ERASER: Your Data Won't Be Back

Large-Scale Analysis of Style Injection by Relative Path Overwrite

Ex-Ray: Detection of History-Leaking Browser Extensions

Lens on the Endpoint: Hunting for Malicious Software through Endpoint Data Analysis

Game of Registrars: An Empirical Analysis of Post-Expiration Domain Name Takeovers

Semi-automated Discovery of Server-Based Information Oversharing Vulnerabilities in Android Applications

Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web

WHOIS Lost in Translation: (Mis)Understanding Internet Domain Name Expiration and Re-Registration

Identifying Extension-based Ad Injection via Fine-grained Web Content Provenance

Trellis: Privilege Separation for Multi-User Applications Made Easy

Runtime Integrity Checking for Exploit Mitigation on Lightweight Embedded Devices

Tracing Information Flows Between Ad Exchanges Using Retargeted Ads

UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware

EmailProfiler: Spearphishing Filtering with Header and Stylometric Features of Emails

Overhaul: Input-Driven Access Control for Better Privacy on Traditional Operating Systems

LAVA: Large-scale Automated Vulnerability Addition

Towards Detecting Logic Bombs in Android Applications

CrossFire: An Analysis of Firefox Extension-Reuse Vulnerabilities

CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes

Include Me Out: In-Browser Detection of Malicious Third-Party Content Inclusions

ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities

Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks

On the Security and Engineering Implications of Finer-Grained Access Controls for Android Developers and Users

BabelCrypt: The Universal Encryption Layer for Mobile Messaging Applications

TrueClick: Automatically Distinguishing Trick Banners from Genuine Download Links

Why is CSP Failing? Trends and Challenges in CSP Adoption

Optical Delusions: A Study of Malicious QR Codes in the Wild

VirtualSwindle: An Automated Attack Against In-App Billing on Android

Hidden GEMs: Automated Discovery of Access Control Vulnerabilities in Graphical User Interfaces

Beehive: Large-Scale Log Analysis for Detecting Suspicious Activity in Enterprise Networks

PatchDroid: Scalable Third-Party Patches for Android Devices

Holiday Pictures or Blockbuster Movies? Insights into Copyright Infringement in User Uploads to One-Click File Hosters

Securing Legacy Firefox Extensions with Sentinel

PrivExec: Private Execution as an Operating System Service

A Practical, Targeted, and Stealthy Attack Against WPA Enterprise Authentication

DISCLOSURE: Detecting Botnet Command and Control Servers Through Large-Scale NetFlow Analysis

TRESOR-HUNT: Attacking CPU-Bound Encryption

Preventing Input Validation Vulnerabilities in Web Applications through Automated Type Analysis

An Empirical Analysis of Input Validation Mechanisms in Web Applications and Languages

Effective Anomaly Detection with Scarce Training Data

Protecting a Moving Target: Addressing Web Application Concept Drift

Static Enforcement of Web Application Integrity Through Strong Typing

Are Your Votes Really Counted? Testing the Security of Real-world Voting Systems

Improving Signature Testing Through Dynamic Data Flow Analysis

Exploiting Execution Context for the Detection of Anomalous System Calls

Using Generalization and Characterization Techniques in the Anomaly-based Detection of Web Attacks

Polymorphic Worm Detection Using Structural Information of Executables

Automating Mimicry Attacks Using Static Binary Analysis

Reverse Engineering of Network Signatures

Detecting Kernel-Level Rootkits Through Binary Analysis

Testing Network-based Intrusion Detection Signatures Using Mutant Exploits

Static Disassembly of Obfuscated Binaries

A Stateful Intrusion Detection System for World-Wide Web Servers

Bayesian Event Classification for Intrusion Detection

Run-time Detection of Heap-based Overflows

Topology-based Detection of Anomalous BGP Messages


Sentinel: Securing Legacy Firefox Extensions

An Experience in Testing the Security of a Real-World Electronic Voting System

Reducing Errors in the Anomaly-based Detection of Web-based Attacks Through the Combined Analysis of Web Requests and SQL Queries

A Multi-Model Approach to the Detection of Web-based Attacks

Using Alert Verification to Identify Successful Intrusion Attempts


Alert Verification: Determining the Success of Intrusion Attempts


Detecting and Preventing Attacks Against Web Applications