Cyber Security Lab Publications

[2018][17][16][15][14][13][12][11][10][09] [08 | 07 | 06 | 05 | 04 | 03 | 02 | 01 | 00 | 99]

2018

Phantom Device Attack in IoT era

Wei Zhou, Yan Jia, Yao Yao, Lipeng Zhu, Le Guan, Yuhang Mao, Peng Liu, Yuqing Zhang, “Phantom Device Attack: Uncovering the Security Implications of the Interactions among Devices, IoT Cloud, and Mobile Apps,” Manuscript, arXiv: 1811.03241, communicated November 8, 2018.

DNNs meet ROP payloads

X. Li, Z. Hu, F. Yi, C. Ping, M. Zhu and P. Liu, ROPNN: Detection of ROP Payloads Using Deep Neural Networks, Manuscript, arXiv: 1807.11110, communicated July 2018. 

DEFCON

Feng Xiao, Jianwei Huang, Peng Liu, “Hacking the Brain: Customize Evil Protocol to Pwn an SDN Controller,” DEF CON 2018

DSN

(Attacks against robots)

P. Guo, H. Kim, N. Virani, J. Xu, M. Zhu and P. Liu, “RoboADS: Anomaly detection against sensor and actuator misbehaviors in mobile robots,” DSN 2018.

RAID

Chen Cao, Le Guan, Ning Zhang, Neng Gao, Jingqiang Lin, Bo Luo, Peng Liu, Ji Xiang, Wenjing Lou, “CryptMe: Data Leakage Prevention for Unmodified Programs on ARM Devices,” RAID 2018.

ACSAC

S. Farhang, J. Weidman, M. M. Kamani, J. Grossklags, P. Liu, “Take It or Leave It: A Survey Study on Operating System Upgrade Practices,” ACSAC 2018. (Accepted)

WiSec

L. Yuan, P. Liu, S. Zhu, “Android STAR: Interaction-Preserving Messenger-Usage Inspection,” To appear in Proceedings of the 11th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2018.

SACMAT

Lingjing Yu, Sri Mounica Motipalli, Dongwon Lee, Peng Liu, Heng Xu, Qingyun Liu, Jianlong Tan and Bo Luo. My Friend Leaks My Privacy: Modeling and Analyzing Privacy in Social Networks. In ACM Symposium on Access Control Models and Technologies (SACMAT), 2018.

TrustShadow TEE

Le Guan, Chen Cao, Peng Liu, Xinyu Xing, Xinyang Ge, Shengzhi Zhang, Meng Yu and Trent Jaeger, “Building a Trustworthy Execution Environment to Defeat Exploits from both Cyber Space and Physical Space for ARM,” IEEE Transactions on Dependable and Secure Computing (TDSC). (Accepted)

Survey on IoT Security

Wei Zhou, Yan Jia, Anni Peng, Yuqing Zhang, and Peng Liu, “The Effect of IoT New Features on Security and Privacy: New Threats, Existing Solutions, and Challenges Yet to Be Solved,” IEEE IoT Journal, 2018.

SOC data triage

Chen Zhong, John Yen, Peng Liu, and Robert F. Erbacher. “Learning from Experts’ Experience: Towards Automated Cyber Security Data Triage,” IEEE Systems Journal, 2018.

Cybersecurity issues in Digital Manufacturing

Wu, D., Ren, A., Zhang, W., Fan, F., Liu, P., Fu, X. & Terpenny, J., “Cybersecurity for Digital Manufacturing,” Journal of Manufacturing Systems, 2018. (Accepted)

Feedback control against zero-day attacks

P. Chen, Z. Hu, J. Xu, M. Zhu, P. Liu, “Feedback Control Can Make Data Structure Layout Randomization More Cost-Effective under Zero-day Attacks,” Cybersecurity (a new journal), 2018, published.

TIFS

X. Sun, J. Dai, P. Liu, A. Singhal, J. Yen, “Using Bayesian Networks for Probabilistic Identification of Zero-day Attack Paths,” IEEE Transactions on Information Forensics and Security, 2018. 

TMC

Kai Chen, Yingjun Zhang, Peng Liu, “Leveraging Information Asymmetry to Transform Android Apps into Self-Defending Code against Repackaging Attacks,” IEEE Transactions on Mobile Computing (TMC), 2018.

IEEE Trans. Big Data

Heqing Huang, et al., “A Large-scale Study of Android Malware Development Phenomenon on Public Malware Submission and Scanning Platform,” IEEE Transactions on Big Data, 2018. (Accepted)

Cybersecurity (New Journal)

C. Tian, Y. Wang, P. Liu, Q. Zhou, C. Zhang, “Using IM-Visor to Stop Untrusted IME Apps from Stealing Sensitive Keystrokes,” Cybersecurity, 2018, published.

Cybersecurity

D. Meng, R. Hou, G. Shi, B. Tu, A. Yu, Z. Zhu, X. Jia, P. Liu, “Security-first architecture: deploying physically isolated active security processors for safeguarding the future of computing”, Cybersecurity, 2018, published.

Computers & Security

Cheng Zhong, et al., “A Cyber Security Data Triage Operation Retrieval System,” Computers & Security Journal, 2018.

Software: Practice and Experience

Donghai Tian, et al., “A Policy-Centric Approach to Protecting OS Kernel from Vulnerable LKMs,” Software: Practice and Experience Journal, 2018. (Accepted) 

Journal

Le Guan, Sadegh Farhang, Yu Pu, Pinyao Guo, Jens Grossklags and Peng Liu, “VaultIME: Regaining User Control for Password Managers through Auto-correction,” EAI Endorsed Transactions on Security and Safety, 2018.

Journal

X. Sun, J. Dai, A. Singhal, P. Liu, “Probabilistic Inference of the Stealthy Bridges between Enterprise Networks in Cloud,” EAI Endorsed Transactions on Security and Safety, 2018.

Journal

Chen Zhong, John Yen, Peng Liu, Donald R. Shemanski,         ``Using an UD-UC-CSP Model to Infer Missing Actor for Intelligence Analysis'', Journal of Secure Communication and Systems. (Accepted)

Proceedings

Liu, Peng, Mauw, Sjouke, Stolen, Ketil (Eds.), Graphical Models for Security (Proceedings of the GraMSec 2017 Workshop), Springer LNCS 10744, Feb 2018. Published.

Proceedings

L. Lazos, P. Liu, M. Li, W. Zhu, Proceedings of 2018 IEEE Conference on Communications and Network Security (CNS), September 2018. Published.

PhD Dissertation

Jun Xu, “BATTLING CYBER ATTACKS WITH SOFTWARE CRASH DIAGNOSIS,” PhD Dissertation, College of IST, 2018, Penn State University  

PhD Dissertation

Pinyao Guo, “Detection and Prevention: Towards Secure Mobile Robotic Systems,” PhD Dissertation, College of IST, 2018, Penn State University

MS Thesis

Tao Lin, “A CYBER SECURITY DATA TRIAGE OPERATION RETRIEVAL SYSTEM”, MS Thesis, College of IST, 2018, Penn State University

MS Thesis

Tao Zhang, “TOWARDS FLEXIBLE AND REALISTIC INSIDER MISSION SIMULATION,” MS Thesis, College of IST, 2018, Penn State University

2017

ACSAC      (Best Paper Award)

Le Guan, Shijie Jia, Bo Chen, Fengwei Zhang, Bo Luo, Jingqiang Lin, Peng Liu, Xinyu Xing and Luning Xia, “Supporting Transparent Snapshot for Bare-metal Malware Analysis on Mobile Devices,” in Proceedings of the 33rd Annual Conference on Computer Security Applications, ACSAC '17, 2017.

CCS

Jian Huang, Jun Xu, Xinyu Xing, Peng Liu, Moinuddin K. Qureshi, “FlashGuard: Leveraging Intrinsic Flash Properties to Defend Against Encryption Ransomware,” CCS 2017.

CCS

S. Jia, L. Xia, B. Chen, P. Liu, “DEFTL: Implementing Plausibly Deniable Encryption in Flash Translation Layer,” CCS 2017.

USENIX Security

Xu, J., Mu, D., Xing, X., Liu, P., Chen, P., Mao, B., "POMP: Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts", in Proceedings of the 26th USENIX Security Symposium (USENIX Security), Vancouver, Canada, August 2017.

NDSS

Chuangang Ren, Peng Liu, Sencun Zhu, “WindowGuard: Systematic Protection of GUI Security in Android,” NDSS 2017.

MobiSys

Lannan Luo*, Qiang Zeng*, Chen Cao, Kai Chen, Jian Liu, Limin Liu, Neng Gao, Min Yang, Xinyu Xing, and Peng Liu. (*Co-first authors), “System Service Call-oriented Symbolic Execution of Android Framework with Applications to Vulnerability Discovery and Exploit Generation,” ACM MobiSys 2017.

MobiSys

L. Guan, P. Liu, X. Xing, X. Ge, S. Zhang, M. Yu, and T. Jaeger,  “TrustShadow: Secure execution of unmodified applications with ARM TrustZone,” ACM MobiSys 2017.

Mirai Expeller

Chen Cao, Le Guan, Peng Liu, Neng Gao, Jingqiang Lin, Ji Xiang, “Hey, you, keep away from my device: remotely implanting a virus expeller to defeat Mirai on IoT devices,” June 2017, arXiv, http://arxiv.org/abs/1706.05779

TSE

Lannan Luo, Jiang Ming, Dinghao Wu, Peng Liu, and Sencun Zhu, “Semantics-Based Obfuscation-Resilient Binary Code Similarity Comparison with Applications to Software and Algorithm Plagiarism Detection,” IEEE Transactions on Software Engineering, Vol. 43, Issue 12, January 2017.

VEE

D. Liang, P. Liu, J. Xu, P. Chen, Q. Zeng, “Dancing with Wolves: Towards Practical Event-driven VMM Monitoring,” VEE 2017.

DSN

P. Chen, J. Xu, Z. Hu, X. Xing, M. Zhu, B. Mao, P. Liu, “What You See is Not What You Get! Thwarting Just-in-Time ROP with Chameleon,” DSN 2017.

DSN

Chen Tian, Yazhe Wang, Peng Liu, Qihui Zhou, Chengyi Zhang, “IM-Visor: A Pre-IME Guard to Prevent IME Apps from Stealing Sensitive Keystrokes Using TrustZone,” DSN 2017.

MASS (short)

Chengyi Zhang, Yazhe Wang, Peng Liu, Tao Lin, Lvgen Luo, Ziqi Yu, and Xinwang Zhuo, “PMViewer: A Crowdsourcing Approach to Fine-Grained Urban PM2.5 Monitoring in China,” MASS 2017.

SecureComm (short)

Le Guan, Sadegh Farhang, Yu Pu, Pinyao Guo, Jens Grossklags and Peng Liu, “VaultIME: Regaining User Control for Password Managers through Auto-correction,” in Security and Privacy in Communication Networks: 13th International Conference, SecureComm 2017, 2017.

SecureComm

Pinyao Guo, Hunmin Kim, Le Guan, Minghui Zhu and Peng Liu, “VCIDS: Collaborative Intrusion Detection of Sensor and Actuator Attacks on Connected Vehicles,” in Security and Privacy in Communication Networks: 13th International Conference, SecureComm 2017, 2017.

ACC

H. Kim, P. Guo, M. Zhu and P. Liu, “On attack-resilient estimation of switched nonlinear cyber-physical systems,” 2017 American Control Conference, May 2017, invited paper.

MTD

Z. Hu, M. Zhu and P. Liu, “Online algorithms for adaptive cyber defense on Bayesian attack graphs,” Fourth ACM Workshop on Moving Target Defense in Association with 2017 ACM Conference on Computer and Communications Security, Dallas, pages: 99-109, Oct 2017.

DBSEC

Xiaoyan Sun, Anoop Singhal and Peng Liu, “Towards Actionable Mission Impact Assessment in the Context of Cloud computing,” DBSEC 2017.

ISERC

Ren, A., Wu, D., Terpenny, J., Zhang, W., & Liu, P. (2017). Cyber Security in Smart Manufacturing: Survey and Challenges, Proceedings of the 2017 Industrial and Systems Engineering Research Conference, Pittsburgh, PA

Cryptology ePrint Archive

Dingfeng Ye, Peng Liu, Jun Xu, “Towards Practical Obfuscation of General Circuits,” Cryptology ePrint Archive report 2017/321

Edited Book

Theory and Models for Cyber Situation Awareness, Peng Liu, Sushil Jajodia, and Cliff Wang (Eds.), Springer LNCS, Volume No. 10030, 2017, published.

Book Chapters

P. Liu, et al., “Computer-aided Human Centric Cyber Situation Awareness,” In Peng Liu, Sushil Jajodia, and Cliff Wang (Eds.), Theory and Models for Cyber Situation Awareness, Springer LNCS vol. 10030, 2017, published.

 

Chen Zhong, John Yen, Peng Liu, Robert F. Erbacher and Christopher Garneau. “Studying Analysts Data Triage Operations in Cyber Defense Situational Analysis,” In Peng Liu, Sushil Jajodia, and Cliff Wang (Eds.), Theory and Models for Cyber Situation Awareness, Springer LNCS vol. 10030, 2017, published.

 

Xiaoyan Sun, Jun Dai, Anoop Singhal, Peng Liu, “Enterprise-Level Cyber Situation Awareness,” In Peng Liu, Sushil Jajodia, and Cliff Wang (Eds.), Theory and Models for Cyber Situation Awareness, Springer LNCS vol. 10030, 2017, published.

 

X. Sun, J. Dai, P. Liu, A. Singhal, J. Yen, “Using Bayesian Networks to Fuse Intrusion Evidences and Detect Zero-day Attack Paths,” in Lingyu Wang, Sushil Jajodia, and Anoop Singhal (Eds.), Network Security Metrics, Springer LNCS, 2017, published.

2016

CCS

Xu, J., Mu, D., Chen, P., Xing, X., Liu, P., “CREDAL: Towards Locating a Memory Corruption Vulnerability with Your Core Dump,” ACM CCS 2016.

 

Big Data

(Dataset release)

“Android Malware Development on Public Malware Scanning Platforms: A Large-scale Data-driven Study.” Heqing Huang, Cong Zheng, Junyuan Zeng, Wu Zhou, Sencun Zhu, Peng Liu, Suresh Chari, Ce Zhang, 2016 IEEE Big Data (79/423=18.7%) (A new Android malware dataset released the result website) 

CCS

Kai Wang, Yuqing Zhang, Peng Liu, “Call Me Back! Attacks on System Server and System Apps in Android through Synchronous Callback,” ACM CCS 2016.

SenSys

Guan, L., Xu, J., Wang, S., Xing, X., Lin, L., Huang, H., Liu, P., Lee, W., “From Physical to Cyber: Escalating Protection for Personalized Auto Insurance,” in Proceedings of the 14th ACM Conference on Embedded Networked Sensor Systems (SenSys 2016), Palo Alto, USA, December 2016. 

ASE

“StraightTaint: Decoupled Offline Symbolic Taint Analysis,” by Jiang Ming, Dinghao Wu, Gaoyao Xiao, Jun Wang, and Peng Liu. In Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering (ASE 2016), Singapore, September 3-7, 2016, published. 

DSN

Lannan Luo, Yu Fu, Dinghao Wu, Sencun Zhu, and Peng Liu,
"Repackage-proofing Android Apps,"  Proc. 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2016), Toulouse, France, June 28-July 1, 2016.

ACSAC

Shijie Jia, Luning Xia, Bo Chen, and Peng Liu, “Sanitizing Data Is Not Enough! Towards Sanitizing Structural Artifacts in Flash Media,” ACSAC, 2016, published.

ESORICS

Fabo Wang, Yuqing Zhang, Kai Wang, Peng Liu and Wenjie Wang, “Stay in Your Cage! A Sound Sandbox for Third-Party Libraries on Android,” ESORICS, 2016, published.

ESORICS

Qianru Wu, Qixu Liu, Yuqing Zhang, Peng Liu and Guanxing Wen, “A Machine Learning Approach for Detecting Third-Party Trackers on the Web,” ESORICS, 2016, published.

ESORICS

Aron Laszka, Mingyi Zhao and Jens Grossklags, “Banishing Misaligned Incentives for Validating Reports in Bug-Bounty Platforms,” ESORICS, 2016.

IDS

Chen Zhong, John Yen, Peng Liu, and Robert F. Erbacher. “Automate Cybersecurity Data Triage by Leveraging Human Analysts Cognitive Process,” In Proc. IEEE International Conference on Intelligent Data and Security (IEEE IDS