|
¡¡
|
¡¡
|
¡¡
Publications
|
2014-2015 (selected)
|
|
1.
R. Wang, W. Enck, D. Reeves, X. Zhang, P. Ning, D. Xu,
W. Zhou, and A. Azab, ¡°EASEAndroid: Automatic Policy Analysis and
Refinement for Security Enchanced Android via Large-Scale Semi-Supervised
Learning¡±, USENIX Security 2015, published.
2. Chuangang
Ren, Yulong Zhang, Hui Xue, Tao Wei, Peng Liu, "Towards Discovering
and Understanding Task Hijacking in Android," USENIX Security 2015,
published.
3. Jiang
Ming, Dinghao Wu, Gaoyao Xiao, Jun Wang, and Peng Liu, ¡°TaintPipe:
Pipelined Symbolic Taint Analysis,¡± USENIX
Security 2015, published
4. Kai
Chen, Peng Wang, Yeonjoon Lee, Xiaofeng Wang, Nan Zhang, Heqing Huang,
Wei Zou, Peng Liu, "Finding Unknown Malice in 10 Seconds: Mass
Vetting for New Threats at the Google-Play Scale," USENIX Security 2015,
published.
5. Mingyi
Zhao, Jens Grossklags, Peng Liu, ¡°An Empirical Study of Web Vulnerability
Discovery Ecosystems,¡± ACM CCS 2015,
published.
6. C.
Zhong, J. Yen, P. Liu, R. Erbacher, R. Etoty, and C. Garneau, ¡°An
Integrated Computer-Aided Cognitive Task Analysis Method for Tracing
Cyber-Attack Analysis Processes,¡± Proceedings of the 2015 Symposium and
Bootcamp on the Science of Security, ACM, 2015, published.
7. Q.
Zeng, M. Zhao, P. Liu, ¡°HeapTherapy: An Efficient End-to-end Solution
against Heap Buffer Overflows,¡± IEEE DSN 2015,
published.
8. B.
Zhao, P. Liu, ¡°Private Browsing Mode Not Really That Private: Dealing
with Privacy Breach Caused by Browser Extensions,¡± IEEE DSN 2015, published.
9. Jun
Wang, Mingyi Zhao, Qiang Zeng, Dinghao Wu, and Peng Liu, ¡°Risk Assessment
of Buffer ¡®Heartbleed¡¯ Over-read Vulnerabilities¡± (Practical Experience
Report), IEEE DSN 2015,
published.
10. M.
Albanese, E. Battista, and S. Jajodia, ¡°A Deception Based Approach for
Defeating OS and Service Fingerprinting,¡± To appear in Proceedings of the
3rd IEEE Conference on Communications and Network Security (IEEE CNS 2015), Florence, Italy,
September 28-30, 2015.
11. S.
Venkatesan, M. Albanese, and S. Jajodia. ¡°Disrupting Stealthy Botnets
through Strategic Placement of Detectors,¡± To appear in Proceedings of the
3rd IEEE Conference on Communications and Network Security (IEEE CNS 2015), Florence, Italy,
September 28-30, 2015.
12. Heqing
Huang, Kai Chen, Chuangang Ren, Peng Liu, Sencun Zhu and Dinghao Wu,
¡°Towards Discovering and Understanding the Unexpected Hazards in
Tailoring Antivirus Software for Android,¡± ACM Asia
CCS 2015, full paper, published.
13. Jun
Wang, Zhiyun Qian, Zhichun Li, Zhenyu Wu, Junghwan Rhee, Xia Ning, Peng
Liu and Geoff Jiang, ¡°Discover and Tame Long-running Idling Processes in
Enterprise Systems,¡± ACM Asia CCS 2015,
full paper, published.
14. Zhongwen
Zhang, Peng Liu, Ji Xiang, Jiwu Jing and Lingguang Lei, ¡°How Your Phone
Camera Can Be Used to Stealthily Spy on You: Transplantation Attacks
against Android Camera Service,¡± ACM CODASPY 2015, published.
15. Christopher G. Healey, Lihua
Hao, and Steve E. Hutchinson, ¡°Ensemble Visualization for Cyber Situation
Awareness of Network Security Data¡±, submitted to IEEE Symposium on
Visualization for Cyber Security (VizSec 2015).
16. Ben-Asher,
N. & Gonzalez, C. (2015). Training for the unknown: The role of feedback and similarity in
detecting zero-day attacks. 6th
International Conference on Applied Human Factors and Ergonomics (AHFE
2015). July 26-30. Las Vegas, NV.
17. S. Kumar, F. Spezzano, and
V.S. Subrahmanian. VEWS: A Wikipedia Vandal Early Warning System, Proc.
2015 ACM KDD, August 2015, Sydney Australia
18. S. Kumar, F. Spezzano, V.S. Subrahmanian. Accurately Detecting Trolls in
Slashdot Zoo via Decluttering, Proc. ACM/IEEE Intl. Conf. on Advances in Social
Network Analysis and Mining (ASONAM) 2014, Beijing, August 2014.
19. McNeese, M. D., Mancuso, V. F., McNeese, N. J., &
Glantz, E. (2015), ¡°What went wrong? What can go right? A
prospectus on human factors practice¡±, to appear in Proceedings of the 6th
International Conference on Applied Human Factors and Ergonomics (AHFE
2015) and the Affiliated Conferences, AHFE, July, 2015, Las
Vegas, NV
20.
Xiaoyan
Sun, Anoop Singhal, Peng Liu, ¡°Who Touched My Mission: Towards
Probabilistic Mission Impact Assessment,¡± In Proceedings of ACM
SafeConfig Workshop, in association with ACM CCS 2015.
21. E. Serra, S. Jajodia, A.
Pugliese, A. Rullo, and V.S. Subrahmanian. Pareto-Optimal Adversarial
Defense of Enterprise Systems, ACM
Transactions on Information & Systems Security, 17(3): 11:1-11:39
(2015).
22. L. Wang, M. Zhang, S. Jajodia,
A. Singhal, and M. Albanese, ¡°Network Diversity: A Security Metric for
Evaluating the Resilience of Networks against Zero-Day Attacks,¡±
Submitted to IEEE Transactions on
Information Forensics & Security, 2015.
23. Ben-Asher, N. & Gonzalez
C. (2015). Effects of Cyber Security Knowledge on
Attack Detection. Computers in
Human Behavior. 48: 51-61.
24. A. Azaria, A. Richardson, S.
Kraus and V.S. Subrahmanian. Behavioral Analysis of Insider Threat: A
Survey and Bootstrapped Prediction in Imbalanced Data, IEEE Transactions on Computational
Social Systems, 1.2 (2014): 135-155, November 2014.
25. Yoon-Chan Jhi, Xinran Wang,
Xiaoqi Jia, Sencun Zhu, Peng Liu, and Dinghao Wu, ¡°Program
Characterization Using Runtime Values and Its Application to Software
Plagiarism Detection,¡± IEEE
Transactions on Software Engineering, accepted, to appear, 2016
26. Jiang Ming, Fangfang Zhang,
Dinghao Wu, Peng Liu, and Sencun Zhu, ¡°Deviation-Based
Obfuscation-Resilient Program Equivalence Checking with Application to
Software Plagiarism Detection,¡± IEEE
Transactions on Reliability, 2016, under Minor revision
27. Q. Zeng, J. Rhee, H. Zhang, N.
Arora, G. Jiang, P. Liu, "Precise and and Scalable Calling Context
Encoding," submitted to ACM
Transactions on Software Engineering and Methodology, 2016
28.
C.
Zhong, J. Yen, P. Liu, R. F. Erbacher, Learn from Analysts¡¯ Working
Experience: Towards Automated Cybersecurity Data Triage, submitted to IEEE Transactions on Human Machine
Systems, 2016
|
|
2013-2014 (selected)
|
|
1.
M. Albanese, C. Molinaro, F. Persia, A. Picariello,
and V.S. Subrahmanian, ¡°Discovering the Top-k Unexplained Sequences in
Time-Stamped Observation Data,¡± IEEE
Transactions on Knowledge and Data Engineering, vol. 26, no. 3, pages
577-594, March 2014.
2.
Dutt, V., Ahn, Y., & Gonzalez,
C. (2013). Cyber Situation Awareness: Modeling Detection of Cyber Attacks
with Instance-Based Learning Theory. Human
Factors. 55(3). 605-618.
3.
C. Molinaro, V. Moscato, A. Picariello, A. Pugliese,
A. Rullo and V.S. Subrahmanian. PADUA: A Parallel Architecture to Detect
Unexplained Activities, accepted for publication in ACM Transactions on Internet Technology, April 2014.
4.
Pugliese, V.S. Subrahmanian, C. Thomas and C.
Molinaro, PASS: A Parallel Activity Search System, IEEE Transactions on Knowledge & Data Engineering, 26(8):
1989-2001 (2014).
5.
D.
Tian, X. Xiong, C. Hu, P. Liu, ¡°Defeating Buffer Overflow Attacks via
Virtualization,¡± Elsevier Journal on Computers & Electrical
Engineering, accepted.
6.
E. Serra, S. Jajodia, A. Pugliese, A. Rullo, and V.S.
Subrahmanian. Pareto-Optimal Adversarial Defense of Enterprise Systems,
submitted to ACM Transactions on
Information & Systems Security, January 2014. Currently
undergoing a second round of review.
7.
Y. Jhi, X. Jia, D.
Wu, S. Zhu, P. Liu, ¡°Value-Based Program Characterization and Its
Application to Software Plagiarism Detection,¡± submitted to IEEE Transactions on Software
Engineering, 2014. Currently undergoing a second round of review.
8.
S.
Zhang, X. Jia, P. Liu, ¡°Towards Service Continuity for Transactional
Applications against Compromised Drivers,¡± Submitted to International Journal of Information
Security, 2014
9.
Rajivan,
P. & Cooke, N. J., (submitted).
A Methodology for Research on the Cognitive Science of Cyber Defense. Journal of Cognitive Engineering and Decision Making: Special
Issue on Cybersecurity Decision Making.
10. Ben-Asher, N. & Gonzalez C. (under
review). Effects of Cyber Security Knowledge on Attack Detection.
11. M. Albanese, E. Battista, S. Jajodia,
and V. Casola, ¡°Manipulating the Attacker¡¯s View of a System¡¯s Attack
Surface,¡± to appear in Proceedings
of the 2nd IEEE Conference on Communications and Network
Security (IEEE CNS 2014), San Francisco, CA, USA, October 29-31,
2014.
12.
L. Wang, M. Zhang, S. Jajodia,
A. Singhal, and M. Albanese, ¡°Modeling Network Diversity for Evaluating
the Robustness of Networks against Zero-Day Attacks,¡± to appear in Proceedings of the 19th
European Symposium on Research in Computer Security (ESORICS 2014),
Wroclaw, Poland, September 7-11, 2014.
13.
Steven Noel and Sushil
Jajodia, ¡°Metrics suite for network attack graph analytics,¡± in Proceedings of the 9th
Cyber and Information Security Research Conference (CISR 2014), Oak
Ridge, TN, USA, April 8-10, 2014.
14.
Xiaoyan Sun, Jun Dai, Anoop
Singhal, Peng Liu, ¡°Inferring the Stealthy Bridges between Enterprise
Network Islands in Cloud Using Cross-Layer Bayesian Networks,¡± SecureComm 2014, Beijing, Sept.
23-26, 2014.
15.
C. Zhong, D. Samuel, J. Yen, P.
Liu, R. Erbacher, S. Hutchinson, R. Etoty, H. Cam, and W. Glodek,
¡°RankAOH: Context-driven Similarity-based Retrieval of Experiences in
Cyber Analysis,¡± In Proceedings of
IEEE CogSIMA Conference, 2014.
16.
R. Wu, P. Chen, P. Liu, B.
Mao, ¡°System Call Redirection: A Practical Approach to Meeting Real-world
VMI Needs,¡± DSN 2014, June
2014.
17.
Lingchen Zhang, Sachin
Shetty, Peng Liu, Jiwu Jing, ¡°RootkitDet: Practical End-to-End Defense
against Kernel Rootkits in a Cloud Environment,¡± ESORICS 2014, Sept.
7-11, 2014.
18.
M. Zhao, J.
Grossklags, K. Chen, ¡°An Exploratory Study of White Hat Behaviors in a
Web Vulnerability Disclosure Program,¡± Proc. ACM WSIW Workshop, in association with CCS'14,
2014.
19.
Kai Chen, Peng Liu, Yingjun
Zhang, ¡°Achieving Accuracy and Scalability Simultaneously in Detecting
Application Clones on Android Markets¡±, Proc. IEEE International Conference on Software Engineering
(ICSE 2014), regular paper, June 2014.
20.
Min Li, Zili Zha, Wanyu Zang,
Meng Yu, Peng Liu, Kun Bai, ¡°Detangling Resource Management Functions
from the TCB in Privacy-Preserving Virtualization,¡± ESORICS 2014, Sept.
7-11, 2014.
21.
Wenhui Hu, Damien Octeau,
Patrick McDaniel, and Peng Liu, ¡°Duet: Library Integrity Verification for
Android Applications,¡± Proceedings
of the ACM Conference on Security and Privacy in Wireless and Mobile
Networks (WiSec), July 2014. Oxford, United Kingdom.
22.
Fangfang Zhang, Heqing Huang,
Sencun Zhu, Dinghao Wu and Peng Liu, ¡°ViewDroid: Towards
Obfuscation-Resilient Mobile Application Repackaging Detection,¡± Proceedings
of the ACM Conference on Security
and Privacy in Wireless and Mobile Networks (WiSec), July 2014.
Oxford, United Kingdom.
23.
Fangfang, Zhang, Dinghao Wu,
Peng Liu, and Sencun Zhu, ¡°Program Logic Based Software Plagiarism
Detection,¡± In Proceedings of the 25th annual
International Symposium on Software Reliability Engineering (ISSRE
2014), Naples, Italy, November 3-6, 2014.
24.
Chuangang Ren, Kai Chen, Peng
Liu, ¡°Droidmarking: Resilient Software Watermarking for Impeding Android
Application Repackaging,¡± Proc.
29th IEEE/ACM International Conference on Automated Software Engineering
(ASE 2014), Sept. 15-19, Sweden, 2014.
25.
Rimland, J. and
Ballora, M., ¡°Using complex event processing (CEP) and vocal synthesis
techniques to improve comprehension of sonified human-centric data¡±, Proceedings of the SPIE Conference on
Sensing Technology and Applications, vol. 9122, June, 2014
26.
Rimland, J., and
Hall, D. "A Hitchhiker¡¯s Guide to Developing Software for Hard and
Soft Information Fusion", Proceedings
of the International Society of Information Fusion (ISIF) FUSION 2014,
Salamanca, Spain, July, 2014.
27.
Rimland, J., and
Ballora, M., ¡°Using vocal-based sounds to represent sentiment in complex
event processing¡±, Proceedings of
the International Conference on Auditory Display (ICAD), June 22 ¨C
25, 2014, New York City
28.
Giacobe, N.A., ¡°A
Picture is Worth A Thousand Alerts¡±, Proceedings
of the 57th annual Meeting of Human Factors and Ergonomics
Society Annual Meeting, San Diego, 2013
29.
Shaffer,
S., ¡°Automatic theory generation from analyst text files using coherence
networks, Proceedings of the SPIE
Conference on Sensing Technology and Applications, vol. 9122, June,
2014
30.
C.
Zhong, M. Zhao, G. Xiao, J. Xu, ¡°Agile Cyber Analysis: Leveraging
Visualization as Functions in Collaborative Visual Analytics,¡± in
Proceedings of IEEE VAST Challenge 2013 Workshop, in association
with IEEE 2013 Visualization Conference.
31.
M. Albanese, H.
Cam, and S. Jajodia. ¡°Automated Cyber Situation Awareness Tools for
Improving Analyst Performance¡±. To appear in Cybersecurity Systems for
Human Cognition Augmentation, Springer 2014.
32.
M. Albanese and S. Jajodia. ¡°Formation of Awareness¡±. To appear in
Cyber Defense and Situational Awareness, Alexander Kott, Robert Erbacher,
Cliff Wang, eds., Springer Advances in Information Security, 2014.
33.
J. Yen, R.
Erbacher, C. Zhong, and P. Liu, ¡°Cognitive Process¡±, in Cyber Situation
Awareness, A. Kott, C. Wang, R. Erbacher (eds.), in press.
34.
Christopher G.
Healey, Lihua Hao, and Steve E. Hutchinson, ¡°Visualizations and Analysts,¡±
to appear in Cyber Defense and Situational Awareness (Robert Erbacher,
Alexander Kott, and Cliff Wang, eds.), Springer.
35.
Gonzalez, C.;
Ben-Asher, N.; Oltramari, A.; Lebiere, C. (in press). Cognitive Models of
Cyber Situation Awareness and Decision Making. In C. Wang, A. Kott, & R. Erbacher (eds.), Cyber defense and situational awareness.
|
|
|
|
2012-2013 (selected)
|
|
1.
Lingyu Wang,
Sushil Jajodia, Anoop Singhal, Pengsu Cheng, Steven Noel, "k-Zero
day safety: A network security metric for measuring the risk of
unknown vulnerabilities," IEEE Trans. on Dependable and
Secure Computing, 2013.
2. Dutt, V., Ahn, Y.,
& Gonzalez, C. (in press). Cyber Situation Awareness: Modeling
Detection of Cyber Attacks with Instance-Based Learning Theory. Human Factors.
3.
M.
Albanese, C. Molinaro, F. Persia, A. Picariello, and V.S. Subrahmanian,
¡°Discovering the Top-k Unexplained Sequences in Time-Stamped Observation
Data,¡± To appear in IEEE
Transactions on Knowledge and Data Engineering, 2013.
4.
A.
Pugliese, V.S. Subrahmanian, C. Thomas and C. Molinaro. ¡°PASS: A Parallel
Activity Search System¡±, accepted for publication in IEEE Transactions on Knowledge & Data Engineering.
5.
Fengjun Li, Bo Luo, Peng Liu, Dongwon Lee, Chao-Hsien
Chu, ¡°Enforcing Secure and Privacy-Preserving Information Brokering in
Distributed Information Sharing,¡± IEEE
Transactions on Information Forensics and Security,
10.1109/TIFS.2013.2247398, Feb 2013.
6.
Ruowen Wang, Peng Ning, Tao Xie, and Quan Chen,
¡°MetaSymploit: Day-One Defense Against Script-Bases Attacks with
Security-Enhanced Symbolic Analysis¡±, Proceedings of 22nd
USENIX Security Symposium (Security ¡¯13), August 2013.
7.
Jun Dai, Xiaoyan Sun, Peng Liu, ¡°Patrol: Revealing
Zero-day Attack Paths through Network-wide System Object Dependencies,¡±
ESORICS 2013, accepted.
8.
Jun Dai, Xiaoyan Sun, Peng Liu, Nicklaus Giacobe,
¡°Gaining Big Picture Awareness through an Interconnected Cross-layer
Situation Knowledge Reference Model,¡± ASE International Conference on
Cyber Security, Washington DC, Dec 14-16, 2012, published.
9.
M. Albanese, S. Jajodia, A. Singhal, and L. Wang, ¡°An
Efficient Approach to Assessing the Risk of Zero-Day Vulnerabilities,¡± In
Proceedings of the 10th International Conference on Security
and Cryptography (SECRYPT 2013), Reykjav¨¬k, Iceland, July 29-31, 2013.
[BEST PAPER AWARD]
10.
William Nzoukou Tankou, Lingyu Wang, Sushil Jajodia and
Anoop Singhal, "A unified framework for measuring a network's mean
time-to-compromise," Proc.
32nd Int'l. Symp. on Reliable Distributed Systems (SRDS), Braga,
Portugal, September 30 - October 3, 2013.
11.
Zhong, C., Kirubakaran, D.S., Yen, J., Liu, P.,
Hutchinson, S., & Cam, H., ¡°How to Use Experience in Cyber Analysis:
An Analytical Reasoning Support System¡±, in Proceedings of IEEE Conference on Intelligence and Security
Informatics (ISI), 2013.
12.
Rajivan, P., Champion, M., Cooke, N. J., Jariwala, S., Dube, G.,
& Buchanan, V. (2013). Effects of teamwork versus group work on signal detection in cyber
defense teams. In D. D.
Schmorrow and C.M. Fidopiastis (Eds.), AC/HCII, LNAI 8027, pp. 172-180.,
Berlin: Springer-Verlag.
13. Rajivan, P., Janssen, M. A., & Cooke, N. J., (2013). Agent-based model of a cyber
security defense analyst team.
Proceedings
of the 57th Annual Conference of the Human Factors and Ergonomics
Society, Santa
Monica, CA: Human Factors and Ergonomics Society.
14.
Mancuso, V., McNeese, M., ¡°Effects of Integrated and
Differentiated Knowledge Structures on Distributed Team Cognition¡±. (2012),
Proceedings of the 56th
annual Meeting of Human Factors and Ergonomics Society Annual Meeting,
Boston, 2012
15.
Giacobe, Nicklaus A.; McNeese, Michael D.; Mancuso,
Vincent F.; Minotra, Dev, "Capturing Human Cognition in
Cyber-Security Simulations with NETS," Intelligence and Security Informatics (ISI), 2013 IEEE
International Conference on , vol., no., pp.284,288, 4-7 June 2013
16.
Giacobe, N.A., ¡°A Picture is Worth A Thousand
Alerts¡±, (accepted for publication),
Proceedings of the 57th annual Meeting of Human Factors and
Ergonomics Society Annual Meeting, San Diego, 2013
17.
Lihua Hao, Christopher G. Healey, and Steve E.
Hutchinson, ¡°Flexible Web Visualization for Alert-Based Network Security
Analytics,¡± VizSec 2013, accepted.
18.
Gonzalez, C. (2013). From Individual Decisions from
Experience to Behavioral Game Theory: Lessons for Cyber Security. Chapter
2 in Jajodia, S., Ghosh A., Subrahmanian V.S., Swarup, V., Wang C., &
Sean-Wang, X. (Eds), Moving Target
Defense II. Vol. 100, 73-86, DOI: 10.1007/978-1-4614-5416-8_4.
19. Massimiliano Albanese, Robert F.
Erbacher, Sushil Jajodia, C. Molinro, Fabio Persia, Antonio Picariello,
Giancarlo Sperli, V. S. Subrahmanian,, "Recognizing unexplained
behavior in network traffic," in Network Science and Cybersecurity, Robinson E. Pino, ed., Springer
Advances in Information Security, Vol. 55, Berlin, 2014, pages 39-62.
20.
Xi Xiong and Peng Liu, ¡°SILVER: Fine-grained
and Transparent Protection Domain Primitives in Commodity OS Kernel,¡±
RAID 2013.
21.
Bin Zhao and Peng Liu, ¡°Behavior
Decomposition: Aspect-level Browser Extension Clustering and Its Security
Implications,¡± RAID 2013.
22. Meng Yu, Min Li, Wanyu Zang, et al.,
¡°MyCloud: Supporting User-configured Privacy Protection in Cloud
Computing,¡± ACSAC 2013, accepted.
23. Eunjung Yoon and Peng Liu, ¡°XLRF: A
Cross-Layer Intrusion Recovery Framework for Damage Assessment and
Recovery Plan Generation,¡± ICICS 2013, accepted.
24. Jing Wang, Peng Liu, Le Guan, Jiwu Jing,
¡°Fingerprint Embedding: A Proactive Strategy of Detecting Timing
Channels,¡± ICICS 2013, accepted.
25.
M. Zhao, P. Liu, ¡°Modeling and Checking the Security of DIFC System
Configurations,¡± SAFECONG-2012, Baltimore, MD, 2012.
26. Jun Dai, Xiaoyan
Sun, Peng Liu, Nicklaus Giacobe, "Gaining Big Picture Awareness
through an Interconnected Cross-layer Situation Knowledge Reference
Model", International Journal of Information Privacy, Security and
Integrity, to appear, an extended version of ASE Cyber Security ¡¯12.
27. Cooke, N. J.,
Champion, M., Rajivan, P., & Jariwala, S. (2013). Cyber Situation Awareness and
Teamwork. EAI Endorsed
Transactions on Security and Safety. Special Section on: The Cognitive
Science of Cyber Defense, 13.
28. Tyworth, M.,
Giacobe, N.A., Mancuso, V.F., McNeese, M.D. and Hall, D.L. (2013). ¡°A Human-in-the-loop Approach to
Understanding Situation Awareness in Cyber Defense Analysis¡±. ICST Transactions, 3 May 2013.
29. N. Cooke and M.
McNeese (2013), preface to special issue on the cognitive science of
cyber defense analysis, editorial in EAI endorsed Transactions on
Security and Safety, 13 (2), May 2013
30. Tyworth, M.,
Giacobe, N.A., Mancuso, V.F., McNeese, M.D. and Hall, D.L. (2013). ¡°A Human-in-the-loop Approach to
Understanding Situation Awareness in Cyber Defense Analysis¡±, research
article in EAI Endorsed Transactions on Security and Safety. 13 (2) May
2013
31. Moving
Target Defense II (eds. S. Jajodia, A.K. Ghosh, Subrahmanian, V.S., Swarup,
V., Wang, C., Wang, X.S.), Springer, 2013.
|
|
2011-2012 (selected)
|
|
1. B.
Peddycord III, P. Ning, and S. Jajodia, ¡°On the accurate identification
of network service dependencies in distributed systems,¡± in Proceedings
of the USENIX 26th Large Installation System Administration
Conference (LISA 2012), San Diego, CA, December 9-14, 2012.
2. M. Albanese,
A. De Benedictis, S. Jajodia, and P. Shakarian, ¡°A Probabilistic Framework for Localization of Attackers in
MANETs,¡± to appear in Proceedings
of the 17th European Symposium on Research in Computer
Security (ESORICS 2012), Pisa, Italy, September 10-14, 2012.
3. M.
Albanese, S. Jajodia, and S. Noel, ¡°Time-Efficient and Cost-Effective
Network Hardening Using Attack Graphs,¡± in Proceedings of the 42nd
Annual IEEE/IFIP International Conference on Dependable Systems and
Networks (DSN 2012), Boston, Massachusetts, USA, June 25-28, 2012.
4. A.
Natrajan, P. Ning, Y. Liu, S. Jajodia, and S. E. Hutchinson, ¡°NSDMine:
Automated discovery of network service dependencies,¡± in Proceedings of the 31st
Annual International Conference on Computer Communications (INFOCOM
2012), Orlando, Florida, March 25-30, 2012.
5.
D. Tian, Q. Zeng,
D. Wu, P. Liu, C. Z. Hu, ¡°Kruiser: Semi-synchronized Non-blocking
Concurrent Kernel Heap Buffer Overflow Monitoring,¡± NDSS 2012, Feb, San
Diego, published.
6.
Shengzhi Zhang,
Peng Liu, ¡°Assessing the Trustworthiness of Drivers,¡± RAID 2012.
7.
Po-Chun Chen, Peng Liu, John Yen,
and Tracy Mullen, ¡°Experience-based
Cyber Situation Recognition Using Relaxable Logic Patterns¡±, in The 2nd IEEE International Conference
on Cognitive Methods in Situation Awareness and Decision Support
(CogSIMA 2012), New Orleans, LA, 6-8 March, 2012. Best Paper Award.
8.
Hall, D. L. (2012). The Emergence of Human-Centric Information Fusion. In S. Iyengar, R. Brooks & Clemson University (eds.), Distributed Sensor Networks (2
ed., pp. 335-360). Boca
Raton, FL: CRC Press.
9.
Ballora, M., Giacobe, N.A.,
McNeese, M.D., and Hall, D.L. (2012). Information Data Fusion and
Computer Network Defense. In
C. Onwubiko and T. Owens (Eds.), Situational
Awareness in Computer Network Defense: Principles, Methods and
Applications (pp. 141-164). New York: IGI Global.
10.
McMillan, E., & Tyworth, M.
(2012). An Alternative
Framework for Research on Situational Awareness in Computer Network
Defense. In C. Onwubiko and
T. Owens (Eds.), Situational
Awareness in Computer Network Defense: Principles, Methods and
Applications (pp. 71-85). New York: IGI Global.
11.
Champion, M., Rajivan, P., Cooke,
N. J., & Jariwala, S. (2012). Team-Based Cyber Defense Analysis. Proceedings of the 2012 IEEE International
Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness
and Decision Support. March 6-8, New Orleans, LA.
12. Mancuso,
V.F., Giacobe, N.A., McNeese, M.D., and Tyworth, M. (2012). idsNETS: An Experimental Platform to Study
Situation Awareness for Intrusion Detection Analysis. Proceedings of the 2nd IEEE Conference on Cognitive
Methods in Situation Awareness and Decision Support (CogSIMA), New
Orleans, LA.
13.
Tyworth, M.,
Giacobe, N.A., and Mancuso,
V.F. (2012). The Distributed
Nature of Cyber Situation Awareness. Proceedings of the SPIE Conference on Defense, Security &
Sensing 2012, Baltimore, MD.
14.
Giacobe, N.A. and
Xu, S. (2011). Geovisual
Analytics for Cyber Security:
Adopting the GeoViz Toolkit.
Proceedings of the IEEE
Symposium on Visual Analytics Science and Technology (VAST). Providence, RI.
15.
Ballora, M., and Hall, D.L. (2012). Use of Sonification in the
Detection of Anomalous Events.
Proceedings of the SPIE
Conference on Multisensor, Multisource Information Fusion: Architectures, Algorithms, and
Applications, Baltimore, MD.
16.
Giacobe, N.A.
(2012). Data Fusion in Cyber Security: First Order Entity Extraction from
Common Cyber Data.
Proceedings of the SPIE Conference on Defense, Security &
Sensing 2012, Baltimore, MD.
17.
Q. Gu, K. Jones,
W. Zang, M. Yu, P. Liu, ¡°Revealing Abuses of Channel Assignment Protocols
in Multi-Channel Wireless Networks: An Investigation Logic Approach,¡±
ESORICS 2012, published
18.
J. Lin, P. Liu,
J. Jing, ¡°Using Signaling Games to Model the Multi-step Attack-defense
Scenarios on Confidentiality,¡± GameSec 2012, published
19. Qijun
Gu, Wanyu Zang, Meng Yu, Peng Liu, ¡°Collaborative Traffic-aware Intrusion
Monitoring in Multi-channel Mesh Networks,¡± Proc. IEEE TrustCom 2012,
published.
20. N.
Nazzicari, J. Almillategui, A. Stavrou, and S. Jajodia, ¡°Switchwall:
Automated topology fingerprinting & behavior deviation
identification,¡± in Proceedings of the 8th International
Workshop on Security and Trust Management (STM 2012), Pisa, Italy,
September 10-14, 2012.
21. Mancuso,
V., McNeese, M., Effects of Integrated and Differentiated Knowledge
Structures on Distributed Team Cognition. (accepted for publication), Proceedings of the 56th
annual Meeting of Human Factors and Ergonomics Society Annual Meeting,
Boston, 2012
22.
Jariwala, S., Champion, M.,
Rajivan, P., & Cooke, N. J. (in press). Influence of team communication
and coordination on the performance of teams at the iCTF competition. Proceedings of the 56th Annual Conference
of the Human Factors and Ergonomics Society, Santa Monica,
CA: Human Factors and Ergonomics Society.
23.
McNeese, M.,
Cooke, N. J., D¡¯Amico, A., Endsley, M.R., Gonzalez, C., Roth, E., Salas,
E. (in press). Panel on
Perspectives on the role of cognition in cyber security. Proceedings
of the 56th Annual Conference of the Human Factors and Ergonomics
Society, Santa Monica, CA:
Human Factors and Ergonomics Society.
24. Gonzalez, C., Dutt, V., Martin, J., & Ben-Asher, N.
(2012). Decisions from experience in conflict situations: Cognitive model
of the effects of interdependence information. Presented at the Behavioral
Decision Research in Management Conference BDRM 2012. June 27-29,
2012. Leeds School of Business, Boulder, CO.
25. C.
Kang, J. Grant, A. Pugliese, and V.S. Subrahmanian. STUN: Spatio-Temporal
Uncertain (Social) Networks, accepted for publication at 2012
International Conference on Advances in Social Network Analysis and
Mining (ASONAM 2012), August 2012, Istanbul, Turkey (full paper ¨C 16%
acceptance rate).
26. M. Ovelgionne, C. Kang, A. Sawant and V.S.
Subrahmanian. Covertness Centrality in Networks, accepted for publication
in Proc. 2012 Intl. Symposium on Foundations of Open Source Intelligence
and Security Informatics (FOSINT-SI), Istanbul, Turkey, August 2012
27. Yuhao
Yang, Jonathan Lutes, Fengjun Li, Bo Luo and Peng Liu, ¡°Stalking Online: on
User Privacy in Social Networks,¡± In Proc. ACM Conference on Data and
Application Security and Privacy (CODASPY), 2012, published.
28. F.
Zhang, Yoon-Chan Jhi, Dinghao Wu, Peng Liu, Sencun Zhu, ¡°Towards
Algorithm Plagiarism Detection,¡± Proc. ISSTA 2012, published
29. Shengzhi
Zhang, Peng Liu, ¡°Letting Applications Operate through Attacks Launched
from Compromised Drivers,¡± Proc. ACM ASIACCS, 2012, short paper,
published.
30. Deguang
Kong, Dinghao Wu, Donghai Tian, Peng Liu, ¡°Semantic Aware Attribution
Analysis of Remote Exploits,¡± Wiley
Journal Security and Communication Networks, published.
31. Zhi Xin, Huiyu Chen, Xinche Wang, Peng
Liu, Sencun Zhu, Bing Mao, Li Xie, ¡°Replacement Attacks: Automatically
Evading Behavior Based Software Birthmark,¡± Springer International Journal of
Information Security, published.
32. Y. Cheng, Y. E. Sagduyu, J. Deng, J.
Li, and Peng Liu, "Integrated Situational Awareness for Cyber-attack
Detection, Analysis, and Mitigation," Proc. SPIE Defense, Security
and Sensing Conference, 2012.
|
|
2010-2011 (selected)
|
|
1.
Shengzhi Zhang, Xiaoqi Jia, Peng Liu, Jiwu Jing,
"PEDA: Comprehensive Damage Assessment for Production Environment
Server Systems", IEEE
Transactions on Information Forensics and Security, 2011, accepted.
2.
M.
Albanese, S. Jajodia, A. Pugliese, and V.S. Subrahmanian. ¡°Scalable Analysis of Attack Scenarios¡±.
To appear in Proceedings of the
16th European Symposium on Research in Computer Security (ESORICS 2011),
Leuven, Belgium, September 12-14, 2011 (Acceptance ratio
36/155).
3.
X. Xiong, D. Tian, P. Liu, "Practical Protection
of Kernel Integrity for Commodity OS from Untrusted Extensions",
(2011). Proc. NDSS 2011, published.
4.
Q. Zeng, D. Wu, P. Liu, "Cruiser: Concurrent
Heap Buffer Overflow Monitoring Using Lock-free Data Structures",
(2011). Proc. PLDI 201l, published.
5. McNeese,
M. D., Cooke, N. J., & Champion, M. (2011). Situating Cyber Situation
Awareness. Presentation and
proceedings of 10th International
Conference on Naturalistic Decision Making (NDM-2011), May 31-June
3, Orlando, FL.
6. Rajivan,
P., Shankaranarayanan V., Cooke, N.J. (2011). CyberCog: A Synthetic Task
Environment for Studies of Cyber Situation Awareness. Presentation and proceedings of 10th International
Conference on Naturalistic Decision Making (NDM-2011), May 31-June
3, Orlando, FL.
7.
M. Albanese, C. Molinaro, F. Persia, A. Picariello,
V.S. Subrahmanian. Finding Unexplained Activities in Video, Proc. 2011
International Joint Conf. on Artificial Intelligence, accepted for both a
talk and poster presentation, Barcelona, July 2011. (acceptance rate as
both talk and poster: 17%).
8.
Gonzalez, C. (2010). Instance-Based Learning Models
of Situation Awareness and Decision Making. In Proceedings of the Human Factors and Ergonomics Society 54rd
Annual Meeting. San Francisco, CA, September 27- October 1, 2010.
Human Factors and Ergonomics Society. pp. TBD.
9.
Saner, L. D.,
Bolstad, C. A., Gonzalez, C. & Cuevas, H. M. (2010). Predicting Shared
Situation Awareness in Teams: A Case of Differential SA Requirements. In Proceedings of the Human Factors and
Ergonomics Society 54rd Annual Meeting. San Francisco, CA,
September 27- October 1, 2010. Human Factors and Ergonomics Society. pp.
TBD.
10.
Ballora, M., Giacobe, N. A., & Hall, D. L.
(2011). Songs of cyberspace: an update on sonifications of network
traffic to support situational awareness. Paper presented at the Proc.
SPIE, Orlando, FL.
11.
D. Hall (2011),
¡°Challenges in hard and soft fusion:
Worth the effort?¡± Proceedings of the SPIE Defense, Security
and Sensing Symposium, 25-29 April, 2011, Orlando, FL
12.
Giacobe, N., & Xu, S. (2011). Short Paper:
Geovisual Analytics for Cyber Security: Adopting the GeoViz Toolkit -
VAST 2011 Mini Challenge 2 Award: "Innovative Tool Adaptation".
Paper presented at the Visual Analytics Science and Technology, 2011.
VAST '11. IEEE Symposium on.
13.
Dutt, V., & Gonzalez,
C. (2011). Cyber Situation Awareness: Modeling the Security Analyst in a
cyber-attack scenario through Instance-based Learning. A book chapter
accepted in Situational
Awareness in Computer Network Defense: Principles, Methods and
Applications, edited by Cyril Onwubiko and Thomas Owens. doi:
10.4018/978-1-46660-104-8
14.
D. Hall, (2011) ¡°The Emergence of Human-Centric
Information Fusion,¡± chapter in Distributed Sensor Networks, 2nd edition,
2011
15.
Ballora, M., Giacobe, N. A., McNeese, M., & Hall,
D. L. (2012). Information Data Fusion and Computer Network Defense. In C.
Onwubiko and T. Owens (Eds.), Situational
Awareness in Computer Network Defense: Principles, Methods, and
Applications. New York: IGI Global.
16.
McMillan, E., & Tyworth, M. (2012). An
Alternative Framework for Research on Situational Awareness in Computer
Network Defense. In C. Onwubiko and T. Owens (Eds.), Situational Awareness in Computer
Network Defense: Principles, Methods and Applications. New York:
IGI Global.
17.
J. Yu, P. Liu, Z. Li, S. Zhang, "LeakProber: A
framework for profiling sensitive data leakage paths", (2011). Proc.
ACM CODASPY 2011.
18.
Donghai Tian, Xi Xiong, Changzhen Hu, and Peng Liu,
'Policy-Centric Protection of OS Kernel from Vulnerable Loadable Kernel
Modules,' Proc. ISPEC 2011, published.
19.
Dutt, V. Ahn, Y., & Gonzalez, C.. Cyber Situation
Awareness: Modeling the Security Analyst in a Cyber-Attack Scenario
through Instance-Based Learning. DBSec 2011: Lecture Notes in Computer Science,
6818, 280-292. doi:
10.1007/978-3-642-22348-8_24
20.
Kun Sun,
Sushil Jajodia, Jason Li, Yi Cheng, Wei Tang, Anoop Singhal,
"Automatic security analysis using security metrics," Proc. MILCOM Conf., Baltimore,
MD, November 7-10, 2011.
21.
Y. C. Jhi, X. Wang, X. Jia, S. Zhu, P. Liu, D. Wu,
"Value-Based Program Characterization and Its Application to
Software Plagiarism Detection", (2011). Proc. ICSE 2011, SPIE Track, published
22.
Zhi Xin, Huiyu Chen, Xinche Wang, Peng Liu, Sencun
Zhu and Bing Mao, "Replacement Attacks on Behavior Based Software
Birthmark",(2011), Proc. ISC 2011, published
23.
Deguang Kong, Donghai Tian and Peng Liu, "SAEA:
Automatic Semantic Aware Remote Exploits Attribution Analysis",
(2011). Proc. SECURECOMM 2011, to appear
24.
J. Lin, J. Jing, P. Liu,
"Evaluating Intrusion Tolerant Certification Authority
Systems", Journal of Quality and Reliability Engineering, 2011,
published.
25.
Fengjun Li, Bo
Luo, and Peng Liu. Secure and Privacy-Preserving Information Aggregation
for Smart Grids. International Journal of Security and
Networks, Special Issue on Security and Privacy in Smart Grid, 6(1):28 - 39, 2011.
26. Deguang
Kong, Yoon-Chan Jhi, Tao Gong, Sencun Zhu, Peng Liu, Hongsheng Xi,
"SAS: Semantics Aware Signature Generation for Polymorphic Worm
Detection", Springer
International Journal of Information Security, 2011, published.
|
|
2009-2010 (selected)
|
|
 Cyber Situational Awareness
Issues and Research
Series: Advances
in Information Security , Vol. 46
Jajodia, S.; Liu, P.; Swarup, V.;
Wang, C. (Eds.)
2010, XII, 252 p. 20 illus.,
Hardcover; ISBN: 978-1-4419-0139-2
|
|
Today, when a security accident occurs, the top three
questions security administrators would ask are in essence: What has
happened? Why did it happen? What should I do? Answers to the first two
questions form the "core" of Cyber Situational Awareness. In
addition, whether the last question can be well answered, is greatly
dependent upon the cyber situational awareness capability of enterprises.
Cyber Situational Awareness: Issues and Research is
an edited volume contributed by worldwide cyber security experts. This
book seeks to establish state of the art in cyber situational awareness
area to set course for future research. A multidisciplinary group of
leading researchers from cyber security, cognitive system, and decision
science areas will elaborate on the fundamental challenges facing the
research community and identify promising solutions paths. Case studies
based on real world examples are provided throughout this book.
More ¡
|
|
1.
Peng Xie, Jason H
Li, Xinming Ou, Peng Liu and Renato Levy, "Using Bayesian Networks
for Cyber Security Analysis", Proceedings of IEEE DSN-DCCS, 2010
2.
Lingyu Wang,
Sushil Jajodia, Anoop Singhal, Steven Noel, "k-Zero day safety:
Measuring the security risk of networks against unknown attacks,"
Proc. 15th European Symp. on Research in Computer Security (ESORICS),
September 20-22, 2010.
3.
S. Zhang, X. Jia,
P. Liu, Cross-Layer Comprehensive Intrusion Harm Analysis for Production
Workload Server Systems, Proc. 2010 Annual Computer Security Applications
Conference (ACSAC), 2010, accepted.
4.
X. Xiong, X. Jia,
P. Liu, ¡°SHELF: Preserving Business Continuity and Availability in an
Intrusion Recovery System¡±, Proc. 2009 Annual Computer Security
Applications Conference (ACSAC), 2009
5.
Steven Noel,
Sushil Jajodia, Lingyu Wang, Anoop Singhal, "Measuring security
risks of networks using attack graphs," International Journal of
Next-Generation Computing, Vol. 1, No. 1, July 2010.
6.
Giacobe, N.
(2010). Application of the JDL data fusion process model for cyber
security. Proceedings of SPIE, vol. 7710
7.
Hai Wang, Yan Su,
Peng Liu, "A Semi-Markov Survivability Evaluation Model for
Intrusion Tolerant Database Systems" , Proceedings of ARES 2010 (The
Fifth International Conference on Availability, Reliability and
Security), 2010.
8.
X. Wang, Y. C.
Jhi, S. Zhu, P. Liu, ¡°Detecting Software Theft via System Call Based
Birthmarks¡±, Proc. 2009 Annual Computer Security Applications Conference
(ACSAC), 2009.
9.
X. Wang, Y. C.
Jhi, S. Zhu, P. Liu, ¡°Behavior Based Software Theft Detection,¡±
Proceedings of the 17th ACM Conference on Computer and Communications
Security (CCS), 2009.
10. Gonzalez, C. & Dutt, V. (2010).
Instance-Based Learning Models of Training. In Proceedings of the Human
Factors and Ergonomics Society 54rd Annual Meeting. San Francisco, CA,
September 27- October 1, 2010. Human Factors and Ergonomics Society. pp.
TBD
11. Meng Yu, Hai Wang, Wanyu Zang, Peng Liu,
"Evaluating Survivability and Costs of Three Virtual Machine based
Server Architectures" , Proceedings of International Conference on
Security and Cryptography, 2010
12. Shengzhi Zhang, Xi Xiong, Peng Liu,
"Challenges in Improving the Survivability of Data Centers",
Proceedings of the Survivability in Cyberspace Workshop, 2010.
13. Zhang, S., Xiong, X., Jia, X. and Liu, P.
(2009) ¡°Availability-sensitive Intrusion Recovery¡±, Proceedings of Second
ACM Workshop on Virtual Machine Security, Chicago, IL, November 2009, 6
page position paper
14. D. Kong, Y. C. Jhi, T. Gong, S. Zhu, P.
Liu, H. Xi, "SAS: Semantics Aware Signature Generation for
Polymorphic Worm Detection", Proceedings of 2010 International ICST
Conference on Security and Privacy in Communication Networks (SECURECOMM),
2010, accepted.
15. Xiaoqi Jia, Xi Xiong, Jiwu Jing, Peng
Liu, "Using Purpose Capturing Signatures to Defeat Computer Virus
Mutating", Proceedings of the Sixth International Conference on
Information Security Practice and Experience Conference (ISPEC), 2010.
16. Ahmed M. Azab, Peng Ning, Emre C. Sezer,
and Xiaolan Zhang, "HIMA: A Hypervisor-Based Integrity Measurement
Agent," in Proceedings of the 25th Annual Computer Security
Applications Conference (ACSAC '09), December 2009.
17. Ahmed M. Azab, Peng Ning, Zhi Wang,
Xuxian Jiang, Xiaolan Zhang, Nathan C. Skalsky, "HyperSentry:
Enabling Stealthy In-context Measurement of Hypervisor Integrity,"
To appear in Proceedings of the 17th ACM Conference on Computer and
Communications Security (CCS 2010), October 2010, Chicago, Il, USA.
18. D. Tian, X. Xiong, C. Hu, P. Liu,
¡°Integrating Offline Analysis and Online Protection to Defeat Buffer
Overflow Attacks,¡± Proc. ISC 2010, LNCS, short paper, accepted.
19. F. Li, Bo Luo, Peng Liu, Secure
Information Aggregation for Smart Grids Using Homomorphic Encryption,
Proc. 1st IEEE International Conference on Smart Grid Communications,
2010, accepted.
20. Ballora, M. and Hall, D. (2010). Do you
see what I hear? Experiments in multi-channel sound and 3D visualization
for network monitoring. Proceedings of SPIE Defense Security and Sensing.
April 5-9, 2010, Orlando, Florida.
21. Peng Liu, Meng Yu, "Damage
assessment and repair in attack resilient distributed database
systems", Elsevier Computer Standards and Interfaces Journal,
(2010), Accepted, in press.
22. Meng Yu, Wanyu Zang, Peng Liu,
"Recovery of Data Integrity under Multi-Tier Architectures",
IET Information Security, (2010), Accepted, in press.
23. Yoon-Ho Choi, Lunquan Li, Peng Liu,
George Kesidis, "Worm Virulence Estimation for the Containment of
Local Worm Outbreak", Elsevier Computers & Security journal,
(2010), Accepted, in press.
24. Choi, Y. H., Liu, P. and Seo, S. W.,
"Using Information Collected by Botnets to Create Importance
Scanning Worms", Elsevier
Computer Communications Journal, (2010), Accepted.
|
|
|
|
|
|
¡¡
|
|
