A5041544321- Advanced Malware Detection Techniques
- Spam and Phishing Detection
- Web Application Security Vulnerabilities
- Internet Traffic Analysis and Secure E-voting
- Network Security and Intrusion Detection
- Security and Verification in Computing
- Privacy, Security, and Data Protection
- Information and Cyber Security
- Web Data Mining and Analysis
- Software Engineering Research
- Cybercrime and Law Enforcement Studies
- Supply Chain Resilience and Risk Management
- Network Traffic and Congestion Control
- User Authentication and Security Systems
- Privacy-Preserving Technologies in Data
- Software-Defined Networks and 5G
- Logic, programming, and type systems
- Digital and Cyber Forensics
- Adversarial Robustness in Machine Learning
- Software Testing and Debugging Techniques
- Digital Rights Management and Security
- Hate Speech and Cyberbullying Detection
- Wireless Networks and Protocols
- Mobile Crowdsensing and Crowdsourcing
- Context-Aware Activity Recognition Systems
North Carolina State University
2016-2025
Institute of Electrical and Electronics Engineers
2022
Regional Municipality of Niagara
2022
IEEE Computer Society
2022
University of Cambridge
2019
Solutions Inc. (Japan)
2019
Arizona State University
2019
Google (United States)
2019
University of California, Santa Barbara
2011-2015
Foundation for Research and Technology Hellas
2010
The web has become an essential part of our society and is currently the main medium information delivery. Billions users browse on a daily basis, there are single websites that have reached over one billion user accounts. In this environment, ability to track their online habits can be very lucrative for advertising companies, yet intrusive privacy users. paper, we examine how web-based device fingerprinting works Internet. By analyzing code three popular browser-fingerprinting providers,...
JavaScript is used by web developers to enhance the interactivity of their sites, offload work users' browsers and improve sites' responsiveness user-friendliness, making pages feel behave like traditional desktop applications. An important feature JavaScript, ability combine multiple libraries from local remote sources into same page, under namespace. While this enables creation more advanced applications, it also allows for a malicious provider steal data other scripts page itself. Today,...
Reusable software libraries, frameworks, and components, such as those provided by open-source ecosystems third-party suppliers, accelerate digital innovation. However, recent years have shown almost exponential growth in attackers leveraging these artifacts to launch supply chain attacks. Past well-known attacks include the SolarWinds, log4j, xz utils incidents. Supply are considered three major attack vectors: through vulnerabilities malware accidentally or intentionally injected into...
Online advertising drives the economy of World Wide Web. Modern websites any size and popularity include advertisements to monetize visits from their users. To this end, they assign an area web page company (so called ad exchange) that will use it display promotional content. By doing this, website owner implicitly trusts offer legitimate content not put site's visitors at risk falling victims malware campaigns other scams.
Today, web injection manifests in many forms, but fundamentally occurs when malicious and unwanted actors tamper directly with browser sessions for their own profit. In this work we illuminate the scope negative impact of one these ad injection, which users have ads imposed on them addition to, or different from, those that websites originally sent them. We develop a multi-staged pipeline identifies wild captures its distribution revenue chains. find has entrenched itself as cross-browser...
The contentious battle between web services and miscreants involved in blackhat search engine optimization malicious advertisements has driven the underground to develop increasingly sophisticated techniques that hide true nature of sites. These cloaking hinder effectiveness security crawlers potentially expose Internet users harmful content. In this work, we study spectrum target browser, network, or contextual cues detect organic visitors. As a starting point, investigate capabilities ten...
Phishing is a critical threat to Internet users. Although an extensive ecosystem serves protect users, phishing websites are growing in sophistication, and they can slip past the ecosystem's detection systems—and subsequently cause real-world damage—with help of evasion techniques. Sophisticated client-side techniques, known as cloaking, leverage JavaScript enable complex interactions between potential victims website, thus be particularly effective slowing or entirely preventing automated...
Browser extensions are small JavaScript, CSS and HTML programs that run inside the browser with special privileges. These programs, often written by third parties, operate on pages is visiting, giving user a programmatic way to configure browser. The privacy implications arise allowing privileged third-party code execute users' not well understood. In this paper, we develop taint analysis framework for use it perform large scale study of in regard their practices. We first present hybrid...
Modern web security and privacy research depends on accurate measurement of an often evasive hostile web. No longer just a network static, hyperlinked documents, the modern is alive with JavaScript (JS) loaded from third parties unknown trustworthiness. Dynamic analysis potentially JS currently presents cruel dilemma: use heavyweight in-browser solutions that prove impossible to maintain, or lightweight inline are detectable by which cannot match scope coverage provided systems. We present...
As a step towards protecting user privacy, most web browsers perform some form of third-party HTTP cookie blocking or periodic deletion by default, while users typically have the option to select even stricter policies. result, trackers shifted their efforts work around these restrictions and retain improve extent tracking capability.
JavaScript runtime systems include some specialized programming interfaces, called binding layers.Binding layers translate data representations between and unsafe low-level languages, such as C C++, by converting different types.Due to the wide adoption of (and engines) in entire computing ecosystem, discovering bugs is critical.Nonetheless, existing fuzzers cannot adequately fuzz due two major challenges: Generating syntactically semantically correct test cases reducing size input space for...
In this paper, we conduct the largest to-date analysis of browser extensions, by investigating 922,684 different extension versions collected in past six years, and using data to discover malicious extensions. We propose a two-stage system that first identifies extensions based on anomalous ratings locates code was added benign order make it malicious. encode these deltas according APIs they abuse search our historical dataset for other similar which have not yet been flagged, neither users...
Accurate web measurement is critical for understanding and improving security privacy online. Such measurements implicitly assume that automated crawls generalize to typical user experience. But anecdotal evidence suggests the behaves differently when seen via well-known endpoints or automation frameworks, various reasons. Our work improves state of by investigating how key differ using naive crawling tool defaults vs. careful attempts match "real" users across Tranco top 25k domains. We...
Content blocking is an important part of a per-formant, user-serving, privacy respecting web. Current content blockers work by building trust labels over URLs. While useful, this approach has many well understood shortcomings. Attackers may avoid detection changing URLs or domains, bundling unwanted code with benign code, inlining in pages.The common flaw existing approaches that they evaluate based on its delivery mechanism, not behavior. In we address problem system for generating...
Cyber attacks leveraging or targeting the software supply chain, such as SolarWinds and Log4j incidents, affected thousands of businesses their customers, drawing attention from both industry government stakeholders. To foster open dialogue, facilitate mutual sharing, discuss shared challenges encountered by stakeholders in securing researchers NSF-supported Secure Software Supply Chain Center (S3C2) organize Summits with This paper summarizes Industry Summit held on November 16, 2023, which...
In this paper, we investigate to what extent the page modifications that make browser extensions fingerprintable are necessary for their operation. We characterize completely unnecessary extension's functionality as extension bloat. By analyzing 58,034 from Google Chrome store, discovered 5.7% of them were unnecessarily identifiable because To protect users against fingerprinting due bloat, describe design and implementation an in-browser mechanism provides coarse-grained access control on...
By analyzing the code of three popular browser-fingerprinting providers, authors reveal techniques that allow websites to track users without client-side identifiers. They expose questionable practices, such as circumvention HTTP proxies discover a user's real IP address and installation intrusive browser plug-ins. In addition, they measure adoption fingerprinting on Web evaluate user-agent-spoofing extensions, showing current commercial approaches can bypass extensions take advantage their...
In this paper, we perform a large-scale measurement study of JavaScript obfuscation browser APIs in the wild. We rely on simple, but powerful observation: if dynamic analysis script's behavior (specifically, how it interacts with APIs) reveals API feature usage that cannot be reconciled static source code, then is obfuscated. To quantify and test observation, create hybrid platform using instrumented Chromium to log all accesses by scripts executed when user visits page. filter access traces...