Publications

As our faculty and students work to stay one step ahead of cyber threats, they are also making significant contributions to the body of literature within this field. Below are recent publications from CCS faculty and students that demonstrate the scope of those contributions. We have also included some titles that represent foundational work in the careers of our faculty and in the development of the particular technologies their research supports.

Names in boldface are affiliated with the Center for Cybersecurity, or were at the time the paper was written.

Recent Faculty Publications

All Publications: CCS Google Scholars 

2021

SoK: Hate, Harassment, and the Changing Landscape of Online Abuse

Thomas, Devdatta Akhawe, Michael Bailey, Dan Boneh, Elie Bursztein, Sunny Consolvo, Nicola Dell, Zakir Durumeric, Patrick Gage Kelley, Deepak Kumar, Damon McCoy, Sarah Meiklejohn, Thomas Ristenpart, and Gianluca Stringhini

42nd IEEE Symposium on Security & Privacy (Oakland), May 2021

PyPANDA: Taming the PANDAmonium of Whole System Dynamic Analysis

Luke Craig, Andrew Fasano, Tiemoko Ballo, Tim Leek, Brendan Dolan-Gavitt, and William Robertson

Proceedings of the Workshop on Binary Analysis Research (BAR), co-located with NDSS,

A Concentration of Measure Approach to Correlated Graph Matching

Farhad Shirani, Siddharth Garg, and Elza Erkip

IEEE Journal on Selected Areas in Information Theory, February 2021

Subverting Privacy-Preserving GANs: Hiding Secrets in Sanitized Images

Kang Liu, Benjamin Tan, and Siddharth Garg

Thirty-Fifth AAAI Conference on Artificial Intelligence (AAAI-21), February 2021

Game Theory for Cyber Detection: From Theory to Application

Jeffrey Pawlick  and Quanyan Zhu

Springer Nature,  February 2021

Dark Web Marketplaces and COVID-19: Before the vaccine

Alberto Bracci, Matthieu Nadini, Maxwell Aliapoulios, Damon McCoy, Ian Gray, Alexander Teytelboyms, Angela Gallo, and Andrea Baronchelli

EBJ Data Science, January 2021

Robust Deep Learning for IC Test Problems

Animesh Basak Chowdhury, Benjamin Tan, Siddharth Garg, and Ramesh Karri

IEEE Transactions on Computer-Aided Design of Integrated Circuits and System, January 2021

2020

Thinking Aloud About Confusing Code: A Qualitative Investigation of Program Comprehension and Atoms of Confusion

Daniel Gopstein, Anne-Laure Fayard, Sven Apel, and Justin Cappos

2020 ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2020), November 2020

A Survey of Cybersecurity of Digital Manufacturing

Priyanka Mahesh, Akash Tiwari , Chenglu Jin,  Panganamala R. Kumar ,  A.L. Narasimha Reddy, Satish T. S. Bukkapatanam, Nikhil Gupta, and Ramesh Karri

Proceedings of the IEEE, October 2020

Reverse Engineering of Additive Manufactured Composite Part by Toolpath Reconstruction using Imaging and Machine Learning

Kaushik Yanamandra, Guan Lin Chen, Xianbo Xu, Gary Mac, and Nikhil Gupta

Composites Science and Technology, September 2020

Using a Dual-Layer Specification to Offer Selective Interoperability for Uptane

Marina Moore, Ira McDonald, Andre Weimerskirch, Sebastien Awwad, Lois Anne DeLong, and Justin Cappos

escar USA Special Issue of the SAE International Journal of Transportation Cybersecurity and Privacy, Summer 2020

IoT Inspector: Crowdsourcing Labeled Network Traffic from Smart Home Devices at Scale

Danny Yuxing Huang, Noah Apthorpe, Gunes Acar, Frank Li, and Nick Feamster

Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT / Ubicomp), June 2020.

Molecular Barcoding as a Defense against Benchtop Biochemical Attacks on DNA Fingerprinting and Information Forensics

Mohamed Ibrahim, Tung-Che Liang, Kristin Scott, Krishnendu Chakrabarty, and Ramesh Karri.

IEEE Transactions on Information Forensics and Security, May 14, 2020.

Stuck on a Phishing Lure: Differential Use of Base Rates in Self and Social Judgments of Susceptibility to Cyber Risk

E. Blair Cox, Quanyan Zhu, and Emily Balcetis

Comprehensive Results in Social Psychology, May  2020

Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd
Mathy Vanhoef and Eyal Ronen

41st IEEE Symposium on Security & Privacy (Oakland), May 2020

Are Anonymity-Seekers Just Like Everybody Else? An Analysis of Contributions to Wikipedia from Torr

Chau Tran, Kaylea Champion, Andrea Forte, Benjamin Mako Hill, and Rachel Greenstadt

41st IEEE Symposium on Security & Privacy (Oakland), May 2020

Automatic Uncovering of Hidden Behaviors From Input Validation in Mobile Apps

Qingchuan Zhao, Chaoshun Zuo, Brendan Dolan-Gavitt, Giancarlo Pellegrino, and Zhiqiang Lin

41st IEEE Symposium on Security & Privacy (Oakland), May 2020

A Security Analysis of the Facebook Ad Library

Laura Edelson, Tobias Lauinger, Damon McCoy

41st IEEE Symposium on Security & Privacy (Oakland), May 2020

The Many Kinds of Creepware Used for Interpersonal Attacks

Kevin A. Roundy, Paula Barmaimon Mendelberg, Nicola Dell, Damon McCoy, Daniel Nissani, Thomas Ristenpart, and Acar Tamersoy

41st IEEE Symposium on Security & Privacy (Oakland), May 2020

Effects of Credibility Indicators on Social Media News Sharing Intent

Waheeb Yaqub, Otari Kakhidze, Morgan L. Brockman, Nasir Memon, and Sameer Patil

2020 ACM CHI Conference on Human Factors in Computing Systems, April 2020

The Pod People: Understanding Manipulation of Social Media Popularity via Reciprocity Abuse 

Janith Weerasinghe, Bailey Flanigan, Aviel Stein, Damon McCoy, and Rachel Greenstadt

Proceedings of the Web Conference (WWW), April 2020

Dark Matter: Uncovering the DarkComet RAT Ecosystem

Brown Farinholt, Mohammad Rezaeirad, Damon McCoy, and Kirill Levchenko

Proceedings of the Web Conference (WWW), April 2020

Additive Manufacturing Cyber-Physical System: Supply Chain Cybersecurity and Risks

Nikhil Gupta, Akash Tiwari, Satish T.S. Bukkapatnam, and Ramesh Karri

IEEE Access, March 2020

Public Plug-in Electric Vehicles + Grid Data: Is a New Cyberattack Vector Viable?

Samrat Acharya, Yury Dvorkin, and Ramesh Karri

IEEE Transaction on Smart Grid, February 2020

Finite-horizon Semi-markov Game for Time-sensitive Attack Response and Probabilistic Risk Assessment in Nuclear Power Plants

Yunfei Zhao, Linan Huang, Carol Smidts, and Quanyan Zhu

Reliability Engineering & System Safety, February 2020

MicroCash: Practical Concurrent Processing of Micropayments 

Ghada Almashaqbeh, Allison Bishop, and Justin Cappos

24th International Conference on Financial Cryptography and Data Security (FC 2020), February 2020.

A Dynamic Games Approach to Proactive Defense Strategies Against Advanced Persistent Threats in Cyber-physical Systems

Linan Huang and Quanyan Zhu

Computers & Security, January 2020


2019

Simulation for Cyber Risk Management–Where are we, and Where do we want to go?

Sachin Shetty, Indrajit Ray, Nurcin Ceilk, Michael Mesham, Nathaniel Bastian, and Quanyan Zhu

2019 IEEE Winter Simulation Conference, December 2019

FlipIn: A Game-Theoretic Cyber Insurance Framework for Incentive-Compatible Cyber Risk Management of Internet of Things

Rui Zhang and Quanyan Zhu

IEEE Transactions on Information Forensics and Security, November 2019

Watching You Watch: The Tracking Ecosystem of Over-the-Top TV Streaming Devices

Hooman Mohajeri Moghaddam, Gunes Acar, Arunesh Mathur, Ben Burgess, Danny Yuxing Huang, Prateek Mittal, Nick Feamster, Arvind Narayanan, and Edward Felten

2019 ACM Conference on Computer and Communications Security (CCS 2019), November 2019

Charting a Course Through Uncertain Environments: SEA Uses Past Problems to Avoid Future Failures 

Preston Moore, Justin Cappos, Phyllis Frankl, and Thomas Wies

30th IEEE International Symposium on Software Reliability Engineering (ISSRE 2019), October 2019.

Best Paper Award

Platforms in Everything: Analyzing Ground-Truth Data on the Anatomy and Economics of Bullet-Proof Hosting

Arman Noroozian, Jan Koenders, Eelco van Veldhuizen, Carlos H. Ganan, Sumayah Alrwais, Damon McCoy, and Michel van Eeten

Proceedings of the 28th USENIX Security Symposium, August 2019

Clinical Computer Security for Victims of Intimate Partner Violence

Sam Havron, Diana Freed, Rahul Chatterjee, Damon McCoy, Nicola Dell, and Thomas Ristenpart

Proceedings of the 28th USENIX Security Symposium, August 2019

Reading the Tea Leaves: A Comparative Analysis of Threat Intelligence

Vector Guo Li, Matthew Dunn, Paul Pearce, Damon McCoy, Geoffrey M. Voelker, Stefan Savage, and Kirill Levchenko

Proceedings of the 28th USENIX Security Symposium, August 2019

in-toto: providing farm-to-table security properties for bits and bytes

Santiago Torres-Arias, Hammad Afzali, Trishank Karthik Kuppusamy, Reza Curtmola, and Justin Cappos.

Proceedings of the 28th USENIX Security Symposium, August 2019

Keeping the Smart Home Private with Smart(er) IoT Traffic Shaping

Noah Apthorpe, Danny Yuxing Huang, Dillon Reisman, Arvind Narayanan, and Nick Feamster

Proceedings on Privacy Enhancing Technologies Symposium (PETS 2019), July 2019

The SAT Attack on IC Camouflaging: Impact and Potential Countermeasure

Mohammed El-Massad, Siddharth Garg, and Mahesh Tripunitara

IEEE Transactions on Computer-Aided Design of Electronic Systems–Special Issue on Top Picks in Hardware and Embedded Systems Security, July 2019 

Evaluating Login Challenges as a Defense Against Account Takeover

Periwinkle Doerfler, Maija Marincenko, Juri Ranieri, Yu Jiang, Angelika Moscicki, Damon McCoy, and Kurt Thomas

Proceedings of the Web Conference (WWW), May 2019

Interdependent Strategic Security Risk Management with Bounded Rationality in the internet of Things

Juntao Chen and Quanyan Zhu

IEEE Transactions on Information Forensics and Security, April 2019


2018

Peeling the Onion’s User Experience Layer: Examining Naturalistic Use of the Tor Browser

Kevin Gallagher, Sameer Patil, Brendan Dolan-Gavitt, Damon McCoy, and Nasir Memon

25th ACM SIGSAC Conference on Computer and Communications Security (CCS), October 2018

Schrodinger’s RAT: Profiling the Stakeholders in the Remote Access Trojan Ecosystem

Mohammad Rezaeirad, Brown Farinholt, Hitesh Dharmdasani, Paul Pearce, Kirill Levchenko, and Damon McCoy

Proceedings of the 27th USENIX Security Symposium, August 2018

API Blindspots: Why Experienced Developers Write Vulnerable Code

Daniela Oliveira, Tian Lin, Muhammad Rahman, Rad Akefirad, Donovan Ellis, Eliany Perez, Rahul Bobhate, Lois Anne DeLong, Justin Cappos, Yuriy Brun, and Natalie Ebner.

14th USENIX Symposium on Usable Privacy and Security, August 2018

Tracking Ransomware End-to-End

Danny Yuxing Huang, Maxwell Matthaios Aliapoulios, Vector Guo Li, Luca Invernizzi, Kylie McRoberts, Elie Bursztein, Jonathan Levin, Kirill Levchenko, Alex C. Snoeren, and  Damon McCoy

39th IEEE Symposium on Security & Privacy (Oakland), May 2018

Tracking Ransomware End-to-End

Danny Yuxing Huang, Maxwell Matthaios Aliapoulios, Vector Guo Li, Luca Invernizzi, Kylie McRoberts, Elie Bursztein, Jonathan Levin, Kirill Levchenko, Alex C. Snoeren, and  Damon McCoy

39th IEEE Symposium on Security & Privacy (Oakland), May 2018

The Spyware Used in Intimate Partner Violence

Rahul Chatterjee, Periwinkle Doerfler, Hadas Orgad, Sam Havron, Jackeline Palmer, Diana Freed, Karen Levy, Nicola Dell, Damon McCoy, and Thomas Ristenpart

39th IEEE Symposium on Security & Privacy (Oakland), May 2018

Prevalence of Confusing Code in Software Projects – Atoms of Confusion in the Wild 

Dan Gopstein, Hongwei Henry Zhou, Phyllis Frankl, and Justin Cappos

15th International Conference on Mining Software Repositories, May 2018

ACM SIGSOFT Distinguished Paper Award

Le-git-imate: Towards Verifiable Web-based Git Repositories 

Hammad Afzali, Santiago Torres-Arias, Reza Curtmola, and Justin Cappos

ACM Asia Conference on Computer and Communications Security, June 2018


2017

The Cyber and Critical Infrastructures Nexus: Interdependencies, Dependencies, and their Impacts on Public Services

Rae Zimmerman

White Paper from the Center for Cybersecurity, December 2017

Fifteen Minutes of Unwanted Fame: Detecting and Characterizing Doxing

Peter Snyder, Periwinkle Doerfler, Chris Kanich, and Damon McCoy

Proceedings of the ACM Internet Measurement Conference (IMC), November 2017

Identifying Products in Online Cybercrime Marketplaces: A Dataset for Fine-grained Domain Adaptation

Greg Durrett, Jonathan K. Kummerfeld, Taylor Berg-Kirkpatrick, Rebecca S. Portnoff, Sadia Afroz, Damon McCoy, Kirill Levchenko and Vern Paxson

Conference on Empirical Methods on Natural Language Processing (EMNLP), September 2017

Understanding Misunderstandings in Source Code 

Dan Gopstein, Jake Iannacone, Yu Yan, Lois Anne DeLong, Yanyan Zhuang, Martin K-C. Yeh, and Justin Cappos

2017 ACM SIGSOFT Symposium on the Foundations of Software Engineering, September 2017

ACM SIGSOFT Distinguished Paper Award

Linking Amplification DDoS Attacks to Booter Services

Johannes Krupp, Mohammad Karami, Christian Rossow, Damon McCoy and Michael Backes

International Symposium on Research in Attacks, Intrusions and Defenses (RAID), September 2017

Backpage and Bitcoin: Uncovering Human Traffickers

Rebecca S. Portnoff, Danny Yuxing Huang, Periwinkle Doerfler, Sadia Afroz and Damon McCoy

Proceedings of the ACM SIGKDD Conference, August 2017

CHAINIAC: Software-Update Transparency via Collectively Signed Skipchains and Verified Build PDF

Kirill Nikitin,  Eleftherios Kokoris-Kogias, Philipp Jovanovic, Nicolas Gailly, Linus Gasser, Ismail Khoffi, Justin Cappos, and Bryan Ford.

26th USENIX Security Symposium, August 2017

Mercury: Bandwidth-Effective Prevention of Rollback Attacks Against Community Repositories

Trishank Kuppusamy, Vladimir Diaz, and Justin Cappos

USENIX Annual Technical Conference, July 2017

Lock-in-Pop: Securing Privileged Operating System Kernels by Keeping on the Beaten Path PDF

Yiwen Li, Brendan Dolan-Gavitt, Sam Weber, and Justin Cappos

USENIX Annual Technical Conference, July 2017

Under the Shadow of Sunshine: Understanding and Detecting Bulletproof Hosting on Legitimate Service Provider Networks

Sumayah Alrwais, Xiaojing Liao, Xianghang Mi, Peng Wang, XiaoFeng Wang, Feng Qian, Raheem Beyah, and Damon McCoy

38th IEEE Symposium on Security & Privacy (Oakland), May 2017

To Catch a Ratter: Monitoring the Behavior of Amateur DarkComet RAT Operators in the Wild

Brown Farinholt, Mohammad Rezaeirad, Paul Pearce, Hitesh Dharmdasani, Haikuo Yin, Stevens Le Blond, Damon McCoy, and Kirill Levchenko

38th IEEE Symposium on Security & Privacy (Oakland), May 2017

Tools for Automated Analysis of Cybercriminal Markets

Rebecca S Portnoff, Sadia Afroz, Greg Durrett, Jonathan K Kummerfeld, Taylor Berg-Kirkpatrick, Damon McCoy, Kirill Levchenko and Vern Paxson

Proceedings of the World Wide Web Conference, April 2017.


2016

Securing Software Updates for Automobiles

Trishank Kuppusamy, Akan Brown, Sebastien Awwad, Damon McCoy, Russ Bielawski, Cameron Mott, Sam Lauzon, Andre Weimerskirch, and Justin Cappos

14th Embedded Security in Cars Europe (escar EU), November 2016.

Investigating Commercial Pay-Per-Install and the Distribution of Unwanted Software

Kurt Thomas, Juan A. Elices Crespo, Ryan Rasti, Jean-Michel Picod, Cait Phillips, Marc-Andre Decoste, Chris Sharp, Fabio Tirelo, Ali Tofigh, Marc-Antoine Courteau, Lucas Ballard, Robert Shield, Nav Jagpal, Moheeb Abu Rajab, Panayiotis Mavrommatis, Niels Provos, Elie Bursztein, and Damon McCoy

Proceedings of the 25th USENIX Security Symposium, August 2016

You’ve Got Vulnerability: Exploring Effective Vulnerability Notifications

Frank Li, Zakir Durumeric, Jakub Czyz, Mohammad Karami, Michael Bailey, Damon McCoy, Stefan Savage, and Vern Paxson

Proceedings of the 25th USENIX Security Symposium, August 2016.

On Omitting Commits and Committing Omissions: Preventing Git Metadata Tampering That (Re)introduces Software Vulnerabilities 

Santiago Torres-Arias, Anil Ammula, Reza Curtmola, and Justin Cappos.

Proceedings of the 25th USENIX Security Symposium, August 2016

Deterring Financially Motivated Cybercrime

Zachary K. Goldman and Damon McCoy

Journal of National Security Law and Policy, Vol. 8, No. 3, 2016.

Stress Testing the Booters: Understanding and Undermining the Business of DDoS Services

Mohammad Karami, Youngsam Park and Damon McCoy

Proceedings of the World Wide Web Conference (WWW), April 2016.

Characterizing Long-tail SEO Spam on Cloud Web Hosting Services

Xiaojing Liao, Chang Liu, Damon McCoy, Elaine Shi and Raheem Beyah

Proceedings of the World Wide Web Conference (WWW), April 2016.

Diplomat: Using Delegations to Protect Community Repositories

Trishank Kuppusamy, Santiago Torres-Arias, Vladimir Diaz, and Justin Cappos

13th USENIX Symposium on Networked Systems Design and Implementation (NSDI ’16), March 2016

Understanding Craigslist Rental Scams

Youngsam Park, Damon McCoy and Elaine Shi

Proceedings of Financial Cryptography and Data Security Conference, February 2016.

Do You See What I See: Differential Treatment of Anonymous Users

Sheharbano Khattak, David Fifield, Sadia Afroz, Mobin Javed, Srikanth Sundaresan, Vern Paxson, Steven J. Murdoch, and Damon McCoy

Proceedings of the Network and Distributed System Security Symposium, February 2016

Foundational Research Papers

These older papers represent the groundwork for a number of  research initiative now being conducted by CCS faculty

Securing Computer Hardware Using 3D Integrated Circuit (IC) Technology and Split Manufacturing for Obfuscation

Frank Imeson, Ariq Emtenan, Siddharth Garg, and Mahesh V. Tripunitara

22nd USENIX Security Symposium, August 2013

Best Student Paper Award

Survivable Key Compromise in Software Update Systems 

Justin Samuel, Nick Mathewson, Justin Cappos, and Roger Dingledine.

17th ACM Conference on Computer and Communications Security, October 2010.

Finalist for 2010 AT&T Award for Best Applied Security Research Paper

A Look In the Mirror: Attacks on Package Managers

Justin Cappos, Justin Samuel, Scott Baker, and John H. Hartman

15th ACM Conference on Computer and Communications Security, October 2008.

Stork: Package Management for Distributed VM Environments 

Justin Cappos, Scott Baker, Jeremy Plichta, Duy Nyugen, Jason Hardies, Matt Borgard, Jeffry Johnston, and John H. Hartman.

21st Large Installation System Administration Conference, November 2007.