertly Poisoning Code-Suggestion Models.
Proceedings of the IEEE Symposium on Security and Privacy, 2024

Not your Type! Detecting Storage Collision Vulnerabilities in Ethereum Smart Contracts.
Proceedings of the 31st Annual Network and Distributed System Security Symposium, 2024

Unveiling the Risks of NFT Promotion Scams.
Proceedings of the Eighteenth International AAAI Conference on Web and Social Media, 2024

2023
Street Rep: A Privacy-Preserving Reputation Aggregation System.
IACR Cryptol. ePrint Arch., 2023

Keeping Up with the Emotets: Tracking a Multi-infrastructure Botnet.
DTRAP, 2023

Exploiting Unfair Advantages: Investigating Opportunistic Trading in the NFT Market.
CoRR, 2023

Demystifying NFT Promotion and Phishing Scams.
CoRR, 2023

A Large Scale Study of the Ethereum Arbitrage Ecosystem.
Proceedings of the 32nd USENIX Security Symposium, 2023

Confusum Contractum: Confused Deputy Vulnerabilities in Ethereum Smart Contracts.
Proceedings of the 32nd USENIX Security Symposium, 2023

ACTOR: Action-Guided Kernel Fuzzing.
Proceedings of the 32nd USENIX Security Symposium, 2023

Toss a Fault to Your Witcher: Applying Grey-box Coverage-Guided Mutational Fuzzing to Detect SQL and Command Injection Vulnerabilities.
Proceedings of the 44th IEEE Symposium on Security and Privacy, 2023

TEEzz: Fuzzing Trusted Applications on COTS Android Devices.
Proceedings of the 44th IEEE Symposium on Security and Privacy, 2023

Venomave: Targeted Poisoning Against Speech Recognition.
Proceedings of the 2023 IEEE Conference on Secure and Trustworthy Machine Learning, 2023

Container Orchestration Honeypot: Observing Attacks in the Wild.
Proceedings of the 26th International Symposium on Research in Attacks, 2023

Shimware: Toward Practical Security Retrofitting for Monolithic Firmware Images.
Proceedings of the 26th International Symposium on Research in Attacks, 2023

Columbus: Android App Testing Through Systematic Callback Exploration.
Proceedings of the 45th IEEE/ACM International Conference on Software Engineering, 2023

Certifiably Vulnerable: Using Certificate Transparency Logs for Target Reconnaissance.
Proceedings of the 8th IEEE European Symposium on Security and Privacy, 2023

2022
Understanding Security Issues in the NFT Ecosystem.
Dataset, December, 2022

Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing.
Proceedings of the 31st USENIX Security Symposium, 2022

Regulator: Dynamic Analysis to Detect ReDoS.
Proceedings of the 31st USENIX Security Symposium, 2022

Decomperson: How Humans Decompile and What We Can Learn From It.
Proceedings of the 31st USENIX Security Symposium, 2022

SYMBEXCEL: Automated Analysis and Understanding of Malicious Excel 4.0 Macros.
Proceedings of the 43rd IEEE Symposium on Security and Privacy, 2022

HEAPSTER: Analyzing the Security of Dynamic Allocators for Monolithic Firmware Images.
Proceedings of the 43rd IEEE Symposium on Security and Privacy, 2022

DEEPCASE: Semi-Supervised Contextual Analysis of Security Events.
Proceedings of the 43rd IEEE Symposium on Security and Privacy, 2022

SAILFISH: Vetting Smart Contract State-Inconsistency Bugs in Seconds.
Proceedings of the 43rd IEEE Symposium on Security and Privacy, 2022

Hybrid Pruning: Towards Precise Pointer and Taint Analysis.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2022

Understanding Security Issues in the NFT Ecosystem.
Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, 2022

POPKORN: Popping Windows Kernel Drivers At Scale.
Proceedings of the Annual Computer Security Applications Conference, 2022

2021
One Size Does Not Fit All: A Longitudinal Analysis of Brazilian Financial Malware.
ACM Trans. Priv. Secur., 2021

Toward a secure crowdsourced location tracking system.
Proceedings of the WiSec '21: 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Abu Dhabi, United Arab Emirates, 28 June, 2021

Token-Level Fuzzing.
Proceedings of the 30th USENIX Security Symposium, 2021

Diane: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices.
Proceedings of the 42nd IEEE Symposium on Security and Privacy, 2021

SyML: Guiding Symbolic Execution Toward Vulnerable States Through Pattern Learning.
Proceedings of the RAID '21: 24th International Symposium on Research in Attacks, 2021

Bullseye Polytope: A Scalable Clean-Label Poisoning Attack with Improved Transferability.
Proceedings of the IEEE European Symposium on Security and Privacy, 2021

Glitching Demystified: Analyzing Control-flow-based Glitching Attacks and Defenses.
Proceedings of the 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks, 2021

Tarnhelm: Isolated, Transparent & Confidential Execution of Arbitrary Code in ARM's TrustZone.
Proceedings of the Checkmate@CCS 2021, 2021

Conware: Automated Modeling of Hardware Peripherals.
Proceedings of the ASIA CCS '21: ACM Asia Conference on Computer and Communications Security, 2021

Bran: Reduce Vulnerability Search Space in Large Open Source Repositories by Learning Bug Symptoms.
Proceedings of the ASIA CCS '21: ACM Asia Conference on Computer and Communications Security, 2021

2020
VENOMAVE: Clean-Label Poisoning Against Speech Recognition.
CoRR, 2020

Dirty Clicks: A Study of the Usability and Security Implications of Click-related Behaviors on the Web.
Proceedings of the WWW '20: The Web Conference 2020, Taipei, Taiwan, April 20-24, 2020, 2020

HALucinator: Firmware Re-hosting Through Abstraction Layer Emulation.
Proceedings of the 29th USENIX Security Symposium, 2020

Karonte: Detecting Insecure Multi-binary Interactions in Embedded Firmware.
Proceedings of the 2020 IEEE Symposium on Security and Privacy, 2020

SPIDER: Enabling Fast Patch Propagation In Related Software Repositories.
Proceedings of the 2020 IEEE Symposium on Security and Privacy, 2020

Tracing and Analyzing Web Access Paths Based on User-Side Data Collection: How Do Users Reach Malicious URLs?
Proceedings of the 23rd International Symposium on Research in Attacks, 2020

When Malware is Packin' Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features.
Proceedings of the 27th Annual Network and Distributed System Security Symposium, 2020

On the Security of Application Installers and Online Software Repositories.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2020

TRUST.IO: Protecting Physical Interfaces on Cyber-physical Systems.
Proceedings of the 8th IEEE Conference on Communications and Network Security, 2020

Exploring Abstraction Functions in Fuzzing.
Proceedings of the 8th IEEE Conference on Communications and Network Security, 2020

SYMBION: Interleaving Symbolic with Concrete Execution.
Proceedings of the 8th IEEE Conference on Communications and Network Security, 2020

2019
Lightning Talk - Think Outside the Dataset: Finding Fraudulent Reviews using Cross-Dataset Analysis.
Proceedings of the Companion of The 2019 World Wide Web Conference, 2019

Think Outside the Dataset: Finding Fraudulent Reviews using Cross-Dataset Analysis.
Proceedings of the World Wide Web Conference, 2019

Toward the Analysis of Embedded Firmware through Automated Re-hosting.
Proceedings of the 22nd International Symposium on Research in Attacks, 2019

PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary.
Proceedings of the 26th Annual Network and Distributed System Security Symposium, 2019

BinTrimmer: Towards Static Binary Debloating Through Abstract Interpretation.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2019

BootKeeper: Validating Software Integrity Properties on Boot Firmware Images.
Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy, 2019

Neurlux: dynamic malware analysis without feature engineering.
Proceedings of the 35th Annual Computer Security Applications Conference, 2019

Sleak: automating address space layout derandomization.
Proceedings of the 35th Annual Computer Security Applications Conference, 2019

2018
Mechanical Phish: Resilient Autonomous Hacking.
IEEE Secur. Priv., 2018

HeapHopper: Bringing Bounded Model Checking to Heap Implementation Security.
Proceedings of the 27th USENIX Security Symposium, 2018

Rampart: Protecting Web Applications from CPU-Exhaustion Denial-of-Service Attacks.
Proceedings of the 27th USENIX Security Symposium, 2018

Enumerating Active IPv6 Hosts for Large-Scale Security Scans via DNSSEC-Signed Reverse Zones.
Proceedings of the 2018 IEEE Symposium on Security and Privacy, 2018

Detecting Deceptive Reviews Using Generative Adversarial Networks.
Proceedings of the 2018 IEEE Security and Privacy Workshops, 2018

Measuring E-mail header injections on the world wide web.
Proceedings of the 33rd Annual ACM Symposium on Applied Computing, 2018

In rDNS We Trust: Revisiting a Common Data-Source's Reliability.
Proceedings of the Passive and Active Measurement - 19th International Conference, 2018

Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates.
Proceedings of the 25th Annual Network and Distributed System Security Symposium, 2018

Broken Fingers: On the Usage of the Fingerprint API in Android.
Proceedings of the 25th Annual Network and Distributed System Security Symposium, 2018

Peer to Peer Hate: Hate Speech Instigators and Their Targets.
Proceedings of the Twelfth International Conference on Web and Social Media, 2018

GuardION: Practical Mitigation of DMA-Based Rowhammer Attacks on ARM.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2018

MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense.
Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018

Using Loops For Malware Classification Resilient to Feature-unaware Perturbations.
Proceedings of the 34th Annual Computer Security Applications Conference, 2018

2017
Towards Detecting Compromised Accounts on Social Networks.
IEEE Trans. Dependable Secur. Comput., 2017

On the Privacy and Security of the Ultrasound Ecosystem.
Proc. Priv. Enhancing Technol., 2017

Demystifying DDoS as a Service.
IEEE Commun. Mag., 2017

Shell We Play A Game? CTF-as-a-service for Security Education.
Proceedings of the 2017 USENIX Workshop on Advances in Security Education, 2017

BootStomp: On the Security of Bootloaders in Mobile Devices.
Proceedings of the 26th USENIX Security Symposium, 2017

DR. CHECKER: A Soundy Analysis for Linux Kernel Drivers.
Proceedings of the 26th USENIX Security Symposium, 2017

Something from Nothing (There): Collecting Global IPv6 Datasets from DNS.
Proceedings of the Passive and Active Measurement - 18th International Conference, 2017

Ramblr: Making Reassembly Great Again.
Proceedings of the 24th Annual Network and Distributed System Security Symposium, 2017

BOOMERANG: Exploiting the Semantic Gap in Trusted Execution Environments.
Proceedings of the 24th Annual Network and Distributed System Security Symposium, 2017

Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis.
Proceedings of the 24th Annual Network and Distributed System Security Symposium, 2017

How Shall We Play a Game?: A Game-theoretical Model for Cyber-warfare Games.
Proceedings of the 30th IEEE Computer Security Foundations Symposium, 2017

Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance.
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017

POISED: Spotting Twitter Spam Off the Beaten Paths.
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017

Gossip: Automatically Identifying Malicious Domains from Mailing List Discussions.
Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, 2017

DIFUZE: Interface Aware Fuzzing for Kernel Drivers.
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017

Piston: Uncooperative Remote Runtime Patching.
Proceedings of the 33rd Annual Computer Security Applications Conference, 2017

Exploitation and Mitigation of Authentication Schemes Based on Device-Public Information.
Proceedings of the 33rd Annual Computer Security Applications Conference, 2017

2016
SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis.
Proceedings of the IEEE Symposium on Security and Privacy, 2016

TriggerScope: Towards Detecting Logic Bombs in Android Applications.
Proceedings of the IEEE Symposium on Security and Privacy, 2016

Taming Transactions: Towards Hardware-Assisted Control Flow Integrity Using Transactional Memory.
Proceedings of the Research in Attacks, Intrusions, and Defenses, 2016

Driller: Augmenting Fuzzing Through Selective Symbolic Execution.
Proceedings of the 23rd Annual Network and Distributed System Security Symposium, 2016

Going Native: Using a Large-Scale Analysis of Android Apps to Create a Practical Native-Code Sandboxing Policy.
Proceedings of the 23rd Annual Network and Distributed System Security Symposium, 2016

Binary Analysis for Autonomous Hacking: Invited Abstract.
Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, 2016

Drammer: Deterministic Rowhammer Attacks on Mobile Platforms.
Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016

2015
Portrait of a Privacy Invasion.
Proc. Priv. Enhancing Technol., 2015

Evaluating Cybersecurity Education Interventions: Three Case Studies.
IEEE Secur. Priv., 2015

Framing Dependencies Introduced by Underground Commoditization.
Proceedings of the 14th Annual Workshop on the Economics of Information Security, 2015

ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities.
Proceedings of the 24th USENIX Security Symposium, 2015

EVILCOHORT: Detecting Communities of Malicious Accounts on Online Services.
Proceedings of the 24th USENIX Security Symposium, 2015

How the ELF Ruined Christmas.
Proceedings of the 24th USENIX Security Symposium, 2015

Meerkat: Detecting Website Defacements through Image-based Object Recognition.
Proceedings of the 24th USENIX Security Symposium, 2015

What the App is That? Deception and Countermeasures in the Android User Interface.
Proceedings of the 2015 IEEE Symposium on Security and Privacy, 2015

CLAPP: characterizing loops in Android applications (invited talk).
Proceedings of the 3rd International Workshop on Software Development Lifecycle for Mobile, 2015

CLAPP: characterizing loops in Android applications.
Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering, 2015

Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware.
Proceedings of the 22nd Annual Network and Distributed System Security Symposium, 2015

EdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework.
Proceedings of the 22nd Annual Network and Distributed System Security Symposium, 2015

Prison: Tracking Process Interactions to Contain Malware.
Proceedings of the 17th IEEE International Conference on High Performance Computing and Communications, 2015

On the Security and Engineering Implications of Finer-Grained Access Controls for Android Developers and Users.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2015

MalGene: Automatic Extraction of Malware Analysis Evasion Signature.
Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015

Drops for Stuff: An Analysis of Reshipping Mule Scams.
Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015

NJAS: Sandboxing Unmodified Applications in non-rooted Devices Running stock Android.
Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, 2015

Know Your Achilles' Heel: Automatic Detection of Network Critical Services.
Proceedings of the 31st Annual Computer Security Applications Conference, 2015

BareDroid: Large-Scale Analysis of Android Apps on Real Devices.
Proceedings of the 31st Annual Computer Security Applications Conference, 2015

Grab 'n Run: Secure and Practical Dynamic Code Loading for Android Applications.
Proceedings of the 31st Annual Computer Security Applications Conference, 2015

2014
On the Workings and Current Practices of Web-Based Device Fingerprinting.
IEEE Secur. Priv., 2014

Stranger danger: exploring the ecosystem of ad-based URL shortening services.
Proceedings of the 23rd International World Wide Web Conference, 2014

Relevant change detection: a framework for the precise extraction of modified and novel web-based content as a filtering technique for analysis engines.
Proceedings of the 23rd International World Wide Web Conference, 2014

Ten Years of iCTF: The Good, The Bad, and The Ugly.
Proceedings of the 2014 USENIX Summit on Gaming, 2014

BareCloud: Bare-metal Analysis-based Evasive Malware Detection.
Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014., 2014

Hulk: Eliciting Malicious Behavior in Browser Extensions.
Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014., 2014

The Tricks of the Trade: What Makes Spam Campaigns Successful?
Proceedings of the 35. IEEE Security and Privacy Workshops, 2014

Extracting probable command and control signatures for detecting botnets.
Proceedings of the Symposium on Applied Computing, 2014

Do you feel lucky?: a large-scale analysis of risk-rewards trade-offs in cyber security.
Proceedings of the Symposium on Applied Computing, 2014

Eyes of a Human, Eyes of a Program: Leveraging Different Views of the Web for Analysis and Detection.
Proceedings of the Research in Attacks, Intrusions and Defenses, 2014

Protecting Web-Based Single Sign-on Protocols against Relying Party Impersonation Attacks through a Dedicated Bi-directional Authenticated Secure Channel.
Proceedings of the Research in Attacks, Intrusions and Defenses, 2014

Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications.
Proceedings of the 21st Annual Network and Distributed System Security Symposium, 2014

Nazca: Detecting Malware Distribution in Large-Scale Networks.
Proceedings of the 21st Annual Network and Distributed System Security Symposium, 2014

Rippler: Delay injection for service dependency detection.
Proceedings of the 2014 IEEE Conference on Computer Communications, 2014

The Dark Alleys of Madison Avenue: Understanding Malicious Advertisements.
Proceedings of the 2014 Internet Measurement Conference, 2014

PExy: The Other Side of Exploit Kits.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2014

The harvester, the botmaster, and the spammer: on the relations between the different actors in the spam landscape.
Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, 2014

2013
Two years of short URLs internet measurement: security threats and countermeasures.
Proceedings of the 22nd International World Wide Web Conference, 2013

Steal This Movie: Automatically Bypassing DRM Protection in Streaming Media Services.
Proceedings of the 22th USENIX Security Symposium, Washington, DC, USA, August 14-16, 2013, 2013

Revolver: An Automated Approach to the Detection of Evasive Web-based Malware.
Proceedings of the 22th USENIX Security Symposium, Washington, DC, USA, August 14-16, 2013, 2013

Cookieless Monster: Exploring the Ecosystem of Web-Based Device Fingerprinting.
Proceedings of the 2013 IEEE Symposium on Security and Privacy, 2013

EARs in the wild: large-scale analysis of execution after redirect vulnerabilities.
Proceedings of the 28th Annual ACM Symposium on Applied Computing, 2013

Practical Attacks against the I2P Network.
Proceedings of the Research in Attacks, Intrusions, and Defenses, 2013

COMPA: Detecting Compromised Accounts on Social Networks.
Proceedings of the 20th Annual Network and Distributed System Security Symposium, 2013

Follow the green: growth and dynamics in twitter follower markets.
Proceedings of the 2013 Internet Measurement Conference, 2013

Formulating Cyber-Security as Convex Optimization Problems.
Proceedings of the Control of Cyber-Physical Systems, 2013

Shady paths: leveraging surfing crowds to detect malicious web pages.
Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, 2013

deDacota: toward preventing server-side XSS via automatic code and data separation.
Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, 2013

Delta: automatic identification of unknown web-based infection campaigns.
Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, 2013

SigMal: a static signal processing based malware triage.
Proceedings of the Annual Computer Security Applications Conference, 2013

Message in a bottle: sailing past censorship.
Proceedings of the Annual Computer Security Applications Conference, 2013

2012
Poultry markets: on the underground economy of twitter followers.
Comput. Commun. Rev., 2012

B@bel: Leveraging Email Delivery for Spam Mitigation.
Proceedings of the 21th USENIX Security Symposium, Bellevue, WA, USA, August 8-10, 2012, 2012

PUBCRAWL: Protecting Users and Businesses from CRAWLers.
Proceedings of the 21th USENIX Security Symposium, Bellevue, WA, USA, August 8-10, 2012, 2012

Enemy of the State: A State-Aware Black-Box Web Vulnerability Scanner.
Proceedings of the 21th USENIX Security Symposium, Bellevue, WA, USA, August 8-10, 2012, 2012

EvilSeed: A Guided Approach to Finding Malicious Web Pages.
Proceedings of the IEEE Symposium on Security and Privacy, 2012

Malware Riding Badware: Challenges in Analyzing (Malicious/Benign) Web Applications.
Proceedings of the Runtime Verification, Third International Conference, 2012

FlashDetect: ActionScript 3 Malware Detection.
Proceedings of the Research in Attacks, Intrusions, and Defenses, 2012

A Static, Packer-Agnostic Filter to Detect Similar Malware Samples.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2012

Tracking Memory Writes for Malware Classification and Code Reuse Identification.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2012

BotFinder: finding bots in network traffic without deep packet inspection.
Proceedings of the Conference on emerging Networking Experiments and Technologies, 2012

You are what you include: large-scale evaluation of remote javascript inclusions.
Proceedings of the ACM Conference on Computer and Communications Security, 2012

Blacksheep: detecting compromised hosts in homogeneous crowds.
Proceedings of the ACM Conference on Computer and Communications Security, 2012

Jarhead analysis and detection of malicious Java applets.
Proceedings of the 28th Annual Computer Security Applications Conference, 2012

2011
The 2010 International Capture the Flag Competition.
IEEE Secur. Priv., 2011

Analysis of a Botnet Takeover.
IEEE Secur. Priv., 2011

Prophiler: a fast filter for the large-scale detection of malicious web pages.
Proceedings of the 20th International Conference on World Wide Web, 2011

The Underground Economy of Fake Antivirus Software.
Proceedings of the Economics of Information Security and Privacy III [papers from the Tenth Workshop on Economics and Information Security, 2011

BOTMAGNIFIER: Locating Spambots on the Internet.
Proceedings of the 20th USENIX Security Symposium, 2011

Getting the Face Behind the Squares: Reconstructing Pixelized Video Streams.
Proceedings of the 5th USENIX Workshop on Offensive Technologies, 2011

Dymo: Tracking Dynamic Code Identity.
Proceedings of the Recent Advances in Intrusion Detection - 14th International Symposium, 2011

Shellzer: A Tool for the Dynamic Analysis of Malicious Shellcode.
Proceedings of the Recent Advances in Intrusion Detection - 14th International Symposium, 2011

PiOS: Detecting Privacy Leaks in iOS Applications.
Proceedings of the Network and Distributed System Security Symposium, 2011

The Underground Economy of Spam: A Botmaster's Perspective of Coordinating Large-Scale Spam Campaigns.
Proceedings of the 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats, 2011

Peering through the iframe.
Proceedings of the INFOCOM 2011. 30th IEEE International Conference on Computer Communications, 2011

Understanding fraudulent activities in online ad exchanges.
Proceedings of the 11th ACM SIGCOMM Internet Measurement Conference, 2011

Challenges for Dynamic Analysis of iOS Applications.
Proceedings of the Open Problems in Network Security - IFIP WG 11.4 International Workshop, 2011

Escape from Monkey Island: Evading High-Interaction Honeyclients.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2011

MISHIMA: Multilateration of Internet Hosts Hidden Using Malicious Fast-Flux Agents (Short Paper).
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2011

Fear the EAR: discovering and mitigating execution after redirect vulnerabilities.
Proceedings of the 18th ACM Conference on Computer and Communications Security, 2011

BareBox: efficient malware analysis on bare-metal.
Proceedings of the Twenty-Seventh Annual Computer Security Applications Conference, 2011

Hit 'em where it hurts: a live security exercise on cyber situational awareness.
Proceedings of the Twenty-Seventh Annual Computer Security Applications Conference, 2011

Nexat: a history-based approach to predict attacker actions.
Proceedings of the Twenty-Seventh Annual Computer Security Applications Conference, 2011

2010
An Experience in Testing the Security of Real-World Electronic Voting Systems.
IEEE Trans. Software Eng., 2010

Detection and analysis of drive-by-download attacks and malicious JavaScript code.
Proceedings of the 19th International Conference on World Wide Web, 2010

Toward Automated Detection of Logic Vulnerabilities in Web Applications.
Proceedings of the 19th USENIX Security Symposium, 2010

Effective Anomaly Detection with Scarce Training Data.
Proceedings of the Network and Distributed System Security Symposium, 2010

Efficient Detection of Split Personalities in Malware.
Proceedings of the Network and Distributed System Security Symposium, 2010

Are BGP Routers Open to Attack? An Experiment.
Proceedings of the Open Research Problems in Network Security, 2010

Why Johnny Can't Pentest: An Analysis of Black-Box Web Vulnerability Scanners.
Proceedings of the Detection of Intrusions and Malware, 2010

Organizing Large Scale Hacking Competitions.
Proceedings of the Detection of Intrusions and Malware, 2010

Network intrusion detection: dead or alive?
Proceedings of the Twenty-Sixth Annual Computer Security Applications Conference, 2010

Detecting spammers on social networks.
Proceedings of the Twenty-Sixth Annual Computer Security Applications Conference, 2010

2009
Reducing errors in the anomaly-based detection of web-based attacks through the combined analysis of web requests and SQL queries.
J. Comput. Secur., 2009

Client-side cross-site scripting protection.
Comput. Secur., 2009

Static Enforcement of Web Application Integrity Through Strong Typing.
Proceedings of the 18th USENIX Security Symposium, 2009

Protecting a Moving Target: Addressing Web Application Concept Drift.
Proceedings of the Recent Advances in Intrusion Detection, 12th International Symposium, 2009

Automated Spyware Collection and Analysis.
Proceedings of the Information Security, 12th International Conference, 2009

Your botnet is my botnet: analysis of a botnet takeover.
Proceedings of the 2009 ACM Conference on Computer and Communications Security, 2009

Analyzing and Detecting Malicious Flash Advertisements.
Proceedings of the Twenty-Fifth Annual Computer Security Applications Conference, 2009

2008
There Is No Free Phish: An Analysis of "Free" and Live Phishing Kits.
Proceedings of the 2nd USENIX Workshop on Offensive Technologies, 2008

ClearShot: Eavesdropping on Keyboard Input from Video.
Proceedings of the 2008 IEEE Symposium on Security and Privacy (SP 2008), 2008

Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications.
Proceedings of the 2008 IEEE Symposium on Security and Privacy (SP 2008), 2008

Are your votes <i>really</i> counted?: testing the security of real-world electronic voting systems.
Proceedings of the ACM/SIGSOFT International Symposium on Software Testing and Analysis, 2008

A Parallel Architecture for Stateful, High-Speed Intrusion Detection.
Proceedings of the Information Systems Security, 4th International Conference, 2008

2007
Static Disassembly and Code Analysis.
Proceedings of the Malware Detection, 2007

Using a virtual security testbed for digital forensic reconstruction.
J. Comput. Virol., 2007

Extending .NET security to unmanaged code.
Int. J. Inf. Sec., 2007

Catch Me, If You Can: Evading Network Signatures with Web-based Polymorphic Worms.
Proceedings of the First USENIX Workshop on Offensive Technologies, 2007

Vulnerability Analysis of Web-based Applications.
Proceedings of the Test and Analysis of Web Services, 2007

Exploiting Execution Context for the Detection of Anomalous System Calls.
Proceedings of the Recent Advances in Intrusion Detection, 10th International Symposium, 2007

Swaddler: An Approach for the Anomaly-Based Detection of State Violations in Web Applications.
Proceedings of the Recent Advances in Intrusion Detection, 10th International Symposium, 2007

Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis.
Proceedings of the Network and Distributed System Security Symposium, 2007

Is Code Still Moving Around? Looking Back at a Decade of Code Mobility.
Proceedings of the 29th International Conference on Software Engineering (ICSE 2007), 2007

Multi-module vulnerability analysis of web-based applications.
Proceedings of the 2007 ACM Conference on Computer and Communications Security, 2007

Improving Signature Testing through Dynamic Data Flow Analysis.
Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC 2007), 2007

Feature Omission Vulnerabilities: Thwarting Signature Generation for Polymorphic Worms.
Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC 2007), 2007

2006
Anomalous system call detection.
ACM Trans. Inf. Syst. Secur., 2006

An anomaly-driven reverse proxy for web applications.
Proceedings of the 2006 ACM Symposium on Applied Computing (SAC), 2006

Noxes: a client-side solution for mitigating cross-site scripting attacks.
Proceedings of the 2006 ACM Symposium on Applied Computing (SAC), 2006

Using Hidden Markov Models to Evaluate the Risks of Intrusions.
Proceedings of the Recent Advances in Intrusion Detection, 9th International Symposium, 2006

Using Generalization and Characterization Techniques in the Anomaly-based Detection of Web Attacks.
Proceedings of the Network and Distributed System Security Symposium, 2006

SNOOZE: Toward a Stateful NetwOrk prOtocol fuzZEr.
Proceedings of the Information Security, 9th International Conference, 2006

Using Labeling to Prevent Cross-Service Attacks Against Smart Phones.
Proceedings of the Detection of Intrusions and Malware & Vulnerability Assessment, 2006

Digital Forensic Reconstruction and the Virtual Security Testbed ViSe.
Proceedings of the Detection of Intrusions and Malware & Vulnerability Assessment, 2006

Vulnerability Analysis of MMS User Agents.
Proceedings of the 22nd Annual Computer Security Applications Conference (ACSAC 2006), 2006

Static Detection of Vulnerabilities in x86 Executables.
Proceedings of the 22nd Annual Computer Security Applications Conference (ACSAC 2006), 2006

2005
Hi-DRA: Intrusion Detection for Internet Security.
Proc. IEEE, 2005

A multi-model approach to the detection of web-based attacks.
Comput. Networks, 2005

Automating Mimicry Attacks Using Static Binary Analysis.
Proceedings of the 14th USENIX Security Symposium, Baltimore, MD, USA, July 31, 2005

Polymorphic Worm Detection Using Structural Information of Executables.
Proceedings of the Recent Advances in Intrusion Detection, 8th International Symposium, 2005

Detecting Malicious JavaScript Code in Mozilla.
Proceedings of the 10th International Conference on Engineering of Complex Computer Systems (ICECCS 2005), 2005

Exploiting OS-Level Mechanisms to Implement Mobile Code Security.
Proceedings of the 10th International Conference on Engineering of Complex Computer Systems (ICECCS 2005), 2005

A Learning-Based Approach to the Detection of SQL Attacks.
Proceedings of the Detection of Intrusions and Malware, 2005

Intrusion Detection and Correlation - Challenges and Solutions
Advances in Information Security 14, Springer, ISBN: 978-0-387-23398-7, 2005

2004
A Comprehensive Approach to Intrusion Detection Alert Correlation.
IEEE Trans. Dependable Secur. Comput., 2004

Using Alert Verification to Identify Successful Intrusion Attempts.
Prax. Inf.verarb. Kommun., 2004

Static Disassembly of Obfuscated Binaries.
Proceedings of the 13th USENIX Security Symposium, August 9-13, 2004, San Diego, CA, USA, 2004

Mobile Agents: Ten Reasons For Failure.
Proceedings of the 5th IEEE International Conference on Mobile Data Management (MDM 2004), 2004

Testing network-based intrusion detection signatures using mutant exploits.
Proceedings of the 11th ACM Conference on Computer and Communications Security, 2004

Detecting Attacks That Exploit Application-Logic Errors Through Application-Level Auditing.
Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC 2004), 2004

An Intrusion Detection Tool for AODV-Based Ad hoc Wireless Networks.
Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC 2004), 2004

Detecting Kernel-Level Rootkits Through Binary Analysis.
Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC 2004), 2004

2003
Detecting Malicious Java Code Using Virtual Machine Auditing.
Proceedings of the 12th USENIX Security Symposium, Washington, D.C., USA, August 4-8, 2003, 2003

Designing and implementing a family of intrusion detection systems.
Proceedings of the 11th ACM SIGSOFT Symposium on Foundations of Software Engineering 2003 held jointly with 9th European Software Engineering Conference, 2003

Teaching Network Security Through Live Exercises.
Proceedings of the Security Education and Critical Infrastructures, 2003

Internet Security and Intrusion Detection.
Proceedings of the 25th International Conference on Software Engineering, 2003

A Topological Characterization of TCP/IP Security.
Proceedings of the FME 2003: Formal Methods, 2003

On the Detection of Anomalous System Call Arguments.
Proceedings of the Computer Security, 2003

Anomaly detection of web-based attacks.
Proceedings of the 10th ACM Conference on Computer and Communications Security, 2003

A Stateful Intrusion Detection System for World-Wide Web Servers.
Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC 2003), 2003

An Experience Developing an IDS Stimulator for the Black-Box Testing of Network Intrusion Detection Systems.
Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC 2003), 2003

2002
STATL: An Attack Language for State-Based Intrusion Detection.
J. Comput. Secur., 2002

Stateful Intrusion Detection for High-Speed Networks.
Proceedings of the 2002 IEEE Symposium on Security and Privacy, 2002

An Intrusion Detection System for Aglets.
Proceedings of the Mobile Agents, 6th International Conference, 2002

Mnemosyne: Designing and Implementing Network Short-Term Memory.
Proceedings of the 8th International Conference on Engineering of Complex Computer Systems (ICECCS 2002), 2002

Sensor-based intrusion detection for intra-domain distance-vector routing.
Proceedings of the 9th ACM Conference on Computer and Communications Security, 2002

Composable Tools For Network Discovery and Security Analysis.
Proceedings of the 18th Annual Computer Security Applications Conference (ACSAC 2002), 2002

2001
Security Testing of an Online Banking Service.
Proceedings of the E-Commerce Security and Privacy, 2001

Designing a Web of Highly-Configurable Intrusion Detection Sensors.
Proceedings of the Recent Advances in Intrusion Detection, 4th International Symposium, 2001

Evaluating the Security of Three Java-Based Mobile Agent Systems.
Proceedings of the Mobile Agents, 5th International Conference, 2001

1999
NetSTAT: A Network-based Intrusion Detection System.
J. Comput. Secur., 1999

1998
Understanding Code Mobility.
IEEE Trans. Software Eng., 1998

Cryptographic Traces for Mobile Agents.
Proceedings of the Mobile Agents and Security, 1998

Towards a Software Engineering Approach to Web Site Development.
Proceedings of the 9th International Workshop on Software Specification and Design, 1998

NetSTAT: A Network-Based Intrusion Detection Approach.
Proceedings of the 14th Annual Computer Security Applications Conference (ACSAC 1998), 1998

1997
Software Engineering Issues for Network Computing.
Proceedings of the Requirements Targeting Software and Systems Engineering, 1997

Mobile Code Paradigms and Technologies: A Case Study.
Proceedings of the Mobile Agents, First International Workshop, 1997

Designing Distributed Applications with Mobile Code Paradigms.
Proceedings of the Pulling Together, 1997

1996
Analyzing Mobile Code Languages.
Proceedings of the Mobile Object Systems, 1996

1994
Designing and Implementing Inter-Client Communication in the O2 Object-Oriented Database Management System.
Proceedings of the Object-Oriented Methodologies and Systems, 1994


  Loading...