Category: Publications

Jeffrey Pawlick and Quanyan Zhu Data ecosystems are becoming larger and more complex due to online tracking, wearable computing, and the Internet of Things. But privacy concerns are threatening to erode the potential benefits of these systems. Recently, users have developed obfuscation techniques that issue fake search engine queries, undermine location tracking algorithms, or evade...

Jairo Giraldo, Esha Sarkar, Alvaro Cardenas, Michail Maniatakos and Murat Kantarcioglu Cyber-Physical Systems (CPS) are engineered systems combining computation, communications, and physical resources. Over the last decade—alongside technical advances in CPS—a vibrant and active community of security and privacy researchers have proposed and developed a mature research agenda addressing fundamental problems and risks of CPS...

Sumayah Alrwais, Xiaojing Liao , Xianghang Mi , Peng Wang , XiaoFeng Wang , Feng Qian , Raheem Beyah and Damon McCoy BulletProof Hosting (BPH) services provide criminal actors with technical infrastructure that is resilient to complaints of illicit activities, which serves as a basic building block for streamlining numerous types of attacks.In this paper,...

Rebecca S. Portnoff, Sadia Afroz, Greg Durrett, Jonathan K. Kummerfeld, Taylor Berg-Kirkpatrick, Taylor Berg-Kirkpatrick, Damon McCoy, Kirill Levchenko and Vern Paxson. Underground forums are widely used by criminals to buy and sell a host of stolen items, datasets, resources, and criminal services. These forums contain important resources for understanding cybercrime. However, the number of forums, their size, and the domain expertise required...

Brown Farinholt , Mohammad Rezaeirad , Paul Pearce , Hitesh Dharmdasani, Haikuo Yin Stevens Le Blondk , Damon McCoy, Kirill Levchenko Remote Access Trojans (RATs) give remote attackers interactive control over a compromised machine. Unlike largescale malware such as botnets, a RAT is controlled individually by a human operator interacting with the compromised machine remotely....

Philip Bontrager, Julian Togelius and Nasir Memon We present two related methods for creating MasterPrints, synthetic fingerprints that a fingerprint verification system identifies as many different people. Both methods start with training a Generative Adversarial Network (GAN) on a set of real fingerprint images. The generator network is then used to search for images that...

Yanqiu Wu, Tehila Minkus, and Keith W. Ross We deploy GPS hacking in conjunction with location-based mobile apps to passively survey users in targeted geographical regions. Specifically, we investigate surveying students at different college campuses with Yik Yak, an anonymous mobile app that is popular on US college campuses. In addition to being campus-centric, Yik...

Hossein Siadati, Toan Nguyen, Payas Gupta, Markus Jakobsson, and Nasir Memon SMS-based second factor authentication is a cornerstone for many service providers, ranging from email service providers and social networks to financial institutions and online marketplaces. Attackers have not been slow to capitalize on the vulnerabilities of this mechanism by using social engineering techniques to...

Sciencedirect.com site creating problemsMasooda Bashir, Colin Wee, Nasir Memon, and Boyi Guo This paper presents the main results of a large-scale survey on cybersecurity competition participants in the past decade. 588 participants of the Cybersecurity Awareness Week (CSAW) competition were surveyed with measures of personality, interests, culture, decision-making and attachment styles in an exploratory study...

Toan Van Nguyen, Napa Sae-Bae, and Nasir Memon This paper presents Draw-A-PIN, a user authentication system on a device with a touch interface that supports the use of PINs. In the proposed system, the user is asked to draw her PIN on the touch screen instead of typing it on a keypad. Consequently, Draw-A-PIN could...