Publications

Filter by type:

. When Coding Style Survives Compilation: De-anonymizing Programmers from Executable Binaries.. Network and Distributed System Security Symposium (NDSS), 2018.

PDF

. Static Program Analysis as a Fuzzing Aid. Symposium on Research in Attacks, Intrusions, and Defenses (RAID), 2017.

PDF

. Static Exploration of Taint-Style Vulnerabilities Found by Fuzzing. USENIX Workshop on Offensive Technologies (WOOT), 2017.

PDF

. Leveraging Flawed Tutorials for Seeding Large-Scale Web Vulnerability Discovery. USENIX Workshop on Offensive Technologies (WOOT), 2017.

PDF

. Efficient and Flexible Discovery of PHP Application Vulnerabilities. IEEE European Symposium on Security and Privacy (EuroS&P), 2017.

PDF

. Automatically Inferring Malware Signatures for Anti-Virus Assisted Attacks. ACM Asia Conference on Computer and Communications Security (ASIACCS), 2017.

PDF

. Twice the Bits, Twice the Trouble: Vulnerabilities Induced by Migrating to 64-bit Platforms. ACM Conference on Computer and Communications Security (CCS), 2016.

PDF

. Towards Vulnerability Discovery Using Staged Program Analysis. Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2016.

PDF

. Comprehensive Analysis and Detection of Flash-based Malware. Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2016.

PDF

. Pattern-Based Vulnerability Discovery. Dissertation, 2015.

PDF

. VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits. ACM Conference on Computer and Communications Security (CCS), 2015.

PDF

. Pulsar: Stateful Black-Box Fuzzing of Proprietary Network Protocols. International Conference on Security and Privacy in Communication Networks (SECURECOMM), 2015.

PDF

. De-anonymizing Programmers via Code Stylometry. USENIX Security Symposium (SEC), 2015.

PDF

. Automatic Inference of Search Patterns for Taint-Style Vulnerabilities. IEEE Symposium on Security and Privacy (S&P), 2015.

PDF

. Torben: A Practical Side-Channel Attack for Deanonymizing Tor Communication. ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2015.

PDF

. Modeling and Discovering Vulnerabilities with Code Property Graphs. IEEE Symposium on Security and Privacy (S&P), 2014.

PDF

. Structural Detection of Android Malware using Embedded Call Graphs. Workshop on Artificial Intelligence and Security (AISEC), 2013.

PDF

. Chucky: Exposing Missing Checks in Source Code for Vulnerability Discovery. ACM Conference on Computer and Communications Security (CCS), 2013.

PDF

. Generalized Vulnerability Extrapolation using Abstract Syntax Trees. Annual Computer Security Applications Conference (ACSAC), 2012.

PDF

. Vulnerability Extrapolation: Assisted Discovery of Vulnerabilities using Machine Learning. USENIX Workshop on Offensive Technologies (WOOT), 2011.

PDF