Skip to main content

Accepted Papers

The following technical papers have been accepted to this year's program.

PhishReplicant: A Language Model-based Approach to Detect Generated Squatting Domain Names
Takashi Koide, NTT Security (Japan) KK; Naoki Fukushi, NTT Security (Japan) KK; Hiroki Nakano, NTT Security (Japan) KK; Daiki Chiba, NTT Security (Japan) KK

From Attachments to SEO: Click Here to Learn More about Clickbait PDFs!
Giada Stivala, CISPA Helmholtz Center for Information Security; Sahar Abdelnabi, CISPA Helmholtz Center for Information Security; Andrea Mengascini, CISPA Helmholtz Center for Information Security; Mariano Graziano, Cisco Talos; Mario Fritz, CISPA Helmholtz Center for Information Security; Giancarlo Pellegrino, CISPA Helmholtz Center for Information Security

Scamdog Millionaire: Detecting E-commerce Scams in the Wild
Platon Kotzias, Norton Research Group; Kevin Roundy, Norton Research Group; Michalis Pachilakis, Norton Research Group; Iskander Sanchez-Rola, Norton Research Group; Leyla Bilge, Norton Research Group

When Push Comes to Shove: Empirical Analysis of Web Push Implementations in the Wild
Alberto Carboneri, University of Illinois Chicago; Mohammad Ghasemisharif, University of Illinois Chicago; Soroush Karami, Paypal, Inc.; Jason Polakis, University of Illinois Chicago

Triereme: Speeding up hybrid fuzzing through efficient query scheduling
Elia Geretto, Vrije Universiteit Amsterdam; Julius Hohnerlein, Vrije Universiteit Amsterdam; Cristiano Giuffrida, Vrije Universiteit Amsterdam; Herbert Bos, Vrije Universiteit Amsterdam; Erik van der Kouwe, Vrije Universiteit Amsterdam; Klaus v. Gleissenthall, Vrije Universiteit Amsterdam

On the Feasibility of Cross-Language Detection of Malicious Packages in npm and PyPI
Piergiorgio Ladisa, SAP Security Research, Université de Rennes 1, INRIA/IRISA; Serena Elisa Ponta, SAP Security Research; Nicola Ronzoni, SAP Security Research; Matias Martinez, Universitat Politècnica de Catalunya-BarcelonaTech; Olivier Barais, Univ. Rennes, Inria, CNRS, IRISA

Artemis: Defanging Software Supply Chain Attacks in Multi-repository Update Systems
Marina Moore, New York University; Trishank Kuppusamy, Datadog; Justin Cappos, New York University

ANDetect: A Third-party Ad Network Libraries Detection Framework for Android Applications
Xinyu Liu, Institute of Information Engineering, CAS; Ze Jin, Institute of Information Engineering, CAS; Jiaxi Liu, Institute of Information Engineering, CAS; Wei Liu, Institute of Information Engineering, CAS; Xiaoxi Wang, Institute of Information Engineering, CAS; Qixu Liu, Institute of Information Engineering, CAS

Delegation of TLS Authentication to CDNs using Revocable Delegated Credentials
Daegeun Yoon, ETRI, KAIST; Taejoong Chung, Virginia Tech; Yongdae Kim, KAIST

Domain and Website Attribution beyond WHOIS
Silvia Sebastián, IMDEA Software Institute; Raluca-Georgia Diugan, IMDEA Software Institute; Juan Caballero, IMDEA Software Institute; Iskander Sanchez-Rola, Norton Research Group; Leyla Bilge, Norton Research Group

FS3: Few-Shot and Self-Supervised Framework for Efficient Intrusion Detection in Internet of Things Networks
Ayesha S. Dina, Florida Polytechnic University; A. B. Siddique, University of Kentucky; D. Manivannan, University of Kentucky

An Empirical Analysis of Enterprise-Wide Mandatory Password Updates
Ariana Mirian, University of California, San Diego; Grant Ho, University of California, San Diego; Stefan Savage, University of California, San Diego; Geoffrey M. Voelker, University of California, San Diego

SealClub: Computer-aided Paper Document Authentication
Martín Ochoa, Zurich University of Applied Sciences; Hernán Vanegas, Universidad Nacional de Colombia; Jorge Toro-Pozo, SIX Digital Exchange; David Basin, ETH Zürich

Lightweight Privacy-Preserving Proximity Discovery for Remotely-Controlled Drones
Pietro Tedeschi, Technology Innovation Institute (TII); Savio Sciancalepore, Technische Universiteit Eindhoven (TU/e); Roberto Di Pietro, King Abdullah University of Science and Technology – CEMSE – RC3

Unleashing IoT Security: Assessing the Effectiveness of Best Practices in Protecting Against Threats
Philipp Pütz, Technical University of Darmstadt; Richard Mitev, Technical University of Darmstadt; Markus Miettinen, Technical University of Darmstadt; Ahmad-Reza Sadeghi, Technical University of Darmstadt

A Tagging Solution to Discover IoT Devices in Apartments
Berkay Kaplan, University of Illinois at Urbana Champaign; Israel J Lopez-Toledo, University of Illinois at Urbana Champaign; Carl Gunter, University of Illinois at Urbana Champaign; Jingyu Qian, University of Illinois at Urbana Champaign

Hades: Practical Decentralized Identity with Full Accountability and Fine-grained Sybil-resistance
Ke Wang, Peking University; Jianbo Gao, Peking University; Qiao Wang, Peking University; Jiashuo Zhang, Peking University; Yue Li, Peking University; Zhi Guan, Peking University; Zhong Chen, Peking University

Log2Policy: An Approach to Generate Fine-Grained Access Control Rules for Microservices from Scratch
Shaowen Xu, Institute of Information Engineering, Chinese Academy of Sciences. School of Cyber Security, University of Chinese Academy of Sciences.; Qihang Zhou, Institute of Information Engineering, Chinese Academy of Sciences; Heqing Huang, Institute of Information Engineering, Chinese Academy of Sciences; Xiaoqi Jia, Institute of Information Engineering, Chinese Academy of Sciences. School of Cyber Security, University of Chinese Academy of Sciences.; Haichao Du, Institute of Information Engineering, Chinese Academy of Sciences; Yang Chen, Institute of Information Engineering, Chinese Academy of Sciences. School of Cyber Security, University of Chinese Academy of Sciences.; Yamin Xie, Institute of Information Engineering, Chinese Academy of Sciences

The Queen's guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms
Fahad Shaon, Data Security Technologies; Sazzadur Rahaman, The University of Arizona; Murat Kantarcioglu, Data Security Technologies

OAuth 2.0 Redirect URI Validation Falls Short
Tommaso Innocenti, Northeastern University; Matteo Golinelli, University of Trento; Kaan Onarlioglu, Akamai Technologies; Ali Mirheidari, Independent Researcher; Bruno Crispo, University of Trento; Engin Kirda, Northeastern University

Secure and Lightweight Over-the-Air Software Update Distribution for Connected Vehicles
Christian Plappert, Fraunhofer SIT | ATHENE; Andreas Fuchs

Secure and Lightweight ECU Attestations for Resilient Over-the-Air Updates in Connected Vehicles
Christian Plappert, Fraunhofer SIT | ATHENE; Andreas Fuchs

Detection of Anomalies in Electric Vehicle Charging Sessions
Dustin Kern, Darmstadt University of Applied Sciences; Christoph Krauß, Darmstadt University of Applied Sciences; Matthias Hollick, Technical University of Darmstadt

SePanner: Analyzing Semantics of Controller Variables in Industrial Control Systems based on Network Traffic
Jie Meng, College of Control Science and Engineering, Zhejiang University; Zeyu Yang, College of Control Science and Engineering, Zhejiang University; Zhenyong Zhang, the State Key Laboratory of Public Big Data and the College of Computer Science and Technology, Guizhou University, Guiyang 550025, China; Yangyang Geng, Information Engineering University; Ruilong Deng, College of Control Science and Engineering, Zhejiang University; Peng Cheng, College of Control Science and Engineering, Zhejiang University; Jiming Chen, College of Control Science and Engineering, Zhejiang University; Jianying Zhou, Singapore University of Technology and Design

FraudLens: Graph Structural Learning for Bitcoin Illicit Activity Identification
Jack Nicholls, University College Dublin; Aditya Kuppa, University College Dublin; Nhien-An Le-Khac, University College Dublin

Poisoning Network Flow Classifiers
Giorgio Severi, Northeastern University; Simona Boboila, Northeastern University; Alina Oprea, Northeastern University; John Holodnak, MIT Lincoln Laboratory; Kendra Kratkiewicz, MIT Lincoln Laboratory; Jason Matterer, STR

TGC: Transaction Graph Contrast Network for Ethereum Phishing Scam Detection
Sijia Li, Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of the Chinese Academy of Sciences; Gaopeng Gou, Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of the Chinese Academy of Sciences; Chang Liu, Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of the Chinese Academy of Sciences; Gang Xiong, Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of the Chinese Academy of Sciences; Zhen Li, Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of the Chinese Academy of Sciences; Junchao Xiao, Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of the Chinese academy of Sciences; Xinyu Xing, Northwestern University

Can Large Language Models Provide Security & Privacy Advice? Measuring the Ability of LLMs to Refute Misconceptions
Yufan Chen, Purdue University; Arjun Arunasalam, Purdue University; Z. Berkay Celik, Purdue University

DefWeb: Defending User Privacy against Cache-based Website Fingerprinting Attacks with Intelligent Noise Injection
Seonghun Son, Iowa State University; Debopriya Roy Dipta, Iowa State University; Berk Gulmezoglu, Iowa State University

Protecting Your Voice from Speech Synthesis Attacks
Zihao Liu, Iowa State University; Yan Zhang, Iowa State University; Chenglin Miao, Iowa State University

Continuous Authentication Using Human-Induced Electric Potential
Srinivasan Murali, The University of Texas at Arlington; Wenqiang Jin, Hunan University; Vighnesh Sivaraman, The University of Texas at Arlington; Huadi Zhu, The University of Texas at Arlington; Tianxi Ji, Texas Tech University; Pan Li, Case Western Reserve University; Ming Li, The University of Texas at Arlington

Cross Body Signal Pairing (CBSP): A Key Generation Protocol for Pairing Wearable Devices with Different Modalities
Jafar Pourbemany, Cleveland State University; Ye Zhu, Cleveland State University

The Day-After-Tomorrow: On the Performance of Radio Fingerprinting over Time
SaeifAlhazbi, Hamad Bin Khalifa University; Savio Sciancalepore, Technische Universiteit Eindhoven (TU/e); Gabriele Oligeri, Hamad Bin Khalifa University

Enhanced In-air Signature Verification via Hand Skeleton Tracking to Defeat Robot-level Replays
Zeyu Deng, Louisiana State University; Long Huang, Louisiana State University; Chen Wang, Louisiana State University

Secure Softmax/Sigmoid for Machine-learning Computation
Yu Zheng, The Chinese University of Hong Kong; Qizhi Zhang, Ant Group; Sijun Tan, UC Berkeley; Yuxiang Peng, Northeastern University; Lichun Li, Ant Group; Sherman S.M. Chow, The Chinese University of Hong Kong; Shan Yin, Ant Group

Link Membership Inference Attacks against Unsupervised Graph Representation Learning
Xiuling Wang, Stevens Institute of Technology; Wendy Hui Wang, Stevens Institute of Technology

FLARE: Fingerprinting Deep Reinforcement Learning Agents using Universal Adversarial Masks
Buse Gul Atli Tekgul, Nokia Bell Labs & Aalto University; N. Asokan, University of Waterloo & Aalto University

On the Detection of Image-Scaling Attacks in Machine Learning
Erwin Quiring, ICSI, Ruhr University Bochum; Andreas Müller, Ruhr University Bochum; Konrad Rieck, TU Berlin

A First Look at Toxicity Injection Attacks on Open-domain Chatbots
Connor Weeks, Virginia Tech; Aravind Cheruvu, Virginia Tech; Sifat Muhammad Abdullah, Virginia Tech; Shravya Kanchi, Virginia Tech; Daphne Yao, Virginia Tech; Bimal Viswanath, Virginia Tech

DeepTaster: Adversarial Perturbation-Based Fingerprinting to Identify Proprietary Dataset Use in Deep Neural Networks
Seonhye Park, Sungkyunkwan University; Alsharif Abuadbba, CSIRO’s Data61, Australia; Shuo Wang, CSIRO’s Data61, Australia; Kristen Moore, CSIRO’s Data61, Australia; Yansong Gao, CSIRO’s Data61, Australia; Hyoungshick Kim, Sungkyunkwan University, South Korea; Surya Nepal, CSIRO’s Data61, Australia

Prioritizing Remediation of Enterprise Hosts by Malware Execution Risk
Andrew Chi, Cisco Systems; Blake Anderson, Cisco Systems; Michael K. Reiter, Duke University

Global Analysis with Aggregation-based Beaconing Detection across Large Campus Networks
Yizhe Zhang, University of Virginia; Hongying Dong, University of Virginia; Alastair Nottingham, University of Virginia; Molly Buchanan, University of Virginia; Donald E. Brown, University of Virginia; Yixin Sun, University of Virginia

PSP-Mal: Evading Malware Detection via Prioritized Experience-based Reinforcement Learning with Shapley Prior
Dazhi Zhan, Army Engineering University of PLA; Wei Bai, Army Engineering University of PLA; Xin Liu, Army Engineering University of PLA; Yue Hu, National University of Defense Technology; Lei Zhang, Academy of Military Sciences; Shize Guo, Army Engineering University of PLA; Zhisong Pan, Army Engineering University of PLA

Binary Sight-Seeing: Accelerating Reverse Engineering via Point-of-Interest-Beacons
August See, Universität Hamburg; Maximilian Gehring, TU Darmstadt; Mathias Fischer, Universität Hamburg; Shankar Karuppayah, National Advanced IPv6 Centre, Universiti Sains Malaysia

DeepContract: Controllable Authorization of Deep Learning Models
Xirong Zhuang, University of Science and Technology of China; Lan Zhang, University of Science and Technology of China; Chen Tang, University of Science and Technology of China; Huiqi Liu, University of Science and Technology of China; Bin Wang, Tencent YouTu Lab; Yan Zheng, Tencent YouTu Lab; Bo Ren, Tencent YouTu Lab

Secure MLaaS with Temper: Trusted and Efficient Model Partitioning and Enclave Reuse
Fabing Li, Xi’an Jiaotong University; Institute for Interdisciplinary Information Core Technology, Xi’an; Xiang Li, Tsinghua university; Mingyu Gao, Tsinghua university; Shanghai Artificial Intelligence Lab; Institute for Interdisciplinary Information Core Technology, Xi’an

ABFL: A Blockchain-enabled Robust Framework for Secure and Trustworthy Federated Learning
Bo Cui, Inner Mongolia University; Tianyu Mei, Inner Mongolia University

FLEDGE: Ledger-based Federated Learning Resilient to Inference and Backdoor Attacks
Jorge Castillo, The University of Texas Rio Grande Valley; Phillip Rieger, Technical University of Darmstadt; Hossein Fereidooni, KOBIL GmbH; Qian Chen, The University of Texas at San Antonio; Ahmad Sadeghi, Technical University of Darmstadt

DOPE: DOmain Protection Enforcement with PKS
Lukas Maar, Graz University of Technology; Martin Schwarzl, Independent Researcher; Fabian Rauscher, Graz University of Technology; Daniel Gruss, Graz University of Technology; Stefan Mangard, Graz University of Technology

RandCompile: Removing Forensic Gadgets from the Linux Kernel to Combat its Analysis
Fabian Franzen, Technical University of Munich; Andreas Chris Wilhelmer, Technical University of Munich; Jens Grossklags, Technical University of Munich

Attack of the Knights:Non Uniform Cache Side Channel Attack
Farabi Mahmud, Texas A&M University; Sungkeun Kim, Texas A&M University; Harpreet Singh Chawla, Texas A&M University; EJ Kim, Texas A&M University; Chia-Che Tsai, Texas A&M University; Abdullah Muzahid, Texas A&M University

PAVUDI: Patch-based Vulnerability Discovery using Machine Learning
Tom Ganz, SAP SE; Erik Imgrund, SAP SE; Martin Härterich, SAP SE; Konrad Rieck, Technische Universität Berlin

Remote Attestation with Constrained Disclosure
Michael Eckel, Fraunhofer SIT | ATHENE; Dominik Roy George, Eindhoven University of Technology; Björn Grohmann, gematik GmbH; Christoph Krauß, Darmstadt University of Applied Sciences

Remote Attestation of Confidential VMs Using Ephemeral vTPMs
Vikram Narayanan, University of Utah; Claudio Carvalho, IBM Research; Angelo Ruocco, IBM Research; Gheorghe Almasi, IBM Research; James Bottomley, IBM Research; Mengmei Ye, IBM Research; Tobin Feldman-Fitzthum, IBM Research; Daniele Buono, IBM Research; Hubertus Franke, IBM Research; Anton Burtsev, University of Utah

No Forking Way: Detecting Cloning Attacks on Intel SGX Applications
Samira Briongos, NEC Laboratories Europe; Ghassan Karame, Ruhr University Bochum (RUB); Claudio Soriente, NEC Laboratories Europe; Annika Wilde, Ruhr University Bochum (RUB)

Detecting Weak Keys in Manufacturing Certificates: A Case Study
Andrew Chi, Cisco Systems; Brandon Enright, Cisco Systems; David McGrew, Cisco Systems

Differentially Private Resource Allocation
Joann Qiongna Chen, University of California, Irvine; Tianhao Wang, University of Virginia; Zhikun Zhang, CISPA Helmholtz Center for Information Security; Yang Zhang, CISPA Helmholtz Center for Information Security; Somesh Jha, University of Wisconsin; Zhou Li, University of California, Irvine

Mitigating Membership Inference Attacks by Weighted Smoothing
MINGTIAN TAN, The University of Virginia; Xiaofei Xie, Singapore Management University; Jun Sun, Singapore Management University; Tianhao Wang, The University of Virginia

Mostree: Malicious Secure Private Decision Tree Evaluation with Sublinear Communication
Jianli Bai, University of Auckland; Xiangfu Song, National University of Singapore; Xiaowu Zhang, CloudWalk Technology; Qifan Wang, University of Auckland; Shujie Cui, Monash University; Ee-Chien Chang, National University of Singapore; Giovanni Russello, University of Auckland