Dr. Daniel Xiapu Luo

Associate Professor
Department of Computing, The Hong Kong Polytechnic University
csxluo[at]comp.polyu.edu.hk, (852)2766-7264
Daniel received his B.S. in Communication Engineering and M.S. in Communications and Information Systems from Wuhan University. He obtained his Ph.D. degree in Computer Science from the Hong Kong Polytechnic University, under the supervision of Prof. Rocky K.C. Chang. After that, Daniel spent two years at the Georgia Institute of Technology as a post-doctoral research fellow advised by Prof. Wenke Lee. His current research interests include Mobile/IoT/System Security and Privacy, Blockchain/Smart Contract, Software Engineering, Network Security and Privacy, and Internet Measurement.
Looking for highly motivated Postdoctoral fellow and PhD/MPhil students in the areas of Mobile/IoT/System Security, Blockchain/Smart Contract, Software Engineering, Network Security and Privacy, Internet Measurement, and Performance Evaluation. Please contact me if you have interests.

Teaching:

1. Discrete Structures (COMP202)
2. Computer Networking (COMP2322)
3. Computer Communications Networks (COMP312)
4. Social and Collaborative Computing (COMP3121)
5. Mobile Security: Principles and Practice (COMP4332)
6. Principles and Practice of Internet Security (COMP4334)
7. Emerging Topics In Fintech (COMP4531)
8. Capstone Project I (COMP4911)
9. E-Commerce Fundamentals and Development (COMP5122)
10. Internet Computing and Applications (COMP5322)
11. Distributed Computing (COMP5325)
12. Web Service and Project Development (COMP5332)
13. Internet Security: Principles and Practice (COMP5353)
14. Cyber and Internet Security(COMP5355)
15. Cryptography and Blockchain(COMP6521)

Current Research:

1. Android Security, Vulnerability, and Privacy
(1) Dynamic Analysis:
Malton: An On-Device Non-Invasive Mobile Malware Analysis Tool for ART.(Paper)
NDroid: A Dynamic Taint Analysis Engine for Android Applications using Native Codes.(Paper, Source Code)
(2) Unpacking Hardened Apps Running in DVM or ART:
Happer: A Hardware-Assisted Unpacker.(Paper, Source Code);
Parema: An Unpacking Framework for Demystifying VM-based Android Packers.(Paper, Source Code);
PackerGrind: An Adaptive Unpacker.(Paper);
DexHunter: An In-VM Unpacker.(Paper, Source Code, HITCON'15 slides)
(3) Privacy Policy Analysis:
PPChecker: A System for Identifying Incomplete/Incorrect/Inconsistent Privacy Policy for Android Applications.(Paper)
AutoPPG: A System for Automatically Generating Privacy Policy Template for Android Applications.(Paper)
An Empirical Evaluation of GDPR Compliance Violations in Android mHealth Apps.(Paper)
(4) User Review Analysis:
Where2Change: Change Request Localization for App Reviews.(Paper)
ReviewSolver: A System for Locating Function Errors in Mobile Apps with User Reviews.(Paper)
PADetective: A System for Characterizing Promotional Attacks in Mobile App Stores.(Paper)
(5) Potentially Harmful Apps (PHAs) Analysis:
DiehardDetector: Detecting Diehard Android Apps. (Paper, Source Code)
FalDroid: A Quick Android Malware Familial Classifier.(Paper, Source Code)
ResDroid: A Scalable Resource-driven System for Detecting Repackaged Android Applications.(Paper)
Robust Android Malware Detection Against Adversarial Example Attacks.(Paper)
Demystifying Illegal Mobile Gambling Apps.(Paper)
A Systematical Study on Application Performance Management Libraries for Apps.(Paper)
(6) Vulnerability Discovery:
ATVHunter: Reliable Version Detection of Third-Party Libraries for Vulnerability Identification in Android Apps.(Paper)
All Your App Links are Belong to Us: Understanding the Threats of Instant Apps based Attacks. (Paper)
Resource Race Attacks on Android. (Paper)
VulHunter: A Graph-based Static-Analysis System for Discovering Vulnerable Android Applications.(Paper)
Some old vulnerability reports.
(7) Protection:
Permission Specification Analysis for Android NDK. (Paper)
Programmable In-Network Security for Context-aware BYOD Policies. (Paper)
UIObfuscator: A Tool for Obfuscating the UI of Android Apps. (Paper, Source Code)
RootGuard: A System for Protecting Rooted Android Smartphones.(Paper, Demo)

2. Blockchain
(1) Smart Contracts Analysis:
SigRec: A System for Recovering Function Signatures (ABIs) in Smart Contracts.(Paper)
Gasper: A System for Detecting Gas-Inefficient Patterns in Smart Contracts.(Paper)
GasReducer: A System for Correcting Gas-Inefficient Patterns in Smart Contracts.(Paper)
TokenScope: A System for Detecting Inconsistent Behaviors of Cryptocurrency Tokens.(Paper)
GasChecker: Scalable Analysis for Discovering Gas-Inefficient Smart Contracts.(Paper)
A Large-Scale Empirical Study on Control Flow Identification of Smart Contracts.(Paper)
Defining and Detecting Smart Contract Defects on Ethereum.(Paper1, Paper2, Source Code)
EOSAFE: A System for Detecting Vulnerabilities in EOSIO Smart Contracts.(Paper)
SADPonzi: A System for Detecting Ponzi Schemes in Ethereum Smart Contracts.(Paper)
(2) Transactions Analysis:
Understanding Ethereum via Graph Analysis.(Paper, Data & Source Code)
DataEther: Data Exploration Framework For Ethereum.(Paper)
Understanding (Mis)Behavior on the EOSIO Blockchain.(Paper)
Demystifying Bitcoin Mixing Services.(Paper)
(3) Security and Performance Assessment:
SODA: A Generic Online Detection Framework for Smart Contracts.(Paper)
Defend Against Under-Priced DoS Attacks for Ethereum.(Paper)
Denial of Ethereum RPC Service Attack.(Paper)
EthHoney: A Honeypot for Understanding the Cryptocurrency Stealing Attack on Ethereum.(Paper)
A Detailed and Real-time Performance Monitoring Framework for Blockchain Systems.(Paper)

3. Network Security (e.g., DDoS, Botnet, DNS Attacks, Anonymity Network, ...)
(1) Pulsing DoS Attacks:
On a New Class of Pulsing Denial-of-Service Attacks and the Defense.(Paper)
Modeling the Vulnerability of Feedback-Control Based Internet Services to Low-Rate Dos Attacks. (Paper)
(2) Link Flooding Attacks:
LinkScope: A System for Detecting Target Link Flooding Attacks through End-to-End and Hop-by-Hop Network Probing.(Paper)
Randomized Security Patrolling for Link Flooding Attack Detection. (Paper)
(3) DDoS Attacks:
SkyShield: A Sketch-based Defense System for Application Layer DDoS Attacks.(Paper)

4. Internet Performance Measurement
(1) H2Scope: A Tool for Profiling How Websites Support HTTP/2.0.(Paper, Source Code)
(2) AndroidPerf: A Cross-layer Profiling System for Android Applications.(Paper, Source Code)
(3) kTRxer: A Portable Toolkit for Building Reliable Internet Probing Tools.(Paper)
(4) OWPScope: A Server-Side Measurement System for Gauging Multiple One-Way Path Performance Metrics.(Paper)
(5) OneProbe: A Non-Cooperative Measurement System for Assessing Multiple One-Way Path Performance Metrics from End Users.(Paper)
(6) TRIO: A Non-Cooperative Measurement Tool for Estimating Asymmetric Capacity with Three Minimum Round-Trip Times.(Paper)
(7) Some other measurement works.

5. Traffic Analysis (e.g., Website Fingerprinting, Network Covert Channel, Traffic Watermarking, ...)
(1) HTTPOS: A System for Sealing Information Leaks with Browser-side Obfuscation of Encrypted Flows.(Paper)
(2) Network Covert Channels:
Cloak: A Set of Robust Network Covert Channels Based on TCP and Enumerative Combinatorics.(Paper)
TCPScript: TCP Covert Timing Channels.(Paper)
CLACK: A Network Covert Channel Based on Partial Acknowledgment Encoding.(Paper)
WebShare: Crafting Web Counters into Covert Channels.(Paper)
(3) Traffic Watermarking:
BACKLIT: Exposing invisible timing-based traffic watermarks.(Paper)
On the Secrecy of Spread-Spectrum Flow Watermarks.(Paper)

Selected Awards:

ACM SIGSOFT Distinguished Paper Award, 43rd International Conference on Software Engineering (ICSE), 2021.
Best Paper Nominee, 13th International Symposium on Empirical Software Engineering and Measurement (ESEM), 2019.
Best Paper Award, 8th IEEE Conference on Engineering, Technology, and Education (TALE), 2019.
Best Paper Award, IEEE International Conference on Computer Communications (INFOCOM), 2018.
Best Paper on Blockchain, China Computer Federation (CCF) Technical Committee on Block Chain, 2018.
Best Paper Award, 17th National Software Application Conference (NASAC) (Safety and Security of System Software Symposium) , 2018.
Best Paper Award, 13th International Conference on Information Security Practice and Experience (ISPEC), 2017.
(ISC)2 Asia-Pacific Information Security Leadership Achievements (ISLA) Honorees (Senior Information Security Professional) with Showcased Project, 2017.
Best Paper Award, 8th International Conference on Applications and Technologies in Information Security (ATIS), 2017.
Best Research Paper Award, 27th International Symposium on Software Reliability Engineering (ISSRE), 2016.
CCF-腾讯犀牛鸟基金优秀奖, 2014.
Best Student Paper Award, 22nd IFIP International Information Security Conference (IFIP SEC), 2007.

Selected Publications (More in DBLP and Google Scholar):

L. Yu, Y. Liu, P. Jing, X. Luo, L. Xue, K. Zhao, Y. Zhou, T. Wang, G. Gu, S. Nie, and S. Wu, "Towards Automatically Reverse Engineering Vehicle Diagnostic Protocols", Proc. of the 31th USENIX Security Symposium (USENIX SEC), Boston, USA, August 2022.
J. Li, H. Zhou, S. Wu, X. Luo, T. Wang, X. Zhan, and X. Ma, “FOAP: Fine-Grained Open-World Android App Fingerprinting”, Proc. of the 31st USENIX Security Symposium (USENIX SEC), Boston, USA, August 2022.
L. Xue, Y. Liu, T. LI, K. Zhao, J. Li, L. Yu, X. Luo, Y. Zhou, and G. Gu, “SAID: State-aware Defense Against Injection Attacks on In-vehicle Network", Proc. of the 31st USENIX Security Symposium (USENIX SEC), Boston, USA, August 2022.
R. Pang, Z. Xi, S. Ji, X. Luo, and T. Wang, “On the Security Risks of AutoML”, Proc. of the 31st USENIX Security Symposium (USENIX SEC), Boston, USA, August 2022.
P. Xia, H. Wang, B. Gao, W. Su, Z. Yu, X. Luo, C. Zhang, X. Xiao, and G. Xu, “Trade or Trick? Detecting and Characterizing Scam Tokens on Uniswap Decentralized Exchange”, Proc. of ACM International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS), Mumbai, India, June 2022.
M. Jiang, T. Xu, Y. Zhou, Y. Hu, M. Zhong, L. Wu, X. Luo, and K. Ren, "EXAMINER: Automatically Locating Inconsistent Instructions between Real Devices and CPU Emulators for ARM", Proc. of the 27th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), Lausanne, Switzerland, February 2022.
H. Zhou, H. Wang, X. Luo, T. Chen, Y. Zhou, and T. Wang, “Uncovering Cross-Context Inconsistent Access Control Enforcement in Android”, Proc. of the 29th Network and Distributed System Security Symposium (NDSS), San Diego, California, February 2022.
M. Jiang, L. Ma, Y. Zhou, Q. Liu, C. Zhang, Z. Wang, X. Luo, L. Wu, and K. Ren, “ECMO: Peripheral Transplantation to Rehost Embedded Linux Kernels”, Proc. of the 28th ACM Conference on Computer and Communications Security (CCS), Seoul, Korea, November 2021.
K. Zhao, H. Zhou, Y. Zhu, K. Zhou, X. Zhan, J. Li, L. Yu, W. Yuan, and X. Luo, “Structural Attack against Graph Based Android Malware Detection”, Proc. of the 28th ACM Conference on Computer and Communications Security (CCS), Seoul, Korea, November 2021.
H. Zhou, H. Wang, S. Wu, X. Luo, Y. Zhou, T. Chen, and T. Wang, "Finding the Missing Piece: Permission Specification Analysis for Android NDK", Proc. of the 36th IEEE/ACM International Conference on Automated Software Engineering (ASE), Melbourne, Australia, November 2021.
Q. Liu, C. Zhang, L. Ma, M. Jiang, Y. Zhou, L. Wu, W. Shen, X. Luo, Y. Liu, and K. Ren, "FirmGuide: Boosting the Capability of Rehosting Embedded Linux Kernels through Model-Guided Kernel Execution", Proc. of the 36th IEEE/ACM International Conference on Automated Software Engineering (ASE), Melbourne, Australia, November 2021.
X. Chen, S. Zhao, J. Qi, J. Jiang, H. Song, C. Wang, T. Li, T. Chan, F. Zhang, X. Luo, S. Wang, G. Zhang, and H. Cui, “Efficient, DoS-resistant Consensus for Permissioned Blockchains”, Proc. Of the 39th IFIP WG 7.3 International Symposium on Computer Performance, Modeling, Measurements and Evaluation (Performance), Politecnico Di Milano, Italy, November 2021.
Y. Shi, M. Li, W. Wei, Y. Liu, and X. Luo, “Secure and Efficient White-box Encryption Scheme for Data Protection against Shared Cache Attacks in Cloud Computing”, Proc. of the 32nd International Symposium on Software Reliability Engineering (ISSRE), Wuhan, China, October 2021
P. Jing, Q. Tang, Y. Du, L. Xue, X. Luo, T. Wang, S. Nie, and S. Wu, "Too Good to Be Safe: Tricking Lane Detection in Autonomous Driving with Crafted Perturbations.", Proc. of the 30th USENIX Security Symposium (USENIX SEC), Vancouver, Canada, August 2021.
N. He, R. Zhang, H. Wang, L. Wu, X. Luo, Y. Guo, T. Yu, and X. Jiang, "EOSAFE: Security Analysis of EOSIO Smart Contracts", Proc. of the 30th USENIX Security Symposium (USENIX SEC), Vancouver, Canada, August 2021.
C. Wang, K. Yu, Y. Cai, X. Luo, and Z. Yang, "Detecting Concurrency Vulnerabilities Based on Partial Orders of Memory and Thread Events", Proc. of the 29th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), Athens, Greece, August 2021.
Y. Wang, Q. Zhang, K. Li, J. Chen, Y. Tang, X. Luo, and T. Chen, “Towards Practical and Cost-Effective Batching of Smart-Contract Invocations on Ethereum”, Proc. of the 29th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), Athens, Greece, August 2021.
L. Xue, Y. Yan, L. Yan, M. Jiang, X. Luo, D. Wu, W. Hu, and Y. Zhou, "Parema: An Unpacking Framework for Demystifying VM-based Android Packers", Proc. of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Aarhus, Denmark, July 2021. Source Code
W. Chen, X. Li, Y. Sui, N. He, H. Wang, L. Wu, and X. Luo, “SADPonzi: Detecting and Characterizing Ponzi Schemes in Ethereum Smart Contracts”, Proc. of ACM International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS), Beijing, China, June 2021.
B. Gao, H. Wang, P. Xia, S. Wu, Y. Zhou, X. Luo, and G. Tyson, “Tracking Counterfeit Cryptocurrency End-to-end”, Proc. of ACM International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS), Beijing, China, June 2021.
L. Xue, H. Zhou, X. Luo, Y. Zhou, Y. Shi, G. Gu, F. Zhang, and M. Au, "Happer: Unpacking Android Apps via a Hardware-Assisted Approach", Proc. of the 42nd IEEE Symposium on Security and Privacy (S&P), May 2021. Source Code
X. Zhan, L. Fan, S. Chen, F. Wu, T. Liu, X. Luo, and Y. Liu, “ATVHunter: Reliable Version Detection of Third-Party Libraries for Vulnerability Identification in Android Apps”, Proc. of the 43rd International Conference on Software Engineering (ICSE), May 2021.(ACM SIGSOFT Distinguished Paper Award)
Z. Wan, X. Xia, D. Lo, J. Chen, X. Luo, and X. Yang, “Smart Contract Security: a Practitioners’ Perspective”, Proc. of the 43rd International Conference on Software Engineering (ICSE), May 2021.
Y. Hu, H. Wang, T. Ji, X. Xiao, X. Luo, P. Gao, and Y. Guo, “CHAMP: Characterizing Undesired App Behaviors from User Comments based on Market Policies”, Proc. of the 43rd International Conference on Software Engineering (ICSE), May 2021.
X. Ma, M. Shi, B. An, J. Li, X. Luo, J. Zhang, and X. Guan, “Context-aware Website Fingerprinting over Encrypted Proxies”, Proc. of IEEE International Conference on Computer Communications (INFOCOM), May 2021.
L. Wu, Y. Hu, Y. Zhou, H. Wang, X. Luo, Z. Wang, F. Zhang, and K. Ren, "Towards Understanding and Demystifying Bitcoin Mixing Services", Proc. of the 30th the Web Conference (WWW), Ljubljana, Slovenia, April 2021.
Y. Gao, H. Wang, L. Li, X. Luo, X. Liu, and G. Xu, "Demystifying Illegal Mobile Gambling Apps", Proc. of the 30th the Web Conference (WWW), Ljubljana, Slovenia, April 2021.
H. Li, S. Zhou, W. Yuan, X. Luo, C. Gao, and S. Chen, “Robust Android Malware Detection Against Adversarial Example Attacks”, Proc. of the 30th the Web Conference (WWW), Ljubljana, Slovenia, April 2021.
K. Li, J. Chen, X. Liu, Y. Tang, X. Wang, and X. Luo, “As Strong As Its Weakest Link: How to Break Blockchain DApps at RPC Service”, Proc. of the 28th Network and Distributed System Security Symposium (NDSS), February 2021.
X. Xiao, W. Xiao, R. Li, X. Luo, H. Zheng, and S. Xia, “EBSNN: Extended Byte Segment NeuralNetwork for Network Traffic Classification”, IEEE Transactions on Dependable and Secure Computing (TDSC), 2021.
T. Shen, J. Jiang, Y. Jiang, X. Chen, J. Qi, S. Zhao, F. Zhang, X. Luo, and H. Cui, "DAENet: Making Strong Anonymity Scale in a Fully Decentralized Network", IEEE Transactions on Dependable and Secure Computing (TDSC), 2021.
T. Chen, Z. Li, X. Luo, X. Wang, T. Wang, Z. He, K. Fang, Y. Zhang, H. Zhu, H. Li, Y. Cheng, and X. Zhang, “SigRec: Automatic Recovery of Function Signatures in Smart Contracts”, IEEE Transactions on Software Engineering (TSE), 2021
Y. Tang, H. Zhou, X. Luo, T. Chen, H.u Wang, Z. Xu, and Y. Cai, “XDebloat: Towards Automated Feature-Oriented App Debloating”, IEEE Transactions on Software Engineering (TSE), 2021
Y. Tang, H. Wang, X. Zhan, X. Luo, Y. Zhou, H. Zhou, Q. Yan, Y. Sui, and J. Keung, “A Systematical Study on Application Performance Management Libraries for Apps”, IEEE Transactions on Software Engineering (TSE), 2021
X. Zhan, T. Liu, Y. Liu, L. Li, H. Wang, and X. Luo, “A Systematic Assessment on Android Third-party Library Detection Tools”, IEEE Transactions on Software Engineering (TSE), 2021
X. Zhan, T. Liu, L. Fan, L. Li, S. Chen, X. Luo, and Y. Liu, “Research on Third-Party Libraries in Android Apps: A Taxonomy and Comprehensive Survey”, IEEE Transactions on Software Engineering (TSE), 2021
J. Chen, X. Xia, D. Lo, J. Grundy, X. Luo, and T. Chen, “DEFECTCHECKER: Automated Smart Contract Defect Detection by Analyzing EVM Bytecode“, IEEE Transactions on Software Engineering (TSE), 2021. Source Code
Y. Huang, J. Jiang, X. Luo, X. Chen, Z. Zheng, N. Jia, and G. Huang, “Change-Patterns Mapping: A Boosting Way for Change Impact Analysis”, IEEE Transactions on Software Engineering (TSE), 2021
Y. Huang, X. Liang, Z. Chen, N. Jia, X. Luo, X. Chen, Z. Zheng and X. Zhou, "Reviewing rounds prediction for code patches", Empirical Software Engineering (EMSE), Oct. 2021. Y. Huang, X. Hu, N. Jia, X. Chen, Z. Zheng, and X. Luo, "CommtPst: Deep Learning Source Code for Commenting Positions Prediction", Journal of Systems and Software (JSS), 2021
Y. Huang, S. Huang, H. Chen, X. Chen, Z. Zheng, X. Luo, N. Jia, X. Hu, and X. Zhou, "Towards automatically generating block comments for code snippets", Information and Software Technology (IST), 2021
R. He, H. Wang, P. Xia, L. Wang, Y. Li, L. Wu, Y. Zhou, X. Luo, Y. Guo, Y. Sui, G. Xu, “Beyond the Virus: A First Look at Coronavirus-themed Mobile Malware”, Empirical Software Engineering (EMSE), 2021
P. Xia, H. Wang, B. Zhang, Ru Ji, B. Gao, L. Wu, X. Luo, and G. Xu, "Characterizing Cryptocurrency Exchange Scams", Computers & Security (COSE), 2021
Z. Xu, T. Zhang, J. Keung, M. Yan, X. Luo, X. Zhang, L. Xu, and Y. Tang. "Feature Selection and Embedding Based Cross Project Framework for Identifying Crashing Fault Residence". Information and Software Technology (IST), 2021
Z. Xu, L. Li, M. Yan, J. Liu, X. Luo, J. Grundy, Y. Zhang, and X. Zhang, "A Comprehensive Comparative Study of Clustering-based Unsupervised Defect Prediction Models", Journal of Systems and Software (JSS), 2021.
H. Cao, H. Zhao, X. Luo, N. Kumar, and L. Yang, “Dynamic Virtual Resource Allocation Mechanism for Survivable Services in Emerging NFV-Enabled Vehicular Networks”, IEEE Transactions on Intelligent Transportation Systems (TITS), 2021.
H. Cao, J. Du, H. Zhao, X. Luo, G. Aujla, N. Kumar, L. Yang, and F. Yu, "Resource-Ability Assisted Service Function Chain Embedding and Scheduling for 6G Networks With Virtualization", IEEE Transactions on Vehicular Technology (TVT), 2021.
H. Cao, J. Du, H. Zhao, X. Luo, N. Kumar, L. Yang, and F. Yu, “Towards Tailored Resource Allocation of Slices in 6G Networks With Softwarization and Virtualization”, IEEE Internet of Things Journal (IoTJ), 2021.
H. Wang, W. Zhang, H. He, P. Liu, X. Luo, Y. Liu, J. Jiang, Y. Li, X. Zhang, W. Liu, R. Zhang, and X. Lan, “An Evolutionary Study of IoT Malware”, IEEE Internet of Things Journal (IoTJ), 2021.
Y. Tang, Y. Sui, H. Wang, X. Luo, H. Zhou, and Z. Xu, “All Your App Links are Belong to Us: Understanding the Threats of Instant Apps based Attacks”, Proc. of the 28th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), California, USA, November 2020.
R. Pang, H. Shen, X. Zhang, S. Ji, Y. Vorobeychik, X. Luo, A. Liu, and T. Wang, “The Tale of Evil Twins: Adversarial Inputs versus Poisoned Models”, Proc. of the 27th ACM Conference on Computer and Communications Security (CCS), Orlando, USA, November 2020.
M. Fan, L. Yu, S. Chen, H. Zhou, X. Luo, S. Li, Y. Liu, J. Liu, and T. Liu, "An Empirical Evaluation of GDPR Compliance Violations in Android mHealth Apps", Prof. of the 31st International Symposium on Software Reliability Engineering (ISSRE), Coimbra, Portugal, October 2020.
H. Zhou, H. Wang, Y. Zhou, X. Luo, Y. Tang, L. Xue, and T. Wang, "Demystifying Diehard Android Apps", Proc. of the 35th IEEE/ACM International Conference on Automated Software Engineering (ASE), Melbourne, Australia, September 2020. Source Code
H. Zhou, T. Chen, H. Wang, L. Yu, X. Luo, T. Wang, and W. Zhang, "UI Obfuscation and Its Effects on Automated UI Analysis for Android Apps", Proc. of the 35th IEEE/ACM International Conference on Automated Software Engineering (ASE), Melbourne, Australia, September 2020. Source Code
X. Zhan, L. Fan, T. Liu, S. Chen, L. Li, H. Wang, Y. Xu, X. Luo, and Y. Liu, "Automated Third-party Library Detection for Android Applications: Are We There Yet?", Proc. of the 35th IEEE/ACM International Conference on Automated Software Engineering (ASE), Melbourne, Australia, September 2020. Source Code
P. Zhang, F. Xiao, and X. Luo, "A Framework and Data Set for Bugs in Ethereum Smart Contracts", Proc. of the 36th International Conference on Software Maintenance and Evolution (ICSME), Adelaide, Australia, September 2020. Source Code
Q. Kang, L. Xue, A. Morrison, Y. Tang, A. Chen, and X. Luo, “Programmable In-Network Security for Context-aware BYOD Policies”, Proc. of the 29th USENIX Security Symposium (USENIX SEC), Boston, USA, August 2020.Source Code
X. Zhang, N. Wang, H. Shen, S. Ji, X. Luo, and T. Wang, “Interpretable Deep Learning under Fire”, Proc. of the 29th USENIX Security Symposium (USENIX SEC), Boston, USA, August 2020.
R. Pang, X. Zhang, S. Ji, X. Luo, and T. Wang, “AdvMind: Inferring Adversary Intent of Black-Box Attacks”, Proc. of the 26th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining (KDD), California, USA, August 2020.
M. Jiang, Y. Zhou, X. Luo, R. Wang, Y. Liu, and K. Ren, “An Empirical Study on ARM Disassembly Tools”, Proc. of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Los Angeles, USA, July 2020.Source Code
Y. Huang, H. Wang, L. Wu, G. Tyson, X. Luo, R. Zhang, X. Liu, G. Huang, and X. Jiang, “Understanding (Mis)Behavior on the EOSIO Blockchain”, Proc. of ACM International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS), Boston, USA, June 2020.
T. Liu, H. Wang, L. Li, X. Luo, Y. Guo, F. Dong, T. Bissyandé, and J. Klein, “MadDroid: Characterising and Detecting Devious Ad Content for Android Apps”, Proc. of the 29th the Web Conference (WWW), Taipei, April 2020.
T. Chen, R. Cao, T. Li, X. Luo, G. Gu, Y. Zhang, Z. Liao, H. Zhu, G. Chen, Z. He, Y. Tang, X. Lin, and X. Zhang, "SODA: A Generic Online Detection Framework for Smart Contracts", Proc. of the 27th Network and Distributed System Security Symposium (NDSS), San Diego, California, February 2020.
Y. Cai, Y. Tang, H. Li, L. Yu, H. Zhou, X. Luo, L. He, and P. Su, “Resource Race Attacks on Android”, Proc. of the 27th IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), Ontario, Canada, February 2020.
T. Cao, J. Yu, J. Decouchant, X. Luo, and P. Esteves-Veríssimo, “Exploring the Monero Peer-to-Peer Network”, Proc. of the 24th International Conference on Financial Cryptography and Data Security (FC), Sabah, Malaysia, February 2020.
T. Chen, Y. Feng, Z. Li, H. Zhou, X. Luo, X. Li, X. Xiao, J. Chen and X. Zhang, "GasChecker: Scalable Analysis for Discovering Gas-Inefficient Smart Contracts", IEEE Transactions on Emerging Topics in Computing (TETC), 2020.
L. Xue, H. Zhou, X. Luo, L. Yu, D. Wu, Y. Zhou, and X. Ma, “PackerGrind: An Adaptive Unpacking System for Android Apps”, IEEE Transactions on Software Engineering (TSE), 2020. Source Code
J. Chen, X. Xia, D. Lo, J. Grundy, X. Luo, and T. Chen, “Defining Smart Contract Defects on Ethereum”, IEEE Transactions on Software Engineering (TSE), 2020. (also appear at the Journal First Session of the 43rd International Conference on Software Engineering (ICSE)).
T. Zhang, J. Chen, X. Zhan, X. Luo, D. Lo, and H. Jiang, “Where2Change: Change Request Localization for App Reviews”, IEEE Transactions on Software Engineering (TSE), 2020. (also appear at the Journal First Session of the 28th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE)).
M. Alhanahnah, Q. Yan, H. Bagheri, H. Zhou, Y. Tsutano, W. Srisa-an, and X. Luo, "DINA: Detecting Hidden Android Inter-App Communication in Dynamic Loaded Code", IEEE Transactions on Information Forensics and Security (TIFS), 2020.
T. Chen, Z. Li, Y. Zhu, J. Chen, X. Luo, J. Lui, X. Lin, and X. Zhang, “Understanding Ethereum via Graph Analysis”, ACM Transactions on Internet Technology (TOIT), 2020.
D. Liu, A. Leung, M. Au, X. Luo, P. Chiu, S. Im and W. Lam, "Virtual Laboratory: Facilitating Teaching and Learning in Cybersecurity for Students with Diverse Disciplines", Proc. of the 8th IEEE Conference on Engineering, Technology, and Education (TALE), Yogyakarta, Indonesia, December 2019.(Best Paper Award)
T. Chen, Y. Zhang, Z. Li, X. Luo, T. Wang, R. Cao, X. Xiao, and X. Zhang, “TokenScope: Automatically Detecting Inconsistent Behaviors of Cryptocurrency Tokens in Ethereum”, Proc. of the 26th ACM Conference on Computer and Communications Security (CCS), London, UK, November 2019.
Y. Tang, X. Zhan, H. Zhou, X. Luo, Z. Xu, Y. Zhou, and Q. Yan, “Demystifying Application Performance Management Libraries for Android”, Proc. of the 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), San Diego, United States, November 2019.
Z. Xu, T. Zhang, Y. Zhang, Y. Tang, Jin Liu, X. Luo, and J. Keung, “Identifying Crashing Fault Residence Based on Cross Project Model”, Proc. of the 30th International Symposium on Software Reliability Engineering (ISSRE), Berlin, Germany, October 2019.
Z. Cheng, X. Hou, R. Li, Y. Zhou, X. Luo, J. Li, and K. Ren, “Towards a First Step to Understand the Cryptocurrency Stealing Attack on Ethereum”, Proc. of the 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID), Beijing, China, September 2019.
T. Chen, Z. Li, Y. Zhang, X. Luo, T. Wang, T. Hu, X. Xiao, D. Wang, J. Huang, and X. Zhang, “A Large-Scale Empirical Study on Control Flow Identification of Smart Contracts”, Proc. of the International Symposium on Empirical Software Engineering and Measurement (ESEM), Porto de Galinhas, Brazil, September 2019.(Best Paper Nominee)
T. Chen, Z. Li, Y. Zhang, X. Luo, A. Chen, K. Yang, B. Hu, T. Zhu, S. Deng, T. Hu, J. Chen, and X. Zhang, “DataEther: Data Exploration Framework For Ethereum”, Proc. of the 39th IEEE International Conference on Distributed Computing Systems (ICDCS), Dallas, USA, July 2019.
M. Fan, X. Luo, J. Liu, M. Wang, C. Nong, Q. Zheng, and T. Liu, “Graph Embedding based Familial Analysis of Android Malware using Unsupervised Learning”, Proc. of the 41st IEEE International Conference on Software Engineering (ICSE), Montreal, Canada, May 2019.
M. Alhanahnah, Q. Yan, H. Bagheri, H. Zhou, Y. Tsutano, W. Srisa-an, and X. Luo, “Detecting Vulnerable Android Inter-App Communication in Dynamically Loaded Code”, Proc. of IEEE International Conference on Computer Communications (INFOCOM), Paris, France, April 2019.
Y. Shi, W. Wei, H. Fan, M. Au, and X. Luo, “A Light-Weight White-Box Encryption Scheme for Securing Distributed Embedded Devices”, IEEE Transactions on Computers (TC), 2019.(Selected as the Featured Article of TC 2019 Oct. Issue)
L. Yu, X. Luo, J. Chen, H. Zhou, T. Zhang, H. Chang, and H. Leung, “PPChecker: Towards Accessing the Trustworthiness of Android Apps' Privacy Policies”, IEEE Transactions on Software Engineering (TSE), 2019.
X. Ma, B. An, M. Zhao, X. Luo, L. Xue, Z. Li, T. Miu, and X. Guan, “Randomized Security Patrolling for Link Flooding Attack Detection”, IEEE Transactions on Dependable and Secure Computing (TDSC), 2019.
L. Xue, C. Qian, H. Zhou, X. Luo, Y. Zhou, Y. Shao, and A. Chan, "NDroid: Towards Tracking Information Flows Across Multiple Android Contexts", IEEE Transactions on Information Forensics and Security (TIFS), Volume: 14, Issue: 3, pp. 814–828, March 2019. Source Code
H. Jiang, L. Nie, Z. Sun, Z. Ren, W. Kong, T. Zhang, and X. Luo, ROSF: Leveraging Information Retrieval and Supervised Learning for Recommending Code Snippets, IEEE Transactions on Services Computing (TSC), Volume: 12, Issue: 1, pp. 34 - 46, 2019.
Y. Shi, W. Wei, F. Zhang, X. Luo, Z. He, and H. Fan, “SDSRS: A Novel White-Box Cryptography Scheme for Securing Embedded Devices in IIoT”, IEEE Transactions on Industrial Informatics (TII), 2019.
M. Fan, X. Luo, J. Liu, C. Nong, Q. Zheng, and T. Liu, “CTDroid: Leveraging a Corpus of Technical Blogs for Android Malware Analysis”, IEEE Transactions on Reliability (TR), 2019.
Z. Xu, S. Li, X. Luo, J. Liu, T. Zhang, Y. Tang, J. Xu, and P. Yuan, "TSTSS: A Two-Stage Training Subset Selection Framework for Cross Version Defect Prediction", Elsevier Journal of Systems and Software (JSS), 2019.
Z. Xu, S. Li, J. Xu, J. Liu, X. Luo, Y. Zhang, T. Zhang, Y. Tang, and J. Keung, “LDFR: Learning Deep Feature Representation for Software Defect Prediction”, Journal of Systems and Software (JSS), 2019.
Z. Xu, J. Liu, X. Luo, Z. Yang, Y. Zhang, P. Yuan, Y. Tang, and T. Zhang, “Software Defect Prediction Based on Kernel PCA and Weighted Extreme Learning Machine”, Elsevier Information and Software Technology (IST), Volume 106, pp. 182-200, February 2019.
M. Fan, X. Luo, J. Liu, C. Nong, Q. Zheng, and T. Liu, “CTDroid: Leveraging a Corpus of Technical Blogs for Android Malware Analysis”, Proc. of the 17th National Software Application Conference (NASAC) (Safety and Security of System Software Symposium), Shenzhen, China, November 2018. (Best Paper Award)
Y. Ji, X. Zhang, S. Ji, X. Luo, and T. Wang, "Model-Reuse Attacks against Learning Systems", Proc. of the 25th ACM Conference on Computer and Communications Security(CCS), Toronto, Canada, October 2018.
C. Wang, Z. Zhao, Y. Wang, D. Qin, X. Luo, and T. Qin, "DeepMatching: A Structural Seed Identification Framework for Social Network Alignment", Proc. of 38th IEEE International Conference on Distributed Computing Systems (ICDCS), pp. 600-610, Vienna, Austria, July 2018.
L. Yu, J. Chen, H. Zhou, X. Luo, and K. Liu, "Localizing Function Errors in Mobile Apps with User Reviews", Proc. of 48th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 418-429, Luxembourg, June 2018.
T. Chen, Z. Li, H. Zhou, J. Chen, X. Luo, X. Li, and X. Zhang, "Towards Saving Money in Using Smart Contracts", Proc. of 40th IEEE International Conference on Software Engineering (ICSE) (NIER), pp. 81-84, Gothenburg, Sweden, May 2018.
P. Zheng, Z. Zheng, X. Luo, X. Chen, and X. Liu, "A Detailed and Real-time Performance Monitoring Framework for Blockchain Systems", Proc. of 40th IEEE International Conference on Software Engineering (ICSE) (SEIP), pp. 134-143, Gothenburg, Sweden, May 2018.
Z. Xu, S. Li, Y. Tang, X. Luo, T. Zhang, J. Liu, and J. Xu, "Cross Version Defect Prediction with Representative Data via Sparse Subset Selection", Proc. of 26th International Conference on Program Comprehension (ICPC), pp. 132-143, Gothenburg, Sweden, May 2018.
X. Ma, Y. He, X. Luo, J. Li, M. Zhao, B. An, and X. Guan, “Vehicle Traffic Driven Camera Placement for Better Metropolis Security Surveillance”, IEEE Intelligent Systems, Volume: 33, Issue: 4, pp. 49-61, Jul./Aug. 2018.
T. Chen, Y. Zhu, Z. Li, J. Chen, X. Li, X. Luo, X. Lin, and X. Zhang, "Understanding Ethereum via Graph Analysis", Proc. of IEEE International Conference on Computer Communications (INFOCOM), Honolulu, USA, April 2018. (Best Paper Award)
J. Li, X. Ma, G. Li, X. Luo, J. Zhang, W. Li, and X. Guan, "Can We Learn What People Are Doing from Raw DNS Queries?", Proc. of IEEE International Conference on Computer Communications (INFOCOM), Honolulu, USA, April 2018.
Z. Xu, J. Liu, X. Luo, and T. Zhang, “Cross-Version Defect Prediction via Hybrid Active Learning with Kernel Principal Component Analysis”, Proc. of IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), pp. 209-220, Campobasso, Italy, March 2018.
L. Xue, X. Ma, X. Luo, E. Chan, T. Miu, and G. Gu, “LinkScope: Towards Detecting Target Link Flooding Attacks”, IEEE Transactions on Information Forensics and Security (TIFS), Volume: 13, Issue: 10, pp. 2423–2438, October 2018.
L. Yu, X. Luo, C. Qian, S. Wang, and H. Leung, “Enhancing the Description-to-Behavior Fidelity in Android Apps with Privacy Policy”, IEEE Transactions on Software Engineering (TSE), Volume: 44, Issue: 9, pp. 834–854, Sept. 2018.
M. Fan, J. Liu, X. Luo, K. Chen, T. Chen, Z. Tian, X. Zhang, Q. Zheng, and T. Liu, “Android Malware Familial Classification and Representative Sample Selection via Frequent Subgraph Analysis”, IEEE Transactions on Information Forensics and Security (TIFS), Volume: 13, Issue: 8, pp. 1890–1905, August 2018. Source Code
C. Wang, T. Miu, X. Luo, and J. Wang, “SkyShield: A Sketch-based Defense System for Application Layer DDoS Attacks”, IEEE Transactions on Information Forensics and Security (TIFS), Volume: 13, Issue: 3, pp. 559–573, March 2018.
P. Zhang, J. Liu, F. Yu, M. Sookhak, M. Au, and X. Luo, “A Survey on Access Control in Fog Computing”, IEEE Communications Magazine, Volume: 56, Issue: 2, pp. 144-149, February 2018.
T. Chen, X. Li, Y. Wang, J. Chen, Z. Li, X. Luo, M. Au, and X. Zhang, An Adaptive Gas Cost Mechanism for Ethereum to Defend Against Under-Priced DoS Attacks, Proc. of 13th International Conference on Information Security Practice and Experience (ISPEC), pp. 3-24, Melbourne, Australia, December 2017. (Best Paper Award)
T. Zhang, J. Chen, X. Luo, and T. Li, "Bug Reports for Desktop Software and Mobile Apps in GitHub: What is the Difference?", IEEE Software, October 2017 (also appear at the Journal First Session of the 33rd IEEE International Conference on Software Maintenance and Evolution (ICSME)).
S. Hu, X. Ma, M. Jiang, X. Luo, and M. Au, “AutoFlowLeaker: Circumventing Web Censorship through Automation Services”, Proc. of 36th IEEE International Symposium on Reliable Distributed Systems (SRDS), pp. 214-223, Hong Kong, September 2017.
L. Xue, Y. Zhou, T. Chen, X. Luo, and G. Gu, Malton: Towards On-Device Non-Invasive Mobile Malware Analysis for ART, Proc. of 26th USENIX Security Symposium (USENIX SEC), pp. 289-306, Vancouver, Canada, August 2017.
B. Sun, X. Luo, M. Akiyama, T. Watanabe, and T. Mori, Characterizing Promotional Attacks in Mobile App Store, Proc. of 8th International Conference on Applications and Technologies in Information Security (ATIS), pp. 113-127, Auckland, New Zealand, July 2017. (Best Paper Award)
M. Jiang, X. Luo, T. Miu, S. Hu, and W. Rao, Are HTTP/2 Servers Ready Yet?, Proc. of 37th IEEE International Conference on Distributed Computing Systems (ICDCS), pp. 1661-1671, Atlanta, USA, June 2017.Source Code
L. Xue, X. Luo, L. Yu, S. Wang, and D. Wu, Adaptive Unpacking of Android Apps, Proc. of 39th International Conference on Software Engineering (ICSE), pp. 358-369, Buenos Aires, Argentina, May 2017.
T. Zhang, J. Chen, H. Jiang, X. Luo, and X. Xia, Bug Report Enrichment: A Case Study of Automated Fixer Recommendation, Proc. of 25th International Conference on Program Comprehension (ICPC), pp. 230-240, Buenos Aires, Argentina, May 2017.
L. Xue, X. Ma, X. Luo, L. Yu, S. Wang, and T. Chen, Is What You Measure What You Expect? Factors Affecting Smartphone-Based Mobile Network Measurement, Proc. of IEEE International Conference on Computer Communications (INFOCOM), Atlanta, USA, May 2017.
W. Chen, X. Luo, C. Yin, B. Xiao, M. Au, and Y. Tang, “CloudBot: Advanced Mobile Botnets using Ubiquitous Cloud Technologies”, Pervasive and Mobile Computing (PMC), Volume 41, 270-285, October 2017.
L. Yu, T. Zhang, X. Luo, L. Xue, and H. Chang, Towards Automatically Generating Privacy Policy for Android Apps, IEEE Transactions on Information Forensics and Security (TIFS), Volume: 12, Issue: 4, pp. 865–880, April 2017.
T. Chen, X. Li, X. Luo, and X. Zhang, Under-optimized smart contracts devour your money, Proc. of 24th International Conference on Software Analysis, Evolution and Reengineering (SANER), pp. 437-441, Klagenfurt, Austria, February 2017
M. Fan, J. Liu, X. Luo, K. Chen, T. Chen, Z. Tian, X. Zhang, Q. Zheng, and T. Liu, Frequent Subgraph based Familial Classification of Android Malware, Proc. of 27th International Symposium on Software Reliability Engineering (ISSRE), pp. 24-35, Ottawa, Canada, October 2016. (Best Research Paper Award)
X. Luo, H. Zhou, L. Yu, L. Xue, and Y. Xie, Characterizing mobile *-box applications, Computer Networks (COMNET), Volume 117, pp. 166-184, July 2016.
T. Zhang, J. Chen, G. Yang, B. Lee, and X. Luo, Towards More Accurate Severity Prediction and Fixer Recommendation of Software Bugs, Journal of Systems and Software (JSS), Volume 117, pp. 166-184, July 2016.
L. Yu, X. Luo, X. Liu, and T. Zhang, Can We Trust the Privacy Policies of Android Apps?, Proc. of the 46th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 538-549, Toulouse, France, June 2016.
T. Zhang, H. Jiang, X. Luo, and A. Chan, A Literature Review of Research in Bug Resolution: Tasks, Challenges and Future Directions, The Computer Journal, Volume 59, Issue 5, pp. 741–773, May 2016.
L. Yu, X. Luo, C. Qian, and S. Wang, Revisiting the Description-to-Behavior Fidelity in Android Applications, Proc. of 23rd IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER), pp. 415-426, Osaka, Japan, March 2016.
Y. Zhang, X. Luo, and H. Yin, DexHunter: Toward Extracting Hidden Code from Packed Android Applications, Proc. of the 20th European Symposium on Research in Computer Security (ESORICS), pp. 293-311, Vienna, Austria, September 2015. Source Code
L. Xue, C. Qian, and X. Luo, AndroidPerf: A Cross-layer Profiling System for Android Applications, Proc. of 23rd IEEE/ACM International Symposium of Quality of Service (IWQoS), pp. 115-124, Portland, USA, June 2015.
C. Qian, X. Luo, L. Yu, and G. Gu, VulHunter: Towards Discovering Vulnerabilities in Android Applications, IEEE Micro, Volume: 35, Issue: 1, pp. 44–53, Jan.-Feb. 2015.
Y. Shao, X. Luo, C. Qian, P. Zhu, and L. Zhang, Towards a Scalable Resource-driven Approach for Detecting Repackaged Android Applications, Proc. of the 30th Annual Computer Security Applications Conference (ACSAC)), pp. 56-65, New Orleans, USA, December 2014.
L. Xue, X. Luo, E. Chan, and X. Zhan, Towards Detecting Target Link Flooding Attack, Proc. of 28th USENIX Large Installation System Administration Conference (LISA), pp. 81-96, Seattle, USA, November 2014.
X. Luo, L. Xue, C. Shi, Y. Shao, C. Qian, and E. Chan, On Measuring One-way Path Metrics From a Web Server (Concise Paper), Proc. of the 22nd IEEE International Conference on Network Protocols (ICNP), pp. 203-208, Raleigh, USA, October 2014.
Y. Shao, X. Luo, and C. Qian, RootGuard: Protecting Rooted Android Phones, Volume: 47, Issue: 6, pp. 32–40, June 2014. (Among the top 10 downloaded articles from the IEEE Computer Society's Digital Library during 2014.)
C. Qian, X. Luo, Y. Shao, and A. Chan, On Tracking Information Flows through JNI in Android Applications, Proc. of the 44th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 180-191, Atlanta, USA, June 2014. Source Code
L. Xue, X. Luo, and Y. Shao, kTRxer: A Portable Toolkit for Reliable Internet Probing, Proc. of the 22nd IEEE/ACM International Symposium on Quality and Service (IWQoS), pp. 129-134, Hong Kong, May 2014.
Y. Tang, X. Luo, Q. Hui, and R. Chang, Modeling the Vulnerability of Feedback-Control Based Internet Services to Low-Rate Dos Attacks, IEEE Transactions on Information Forensics and Security (TIFS), Volume: 9, Issue: 3, pp. 339-353, March 2014.
J. Zhang, R. Perdisci, W. Lee, X. Luo, and U. Sarfraz, Building A Scalable System For Stealthy P2P-Botnet Detection, IEEE Transactions on Information Forensics and Security (TIFS) Volume: 9, Issue: 1, pp. 27-38, January 2014.
Y. Liu, X. Luo, R. Chang, and J. Su, Characterizing Inter-Domain Rerouting by Betweenness Centrality after Disruptive Events, IEEE Journal on Selected Areas in Communications (JSAC), Volume: 31, Issue: 6, pp. 1147-1157, June 2013.
X. Luo, E. Chan, P. Zhou, and R. Chang, Robust Network Covert Communications Based on TCP and Enumerative Combinatorics, in IEEE Transactions on Dependable and Secure Computing (TDSC), Volume: 9, Issue: 6, pp. 890-902, November-December 2012.
R. Mok, X. Luo, E. Chan, and R. Chang, QDASH: A QoE-aware DASH system, Proc. of 3rd ACM Multimedia Systems conference (MMSys), pp. 11-22, Chapel Hill, USA, February 2012.
X. Luo, P. Zhou, J. Zhang, R. Perdisci, W. Lee, and R. Chang, Exposing Invisible Timing-based Traffic Watermarks with BACKLIT, Proc. of the 27th Annual Computer Security Applications Conference (ACSAC), pp. 197-206, Orlando, USA, December 2011.
E. Chan, A. Chen, X. Luo, R. Mok, W. Li, and R. Chang, TRIO: Measuring Asymmetric Capacity with Three Minimum Round-Trip Times, Proc. of 7th ACM International Conference on emerging Networking EXperiments and Technologies (CoNEXT), Tokyo, Japan, December 2011.
X. Luo, P. Zhou, E. Chan, R. Chang, and W. Lee, A Combinatorial Approach to Network Covert Communications with Applications in Web Leaks, Proc. of the 41st IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 474-485, Hong Kong, June 2011.
J. Zhang, R. Perdisci, W. Lee, U. Sarfraz, and X. Luo, Detecting Stealthy P2P Botnets Using Statistical Traffic Fingerprints, Proc. of the 41st IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 121-132, Hong Kong, June 2011.
J. Zhang, X. Luo, R. Perdisci, G. Gu, W. Lee, and N. Feamster, Boosting the scalability of botnet detection using adaptive traffic sampling, Proc. of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS), pp. 124-134, Hong Kong, March 2011.
X. Luo, P. Zhou, E. Chan, W. Lee, R. Chang, and R. Perdisci, HTTPOS: Sealing Information Leaks with Browser-side Obfuscation of Encrypted Flows, Proc. of the 18th Annual Network and Distributed System Security Symposium (NDSS), San Diego, USA, February 2011.
Q. Hui, X. Luo, and W. Lee, Control of low-rate Denial-of-Service attacks on Web servers and TCP fows, Proc. of the 49th IEEE Conference on Decision and Control (CDC), pp. 4186-419, Atlanta, USA, December 2010.
E. Chan, X. Luo, W. Li, W. Fok, and R. Chang, Measurement of Loss Pairs in Network Paths, Proc. of the 13th Internet Measurement Conference (IMC), pp. 88-101, Melbourne, Australia, November 2010.
X. Luo, J. Zhang, R. Perdisci and W. Lee, On the Secrecy of Spread-Spectrum Flow Watermarks, Proc. of the 15th European Symposium Research Computer Security (ESORICS), pp. 232-248, Athens, Greece, September 2010.
M. Antonakakis, D. Dagon, X. Luo, R. Perdisci and W. Lee, A Centralized Monitoring Infrastructure For Improving DNS Security, Proc. of the 13th International Symposium on Recent Advances in Intrusion Detection (RAID), pp. 18-37, Ottawa, Canada, September 2010.
D. Dagon, M. Antonakakis, K. Day, X. Luo, C. Lee, and W. Lee, Recursive DNS Architectures and Vulnerability Implications, Proc. of the 16th Annual Network and Distributed System Security Symposium (NDSS), San Diego, USA, February 2009.
E. Chan, X. Luo and R. Chang, A minimum-delay-difference method for mitigating cross-traffic impact on capacity measurement, Proc. of the 5th ACM International Conference on emerging Networking EXperiments and Technologies (CoNEXT), pp. 205-216, Rome, Italy, December 2009.
X. Luo, E. Chan and R. Chang, Design and implementation of TCP data probes for reliable and metric-rich network path monitoring, Proc. of the 20th USENIX Annual Technical Conference (USENIX ATC), San Diego, USA, June 2009.
R. Perdisci, M. Antonakakis, X. Luo, and W. Lee, WSEC DNS: Protecting Recursive DNS Resolvers from Poisoning Attacks, Proc. of the 39th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 3-12, Lisbon, Portugal, June 2009.
X. Luo, E. Chan, and R. Chang, TCP Covert Timing Channels: Design and Detection, Proc. of the 38th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 420-429, Anchorage, USA, June 2008.
X. Luo, E. Chan, and R. Chang, Cloak: A Ten-fold Way for Reliable Covert Communications, Proc. of the 12th European Symposium Research Computer Security (ESORICS), pp. 283-298, Dresden, German, September 2007.
X. Luo, E. Chan, and R. Chang, Crafting Web Counters into Covert Channels, Proc. of the 22nd IFIP International Information Security Conference (IFIP SEC), pp. 337-348, Sandton, South Africa, May 2007. (Best student paper award)
X. Luo, E. Chan, and R. Chang, Vanguard: A New Detection Scheme for a Class of TCP-targeted Denial-of-Service Attacks, Proc. of 10th IEEE/IFIP Network Operations and Management Symposium (NOMS), pp. 507-518, Vancouver, Canada, April 2006.
X. Luo, R. Chang, and E. Chan, “Performance Analysis of TCP/AQM Under Denial-of-Service Attacks”, Proc. of the 13th IEEE/ACM International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS), pp. 97-104, Atlanta, USA, September 2005.
X. Luo and R. Chang, Novel Approaches to End-to-End Packet Reordering Measurement, Proc. of the 8th ACM/USENIX Internet Measurement Conference (IMC), pp. 227-238, Berkeley, USA, October 2005.
X. Luo and R. Chang, Optimizing the Pulsing Denial-of-Service Attacks, Proc. of the 35th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 582-591, Yokohama, Japan, June 2005.
X. Luo and R. Chang, On a New Class of Pulsing Denial-of-Service Attacks and the Defense, Proc. of the 12th Annual Network and Distributed System Security Symposium (NDSS), San Diego, USA, February 2005.