Engin Kirda

According to our database1, Engin Kirda authored at least 155 papers between 2000 and 2018.

Collaborative distances :
  • Dijkstra number2 of four.
  • Erdős number3 of four.

Timeline

Legend:

Book 
In proceedings 
Article 
PhD thesis 
Other 

Links

Homepage:

On csauthors.net:

Bibliography

2018
Protecting against Ransomware: A New Line of Research or Restating Classic Ideas?
IEEE Security & Privacy, 2018

Large-Scale Analysis of Style Injection by Relative Path Overwrite.
Proceedings of the 2018 World Wide Web Conference on World Wide Web, 2018

Surveylance: Automatically Detecting Online Survey Scams.
Proceedings of the 2018 IEEE Symposium on Security and Privacy, 2018

Eraser: Your Data Won't Be Back.
Proceedings of the 2018 IEEE European Symposium on Security and Privacy, 2018

2017
On the misuse of graphical user interface elements to implement security controls.
it - Information Technology, 2017

Traffic Measurements for Cyber Security.
IEEE Communications Magazine, 2017

UNVEIL: A large-scale, automated approach to detecting ransomware (keynote).
Proceedings of the IEEE 24th International Conference on Software Analysis, 2017

Redemption: Real-Time Protection Against Ransomware at End-Hosts.
Proceedings of the Research in Attacks, Intrusions, and Defenses, 2017

Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web.
Proceedings of the 24th Annual Network and Distributed System Security Symposium, 2017

Semi-automated discovery of server-based information oversharing vulnerabilities in Android applications.
Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis, Santa Barbara, CA, USA, July 10, 2017

Ex-Ray: Detection of History-Leaking Browser Extensions.
Proceedings of the 33rd Annual Computer Security Applications Conference, 2017

2016
UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware.
Proceedings of the 25th USENIX Security Symposium, 2016

Runtime Integrity Checking for Exploit Mitigation on Lightweight Embedded Devices.
Proceedings of the Trust and Trustworthy Computing - 9th International Conference, 2016

TriggerScope: Towards Detecting Logic Bombs in Android Applications.
Proceedings of the IEEE Symposium on Security and Privacy, 2016

LAVA: Large-Scale Automated Vulnerability Addition.
Proceedings of the IEEE Symposium on Security and Privacy, 2016

Trellis: Privilege Separation for Multi-user Applications Made Easy.
Proceedings of the Research in Attacks, Intrusions, and Defenses, 2016

CrossFire: An Analysis of Firefox Extension-Reuse Vulnerabilities.
Proceedings of the 23rd Annual Network and Distributed System Security Symposium, 2016

WHOIS Lost in Translation: (Mis)Understanding Domain Name Expiration and Re-Registration.
Proceedings of the 2016 ACM on Internet Measurement Conference, 2016

CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes.
Proceedings of the Financial Cryptography and Data Security, 2016

Overhaul: Input-Driven Access Control for Better Privacy on Traditional Operating Systems.
Proceedings of the 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, 2016

EmailProfiler: Spearphishing Filtering with Header and Stylometric Features of Emails.
Proceedings of the 40th IEEE Annual Computer Software and Applications Conference, 2016

2015
SENTINEL: Securing Legacy Firefox Extensions.
Computers & Security, 2015

Hypervisor-based malware protection with AccessMiner.
Computers & Security, 2015

ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities.
Proceedings of the 24th USENIX Security Symposium, 2015

BabelCrypt: The Universal Encryption Layer for Mobile Messaging Applications.
Proceedings of the Financial Cryptography and Data Security, 2015

Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2015

On the Security and Engineering Implications of Finer-Grained Access Controls for Android Developers and Users.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2015

2014
Exposure: A Passive DNS Analysis Service to Detect and Report Malicious Domains.
ACM Trans. Inf. Syst. Secur., 2014

A Look at Targeted Attacks Through the Lense of an NGO.
Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014., 2014

Hidden GEMs: Automated Discovery of Access Control Vulnerabilities in Graphical User Interfaces.
Proceedings of the 2014 IEEE Symposium on Security and Privacy, 2014

Optical Delusions: A Study of Malicious QR Codes in the Wild.
Proceedings of the 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, 2014

VirtualSwindle: an automated attack against in-app billing on android.
Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, 2014

TrueClick: automatically distinguishing trick banners from genuine download links.
Proceedings of the 30th Annual Computer Security Applications Conference, 2014

2013
DarkDroid - Exposing the Dark Side of Malicious Mobile Applications.
ERCIM News, 2013

PrivExec: Private Execution as an Operating System Service.
Proceedings of the 2013 IEEE Symposium on Security and Privacy, 2013

Holiday Pictures or Blockbuster Movies? Insights into Copyright Infringement in User Uploads to One-Click File Hosters.
Proceedings of the Research in Attacks, Intrusions, and Defenses, 2013

Clickonomics: Determining the Effect of Anti-Piracy Measures for One-Click Hosting.
Proceedings of the 20th Annual Network and Distributed System Security Symposium, 2013

A Practical, Targeted, and Stealthy Attack Against WPA Enterprise Authentication.
Proceedings of the 20th Annual Network and Distributed System Security Symposium, 2013

Securing Legacy Firefox Extensions with SENTINEL.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2013

Beehive: large-scale log analysis for detecting suspicious activity in enterprise networks.
Proceedings of the Annual Computer Security Applications Conference, 2013

PatchDroid: scalable third-party security patches for Android devices.
Proceedings of the Annual Computer Security Applications Conference, 2013

2012
A survey on automated dynamic malware-analysis techniques and tools.
ACM Comput. Surv., 2012

Have things changed now? An empirical study on input validation vulnerabilities in web applications.
Computers & Security, 2012

PoX: Protecting users from malicious Facebook applications.
Computer Communications, 2012

Privacy risks in named data networking: what is the cost of performance?
Computer Communication Review, 2012

PUBCRAWL: Protecting Users and Businesses from CRAWLers.
Proceedings of the 21th USENIX Security Symposium, Bellevue, WA, USA, August 8-10, 2012, 2012

An empirical analysis of input validation mechanisms in web applications and languages.
Proceedings of the ACM Symposium on Applied Computing, 2012

A security analysis of amazon's elastic compute cloud service.
Proceedings of the ACM Symposium on Applied Computing, 2012

Paying for Piracy? An Analysis of One-Click Hosters' Controversial Reward Schemes.
Proceedings of the Research in Attacks, Intrusions, and Defenses, 2012

Insights into User Behavior in Dealing with Internet Attacks.
Proceedings of the 19th Annual Network and Distributed System Security Symposium, 2012

A quantitative study of accuracy in system call-based malware detection.
Proceedings of the International Symposium on Software Testing and Analysis, 2012

A security analysis of Amazon's Elastic Compute Cloud service.
Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, 2012

Preventing Input Validation Vulnerabilities in Web Applications through Automated Type Analysis.
Proceedings of the 36th Annual IEEE Computer Software and Applications Conference, 2012

Disclosure: detecting botnet command and control servers through large-scale NetFlow analysis.
Proceedings of the 28th Annual Computer Security Applications Conference, 2012

2011
Malware Behavior Clustering.
Proceedings of the Encyclopedia of Cryptography and Security, 2nd Ed., 2011

Cross Site Scripting Attacks.
Proceedings of the Encyclopedia of Cryptography and Security, 2nd Ed., 2011

PoX: Protecting users from malicious Facebook applications.
Proceedings of the Ninth Annual IEEE International Conference on Pervasive Computing and Communications, 2011

PiOS: Detecting Privacy Leaks in iOS Applications.
Proceedings of the Network and Distributed System Security Symposium, 2011

EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis.
Proceedings of the Network and Distributed System Security Symposium, 2011

Automated Discovery of Parameter Pollution Vulnerabilities in Web Applications.
Proceedings of the Network and Distributed System Security Symposium, 2011

Efficient and Stealthy Instruction Tracing and Its Applications in Automated Malware Analysis: Open Problems and Challenges.
Proceedings of the Open Problems in Network Security - IFIP WG 11.4 International Workshop, 2011

BTLab: A System-Centric, Data-Driven Analysis and Measurement Platform for BitTorrent Clients.
Proceedings of 20th International Conference on Computer Communications and Networks, 2011

Quo Vadis? A Study of the Evolution of Input Validation Vulnerabilities in Web Applications.
Proceedings of the Financial Cryptography and Data Security, 2011

Reverse Social Engineering Attacks in Online Social Networks.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2011

The power of procrastination: detection and mitigation of execution-stalling malicious code.
Proceedings of the 18th ACM Conference on Computer and Communications Security, 2011

2010
Assessing Cybercrime Through the Eyes of the WOMBAT.
Proceedings of the Cyber Situational Awareness - Issues and Research, 2010

Static analysis for detecting taint-style vulnerabilities in web applications.
Journal of Computer Security, 2010

Is the Internet for Porn? An Insight Into the Online Adult Industry.
Proceedings of the 9th Annual Workshop on the Economics of Information Security, 2010

A Practical Attack to De-anonymize Social Network Users.
Proceedings of the 31st IEEE Symposium on Security and Privacy, 2010

Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries.
Proceedings of the 31st IEEE Symposium on Security and Privacy, 2010

Identifying Dormant Functionality in Malware Programs.
Proceedings of the 31st IEEE Symposium on Security and Privacy, 2010

CAPTCHA smuggling: hijacking web browsing sessions to create CAPTCHA farms.
Proceedings of the 2010 ACM Symposium on Applied Computing (SAC), 2010

Improving the efficiency of dynamic malware analysis.
Proceedings of the 2010 ACM Symposium on Applied Computing (SAC), 2010

Abusing Social Networks for Automated User Profiling.
Proceedings of the Recent Advances in Intrusion Detection, 13th International Symposium, 2010

Efficient Detection of Split Personalities in Malware.
Proceedings of the Network and Distributed System Security Symposium, 2010

Honeybot, Your Man in the Middle for Automated Social Engineering.
Proceedings of the 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats, 2010

Exploiting diverse observation perspectives to get insights on the malware landscape.
Proceedings of the 2010 IEEE/IFIP International Conference on Dependable Systems and Networks, 2010

AccessMiner: using system-centric models for malware protection.
Proceedings of the 17th ACM Conference on Computer and Communications Security, 2010

A solution for the automated detection of clickjacking attacks.
Proceedings of the 5th ACM Symposium on Information, 2010

G-Free: defeating return-oriented programming through gadget-less binaries.
Proceedings of the Twenty-Sixth Annual Computer Security Applications Conference, 2010

2009
Reducing errors in the anomaly-based detection of web-based attacks through the combined analysis of web requests and SQL queries.
Journal of Computer Security, 2009

Server-Side Bot Detection in Massively Multiplayer Online Games.
IEEE Security & Privacy, 2009

Client-side cross-site scripting protection.
Computers & Security, 2009

All your contacts are belong to us: automated identity theft attacks on social networks.
Proceedings of the 18th International Conference on World Wide Web, 2009

Effective and Efficient Malware Detection at the End Host.
Proceedings of the 18th USENIX Security Symposium, 2009

Prospex: Protocol Specification Extraction.
Proceedings of the 30th IEEE Symposium on Security and Privacy (S&P 2009), 2009

Scalable, Behavior-Based Malware Clustering.
Proceedings of the Network and Distributed System Security Symposium, 2009

A View on Current Malware Behaviors.
Proceedings of the 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats, 2009

Automated Spyware Collection and Analysis.
Proceedings of the Information Security, 12th International Conference, 2009

Mitigating Drive-By Download Attacks: Challenges and Open Problems.
Proceedings of the iNetSec 2009 - Open Research Problems in Network Security, 2009

SWAP: Mitigating XSS attacks using a reverse proxy.
Proceedings of the ICSE Workshop on Software Engineering for Secure Systems, 2009

Automatically Generating Models for Botnet Detection.
Proceedings of the Computer Security, 2009

Achieving Life-Cycle Compliance of Service-Oriented Architectures: Open Issues and Challenges.
Proceedings of the Data Privacy Management and Autonomous Spontaneous Security, 2009

Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks.
Proceedings of the Detection of Intrusions and Malware, 2009

FIRE: FInding Rogue nEtworks.
Proceedings of the Twenty-Fifth Annual Computer Security Applications Conference, 2009

2008
Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications.
Proceedings of the 2008 IEEE Symposium on Security and Privacy (S&P 2008), 2008

Overbot: a botnet protocol based on Kademlia.
Proceedings of the 4th International ICST Conference on Security and Privacy in Communication Networks, 2008

Visual-similarity-based phishing detection.
Proceedings of the 4th International ICST Conference on Security and Privacy in Communication Networks, 2008

Leveraging User Interactions for In-Depth Testing of Web Applications.
Proceedings of the Recent Advances in Intrusion Detection, 11th International Symposium, 2008

Automatic Network Protocol Analysis.
Proceedings of the Network and Distributed System Security Symposium, 2008

8102 Working Group -- Attack Taxonomy.
Proceedings of the Perspectives Workshop: Network Attack Detection and Defense, 2.3., 2008

08102 Working Group -- Requirements for Network Monitoring from an IDS Perspective.
Proceedings of the Perspectives Workshop: Network Attack Detection and Defense, 2.3., 2008

2007
Extending .NET security to unmanaged code.
Int. J. Inf. Sec., 2007

Exploiting Redundancy in Natural Language to Penetrate Bayesian Spam Filters.
Proceedings of the First USENIX Workshop on Offensive Technologies, 2007

Dynamic Spyware Analysis.
Proceedings of the 2007 USENIX Annual Technical Conference, 2007

Exploring Multiple Execution Paths for Malware Analysis.
Proceedings of the 2007 IEEE Symposium on Security and Privacy (S&P 2007), 2007

A layout-similarity-based approach for detecting phishing pages.
Proceedings of the Third International Conference on Security and Privacy in Communication Networks and the Workshops, 2007

Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis.
Proceedings of the Network and Distributed System Security Symposium, 2007

Detecting System Emulators.
Proceedings of the Information Security, 10th International Conference, 2007

Building Anti-Phishing Browser Plug-Ins: An Experience Report.
Proceedings of the Third International Workshop on Software Engineering for Secure Systems, 2007

On the Effectiveness of Techniques to Detect Phishing Sites.
Proceedings of the Detection of Intrusions and Malware, 2007

Panorama: capturing system-wide information flow for malware detection and analysis.
Proceedings of the 2007 ACM Conference on Computer and Communications Security, 2007

Secure Input for Web Applications.
Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC 2007), 2007

Limits of Static Analysis for Malware Detection.
Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC 2007), 2007

2006
Dynamic Analysis of Malicious Code.
Journal in Computer Virology, 2006

Protecting Users against Phishing Attacks.
Comput. J., 2006

SecuBat: a web vulnerability scanner.
Proceedings of the 15th international conference on World Wide Web, 2006

Behavior-based Spyware Detection.
Proceedings of the 15th USENIX Security Symposium, Vancouver, BC, Canada, July 31, 2006

Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper).
Proceedings of the 2006 IEEE Symposium on Security and Privacy (S&P 2006), 2006

Preventing Cross Site Request Forgery Attacks.
Proceedings of the Second International Conference on Security and Privacy in Communication Networks and the Workshops, 2006

An anomaly-driven reverse proxy for web applications.
Proceedings of the 2006 ACM Symposium on Applied Computing (SAC), 2006

Noxes: a client-side solution for mitigating cross-site scripting attacks.
Proceedings of the 2006 ACM Symposium on Applied Computing (SAC), 2006

Precise alias analysis for static detection of web application vulnerabilities.
Proceedings of the 2006 Workshop on Programming Languages and Analysis for Security, 2006

Extending .NET Security to Unmanaged Code.
Proceedings of the Information Security, 9th International Conference, 2006

Using Static Program Analysis to Aid Intrusion Detection.
Proceedings of the Detection of Intrusions and Malware & Vulnerability Assessment, 2006

2005
ShareMe: Running a Distributed Systems Lab for 600 Students With Three Faculty Members.
IEEE Trans. Education, 2005

Automating Mimicry Attacks Using Static Binary Analysis.
Proceedings of the 14th USENIX Security Symposium, Baltimore, MD, USA, July 31, 2005

Polymorphic Worm Detection Using Structural Information of Executables.
Proceedings of the Recent Advances in Intrusion Detection, 8th International Symposium, 2005

Protecting Users Against Phishing Attacks with AntiPhish.
Proceedings of the 29th Annual International Computer Software and Applications Conference, 2005

2004
XGuide - Concurrent Web Engineering with Contracts.
Proceedings of the Web Engineering - 4th International Conference, 2004

DIWE: A Framework for Constructing Device-Independent Web Applications.
Proceedings of the Ubiquitous Mobile Information and Collaboration Systems, 2004

2003
A Service Architecture for Mobile Teamwork.
International Journal of Software Engineering and Knowledge Engineering, 2003

Supporting Collaboration in the Development of Tools and Dies in Manufacturing Networks.
Proceedings of the 12th IEEE International Workshops on Enabling Technologies (WETICE 2003), 2003

Integrating Publish/Subscribe into a Mobile Teamwork Support Platform.
Proceedings of the Fifteenth International Conference on Software Engineering & Knowledge Engineering (SEKE'2003), 2003

Web Service Engineering with DIWE.
Proceedings of the 29th EUROMICRO Conference 2003, 2003

OMNIX: A Topology-Independent P2P Middleware.
Proceedings of the 15th Conference on Advanced Information Systems Engineering (CAiSE '03), 2003

2002
A Generic Content-Management Tool for Web Databases.
IEEE Internet Computing, 2002

Evaluation of a Publish/Subscribe System for Collaborative and Mobile Working.
Proceedings of the 11th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE 2002), 2002

Towards an Access Control System for Mobile Peer-to-Peer Collaborative Environments.
Proceedings of the 11th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE 2002), 2002

A service architecture for mobile teamwork.
Proceedings of the 14th international conference on Software engineering and knowledge engineering, 2002

Service specific anomaly detection for network intrusion detection.
Proceedings of the 2002 ACM Symposium on Applied Computing (SAC), 2002

Towards a Hierarchical, Semantic Peer-to-Peer Topology.
Proceedings of the 2nd International Conference on Peer-to-Peer Computing (P2P 2002), 2002

XGuide - A Practical Guide to XML-Based Web Engineering.
Proceedings of the Web Engineering and Peer-to-Peer Computing, 2002

TWSAPI: A Generic Teamwork Services Application Programming Interface.
Proceedings of the 22nd International Conference on Distributed Computing Systems, 2002

MOTION: A Peer-to-Peer Platform for Mobile Teamwork Support.
Proceedings of the 26th International Computer Software and Applications Conference (COMPSAC 2002), 2002

2001
Experiences in Engineering Flexible Web Services.
IEEE MultiMedia, 2001

The Evolution of an Organizational Web Site: Migrating to XML/XSL.
Proceedings of the 3rd International Workshop on Web Site Evolution (WSE 2001), 2001

A Web-Based Peer-to-Peer Architecture for Collaborative Nomadic Working.
Proceedings of the 10th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE 2001), 2001

Supporting Multi-Device Enabled Web Services: Challenges and Open Problems.
Proceedings of the 10th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE 2001), 2001

Layout, Content and Logic Separation in Web Engineering.
Proceedings of the Web Engineering, Software Engineering and Web Application Development, 2001

Engineering of Web services with XML and XSL.
Proceedings of the 8th European Software Engineering Conference held jointly with 9th ACM SIGSOFT International Symposium on Foundations of Software Engineering 2001, 2001

SPARTA, a Mobile Agent Based Instrusion Detection System.
Proceedings of the Advances in Network and Distributed Systems Security, 2001

Web Engineering Device Independent Web Services.
Proceedings of the 23rd International Conference on Software Engineering, 2001

Building and Managing XML/XSL-powered Web Sites: an Experience Report.
Proceedings of the 25th International Computer Software and Applications Conference (COMPSAC 2001), 2001

2000
MyXML: An XML based template engine for the generation of flexible web content.
Proceedings of WebNet 2000 - World Conference on the WWW and Internet, San Antonio, Texas, USA, October 30, 2000


  Loading...