Table of Contents

• Black-box Attacks Against Neural Binary Function DetectionJoshua Bundt, Michael Davinroy, Ioannis Agadakos, Alina Oprea, William K. Robertson. 1-16 [doi]
• Extracting Threat Intelligence From Cheat Binaries For Anti-CheatingMd Sakib Anwar, Chaoshun Zuo, Carter Yagemann, Zhiqiang Lin. 17-31 [doi]
• Shimware: Toward Practical Security Retrofitting for Monolithic Firmware ImagesEric Gustafson, Paul Grosen, Nilo Redini, Saagar Jha, Andrea Continella, Ruoyu Wang 0001, Kevin Fu, Sara Rampazzi, Christopher Kruegel, Giovanni Vigna. 32-45 [doi]
• MP-Mediator: Detecting and Handling the New Stealthy Delay Attacks on IoT Events and CommandsXuening Xu, Chenglong Fu 0002, Xiaojiang Du. 46-62 [doi]
• BitDance: Manipulating UART Serial Communication with IEMIZhixin Xie, Chen Yan 0001, Xiaoyu Ji 0001, Wenyuan Xu 0001. 63-76 [doi]
• EdgeTorrent: Real-time Temporal Graph Representations for Intrusion DetectionIsaiah J. King, Xiaokui Shu, Jiyong Jang, Kevin Eykholt, Taesung Lee, H. Howie Huang. 77-91 [doi]
• Looking Beyond IoCs: Automatically Extracting Attack Patterns from External CTIMd Tanvirul Alam, Dipkamal Bhusal, Youngja Park, Nidhi Rastogi. 92-108 [doi]
• Temporary Block Withholding Attacks on Filecoin's Expected ConsensusTong Cao, Xin Li. 109-122 [doi]
• How (Not) to Build Threshold EdDSAHarry W. H. Wong, Jack P. K. Ma, Hoover H. F. Yin, Sherman S. M. Chow. 123-134 [doi]
• Towards Understanding Alerts raised by Unsupervised Network Intrusion Detection SystemsMaxime Lanvin, Pierre-François Gimenez, Yufei Han, Frédéric Majorczyk, Ludovic Mé, Eric Totel. 135-150 [doi]
• CTPP: A Fast and Stealth Algorithm for Searching Eviction Sets on Intel ProcessorsZihan Xue, Jinchi Han, Wei Song 0002. 151-163 [doi]
• Characterizing and Mitigating Touchtone Eavesdropping in Smartphone Motion SensorsConnor Bolton, Yan Long, Jun Han 0001, Josiah D. Hester, Kevin Fu. 164-178 [doi]
• Security Analysis of the 3MF Data FormatJost Rossel, Vladislav Mladenov, Juraj Somorovsky. 179-194 [doi]
• Beware of Pickpockets: A Practical Attack against Blocking CardsMarco Alecci, Luca Attanasio, Alessandro Brighente, Mauro Conti, Eleonora Losiouk, Hideki Ochiai, Federico Turrin. 195-206 [doi]
• Quarantine: Mitigating Transient Execution Attacks with Physical Domain IsolationMathé Hertogh, Manuel Wiesinger, Sebastian Österlund, Marius Muench, Nadav Amit, Herbert Bos, Cristiano Giuffrida. 207-221 [doi]
• Efficient Membership Inference Attacks against Federated Learning via Bias DifferencesLiwei Zhang, Linghui Li, Xiaoyong Li 0003, Binsi Cai, Yali Gao, Ruobin Dou, Luying Chen. 222-235 [doi]
• Exploring Clustered Federated Learning's Vulnerability against Property Inference AttackHyunjun Kim, Yungi Cho, YoungHan Lee, Ho Bae, Yunheung Paek. 236-249 [doi]
• Witnessing Erosion of Membership Inference Defenses: Understanding Effects of Data Drift in Membership PrivacySeung Ho Na, KwanWoo Kim, Seungwon Shin. 250-263 [doi]
• PrivMon: A Stream-Based System for Real-Time Privacy Attack Detection for Machine Learning ModelsMyeongseob Ko, Xinyu Yang, Zhengjie Ji, Hoang Anh Just, Peng Gao 0008, Anoop Kumar, Ruoxi Jia. 264-281 [doi]
• Understanding Multi-Turn Toxic Behaviors in Open-Domain ChatbotsBocheng Chen, Guangjing Wang 0001, Hanqing Guo, Yuanda Wang, Qiben Yan. 282-296 [doi]
• Flow-MAE: Leveraging Masked AutoEncoder for Accurate, Efficient and Robust Malicious Traffic ClassificationZijun Hang, Yuliang Lu, YongJie Wang, Yi Xie. 297-314 [doi]
• Your Attack Is Too DUMB: Formalizing Attacker Scenarios for Adversarial TransferabilityMarco Alecci, Mauro Conti, Francesco Marchiori, Luca Martinelli, Luca Pajola. 315-329 [doi]
• False Sense of Security: Leveraging XAI to Analyze the Reasoning and True Performance of Context-less DGA ClassifiersArthur Drichel, Ulrike Meyer. 330-345 [doi]
• Federated Explainability for Network Anomaly CharacterizationXabier Sáez de Cámara, Jose Luis Flores 0001, Cristóbal Arellano, Aitor Urbieta, Urko Zurutuza. 346-365 [doi]
• PhantomSound: Black-Box, Query-Efficient Audio Adversarial Attack via Split-Second Phoneme InjectionHanqing Guo, Guangjing Wang 0001, Yuanda Wang, Bocheng Chen, Qiben Yan, Li Xiao 0001. 366-380 [doi]
• Container Orchestration Honeypot: Observing Attacks in the WildNoah Spahn, Nils Hanke, Thorsten Holz, Christopher Kruegel, Giovanni Vigna. 381-396 [doi]
• EnclaveVPN: Toward Optimized Utilization of Enclave Page Cache and Practical Performance of Data Plane for Security-Enhanced Cloud VPNJaemin Park, Brent ByungHoon Kang. 397-411 [doi]
• EBugDec: Detecting Inconsistency Bugs caused by RFC Evolution in Protocol ImplementationsJingting Chen, Feng Li, Qingfang Chen, Ping Li, Lili Xu, Wei Huo. 412-425 [doi]
• CoZure: Context Free Grammar Co-Pilot Tool for Finding New Lateral Movements in Azure Active DirectoryAbdullahi Chowdhury, Hung X. Nguyen. 426-439 [doi]
• Phantom-CSI Attacks against Wireless Liveness DetectionQiuye He, Song Fang. 440-454 [doi]
• A Method for Summarizing and Classifying Evasive MalwareHaikuo Yin, Brandon Lou, Peter L. Reiher. 455-470 [doi]
• Xunpack: Cross-Architecture Unpacking for Linux IoT MalwareYuhei Kawakoya, Shu Akabane, Makoto Iwamura, Takeshi Okamoto. 471-484 [doi]
• SEnFuzzer: Detecting SGX Memory Corruption via Information Feedback and Tailored Interface AnalysisDonghui Yu, Jianqiang Wang, Haoran Fang, Ya Fang, Yuanyuan Zhang 0002. 485-498 [doi]
• FieldFuzz: In Situ Blackbox Fuzzing of Proprietary Industrial Automation Runtimes via the NetworkAndrei Bytes, Prashant Hari Narayan Rajput, Constantine Doumanidis, Michail Maniatakos, Jianying Zhou 0001, Nils Ole Tippenhauer. 499-512 [doi]
• Bin there, target that: Analyzing the target selection of IoT vulnerabilities in malware binariesArwa Abdulkarim Al Alsadi, Kaichi Sameshima, Katsunari Yoshioka, Michel van Eeten, Carlos Hernandez Gañán. 513-526 [doi]
• FineIBT: Fine-grain Control-flow Enforcement with Indirect Branch TrackingAlexander J. Gaidis, Joao Moreira, Ke Sun, Alyssa Milburn, Vaggelis Atlidakis, Vasileios P. Kemerlis. 527-546 [doi]
• SCVMON: Data-oriented attack recovery for RVs based on safety-critical variable monitoringSangbin Park, Youngjoon Kim, Dong-Hoon Lee. 547-563 [doi]
• Information Flow Tracking for Heterogeneous Compartmentalized SoftwareZahra Tarkhani, Anil Madhavapeddy. 564-579 [doi]
• Renewable Just-In-Time Control-Flow IntegrityErick Bauman, Jun Duan, Kevin W. Hamlen, Zhiqiang Lin. 580-594 [doi]
• Raft: Hardware-assisted Dynamic Information Flow Tracking for Runtime Protection on RISC-VYu Wang, Jinting Wu, Haodong Zheng, Zhenyu Ning, Boyuan He, Fengwei Zhang. 595-608 [doi]
• MIFP: Selective Fat-Pointer Bounds Compression for Accurate Bounds CheckingShengjie Xu, Eric Liu, Wei Huang 0027, David Lie. 609-622 [doi]
• All Use-After-Free Vulnerabilities Are Not Created Equal: An Empirical Study on Their Characteristics and DetectabilityZeyu Chen, Daiping Liu, Jidong Xiao, Haining Wang. 623-638 [doi]
• NatiSand: Native Code Sandboxing for JavaScript RuntimesMarco Abbadini, Dario Facchinetti, Gianluca Oldani, Matthew Rossi, Stefano Paraboschi. 639-653 [doi]
• DiverseVul: A New Vulnerable Source Code Dataset for Deep Learning Based Vulnerability DetectionYizheng Chen 0001, Zhoujie Ding, Lamya Alowain, Xinyun Chen, David A. Wagner 0001. 654-668 [doi]
• Why Johnny Can't Use Secure Docker Images: Investigating the Usability Challenges in Using Docker Image Vulnerability Scanners through Heuristic EvaluationTaeyoung Kim, Seonhye Park, Hyoungshick Kim. 669-685 [doi]
• SigA: rPPG-based Authentication for Virtual Reality Head-mounted DisplayLin Li, Chao Chen, Lei Pan, Leo Yu Zhang, Jun Zhang, Yang Xiang 0001. 686-699 [doi]
• Boosting Big Brother: Attacking Search Engines with EncodingsNicholas Boucher, Luca Pajola, Ilia Shumailov, Ross J. Anderson, Mauro Conti. 700-713 [doi]
• Honey, I Cached our Security Tokens Re-usage of Security Tokens in the WildLeon Trampert, Ben Stock, Sebastian Roth. 714-726 [doi]
• Measuring the Leakage and Exploitability of Authentication Secrets in Super-apps: The WeChat CaseSupraja Baskaran, Lianying Zhao, Mohammad Mannan, Amr M. Youssef. 727-743 [doi]
• Leader: Defense Against Exploit-Based Denial-of-Service Attacks on Web ApplicationsRajat Tandon, Haoda Wang, Nicolaas Weideman, Shushan Arakelyan, Genevieve Bartlett, Christophe Hauser, Jelena Mirkovic. 744-758 [doi]