Program

Monday 30/09/2024

08:30 - 09:00 Registration
09:00 - 09:30 Opening
09:30 - 10:30 Keynote I


Lorenzo Cavallaro
Trustworthy AI... for Systems Security

Abstract: No day goes by without reading machine learning (ML) success stories across various application areas. Systems security is no exception, where ML’s tantalizing performance leave one to wonder whether there are any unsolved problems left. However, machine learning has no clairvoyant abilities and once the magic wears off, we’re left in uncharted territory. Is machine learning truly capable of ensuring systems security? In this keynote, we will take malware research as a representative example of a long-studied, thriving, yet challenging subject and, after offering a quick historical perspective, we will illustrate some of the open issues that are affecting learning-based malware models. When relevant, we will also delve into behind-the-scenes aspects to encourage reflection on the reproducibility crisis. Our goal is to foster a deeper understanding of machine learning’s role in systems security along with a discussion on promising directions the research community is and should be pursuing to address such challenges and open problems.

Bio: Lorenzo Cavallaro grew up on pizza, spaghetti, and Phrack, and soon developed a passion for underground and academic research. He is a Full Professor of Computer Science at University College London (UCL), where he leads the Systems Security Research Lab. Lorenzo’s research vision is to enhance the effectiveness of machine learning for systems security in adversarial settings. He works with his team to investigate the interplay among program analysis abstractions, representations, and ML models, and their crucial role in creating Trustworthy AI for Systems Security. Lorenzo publishes at and sits on the Program Committee of leading conferences in computer security and ML, received the Distinguished Paper Award at USENIX Security 2022, and an ICML 2024 Spotlight Paper. He is also Associate Editor of ACM TOPS and IEEE TDSC. In addition to his love for food, Lorenzo finds his Flow in science, music, and family.

10:30 - 11:00 Break
11:00 - 12:30 Web Security and Privacy (Chair: Colin Ife)

Understanding Web Fingerprinting with a Protocol-Centric Approach [PDF]
Bogdan Cebere, CISPA Helmholtz Center for Information Security
Christian Rossow, CISPA Helmholtz Center for Information Security

Blocklist-Forecast: Proactive Domain Blocklisting by Identifying Malicious Hosting Infrastructure [PDF]
Udesh Kumarasinghe, Purdue University
Mohamed Nabeel, Palo Alto Networks
Charitha Elvitigala, SCoRe Lab

From Victims to Defenders: An Exploration of the \\Phishing Attack Reporting Ecosystem [PDF]
Zhibo Sun, Drexel University
Faris Bugra Kokulu, Arizona State University
Penghui Zhang, Arizona State University
Adam Oest, PayPal
Gianluca Stringhini, Boston University
Tiffany Bao, Arizona State University
Ruoyu Wang, Arizona State University
Yan Shoshitaishvili, Arizona State University
Adam Doupé, Arizona State University
Gail-Joon Ahn, Arizona State University

Hidden Web Caches Discovery [PDF]
Matteo Golinelli, University of Trento
Bruno Crispo, University of Trento

Gudifu: Guided Differential Fuzzing for HTTP Request Parsing Discrepancies [PDF]
Bahruz Jabiyev, Dartmouth College
Anthony Gavazzi, Northeastern University
Kaan Onarlioglu, Akamai Technologies
Engin Kirda, Northeastern University

12:30 - 14:00 Lunch
14:00 - 15:30 Malware & Unwanted Software (I) (Chair: Simone Aonzo)

What do malware analysts want from academia? A survey on the state-of-the-practice to guide research developments [PDF]
Marcus Botacin, Texas A&M University

Cross-Regional Malware Detection via Model Distilling and Federated Learning [PDF]
Marcus Botacin, Texas A&M University
Heitor Gomes, Victoria University of Wellington

ADAPT it! Automating APT Campaign and Group Attribution by Leveraging and Linking Heterogeneous Files [PDF]
Aakanksha Saha, TU Wien
Jorge Blasco, Universidad Politécnica de Madrid
Lorenzo Cavallaro, University College London
Martina Lindorfer, TU Wien

How to Train your Antivirus: RL-based Hardening through the Problem Space [PDF]
Ilias Tsingenopoulos, imec-DistriNet, KU Leuven
Jacopo Cortellazzi, King's College London
Branislav Bosansky, Gen Digital
Simone Aonzo, EURECOM
Davy Preuveneers, KU Leuven
Wouter Joosen, KU Leuven
Fabio Pierazzi, King's College London
Lorenzo Cavallaro, University College London

Down to earth! Guidelines for DGA-based Malware Detection [PDF]
Bogdan Cebere, CISPA Helmholtz Center for Information Security
Jonathan Lasse Bennet Flueren, CISPA Helmholtz Center for Information Security
Silvia Sebastián, CISPA Helmholtz Center for Information Security
Daniel Plohmann, Fraunhofer FKIE
Christian Rossow, CISPA Helmholtz Center for Information Security

15:30 - 16:00 Break
16:00 - 17:30 IDS and Network Security (Chair: Bradley Reaves)

Mateen: Adaptive Ensemble Learning for Network Anomaly Detection [PDF]
Fahad Alotaibi, Imperial College London
Sergio Maffeis, Imperial College London

Obfuscating Provenance-Based Forensic Investigations with Mapping System Meta-Behavior [PDF]
Anyuan Sang, Xidian University
Yuchen Wang, Xidian University
Li Yang, Xidian University, Shaanxi Key Laboratory of Network and System Security
Junbo Jia, Xidian University
Lu Zhou, Xidian University

AudiTrim: A Real-time, General, Efficient, and Low-overhead Data Compaction System for Intrusion Detection [PDF]
Hongbin Sun, Zhongguancun Laboratory
Su Wang, Zhongguancun Laboratory
Zhiliang Wang, Tsinghua University
Zheyu Jiang, Tsinghua University
Dongqi Han, Beijing University of Posts and Telecommunications
Jiahai Yang, Tsinghua University

No Need for Details: Effective Anomaly Detection for Process Control Traffic in Absence of Protocol and Attack Knowledge [PDF]
Franka Schuster, Brandenburg University of Technology Cottbus-Senftenberg
Hartmut König, Brandenburg University of Technology Cottbus-Senftenberg

Leveraging Deep Reinforcement Learning for Cyber-Attack Paths Prediction: Formulation, Generalization, and Evaluation [PDF]
Franco Terranova, Université de Lorraine, CNRS, Inria, LORIA
Abdelkader Lahmadi, Université de Lorraine, CNRS, Inria, LORIA
Isabelle Chrisment, Université de Lorraine, CNRS, Inria, LORIA

17:30 Welcome Reception at Palazzo della Salute

Tuesday 01/10/2024

09:30 - 10:30 Malware & Unwanted Software (II) (Chair: Gianluca Stringhini)

Encrypted Endpoints: Defending Online Services from Illegitimate Bot Automation [PDF]
August See, Universität Hamburg
Kevin Röbert, Universität Hamburg
Mathias Fischer, Universität Hamburg

Extending C2 Traffic Detection Methodologies: From TLS 1.2 to TLS 1.3-enabled Malware [PDF]
Carlos Novo, INESC TEC, HASLab and DCC FCUP
Sofia Romeiro, INESC-ID / Instituto Superior Técnico, Universidade de Lisboa
Bernardo Portela, INESC TEC, HASLab and DCC FCUP
Diogo Barradas, University of Waterloo
Nuno Santos, INESC-ID / Instituto Superior Técnico, Universidade de Lisboa

BluePrint: Automatic Malware Signature Generation for Internet Scanning [PDF]
Kevin Stevens, Georgia Institute of Technology
Mert Erdemir, Georgia Institute of Technology
Hang Zhang, Indiana University Bloomington
Taesoo Kim, Georgia Institute of Technology
Paul Pearce, Georgia Institute of Technology

10:30 - 11:00 Break
11:00 - 12:30 Cyber Crime and Security Measurements (Chair: Martina Lindorfer)

Honeyquest: Rapidly Measuring the Enticingness of Cyber Deception Techniques with Code-based Questionnaires [PDF]
Mario Kahlhofer, Dynatrace Research, Johannes Kepler University Linz
Stefan Achleitner, Dynatrace Research
Stefan Rass, Johannes Kepler University Linz, LIT Secure and Correct Systems Lab
René Mayrhofer, Johannes Kepler University Linz

The "Big Beast to Tackle": Practices in Quality Assurance for Cyber Threat Intelligence [PDF]
Thomas Geras, HM Munich University of Applied Sciences
Thomas Schreck, HM Munich University of Applied Sciences

Unraveling the Web of Disinformation: Exploring the Larger Context of State-Sponsored Influence Campaigns on Twitter [PDF]
Mohammad Hammas Saeed, Boston University
Shiza Ali, Boston University
Pujan Paudel, Boston University
Jeremy Blackburn, Binghamton University
Gianluca Stringhini, Boston University

You Might Have Known It Earlier: Analyzing the Role of Underground Forums in Threat Intelligence [PDF]
Tommaso Paladini, Politecnico di Milano
Lara Ferro, Politecnico di Milano
Mario Polino, Politecnico di Milano
Stefano Zanero, Politecnico di Milano
Michele Carminati, Politecnico di Milano

Cross-Chain Bridges: Attack Taxonomy, Defenses, and Open Problems [PDF]
Mengya Zhang, The Ohio State University
Xiaokuan Zhang, George Mason University
Yinqian Zhang, Southern University of Science and Technology
Zhiqiang Lin, The Ohio State University

12:30 - 14:00 Lunch
14:00 - 15:30 Software Security (Chair: Christian Rossow)

KernJC: Automated Vulnerable Environment Generation for Linux Kernel Vulnerabilities [PDF]
Bonan Ruan, National University of Singapore
Jiahao Liu, National University of Singapore
Chuqi Zhang, National University of Singapore
Zhenkai Liang, National University of Singapore

Tango: Extracting Higher-Order Feedback through State Inference [PDF]
Ahmad Hazimeh, EPFL; BugScale
Duo Xu, EPFL
Qiang Liu, EPFL
Yan Wang, Huawei
Mathias Payer, EPFL

Integrating Static Analyses for High-Precision Control-Flow Integrity [PDF]
Florian Kasten, Fraunhofer AISEC
Philipp Zieris, Fraunhofer AISEC
Julian Horsch, Fraunhofer AISEC

Beyond REST: Introducing APIF for Comprehensive API Vulnerability Fuzzing [PDF]
Yu Wang, Tsinghua University
Larry Xu, TrustAI Pte.Ltd.

Efficiently Rebuilding Coverage in Hardware-Assisted Greybox Fuzzing [PDF]
Tai Yue, National University of Defense Technology and Southern University of Science and Technology
Yibo Jin, Southern University of Science and Technology
Fengwei Zhang, Southern University of Science and Technology (SUSTech)
Zhenyu Ning, Hunan University
Pengfei Wang, National University of Defense Technology
Xu Zhou, National University of Defense Technology
Kai Lu, National University of Defense Techonology

15:30 - 16:00 Break
16:00 - 17:30 ML and Adversarial Learning for Security (Chair: Fabio Pierazzi)

Breaking Privacy in Model-Heterogeneous Federated Learning [PDF]
Atharva Haldankar, Virginia Tech
Arman Riasi, Virginia Tech
Hoang-Dung Nguyen, Virginia Tech
Tran Phuong, University of Arkansas at Little Rock
Thang Hoang, Virginia Tech

KGDist: A Prompt-Based Distillation Attack against LMs Augmented with Knowledge Graphs [PDF]
Hualong Ma, SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, China
Peizhuo Lv, SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, China
Kai Chen, Institute of Information Engineering, Chinese Academy of Sciences, China
Jiachen Zhou, SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, China

Enhancing Model Poisoning Attacks to Byzantine-Robust Federated Learning via Critical Learning Periods [PDF]
Gang Yan, UC Merced
Hao Wang, Stevens Institute of Technology
Xu Yuan, University of Delaware
Jian Li, Stony Brook University

AI-Generated Faces in the Real World: A Large-Scale Case Study of Twitter Profile Images [PDF]
Jonas Ricker, Ruhr University Bochum
Dennis Assenmacher, GESIS - Leibniz Institute for the Social Sciences
Thorsten Holz, CISPA Helmholtz Center for Information Security
Asja Fischer, Ruhr University Bochum
Erwin Quiring, Ruhr University Bochum, International Computer Science Institute Berkeley

20:00 Social Dinner at Pedrocchi Cafè & Awards Announcements

Wednesday 02/10/2024

09:30 - 10:30 Keynote II


Marcel Böhme
How to Solve Cybersecurity Once and For All

Abstract: In Pwn2Own this year, a single person (Manfred Paul) demonstrated successful exploits for all major browsers: Google Chrome, Mozilla Firefox, Apple Safari, and Microsoft Edge. Chrome alone is used by 3.5 *billion* people. Today, thanks to Paul, these major security flaws are fixed. Last year, evidently, the majority of people in the world accessed the internet with the door open to potential attackers—despite decades of research in defensive security, despite an abundance of mitigations, despite dedicated red teams. -- But why? Software is entirely virtual and can be described completely: A program’s source code is meant to formally express the programmer’s intention using the syntactic and semantic rules of the programming language. As the behavior of a software system arises from well-defined instructions, we must be able to formally reason about all its properties. Surely there exists an approach that will forever guarantee the security of our systems. Only, we haven't found it, yet?

In this keynote, I will explore what fundamentally prevents us from making reliable statements about the security of a software system. I will try to substantiate each argument by demonstrating how the corresponding challenge in our defensive strategies is routinely exploited to attack a system despite credible assurances about the absence of security flaws. After the successful deconstruction of the prevalent philosophy, I will introduce a philosophy of vulnerability-guided hardening, where we seek to falsify claims of security using successful attacks as counterexamples.

Bio: Marcel Böhme leads the Software Security research group at the Max Planck Institute for Security and Privacy (MPI-SP) in Germany. His group is interested in the automatic discovery of security flaws in software systems at the very large scale. Apart from the development of practical techniques for vulnerability discovery (incl., fuzzing), his group seeks to identify fundamental limits of existing techniques, studies empirical methods (incl. statistical and causal reasoning) for program analysis, and explores the assurances that software testing provides when no bugs are found. Find us at https://mpi-softsec.github.io/.

10:30 - 11:00 Break
11:00 - 12:30 CPS / IoT / Critical Infrastructures Security (Chair: Alessandro Brighente)

Context-Aware Anomaly Detection Using Vehicle Dynamics [PDF]
Chun-Yu Chen, The University of Michigan
Kang G. Shin, The University of Michigan
Soodeh Dadras, Ford Motor Company

Deception-Resistant Stochastic Manufacturing for Automated Production Lines [PDF]
Zeyu Yang, Zhejiang University
Hongyi Pu, Zhejiang University
Liang He, University of Colorado Denver
Chengtao Yao, Zhejiang University
Jianying Zhou, Singapore University of Technology and Design
Peng Cheng, Zhejiang University
Jiming Chen, Zhejiang University

Large-Scale Security Analysis of Real-World Backend Deployments Speaking IoT-Focused Protocols [PDF]
Carlotta Tagliaro, TU Wien
Martina Komsic, TU Wien
Andrea Continella, University of Twente
Kevin Borgolte, Ruhr University Bochum
Martina Lindorfer, TU Wien

CrypTody: Cryptographic Misuse Analysis of IoT Firmware via Data-flow Reasoning [PDF]
Jianing Wang, National University of Singapore
Shanqing Guo, Shandong University
Wenrui Diao, Shandong University
Yue Liu, Southeast University; QI-ANXIN Group
Haixin Duan, Tsinghua University; Zhongguancun Laboratory; Quancheng Laboratory
Yichen Liu, Indiana University Bloomington
Zhenkai Liang, National University of Singapore

A Comprehensive, Automated Security Analysis of the Uptane Automotive Over-the-Air Update Framework [PDF]
Robert Lorch, The University of Iowa
Daniel Larraz, The University of Iowa
Cesare Tinelli, The University of Iowa
Omar Chowdhury, Stony Brook University


12:30 - 14:00 Lunch
14:00 - 16:00 Mobile and Hardware Security (Chair: Pietro Frigo)

Catch You Cause I Can: Busting Rogue Base Stations using CellGuard and the Apple Cell Location Database [PDF]
Lukas Arnold, TU Darmstadt, Secure Mobile Networking Lab
Matthias Hollick, TU Darmstadt, Secure Mobile Networking Lab
Jiska Classen, Hasso Plattner Institute

A Second Look at the Portability of Deep Learning Side-Channel Attacks over EM Traces [PDF]
Mabon Ninan, University of Cincinnati
Evan Nimmo, University of Cincinnati
Shane Reilly, University of Cincinnati
Channing Smith, College of Charleston
Wenhai Sun, Purdue University, West Lafayette, USA
Boyang Wang, University of Cincinnati
John M. Emmert, University of Cincinnati

VeriFence: Lightweight and Precise Spectre Defenses for Untrusted Linux Kernel Extensions [PDF]
Luis Gerhorst, Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU)
Henriette Herzog, Ruhr-Universität Bochum (RUB)
Peter Wägemann, Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU)
Maximilian Ott, Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU)
Rüdiger Kapitza, Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU)
Timo Hönig, Ruhr-Universität Bochum (RUB)
Henriette Hofmeier, Ruhr-Universität Bochum (RUB)

Replay-resistant Disk Fingerprinting via Unintentional Electromagnetic Emanations [PDF]
Wenfan Song, Zhejiang University
Jianwei Liu, Zhejiang University, Hangzhou City University
Yajie Liu, Zhejiang University
Jinsong Han, Zhejiang University

Prob-Hashcat: Accelerating Probabilistic Password Guessing with Hashcat by Hundreds of Times [PDF]
Ziyi Huang, Nankai University
Ding Wang, Nankai University
Yunkai Zou, Nankai University

Fixing Insecure Cellular System Information Broadcasts For Good [PDF]
Alexander J. Ross, North Carolina State University
Bradley Reaves, North Carolina State University
Yomna Nasser, Google
Gil Cukierman, Google
Roger Piqueras Jover, Google

16:00 Closing Remarks

Organized by


polyu
polyu

Sponsors


Diamond

KAUST

Platinum

Google