Projects

Our research interests span across network, mobile, software, hardware, and human, emphasizing security and privacy issues of the targets. Details will be posted when they become publicly available.

  • AI Security
    • Attack against machine learning algorithms, foundation models, AI-agents
    • Attack against embodied AI
  • Autonomous Vehicle Security
    • DeGhost (EuroSP24)
    • ShadowHack (USENIX SEC25)
    • Adversarial Fog (ASIACCS25)
    • Adversarial Retroreflective Attack (VehicleSec24)
    • AVATAR (ACSW25)
    • Overpass
    • EAGLES
    • DAP
    • more to come…
  • New Authentication mechanisms
    • BioSignal-based authentication (BlinkAuth) (AsiaCCS24)
    • VR authentication (PinchKey) (EuroUSEC23)
    • World-based authentication with LiDAR sensors (WorldAuth)
    • Rythm-based authenticatoin
    • Usable authentication for visually impaired person
  • Offensive Security
    • RouteDetector — A novel PoC side-channel attack for mobile devices (WOOT15)
    • Tap ‘N Ghost (SP19)
    • Analysis of RF retroreflector (WOOT18)
    • Social Accounts De-anonymization (EuroSP17)
    • De-anonymizing online purchase history
  • Voice Assistant Security & Privacy
    • Audio Hotspot Attack
    • ChatterBox framework (RAID22)
  •  IoT
  • Human-factors in security / Usable Security
    • Accessible Security — Authentication mechanisms for visually impaired person [paper][poster]
    • Passwords analytics
    • Usable and secure pattern rock system
    • User security perception on the Android marketplace
  • Privacy
    • Understanding web tracking in the wild
    • Android app privacy
    • Auction privacy
    • Privacy Policy analysis
    • Privacy of the GAEN framework
    • Privacy policy analysis with transformers
  • Mobile Security
    • ACODE — Analysing mobile apps with static software analysis and natural language processing (SOUPS15)
    • AppRaiser — A system that automatically detects “cloned” Android apps
    • PADetector — A system that can detect promotional attackers on the Android app marketplaces.
    • Analytics of mobile app market
  • Network Security
    • ShamFinder  — A framework that detects homograph IDN. (ICM19)
    • AutoBLG — Automated blacklist generation framework.
    • SFMap — Inferring hostnames of encrypted HTTP traffic (PAM15)
    • Detecting malicious traffic
    • Darknet analysis — Extracting useful information from darknet traffic
    • CLAP — Classification of potentially unwanted applicatons (PUA)
    • COVID-19 domain names
    • Olympic domain names
    • DNS Security mechanisms
    • Online banking flauding analysis
    • Browser permission mechanisms
  • Software Security
    • Malware analytics — Applying machine learning techniques to analyzing malware samples
    • Scalable vulnerability detection
    • VR app analysis