I am an Assistant Professor in the CSE Department at the University at Buffalo. Previously, I worked at AFRL (2016; faculty fellow), Verisign Labs (2012-2015; senior scientist), Huawei (2012; researcher), ICSI (2011; intern), and ETRI (2007-2009; researcher). I earned my Ph.D. and M.Sc. in CS from the University of Minnesota in 2012, working with Prof. Yongdae Kim, and M.E. in Information and Communication Engineering from Inha University in 2007, working with Prof. DaeHun Nyang. At UB, I lead the Security Analytics Lab (SEAL), where I work on software and networked systems security, online privacy, and Internet measurements. Current applications of interest include malware, DDoS, DNS, IoT, blockchain, mobile systems and threat intelligence.

⚑ Teaching // F2016: CSE 709; CSE 410, S2016: CSE 664, F2015: CSE 709.
⚑ Publicity // submitt: PAC, SKM, HotPost. attend: ICDCS, INFOCOM, MobiSys

▬ Representative Publications

IEEE ICDCS 2017
An Adversary-Centric Behavior Modeling of DDoS Attacks
IEEE ICDCS 2017
Defending Against Voice Impersonation Attacks on Smartphones (Best student paper)
Media
Phys.org, Financial Express, Tech Radar, NDTV, Science Daily, Gizmodo, etc.
IEEE ICDCS 2017
Android Malware Detection Using Complex Flows
IEEE ICDCS 2017
Privacy Implications of DNSSEC-Lookaside Validation
IEEE ICDCS 2017
When Smart TV Meets CRN: Privacy-preserving Fine-grained Spectrum Access
IEEE ICDCS 2017
Rogue Access Point Detector Using Channel Overlapping in 802.11n (Demo)
IEEE ICDCS 2017
You’ve Been Tricked! A User Study of the Effectiveness of Typosquatting (Poster)
IEEE INFOCOM 2017
Large-scale Invisible Attack on AFC Systems with NFC-equipped Smartphones
Financial Crypto 2017
Graph Encryption for Exact Shortest Distance Queries with Efficient Updates
ACM MobiSys 2017
Android Malware Detection using Multi-Flows and API Patterns (Poster)
ACM WiSec 2017
Highly-Accurate Access Point Detection using Intentional Interference
ACM WiSec 2017
Two-level Network Monitoring in WLAN using Software-Defined Networking
USPTO 2017
Access control for named domain networking (Patent)
USPTO 2017
Methods and systems for domain name data networking (Patent)
IRTF 2017
XMSS: Extended Hash-Based Signatures (Standard)
IEEE TIFS 2017
Crime Scene Reconstruction: Online Gold Farming Network Analysis (2.44)
ISOC NDSS 2016
Uncovering game bots in MMORPGs via self-similarity in the wild (15%)
IEEE TKDE 2016
Private Over-threshold Aggregation Protocols over Distributed Databases (1.82)
DIMVA 2015
Revealing DDoS Attack Dynamics behind the Scenes (23%)
ACM ASIACCS 2015
Measuring Botnets in the Wild: Some New Trends (22%)
IEEE CNS 2015
Separating Benign and Malicious Network Events for Malware Classification (28%)
IEEE DSN 2015
Delving into Internet DDoS Attacks by Botnets: Characterization and Analysis (22%)
IEEE TDSC 2015
Timing Attacks on Access Privacy in ICN and Countermeasures (1.59)
ACM IMC 2014
Measuring Domain Forwarding and Applications at the Internet Scale (20.3%)
DIMVA 2014
Metadata-driven Threat Classification of Network Endpoints Appearing in Malware (23%)
DIMVA 2014
AV-Meter: An Evaluation of Antivirus Scans and Labels (23%)
IEEE CNS 2014
Exploring Classification of Malware using the Order of Events (26%)
ACM WPES 2014
Measuring the Leakage of Onion at the Root (25%)
IEEE TMC 2014
Keylogging-resistant Visual Authentication Protocols (2.91)
IEEE TDSC 2014
Secure encounter-based social networks: Requirements, challenges, and designs (1.59)
ACM ASIACCS 2013
Dynamix: anonymity on dynamic social structures (28%)
IEEE TSC 2013
Trustworthy Distributed Computing on Social Networks (2.37)
Media
MIT Technology Review, The Verge, Data News, Atelier, msn.com.
IEEE TVT 2013
Trading Optimality for Scalability in Large-scale Opportunistic Routing (2.64)
ACM ASIACCS 2012
On the mixing time of directed social graphs and security implications (18%)
IEEE INFOCOM 2012
Dynamic energy-oriented scheduling for sustainable wireless sensor networks (18%)
ISOC NDSS 2011
Losing control of the Internet: Using the data plane to attack the control plane (18%)
Media
New Scientist, CBS News, Slashdot, METRO, The Register, Gizmodo, etc.
IEEE INFOCOM 2011
Incorporating trust into social network-based Sybil defenses (16%)
ACM IMC 2010
Measuring the mixing time of social graphs (22%)

▬ Active Research Projects

  • Security, Measurements, and Design (selected publications)
    • Malware Analysis, Detection and Classification. We design algorithms and systems for the characterization, detection and classification of malware using static and behavioral analysis.
      Publications
      [INFOCOM 2017] [NDSS 2016] [IEEE TIFS 2016] [CNS 2015] [DIMVA 2014 (2)]
    • Distributed Denial of Service: We design and develop a data-driven and model-guided approach to defending against application-level distributed denial of service (DDoS) attacks by botnets.
      Publications
      [IEEE TDSC 2017] [IEEE DSN 2015] [ACM ASIA CCS 2015] [DIMVA 2015] [NDSS 2011].
    • Domain Name System: We develop an arsenal of tools for understanding, measuring, quantifying, and improving the security, privacy, operation and transparency of the domain name system (DNS).
      Publications
      [ToN 2017] [ARES 2016] [WISA 2014] [ACM WPES 2014] [WWW 2014-w] [IMC 2014]
    • Mobile Security. We design efficent and accurate techniques for detecting and classifying mobile malware, as well as techniques for improving privacy in mobile networks.
      Publications
      [COSE 2016] [Digitial Investigation 2015] [WISA 2014] [TDSC 2013]
    • Internet of Things. We develop algorithms to improve the efficiency, security, and operation of mobile and wireless networks, including usable authentication techniques.
      Publications
      [COSE 2015] [IEEE CL 2014] [IEEE TMC 2014] [IEEE TVT 2013] [IEEE INFOCOM 2012].
  • Privacy. We design techniques and tools to understand online privacy and improve privacy through distributed architectures of computation under powerful adversaries.
    Publications
    [FC 2017] [TKDE 2016] [TDSC 2015] [WPES 2014] [TDSC 2013] [ICISC 2012]
  • Trustworthy Social Systems. We develop techniques to improve system security and user privacy through social networks, including a finer understanding of social network properties from trustworthy social systems.
    Publications
    [TSC 2015] [ASIACCS 2013 (2)] [TDSC 2013] [ASIACCS 2012] [INFOCOM 2011] [IMC 2010]

▬ Non-academic Interests

I like long-distance running. I ran the Baltimore Marathon, Reston Marathon, TNFE DC 50k, TC Marathon, Marine Corps Marathon (several times), Magnus Gluteus Maximus (50K), Steamtown Marathon, etc. I ran with Reston Runners

▬ Recent Professional Service

… TPC Member, NDSS 2018
… TPC Member, INFOCOM 2018
… TPC Member, IEEE ICDCS 2017
… TPC Member, IEEE INFOCOM 2017
… TPC Member, DBSec 2017
… TPC Member, ICWSM 2017
… TPC Member, IEEE ICCCN 2017
… TPC Member, IEEE HotWeb 2017
… TPC Member, CNS 2017
… TPC Member, GlobeCom 2017
… TPC Member, ICC 2017
… Treasurer, ACM MobiSys 2017
… Co-chair, IEEE PAC 2017 (Posters)
… Co-chair, IEEE HotPOST 2017
… Co-chair, IEEE CNS 2016 (Travel)
… Co-chair, TRUSTCOM 2016
… Co-chair, SECURECOMM 2016
… Co-chair, IEEE SIMPLEX 2016
… Reviewer, GHC 2016 (Blog)
… Panelist, NSF (2016), DHS (2016)
… Invited to Dagstuhl Seminar 16251 (Blog)

▬ News

Interested in joining our group?
04/2017
1 standard is published (IRTF)
04/2017
1 patent filed with USPTO
03/2017
5 papers in IEEE ICDCS 2017
03/2017
1 paper in IEEE TIFS -- malware
02/2017
1 paper in IEEE TDSC -- DDoS
01/2017
1 paper in Financial Crypto - analytics
11/2016
1 paper in INFOCOM - mobile
06/2016
1 paper in HotWeb 2016 -- DNS
08/2016
2 papers in WISA -- DNS and DDoS
06/2016
1 poster in ACM SIGOCMM -- privacy
06/2016
1 paper in ARES -- DNS security
06/2016
1 paper in IEEE TKDE -- analytics
06/2016
1 paper in ACM/IEEE ToN - DNS privacy
10/2015
1 paper in ISOC NDSS -- malware
09/2015
1 paper in IEEE CNS -- malware
09/2015
1 paper in IEEE HotWeb -- malware

▬ In the Press

Spotlight #4. Our work on assessing the landscape of domain name typosquatting got mentioned in an article in slate. The work is jointly done with Jeffrey Spaulding (Ph.D. student).

Spotlight #3. Our work on measuring the leakage of .onion in the public DNS has been covered by a post in the DeepDotWeb. The work was presented at ACM WPES and was jointly done with Matt Thomas.

Spotlight #2. Our work on Social Clouds, a design of a trustworthy social computing system bootstrapped by social networks, was covered by MIT Technology Review, The Verge, Data News, Atelier, msn.com. This work was published in IEEE TSC and was jointly done with Huy Tran, Abhishek Chandra and Yongdae Kim.

Spotlight #1. Our work on DDoS attacks has been covered by several news stories in the New Scientist, CBS News, Info Packets, Infosec Island, Minnesota Daily, Slashdot, METRO, The Register, Gizmodo, Geekosystem, ISSSource, among others. This work was published at ISOC NDSS, and was jointly done with Max Schuchard et al.