Abstract is missing.
- FARE: Enabling Fine-grained Attack Categorization under Low-quality Labeled DataJunjie Liang, Wenbo Guo 0002, Tongbo Luo, Vasant Honavar, Gang Wang 0011, Xinyu Xing. [doi]
- FlowLens: Enabling Efficient Flow Classification for ML-based Network Security ApplicationsDiogo Barradas, Nuno Santos 0001, Luís Rodrigues 0001, Salvatore Signorello, Fernando M. V. Ramos, André Madeira. [doi]
- ALchemist: Fusing Application and Audit Logs for Precise Attack Provenance without InstrumentationLe Yu, ShiQing Ma, Zhuo Zhang 0002, Guanhong Tao, Xiangyu Zhang 0001, Dongyan Xu, Vincent E. Urias, Han Wei Lin, Gabriela Ciocarlie, Vinod Yegneswaran, Ashish Gehani. [doi]
- Preventing and Detecting State Inference Attacks on AndroidAndrea Possemato, Dario Nisi, Yanick Fratantonio. [doi]
- Reinforcement Learning-based Hierarchical Seed Scheduling for Greybox FuzzingJinghan Wang, Chengyu Song, Heng Yin. [doi]
- SerialDetector: Principled and Practical Exploration of Object Injection Vulnerabilities for the WebMikhail Shcherbakov, Musard Balliu. [doi]
- MINOS: A Lightweight Real-Time Cryptojacking Detection SystemFaraz Naseem Naseem, Ahmet Aris, Leonardo Babun, Ege Tekiner, A. Selcuk Uluagac. [doi]
- Flexsealing BGP Against Route Leaks: Peerlock Active Measurement and AnalysisTyler McDaniel, Jared M. Smith, Max Schuchard. [doi]
- Favocado: Fuzzing the Binding Code of JavaScript Engines Using Semantically Correct Test CasesSung Ta Dinh, Haehyun Cho, Kyle Martin, Adam Oest, Kyle Zeng, Alexandros Kapravelos, Gail-Joon Ahn, Tiffany Bao, Ruoyu Wang 0001, Adam Doupé, Yan Shoshitaishvili. [doi]
- SODA: A Generic Online Detection Framework for Smart ContractsTing Chen 0002, Rong Cao, Ting Li, Xiapu Luo, Guofei Gu, Yufei Zhang, Zhou Liao, Hang Zhu, Gang Chen, Zheyuan He, YuXing Tang, Xiaodong Lin, Xiaosong Zhang. [doi]
- Screen Gleaning: A Screen Reading TEMPEST Attack on Mobile Devices Exploiting an Electromagnetic Side ChannelZhuoran Liu, Niels Samwel, Leo Weissbart, Zhengyu Zhao 0001, Dirk Lauret, Lejla Batina, Martha A. Larson. [doi]
- A Devil of a Time: How Vulnerable is NTP to Malicious Timeservers?Yarin Perry, Neta Rozen Schiff, Michael Schapira. [doi]
- POSEIDON: Privacy-Preserving Federated Neural Network LearningSinem Sav, Apostolos Pyrgelis, Juan Ramón Troncoso-Pastoriza, David Froelicher, Jean-Philippe Bossuat, Joao Sa Sousa, Jean-Pierre Hubaux. [doi]
- Rosita: Towards Automatic Elimination of Power-Analysis Leakage in CiphersMadura A. Shelton, Niels Samwel, Lejla Batina, Francesco Regazzoni 0001, Markus Wagner 0007, Yuval Yarom. [doi]
- All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile MessengersChristoph Hagen, Christian Weinert, Christoph Sendner, Alexandra Dmitrienko, Thomas Schneider 0003. [doi]
- SymQEMU: Compilation-based symbolic execution for binariesSebastian Poeplau, Aurélien Francillon. [doi]
- BaseSpec: Comparative Analysis of Baseband Software and Cellular Specifications for L3 ProtocolsEunsoo Kim, Dongkwan Kim, CheolJun Park, Insu Yun, Yongdae Kim. [doi]
- DOVE: A Data-Oblivious Virtual EnvironmentHyun Bin Lee, Tushar M. Jois, Christopher W. Fletcher, Carl A. Gunter. [doi]
- PFirewall: Semantics-Aware Customizable Data Flow Control for Smart Home Privacy ProtectionHaotian Chi, Qiang Zeng 0001, Xiaojiang Du, Lannan Luo. [doi]
- TASE: Reducing Latency of Symbolic Execution with Transactional MemoryAdam Humphries, Kartik Cating-Subramanian, Michael K. Reiter. [doi]
- Refining Indirect Call Targets at the Binary LevelSun Hyoung Kim, Cong Sun 0001, Dongrui Zeng, Gang Tan. [doi]
- SquirRL: Automating Attack Analysis on Blockchain Incentive Mechanisms with Deep Reinforcement LearningCharlie Hou, Mingxun Zhou, Yan Ji, Phil Daian, Florian Tramèr, Giulia Fanti, Ari Juels. [doi]
- The Abuser Inside Apps: Finding the Culprit Committing Mobile Ad FraudJoongyum Kim, Junghwan Park, Sooel Son. [doi]
- C^2SR: Cybercrime Scene Reconstruction for Post-mortem Forensic AnalysisYonghwi Kwon, Weihang Wang, Jinho Jung, Kyu Hyung Lee, Roberto Perdisci. [doi]
- ROV++: Improved Deployable Defense against BGP HijackingReynaldo Morillo, Justin Furuness, Cameron Morris, James Breslin, Amir Herzberg, Bing Wang 0001. [doi]
- Hunting the Haunter - Efficient Relational Symbolic Execution for Spectre with Haunted RelSELesly-Ann Daniel, Sébastien Bardin, Tamara Rezk. [doi]
- Towards Measuring Supply Chain Attacks on Package Managers for Interpreted LanguagesRuian Duan, Omar Alrawi, Ranjita Pai Kasturi, Ryan Elder, Brendan Saltaformaggio, Wenke Lee. [doi]
- POP and PUSH: Demystifying and Defending against (Mach) Port-oriented ProgrammingMin Zheng, Xiaolong Bai, Yajin Zhou, Chao Zhang, Fuping Qu. [doi]
- Bringing Balance to the Force: Dynamic Analysis of the Android Application FrameworkAbdallah Dawoud, Sven Bugiel. [doi]
- Доверя'й, но проверя'й: SFI safety for native-compiled WasmEvan Johnson, David Thien, Yousef Alhessi, Shravan Narayan, Fraser Brown, Sorin Lerner, Tyler Mcmullen, Stefan Savage, Deian Stefan. [doi]
- SpecTaint: Speculative Taint Analysis for Discovering Spectre GadgetsZhenxiao Qi, Qian Feng, Yueqiang Cheng, Mengjia Yan, Peng Li, Heng Yin, Tao Wei. [doi]
- The Bluetooth CYBORG: Analysis of the Full Human-Machine Passkey Entry AKE ProtocolMichael Troncoso, Britta Hale. [doi]
- HERA: Hotpatching of Embedded Real-time ApplicationsChristian Niesler, Sebastian Surminski, Lucas Davi. [doi]
- Trust the Crowd: Wireless Witnessing to Detect Attacks on ADS-B-Based Air-Traffic SurveillanceKai Jansen, Liang Niu, Nian Xue, Ivan Martinovic, Christina Pöpper. [doi]
- Understanding and Detecting International Revenue Share FraudMerve Sahin, Aurélien Francillon. [doi]
- As Strong As Its Weakest Link: How to Break Blockchain DApps at RPC ServiceKai Li, Jiaqi Chen, Xianghong Liu, Yuzhe Tang, Xiaofeng Wang 0001, Xiapu Luo. [doi]
- Processing Dangerous Paths - On Security and Privacy of the Portable Document FormatJens Müller 0007, Dominik Noss, Christian Mainka, Vladislav Mladenov, Jörg Schwenk. [doi]
- WATSON: Abstracting Behaviors from Audit Logs via Aggregation of Contextual SemanticsJun Zeng, Zheng-Leong Chua, Yinfang Chen, Kaihang Ji, Zhenkai Liang, Jian Mao. [doi]
- On the Insecurity of SMS One-Time Password Messages against Local Attackers in Modern Mobile DevicesZeyu Lei, Yuhong Nan, Yanick Fratantonio, Antonio Bianchi. [doi]
- GALA: Greedy ComputAtion for Linear Algebra in Privacy-Preserved Neural NetworksQiao Zhang, Chunsheng Xin, Hongyi Wu. [doi]
- RandRunner: Distributed Randomness from Trapdoor VDFs with Strong UniquenessPhilipp Schindler, Aljosha Judmayer, Markus Hittmeir, Nicholas Stifter, Edgar R. Weippl. [doi]
- Detecting Kernel Memory Leaks in Specialized Modules with Ownership ReasoningNavid Emamdoost, Qiushi Wu, Kangjie Lu, Stephen McCamant. [doi]
- Bitcontracts: Supporting Smart Contracts in Legacy BlockchainsKarl Wüst, Loris Diana, Kari Kostiainen, Ghassan Karame, Sinisa Matetic, Srdjan Capkun. [doi]
- From WHOIS to WHOWAS: A Large-Scale Measurement Study of Domain Registration Privacy under the GDPRChaoyi Lu, Baojun Liu, Yiming Zhang 0009, Zhou Li 0001, Fenglu Zhang, Haixin Duan, Ying Liu 0024, Joann Qiongna Chen, Jinjin Liang, Zaifeng Zhang, Shuang Hao, Min Yang 0002. [doi]
- Zoom on the Keystrokes: Exploiting Video Calls for Keystroke Inference AttacksMohd Sabra, Anindya Maiti, Murtuza Jadliwala. [doi]
- Manipulating the Byzantine: Optimizing Model Poisoning Attacks and Defenses for Federated LearningVirat Shejwalkar, Amir Houmansadr. [doi]
- Data Poisoning Attacks to Deep Learning Based Recommender SystemsHai Huang, Jiaming Mu, Neil Zhenqiang Gong, Qi Li, Bin Liu 0020, Mingwei Xu. [doi]
- LaKSA: A Probabilistic Proof-of-Stake ProtocolDaniël Reijsbergen, Pawel Szalachowski, Junming Ke, Zengpeng Li, Jianying Zhou 0001. [doi]
- Improving Signal's Sealed SenderIan Martiny, Gabriel Kaptchuk, Adam J. Aviv, Daniel S. Roche, Eric Wustrow. [doi]
- Shadow Attacks: Hiding and Replacing Content in Signed PDFsChristian Mainka, Vladislav Mladenov, Simon Rohlmann. [doi]
- KUBO: Precise and Scalable Detection of User-triggerable Undefined Behavior Bugs in OS KernelChangming Liu, Yaohui Chen, Long Lu. [doi]
- Obfuscated Access and Search Patterns in Searchable EncryptionZhiwei Shang, Simon Oya, Andreas Peter, Florian Kerschbaum. [doi]
- WINNIE : Fuzzing Windows Applications with Harness Synthesis and Fast CloningJinho Jung, Stephen Tong, Hong Hu 0004, Jungwon Lim, Yonghwi Jin, Taesoo Kim. [doi]
- More than a Fair Share: Network Data Remanence Attacks against Secret Sharing-based SchemesLeila Rashidi, Daniel Kostecki, Alexander James, Anthony Peterson, Majid Ghaderi, Samuel Jero, Cristina Nita-Rotaru, Hamed Okhravi, Reihaneh Safavi-Naini. [doi]
- To Err.Is Human: Characterizing the Threat of Unintended URLs in Social MediaBeliz Kaleli, Brian Kondracki, Manuel Egele, Nick Nikiforakis, Gianluca Stringhini. [doi]
- Understanding the Growth and Security Considerations of ECSAthanasios Kountouras, Panagiotis Kintis, Athanasios Avgetidis, Thomas Papastergiou, Charles Lever, Michalis Polychronakis, Manos Antonakakis. [doi]
- Reining in the Web's Inconsistencies with Site PolicyStefano Calzavara, Tobias Urban, Dennis Tatang, Marius Steffens, Ben Stock. [doi]
- Hey Alexa, is this Skill Safe?: Taking a Closer Look at the Alexa Skill EcosystemChristopher Lentzsch, Sheel Jayesh Shah, Benjamin Andow, Martin Degeling, Anupam Das 0001, William Enck. [doi]
- Differential Training: A Generic Framework to Reduce Label Noises for Android Malware DetectionJiayun Xu, Yingjiu Li, Robert H. Deng. [doi]
- PrivacyFlash Pro: Automating Privacy Policy Generation for Mobile AppsSebastian Zimmeck, Rafael Goldstein, David Baraka. [doi]
- Towards Understanding and Detecting Cyberbullying in Real-world ImagesNishant Vishwamitra, Hongxin Hu, Feng Luo 0001, Long Cheng 0005. [doi]
- XDA: Accurate, Robust Disassembly with Transfer LearningKexin Pei, Jonas Guan, David Williams-King, Junfeng Yang, Suman Jana. [doi]
- Awakening the Web's Sleeper Agents: Misusing Service Workers for Privacy LeakageSoroush Karami, Panagiotis Ilia, Jason Polakis. [doi]
- PGFUZZ: Policy-Guided Fuzzing for Robotic VehiclesHyungsub Kim, Muslum Ozgur Ozmen, Antonio Bianchi, Z. Berkay Celik, Dongyan Xu. [doi]
- Tales of Favicons and Caches: Persistent Tracking in Modern BrowsersKonstantinos Solomos, John Kristoff, Chris Kanich, Jason Polakis. [doi]
- Practical Non-Interactive Searchable Encryption with Forward and Backward PrivacyShifeng Sun, Ron Steinfeld, Shangqi Lai, Xingliang Yuan, Amin Sakzad, Joseph K. Liu, Surya Nepal, Dawu Gu. [doi]
- Evading Voltage-Based Intrusion Detection on Automotive CANRohit Bhatia, Vireshwar Kumar, Khaled Serag, Z. Berkay Celik, Mathias Payer, Dongyan Xu. [doi]
- EarArray: Defending against DolphinAttack via Acoustic AttenuationGuoming Zhang, Xiaoyu Ji, Xinfeng Li, Gang Qu, Wenyuan Xu. [doi]
- Mondrian: Comprehensive Inter-domain Network Zoning ArchitectureJonghoon Kwon, Claude Hähni, Patrick Bamert, Adrian Perrig. [doi]
- NetPlier: Probabilistic Network Protocol Reverse Engineering from Message TracesYapeng Ye, Zhuo Zhang 0002, Fei Wang, Xiangyu Zhang 0001, Dongyan Xu. [doi]
- Deceptive Deletions for Protecting Withdrawn Posts on Social Media PlatformsMohsen Minaei, S. Chandra Mouli, Mainack Mondal, Bruno Ribeiro 0001, Aniket Kate. [doi]
- Your Phone is My Proxy: Detecting and Understanding Mobile Proxy NetworksXianghang Mi, Siyuan Tang, Zhengyi Li, Xiaojing Liao, Feng Qian, Xiaofeng Wang 0001. [doi]
- CV-Inspector: Towards Automating Detection of Adblock CircumventionHieu Le, Athina Markopoulou, Zubair Shafiq. [doi]
- UIScope: Accurate, Instrumentation-free, and Visible Attack Investigation for GUI ApplicationsRunqing Yang, ShiQing Ma, Haitao Xu, Xiangyu Zhang 0001, Yan Chen 0004. [doi]
- Let's Stride Blindfolded in a Forest: Sublinear Multi-Client Decision Trees EvaluationJack P. K. Ma, Raymond K. H. Tai, Yongjun Zhao 0001, Sherman S. M. Chow. [doi]
- Practical Blind Membership Inference Attack via Differential ComparisonsBo Hui, Yuchen Yang, Haolin Yuan, Philippe Burlina, Neil Zhenqiang Gong, Yinzhi Cao. [doi]
- FLTrust: Byzantine-robust Federated Learning via Trust BootstrappingXiaoyu Cao, Minghong Fang, Jia Liu 0002, Neil Zhenqiang Gong. [doi]
- QPEP: An Actionable Approach to Secure and Performant Broadband From Geostationary OrbitJames Pavur, Martin Strohmeier, Vincent Lenders, Ivan Martinovic. [doi]
- CHANCEL: Efficient Multi-client Isolation Under Adversarial ProgramsAdil Ahmad, Juhee Kim, Jaebaek Seo, Insik Shin, Pedro Fonseca, Byoungyoung Lee. [doi]
- Forward and Backward Private Conjunctive Searchable Symmetric EncryptionSikhar Patranabis, Debdeep Mukhopadhyay. [doi]
- OblivSketch: Oblivious Network Measurement as a Cloud ServiceShangqi Lai, Xingliang Yuan, Joseph K. Liu, Xun Yi, Qi Li 0002, Dongxi Liu, Surya Nepal. [doi]
- IoTSafe: Enforcing Safety and Security Policy with Real IoT Physical Interaction DiscoveryWenbo Ding, Hongxin Hu, Long Cheng 0005. [doi]
- PhantomCache: Obfuscating Cache Conflicts with Localized RandomizationQinhan Tan, Zhihua Zeng, Kai Bu, Kui Ren 0001. [doi]
- Does Every Second Count? Time-based Evolution of Malware Behavior in SandboxesAlexander Küchler, Alessandro Mantovani, Yufei Han, Leyla Bilge, Davide Balzarotti. [doi]
- Understanding Worldwide Private Information Collection on AndroidYun Shen, Pierre-Antoine Vervier, Gianluca Stringhini. [doi]
- Who's Hosting the Block Party? Studying Third-Party Blockage of CSP and SRIMarius Steffens, Marius Musch, Martin Johns, Ben Stock. [doi]
- A Formal Analysis of the FIDO UAF ProtocolHaonan Feng, Hui Li, Xuesong Pan, Ziming Zhao 0001. [doi]
- PHOENIX: Device-Centric Cellular Network Protocol Monitoring using Runtime VerificationMitziu Echeverria, Zeeshan Ahmed, Bincheng Wang, M. Fareed Arif, Syed Rafiul Hussain, Omar Chowdhury. [doi]
- From Library Portability to Para-rehosting: Natively Executing Microcontroller Software on Commodity HardwareWenqiang Li, Le Guan, Jingqiang Lin, Jiameng Shi, FengJun Li. [doi]
- Emilia: Catching Iago in Legacy CodeRongzhen Cui, Lianying Zhao, David Lie. [doi]