Publications
2025
CISAF: A Framework for Estimating the Security Posture of Academic and Research Cyberinfrastructure
arXiv preprint arXiv:2509.00266, 2025
Data Flows in You: Benchmarking and Improving Static Data-flow Analysis on Binary Executables
arXiv preprint arXiv:2506.00313, 2025
Unmasking the Internet: A Survey of Fine-Grained Network Traffic Analysis
IEEE Communications Surveys & Tutorials, 2025
Navigating Social Media Privacy: Awareness, Preferences, and Discoverability
Proceedings on Privacy Enhancing Technologies, 2025
2024
BinHunter: A Fine-Grained Graph Representation for Localizing Vulnerabilities in Binary Executables*
2024 Annual Computer Security Applications Conference (ACSAC), 1062-1074, 2024
2023
CICI: RSSD: DISCERN: Datasets to Illuminate Suspicious Computations on Engineering Research Networks
NSF Award Number 2319864. Directorate for Computer and Information Science …, 2023
Prediction of network events via rule set representations of machine learning models
US Patent 11,669,751, 2023
Leader: Defense Against Exploit-Based Denial-of-Service Attacks on Web Applications
Proceedings of the 26th International Symposium on Research in Attacks …, 2023
Research Infrastructure: Mid-scale RI-1 (M1: IP): SPHERE-Security and Privacy Heterogeneous Environment for Reproducible Experimentation
NSF Award Number 2330066. Directorate for Computer and Information Science …, 2023
Practical intent-driven routing configuration synthesis
20th USENIX Symposium on Networked Systems Design and Implementation (NSDI …, 2023
2022
“Free” as in Freedom to Protest?
IEEE Security & Privacy 20 (5), 16-21, 2022
Measuring changes in regional network traffic due to covid-19 stay-at-home measures
arXiv preprint arXiv:2203.00742, 2022
Understanding DNS Query Composition at B-Root
2022 IEEE/ACM International Conference on Big Data Computing, Applications …, 2022
AMON-SENSS: Scalable and Accurate Detection of Volumetric DDoS Attacks at ISPs
GLOBECOM 2022-2022 IEEE Global Communications Conference, 3399-3404, 2022
Detection of Sparse Anomalies in High-Dimensional Network Telescope Signals
arXiv preprint arXiv:2211.04918, 2022
Did your child get disturbed by an inappropriate advertisement on YouTube?
arXiv preprint arXiv:2211.02356, 2022
Xatu: Boosting existing DDoS detection systems using auxiliary signals
Proceedings of the 18th International Conference on emerging Networking …, 2022
Harm-DoS: Hash Algorithm Replacement for Mitigating Denial-of-Service Vulnerabilities in Binary Executables
Proceedings of the 25th International Symposium on Research in Attacks …, 2022
Polymorphic malware behavior through network trace analysis
2022 14th International Conference on COMmunication Systems & NETworkS …, 2022
I know what you did on Venmo: Discovering privacy leaks in mobile social payments
Proceedings on Privacy Enhancing Technologies, 2022
2021
User experiences on network testbeds
Proceedings of the 14th Cyber Security Experimentation and Test Workshop, 72-82, 2021
Defending Web Servers Against Flash Crowd Attacks
Applied Cryptography and Network Security: 19th International Conference …, 2021
REU Site: SURF-I: Safe, Usable, Resilient and Fair Internet
NSF Award Number 2051101. Directorate for Computer and Information Science …, 2021
Collaborative DoS Defenses
Encyclopedia of Cryptography, Security and Privacy, 1-5, 2021
CCRI: NEW: CLASSNET: Community Labeling and Sharing of Security and Networking Test datasets
NSF Award Number 2120400. Directorate for Computer and Information Science …, 2021
Malware behavior through network trace analysis
Selected Papers from the 12th International Networking Conference: INC 2020 …, 2021
2020
An experimental approach for estimating cyber risk: a proposal building upon cyber ranges and capture the flags
2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), 56-65, 2020
Quantifying cloud misbehavior
2020 IEEE 9th International Conference on Cloud Networking (CloudNet), 1-8, 2020
Quantifying the impact of blocklisting in the age of address reuse
Proceedings of the ACM Internet Measurement Conference, 360-369, 2020
CCRI: ENS: Modernizing and Streamlining DeterLab Testbed Experimentation
NSF Award Number 2016643. Directorate for Computer and Information Science …, 2020
Using Terminal Histories to Monitor Student Progress on Hands-on Exercises
Proceedings of Special Interest Group on Computer Science Education …, 2020
2019
Using episodic memory for user authentication
ACM Transactions on Privacy and Security (TOPS) 22 (2), 1-34, 2019
Designing for fallible humans
2019 IEEE 5th International Conference on Collaboration and Internet …, 2019
Measuring student learning on network testbeds
2019 IEEE 27th International Conference on Network Protocols (ICNP), 1-2, 2019
2018
GuidedPass: Helping Users to Create
Research in Attacks, Intrusions, and Defenses: 21st International Symposium …, 2018
SaTC: CORE: Small: Hardening Systems Against Low-Rate DDoS Attacks
NSF Award Number 1815495. Directorate for Computer and Information Science …, 2018
Leveraging semantic transformation to investigate password habits and their causes
Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems …, 2018
SENSS against volumetric DDoS attacks
Proceedings of the 34th Annual Computer Security Applications Conference …, 2018
Elements: Software: Distributed Workflows for Cyberexperimentation
NSF Award Number 1835608. Directorate for Computer and Information Science …, 2018
Memorablity and security of different passphrase generation methods
정보보호학회지 28 (1), 29-35, 2018
Blacklists assemble: Aggregating blacklists for accuracy
Technical Report ISI-TR-730. Information Sciences Institute, 2018
GuidedPass: Helping Users to Create Strong and Memorable Passwords
Research in Attacks, Intrusions, and Defenses: 21st International Symposium …, 2018
DEW: Distributed Experiment Workflows
Cyber Security Experimentation and Test (CSET), 2018
Malware analysis through high-level behavior
11th USENIX Workshop on Cyber Security Experimentation and Test (CSET 18), 2018
2017
REU Site: Human Communication in a Connected World
NSF Award Number 1659886. Directorate for Computer and Information Science …, 2017
Collaborative Research: Modeling Student Activity and Learning on Cybersecurity Testbeds
NSF Award Number 1723717. Directorate for STEM Education 17 (1723717), 23717, 2017
Hiding debuggers from malware with apate
Proceedings of the Symposium on Applied Computing, 1703-1710, 2017
Enabling SDN experimentation in network testbeds
Proceedings of the ACM International Workshop on Security in Software …, 2017
Handling anti-virtual machine techniques in malicious software
ACM Transactions on Privacy and Security (TOPS) 21 (1), 1-31, 2017
Commoner privacy and a study on network traces
Proceedings of the 33rd Annual Computer Security Applications Conference …, 2017
Understanding {Malware’s} Network Behaviors using Fantasm
The LASER Workshop: Learning from Authoritative Security Experiment Results …, 2017
2016
Good Automatic Authentication Question Generation
The 9th International Natural Language Generation conference, 203, 2016
Improving recall and security of passphrases through use of mnemonics
Proceedings of the 10th International Conference on Passwords (Passwords), 2016
How users choose and reuse passwords
Information Sciences Institute, 2016
2015
Evaluating cybersecurity education interventions: Three case studies
IEEE Security & Privacy 13 (3), 63-69, 2015
Expressing Different Traffic Models Using The LegoTG Framework
2015 IEEE 35th International Conference on Distributed Computing Systems …, 2015
Evaluation theory and practice applied to cybersecurity education
IEEE Security & Privacy 13 (2), 75-80, 2015
Passive and Active Measurement
Springer, 2015
Engaging novices in cybersecurity competitions: A vision and lessons learned at {ACM} Tapia 2015
2015 USENIX Summit on Gaming, Games, and Gamification in Security Education …, 2015
2014
EDU: Revitalizing Cyber Security Education and Research through Competitions
NSF Award Number 1319197. Directorate for STEM Education 13 (1319197), 19197, 2014
SENSS: observe and control your own traffic in the Internet
Proceedings of the 2014 ACM conference on SIGCOMM, 349-350, 2014
Life-Experience Passwords (LEPs)
Symposium on Usable Privacy and Security (SOUPS), 2014
Optimal Application Allocation on Multiple Public Clouds
Computer Networks, 2014
Critter: Content-rich traffic trace repository
Proceedings of the 2014 ACM Workshop on Information Sharing & Collaborative …, 2014
SENSS: Software Defined Security Service
Presented as part of the Open Networking Summit 2014 (ONS 2014), 2014
Cardinal pill testing of system virtual machines
23rd USENIX Security Symposium (USENIX Security 14), 271-285, 2014
Safe and automated live malware experimentation on public testbeds
7th Workshop on Cyber Security Experimentation and Test (CSET 14), 2014
Class Capture-the-Flag Exercises
2014 USENIX Summit on Gaming, Games, and Gamification in Security Education …, 2014
2013
TWC: Option: Small: FRADE: Model Human Behavior for Flash cRowd Attack DEfense
NSF Award Number 1319215. Directorate for Computer and Information Science …, 2013
2012
TWC: Small: Critter@ home: Content-Rich Traffic Trace Repository from Real-Time, Anonymous, User Contributions
NSF Award Number 1224035. Directorate for Computer and Information Science …, 2012
Beyond Disk Imaging for Preserving User State in Network Testbeds
Proceedings of the 5th USENIX conference on Cyber Security Experimentation …, 2012
2011
SDCI Sec: Traffic modeling and generation with custom fidelity for cyber security experimentation
NSF Award Number 1127388. Directorate for Computer and Information Science …, 2011
Comparative Evaluation of Spoofing Defenses
Proceedings of IEEE Transactions on Dependable and Secure Computing, 218-232, 2011
Teaching Security With Network Testbeds
ACM Sigcomm Educational Workshop, 2011
2010
Investigating Network Testbed Usage
NSF Award Number 1049758. Directorate for Computer and Information Science …, 2010
The DETER project: Advancing the science of cyber security experimentation and test
Technologies for Homeland Security (HST) IEEE International Conference …, 2010
Dadl: Distributed application description language
USC/ISI Technical Report# ISI-TR-664, 2010
2009
Collaborative research: Hands-on exercises on DETER testbed for security education
NSF Award Number 0920719. Directorate for STEM Education 9 (920719), 20719, 2009
TC: Small: Privacy-safe sharing of network data via secure queries (PSEQ)
NSF Award Number 0914780. Directorate for Computer and Information Science …, 2009
Modeling human behavior for defense against flash-crowd attacks
2009 IEEE International Conference on Communications, 1-6, 2009
How to test DoS defenses
Proceedings of the 2009 Cybersecurity Applications & Technology Conference …, 2009
Current developments in DETER cybersecurity testbed technology
2009 Cybersecurity Applications & Technology Conference for Homeland …, 2009
Comparative evaluation of spoofing defenses
IEEE Transactions on Dependable and Secure Computing 8 (2), 218-232, 2009
2008
Combining speak-up with DefCOM for improved DDoS defense
2008 IEEE International Conference on Communications, 1708-1714, 2008
Learning the valid incoming direction of IP packets
Computer Networks 52 (2), 399-417, 2008
CRI: CRD: iSim-Simulator of Internet-Scale Events
NSF Award Number 0836531. Directorate for Computer and Information Science …, 2008
Privacy-safe network trace sharing via secure queries
Proceedings of the 1st ACM workshop on Network data anonymization, 3-10, 2008
Correcting congestion-based error in network telescope's observations of worm dynamics
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement, 125-130, 2008
Building accountability into the future Internet
2008 4th Workshop on Secure Network Protocols, 45-51, 2008
2007
CRI: CRD: iSim-Simulator of Internet-Scale Events
NSF Award Number 0708744. Directorate for Computer and Information Science …, 2007
CT-ISG: Collaborative research: Enabling Routers to Detect and Filter Spoofed Traffic
NSF Award Number 0823121. Directorate for Computer and Information Science …, 2007
Automating ddos experimentation
Proc. of the DETER Community Workshop on Cyber Security Experimentation and …, 2007
Fine-grained capabilities for flooding DDoS defense using client reputations
Proceedings of the 2007 workshop on Large scale attack defense, 105-112, 2007
Building reputations for internet clients
Electronic Notes in Theoretical Computer Science 179, 17-30, 2007
2006
Profiling and Clustering Internet Hosts.
DMIN 6, 269-75, 2006
A Practical IP Spoofing Defense Through Route-Based Filtering
University of Delaware CIS Department Technical Report CIS-TR-2006-332, 2006
A framework for a collaborative DDoS defense
Computer Security Applications Conference. ACSAC'06. 22nd Annual, 33-42, 2006
Benchmarks for DDoS defense evaluation
MILCOM 2006-2006 IEEE Military Communications conference, 1-10, 2006
A realistic simulation of internet-scale events
Proceedings of the 1st international conference on Performance evaluation …, 2006
2005
D-WARD: a source-end defense against flooding denial-of-service attacks
IEEE transactions on Dependable and Secure Computing 2 (3), 216-232, 2005
Distributed worm simulation with a realistic internet model
Proceedings of the 19th Workshop on Principles of Advanced and Distributed …, 2005
Distributed defense against DDOS attacks
University of Delaware CIS Department Technical Report CIS-TR-2005-02, 2005
2004
A taxonomy of DDoS attacks and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review 34 (2), 39-53, 2004
Internet Denial of Service: Attack and Defense Mechanisms
Pearson Education, 2004
Internet denial of service: attack and defense mechanisms (Radia Perlman Computer Networking and Security)
Prentice Hall PTR, 2004
2003
Alliance formation for DDoS defense
Proceedings of the 2003 workshop on New security paradigms, 11-18, 2003
D-WARD: DDoS network attack recognition and defence
Ph. D. thesis, Computer Science Department, University of California, Los …, 2003
DefCOM: defensive cooperative overlay mesh
DARPA Information Survivability Conference and Exposition. Proceedings …, 2003
Source-end DDoS defense
Second IEEE International Symposium on Network Computing and Applications …, 2003
Implementing address assurance in the intel ixp
Western Network Processors Conference, 2003
D-WARD: source-end defense against distributed denial-of-service attacks
University of California, Los Angeles, 2003
2002
SAVE: Source address validity enforcement protocol
Proceedings. Twenty-First Annual Joint Conference of the IEEE Computer and …, 2002
Attacking DDoS at the source
Proceedings of the 10th IEEE International Conference on Network Protocols, 2002
Attacking ddos at the source
Proc. of the 10th IEEE International Conference on Network Protocols, 312-321, 2002
Implementing Address Assurance in the Intel IXP Router
Western Network Processors Conference, 2002
iSAVE: incrementally deployable source address validation
UCLA tech report, 2002
2001
A self-organizing approach to data forwarding in large-scale sensor networks
ICC 2001. IEEE International Conference on Communications. Conference Record …, 2001
Research and development in e-business on the Internet
Proceedings of the 34th Annual Hawaii International Conference on System …, 2001
A Source Router Approach to DDoS Defense
Proceeding of USENIX Security Symposium, 2001
2000
Genetic search based on multiple mutations
Computer 33 (11), 118-119, 2000
1999
Genetic algorithms for intelligent internet search: a survey and a package for experimenting with various locality types
IEEE TCCA Newsletter, 118-119, 1999
A NEW PROBABILISTIC APPROACH TO CONGESTION CONTROL IN COMMUNICATION NETWORKS
PROCEEDINGS OF THE ANNUAL ALLERTON CONFERENCE ON COMMUNICATION CONTROL AND …, 1999