2023

• E. Choo, M. Nabeel, M. Alsabah, I. Khalil, T. Yu, and W. Wang, “DeviceWatch: A Data-Driven Network Analysis Approach to Identifying Compromised Mobile Devices with Graph-Inference,” Acm transactions on privacy and security, vol. 26, iss. 1, p. 1–32, 2023. doi:10.1145/3558767
  [BibTeX] [Abstract] [Download PDF]

  We propose to identify compromised mobile devices from a network administrator’s point of view. Intuitively, inadvertent users (and thus their devices) who download apps through untrustworthy markets are often lured to install malicious apps through in-app advertisements or phishing. We thus hypothesize that devices sharing similar apps would have a similar likelihood of being compromised, resulting in an association between a compromised device and its apps. We propose to leverage such associations to identify unknown compromised devices using the guilt-by-association principle. Admittedly, such associations could be relatively weak as it is hard, if not impossible, for an app to automatically download and install other apps without explicit user initiation. We describe how we can magnify such associations by carefully choosing parameters when applying graph-based inferences. We empirically evaluate the effectiveness of our approach on real datasets provided by a major mobile service provider. Specifically, we show that our approach achieves nearly 98\% AUC (area under the ROC curve) and further detects as many as 6 {\textasciitilde} 7 times of new compromised devices not covered by the ground truth by expanding the limited knowledge on known devices. We show that the newly detected devices indeed present undesirable behavior in terms of leaking private information and accessing risky IPs and domains. We further conduct in-depth analysis of the effectiveness of graph inferences to understand the unique structure of the associations between mobile devices and their apps, and its impact on graph inferences, based on which we propose how to choose key parameters.

  @article{choo_devicewatch:_2023,
  title = {{DeviceWatch}: {A} {Data}-{Driven} {Network} {Analysis} {Approach} to {Identifying} {Compromised} {Mobile} {Devices} with {Graph}-{Inference}},
  volume = {26},
  issn = {2471-2566, 2471-2574},
  shorttitle = {{DeviceWatch}},
  url = {https://dl.acm.org/doi/10.1145/3558767},
  doi = {10.1145/3558767},
  abstract = {We propose to identify compromised mobile devices from a network administrator’s point of view. Intuitively, inadvertent users (and thus their devices) who download apps through untrustworthy markets are often lured to install malicious apps through in-app advertisements or phishing. We thus hypothesize that devices sharing similar apps would have a similar likelihood of being compromised, resulting in an association between a compromised device and its apps. We propose to leverage such associations to identify unknown compromised devices using the guilt-by-association principle. Admittedly, such associations could be relatively weak as it is hard, if not impossible, for an app to automatically download and install other apps without explicit user initiation. We describe how we can magnify such associations by carefully choosing parameters when applying graph-based inferences. We empirically evaluate the effectiveness of our approach on real datasets provided by a major mobile service provider. Specifically, we show that our approach achieves nearly 98\%
  AUC (area under the ROC curve)
  and further detects as many as 6 {\textasciitilde} 7 times of new compromised devices not covered by the ground truth by expanding the limited knowledge on known devices. We show that the newly detected devices indeed present undesirable behavior in terms of leaking private information and accessing risky IPs and domains. We further conduct in-depth analysis of the effectiveness of graph inferences to understand the unique structure of the associations between mobile devices and their apps, and its impact on graph inferences, based on which we propose how to choose key parameters.},
  language = {en},
  number = {1},
  urldate = {2023-03-26},
  journal = {ACM Transactions on Privacy and Security},
  author = {Choo, Euijin and Nabeel, Mohamed and Alsabah, Mashael and Khalil, Issa and Yu, Ting and Wang, Wei},
  month = feb,
  year = {2023},
  pages = {1--32},
  }

2022

• Y. Shen, Y. Han, Z. Zhang, M. Chen, T. Yu, M. Backes, Y. Zhang, and G. Stringhini, “Finding MNEMON: Reviving Memories of Node Embeddings,” in Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, Los Angeles CA USA, 2022, p. 2643–2657. doi:10.1145/3548606.3559358
  [BibTeX] [Download PDF]

  @inproceedings{shen_finding_2022,
  address = {Los Angeles CA USA},
  title = {Finding {MNEMON}: {Reviving} {Memories} of {Node} {Embeddings}},
  isbn = {9781450394505},
  shorttitle = {Finding {MNEMON}},
  url = {https://dl.acm.org/doi/10.1145/3548606.3559358},
  doi = {10.1145/3548606.3559358},
  language = {en},
  urldate = {2023-03-26},
  booktitle = {Proceedings of the 2022 {ACM} {SIGSAC} {Conference} on {Computer} and {Communications} {Security}},
  publisher = {ACM},
  author = {Shen, Yun and Han, Yufei and Zhang, Zhikun and Chen, Min and Yu, Ting and Backes, Michael and Zhang, Yang and Stringhini, Gianluca},
  month = nov,
  year = {2022},
  pages = {2643--2657},
  }

• M. AlSabah, M. Nabeel, Y. Boshmaf, and E. Choo, “Content-Agnostic Detection of Phishing Domains using Certificate Transparency and Passive DNS,” in 25th International Symposium on Research in Attacks, Intrusions and Defenses, Limassol Cyprus, 2022, p. 446–459. doi:10.1145/3545948.3545958
  [BibTeX] [Download PDF]

  @inproceedings{alsabah_content-agnostic_2022,
  address = {Limassol Cyprus},
  title = {Content-{Agnostic} {Detection} of {Phishing} {Domains} using {Certificate} {Transparency} and {Passive} {DNS}},
  isbn = {9781450397049},
  url = {https://dl.acm.org/doi/10.1145/3545948.3545958},
  doi = {10.1145/3545948.3545958},
  language = {en},
  urldate = {2023-03-26},
  booktitle = {25th {International} {Symposium} on {Research} in {Attacks}, {Intrusions} and {Defenses}},
  publisher = {ACM},
  author = {AlSabah, Mashael and Nabeel, Mohamed and Boshmaf, Yazan and Choo, Euijin},
  month = oct,
  year = {2022},
  pages = {446--459},
  }

• E. Altinisik, H. T. Sencar, and D. Tabaa, Video Source Characterization Using Encoding and Encapsulation CharacteristicsArxiv, 2022.
  [BibTeX] [Abstract] [Download PDF]

  We introduce a new method for camera-model identification. Our approach combines two independent aspects of video file generation corresponding to video coding and media data encapsulation. To this end, a joint representation of the overall file metadata is developed and used in conjunction with a two-level hierarchical classification method. At the first level, our method groups videos into metaclasses considering several abstractions that represent high-level structural properties of file metadata. This is followed by a more nuanced classification of classes that comprise each metaclass. The method is evaluated on more than 20K videos obtained by combining four public video datasets. Tests show that a balanced accuracy of 91\% is achieved in correctly identifying the class of a video among 119 video classes. This corresponds to an improvement of 6.5\% over the conventional approach based on video file encapsulation characteristics. Furthermore, we investigate a setting relevant to forensic file recovery operations where file metadata cannot be located or are missing but video data is partially available. By estimating a partial list of encoding parameters from coded video data, we demonstrate that an identification accuracy of 57\% can be achieved in camera-model identification in the absence of any other file metadata.

  @misc{altinisik_video_2022-1,
  title = {Video {Source} {Characterization} {Using} {Encoding} and {Encapsulation} {Characteristics}},
  url = {http://arxiv.org/abs/2201.02949},
  abstract = {We introduce a new method for camera-model identification. Our approach combines two independent aspects of video file generation corresponding to video coding and media data encapsulation. To this end, a joint representation of the overall file metadata is developed and used in conjunction with a two-level hierarchical classification method. At the first level, our method groups videos into metaclasses considering several abstractions that represent high-level structural properties of file metadata. This is followed by a more nuanced classification of classes that comprise each metaclass. The method is evaluated on more than 20K videos obtained by combining four public video datasets. Tests show that a balanced accuracy of 91\% is achieved in correctly identifying the class of a video among 119 video classes. This corresponds to an improvement of 6.5\% over the conventional approach based on video file encapsulation characteristics. Furthermore, we investigate a setting relevant to forensic file recovery operations where file metadata cannot be located or are missing but video data is partially available. By estimating a partial list of encoding parameters from coded video data, we demonstrate that an identification accuracy of 57\% can be achieved in camera-model identification in the absence of any other file metadata.},
  urldate = {2023-03-26},
  publisher = {arXiv},
  author = {Altinisik, Enes and Sencar, Husrev Taha and Tabaa, Diram},
  month = aug,
  year = {2022},
  note = {arXiv:2201.02949 [cs]},
  keywords = {Computer Science - Cryptography and Security, Computer Science - Multimedia},
  }

• M. Abdallah, D. Woods, P. Naghizadeh, I. Khalil, T. Cason, S. Sundaram, and S. Bagchi, “TASHAROK: Using Mechanism Design for Enhancing Security Resource Allocation in Interdependent Systems,” in 2022 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 2022, p. 249–266. doi:10.1109/SP46214.2022.9833591
  [BibTeX] [Download PDF]

  @inproceedings{abdallah_tasharok:_2022,
  address = {San Francisco, CA, USA},
  title = {{TASHAROK}: {Using} {Mechanism} {Design} for {Enhancing} {Security} {Resource} {Allocation} in {Interdependent} {Systems}},
  isbn = {9781665413169},
  shorttitle = {{TASHAROK}},
  url = {https://ieeexplore.ieee.org/document/9833591/},
  doi = {10.1109/SP46214.2022.9833591},
  urldate = {2023-03-23},
  booktitle = {2022 {IEEE} {Symposium} on {Security} and {Privacy} ({SP})},
  publisher = {IEEE},
  author = {Abdallah, Mustafa and Woods, Daniel and Naghizadeh, Parinaz and Khalil, Issa and Cason, Timothy and Sundaram, Shreyas and Bagchi, Saurabh},
  month = may,
  year = {2022},
  pages = {249--266},
  }

• S. Thirumuruganathan, M. Nabeel, E. Choo, I. Khalil, and T. Yu, “SIRAJ: A Unified Framework for Aggregation of Malicious Entity Detectors,” in 2022 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 2022, p. 507–521. doi:10.1109/SP46214.2022.9833725
  [BibTeX] [Download PDF]

  @inproceedings{thirumuruganathan_siraj:_2022,
  address = {San Francisco, CA, USA},
  title = {{SIRAJ}: {A} {Unified} {Framework} for {Aggregation} of {Malicious} {Entity} {Detectors}},
  isbn = {9781665413169},
  shorttitle = {{SIRAJ}},
  url = {https://ieeexplore.ieee.org/document/9833725/},
  doi = {10.1109/SP46214.2022.9833725},
  urldate = {2023-03-26},
  booktitle = {2022 {IEEE} {Symposium} on {Security} and {Privacy} ({SP})},
  publisher = {IEEE},
  author = {Thirumuruganathan, Saravanan and Nabeel, Mohamed and Choo, Euijin and Khalil, Issa and Yu, Ting},
  month = may,
  year = {2022},
  pages = {507--521},
  }

• P. Dodia, M. AlSabah, O. Alrawi, and T. Wang, “Exposing the Rat in the Tunnel: Using Traffic Analysis for Tor-based Malware Detection,” in Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, Los Angeles CA USA, 2022, p. 875–889. doi:10.1145/3548606.3560604
  [BibTeX] [Download PDF]

  @inproceedings{dodia_exposing_2022,
  address = {Los Angeles CA USA},
  title = {Exposing the {Rat} in the {Tunnel}: {Using} {Traffic} {Analysis} for {Tor}-based {Malware} {Detection}},
  isbn = {9781450394505},
  shorttitle = {Exposing the {Rat} in the {Tunnel}},
  url = {https://dl.acm.org/doi/10.1145/3548606.3560604},
  doi = {10.1145/3548606.3560604},
  language = {en},
  urldate = {2023-03-22},
  booktitle = {Proceedings of the 2022 {ACM} {SIGSAC} {Conference} on {Computer} and {Communications} {Security}},
  publisher = {ACM},
  author = {Dodia, Priyanka and AlSabah, Mashael and Alrawi, Omar and Wang, Tao},
  month = nov,
  year = {2022},
  pages = {875--889},
  }

• S. Vidyakeerthi, M. Nabeel, C. Elvitigala, and C. Keppitiyagama, “Demo: PhishChain: A Decentralized and Transparent System to Blacklist Phishing URLs,” in Companion Proceedings of the Web Conference 2022, Virtual Event, Lyon France, 2022, p. 286–289. doi:10.1145/3487553.3524235
  [BibTeX] [Download PDF]

  @inproceedings{vidyakeerthi_demo:_2022,
  address = {Virtual Event, Lyon France},
  title = {Demo: {PhishChain}: {A} {Decentralized} and {Transparent} {System} to {Blacklist} {Phishing} {URLs}},
  isbn = {9781450391306},
  shorttitle = {Demo},
  url = {https://dl.acm.org/doi/10.1145/3487553.3524235},
  doi = {10.1145/3487553.3524235},
  language = {en},
  urldate = {2023-03-26},
  booktitle = {Companion {Proceedings} of the {Web} {Conference} 2022},
  publisher = {ACM},
  author = {Vidyakeerthi, Shehan and Nabeel, Mohamed and Elvitigala, Charith and Keppitiyagama, Chamath},
  month = apr,
  year = {2022},
  pages = {286--289},
  }

• E. Altinisik, H. T. Sencar, and D. Tabaa, Video Source Characterization Using Encoding and Encapsulation CharacteristicsArxiv, 2022.
  [BibTeX] [Abstract] [Download PDF]

  We introduce a new method for camera-model identification. Our approach combines two independent aspects of video file generation corresponding to video coding and media data encapsulation. To this end, a joint representation of the overall file metadata is developed and used in conjunction with a two-level hierarchical classification method. At the first level, our method groups videos into metaclasses considering several abstractions that represent high-level structural properties of file metadata. This is followed by a more nuanced classification of classes that comprise each metaclass. The method is evaluated on more than 20K videos obtained by combining four public video datasets. Tests show that a balanced accuracy of 91\% is achieved in correctly identifying the class of a video among 119 video classes. This corresponds to an improvement of 6.5\% over the conventional approach based on video file encapsulation characteristics. Furthermore, we investigate a setting relevant to forensic file recovery operations where file metadata cannot be located or are missing but video data is partially available. By estimating a partial list of encoding parameters from coded video data, we demonstrate that an identification accuracy of 57\% can be achieved in camera-model identification in the absence of any other file metadata.

  @misc{altinisik_video_2022,
  title = {Video {Source} {Characterization} {Using} {Encoding} and {Encapsulation} {Characteristics}},
  url = {http://arxiv.org/abs/2201.02949},
  abstract = {We introduce a new method for camera-model identification. Our approach combines two independent aspects of video file generation corresponding to video coding and media data encapsulation. To this end, a joint representation of the overall file metadata is developed and used in conjunction with a two-level hierarchical classification method. At the first level, our method groups videos into metaclasses considering several abstractions that represent high-level structural properties of file metadata. This is followed by a more nuanced classification of classes that comprise each metaclass. The method is evaluated on more than 20K videos obtained by combining four public video datasets. Tests show that a balanced accuracy of 91\% is achieved in correctly identifying the class of a video among 119 video classes. This corresponds to an improvement of 6.5\% over the conventional approach based on video file encapsulation characteristics. Furthermore, we investigate a setting relevant to forensic file recovery operations where file metadata cannot be located or are missing but video data is partially available. By estimating a partial list of encoding parameters from coded video data, we demonstrate that an identification accuracy of 57\% can be achieved in camera-model identification in the absence of any other file metadata.},
  urldate = {2023-03-26},
  publisher = {arXiv},
  author = {Altinisik, Enes and Sencar, Husrev Taha and Tabaa, Diram},
  month = aug,
  year = {2022},
  note = {arXiv:2201.02949 [cs]},
  keywords = {Computer Science - Cryptography and Security, Computer Science - Multimedia},
  }

• G. Liu, A. Khreishah, F. Sharadgah, and I. Khalil, “An Adaptive Black-Box Defense Against Trojan Attacks (TrojDef),” Ieee transactions on neural networks and learning systems, p. 1–15, 2022. doi:10.1109/TNNLS.2022.3204283
  [BibTeX] [Download PDF]

  @article{liu_adaptive_2022,
  title = {An {Adaptive} {Black}-{Box} {Defense} {Against} {Trojan} {Attacks} ({TrojDef})},
  issn = {2162-237X, 2162-2388},
  url = {https://ieeexplore.ieee.org/document/9970402/},
  doi = {10.1109/TNNLS.2022.3204283},
  urldate = {2023-03-26},
  journal = {IEEE Transactions on Neural Networks and Learning Systems},
  author = {Liu, Guanxiong and Khreishah, Abdallah and Sharadgah, Fatima and Khalil, Issa},
  year = {2022},
  pages = {1--15},
  }

• K. Tran, P. Lai, N. Phan, I. Khalil, Y. Ma, A. Khreishah, M. T. Thai, and X. Wu, “Heterogeneous Randomized Response for Differential Privacy in Graph Neural Networks,” in 2022 IEEE International Conference on Big Data (Big Data), Osaka, Japan, 2022, p. 1582–1587. doi:10.1109/BigData55660.2022.10020501
  [BibTeX] [Download PDF]

  @inproceedings{tran_heterogeneous_2022,
  address = {Osaka, Japan},
  title = {Heterogeneous {Randomized} {Response} for {Differential} {Privacy} in {Graph} {Neural} {Networks}},
  isbn = {9781665480451},
  url = {https://ieeexplore.ieee.org/document/10020501/},
  doi = {10.1109/BigData55660.2022.10020501},
  urldate = {2023-03-26},
  booktitle = {2022 {IEEE} {International} {Conference} on {Big} {Data} ({Big} {Data})},
  publisher = {IEEE},
  author = {Tran, Khang and Lai, Phung and Phan, NhatHai and Khalil, Issa and Ma, Yao and Khreishah, Abdallah and Thai, My T. and Wu, Xintao},
  month = dec,
  year = {2022},
  pages = {1582--1587},
  }

2021

• P. Xia, M. Nabeel, I. Khalil, H. Wang, and T. Yu, “Identifying and Characterizing COVID-19 Themed Malicious Domain Campaigns,” in Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy, Virtual Event USA, 2021, p. 209–220. doi:10.1145/3422337.3447840
  [BibTeX] [Download PDF]

  @inproceedings{xia_identifying_2021,
  address = {Virtual Event USA},
  title = {Identifying and {Characterizing} {COVID}-19 {Themed} {Malicious} {Domain} {Campaigns}},
  isbn = {9781450381437},
  url = {https://dl.acm.org/doi/10.1145/3422337.3447840},
  doi = {10.1145/3422337.3447840},
  language = {en},
  urldate = {2023-03-26},
  booktitle = {Proceedings of the {Eleventh} {ACM} {Conference} on {Data} and {Application} {Security} and {Privacy}},
  publisher = {ACM},
  author = {Xia, Pengcheng and Nabeel, Mohamed and Khalil, Issa and Wang, Haoyu and Yu, Ting},
  month = apr,
  year = {2021},
  pages = {209--220},
  }

• L. Yuan, E. Choo, T. Yu, I. Khalil, and S. Zhu, “Time-Window Based Group-Behavior Supported Method for Accurate Detection of Anomalous Users,” in 2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Taipei, Taiwan, 2021, p. 250–262. doi:10.1109/DSN48987.2021.00038
  [BibTeX] [Download PDF]

  @inproceedings{yuan_time-window_2021,
  address = {Taipei, Taiwan},
  title = {Time-{Window} {Based} {Group}-{Behavior} {Supported} {Method} for {Accurate} {Detection} of {Anomalous} {Users}},
  isbn = {9781665435727},
  url = {https://ieeexplore.ieee.org/document/9505123/},
  doi = {10.1109/DSN48987.2021.00038},
  urldate = {2023-03-23},
  booktitle = {2021 51st {Annual} {IEEE}/{IFIP} {International} {Conference} on {Dependable} {Systems} and {Networks} ({DSN})},
  publisher = {IEEE},
  author = {Yuan, Lun-Pin and Choo, Euijin and Yu, Ting and Khalil, Issa and Zhu, Sencun},
  month = jun,
  year = {2021},
  pages = {250--262},
  }

• M. Nabeel, E. Altinisik, H. Sun, I. Khalil, H. (. Wang, and T. Yu, “CADUE: Content-Agnostic Detection of Unwanted Emails for Enterprise Security,” in 24th International Symposium on Research in Attacks, Intrusions and Defenses, San Sebastian Spain, 2021, p. 205–219. doi:10.1145/3471621.3471862
  [BibTeX] [Download PDF]

  @inproceedings{nabeel_cadue:_2021,
  address = {San Sebastian Spain},
  title = {{CADUE}: {Content}-{Agnostic} {Detection} of {Unwanted} {Emails} for {Enterprise} {Security}},
  isbn = {9781450390583},
  shorttitle = {{CADUE}},
  url = {https://dl.acm.org/doi/10.1145/3471621.3471862},
  doi = {10.1145/3471621.3471862},
  language = {en},
  urldate = {2023-03-23},
  booktitle = {24th {International} {Symposium} on {Research} in {Attacks}, {Intrusions} and {Defenses}},
  publisher = {ACM},
  author = {Nabeel, Mohamed and Altinisik, Enes and Sun, Haipei and Khalil, Issa and Wang, Hui (Wendy) and Yu, Ting},
  month = oct,
  year = {2021},
  pages = {205--219},
  }

• M. Abdallah, D. Woods, P. Naghizadeh, I. Khalil, T. Cason, S. Sundaram, and S. Bagchi, “Morshed: Guiding Behavioral Decision-Makers towards Better Security Investment in Interdependent Systems,” in Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security, Virtual Event Hong Kong, 2021, p. 378–392. doi:10.1145/3433210.3437534
  [BibTeX] [Download PDF]

  @inproceedings{abdallah_morshed:_2021,
  address = {Virtual Event Hong Kong},
  title = {Morshed: {Guiding} {Behavioral} {Decision}-{Makers} towards {Better} {Security} {Investment} in {Interdependent} {Systems}},
  isbn = {9781450382878},
  shorttitle = {Morshed},
  url = {https://dl.acm.org/doi/10.1145/3433210.3437534},
  doi = {10.1145/3433210.3437534},
  language = {en},
  urldate = {2023-03-23},
  booktitle = {Proceedings of the 2021 {ACM} {Asia} {Conference} on {Computer} and {Communications} {Security}},
  publisher = {ACM},
  author = {Abdallah, Mustafa and Woods, Daniel and Naghizadeh, Parinaz and Khalil, Issa and Cason, Timothy and Sundaram, Shreyas and Bagchi, Saurabh},
  month = may,
  year = {2021},
  pages = {378--392},
  }

• N. He, R. Zhang, H. Wang, L. Wu, X. Luo, Y. Guo, T. Yu, and X. Jiang, “\EOSAFE\: Security Analysis of \EOSIO\ Smart Contracts.” 2021, p. 1271–1288.
  [BibTeX] [Download PDF]

  @inproceedings{he_eosafe:_2021,
  title = {\{{EOSAFE}\}: {Security} {Analysis} of \{{EOSIO}\} {Smart} {Contracts}},
  isbn = {9781939133243},
  shorttitle = {\{{EOSAFE}\}},
  url = {https://www.usenix.org/conference/usenixsecurity21/presentation/he-ningyu},
  language = {en},
  urldate = {2023-03-26},
  author = {He, Ningyu and Zhang, Ruiyi and Wang, Haoyu and Wu, Lei and Luo, Xiapu and Guo, Yao and Yu, Ting and Jiang, Xuxian},
  year = {2021},
  pages = {1271--1288},
  }

• E. Altinisik, K. Tasdemir, and H. T. Sencar, “PRNU Estimation from Encoded Videos Using Block-Based Weighting,” Electronic imaging, vol. 33, iss. 4, p. 338–1–338–7, 2021. doi:10.2352/ISSN.2470-1173.2021.4.MWSF-338
  [BibTeX] [Download PDF]

  @article{altinisik_prnu_2021,
  title = {{PRNU} {Estimation} from {Encoded} {Videos} {Using} {Block}-{Based} {Weighting}},
  volume = {33},
  issn = {2470-1173},
  url = {https://library.imaging.org/ei/articles/33/4/art00014},
  doi = {10.2352/ISSN.2470-1173.2021.4.MWSF-338},
  number = {4},
  urldate = {2023-03-26},
  journal = {Electronic Imaging},
  author = {Altinisik, Enes and Tasdemir, Kasim and Sencar, Hüsrev Taha},
  month = jan,
  year = {2021},
  pages = {338--1--338--7},
  }

• E. Altinisik and H. T. Sencar, “Source Camera Verification for Strongly Stabilized Videos,” Ieee transactions on information forensics and security, vol. 16, p. 643–657, 2021. doi:10.1109/TIFS.2020.3016830
  [BibTeX] [Download PDF]

  @article{altinisik_source_2021,
  title = {Source {Camera} {Verification} for {Strongly} {Stabilized} {Videos}},
  volume = {16},
  issn = {1556-6013, 1556-6021},
  url = {https://ieeexplore.ieee.org/document/9169924/},
  doi = {10.1109/TIFS.2020.3016830},
  urldate = {2023-03-26},
  journal = {IEEE Transactions on Information Forensics and Security},
  author = {Altinisik, Enes and Sencar, Husrev Taha},
  year = {2021},
  pages = {643--657},
  }

• E. Altinisik and H. T. Sencar, “Automatic Generation of H.264 Parameter Sets to Recover Video File Fragments,” Ieee transactions on information forensics and security, vol. 16, p. 4857–4868, 2021. doi:10.1109/TIFS.2021.3118876
  [BibTeX] [Download PDF]

  @article{altinisik_automatic_2021,
  title = {Automatic {Generation} of {H}.264 {Parameter} {Sets} to {Recover} {Video} {File} {Fragments}},
  volume = {16},
  issn = {1556-6013, 1556-6021},
  url = {https://ieeexplore.ieee.org/document/9568891/},
  doi = {10.1109/TIFS.2021.3118876},
  urldate = {2023-03-26},
  journal = {IEEE Transactions on Information Forensics and Security},
  author = {Altinisik, Enes and Sencar, Husrev Taha},
  year = {2021},
  pages = {4857--4868},
  }

2020

• M. Nabeel, I. M. Khalil, B. Guan, and T. Yu, “Following Passive DNS Traces to Detect Stealthy Malicious Domains Via Graph Inference,” Acm transactions on privacy and security, vol. 23, iss. 4, p. 1–36, 2020. doi:10.1145/3401897
  [BibTeX] [Abstract] [Download PDF]

  Malicious domains, including phishing websites, spam servers, and command and control servers, are the reason for many of the cyber attacks nowadays. Thus, detecting them in a timely manner is important to not only identify cyber attacks but also take preventive measures. There has been a plethora of techniques proposed to detect malicious domains by analyzing Domain Name System (DNS) traffic data. Traditionally, DNS acts as an Internet miscreant’s best friend, but we observe that the subtle traces in DNS logs left by such miscreants can be used against them to detect malicious domains. Our approach is to build a set of domain graphs by connecting “related” domains together and injecting known malicious and benign domains into these graphs so that we can make inferences about the other domains in the domain graphs. A key challenge in building these graphs is how to accurately identify related domains so that incorrect associations are minimized and the number of domains connected from the dataset is maximized. Based on our observations, we first train two classifiers and then devise a set of association rules that assist in linking domains together. We perform an in-depth empirical analysis of the graphs built using these association rules on passive DNS data and show that our techniques can detect many more malicious domains than the state-of-the-art.

  @article{nabeel_following_2020,
  title = {Following {Passive} {DNS} {Traces} to {Detect} {Stealthy} {Malicious} {Domains} {Via} {Graph} {Inference}},
  volume = {23},
  issn = {2471-2566, 2471-2574},
  url = {https://dl.acm.org/doi/10.1145/3401897},
  doi = {10.1145/3401897},
  abstract = {Malicious domains, including phishing websites, spam servers, and command and control servers, are the reason for many of the cyber attacks nowadays. Thus, detecting them in a timely manner is important to not only identify cyber attacks but also take preventive measures. There has been a plethora of techniques proposed to detect malicious domains by analyzing Domain Name System (DNS) traffic data. Traditionally, DNS acts as an Internet miscreant’s best friend, but we observe that the subtle traces in DNS logs left by such miscreants can be used against them to detect malicious domains. Our approach is to build a set of domain graphs by connecting “related” domains together and injecting known malicious and benign domains into these graphs so that we can make inferences about the other domains in the domain graphs. A key challenge in building these graphs is how to accurately identify related domains so that incorrect associations are minimized and the number of domains connected from the dataset is maximized. Based on our observations, we first train two classifiers and then devise a set of association rules that assist in linking domains together. We perform an in-depth empirical analysis of the graphs built using these association rules on passive DNS data and show that our techniques can detect many more malicious domains than the state-of-the-art.},
  language = {en},
  number = {4},
  urldate = {2023-03-26},
  journal = {ACM Transactions on Privacy and Security},
  author = {Nabeel, Mohamed and Khalil, Issa M. and Guan, Bei and Yu, Ting},
  month = nov,
  year = {2020},
  pages = {1--36},
  }

• Y. Boshmaf, C. Elvitigala, H. Al Jawaheri, P. Wijesekera, and M. Al Sabah, “Investigating MMM Ponzi Scheme on Bitcoin,” in Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, Taipei Taiwan, 2020, p. 519–530. doi:10.1145/3320269.3384719
  [BibTeX] [Download PDF]

  @inproceedings{boshmaf_investigating_2020,
  address = {Taipei Taiwan},
  title = {Investigating {MMM} {Ponzi} {Scheme} on {Bitcoin}},
  isbn = {9781450367509},
  url = {https://dl.acm.org/doi/10.1145/3320269.3384719},
  doi = {10.1145/3320269.3384719},
  language = {en},
  urldate = {2023-03-26},
  booktitle = {Proceedings of the 15th {ACM} {Asia} {Conference} on {Computer} and {Communications} {Security}},
  publisher = {ACM},
  author = {Boshmaf, Yazan and Elvitigala, Charitha and Al Jawaheri, Husam and Wijesekera, Primal and Al Sabah, Mashael},
  month = oct,
  year = {2020},
  pages = {519--530},
  }

• H. A. Jawaheri, M. A. Sabah, Y. Boshmaf, and A. Erbad, “Deanonymizing Tor hidden service users through Bitcoin transactions analysis,” Computers & security, vol. 89, p. 101684, 2020. doi:10.1016/j.cose.2019.101684
  [BibTeX] [Download PDF]

  @article{jawaheri_deanonymizing_2020,
  title = {Deanonymizing {Tor} hidden service users through {Bitcoin} transactions analysis},
  volume = {89},
  issn = {01674048},
  url = {https://linkinghub.elsevier.com/retrieve/pii/S0167404818309908},
  doi = {10.1016/j.cose.2019.101684},
  language = {en},
  urldate = {2023-03-26},
  journal = {Computers \& Security},
  author = {Jawaheri, Husam Al and Sabah, Mashael Al and Boshmaf, Yazan and Erbad, Aiman},
  month = feb,
  year = {2020},
  pages = {101684},
  }

• E. Altinisik, K. Tasdemir, and H. T. Sencar, “Mitigation of H.264 and H.265 Video Compression for Reliable PRNU Estimation,” Ieee transactions on information forensics and security, vol. 15, p. 1557–1571, 2020. doi:10.1109/TIFS.2019.2945190
  [BibTeX] [Download PDF]

  @article{altinisik_mitigation_2020,
  title = {Mitigation of {H}.264 and {H}.265 {Video} {Compression} for {Reliable} {PRNU} {Estimation}},
  volume = {15},
  issn = {1556-6013, 1556-6021},
  url = {https://ieeexplore.ieee.org/document/8854840/},
  doi = {10.1109/TIFS.2019.2945190},
  urldate = {2023-03-26},
  journal = {IEEE Transactions on Information Forensics and Security},
  author = {Altinisik, Enes and Tasdemir, Kasim and Sencar, Husrev Taha},
  year = {2020},
  pages = {1557--1571},
  }

• E. Uzun and H. T. Sencar, “Jpg\${Scraper}\$ : An Advanced Carver for JPEG Files,” Ieee transactions on information forensics and security, vol. 15, p. 1846–1857, 2020. doi:10.1109/TIFS.2019.2953382
  [BibTeX] [Download PDF]

  @article{uzun_jpg$scraper$_2020,
  title = {Jpg\${Scraper}\$ : {An} {Advanced} {Carver} for {JPEG} {Files}},
  volume = {15},
  issn = {1556-6013, 1556-6021},
  shorttitle = {Jpg\${Scraper}\$},
  url = {https://ieeexplore.ieee.org/document/8897606/},
  doi = {10.1109/TIFS.2019.2953382},
  urldate = {2023-03-26},
  journal = {IEEE Transactions on Information Forensics and Security},
  author = {Uzun, Erkam and Sencar, Husrev Taha},
  year = {2020},
  pages = {1846--1857},
  }

2019

• H. Sun, X. Xiao, I. Khalil, Y. Yang, Z. Qin, H. (. Wang, and T. Yu, “Analyzing Subgraph Statistics from Extended Local Views with Decentralized Differential Privacy,” in Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, London United Kingdom, 2019, p. 703–717. doi:10.1145/3319535.3354253
  [BibTeX] [Download PDF]

  @inproceedings{sun_analyzing_2019,
  address = {London United Kingdom},
  title = {Analyzing {Subgraph} {Statistics} from {Extended} {Local} {Views} with {Decentralized} {Differential} {Privacy}},
  isbn = {9781450367479},
  url = {https://dl.acm.org/doi/10.1145/3319535.3354253},
  doi = {10.1145/3319535.3354253},
  language = {en},
  urldate = {2023-03-26},
  booktitle = {Proceedings of the 2019 {ACM} {SIGSAC} {Conference} on {Computer} and {Communications} {Security}},
  publisher = {ACM},
  author = {Sun, Haipei and Xiao, Xiaokui and Khalil, Issa and Yang, Yin and Qin, Zhan and Wang, Hui (Wendy) and Yu, Ting},
  month = nov,
  year = {2019},
  pages = {703--717},
  }

• Y. Boshmaf, H. A. Jawaheri, and M. A. Sabah, BlockTag: Design and applications of a tagging system for blockchain analysisArxiv, 2019.
  [BibTeX] [Abstract] [Download PDF]

  Annotating blockchains with auxiliary data is useful for many applications. For example, e-crime investigations of illegal Tor hidden services, such as Silk Road, often involve linking Bitcoin addresses, from which money is sent or received, to user accounts and related online activities. We present BlockTag, an open-source tagging system for blockchains that facilitates such tasks. We describe BlockTag’s design and present three analyses that illustrate its capabilities in the context of privacy research and law enforcement.

  @misc{boshmaf_blocktag:_2019,
  title = {{BlockTag}: {Design} and applications of a tagging system for blockchain analysis},
  shorttitle = {{BlockTag}},
  url = {http://arxiv.org/abs/1809.06044},
  abstract = {Annotating blockchains with auxiliary data is useful for many applications. For example, e-crime investigations of illegal Tor hidden services, such as Silk Road, often involve linking Bitcoin addresses, from which money is sent or received, to user accounts and related online activities. We present BlockTag, an open-source tagging system for blockchains that facilitates such tasks. We describe BlockTag's design and present three analyses that illustrate its capabilities in the context of privacy research and law enforcement.},
  urldate = {2023-03-26},
  publisher = {arXiv},
  author = {Boshmaf, Yazan and Jawaheri, Husam Al and Sabah, Mashael Al},
  month = jul,
  year = {2019},
  note = {arXiv:1809.06044 [cs]},
  keywords = {Computer Science - Cryptography and Security},
  }

• G. Liu, I. Khalil, and A. Khreishah, “ZK-GanDef: A GAN Based Zero Knowledge Adversarial Training Defense for Neural Networks,” in 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Portland, OR, USA, 2019, p. 64–75. doi:10.1109/DSN.2019.00021
  [BibTeX] [Download PDF]

  @inproceedings{liu_zk-gandef:_2019,
  address = {Portland, OR, USA},
  title = {{ZK}-{GanDef}: {A} {GAN} {Based} {Zero} {Knowledge} {Adversarial} {Training} {Defense} for {Neural} {Networks}},
  isbn = {9781728100579},
  shorttitle = {{ZK}-{GanDef}},
  url = {https://ieeexplore.ieee.org/document/8809515/},
  doi = {10.1109/DSN.2019.00021},
  urldate = {2023-03-26},
  booktitle = {2019 49th {Annual} {IEEE}/{IFIP} {International} {Conference} on {Dependable} {Systems} and {Networks} ({DSN})},
  publisher = {IEEE},
  author = {Liu, Guanxiong and Khalil, Issa and Khreishah, Abdallah},
  month = jun,
  year = {2019},
  pages = {64--75},
  }

• G. Liu, I. Khalil, and A. Khreishah, “Using Intuition from Empirical Properties to Simplify Adversarial Training Defense,” in 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), Portland, OR, USA, 2019, p. 58–61. doi:10.1109/DSN-W.2019.00020
  [BibTeX] [Download PDF]

  @inproceedings{liu_using_2019,
  address = {Portland, OR, USA},
  title = {Using {Intuition} from {Empirical} {Properties} to {Simplify} {Adversarial} {Training} {Defense}},
  isbn = {9781728130309},
  url = {https://ieeexplore.ieee.org/document/8806015/},
  doi = {10.1109/DSN-W.2019.00020},
  urldate = {2023-03-26},
  booktitle = {2019 49th {Annual} {IEEE}/{IFIP} {International} {Conference} on {Dependable} {Systems} and {Networks} {Workshops} ({DSN}-{W})},
  publisher = {IEEE},
  author = {Liu, Guanxiong and Khalil, Issa and Khreishah, Abdallah},
  month = jun,
  year = {2019},
  pages = {58--61},
  }

• Y. Zhauniarovich, I. Khalil, T. Yu, and M. Dacier, “A Survey on Malicious Domains Detection through DNS Data Analysis,” Acm computing surveys, vol. 51, iss. 4, p. 1–36, 2019. doi:10.1145/3191329
  [BibTeX] [Abstract] [Download PDF]

  Malicious domains are one of the major resources required for adversaries to run attacks over the Internet. Due to the important role of the Domain Name System (DNS), extensive research has been conducted to identify malicious domains based on their unique behavior reflected in different phases of the life cycle of DNS queries and responses. Existing approaches differ significantly in terms of intuitions, data analysis methods as well as evaluation methodologies. This warrants a thorough systematization of the approaches and a careful review of the advantages and limitations of every group. In this article, we perform such an analysis. To achieve this goal, we present the necessary background knowledge on DNS and malicious activities leveraging DNS. We describe a general framework of malicious domain detection techniques using DNS data. Applying this framework, we categorize existing approaches using several orthogonal viewpoints, namely (1) sources of DNS data and their enrichment, (2) data analysis methods, and (3) evaluation strategies and metrics. In each aspect, we discuss the important challenges that the research community should address in order to fully realize the power of DNS data analysis to fight against attacks leveraging malicious domains.

  @article{zhauniarovich_survey_2019,
  title = {A {Survey} on {Malicious} {Domains} {Detection} through {DNS} {Data} {Analysis}},
  volume = {51},
  issn = {0360-0300, 1557-7341},
  url = {https://dl.acm.org/doi/10.1145/3191329},
  doi = {10.1145/3191329},
  abstract = {Malicious domains are one of the major resources required for adversaries to run attacks over the Internet. Due to the important role of the Domain Name System (DNS), extensive research has been conducted to identify malicious domains based on their unique behavior reflected in different phases of the life cycle of DNS queries and responses. Existing approaches differ significantly in terms of intuitions, data analysis methods as well as evaluation methodologies. This warrants a thorough systematization of the approaches and a careful review of the advantages and limitations of every group.
  In this article, we perform such an analysis. To achieve this goal, we present the necessary background knowledge on DNS and malicious activities leveraging DNS. We describe a general framework of malicious domain detection techniques using DNS data. Applying this framework, we categorize existing approaches using several orthogonal viewpoints, namely (1) sources of DNS data and their enrichment, (2) data analysis methods, and (3) evaluation strategies and metrics. In each aspect, we discuss the important challenges that the research community should address in order to fully realize the power of DNS data analysis to fight against attacks leveraging malicious domains.},
  language = {en},
  number = {4},
  urldate = {2023-03-26},
  journal = {ACM Computing Surveys},
  author = {Zhauniarovich, Yury and Khalil, Issa and Yu, Ting and Dacier, Marc},
  month = jul,
  year = {2019},
  pages = {1--36},
  }

• G. Liu, I. Khalil, and A. Khreishah, “GanDef: A GAN Based Adversarial Training Defense for Neural Network Classifier,” in ICT Systems Security and Privacy Protection, Cham, 2019, p. 19–32. doi:10.1007/978-3-030-22312-0_2
  [BibTeX] [Abstract]

  Machine learning models, especially neural network (NN) classifiers, are widely used in many applications including natural language processing, computer vision and cybersecurity. They provide high accuracy under the assumption of attack-free scenarios. However, this assumption has been defied by the introduction of adversarial examples – carefully perturbed samples of input that are usually misclassified. Many researchers have tried to develop a defense against adversarial examples; however, we are still far from achieving that goal. In this paper, we design a Generative Adversarial Net (GAN) based adversarial training defense, dubbed GanDef, which utilizes a competition game to regulate the feature selection during the training. We analytically show that GanDef can train a classifier so it can defend against adversarial examples. Through extensive evaluation on different white-box adversarial examples, the classifier trained by GanDef shows the same level of test accuracy as those trained by state-of-the-art adversarial training defenses. More importantly, GanDef-Comb, a variant of GanDef, could utilize the discriminator to achieve a dynamic trade-off between correctly classifying original and adversarial examples. As a result, it achieves the highest overall test accuracy when the ratio of adversarial examples exceeds 41.7\%.

  @inproceedings{liu_gandef:_2019,
  address = {Cham},
  series = {{IFIP} {Advances} in {Information} and {Communication} {Technology}},
  title = {{GanDef}: {A} {GAN} {Based} {Adversarial} {Training} {Defense} for {Neural} {Network} {Classifier}},
  isbn = {9783030223120},
  shorttitle = {{GanDef}},
  doi = {10.1007/978-3-030-22312-0_2},
  abstract = {Machine learning models, especially neural network (NN) classifiers, are widely used in many applications including natural language processing, computer vision and cybersecurity. They provide high accuracy under the assumption of attack-free scenarios. However, this assumption has been defied by the introduction of adversarial examples – carefully perturbed samples of input that are usually misclassified. Many researchers have tried to develop a defense against adversarial examples; however, we are still far from achieving that goal. In this paper, we design a Generative Adversarial Net (GAN) based adversarial training defense, dubbed GanDef, which utilizes a competition game to regulate the feature selection during the training. We analytically show that GanDef can train a classifier so it can defend against adversarial examples. Through extensive evaluation on different white-box adversarial examples, the classifier trained by GanDef shows the same level of test accuracy as those trained by state-of-the-art adversarial training defenses. More importantly, GanDef-Comb, a variant of GanDef, could utilize the discriminator to achieve a dynamic trade-off between correctly classifying original and adversarial examples. As a result, it achieves the highest overall test accuracy when the ratio of adversarial examples exceeds 41.7\%.},
  language = {en},
  booktitle = {{ICT} {Systems} {Security} and {Privacy} {Protection}},
  publisher = {Springer International Publishing},
  author = {Liu, Guanxiong and Khalil, Issa and Khreishah, Abdallah},
  editor = {Dhillon, Gurpreet and Karlsson, Fredrik and Hedström, Karin and Zúquete, André},
  year = {2019},
  keywords = {Neural network classifier, Generative Adversarial Net, Adversarial training defense},
  pages = {19--32},
  }

2018

• I. M. Khalil, B. Guan, M. Nabeel, and T. Yu, “A Domain is only as Good as its Buddies: Detecting Stealthy Malicious Domains via Graph Inference,” in Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, Tempe AZ USA, 2018, p. 330–341. doi:10.1145/3176258.3176329
  [BibTeX] [Download PDF]

  @inproceedings{khalil_domain_2018,
  address = {Tempe AZ USA},
  title = {A {Domain} is only as {Good} as its {Buddies}: {Detecting} {Stealthy} {Malicious} {Domains} via {Graph} {Inference}},
  isbn = {9781450356329},
  shorttitle = {A {Domain} is only as {Good} as its {Buddies}},
  url = {https://dl.acm.org/doi/10.1145/3176258.3176329},
  doi = {10.1145/3176258.3176329},
  language = {en},
  urldate = {2023-03-26},
  booktitle = {Proceedings of the {Eighth} {ACM} {Conference} on {Data} and {Application} {Security} and {Privacy}},
  publisher = {ACM},
  author = {Khalil, Issa M. and Guan, Bei and Nabeel, Mohamed and Yu, Ting},
  month = mar,
  year = {2018},
  pages = {330--341},
  }

2017

• Z. Qin, T. Yu, Y. Yang, I. Khalil, X. Xiao, and K. Ren, “Generating Synthetic Decentralized Social Graphs with Local Differential Privacy,” in Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, Dallas Texas USA, 2017, p. 425–438. doi:10.1145/3133956.3134086
  [BibTeX] [Download PDF]

  @inproceedings{qin_generating_2017,
  address = {Dallas Texas USA},
  title = {Generating {Synthetic} {Decentralized} {Social} {Graphs} with {Local} {Differential} {Privacy}},
  isbn = {9781450349468},
  url = {https://dl.acm.org/doi/10.1145/3133956.3134086},
  doi = {10.1145/3133956.3134086},
  language = {en},
  urldate = {2023-03-26},
  booktitle = {Proceedings of the 2017 {ACM} {SIGSAC} {Conference} on {Computer} and {Communications} {Security}},
  publisher = {ACM},
  author = {Qin, Zhan and Yu, Ting and Yang, Yin and Khalil, Issa and Xiao, Xiaokui and Ren, Kui},
  month = oct,
  year = {2017},
  pages = {425--438},
  }

2016

• Z. Qin, Y. Yang, T. Yu, I. Khalil, X. Xiao, and K. Ren, “Heavy Hitter Estimation over Set-Valued Data with Local Differential Privacy,” in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna Austria, 2016, p. 192–203. doi:10.1145/2976749.2978409
  [BibTeX] [Download PDF]

  @inproceedings{qin_heavy_2016-1,
  address = {Vienna Austria},
  title = {Heavy {Hitter} {Estimation} over {Set}-{Valued} {Data} with {Local} {Differential} {Privacy}},
  isbn = {9781450341394},
  url = {https://dl.acm.org/doi/10.1145/2976749.2978409},
  doi = {10.1145/2976749.2978409},
  language = {en},
  urldate = {2023-03-26},
  booktitle = {Proceedings of the 2016 {ACM} {SIGSAC} {Conference} on {Computer} and {Communications} {Security}},
  publisher = {ACM},
  author = {Qin, Zhan and Yang, Yin and Yu, Ting and Khalil, Issa and Xiao, Xiaokui and Ren, Kui},
  month = oct,
  year = {2016},
  pages = {192--203},
  }

• Z. Qin, Y. Yang, T. Yu, I. Khalil, X. Xiao, and K. Ren, “Heavy Hitter Estimation over Set-Valued Data with Local Differential Privacy,” in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna Austria, 2016, p. 192–203. doi:10.1145/2976749.2978409
  [BibTeX] [Download PDF]

  @inproceedings{qin_heavy_2016,
  address = {Vienna Austria},
  title = {Heavy {Hitter} {Estimation} over {Set}-{Valued} {Data} with {Local} {Differential} {Privacy}},
  isbn = {9781450341394},
  url = {https://dl.acm.org/doi/10.1145/2976749.2978409},
  doi = {10.1145/2976749.2978409},
  language = {en},
  urldate = {2023-03-26},
  booktitle = {Proceedings of the 2016 {ACM} {SIGSAC} {Conference} on {Computer} and {Communications} {Security}},
  publisher = {ACM},
  author = {Qin, Zhan and Yang, Yin and Yu, Ting and Khalil, Issa and Xiao, Xiaokui and Ren, Kui},
  month = oct,
  year = {2016},
  pages = {192--203},
  }

• I. Khalil, T. Yu, and B. Guan, “Discovering Malicious Domains through Passive DNS Data Graph Analysis,” in Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, Xi’an China, 2016, p. 663–674. doi:10.1145/2897845.2897877
  [BibTeX] [Download PDF]

  @inproceedings{khalil_discovering_2016,
  address = {Xi'an China},
  title = {Discovering {Malicious} {Domains} through {Passive} {DNS} {Data} {Graph} {Analysis}},
  isbn = {9781450342339},
  url = {https://dl.acm.org/doi/10.1145/2897845.2897877},
  doi = {10.1145/2897845.2897877},
  language = {en},
  urldate = {2023-03-26},
  booktitle = {Proceedings of the 11th {ACM} on {Asia} {Conference} on {Computer} and {Communications} {Security}},
  publisher = {ACM},
  author = {Khalil, Issa and Yu, Ting and Guan, Bei},
  month = may,
  year = {2016},
  pages = {663--674},
  }