Cyber Security Lab Publications

[2023][22] [21] [20][19][18][17][16][15][14][13][12][11][10][09] [08 | 07 | 06 | 05 | 04 | 03 | 02 | 01 | 00 | 99]

2024

(arXiv preprint) A LLM workflow for identifying user privilege related variables

Haizhou Wang, Zhilong Wang, Peng Liu, “A Hybrid LLM Workflow Can Help Identify User Privilege Related Variables in Programs of Any Size.”

https://arxiv.org/abs/2403.15723

March 23, 2024.

(arXiv preprint)

Zhilong Wang, Haizhou Wang, Nanqing Luo, Lan Zhang, Xiaoyan Sun, Yebo Cao, Peng Liu, “Hide Your Malicious Goal Into Benign Narratives: Jailbreak Large Language Models through Neural Carrier Articles,”

https://arxiv.org/pdf/2408.11182

August 21, 2024

 

(arXiv preprint) AI agent for cyber threat intelligence analysis

P. Tseng, et al., “Using LLMs to Automate Threat Intelligence Analysis Workflows in Security Operation Center,”

https://arxiv.org/abs/2407.13093

July 2024

 

(arXiv preprint)

`Stop Using My Data’ right

 

F. Zhang, P. Liu, “Protecting the 'Stop Using My Data' Right through Blockchain-assisted Evidence Generation.”

http://arxiv.org/abs/2406.17694

June 25, 2024.

 

Runtime Certification for Smart Contracts

NS Bjψrner, AJ Chen, S Chen, Y Chen, Z Guo, TH Hsu, P Liu, N. Luo, “Theorem-Carrying-Transaction: Runtime Certification to Ensure Safety for Smart Contract Transactions.”

arXiv preprint arXiv:2408.06478, 2024.

 

NDSS

Fannv He, et al., “Maginot Line: Assessing a New Cross-app Threat to PII-as-Factor Authentication in Chinese Mobile Apps,” NDSS, 2024.

ICML Oral

Songtao Liu, Hanjun Dai, Yue Zhao, Peng Liu, “Controllable Molecule Synthesis with Residual Energy-based Model,” ICML, 2024. 

IEEE Transactions on Computers

 

W. Song, Z. Xue, J. Han, Z. Li, P. Liu, “Randomizing Set-Associative Caches Against Conflict-Based Cache Side-Channel Attacks,” IEEE Transactions on Computers, 2024 (accepted).

TDSC

Y. Yang, et al., “Sharing can be Threatening: Uncovering Security Flaws of RBAC Model on Smart Home Platforms,” IEEE TDSC, 2024. (Accepted)

IEEE Transactions on Computers

 

W. Song, et al., “A Parallel Tag Cache for Hardware Managed Tagged Memory in Multicore Processors,” IEEE Transactions on Computers, 2024 (accepted).

IEEE IoT Journal

Y. Yang, et al., “Uncovering Access Token Security Flaws in Multi-user Scenario of Smart Home Platforms,” IEEE IoT Journal, 2024 (accepted).

IEEE Security & Privacy Magazine

Mustafa Abdallah, Saurabh Bagchi, Shaunak Bopardikar, Kevin Chan, Xing Gao, Murat Kantarcioglu, Congmiao Li, Peng Liu, Quanyan Zhu, “Game Theory in Distributed Systems Security: Foundations, Challenges, and Future Directions,” IEEE Security & Privacy, 2024. (Accepted)

 

Pattern

Recognition

Hui Liu, et al., “A Lightweight Unsupervised Adversarial Detector Based on Autoencoder and Isolation Forest,” Pattern Recognition (Elsevier), 2024.

 

IEEE Computer

Q. Zou, L. Zhang, X. Sun, A. Singhal, P. Liu, “Using Explainable AI for Neural Network Based Network Attack Detection,” IEEE Computer Magazine, 2024.

 

Survey on membership inference

J Niu, P Liu, X Zhu, K Shen, Y Wang, H Chi, Y Shen, X Jiang, J Ma, Y Zhang, “A Survey on Membership Inference Attacks and Defenses in Machine Learning,” (Elsevier) Journal of Information and Intelligence, 2024. 

 

J. of Info and Intelligence

J. Niu, et al., “Dual Defense: Combining Preemptive Exclusion of Members and Knowledge Distillation to Mitigate Membership Inference Attacks,” (Elsevier) Journal of Information and Intelligence, 2024. 

 

Workshop

L. Zhang, Q. Zou, A. Singhal, X. Sun, P. Liu, “Evaluating Large Language Models for Real-World Vulnerability Repair in C/C++ Code,” ACM IWSPA Workship, 2024.

 

Book Chapter

P. Liu, “Providing Iterative Cybersecurity Hands-on Learning Experience: Reflections on Teaching Cyber-Defense to Second Year IT Students,” In Jack Carroll (Ed.), Innovative Practices in Teaching Information Sciences and Technology, Springer Nature, 2024, in press.

2023

ISSTA

Kai Cheng, et al, “Detecting Vulnerabilities in Linux-based Embedded Firmware with SSE-based On-demand Alias Analysis,” 32nd edition of ACM ISSTA, 2023 (published).

ChatGPT for Software Security

Z. Wang, L. Zhang, P. Liu, “ChatGPT for Software Security: Exploring the Strengths and Limitations of ChatGPT in the Security Applications,” arXiv preprint, arXiv: 2307.12488, 2023.

IEEE JESTIE

B. Yang, et al., “Enhanced Cyber-Attack Detection in Intelligent Motor Drives: A Transfer Learning Approach with Convolutional Neural Networks,” IEEE Journal of Emerging and Selected Topics in Industrial Electronics. (Accepted)

JCS

Qingtian Zou, et al., “Analysis of Neural Network Detectors for Network Attacks,” Journal of Computer Security, 2023 (accepted).

IEEE IoT Journal

Lingyun Situ, et al., “Physical Devices-Agnostic Hybrid Fuzzing of IoT Firmware”, IEEE IoT Journal, 2023 (accepted).

Theorem-Carrying Transactions (White Paper)

Nikolaj Bjψrner, Shuo Chen, Yang Chen, Zhongxin Guo, Peng Liu, Nanqing Luo, “An Ethereum-compatible Blockchain that Explicates and Ensures Design-level Safety Properties for Smart Contracts,” arXiv preprint, arXiv:2304.08655, 2023.

SSRN preprint

Wang, Zhilong and Zhang, Lan and Cao, Chen and Liu, Peng, “How Does Naming Affect LLMs on Code Analysis Tasks?” (July 24, 2023). Available at SSRN:  https://ssrn.com/abstract=4567887

arXiv

L. Zhang, C. Cao, Z. Wang, P. Liu, “Which Features are Learned by CodeBert: An Empirical Study of the BERT-based Source Code Representation Learning,” arXiv preprint arXiv:2301.08427, 2023.

arXiv

J Niu, X Zhu, M Zeng, G Zhang, Q Zhao, C Huang, Y Zhang, S An, Y Wang, et al., “SoK: Comparing Different Membership Inference Attacks with a Comprehensive Benchmark,” arXiv preprint arXiv:2307.06123, 2023.

(arXiv preprint) Game Theory in Distributed Systems Security

Mustafa Abdallah, Saurabh Bagchi, Shaunak D. Bopardikar, Kevin Chan, Xing Gao, Murat Kantarcioglu, Congmiao Li, Peng Liu, Quanyan Zhu, “Game Theory in Distributed Systems Security: Foundations, Challenges, and Future Directions,” arXiv:2309.01281, September 2023.

Cybersecurity

Haizhou Wang, Anoop Singhal, Peng Liu, “Tackling imbalanced data in cybersecurity with transfer learning: a case with ROP payload detection,” SpringerOpen Cybersecurity, January 2023.

Encyclopedia

P. Liu, “Cyber Situational Awareness,” in Encyclopedia of Cryptography, Security and Privacy, edited by Sushil Jajodia, Pierangela Samarati and Moti Yung, 2023.

Encyclopedia

A. Singhal, P. Liu, “Advanced Persistent Threats,” in Encyclopedia of Cryptography, Security and Privacy, edited by Sushil Jajodia, Pierangela Samarati and Moti Yung, 2023.

Poster

Chuanyong Tian, et al., “Deanonymization of Bitcoin transactions based on network traffic analysis with semi-supervised learning,” poster, IEEE Symposium on Security and Privacy, 2023. (Published)

PhD Thesis

Zhilong Wang, “DEEP LEARNING FOR SECURITY-ORIENTED PROGRAM ANALYSIS,” College of IST, Penn State, 2023.

PhD Thesis

Lan Zhang, “APPLYING MACHINE LEARNING AND NLP TECHNIQUES TO CYBER SECURITY: THREE SELECTED STUDIES,” College of IST, Penn State, 2023.

PhD Thesis

Wenhui Zhang, “Studying the Performance and Security Trade-offs in Modern Linux Systems,” College of IST, Penn State, 2023.

PhD Thesis

Qingtian Zou, “Applying Deep Learning to The Detection of Advanced Persistent Threats,” College of IST, Penn State, 2023.

MS Thesis

Rajiv Thummala, “Space Worms: On the Threat of Cyber-ASAT Weaponry to Satellite Constellations,” College of IST, Penn State, March 2023.

MS Thesis

Binchen Fang, “Analysis on AI Methods for Detecting DNS Cache Poisoning Attack,” College of IST, Penn State, November 2023. 

2022

Handbook of “AI for Cybersecurity” use cases

 

Peng Liu, Tao Liu, Nanqing Luo, Zitong Shang, Haizhou Wang, Zhilong Wang, Lan Zhang, and Qingtian Zou. AI for Cybersecurity: A Handbook of Use Cases. 2022.  https://www.amazon.com/gp/product/B09T3123RB, Kindle edition.

CCS

Wei Zhou, Lan Zhang, Le Guan, Peng Liu, Yuqing Zhang, “What Your Firmware Tells You Is Not How You Should Emulate It: A Specification-Guided Approach for Firmware Emulation,” ACM Conference on Computer and Communications Security (CCS’22), 2022. (Accepted)

ASPLOS

Benjamin Reidys, Peng Liu, Jian Huang, “RSSD: Defend Against New Ransomware Attacks with Efficient Hardware-Assisted Logging and Post-Attack Analysis,” To appear in the Proceedings of the 27th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS'22), 2022. (Published)

Oakland

Lei Zhang, K. Lian, H. Xiao, Z. Zhang, P. Liu, Y. Zhang, M. Yang, H. Duan, “Exploit the Last Straw that Breaks Android System,” In Proceedings of the 43rd IEEE Symposium on Security and Privacy (IEEE S&P 2022), 2022. (Published)

USENIX Security

S. Zhou, Z. Yang, D. Qiao, P. Liu, M. Yang, Z. Wang, C. Wu, "Ferry: State-Aware Symbolic Execution for Exploring               State-Dependent Program Paths," USENIX Security Symposium, 2022. (Published)

CCS

S. Li, Z. Yang, N. Hua, P. Liu, X. Zhang, G. Yang, M. Yang, "Collect Responsibly but Deliver Arbitrarily? A Study on Cross-User Privacy Leakage in Mobile Apps," ACM CCS, 2022. (Published) 

ICISS

Q. Zou, L. Zhang, A. Singhal, X. Sun, P. Liu, “Attacks on ML Systems: From Security Analysis to Attack Mitigation,” ICISS, 2022. (Published)

iThings

D. Rajgarhia, P. Liu, S. Sural, “Identifying Channel Related Vulnerabilities in Zephyr Firmware,” Short Paper, IEEE International Conference on Internet of Things (iThings-2022), 2022. (Published) 

ASCEND

Rajiv Thummala, Peng Liu, "Exploring the Applications of Frequency Modulation to Secure CubeSats (Space-Based IoT) from Eavesdropping, Jamming, and Interference," The 2022 ASCEND Conference, 2022. (Published)

arXiv

Hui Liu, Bo Zhao, Yuefeng Peng, Weidong Li, Peng Liu, “Towards Understanding and Harnessing the Effect of Image Transformation in Adversarial Detection,” arXiv:2201.01080

TDSC

Lan Zhang, P. Liu, Y. H. Choi, P. Chen, “Semantics-preserving Reinforcement Learning Attack Against Graph Neural Networks for Malware Detection,” IEEE TDSC, 2022. (Published) 

TIFS

J. Zhou, et al., “DeepSyslog: Deep Anomaly Detection on Syslog Using Sentence Embedding and Metadata,” IEEE TIFS, 2022. (Published)

JCS

Q. Zou, A. Singhal, X. Sun, P. Liu, “Deep learning for detecting logic-flaw-exploiting network attacks: An end-to-end approach,” Journal of Computer Security, 2022. (Published)

IEEE IoT Journal

He, Xixun; Yang, Yiyu; Zhou, Wei; Wang, Wenjie; Liu, Peng; Zhang, Yuqing, “Fingerprinting Mainstream IoT Platforms Using Traffic Analysis,” IEEE Internet of Things Journal, 2022. (Published)

Information Sciences

H. Liu, B. Zhao, M. Ji, M. Li, P. Liu, “GreedyFool: Multi-Factor Imperceptibility and Its Application to Designing a Black-box Adversarial Attack”, (Elsevier) Information Sciences, 2022. (Published)

IEEE Trans. on Big Data

Y. Zhang, J. Wang, H. Huang, Y. Zhang, P. Liu, “Understanding and Conquering the Difficulties in Identifying Third-party Libraries from Millions of Android Apps,” IEEE Transactions on Big Data, Vol. 8, No. 1, 2022.

IEEE Access

SEOK-HWAN CHOI, JINMYEONG SHIN, PENG LIU, YOON-HO CHOI, "ARGAN: Adversarially Robust Generative Adversarial Networks for Deep Neural Networks against Adversarial Examples," IEEE Access, 2022. (Accepted) 

Elsevier CEE

H. Wang, H. He, W. Zhang, W. Liu, P. Liu, A. Javadpour, “Using honeypots to model botnet attacks on the internet of medical things,” Elsevier Computers and Electrical Engineering Journal, Volume 102, September 2022. (Published)

Elsevier ASC

H. Liu, et al., “Feature-Filter: Detecting Adversarial Examples by Filtering out Recessive Features,” Elsevier Applied Soft Computing Journal, 2022. (Published)

Workshop

Gaurav Goyal, Peng Liu and Shamik Sural, “Securing Smart Home IoT Systems with Attribute-Based Access Control,” ACM SaT-CPS workshop (in conjunction with CODASPY), 2022. (Published)

Workshop

M. Gu, et al., "Hierarchical Attention Network for Interpretable and Fine-Grained Vulnerability Detection," IEEE BigSecurity workshop (in conjunction with INFOCOM), 2022. (Published)

2021

arXiv

Z. Wang, H. Wang, H. Hu, P. Liu, “Identifying Non-Control Security-Critical Data in Program Binaries with a Deep Neural Model,” arXiv preprint arXiv:2108.12071

arXiv

Zhilong Wang, Li Yu, Suhang Wang, Peng Liu, “Spotting Silent Buffer Overflows in Execution Trace through Graph Neural Network Assisted Data Flow Analysis,” arXiv preprint arXiv:2102.10452

arXiv

A Oseni, N Moustafa, H Janicke, P Liu, Z Tari, A Vasilakos, “Security and privacy for artificial intelligence: Opportunities and challenges,” arXiv preprint arXiv:2102.04661, 2021.

arXiv

H. Wang, P. Liu, “Tackling Imbalanced Data in Cybersecurity with Transfer Learning: A Case with ROP Payload Detection,” arXiv preprint arXiv:2105.02996

arXiv

Wei Song, Jiameng Ying, Sihao Shen, Boya Li, Hao Ma, Peng Liu, “A Comprehensive and Cross-Platform Test Suite for Memory Safety -- Towards an Open Framework for Testing Processor Hardware Supported Security Extensions,” arXiv:2111.14072

arXiv

Kai Cheng, Tao Liu, Le Guan, Peng Liu, Hong Li, Hongsong Zhu, Limin Sun, “Finding Taint-Style Vulnerabilities in Linux-based Embedded Firmware with SSE-based Alias Analysis,” https://arxiv.org/abs/2109.12209 

arXiv

Hui Liu, Bo Zhao, Minzhi Ji, Yuefeng Peng, Jiabao Guo, Peng Liu, “Feature-Filter: Detecting Adversarial Examples through Filtering off Recessive Features,” https://arxiv.org/abs/2107.09502

USENIX Security

Wei Zhou, Le Guan, Peng Liu, Yuqing Zhang, “Automatic Firmware Emulation through Invalidity-guided Knowledge Inference,” Proc. 30th USENIX Security Symposium, 2021.

Oakland

W. Song, B. Li, Z. Xue, Z. Li, W. Wang, P. Liu, “Randomized Last-Level Caches Are Still Vulnerable to Cache Side-Channel Attacks! But We Can Fix It,” In Proceedings of the 42nd IEEE Symposium on Security and Privacy (IEEE S&P 2021), San Francisco, CA, 2021. 

ACSAC

D. Fang, Z. Song, L. Guan, Puzhuo Liu, A. Peng, K. Cheng, Y. Zheng, P. Liu, H. Zhu, L. Sun, “ICS3Fuzzer: A Framework for Discovering Protocol Implementation Bugs in ICS Supervisory Software by Fuzzing,” ACSAC, 2021. (Accepted)

AsiaCCS

W. Zhang, P. Liu, T. Jaeger, “Analyzing the Overhead of File Protection by Linux Security Modules,” The ACM Asia Conference on Computer and Communications Security, 2021.

AsiaCCS

Lun-Pin Yuan, Peng Liu, Sencun Zhu, “Recompose Event Sequences vs. Predict Next Events: A Novel Anomaly Detection Approach for Discrete Event Logs,” The ACM Asia Conference on Computer and Communications Security, 2021.

DBSEC

Q Zou, A Singhal, X Sun, P Liu, “Deep Learning for Detecting Network Attacks: An End-to-End Approach,” Proc. IFIP Annual Conference on Data and Applications Security and Privacy, short paper, 2021.

SpringerOpen Cybersecurity (Feature article)

Zhilong Wang, Peng Liu. “GPT Conjecture: Understanding the Trade-offs between Granularity, Performance and Timeliness in Control-Flow Integrity,” Cybersecurity, 2021. 

TIFS

Z. Hu, P. Chen, M. Zhu, P. Liu, “A co-design adaptive defense scheme with bounded security damages against Heartbleed-like attacks,” IEEE Transactions on Information Forensics and Security, 2021. (Accepted)

IEEE IoT Journal

Wei Zhou, Chen Cao, Dongdong Huo, Kai Cheng, Lan Zhang, Le Guan, Tao Liu, Yan Jia, Yaowen Zheng, Yuqing Zhang, Limin Sun, Yazhe Wang, Peng Liu, “Reviewing IoT Security via Logic Bugs in IoT Platforms and Systems,” IEEE Internet of Things Journal, 2021.

TDSC

S. Jia, et al., “MDEFTL: Incorporating Multi-Snapshot Plausible Deniability into Flash Translation Layer,” IEEE Transactions on Dependable and Secure Computing. (Accepted)

IEEE IoT Journal

H. Wang, et al., “An Evolutionary Study of IoT Malware,” IEEE Internet of Things Journal, 2021. (Accepted)

IEEE TC

L. Zhao, P. Li, R. Hou, M. Huang, P. Liu, L. Zhang, D. Meng, “Exploiting Security Dependence for Conditional Speculation against Spectre Attacks,” IEEE Transactions on Computers, 2021, published.

JSA

D. Huo, et al., “Commercial Hypervisor-based Task Sandboxing Mechanisms Are Unsecured? But We Can Fix It!” Journal of Systems Architecture, 2021. (Accepted) 

JCST

L. Situ, et al., “Vulnerable Region-Aware Greybox Fuzzing,” Journal of Computer Science and Technology, 2021, published.

PhD Dissertation

Sadegh Farhang, “Organizations security management in different problem domains: Empirical Evidence and game-theoretic modeling,” PhD Dissertation, Penn State University, 2021.

PhD Dissertation

Lun-Pin Yuan, “Towards Designing Accurate Detection Methods for Emerging Cyber Threats,” PhD Dissertation, Penn State University, 2021.

2020

arXiv

Q. Zou, A. Singhal, X. Sun, P. Liu, “Generating Comprehensive Data with Protocol Fuzzing for Applying Deep Learning to Detect Network Attacks,” https://arxiv.org/abs/2012.12743, 2020.

arXiv

Lan Zhang, Peng Liu, Yoon-Ho Choi, “Semantic-preserving Reinforcement Learning Attack against Graph Neural Networks for Malware Detection,” https://arxiv.org/abs/2009.05602, 2020.

arXiv

Lun-Pin Yuan, Peng Liu, Sencun Zhu, “Recomposition vs. Prediction: A Novel Anomaly Detection for Discrete Events Based on Autoencoder,”

https://arxiv.org/abs/2012.13972, 2020

ACSAC

Chen Cao*, Le Guan*, Jiang Ming, Peng Liu, “Device-agnostic Firmware Execution is Possible: A Concolic Execution Approach for Peripheral Emulation,” ACSAC 2020, published. (*equal contribution)

Oakland

Feng Xiao, Jinquan Zhang, Jianwei Huang, Guofei Gu, Dinghao Wu, Peng Liu, “Unexpected Data Dependency Creation and Chaining: A New Attack to SDN,” In Proceedings of the 41st IEEE Symposium on Security and Privacy (IEEE S&P 2020), San Francisco, CA, May 18-20, 2020, published.

WWW

S. Farhang, M. B. Kirdan, A. Laszka, and J. Grossklags, “An Empirical Study of Android Security Bulletins in Different Vendors,” WWW 2020, published.

RAID

Y. He, Y. Xu, X. Jia, S. Zhang, P. Liu, S. Chang, “EnclavePDP: A General Framework to Verify Data Integrity in Cloud Using Intel SGX,” RAID 2020, published.

American Control Conference

H. Kim, et al., “On Data-driven Attack-resilient Gaussian Process Regression for Dynamic Systems,” ACC 2020.

TrustCom

Chen Tian, Yazhe Wang, Peng Liu, Yu Wang, Ruirui Dai, Anyuan Zhou, Zhen Xu, “Prihook: Differentiated context-aware hook placement for different owners’ smartphones,” 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2020.

ICICS

D. Huo, et al., “A Machine-Learning-based Compartmentalization Scheme for Bare-Metal Systems,” ICICS 2020.

ICPR

Junwei Zhou, Ke Shu, Peng Liu, Jianwen Xiang, ShengWu Xiong, “Face Anti-spoofing Based on Dynamic Color Texture Analysis Using Local Directional Number Pattern,” International Conference on Pattern Recognition, 2020.

IEEE Computer

Q. Zou, X. Sun, P. Liu, A. Singhal, “An Approach for Detection of Advanced Persistent Threat Attacks,” column paper, IEEE Computer, 2020.

Journal of Computer Security

X. Li, Z. Hu, H. Wang, Y. Fu, P. Chen, M. Zhu, P. Liu, “DEEPRETURN: A Deep Neural Network Can Learn How to Detect Previously-Unseen ROP Payloads without Using Any Heuristics,” Journal of Computer Security, 2020, published.  

ACM Transactions on Privacy and Security

Z. Hu, M. Zhu, P. Liu, et al., “Adaptive Cyber Defense against Multi-stage Attacks using Learning-based POMDP,” ACM Transactions on Privacy and Security, 2020.

IEEE TCC

D. Tian, et al., “Semi-synchronized Non-blocking Concurrent Kernel CruisingIEEE Transactions on Cloud Computing.

Cybersecurity

Yoon-Ho Choi, Peng Liu, Zitong Shang, Haizhou Wang, Zhilong Wang, Lan Zhang, Junwei Zhou and Qingtian Zou. 2019. “Using Deep Learning to Solve Computer Security Challenges: A Survey.” Cybersecurity, 2020, published.

 

 

Automatica

(Brief Paper)

H. Kim, P. Guo, M. Zhu and P. Liu, “Simultaneous input and state estimation for stochastic nonlinear systems with additive unknown inputs,” Automatica, Brief Paper, 2020. Published.

IEEE TR

Weizhe Zhang, Huanran Wang, Hui He, Peng Liu, “DAMBA: Detecting Android Malware by OTGB Analysis,” IEEE Transactions on Reliability, 2020, published. 

IEEE TCC

J. Wang, H. Hu, B. Zhao, H. Li, W. Zhang, J. Xu, P. Liu, J. Ma, “S-Blocks: Lightweight and Trusted Virtual Security Function with SGX,” IEEE Transactions on Cloud Computing.  

IEEE Access

DH Ko, SH Choi, JM Shin, P Liu, YH Choi, “Structural Image De-Identification for Privacy-Preserving Deep Learning,” IEEE Access, 2020, published.  

IEEE TNSE

S. H. Choi, J. Shin, P. Liu, Y. Choi, “EEJE: Two-Step Input Transformation for Robust DNN against Adversarial Examples,” IEEE Transactions on Network Science and Engineering, 2020, published.

SCN

F Chen, P Liu, J Zhu, S Gao, Y Zhang, M Duan, Y Wang, K Hwang, “Improving Topic-Based Data Exchanges among IoT Devices,” Security and Communication Networks, 2020. (Published)

arXiv

E. Yoon, P. Liu, “Practical Verification of MapReduce Computation Integrity via Partial Re-execution,” arXiv preprint arXiv:2002.09560.

Workshop

Q Zou, A Singhal, X Sun, P Liu, “Automatic Recognition of Advanced Persistent Threat Tactics for Enterprise Security,” Proceedings of the Sixth International Workshop on Security and Privacy Analytics, 2020, published.

Book Chapter

C. Zhong, J. Yen, P. Liu, “Can Cyber Operations Be Made Autonomous? An Answer from the Situational Awareness Viewpoint,” In S. Jajodia, G. Cybenko, V. S. Subrahmanian, V. Swarup, C. Wang, and M. Wellman (Eds.), Adaptive Autonomous Secure Cyber Systems, Springer 2020, published.

2019

17 Logic Bugs in IoT platforms

Logic Bugs in IoT Platforms and Systems: A Review. Wei Zhou, Chen Cao, Dongdong Huo, Kai Cheng, Lan Zhang, Le Guan, Tao Liu, Yaowen Zheng, Yuqing Zhang, Limin Sun, Yazhe Wang, Peng Liu. arXiv 1912.13410

Deep Learning for system security: a survey

Using Deep Learning to Solve Computer Security Challenges: A Survey. (authors are ordered in alphabetic order) Yoon-Ho Choi, Peng Liu, Zitong Shang, Haizhou Wang, Zhilong Wang, Lan Zhang, Junwei Zhou, Qingtian Zou. arXiv 1912.05721

GPT Conjecture

Zhilong Wang, Peng Liu, “GPT Conjecture: Understanding the Trade-offs between Granularity, Performance and Timeliness in Control-Flow Integrity,” arXiv 1911.07828. 

arXiv preprint

ROPNN: Detection of ROP Payloads Using Deep Neural Networks. Xusheng Li, Zhisheng Hu, Yiwei Fu, Ping Chen, Minghui Zhu, Peng Liu. arXiv 1807.11110.

arXiv preprint

Good Motive but Bad Design: Why ARM MPU Has Become an Outcast in Embedded Systems. W Zhou, L Guan, P Liu, Y Zhang. arXiv 1908.03638.

Usenix Security

W. Zhou, Y. Jia, Y. Yao, L. Zhu, L. Guan, Y. Mao, P. Liu, Y. Zhang, “Discovering and Understanding the Security Hazards in the Interactions between IoT Devices, Mobile Apps, and Cloud on Smart Home Platforms,” Usenix Security 2019.

NDSS

M. Nasr, S. Farhang, A. Houmansadr, and J. Grossklags, “Enemy At the Gateways: Censorship-Resilient Proxy Distribution Using Game Theory,” In Network and Distributed System Security Symposium (NDSS), 2019. 

RAID

Lun-Pin Yuan, Wenjun Hu, Ting Yu, Peng Liu, Sencun Zhu, “Towards Large-Scale Hunting for Android Negative-Day Malware,” RAID 2019

RAID

Wei Song, Peng Liu, “Dynamically Finding Minimal Eviction Sets Can Be Quicker Than You Think for Side-Channel Attacks against the LLC,” RAID 2019

ESORICS

Y. Yao, W. Zhou, Y. Jia, L. Zhu, P. Liu, Y. Zhang, “Identifying Privilege Separation Vulnerabilities in IoT Firmware with Symbolic Execution,” ESORICS 2019

WiSec

Le Guan, Chen Cao, Sencun Zhu, Jingqiang Lin, Peng Liu, Yubin Xia, Bo Luo, “Protecting Mobile Devices from Physical Memory Attacks with Targeted Encryption,” Proc. 12th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec’19.

CODASPY

Peiying Wang, Shijie Jia, Bo Chen, Luning Xia and Peng Liu. MimosaFTL: Adding Secure and Practical Ransomware Defense Strategy to Flash Translation Layer. The Ninth ACM Conference on Data and Application Security and Privacy (CODASPY '19), Dallas, TX, 2019 (Acceptance rate: 23.5%).

Automatica

Z. Hu, M. Zhu, P. Chen and P. Liu, “On convergence rates of game theoretic reinforcement learning algorithms,” Automatica, 2019, published. 

TSE

Mu, D., Du, Y., Xu, J., Xu, J., Xing, X., Mao, B., Liu, P., “POMP++: Facilitating Postmortem Program Diagnosis with Value-set Analysis,” IEEE Transaction on Software Engineering, 2019.

SOC data triage

Chen Zhong, John Yen, Peng Liu, and Robert F. Erbacher. “Learning from Experts’ Experience: Towards Automated Cyber Security Data Triage,” IEEE Systems Journal, March 2019, published.

IEEE TMC

Lannan Luo, Qiang Zeng, Chen Cao, Kai Chen, Jian Liu, Limin Liu, Neng Gao, Min Yang, Xinyu Xing, and Peng Liu. “Tainting-Assisted and Context-Migrated Symbolic Execution of Android Framework for Vulnerability Discovery and Exploit Generation.” IEEE Transactions on Mobile Computing (TMC), 2019. 

IEEE Security & Privacy magazine

Sun, Xiaoyan, Peng Liu, and Anoop Singhal. ``Toward Cyberresiliency in the Context of Cloud Computing.” IEEE Security & Privacy 16.6 (2018): 71-75. (Published in Jan 2019)

Elsevier FGCS Journal

J. Shin, S. H. Choi, P. Liu, Y. H. Choi, “Unsupervised Multi-Stage Attack Detection Framework without Details on Single-State Attacks,” Future Generation of Computer Systems 100, 811-825, 2019, published. 

Edited book

S. Jajodia, G. Cybenko, P. Liu, C. Wang, and M. Wellman (Eds.), Adversarial and Uncertain Reasoning for Adaptive Cyber Defense, Springer 2019, published. 

Edited Proceedings

P. Liu and Y. Zhang (Eds.), Proceedings of the 2nd International ACM Workshop on Security and Privacy for the Internet-of-Things, in conjunction with ACM CCS 2019.

Book Chapter

P. Chen, Z. Hu, J. Xu, M. Zhu, R. Erbacher, S. Jajodia, P. Liu, “MTD Techniques for Memory Protection against Zero-Day Attacks,” In S. Jajodia, G. Cybenko, P. Liu, C. Wang, and M. Wellman (Eds.), Adversarial and Uncertain Reasoning for Adaptive Cyber Defense, Springer 2019.

Book Chapter

B. W. Priest, G. Cybenko, S. Singh, M. Albanese, P. Liu, “Online and Scalable Adaptive Cyber Defense,” In S. Jajodia, G. Cybenko, P. Liu, C. Wang, and M. Wellman (Eds.), Adversarial and Uncertain Reasoning for Adaptive Cyber Defense, Springer 2019.

Book Chapter

Z. Hu, P. Chen, M. Zhu, P. Liu, “Reinforcement Learning for Adaptive Cyber Defense against Zero-Day Attacks,” In S. Jajodia, G. Cybenko, P. Liu, C. Wang, and M. Wellman (Eds.), Adversarial and Uncertain Reasoning for Adaptive Cyber Defense, Springer 2019.

Book Chapter

G. Cybenko, M. Wellman, P. Liu, M. Zhu, "Overview of Control and Game Theory in Adaptive Cyber Defenses", In S. Jajodia, G. Cybenko, P. Liu, C. Wang, and M. Wellman (Eds.), Adversarial and Uncertain Reasoning for Adaptive Cyber Defense, Springer 2019.

ICPR

Wenhui Zhang, Yizheng Jiao, Dazhong Wu, Srivatsa Srinivasa, Asmit De, Swaroop Ghosh, Peng Liu, “ArmorPLC: Cyber Security Threats Detection through Ladder Logic Validation for PLCs,” ICPR 2019

Workshop

“Robustness Analysis of CNN-based Malware Family Classification Methods Against Various Adversarial Attacks”. SH Choi, JM Shin, P Liu, YH Choi, Workshop on Cyber-Physical Systems Security, in conjunction with IEEE CNS 2019.

Poster

Lingyun Situ, Linzhang Wang, Xuandong Li, Le Guan, Wenhui Zhang, Peng Liu (2019). Poster: Energy Distribution Matters in Greybox Fuzzing. 41th International Conference on Software Engineering, ICSE’19.

Poster

To be announced.

PhD Dissertation

Eunjung Yoon, “ENSURING SERVICE INTEGRITY IN CLOUD COMPUTING,” Penn State University, 2019

2018

DEFCON

Feng Xiao, Jianwei Huang, Peng Liu, “Hacking the Brain: Customize Evil Protocol to Pwn an SDN Controller,” DEF CON 2018

DSN

(Attacks against robots)

P. Guo, H. Kim, N. Virani, J. Xu, M. Zhu and P. Liu, “RoboADS: Anomaly detection against sensor and actuator misbehaviors in mobile robots,” DSN 2018.

RAID

Chen Cao, Le Guan, Ning Zhang, Neng Gao, Jingqiang Lin, Bo Luo, Peng Liu, Ji Xiang, Wenjing Lou, “CryptMe: Data Leakage Prevention for Unmodified Programs on ARM Devices,” RAID 2018.

ACSAC

S. Farhang, J. Weidman, M. M. Kamani, J. Grossklags, P. Liu, “Take It or Leave It: A Survey Study on Operating System Upgrade Practices,” ACSAC 2018. (Accepted)

WiSec

L. Yuan, P. Liu, S. Zhu, “Android STAR: Interaction-Preserving Messenger-Usage Inspection,” To appear in Proceedings of the 11th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2018.

SACMAT

Lingjing Yu, Sri Mounica Motipalli, Dongwon Lee, Peng Liu, Heng Xu, Qingyun Liu, Jianlong Tan and Bo Luo. My Friend Leaks My Privacy: Modeling and Analyzing Privacy in Social Networks. In ACM Symposium on Access Control Models and Technologies (SACMAT), 2018.

TrustShadow TEE

Le Guan, Chen Cao, Peng Liu, Xinyu Xing, Xinyang Ge, Shengzhi Zhang, Meng Yu and Trent Jaeger, “Building a Trustworthy Execution Environment to Defeat Exploits from both Cyber Space and Physical Space for ARM,” IEEE Transactions on Dependable and Secure Computing (TDSC). (Accepted)

Survey on IoT Security

Wei Zhou, Yan Jia, Anni Peng, Yuqing Zhang, and Peng Liu, “The Effect of IoT New Features on Security and Privacy: New Threats, Existing Solutions, and Challenges Yet to Be Solved,” IEEE IoT Journal, 2018.

Cybersecurity issues in Digital Manufacturing

Wu, D., Ren, A., Zhang, W., Fan, F., Liu, P., Fu, X. & Terpenny, J., “Cybersecurity for Digital Manufacturing,” Journal of Manufacturing Systems, 2018.

Feedback control against zero-day attacks

P. Chen, Z. Hu, J. Xu, M. Zhu, P. Liu, “Feedback Control Can Make Data Structure Layout Randomization More Cost-Effective under Zero-day Attacks,” Cybersecurity (a new journal), 2018, published.

TIFS

X. Sun, J. Dai, P. Liu, A. Singhal, J. Yen, “Using Bayesian Networks for Probabilistic Identification of Zero-day Attack Paths,” IEEE Transactions on Information Forensics and Security, 2018. 

TMC

Kai Chen, Yingjun Zhang, Peng Liu, “Leveraging Information Asymmetry to Transform Android Apps into Self-Defending Code against Repackaging Attacks,” IEEE Transactions on Mobile Computing (TMC), 2018.

IEEE Trans. Big Data

Heqing Huang, et al., “A Large-scale Study of Android Malware Development Phenomenon on Public Malware Submission and Scanning Platform,” IEEE Transactions on Big Data, 2018. 

Cybersecurity (New Journal)

C. Tian, Y. Wang, P. Liu, Q. Zhou, C. Zhang, “Using IM-Visor to Stop Untrusted IME Apps from Stealing Sensitive Keystrokes,” Cybersecurity, 2018, published.

Cybersecurity

D. Meng, R. Hou, G. Shi, B. Tu, A. Yu, Z. Zhu, X. Jia, P. Liu, “Security-first architecture: deploying physically isolated active security processors for safeguarding the future of computing”, Cybersecurity, 2018, published.

Computers & Security

Cheng Zhong, et al., “A Cyber Security Data Triage Operation Retrieval System,” Computers & Security Journal, 2018.

Software: Practice and Experience

Donghai Tian, et al., “A Policy-Centric Approach to Protecting OS Kernel from Vulnerable LKMs,” Software: Practice and Experience Journal, 2018.

IoTSec

Chen Cao, Le Guan, Peng Liu, Neng Gao, Jingqiang Lin, and Ji Xiang, “Hey, you, keep away from my device: remotely implanting a virus expeller to defeat Mirai on IoT devices,” 1st International Workshop on Security and Privacy for the Internet-of-Things (IoTSec), co-located  with the Cyber-Physical Systems and Internet-of-Things Week, 2018.

APSEC

Weijuan Zhang, Xiaoqi Jia, Shengzhi Zhang, Rui Wang and Peng Liu, “Running OS Kernel in Separate Domains: A New Architecture for Applications and OS Services Quarantine,”          25th Asia-Pacific Software Engineering Conference, Japan, 2018.

DBSEC

Chen Cao, Lunpin Yuan, Anoop Singhal, Peng Liu, Xiaoyan Sun, Sencun Zhu, “Assessing the Impact on Business Processes by Interconnecting Attack Graphs and Entity Dependency Graphs,” IFIP International Conference on Database and Application Security and Privacy (DBSEC), 2018. 

Journal

Le Guan, Sadegh Farhang, Yu Pu, Pinyao Guo, Jens Grossklags and Peng Liu, “VaultIME: Regaining User Control for Password Managers through Auto-correction,” EAI Endorsed Transactions on Security and Safety, 2018.

Journal

X. Sun, J. Dai, A. Singhal, P. Liu, “Probabilistic Inference of the Stealthy Bridges between Enterprise Networks in Cloud,” EAI Endorsed Transactions on Security and Safety, 2018.

Journal

Chen Zhong, John Yen, Peng Liu, Donald R. Shemanski,         ``Using an UD-UC-CSP Model to Infer Missing Actor for Intelligence Analysis'', Journal of Secure Communication and Systems. (Accepted)

Poster

Anoop Singhal, Xiaoyan Sun, Peng Liu, “Towards Cyber Resiliency in the Context of Cloud Computing,” ACSAC 2018 Work in Progress Session.

Proceedings

Liu, Peng, Mauw, Sjouke, Stolen, Ketil (Eds.), Graphical Models for Security (Proceedings of the GraMSec 2017 Workshop), Springer LNCS 10744, Feb 2018. Published.

Proceedings

L. Lazos, P. Liu, M. Li, W. Zhu, Proceedings of 2018 IEEE Conference on Communications and Network Security (CNS), September 2018. Published.

PhD Dissertation

Jun Xu, “BATTLING CYBER ATTACKS WITH SOFTWARE CRASH DIAGNOSIS,” PhD Dissertation, College of IST, 2018, Penn State University 

PhD Dissertation

Pinyao Guo, “Detection and Prevention: Towards Secure Mobile Robotic Systems,” PhD Dissertation, College of IST, 2018, Penn State University

MS Thesis

Tao Lin, “A CYBER SECURITY DATA TRIAGE OPERATION RETRIEVAL SYSTEM”, MS Thesis, College of IST, 2018, Penn State University

MS Thesis

Tao Zhang, “TOWARDS FLEXIBLE AND REALISTIC INSIDER MISSION SIMULATION,” MS Thesis, College of IST, 2018, Penn State University

2017

ACSAC      (Best Paper Award)

Le Guan, Shijie Jia, Bo Chen, Fengwei Zhang, Bo Luo, Jingqiang Lin, Peng Liu, Xinyu Xing and Luning Xia, “Supporting Transparent Snapshot for Bare-metal Malware Analysis on Mobile Devices,” in Proceedings of the 33rd Annual Conference on Computer Security Applications, ACSAC '17, 2017.

CCS

Jian Huang, Jun Xu, Xinyu Xing, Peng Liu, Moinuddin K. Qureshi, “FlashGuard: Leveraging Intrinsic Flash Properties to Defend Against Encryption Ransomware,” CCS 2017.

CCS

S. Jia, L. Xia, B. Chen, P. Liu, “DEFTL: Implementing Plausibly Deniable Encryption in Flash Translation Layer,” CCS 2017.

USENIX Security

Xu, J., Mu, D., Xing, X., Liu, P., Chen, P., Mao, B., "POMP: Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts", in Proceedings of the 26th USENIX Security Symposium (USENIX Security), Vancouver, Canada, August 2017.

NDSS

Chuangang Ren, Peng Liu, Sencun Zhu, “WindowGuard: Systematic Protection of GUI Security in Android,” NDSS 2017.

MobiSys

Lannan Luo*, Qiang Zeng*, Chen Cao, Kai Chen, Jian Liu, Limin Liu, Neng Gao, Min Yang, Xinyu Xing, and Peng Liu. (*Co-first authors), “System Service Call-oriented Symbolic Execution of Android Framework with Applications to Vulnerability Discovery and Exploit Generation,” ACM MobiSys 2017.

MobiSys

L. Guan, P. Liu, X. Xing, X. Ge, S. Zhang, M. Yu, and T. Jaeger,  “TrustShadow: Secure execution of unmodified applications with ARM TrustZone,” ACM MobiSys 2017.

Mirai Expeller

Chen Cao, Le Guan, Peng Liu, Neng Gao, Jingqiang Lin, Ji Xiang, “Hey, you, keep away from my device: remotely implanting a virus expeller to defeat Mirai on IoT devices,” June 2017, arXiv, http://arxiv.org/abs/1706.05779

TSE

Lannan Luo, Jiang Ming, Dinghao Wu, Peng Liu, and Sencun Zhu, “Semantics-Based Obfuscation-Resilient Binary Code Similarity Comparison with Applications to Software and Algorithm Plagiarism Detection,” IEEE Transactions on Software Engineering, Vol. 43, Issue 12, January 2017.

VEE

D. Liang, P. Liu, J. Xu, P. Chen, Q. Zeng, “Dancing with Wolves: Towards Practical Event-driven VMM Monitoring,” VEE 2017.

DSN

P. Chen, J. Xu, Z. Hu, X. Xing, M. Zhu, B. Mao, P. Liu, “What You See is Not What You Get! Thwarting Just-in-Time ROP with Chameleon,” DSN 2017.

DSN

Chen Tian, Yazhe Wang, Peng Liu, Qihui Zhou, Chengyi Zhang, “IM-Visor: A Pre-IME Guard to Prevent IME Apps from Stealing Sensitive Keystrokes Using TrustZone,” DSN 2017.

MASS (short)

Chengyi Zhang, Yazhe Wang, Peng Liu, Tao Lin, Lvgen Luo, Ziqi Yu, and Xinwang Zhuo, “PMViewer: A Crowdsourcing Approach to Fine-Grained Urban PM2.5 Monitoring in China,” MASS 2017.

SecureComm (short)

Le Guan, Sadegh Farhang, Yu Pu, Pinyao Guo, Jens Grossklags and Peng Liu, “VaultIME: Regaining User Control for Password Managers through Auto-correction,” in Security and Privacy in Communication Networks: 13th International Conference, SecureComm 2017, 2017.

SecureComm

Pinyao Guo, Hunmin Kim, Le Guan, Minghui Zhu and Peng Liu, “VCIDS: Collaborative Intrusion Detection of Sensor and Actuator Attacks on Connected Vehicles,” in Security and Privacy in Communication Networks: 13th International Conference, SecureComm 2017, 2017.

ACC

H. Kim, P. Guo, M. Zhu and P. Liu, “On attack-resilient estimation of switched nonlinear cyber-physical systems,” 2017 American Control Conference, May 2017, invited paper.

MTD

Z. Hu, M. Zhu and P. Liu, “Online algorithms for adaptive cyber defense on Bayesian attack graphs,” Fourth ACM Workshop on Moving Target Defense in Association with 2017 ACM Conference on Computer and Communications Security, Dallas, pages: 99-109, Oct 2017.

DBSEC

Xiaoyan Sun, Anoop Singhal and Peng Liu, “Towards Actionable Mission Impact Assessment in the Context of Cloud computing,” DBSEC 2017.

ISERC

Ren, A., Wu, D., Terpenny, J., Zhang, W., & Liu, P. (2017). Cyber Security in Smart Manufacturing: Survey and Challenges, Proceedings of the 2017 Industrial and Systems Engineering Research Conference, Pittsburgh, PA

Cryptology ePrint Archive

Dingfeng Ye, Peng Liu, Jun Xu, “Towards Practical Obfuscation of General Circuits,” Cryptology ePrint Archive report 2017/321

Edited Book

Theory and Models for Cyber Situation Awareness, Peng Liu, Sushil Jajodia, and Cliff Wang (Eds.), Springer LNCS, Volume No. 10030, 2017, published.

Book Chapters

P. Liu, et al., “Computer-aided Human Centric Cyber Situation Awareness,” In Peng Liu, Sushil Jajodia, and Cliff Wang (Eds.), Theory and Models for Cyber Situation Awareness, Springer LNCS vol. 10030, 2017, published.

 

Chen Zhong, John Yen, Peng Liu, Robert F. Erbacher and Christopher Garneau. “Studying Analysts Data Triage Operations in Cyber Defense Situational Analysis,” In Peng Liu, Sushil Jajodia, and Cliff Wang (Eds.), Theory and Models for Cyber Situation Awareness, Springer LNCS vol. 10030, 2017, published.

 

Xiaoyan Sun, Jun Dai, Anoop Singhal, Peng Liu, “Enterprise-Level Cyber Situation Awareness,” In Peng Liu, Sushil Jajodia, and Cliff Wang (Eds.), Theory and Models for Cyber Situation Awareness, Springer LNCS vol. 10030, 2017, published.

 

X. Sun, J. Dai, P. Liu, A. Singhal, J. Yen, “Using Bayesian Networks to Fuse Intrusion Evidences and Detect Zero-day Attack Paths,” in Lingyu Wang, Sushil Jajodia, and Anoop Singhal (Eds.), Network Security Metrics, Springer LNCS, 2017, published.

2016

CCS

Xu, J., Mu, D., Chen, P., Xing, X., Liu, P., “CREDAL: Towards Locating a Memory Corruption Vulnerability with Your Core Dump,” ACM CCS 2016.

 

Big Data

(Dataset release)

“Android Malware Development on Public Malware Scanning Platforms: A Large-scale Data-driven Study.” Heqing Huang, Cong Zheng, Junyuan Zeng, Wu Zhou, Sencun Zhu, Peng Liu, Suresh Chari, Ce Zhang, 2016 IEEE Big Data (79/423=18.7%) (A new Android malware dataset released the result website) 

CCS

Kai Wang, Yuqing Zhang, Peng Liu, “Call Me Back! Attacks on System Server and System Apps in Android through Synchronous Callback,” ACM CCS 2016.

SenSys

Guan, L., Xu, J., Wang, S., Xing, X., Lin, L., Huang, H., Liu, P., Lee, W., “From Physical to Cyber: Escalating Protection for Personalized Auto Insurance,” in Proceedings of the 14th ACM Conference on Embedded Networked Sensor Systems (SenSys 2016), Palo Alto, USA, December 2016. 

ASE

“StraightTaint: Decoupled Offline Symbolic Taint Analysis,” by Jiang Ming, Dinghao Wu, Gaoyao Xiao, Jun Wang, and Peng Liu. In Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering (ASE 2016), Singapore, September 3-7, 2016, published. 

DSN

Lannan Luo, Yu Fu, Dinghao Wu, Sencun Zhu, and Peng Liu,
"Repackage-proofing Android Apps,"  Proc. 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2016), Toulouse, France, June 28-July 1, 2016.

ACSAC

Shijie Jia, Luning Xia, Bo Chen, and Peng Liu, “Sanitizing Data Is Not Enough! Towards Sanitizing Structural Artifacts in Flash Media,” ACSAC, 2016, published.

ESORICS

Fabo Wang, Yuqing Zhang, Kai Wang, Peng Liu and Wenjie Wang, “Stay in Your Cage! A Sound Sandbox for Third-Party Libraries on Android,” ESORICS, 2016, published.

ESORICS

Qianru Wu, Qixu Liu, Yuqing Zhang, Peng Liu and Guanxing Wen, “A Machine Learning Approach for Detecting Third-Party Trackers on the Web,” ESORICS, 2016, published.

ESORICS

Aron Laszka, Mingyi Zhao and Jens Grossklags, “Banishing Misaligned Incentives for Validating Reports in Bug-Bounty Platforms,” ESORICS, 2016.

IDS

Chen Zhong, John Yen, Peng Liu, and Robert F. Erbacher. “Automate Cybersecurity Data Triage by Leveraging Human Analysts Cognitive Process,” In Proc. IEEE International Conference on Intelligent Data and Security (IEEE IDS), 2016, published.

CNS

(Best Paper Runner up Award)

Xiaoyan Sun, Jun Dai, Peng Liu, Singhal, Anoop, John Yen, “Towards Probabilistic Identification of Zero-day Attack Paths,” IEEE CNS, 2016.

AsiaCCS

Shijie Jia, Luning Xia, Bo Chen, and Peng Liu, “NFPS: Adding Undetectable Secure Deletion to Flash Translation Layer,” Proc. 11th ACM Asia Conference on Computer and Communications Security (AsiaCCS '16), Xi'an, China, May 30 - June 3, 2016. 

CODASPY

(8 pages)

“Program-object Level Data Flow Analysis with Applications to Data Leakage and Contamination Forensics,” short paper, by Gaoyao Xiao, Jun Wang, Peng Liu, Jiang Ming, and Dinghao Wu. In Proc. 6th ACM Conference on Data and Application Security and Privacy (CODASPY 2016), New Orleans, LA, March 9-11, 2016, published. 

CIC

Z. Hu, P. Chen, Y. Lu, M. Zhu and P. Liu, “Towards a science for adaptive defense: Revisit server protection,” Proc. IEEE International Conference on Collaboration and Internet Computing (CIC 2016), Pittsburgh, November 2016, invited paper, published.

ESSoS (Artifact Evaluation Award)

“Empirical Analysis and Modeling of Black-box Mutational Fuzzing,” by Mingyi Zhao and Peng Liu, International Symposium on Engineering Secure Software and Systems (ESSoS) 2016, published. 

WEIS

Thomas Maillart, Mingyi Zhao, Jens Grossklags and John Chuang, “Given Enough Eyeballs, All Bugs Shallow? Revisiting Eric Raymond with Bug Bounty Market,” Proc. 15th Annual Workshop on the Economics of Information Security (WEIS), 2016. 

ICSE-SEET

Lannan Luo, and Qiang Zeng, “SolMiner: Mining Distinct Solutions in Programs,” In Proceedings of the 38th International Conference on Software Engineering, SEET track, Austin, TX, May 14-22, 2016.

SAC

Yuan Zhao, Wuqiong Pan, Jingqiang Lin, Peng Liu, Cong Xue and Fangyu Zheng, “PhiRSA: Exploiting the Computing Power of Vector Instructions on Intel Xeon Phi for RSA,” Proc. 23rd Conference on Selected Areas in Cryptography (SAC 2016), Canada, 2016, published. 

HASE 

“Feature-based Software Customization: Preliminary Analysis, Formalization, and Methods,” by Yufei Jiang, Can Zhang, Dinghao Wu, and Peng Liu. In Proceedings of the 17th IEEE High Assurance Systems Engineering Symposium (HASE 2016), Orlando, Florida, USA, January 7-9, 2016.

COMPSAC

“JRed: Program Customization and Bloatware Mitigation based on Static Analysis,” by Yufei Jiang, Dinghao Wu, and Peng Liu. In Proceedings of the 40th IEEE Computer Society International Conference on Computers, Software & Applications (COMPSAC 2016), Atlanta, Georgia, USA, June 10-14, 2016. (Published. Acceptance rate: 18%)  

ICICS

Weijuan Zhang, Xiaoqi Jia, Chang Wang, Shengzhi Zhang, Qingjia Huang, Mingsheng Wang, Peng Liu, “A Comprehensive Study of Co-residence Threat in Multi-tenant Public PaaS Clouds,” 18th International Conference on Information and Communications Security (ICICS 2016), Singapore, Singapore, November 29 – December 2, 2016

arXiv

Q. Wang, W. Guo, A. Ororbia, X. Xing, L. Lin, C. L. Giles, X. Liu, P. Liu, G. Xiong, “Using non-invertible data transformations to build adversary-resistant deep neural networks,” arXiv preprint arXiv:1610.01934, 2016.

TRE

Kai Chen, Yingjun Zhang, Peng Liu, “Dynamically Discovering Likely Memory Layout to Perform Accurate Fuzzing,” IEEE Transactions on Reliability, 2016, published.

TRE

Jiang Ming, Fangfang Zhang, Dinghao Wu, Peng Liu, and Sencun Zhu, “Deviation-Based Obfuscation-Resilient Program Equivalence Checking with Application to Software Plagiarism Detection,” IEEE Transactions on Reliability, 2016, published.

Journal of Computer Virology

Jiang Ming, Zhi Xin, Pengwei Lan, Dinghao Wu, Peng Liu, and Bing Mao, "Impeding Behavior-based Malware Analysis via Replacement Attacks to Malware Specifications," Springer Journal of Computer Virology and Hacking Techniques, 2016, published.

IEEE Security & Privacy Magazine

Jingqiang Lin, Bo Luo, Le Guan, Jiwu Jing, “Secure Computing using Registers and Caches: the Problem, Challenges and Solutions,” IEEE Security & Privacy Magazine, 2016. (Accepted)

Journal

Shengzhi Zhang, Xiaoqi Jia, Peng Liu, "Towards Service Continuity for Transactional Applications via Diverse Device Drivers," International Journal of Information and Computer Security, 2016. (Accepted) 

Journal

Chen Cao, Neng Gao, Ji Xiang, Peng Liu, “Towards Input Validation Vulnerability Analysis of Android System Services,” Journal of Cyber Security, China Science Press, 2016. (In Chinese), published. 

Journal

K. Chen, P. Wang, Y. Lee, X. F. Wang, N. Zhang, H. Huang, W. Zou, P. Liu, “Scalable Detection of Unknown Malware from Millions of Apps,” Journal of Cyber Security, China Science Press, 2016. (In Chinese), published.

System Demo

Xu, J., Guo, P., Chen, B., Erbacher, R., Chen, P., & Liu, P., “Demo: A Symbolic N-Variant System,” Proc. Third ACM Workshop on Moving Target Defense (MTD 2016), Vienna, Austria, October 2016, published.

Book Chapters

Wanyu Zang, Meng Yu, Peng Liu, "Privacy Protection in Cloud Computing through Architectural Design", book chapter, In Security in the Private Cloud, (John R. Vacca eds.), CRC Press, 2017, published.

 

“iCruiser: Protecting Kernel Link-Based Data Structures with Secure Canary,” by Li Wang, Dinghao Wu, and Peng Liu. In Proceedings of the 7th IEEE International Workshop on Trustworthy Computing (TC 2016), in conjunction with QRS 2016 Vienna, Austria, August 1-3, 2016, published.

PhD Dissertations

1.       Chen Zhong, A COGNITIVE PROCESS TRACING APPROACH TO CYBERSECURITY DATA TRIAGE OPERATIONS AUTOMATION, Penn State University, College of IST, May 2016.

2.       Chuangang Ren, A STUDY OF SELECTED SECURITY ISSUES IN ANDROID SYSTEMS, Penn State University, College of Engineering, May 2016. 

3.       Xiaoyan Sun, USING BAYESIAN NETWORKS FOR ENTERPRISE NETWORK SECURITY ANALYSIS, Penn State University, College of IST, May 2016.

4.       Heqing Huang, A STUDY OF ANDROID SYSTEM VULNERABILITY AND MALWARE, Penn State University, College of Engineering, Feb 2016. 

5.       Mingyi Zhao, DISCOVERING AND MITIGATING SOFTWARE VULNERABILITIES THROUGH LARGE-SCALE COLLABORATION, Penn State University, College of IST, Oct 2016.

6.       Wenhui Hu, THIRD-PARTY LIBRARY SECURITY MANAGEMENT FOR MOBILE APPLICATIONS, Penn State University, College of Engineering, Dec. 2016. 

2015

USENIX ATC

Jun Wang, Xi Xiong, Peng Liu, “Between Mutual Trust and Mutual Distrust: Practical Fine-grained Privilege Separation in Multithreaded Applications,” Proc. USENIX Annual Technical Conference 2015, published. [PDF]

USENIX Security

Chuangang Ren, Yulong Zhang, Hui Xue, Tao Wei, Peng Liu, "Towards Discovering and Understanding Task Hijacking in Android," USENIX Security 2015, published. [PDF]

USENIX Security

Jiang Ming, Dinghao Wu, Gaoyao Xiao, Jun Wang, and Peng Liu, “TaintPipe: Pipelined Symbolic Taint Analysis,” USENIX Security 2015, published. [PDF]

USENIX Security

Kai Chen, Peng Wang, Yeonjoon Lee, Xiaofeng Wang, Nan Zhang, Heqing Huang, Wei Zou, Peng Liu, "Finding Unknown Malice in 10 Seconds: Mass Vetting for New Threats at the Google-Play Scale," USENIX Security 2015, published. [PDF]

CCS

Heqing Huang, Sencun Zhu, Kai Chen, Peng Liu, “From System Services Freezing to System Server Shutdown in Android: All You Need Is a Loop in an Application”, ACM CCS 2015, published.

CCS

Data and Code Release

Mingyi Zhao, Jens Grossklags, Peng Liu, “An Empirical Study of Web Vulnerability Discovery Ecosystems,” ACM CCS 2015, published. [PDF]

(Data and Code Release)

TSE

Yoon-Chan Jhi, Xinran Wang, Xiaoqi Jia, Sencun Zhu, Peng Liu, and Dinghao Wu, “Program Characterization Using Runtime Values and Its Application to Software Plagiarism Detection,” IEEE Transactions on Software Engineering, 41(9), pages 925-943, September 2015. [PDF]

US Patent

U.S. Patent 8,904,535, “Proactive Worm Containment (PWC) For Enterprise Networks”

ESORICS

Ping Chen, Jun Xu, Zhiqiang Lin, Dongyan Xu, Bing Mao and Peng Liu, "A Practical Approach for Adaptive Data Structure Layout Randomization," ESORICS 2015, published. [PDF]

DSN

Q. Zeng, M. Zhao, P. Liu, “HeapTherapy: An Efficient End-to-end Solution against Heap Buffer Overflows,” DSN 2015, published.  [PDF]

DSN

B. Zhao, P. Liu, “Private Browsing Mode Not Really That Private: Dealing with Privacy Breach Caused by Browser Extensions,” DSN 2015, published.  [PDF]

DSN

Jun Wang, Mingyi Zhao, Qiang Zeng, Dinghao Wu, and Peng Liu, “Risk Assessment of Buffer ‘Heartbleed’ Over-read Vulnerabilities” (Practical Experience Report), In Proceedings of the 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2015), Rio de Janeiro, Brazil, June 22-25, 2015. (Published).  [PDF]

ACSAC

Chen Cao, Neng Gao, Peng Liu, Ji Xiang, “Towards Analyzing the Input Validation Vulnerabilities associated with Android System Services," In Proceedings of the 31st Annual Computer Security Applications Conference (ACSAC), 2015.

ACSAC

Bing Chang, Zhan Wang, Bo Chen, Fengwei Zhang, “MobiPluto: File System Friendly Deniable Storage for Mobile Devices,” In Proceedings of the 31st Annual Computer Security Applications Conference (ACSAC), 2015.

ASIACCS

Heqing Huang, Kai Chen, Chuangang Ren, Peng Liu, Sencun Zhu and Dinghao Wu, “Towards Discovering and Understanding the Unexpected Hazards in Tailoring Antivirus Software for Android,” ACM ASIACCS 2015, full paper, published. [PDF]

ASIACCS

Jun Wang, Zhiyun Qian, Zhichun Li, Zhenyu Wu, Junghwan Rhee, Xia Ning, Peng Liu and Geoff Jiang, “Discover and Tame Long-running Idling Processes in Enterprise Systems,” ACM ASIACCS 2015, full paper, published.  [PDF]

CODASPY

Zhongwen Zhang, Peng Liu, Ji Xiang, Jiwu Jing and Lingguang Lei, “How Your Phone Camera Can Be Used to Stealthily Spy on You: Transplantation Attacks against Android Camera Service,” ACM CODASPY 2015, published. [PDF]

ACNS

Jiang Ming, Zhi Xin, Pengwei Lan, Dinghao Wu, Peng Liu, and Bing Mao, “Replacement Attacks: Automatically Impeding Behavior-based Malware Specifications,” In Proceedings of the 13th International Conference on Applied Cryptography and Network Security (ACNS 2015), New York, June 2-5, 2015, published. [PDF]

HotSOS

C. Zhong, J. Yen, P. Liu, R. Erbacher, R. Etoty, and C. Garneau, “An Integrated Computer-Aided Cognitive Task Analysis Method for Tracing Cyber-Attack Analysis Processes,” Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, ACM, 2015, published.  [PDF]

CogSIMA

C. Zhong, J. Yen, P. Liu, R. Erbacher, R. Etoty, and C. Garneau, “ARSCA: A Computer Tool for Tracing the Cognitive Processes of Cyber-Attack Analysis,” Proceedings of IEEE CogSIMA Conference, 2015, published.

DBSEC

M. Zhao, P. Liu, J. Lobo, “Towards Collaborative Query Planning in Multi-party Database Networks,” DBSEC, 2015, published.

 

A Preliminary Analysis and Case Study of Feature-based Software Customization (Extended Abstract), by Yufei Jiang, Can Zhang, Dinghao Wu, and Peng Liu. In Proceedings of the 2015 IEEE International Conference on Software Quality, Reliability and Security (QRS 2015), Vancouver, Canada, August 3-5, 2015.

Xiaoyan Sun, Anoop Singhal, Peng Liu, “Who Touched My Mission: Towards Probabilistic Mission Impact Assessment,” In Proceedings of ACM SafeConfig Workshop, in association with ACM CCS 2015. 

M. Zhu and P. Liu. “Reviewing the book Principles of Cyber-physical Systems from a security perspective.” EAI Endorsed Transactions on Security and Safety, Special issue on miscellaneous emerging security problems, 15(4), 2015, book review. 

Chen Zhong, John Yen, Peng Liu, Robert F. Erbacher, and Christopher Garneau, “Peer into Cyber Security Analysts’ Minds: Capturing and Studying Their Cognitive Processes of Analytical Reasoning,” Penn State Graduate Exhibition of Research, University Park, PA, March 2015. Awarded the First Place in Engineering.

PhD Dissertations

Bin Zhao, IDENTIFYING PRIVATE DATA LEAKAGE THREATS IN WEB BROWSERS, PhD Dissertation, College of IST, June 2015, Penn State University. 

Jun Wang, PROTECTING SERVER PROGRAMS AND SYSTEMS: PRIVILEGE SEPARATION, ATTACK SURFACE REDUCTION, AND RISK ASSESSMENT, PhD Dissertation, College of IST, November 2015, Penn State University. 

MS Thesis

Pinyao Guo, DESIGN, IMPLEMENTATION AND EVALUATION OF A SYMBOLIC N-VARIANT SIMULATOR, College of IST, summer 2015, Penn State University

Gaoyao Xiao, DETECTING AUTOMATED AGENTS BASED INSIDER ATTACKS THROUGH ADJACENCY MATRIX ANALYSIS, MS Thesis, College of IST, Spring 2015, Penn State University

Wenqi Cao, MEMORY ANALYSIS TOWARDS MORE EFFICIENT LIVE MIGRATION OF APACHE WEB SERVER, MS Thesis, College of Engineering, Spring 2015, Penn State University

2014

US Patent

US Patent 8,881,288, “Graphical models for cyber security analysis in enterprise networks,” by R Levy, H Li, P Liu, and M Lyell, November 4, 2014.    

ICSE

Kai Chen, Peng Liu, Yingjun Zhang, “Achieving Accuracy and Scalability Simultaneously in Detecting Application Clones on Android Markets”, ICSE 2014, regular paper, June 2014. [PDF]

CGO

Q. Zeng, J. Rhee, H. Zhang, N. Arora, G. Jiang, P. Liu, “Precise and Scalable Calling Context Encoding,” Proc. International Symposium on Code Generation and Optimization (CGO 2014), 2014. [PDF]

DSN

R. Wu, P. Chen, P. Liu, B. Mao, “System Call Redirection: A Practical Approach to Meeting Real-world VMI Needs,” DSN 2014, June 2014.

FSE Distinguished Paper Award nomination

Lannan Luo, Jiang Ming, Dinghao Wu, Peng Liu and Sencun Zhu, “Semantics-Based Obfuscation-Resilient Binary Code Similarity Comparison with Applications to Software Plagiarism Detection,” FSE 2014, Nov. 16-22, 2014. 

ESORICS

Lingchen Zhang, Sachin Shetty, Peng Liu, Jiwu Jing, “RootkitDet: Practical End-to-End Defense against Kernel Rootkits in a Cloud Environment,” ESORICS 2014, Sept. 7-11, 2014.  

ESORICS

Min Li, Zili Zha, Wanyu Zang, Meng Yu, Peng Liu, Kun Bai, “Detangling Resource Management Functions from the TCB in Privacy-Preserving Virtualization,” ESORICS 2014, Sept. 7-11, 2014. 

ASE

Chuangang Ren, Kai Chen, Peng Liu, “Droidmarking: Resilient Software Watermarking for Impeding Android Application Repackaging,” ASE 2014, Sept. 15-19, Sweden, 2014.

ACM WiSec

Wenhui Hu, Damien Octeau, Patrick McDaniel, and Peng Liu, “Duet: Library Integrity Verification for Android Applications,” Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), July 2014. Oxford, United Kingdom.

ACM WiSec

Fangfang Zhang, Heqing Huang, Sencun Zhu, Dinghao Wu and Peng Liu, “ViewDroid: Towards Obfuscation-Resilient Mobile Application Repackaging Detection,” Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), July 2014. Oxford, United Kingdom.

TKDE

Qiang Zeng, Mingyi Zhao, Peng Liu, Poonam Yadav, Seraphin Calo, and Jorge Lobo. “Enforcement of Autonomous Authorizations in Collaborative Distributed Query Evaluation.” To appear in IEEE Transactions on Knowledge and Data Engineering (TKDE), 2014.

SecureComm Best Paper Award nomination

Xiaoyan Sun, Jun Dai, Anoop Singhal, Peng Liu, “Inferring the Stealthy Bridges between Enterprise Network Islands in Cloud Using Cross-Layer Bayesian Networks,” SecureComm 2014, Beijing, Sept. 23-26, 2014.

ISSRE

Fangfang, Zhang, Dinghao Wu, Peng Liu, and Sencun Zhu, “Program Logic Based Software Plagiarism Detection,”  In Proceedings of the 25th annual International Symposium on Software Reliability Engineering (ISSRE 2014), Naples, Italy, November 3-6, 2014.

MTD Workshop

Minghui Zhu, Zhisheng Hu and Peng Liu, “Reinforcement learning algorithms for adaptive cyber defense against Heartbleed”, Proc. First ACM Workshop on Moving Target Defense (MTD 2014), in association with CCS’14, Nov. 2014.

MTD Workshop

J. Xu, P. Guo, M. Zhao, R. F. Erbacher, M. Zhu, P. Liu, “Comparing Different Moving Target Defense Techniques.” Proc. First ACM Workshop on Moving Target Defense (MTD 2014), in association with CCS’14, Nov. 2014.

IFIP Networking

Lu Su, Yunlong Gao, Fan Ye, Peng Liu, Oktay Gunluk, Tom Berman, Seraphin Calo, Tarek Abdelzaher, "Robust Confidentiality Preserving Data Delivery in Federated Coalition Networks," Proc. 13th IFIP International Conference on Networking (Networking 2014), Trondheim, Norway, June, 2014.

CogSIMA

C. Zhong, D. Samuel, J. Yen, P. Liu, R. Erbacher, S. Hutchinson, R. Etoty, H. Cam, and W. Glodek, “RankAOH: Context-driven Similarity-based Retrieval of Experiences in Cyber Analysis,” In Proceedings of IEEE CogSIMA Conference, 2014. 

ICISS

George Cybenko, Sushil Jajodia, Michael P. Wellman, and Peng Liu, “Adversarial and Uncertain Reasoning for Adaptive Cyber Defense: Building the Scientific Foundation,” In Proc. ICISS 2014, invited paper, 8 pages 

SIW

Mingyi Zhao, Jens Grossklags and Kai Chen, “An Exploratory Study of White Hat Behaviors in a Web Vulnerability Disclosure Program,” Proc. CCS Workshop on Security Information Workers, November 7, 2014, Scottsdale, AZ

Elsevier ECE

D. Tian, X. Xiong, C. Hu, P. Liu, “Defeating Buffer Overflow Attacks via Virtualization,” Elsevier Computers & Electrical Engineering Journal, Vol. 40, Issue 6, Pages 1940-1950, August 2014.

PhD Dissertations

Jun Dai, “GAINING BIG PICTURE AWARENESS IN ENTERPRISE CYBER SECURITY DEFENSE,” PhD Dissertation, College of IST, Penn State University, July 2014

Qiang Zeng, “IMPROVING SOFTWARE SECURITY WITH CONCURRENT MONITORING, AUTOMATED DIAGNOSIS, AND SELF-SHIELDING,” PhD Dissertation, Dept. of CSE, College of Engineering, Penn State University, Oct. 2014

Book Chapters

John Yen, Robert Erbacher, Cheng Zhong, and Peng Liu, “Cognitive Process,” Book Chapter, in Cyber Defense and Situational Awareness, Robert Erbacher, Alexander Kott, and Cliff Wang (eds.), to appear.

D. Wu, P. Liu, Q. Zeng, D. Tian, “Software Cruising: A New Technology for Building Concurrent Software Monitor,” Book Chapter, in Secure Cloud Computing, Springer, Sushil Jajodia, Krishna Kant, Pierangela Samarati, Anoop Singhal, Vipin Swarup, and Cliff Wang (eds.), pages 303-324. Springer, 2014.

Haitao Du, Changzhou Wang, Tao Zhang, Shanchieh Jay Yang, Jai Choi, and Peng Liu, “Cyber Insider Mission Detection for Situation Awareness,” Book Chapter, in  Intelligent Methods for Cyberwarfare, Springer, to appear. 

Others

Qiang Zeng, Mingyi Zhao, and Peng Liu. “Targeted Therapy for Software Bugs and Vulnerabilities.” In Poster Session, 35th IEEE Symposium on Security and Privacy (Oakland), 2014.

H. Tripp, K. Warr, A. Freeman, P. Liu, S. Wang, K. Leung, J. Lobo, “A security model for micro-cloud technology in hybrid tactical environments,” short paper and poster, The 2014 Fall Meeting of ITA, 2014. 

Mingyi Zhao, Peng Liu, Qiang Zeng, Fan Ye, Seraphin Calo, Graham Bent, Patrick Dantressangle, and Jorge Lobo, “Authorization Information Leakage Control in Collaborative Distributed Query Processing,” short paper and poster, The 2014 Fall Meeting of ITA, 2014.

Heqing Huang, Kai Chen, Peng Liu, Sencun Zhu, and Dinghao Wu, “Uncovering the Dilemmas on Antivirus Software Design in Modern Mobile Platforms,” Proc. Int'l Workshop on System Level Security of Smartphones, in conjunction with SecureComm 2014, Springer LNICST, Sept. 23, Beijing, China

2013

US Patent

U.S. Patent 8,443,442, “Signature-Free Buffer Overflow Attack Blocker”

Technical Report (code released)

J. Wang, X. Xiong, P. Liu, [Arbiter System] “Practical Fine-grained Privilege Separation in Multithreaded Applications,” Penn State Cyber Security Lab Technical Report PSU-S2-13-051, arXiv:1305.2553, communicated 12 May 2013.

Arbiter project website (code released): here

RAID

Xi Xiong and Peng Liu, “SILVER: Fine-grained and Transparent Protection Domain Primitives in Commodity OS Kernel,” RAID 2013, published. [PDF]

RAID

Bin Zhao and Peng Liu, “Behavior Decomposition: Aspect-level Browser Extension Clustering and Its Security Implications,” RAID 2013, published. [PDF]

ESORICS

Jun Dai, Xiaoyan Sun, Peng Liu, “Patrol: Revealing Zero-day Attack Paths through Network-wide System Object Dependencies,” ESORICS 2013, published. [PDF]

ACSAC

Meng Yu, Min Li, Wanyu Zang, et al., “MyCloud: Supporting User-configured Privacy Protection in Cloud Computing,” ACSAC 2013, accepted. [PDF]

TIFS

Fengjun Li, Bo Luo, Peng Liu, Dongwon Lee, Chao-Hsien Chu, “Enforcing Secure and Privacy-Preserving Information Brokering in Distributed Information Sharing,” IEEE Transactions on Information Forensics and Security, 10.1109/TIFS.2013.2247398, Feb 2013. [PDF]

ICICS

Eunjung Yoon and Peng Liu, “XLRF: A Cross-Layer Intrusion Recovery Framework for Damage Assessment and Recovery Plan Generation,” ICICS 2013, published.

ICICS

Jing Wang, Peng Liu, Le Guan, Jiwu Jing, “Fingerprint Embedding: A Proactive Strategy of Detecting Timing Channels,” ICICS 2013, published.

FGCS

Shengzhi Zhang, Wenjie Wang, Haishan Wu, Athanasios Vasilakos, Peng Liu, “Towards Transparent and Distributed Workload Management for Large Scale Web Servers,” Elsevier FGCS Journal: Future Generation Computer Systems,  volume 29 issue 4 (June 2013), pages 913-925

ISI

C. Zhong, D. S. Kirubakaran, J. Yen, P. Liu, S. Hutchinson, H. Cam, “How to Use Experience in Cyber Analysis: An Analytical Reasoning Support System,” IEEE ISI 2013, published, short paper. [PDF]

TRUST

H. Huang, S. Zhu, P. Liu, D. Wu, “A Framework for Evaluating Mobile App Repackaging Detection Algorithms,” TRUST 2013, published.

SERE

Lei Wang, Ji Xiang, Peng Liu, Jiwu Jing, “MJBlocker: A Lightweight and Run-time Malicious JavaScript Extensions Blocker,” IEEE SERE 2013, published. 

SCN

Xiaoqi Jia, Rui Wang, Jun Jiang, Shengzhi Zhang, Peng Liu, “Defeating Return Oriented Programming based on Virtualization Techniques,” Wiley Journal Security and Communication Networks, DOI: 10.1002/sec.693, Jan 2013

JNCA

Yan Yang, Yulong Zhang, Alex Hai Wang, Meng Yu, Wanyu Zang, Peng Liu, Sushil Jajodia, “Quantitative Survivability Evaluation of Three Virtual Machine based Server Architectures,” Journal of Network and Computer Applications (Elsevier), Volume 36 Issue 2, March, 2013, Pages 781-790.

 

 

Xiaoyan Sun, Jun Dai, Peng Liu, “SKRM: Where Security Techniques Talk to Each Other,” CogSIMA 2013, IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, February 26-28, 2013, San Diego, 4 page position paper, plus poster.

C. Zhong, M. Zhao, G. Xiao, J. Xu, “Agile Cyber Analysis: Leveraging Visualization as Functions in Collaborative Visual Analytics,” IEEE VAST Challenge 2013 Workshop, part of IEEE Viz 2013, short paper, plus poster.

Mingyi Zhao, Peng Liu, Fan Ye, Jorge Lobo, “Decentralized Policy Confidentiality Preserving Query Planning in Coalition Networks,” ACITA 2013 (2-page short paper).

Zongbin Liu, Neng Gao, Jiwu Jing, Peng Liu, “HPAZ: a High-throughput Pipeline Architecture of ZUC in Hardware,”   IACR Cryptology ePrint Archive, Report 2013/461 (2013).

Thesis

Robert Cole, PhD dissertation, “Multi-Step Attack Detection via Bayesian Modeling under Model Parameter Uncertainty,” defended Dec, 2012 

Zhi Xin (Nanjing University), PhD dissertation, “Study on Program Diversity for Software Security,” defended May, 2013

D. S. Kirubakaran, MS Thesis, “Context-driven Similarity-based Retrieval of Cyber Analyst Experiences for Multi-step Attack Analysis,” CSE Department, defended March, 2013

2012

NDSS

D. Tian, Q. Zeng, D. Wu, P. Liu, C. Z. Hu,  “Kruiser: Semi-synchronized Non-blocking Concurrent Kernel Heap Buffer Overflow Monitoring,” NDSS 2012, published. [PDF]

RAID

Shengzhi Zhang, Peng Liu, “Assessing the Trustworthiness of Drivers,” RAID 2012, published.  [PDF]

ISSTA

F. Zhang, Yoon-Chan Jhi, Dinghao Wu, Peng Liu, Sencun Zhu, “Towards Algorithm Plagiarism Detection,” ISSTA 2012, published.

ESORICS

Q. Gu, K. Jones, W. Zang, M. Yu, P. Liu, “Revealing Abuses of Channel Assignment Protocols in Multi-Channel Wireless Networks: An Investigation Logic Approach,” ESORICS 2012.

CODASPY

Yuhao Yang, Jonathan Lutes, Fengjun Li, Bo Luo and Peng Liu, “Stalking Online: on User Privacy in Social Networks,” In ACM Conference on Data and Application Security and Privacy (CODASPY), 2012; Acceptance rate: 18.6%.

CogSIMA

Best Paper Award

Po-Chun Chen, Peng Liu, and John Yen, "Experience-Based Cyber Situation Recognition Using Relaxable Logic Patterns", Proc. IEEE CogSIMA 2012, New Orleans, LA 

ASIACCS

Shengzhi Zhang, Peng Liu, “Letting Applications Operate through Attacks Launched from Compromised Drivers,” ACM ASIACCS, 2012, short paper, May 2012, Korea.

TrustCom

Qijun Gu, Wanyu Zang, Meng Yu,  Peng Liu, “Collaborative Traffic-aware Intrusion Monitoring in Multi-channel Mesh Networks,” IEEE TrustCom 2012, published.

GameSec

J. Lin, P. Liu, J. Jing, “Using Signaling Games to Model the Multi-step Attack-defense Scenarios on Confidentiality,” GameSec 2012, published.

SAFECONFIG

M. Zhao, P. Liu, “Modeling and Checking the Security of DIFC System Configurations,” SAFECONG-2012, Baltimore, MD, 2012.

ASE Cyber Security

Jun Dai, Xiaoyan Sun, Peng Liu, Nicklaus Giacobe, “Gaining Big Picture Awareness through an Interconnected Cross-layer Situation Knowledge Reference Model,” ASE International Conference on Cyber Security, Washington DC, Dec 14-16, 2012, published. 

SPIE

Y. Cheng, Y. E. Sagduyu, J. Deng, J. Li, and Peng Liu, "Integrated Situational Awareness for Cyber-attack Detection, Analysis, and Mitigation," Proc. SPIE Defense, Security and Sensing Conference, 2012. 

ACITA

Q. Zeng, J. Lobo, P. Liu, S. Calo, and P. Yadav, “Safe query processing for pairwise authorizations in coalition networks,” ACITA 2012, (extended abstract).

Mingyi Zhao, Qiang Zeng, Jorge Lobo, Peng Liu, Fan Ye, Seraphin Calo, Tom Berman, “Distributed Query Planning in Coalition Network,” ACITA 2012, (2-page short paper).

Tom Berman, David Vyvyan, Graham Bent, Patrick Dantressangle, Jorge Lobo, Fan Ye, Peng Liu, “A Comparative Study on Trusted Path Discovery in Two Algorithms,” ACITA 2012, (2-page short paper). 

David Vyvyan, Tom Berman, Graham Bent, Patrick Dantressangle, Jorge Lobo, Fan Ye, Peng liu, “Trust-based Routing in Gaian Networks,” demo, ACITA 2012, Sept., 2012 UK.

JSR

Jun Shao, Peng Liu, Yuan Zhou, “Achieving Key Privacy without Losing CCA Security in Proxy Re-Encryption,” Journal of Systems and Software, accepted.

SCN

Jingqiang Liu, Jiwu Jing, Peng Liu, Qiongxiao Wang, "Impossibility of Finding Any Third Family of Server Protocols Integrating Byzantine Quorum Systems with Threshold Signature Schemes," Wiley Journal Security and Communication Networks, accepted.

BMC Bioinformatics

Fengjun Li, Xukai Zhou, Peng Liu, Jake Y. Chen, New Threats to Health Data Privacy, BMC Bioinformatics, in press.

IJIS

Zhi Xin, Huiyu Chen, Xinche Wang, Peng Liu, Sencun Zhu, Bing Mao, Li Xie, “Replacement Attacks: Automatically Evading Behavior Based Software Birthmark,” International Journal of Information Security, Springer, accepted, 2012.

SCN

Deguang Kong, Dinghao Wu, Donghai Tian, Peng Liu, “Semantic Aware Attribution Analysis of Remote Exploits,” Wiley Journal Security and Communication Networks, accepted.

Thesis

Xi Xiong, PhD Dissertation, “Protecting System Integrity in Commodity Computers,” defended, Oct 2012

 

Shengzhi Zhang, PhD Dissertation, “Virtualization-based Security Analysis of Production Server Systems,” defended, July 2012

 

Dan Keating, MS Thesis, “Exploiting Memory Remnants Vulnerabilities to Do Cross-Tenant Data Extraction in Cloud Systems,” defended, July 2012

 

Donghai Tian (BIT), PhD Dissertation on “Kernel Cruising” and systems integrity protection, defended, Feb 2012

 

Jian Liu (Nanjing University of Aeronautics & Astronautics), PhD Dissertation, “HCS: Study on Algorithms and Models of Decision Making Problem Based on Human-Centered Services,” defended, June 2012

 

Lei Wang (CAS), PhD Dissertation, “Study on Behavior-based Analysis of Malicious Network Scripts,” defended, May 2012

 

Zongbin Liu (CAS), PhD Dissertation, “Study on Hardware Implementations of ECC and Other Cryptographic Algorithms,” defended, May 2012

2011

NDSS

X. Xiong, D. Tian, P. Liu, “Practical Protection of Kernel Integrity for Commodity OS from Untrusted Extensions,” NDSS 2011, Feb, 2011, CA.  [PDF]

PLDI

Qiang Zeng, Dinghao Wu, Peng Liu, “Cruiser: Concurrent Heap Buffer Overflow Monitoring Using Lock-free Data Structures,” PLDI 2011, June, 2011. [PDF]

TIFS

Shengzhi Zhang, Xiaoqi Jia, Peng Liu, Jiwu Jing, “PEDA: Comprehensive Damage Assessment for Production Environment Server Systems,” IEEE Transactions on Information Forensics and Security, Vol. 6, No. 4, Dec 2011, pages 1323-1334.

ICSE (SPIE track)

Y. C. Jhi, X. Wang, X. Jia, S. Zhu, P. Liu, D. Wu, "Value-Based Program Characterization and Its Application to Software Plagiarism Detection",  ICSE 2011 (SPIE Track), 2011.

HotNets

John R. Douceur, Jon Howell, Bryan Parno, Xi Xiong, Michael Walfish, “The Web Interface Should Be Radically Refactored,” to appear, HotNets X, 2011

“Cloud

Shredder”

Nan Zhang, J. Jing, P. Liu, “Cloud Shredder: Removing the Laptop On-Road Data Disclosure Threat in the Cloud Computing Era,” Proc. 6th International Conference on Frontier of Computer Science and Technology, IEEE Digital Library, 2011

SSDBM

Fengjun Li, Yuxin Chen, Bo Luo, Dongwon Lee and Peng Liu, “Privacy-Preserving Group Linkage,” SSDBM 2011, accepted.

ISC 

Best Paper Award

Zhi Xin, Huiyu Chen, Xinche Wang, Peng Liu, Sencun Zhu and Bing Mao, "Replacement Attacks on Behavior Based Software Birthmark",(2011), ISC 2011, accepted. 

SecureComm

Deguang Kong, Donghai Tian and Peng Liu, "SAEA: Automatic Semantic Aware Remote Exploits Attribution Analysis", (2011). Proc. SECURECOMM 2011, to appear

ICICS

Jun Jiang, Xiaoqi Jia, Dengguo Feng, Shengzhi Zhang, Peng Liu, “HyperCrop: A Hypervisor-based Countermeasure for Return Oriented Programming,” accepted, to appear in Proc. ICICS 2011.

CNSM

S. Zhang, H. Wu, W. Wang, B. Yang, P. Liu, A. V. Vasilakos, "Distributed Workload and Response Time Management for Web Applications", (2011), Proc. IEEE  CNSM 2011, to appear, acceptance ratio 15%

SECRYPT

Zongbin Liu, Luning Xia, Jiwu Jing, Peng Liu, A Tiny RSA Coprocessor Based on Optimized Systolic Montgomery Architecture, Proc. SECRYPT 2011, acceptance ratio 13%

CODASPY

Junfeng Yu, P. Liu, Z. Li, S. Zhang, et al., “LeakProber: A framework for profiling sensitive data leakage paths,” ACM CODASPY 2011, 2011.

ICC

Qijun Gu, Meng Yu, Wanyu Zang, Peng Liu, “Lightweight Attacks against Channel Assignment Protocols in MIMC Wireless Networks,” ICC 2011, 2011.

ICC

Jun Shao, Peng Liu, Zhenfu Cao, Guiyi Wei, “Multi-use Unidirectional Proxy Re-Encryption,” ICC 2011, 2011

ACITA

Jorge Lobo, Qiang Zeng, “Towards Securing Query Processing in Distributed Databases,” position paper, Proc. ACITA 2011

IJIS

Deguang Kong, Yoon-Chan Jhi, Tao Gong, Sencun Zhu, Peng Liu, Hongsheng Xi, “SAS: Semantics Aware Signature Generation for Polymorphic Worm Detection,” International Journal of Information Security, Springer, in press.

SCN

Jun Shao, Zhenfu Cao, Peng Liu, “SCCR: a generic approach to simultaneously achieve CCA security and collusion-resistance in proxy re-encryption,” Security and Communication Networks 4(2): 122–135 (2011)

ISPEC

Donghai Tian, Xi Xiong, Changzhen Hu, and Peng Liu, “Policy-Centric Protection of OS Kernel from Vulnerable Loadable Kernel Modules,” ISPEC 2011, accepted. 

JQRE

Jingqiang Lin, Jiwu Jing, Peng Liu, “Evaluating Intrusion Tolerant Certification Authority Systems,” Journal of Quality and Reliability Engineering, accepted, in press

GENSIPS

Xukai Zou, Peng Liu and Jake Chen, “Personal Genome Privacy Protection with Feature-based Hierarchical Dual-stage Encryptions,” GENSIPS 2011, to appear

SCN

Jun Shao, Peng Liu, Guiyi Wei, Yun Ling, “Anonymous Proxy Re-encryption,” Security and Communication Networks Journal, published.

IJSCCPS

Baojun Qiu, Kristinka Ivanova, John Yen, Peng Liu, Frank E. Ritter, “Event-driven Modeling of Evolving Social Networks,” Int. J. of Social Computing and Cyber-Physical Systems, published. 

IJSN

Fengjun Li, Bo Luo, Peng Liu, “Secure and Privacy-Preserving Information Aggregation for Smart Grids,” International Journal of Security and Networks (IJSN), 6(1):28 - 39, 2011.

Qi Fang, Peng Liu, John Yen, Frank Ritter, Jonathan Morgan, “A Threaded Event-Based Simulation Approach for Supporting Intelligence Analysis,” Proc. 2011 WG 11.10 Conference on Critical Infrastructure Protection, published.

Kevin Hamlen, Peng Liu, Murat Kantarcioglu, Bhavani Thuraisingham, Ting Yu, “Identity management for cloud computing: Developments and directions,” Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research, 2011.

2010

ACSAC

S. Zhang, X. Jia, P. Liu, J. Jing, “Cross-Layer Comprehensive Intrusion Harm Analysis for Production Workload Server Systems,” In Proceedings of ACSAC 2010, Dec. 2010, Austin, Texas.  

ISC

D. Tian, X. Xiong, C. Z. Hu, P. Liu, “Short Paper: Integrating Offline Analysis and Online Protection to Defeat Buffer Overflow Attacks,” In Proceedings of ISC 2010, Florida  

SmartGridComm

Selected into IJSN Special Issue

F. Li, B. Luo, P. Liu, “Secure Information Aggregation for Smart Grids Using Homomorphic Encryption,” In Proceedings of First IEEE Conf. on Smart Grid Communications, Oct. 4-6, 2010, NIST, MD.  

INFOCOM

F. Li, B. Luo, P. Liu, C. H. Chu, “A Node Failure Resilient Anonymous Communication Protocol through Commutative Path Hopping  In Proceedings of IEEE INFOCOM 2010, March 2010, San Diego, CA, USA, regular paper.

MILCOM Tutorial

Jason Li, Peng Liu, “Cyber Security Analysis and Situation Awareness: Theory and Practice,” MILCOM 2010, San Jose, CA  

DSN

10-year Test-of-Time Award

Peng Xie, Jason H Li, Xinming Ou, Peng Liu and Renato Levy, “Using Bayesian Networks for Cyber Security Analysis,” In Proceedings of IEEE DSN-DCCS 2010, June 2010, Chicago, USA, regular paper.

SecureComm

J. Lin, P. Liu, J. Jing, Q. Wang, “Impossibility of Finding Any Third Family of Server Protocols Integrating Byzantine Quorum Systems with Threshold Signature Schemes” ,  Proceedings of SecureComm 2010, Sept. 2010, Singapore, accepted.

SecureComm 

Selected into IJIS Special Issue

D. Kong, Y. C. Jhi, T. Gong, S. Zhu, P. Liu, H. Xi, “SAS: Semantics Aware Signature Generation for Polymorphic Worm Detection”, Proceedings of SecureComm 2010, Sept. 2010, Singapore, accepted.

VLDB Journal

QFilter: Rewriting Insecure XML Queries to Secure Ones using Non-Deterministic Finite Automata, Bo Luo, Dongwon Lee, Wang-Chien Lee, Peng Liu, In The VLDB J., accepted.

Position Paper

Shengzhi Zhang, Xi Xiong, Peng Liu, “Challenges in Improving the Survivability of Data Centers,” Proc. of the Survivability in Cyberspace Workshop, 2010

Position Paper

Peng Liu, “Security and Privacy cannot be taken for Granted by the Cloud Computing Industry,” Proc. of METS 2010, Taiwan, Nov. 2010

COMCOM

Choi, Y. H., Liu, P. and Seo, S. W. “Using Information Collected by Botnets to Create Importance Scanning Worms,” Elsevier Computer Communications Journal, 33 (6), 676-688, 2010

TDSC

X. Wang, C. Pan, P. Liu, S. Zhu, SigFree: A Signature-free Buffer Overflow Attack Blocker, IEEE Transactions on Dependable and Secure Computing (TDSC), accepted, in press 

ACISP

Jun Shao, Min Feng, Bin Zhu, Zhenfu Cao and Peng Liu, “The Security Model of Unidirectional Proxy Re-Signature with Private Re-Signature Key,” Proc. of 15th Australasian Conference on Information Security and Privacy, July 5-7, 2010, Sydney, Australia

ARES

Hai Wang, Yan Su, Peng Liu, "A Semi-Markov Survivability Evaluation Model for Intrusion Tolerant Database Systems," accepted for publication in ARES 2010 (The Fifth International Conference on Availability, Reliability and Security)

COSE

Yoon-Ho Choi, Lunquan Li, Peng Liu, George Kesidis, “Worm Virulence Estimation for the Containment of Local Worm Outbreak,” Elsevier Computers & Security journal, Feb. 2010

ISPEC

Xiaoqi Jia, Xi Xiong, Jiwu Jing, Peng Liu, “Using Purpose Capturing Signatures to Defeat Computer Virus Mutating, “ accepted by The Sixth International Conference on Information Security Practice and Experience Conference (ISPEC 2010),  2010.  Springer-Verlag LNCS, to appear.

CNS

Heywoong Kim, Qijun Gu, Meng Yu, Wanyu Zang and Peng Liu, “A Simulation Framework for Performance Analysis of Multi-Interface and Multi-Channel Wireless Networks in INET/OMNET++,” accepted by 13th Communications and Networking Simulation Symposium (CNS'10)

SECRYPT

Meng Yu, W. Zang, H. Wang, P. Liu, “Evaluating Survivability and Costs of Three Virtual Machine based Server Architectures,” Proc. of SECRYPT 2010, accepted, 2010

Eurosys Poster

Shengzhi Zhang, Xiaoqi Jia, Peng Liu, “Rupi’s Dance: Cross-Layer Comprehensive Infection Diagnosis for Availability-Critical Server Systems,” poster, Eurosys 2010

CSI

Peng Liu, Meng Yu, “Damage Assessment and Repair in Attack Resilient Distributed Database Systems,” Elsevier Computer Standards & Interfaces Journal, accepted.

BIOKDD

Fengjun Li, Jake Chen, Xukai Zou, Peng Liu, “New Privacy Threats in Healthcare Informatics: When Medical Records Join the Web,” short paper, BIOKDD workshop 2010, Washington D.C.

IET Info Security

Meng Yu, Wanyu Zang, Peng Liu, “Recovery of Data Integrity under Multi-Tier Architectures”, IET Information Security Journal, accepted.

PhD Dissertations

Fengjun Li, “Secure and Privacy-Preserving Information Brokering,” PhD Dissertation, Oct. 2010

Yoon-Chan Jhi, “A Study of Selected Security Measures against Non-legitimate Use of Code,” PhD Dissertation, Aug. 2010

Xiaoqi Jia (joint PhD training), “A Study of Virtualization-based High Availability and Security Mechanisms,” PhD Dissertation, June 2010, Degree granted by Graduate University of CAS 

Po-Chun Chen (affiliated student), “Experience-based Cyber Security Analysis,” PhD Dissertation, fall 2010

Deguang Kong (joint PhD training), “Research on Applications of Semantic Aware Statistical Learning Approaches in Code Security Problems”, PhD Dissertation, May 2010, Degree granted by University of Sci. and Tech. of China

 

David Basin, Peng Liu, Peng Ning (eds.), Proc. of 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS’10), ACM Press, April, 2010, to appear

D. Tian, D. Kong, C. Z. Hu, P. Liu, “Protecting Kernel Data through Virtualization Technology,” Proc. SecureWare 2010

Baojun Qiu, Kristinka Ivanova, John Yen and Peng Liu, “Behavior Evolution and Event-driven Growth Dynamics in Social Networks,” IEEE Social Computing Conference (SocialCom 2010)

Baojun Qiu, Kristinka Ivanova, John Yen and Peng Liu, “Study of Effect of Node Seniority in Social Networks,” Proc. of IEEE ISI 2010, short paper

Zongbin Liu, Jiwu Jing, and Peng Liu, “Rate-based Watermark Traceback: A New Approach,” Proc. of The Sixth International Conference on Information Security Practice and Experience Conference (ISPEC 2010), 2010

Xiaoqi Jia, Jun Shao, Peng Liu, “CCA-Secure Type-based Proxy Re-encryption with Invisible Proxy,” accepted by CIT 2010, Proc. of The 10th IEEE International Conference on Computer and Information Technology, 2010

Daren Zha, Jiwu Jing, Peng Liu, Jingqiang Lin, Xiaoqi Jia, “Proactive Identification and Prevention of Unexpected Future Rule Conflicts in Attribute Based Access Control, “ Springer-Verlag LNCS, 2010.  

2009

Cyber

Situation

Awareness

S. Jajodia, P. Liu, V. Swarup, C. Wang (eds.), Cyber Situational Awareness: Issues and Research, Springer, published in Nov. 2009  

CCS

X. Wang, Y. C. Jhi, S. Zhu, P. Liu, “Behavior Based Software Theft Detection,” Proc. ACM CCS, 2009. [PDF]

ACSAC

X. Wang, Y. C. Jhi, S. Zhu, P. Liu, “Detecting Software Theft via System Call Based Birthmarks”, Proc. ACSAC, 2009, accepted, to appear. 19.6% acceptance rate.

ACSAC

X. Xiong, X. Jia, P. Liu, “SHELF: Preserving Business Continuity and Availability in an Intrusion Recovery System”, Proc. ACSAC, 2009, accepted, to appear. 19.6% acceptance rate.

VMSEC

Zhang, S., Xiong, X., Jia, X. and Liu, P. (2009) “Availability-sensitive Intrusion Recovery”, Proceedings of Second ACM Workshop on Virtual Machine Security, Chicago, IL, November 2009, 6 page position paper

TKDE

B. Zheng, W. C. Lee, P. Liu, D. L. Lee, X. Ding, Tuning On-Air Signatures for Balancing Performance and Confidentiality, IEEE Transactions on Knowledge and Data Engineering, Vol. 21, Issue. 12, pp. 1783-1797, Dec. 2009

TDSC

Q. Gu, P. Liu, W. C. Lee, C. H. Chu, KTR: An Efficient Key Management Scheme For Secure Data Access Control in Wireless Broadcast Services, IEEE Transactions on Dependable and Secure Computing (TDSC), Volume 6, Number 3, July-Sept. 2009, pp. 188-201. [PDF]

EDBT

Damage Tracking Quarantine and Recovery for Mission-Critical Database Systems, Proc. EDBT 2009, March 2009.

NCA

Meng Yu, Peng Liu, Wanyu Zang: The implementation and evaluation of a recovery system for workflows. Elsevier J. Network and Computer Applications 32(1): 158-183 (2009)

SCN

Yoon-Chan Jhi, Peng Liu, Lunquan Li, Qijun Gu, Jiwu Jing, George Kesidis, PWC: A Proactive Worm Containment Solution for Enterprise Networks, Wiley Security and Communication Networks Journal, accepted, to appear

 

K. Bai, Ying Liu, Peng Liu, “Prevent Identity Disclosure in Social Network Data Study,” Proc. ACM CCS 2009, poster

 

Zang, W., Gu, Q., Yu, M. and Liu, P. (2009) “An Attack-Resilient Channel Assignment MAC Protocol Not relying on Trust Management”, Proc. International Workshop on Data Security and Privacy in Emerging Networked Systems, in association with NBiS, Indianapolis, Aug. 19-21.

 

Ruidong Li, Jie Li, Peng Liu, Jien Kato, “A Novel Hybrid Trust Management Framework for MANETs,” Proc. 2009 International Workshop on Next Generation Network Architecture (NGNA 2009) , in association with ICDCS’09.

 

M. Yung, P. Liu, D. Lin (eds.), Information Security and Cryptology, Springer Lecture Notes in Computer Science, 2009, ISBN 3-540-36796-9

 

P. Liu, R. Molva, R. D. Pietro (eds.), Proceedings of the fourth International Conference on Security and Privacy in Communication Networks (Securecomm 2008), ACM Digital Library, 2008 

 

M. Yung, P. Liu, D. Lin (eds.), Information Security and Cryptology - Proceedings of the Short Papers Presented on Inscrypt 2008, Chinese Science Press, 2009

 

Zang, W., Liu, P. and Yu, M. (2009) “Incentive-based Methods for Inferring Attacker Intent and Strategies and Measuring Attack Resilience,” in Annals of Emerging Research in IA, Security and Privacy Service, H. R. Rao and Shambhu Upadhyaya (eds.), Elsevier, in press.

 

Barford, P., Dacier, M., Dietterich, T. G., Fredrikson, M., Giffin, J., Jajodia, S., Jha, S., Li, J.,  Liu, P., Ning, P., Ou, X., Song, D., Strater, L., Swarup, V., Tadda, G., Wang, C. and Yen, J. (2009) “Cyber SA: Situational Awareness for Cyber Defense,” in Cyber Situational Awareness: Issues and Research, S. Jajodia, P. Liu, V. Swarup, C. Wang (Eds.), ISBN: 98-1-4419-0139-2, Springer International Series on Advances in Information Security, Nov. 2009

 

Yen, J., McNeese, M., Mullen, T., Hall, D., Fan, X. and Liu, P. (2009) “RPD-based Hypothesis Reasoning for Cyber Situation Awareness,” in Cyber Situational Awareness: Issues and Research, S. Jajodia, P. Liu, V. Swarup, C. Wang (Eds.), ISBN: 98-1-4419-0139-2, Springer International Series on Advances in Information Security, Nov. 2009

 

Liu, P., Jia, X., Zhang, S., Xiong, X., Jhi, Y. C., Bai, K. and Li, J. (2009) “Cross-Layer Damage Assessment for Cyber Situational Awareness,” in Cyber Situational Awareness: Issues and Research, S. Jajodia, P. Liu, V. Swarup, C. Wang (Eds.), ISBN: 98-1-4419-0139-2, Springer International Series on Advances in Information Security, Nov. 2009

 

Liu, P., La Porta, T. and Kotapati, K. (2009) “Cellular Network Security,” in Handbook of Wireless Networks, John R. Vacca (editor), Morgan Kaufmann, published.

 

P. Luenam, P. Liu, A. F. Norcio, A Neuro-Fuzzy Approach towards Adaptive Intrusion Tolerant Database Systems, in Computational Intelligence and Its Applications, X. Li, X. Yao (eds.), USTC Press, Hefei, China, 2009

 

Kun Bai, Damage Management in Database Management Systems, Ph.D. Dissertation, defended in Summer 2009

2008

VMSEC

X. Jia, S. Zhang, J. Jing, P. Liu, Using Virtual Machines to Do Cross-Layer Damage Assessment, Proceedings of ACM Workshop on Virtual Machine Security, in association with ACM CCS, 2008

ACSAC

Robert Cole, Peng Liu, Addressing Low Base Rates in Intrusion Detection via Uncertainty-Bounding Multi-Step Analysis, Proceedings of 24th Annual Computer Security Applications Conference (ACSAC), 2008

ACSAC

X. Wang, Y-C Jhi, S. Zhu, P. Liu, STILL: Exploit Code Detection via Static Taint and Initialization Analyses Proceedings of 24th Annual Computer Security Applications Conference (ACSAC), 2008

ESORICS

K. Bai, P. Liu, M. Yu, TRACE: Zero-down-time Database Damage Tracking, Quarantine, and Cleansing with Negligible Run-time Overhead, Proc. ESORICS 2008

 

WINET

Kameswari Kotapati, Peng Liu, and Thomas F. LaPorta, Evaluating MAPSec by Marking Attack Graphs, Kluwer/ACM Wireless Networks Journal (WINET), in press.

 

TELESYS

K. Kotapati, P. Liu, T. F. LaPorta, Dependency Relation based Vulnerability Analysis of 3G Networks: Can It Identify Unforeseen Cascading Attacks?  Springer Telecommunications Systems Journal, special issue on “Security, Privacy and Trust for Beyond-3G Networks,” in press [PDF]

 

 

Q. Gu, C. H. Chu, P. Liu, Modeling and Analysis of Bandwidth Competition in 802.11 Networks, International Journal of Mobile Network Design and Innovation, in press.

 

F. Li, B. Luo, P. Liu, D. Lee, P. Mitra, W. Lee, C. Chu, In-broker Access Control: Towards Efficient End-to-End Performance of Information Brokerage Systems, International Journal on Intelligent Control and Systems, Special Issue on Information Assurance, in press.

 

W. Zang, M. Yu, P. Liu, How Resilient is the Internet against DDoS attacks? - A Game Theoretic Analysis of Signature-based Rate Limiting, International Journal on Intelligent Control and Systems, Special Issue on Information Assurance, in press.

 

X. Wen, J. Jing, P. Liu, A model of efficient intrusion recovery solution based on log-structured file system, Journal of the Graduate School of the Chinese Academy of Sciences (JGSCAS), No. 6, 2008

L. Li, P. Liu, G. Kesidis, Threshold Smart Walk for the Containment of Local Worm Outbreak, Proc. IEEE GLOBECOM 2008

F. Li, R. Luo, P. Liu, A. Squicciarini, D. Lee, C. Chu, Defending against Attribute-Correlation Attacks in Privacy-Aware Information Brokering, Proc. CollaborateCom 2008, invited paper

 

K. Bai, P. Liu, A Fine-grained Damage Management Scheme in a Self-Healing PostgreSQL System, Proc. IEEE High Assurance Systems Engineering Symposium (HASE), Dec 3-5, 2008, Nanjing, China

 

Xinran Wang, Yoon-Chan Jhi, Sencun Zhu, Peng Liu, Protecting Web Services from Remote Exploit code: A Static Analysis Approach, Poster paper, Proc. 17th International World Wide Web Conference (WWW 2008), Beijing, China, April 2008, to appear. 

 

K. Bai, P. Liu, A Light Weighted Damage Tracking Quarantine and Recovery Scheme for Mission-Critical Database System, poster paper, Proceedings of ACM CIKM 2008.

 

Yuewu Wang, Peng Liu, Jiwu Jing, Xiaoqi Jia, A Multi-Level Fidelity-preserving Bandwidth-Limited Worm Simulation Model and Its Application, Proc. 41st Annual IEEE Simulation Symposium, Ottawa, Canada, April 14-16, 2008, to appear.

 

Mohammad M. Masud, Latifur Khan, Bhavani Thuraisingham, Xinran Wang, Peng Liu, Sencun Zhu, A Data Mining Technique to Detect Remote Exploits, Fourth IFIP WG 11.9 International Conference on Digital Forensics, Kyoto, Japan, January 27-30, 2008, to appear

 

Kameswari Kotapati, Peng Liu, Thomas F. LaPorta, EndSec : An End-to-En Message Security Protocol for Mobile Telecommunication Networks, IEEE Workshop on Security, Privacy and Authentication in Wireless Networks, in conjunction with 9th IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks, 2008, accepted, to appear

 

P. Liu, S. Jajodia, M. Yu, Damage Quarantine and Recovery in Data Processing Systems, in Handbook of Database Security, M. Gertz, S. Jajodia, eds., Springer, to appear. [PDF]

 

Q. Gu, P. Liu, Denial of Service Attacks, in Handbook of Computer Networks, Hossein Bidgoli et al. (eds.), John Wiley & Sons, Hoboken, NJ, 2008.  [PDF]

  

H. Wang, P. Liu, Survivability Evaluation: Modeling Techniques And Measures, in Jatinder Gupta and Sushil Sharma eds., in Handbook of Research on Information Security and Assurance, Idea Group Inc., August 2008

 

Kameswari Kotapati, Assessing Security of Mobile Telecommunication Networks, Ph.D. Dissertation, defended in Jan 2008

 

Lunquan Li, Enterprise Worm: Simulation, Detection, and Optimal Containment, Ph.D. Dissertation, defended in May 2008

 

Robert (Bo) Luo, XML Access Control in Native and RDBMS Systems, Ph.D. Dissertation, defended in May 2008

 

2007

 

CCS

Fengjun Li, Bo Luo, Peng Liu, Dongwon Lee, Chao-Hsien Chu, Automaton Segmentation: A New Approach to Preserve Privacy in XML Information Brokering, In 14th ACM Conf. on Computer and Communication Security (CCS), Alexandria, VA, USA, October 2007, pages 508-518.   [PDF]

ESORICS

B. Luo, D. Lee, P. Liu, Pragmatic XML Access Control Enforcement using Off-the-shelf RDBMS, ESORICS 2007, pages 55-71.  [PDF]

SRDS

J. Lin, J. Jing, P. Liu, A Framework for Intrusion Tolerant Certification Authority System Evaluation, IEEE SRDS 2007, acceptance rate = 15%

ACSAC

M. Yu, W. Zang, P. Liu, Database Isolation and Filtering against Data Corruption Attacks, ACSAC 2007.

 

SecureComm

Y. Jhi, P. Liu, L. Li, Q. Gu, J. Jing, G. Kesidis, PWC: A Proactive Worm Containment Solution for Enterprise Networks, IEEE  SecureComm 2007.  [PDF]

 

ASIACCS

P. Ayyagari, P. Mitra, D. Lee, W. Lee, P. Liu, Incremental Adaptation of XML Access-Control Views, Proc. Second ACM Symposium on Information, Computer and Communications Security (AsiaCCS), 2007, acceptance rate = 18%.

 

TC

Peng Liu, Jie, Li, Sushil Jajodia, Paul Ammann, Can Follow Concurrency Control, IEEE Transactions on Computers, 56(10), pp. 1425-1430 (brief contribution)

 

 

Q. Gu, P. Liu, C. Chu, Analysis of Area-congestion-based DDoS Attacks in Ad Hoc Networks, Elsevier Ad Hoc Networks Journal, Vol. 5/5, 2007, pages 613-625. [PDF]

 

H. Wang, P. Liu, L. Li, Evaluating the Survivability of Intrusion Tolerant Database Systems and the Impact of Intrusion Detection Deficiencies, International Journal of Information and Computer Security, Vol. 1, No. 3, pp. 315-340.

 

Q. Gu, P. Liu, S. Zhu, C. Chu, Defending against Packet Injection Attacks in Unreliable Ad Hoc Networks, International Journal of Security and Networks, Vol. 2, 2007, pages 154-169.  [PDF]

W. Zang, M. Yu, P. Liu, A Distributed Algorithm for Workflow Recovery, International Journal on Intelligent Control and Systems, Volume 12, Number 1, March 2007

Page(s): 56- 62

 

M. Yu, P. Liu, S. Jajodia, Trusted Recovery, in Secure Data Management in Decentralized Systems, T. Yu, S. Jajodia, eds., Springer, Berlin, ISBN / ASIN: 0387276947, Dec. 2006.

 

L. Li, P. Liu, Y. C. Jhi, G. Kesidis, Evaluation of Collaborative Worm Containment on DETER Testbed, In Proc. DETER Community Workshop on Cyber Security Experimentation, in association with Usenix Security Symposium, Boston, August 2007

 

J. Li, R. Levy, P. Liu, Intelligent Cyber Security Analysis in Enterprise Networks, AAAI RIDIS Workshop 2007, position paper.

 

R. Li, J. Li, P. Liu, H. H. Chen, An Objective Trust Management Framework for Mobile Ad Hoc Networks, IEEE VTC 2007. 

 

Pramote Luenam, A Neuro-Fuzzy Approach Towards Adaptive Intrusion Tolerant Database Systems, Ph.D. Dissertation, defended in May 2007

 

Hai Wang, Modeling and Evaluating the Survivability of an Intrusion Tolerant Database System, Ph.D. Dissertation, defended in July 2007

 

2006

 

USENIX Security

 

X. Wang, C. Pan, P. Liu, S. Zhu, SigFree: A Signature-free Buffer Overflow Attack Blocker, Proc. USENIX Security 2006, acceptance rate = 12% [PDF]

 

ESORICS

H. Wang, P. Liu, Modeling and Evaluating the Survivability of an Intrusion Tolerant Database System, Proc. ESORICS 2006, acceptance rate = 20%

 

ACSAC

K. Bai, P. Liu, Towards Database Firewall: Mining the Damage Spreading Patterns, Proc. ACSAC 2006, to appear, acceptance rate = 20%

 

SACMAT

P. Mitra, C. Pan, P. Liu, Semantic Access Control for Information Interoperation, Proc. ACM SACMAT 2006, to appear.

 

ASIACCS

P. Mitra, C. Pan, P. Liu, V. Atluri, Privacy-preserving Semantic Interoperation and Access Control of Heterogeneous Databases, Proc. ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2006, to appear, acceptance rate = 17% [PDF]

 

SEC

K. Kotapati, P. Liu, T. F. LaPorta, CAT – A Practical Graph & SDL Based Toolkit for Vulnerability Assessment of 3G Networks, In Proc. IFIP SEC 2006, to appear, acceptance rate = 24.8% [PDF]

 

 

F. Li, B. Luo, P. Liu, D. Lee, P. Mitra, W. Lee, C. Chu, In-broker Access Control: Towards Efficient End-to-End Performance of Information Brokerage Systems, Proc. IEEE SUTC 2006, acceptance rate = 25% [PDF]

 

L. Li, I. Hamadeh, S. Jiwasurat, G. Kesidis, P. Liu, C. Newman, Emulating Sequential Scanning Worms on the DETER Testbed, Proc. IEEE TridentCom ’06. [PDF]

 

L. Li, P. Liu, G. Kesidis, Visual Studio for Network Security Experiment Specification and Data Analysis, Proc. ACM VizSEC Workshop 2006 (in association with CCS’06), Nov 2006.

 

R. Li, J. Li, P. Liu, H. H. Chen, On-Demand Public-Key Management for Mobile Ad Hoc Networks, Wiley Journal of Wireless Communications and Mobile Computing (WCMC), 6:1-12, 2006.

 

Q. Gu, Chao-Hsien Chu, Peng Liu, Sencun Zhu, Slander Resistant Attacker Isolation in Ad Hot Networks, International Journal of Mobile Network Design and Innovation, Inderscience Publishers, Vol. 1, No. 3, 2006.

 

E. Damiani, P. Liu (eds.), Database and Applications Security XX, Springer Lecture Notes in Computer Science, LNCS 4127, 2006, ISBN 3-540-36796-9

 

M. Yu, P. Liu (eds.), Proceedings of the First International Workshop on Information Assurance in Distributed Systems, Springer Lecture Notes in Computer Science, 2006.

 

Q. Gu, K. Bai, H. Wang, P. Liu, C. Chu, Modeling of Pollution in P2P File Sharing Systems, Proc. 2006 IEEE Consumer Communications and Networking Conference, 8-10 January 2006, Las Vegas, NV

 

L. Li, P. Liu, G. Kesidis, Scanning An Integrated Experiment Specification and Visualization Tool for Testbed Emulation, (3 page short paper), Proc. 2006 DETER Community Workshop, Arlington, VA, June 2006

 

L. Li, G. Kesidis, P. Liu, Scanning Worm Emulation on the DETER Testbed (3 page short paper), Proc. 2006 DETER Community Workshop, Arlington, VA, June 2006

 

P. Liu, Book Review, Information Security – A Strategic Approach, Vincent Leveque, IEEE Computer Society & Wiley Inderscience, ISBN 0471736120, Elsevier Information Processing & Management Journal, 2006, in press

 

2005

 

TISSEC

P. Liu, W. Zang, M. Yu, Incentive-Based Modeling and Inference of Attacker Intent, Objectives and Strategies, ACM Transactions on Information and Systems Security, Vol. 8, No. 1, 41 pages. [PDF]

 

JCS

M. Yu, P. Liu, W. Zang, Specifying and Using Group-to-Group Communication Services for Intrusion Masking, Journal of Computer Security, Vol. 13, No. 4, 623-658. [PDF]

 

JASIST

Peng Liu, Amit Chetal, Trust-based Secure Information Sharing between Federal Government Agencies, Journal of the American Society for Information Science and Technology, 56(3): 283--298. [PDF]

 

CIKM

Q. Tan, W. Lee, B. Zhang, P. Liu, D. L. Lee, Balancing Performance and Confidentiality in Air Index, ACM CIKM 2005, to appear, acceptance rate = 18% [PDF]

 

ACSAC

M. Yu, W. Zang, P. Liu, Defensive Execution of Transactional Processes against Attacks, Proc. ACSAC 2005, to appear, acceptance rate = 19.6% [PDF]

 

ITC

L. Li, S. Jiwasurat, P. Liu, G. Kesidis, Emulation of Single Packet UDP Scanning Worms in Large Enterprises, In Proc. 19  International Teletraffic Congress (ITC19), August, Beijing, China, 2005. [PDF]

 

DOE

P. Liu, A Game Theoretic Approach to Cyber Attack Prediction, DOE ECPI Program Final Technical Report, Dec 2005, 26 pages

 

 

P. Liu, Emerging Technologies in Information Assurance, DoD IA Newsletter, summer volume

 

Q. Gu, P. Liu, S. Zhu, C. Chu, Defending against Packet Injection Attacks in Unreliable Ad Hoc Networks, IEEE GLOBECOM ’05, acceptance rate = 30%. Click [PDF] for the full size technical report.

 

Y. Sun, P. Liu, P. Kermani, T. F. La Porta, “An Architecture and Key Management Approach for Maintaining Privacy in Location Based Group Services,” Proc. IEEE CollaborateCom 2005.

 

Q. Gu, P. Liu, W. Lee, C. Chu, KTR: An Efficient Key Management Scheme for Air Access Control, Proc. IEEE Mobiquitous 2005 (short paper).  Click [PDF] for the full size technical report.

 

K. Bai, H. Wang, P. Liu, Towards Database Firewalls, Proc. 19th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSEC ’05), Storrs, CT, August 7-10, 2005.

 

K. Kotapati, P. Liu., Y. Sun, T. F. LaPorta, A Taxonomy of Cyber Attacks on 3G Networks, Proc. IEEE Int’l Conf. on Intelligence and Security Informatics (extended abstract) (ISI ’05), Springer LNCS Vol. xx

 

Y. Sun, P. Liu, P. Kermani, T. F. La Porta, “An Architecture and Key Management Approach for Maintaining Privacy in Location Based Group Services,” Proc. IEEE CollaborateCom 2005, International Conference on Collaborative Computing: Networking, Applications and Worksharing, 2005.

 

Q. Gu, Chao-Hsien Chu, Peng Liu, Sencun Zhu, Slander Resistant Attacker Isolation in Ad Hot Networks,  Proc. International Conference on Telecommunication Systems – Modeling and Analysis, November 17-20, 2005, Dallas, TX, 13 pages, To appear.

 

M. Yu, W. Zang, P. Liu, J. Wang, The Architecture of An Automatic Distributed Recovery System, Proc. 2005 IEEE International Conference on Networking, Sensing and Control (ICNSC ’05).

 

P. Mitra, P. Liu, C. Pan, Privacy Preserving Ontology Matching, In Proc. AAAI-05 Workshop on Contexts and Ontologies: Theory, Practice and Applications (4-page short paper), 2005, to appear.

 

B. Luo, D. Lee, W. Lee, P. Liu, Deep Set Operators for XQuery, In Proc. Second International Workshop on XQuery Implementation, Experience and Perspectives (XIME-P 2005) (short paper), in association with SIGMOD 2005, to appear

 

S. Roberts, S. Coyne, Form Follows Function: Information Assurance Network Design for Problem Based Learning, In Proc. 9th Colloquium for Information Systems Security Education (CISSE ’05), 6-10 June, Atlanta Georgia, 2005.

 

M. Yu, W. Zang, P. Liu, Self Healing Workflows under Attacks, 5 minute talk, IEEE Symposium on Security and Privacy, 2005

 

Qijun Gu, Peng Liu, Chao-Hsien Chu, Hacking Techniques in Wired Networks, In The Handbook of Information Security, Hossein Bidgoli et al. (eds.), John Wiley & Sons, to appear [PDF]

 

Peng Liu, Meng Yu, Jiwu Jing, Information Assurance, In The Handbook of Information Security, Hossein Bidgoli et al. (eds.), John Wiley & Sons; to appear [PDF]

 

Qijun Gu, A Study of Selected Security Issues in Wireless Networks, Ph.D. Dissertation, defended in June 21, 2005

 

2004

 

ICDCS

M. Yu, P. Liu, W. Zang, Self Healing Workflow Systems under Attacks, Proc. 24th IEEE International Conference on Distributed Computing Systems (ICDCS ’04), Tokyo, Japan, March 2004, pages 418-425. Acceptance rate = 17.68% [PDF]

 

CIKM

B. Luo, D. Lee, W. C. Lee, P. Liu, QFilter: Fine-Grained Run-Time XML Access Controls via NFA-based Query Rewriting, Proc. ACM CIKM 2004. Acceptance rate = 19%. [PDF]

 

CACM

R. Bazjscy, T. Benzel, M. Bishop, B. Braden, C. Brodley, S. Fahmy, S. Floyd, W. Hardaker, A. Joseph, G. Kesidis, K. Levitt, B. Lindell, P. Liu, D. Miller, R. Mundy, C. Neuman, R. Ostrenga, V. Paxson, P. Porras, C. Rosenberg, J. Tygar, S. Sastry, D. Sterne, S.F. Wu, Cyber Defense Technology Networking and Evaluation, Communications of the ACM, March 2004, Vol. 47, No. 3, pages 58-61

 

ISC

H. Wang, P. Liu, L. Li, Evaluating the Impact of Intrusion Detection Deficiencies on the Cost-Effectiveness of Attack Recovery, In Proceedings of the 7th Information Security Conference (ISC ’04), Springer LNCS, September 2004.

 

 

R. Li, J. Li, H. Kameda, P. Liu, Localized Public-key Management for Mobile Ad Hoc Networks, Proc. IEEE Globecom ’04. Acceptance rate = 29% [PDF]

               

Peng Liu, H. Wang, L. Li, Real-Time Data Attack Isolation for Commercial Database Applications, Elsevier Journal of Network and Computer Applications, in press.

 

P. Liu, J. Jing, P. Luenam, Y. Wang, L. Li, S. Ingsriswang, The Design and Implementation of a Self-Healing Database System, Journal of Intelligent Information Systems, Vol. 23, No. 3, 247-269, 2004  [PDF]

 

B. Luo, D. Lee, W. C. Lee, P. Liu, A Flexible Framework for Architecting XML Access Control Enforcement Mechanisms, In Proceedings of the First Workshop on Secure Data Management in a Connected World (Lecture Notes in Computer Science 3178), August 2004.

 

Q. Gu, P. Liu, C. Chu, Tactical Bandwidth Exhaustion in Ad Hoc Networks, Proceedings of the 5th Annual IEEE Information Assurance Workshop (IA ’04), West Point, June 2004.

 

B. Pfitzmann, P. Liu (Eds.), Proceedings of the 11th ACM Conference on Computer and Communications Security, ACM Press, 2004, ACM ISBN: 1-58113-961-6.

 

Dan Gao, TCP-based Worm Analysis and Experiments on Emulab, BS Thesis, IST & Schreyer Honors College

 

W. C. Lee, P. Liu, L. Giles, Research Issues in Secure Wireless Data Broadcast Systems, Technical Report

 

2003

 

CCS

Selected into TISSEC Special Issue

P. Liu, W. Zang, Incentive-Based Modeling and Inference of Attacker Intent, Objectives and Strategies, Proc. 10th ACM Conference on Computer and Communications Security (CCS ’03) (Acceptance rate 36/252=14.3%), October 28-31, Washington DC, 2003, pages 179-189. [PDF]

 

ACSAC

M. Yu, P. Liu, W. Zang, Multi-Version Data Objects Based Attack Recovery of Workflows, Proc. 19th Annual Computer Security Applications Conference (ACSAC ’03), Las Vegas, Dec, 2003, pages 142-151. [PDF]

 

SEC

M. Yu, P. Liu, W. Zhang, Intrusion Masking for Distributed Atomic Operations,  Proc. 18th IFIP International Information Security Conference (SEC ’03), May 2003, acceptance ratio 27%, pages 229-240.

 

SSRS

 J. Jing, P. Liu, D. G. Feng, J. Xiang, N. Gao, J. Q. Lin, ARECA: A Highly Attack Resilient Certification Authority, Proc. First ACM Workshop on Survivable and Self-Regenerative Systems (SSRS ’03), October 2003, pages 53-63. [PDF]

 

XSYM

D. Lee, W. C. Lee, and P. Liu, Supporting XML Security Models using Relational Databases: A Vision, Proc. First International Symposium of XML Databases (XSym ’03) (Lecture Notes in Computer Science), September 2003.  [PDF]

 

 

 J. Zhang, P. Liu, Delivering Services with Integrity Guarantees in Survivable Database Systems, Proc. 17th IFIP WG 11.3 Conference on Data and Applications Security (DBSEC ’03), August 2003, pages 31-45.

 

Peng Liu, Engineering a Distributed Intrusion Tolerant Database System Using COT Components, Proc. DISCEX III, Volume 2, pages 284-289, April 2003

 

Peng Liu, ITDB: An Attack Self-Healing Database System Prototype, Demo Abstract, Proc. DISCEX III, Volume 2, pages 131-133, 2003

 

P. Liu, Architectures for Intrusion Tolerant Database Systems, in Foundations of Intrusion Tolerant Systems, Jaynarayan H. Lala (ed.), IEEE Computer Society Press, 2003, pages 3-13. A previous version appears as [28].

 

P. Luenam, P. Liu, The Design of an Adaptive Intrusion Tolerant Database System, in Foundations of Intrusion Tolerant Systems, Jaynarayan H. Lala (ed), IEEE Computer Society Press, 2003, pages 14-21. A previous version appears as [30].

 

P. Liu, Measuring Quality of Information Assurance, DARPA OASIS Final Technical Report, 2003

 

R. R. Barton, W. J. Hery, P. Liu, An S-Vector for Web Applications Security Management, Proc. First ACM Workshop on Business Driven Security Engineering (SDSE ’03), October 2003, 5 page poster paper.

 

P. Liu and P. Pal (Eds.), Proc. First ACM Workshop on Survivable and Self-Regenerative Systems, ACM Press, 2003, ACM ISBN: 1-58113-784-2/03/0010.

 

V. Atluri and P. Liu (Eds.), 10th ACM Proceedings on Computer and Communications Security, ACM Press, 2003, ISBN: 1-58113-738-9

 

Amit Chetal, Trust-Based Secure Info Sharing Between Federal Government Agencies, MS Thesis, Cyber Security Group, 2003

 

2002

 

BOOK

(Book) P. Liu, S. Jajodia, Trusted Recovery and Defensive Information Warfare, Monograph, Kluwer Academic Publishers, 2002. ISBN 0-7923-7572-6

 

TKDE

P. Ammann, S. Jajodia, P. Liu, Recovery from Malicious Transactions, IEEE Transactions on Knowledge and Data Engineering, Vol. 15, No. 5, September 2002, pages 1167-1185. [PDF]

ACSAC

P. Liu, Architectures for Intrusion Tolerant Database Systems, Proc. 18th Annual Computer Security Applications Conference (ACSAC ’02), Dec 2002, acceptance ratio 32%, pages 311-320. [PDF]

 

P. Liu, Y. Wang, The Design and Implementation of a Multiphase Database Damage Confinement System, Proc. 16th IFIP Working Conf. on Data and Applications Security (DBSEC ’02), July 2002. [PDF]
 

P. Luenam, P. Liu, The Design of an Adaptive Intrusion Tolerant Database System, Proc. IEEE Workshop on Intrusion Tolerant Systems (ITS ’02) June 2002. [PDF

 

P. Liu, S. Jajodia, P. Ammann, J. Li, Can-Follow Concurrency Control, Proc. 2002 IASTED Int’l Conf. on Networks, Parallel and Distributed Processing, and Applications (NPDPA ’02), Japan, Oct 2002 [Postscript]

P. Liu, L. Li, A Game Theoretic Approach to Attack Prediction, Technical Report, Cyber Security Group, 2002. [PDF]

 

P. Liu, Engineering a Distributed Intrusion Tolerant Database System, DARPA OASIS Final Technical Report, 2002.

 

2001

 

CSF

P. Liu, S. Jajodia, Multi-Phase Damage Confinement in Database Systems for Intrusion Tolerance, Proc. 14th IEEE Computer Security Foundations Workshop (CSFW ’01)), June 2001, pages 191-205. [PDF]

ACSAC

P. Liu, DAIS: A Real-Time Data Attack Isolation System for Commercial Database Applications, Proc. 17th Annual Computer Security Applications Conference (ACSAC ’01), Dec 2001, pages 219-229.  [PDF

 

 

Peng Liu, Xu Hao, Efficient Damage Assessment and Repair in Resilient Distributed Database Systems, Proc. 15th IFIP WG 11.3 Working Conference on Data and Applications Security (DBSEC ’01),   July 2001. [Postscript]
 

P. Luenam, P. Liu, ODAR: An On-the-fly Damage Assessment and Repair System for Commercial Database Applications, Proc. 15th IFIP WG 11.3 Working Conference on Data and Application Security (DBSEC ’01), July 2001. [PDF]

 

2000

 

JCS

P. Liu, S. Jajodia, C. D. McCollum, Intrusion Confinement by Isolation in Information Systems, Journal of Computer Security, Vol. 8, No. 4, pages 243-279. [PDF]

 

DSS

P. Liu, P. Ning, S. Jajodia, Avoiding Loss of Fairness Owing to Failures in Fair Data Exchange Systems, Decision Support Systems, Vol. 31, No. 3, 2001, pages 337-350. [PDF]

 

DPDB

P. Liu, P. Ammann, S. Jajodia, Rewriting Histories: Recovering From Malicious Transactions, Distributed and Parallel Databases, Vol. 8, No. 1, January 2000, pages 7-40. [PDF]

 

 

Peng Liu, Peng Ning, Sushil Jajodia, Avoiding Loss of Fairness Owing to Process Crashes in Fair Data Exchange Protocols, Proc. IEEE International Conference on Dependable Systems and Networks (DSN ’00), Workshop on Dependability Despite Malicious Faults, June 2000, pages 631-640.

 

Peng Liu, General Design of ItDBMS, Technical Report, 2000.

 

1999

 

ICDCS

P. Liu, P. Ammann, S. Jajodia, Incorporating Transaction Semantics to Reduce Reprocessing Overhead in Replicated Mobile Data Applications, Proc. 19th IEEE International Conference on Distributed Computing Systems (ICDCS ’99), June 1999, pages 414-423. [PDF]

 

THESIS

Peng Liu, Trusted Recovery from Malicious Attacks, PhD Dissertation, June 1999.

 

 

Paul Ammann, Sushil Jajodia, Peng Liu, A fault tolerance approach to survivability, in Computer Security, Dependability, and Assurance: From Needs to Solutions, P. Ammann, B. H. Barnes, S. Jajodia, E. H. Sibley (eds.), IEEE Computer Society Press, 1999

 

P. Liu, S. Jajodia, C. D. McCollum, Intrusion Confinement by Isolation in Information Systems, Proc. IFIP WG 11.3 13th Working Conference on Database Security (DESEC ’99), July 1999. 

 

S. Jajodia, P. Ammann, P. Liu, A Fault Tolerance Approach to Survivability, Proc. IST 4th Symposium on Protecting NATO Information Systems (NATO Security ’99), Oct 1999, pages 20-1 to 20-7

 

-1998

 

ACSAC

S. Jajodia, P. Liu, C. D. McCollum, Application Level Isolation to Cope with Malicious Database Users, Proc. 14th Annual Computer Security Applications Conference (ACSAC ’98), December 1998, pages 73-82.  

 

 

Peng Liu, Semantic Views of Multilevel Secure Relational Data Models, Technical Report, George Mason University, 1997.

 

Peng Liu, SDB2: A Secure Client-Server Database System Prototype, Master Thesis, University of Science and Technology of China, 1996.

 

Jiwu Jing, Peng Liu, IsData: A Secure Networked Management Information System Architecture, IDG Computer World Newspaper, 1995. Invited paper.

 

Jiwu Jing, Peng Liu, Threats of Virus to Networked Management Information Systems, IDG Computer World Newspaper, 1995. Invited paper.

 

Peng Liu, Yinxia Dai, Shuwang Lu, Secure Multimedia Data Communications, Proc. 2nd Chinese Annual Conference on Multimedia (Chinese Multimedia ’93), September, 1993.

 

Peng Liu, A Neural Network Approach to Information Management and Decision Support  Expert Systems, BS Thesis, University of Science and Technology of China, 1993.