Publications

[ Books | Patents | Magazines | Pubs by Year ]

BOOK

  • Danfeng Yao, Xiaokui Shu, Long Cheng, and Salvatore J. Stolfo. Anomaly Detection as a Service: Challenges, Advances, and Opportunities. In Information Security, Privacy, and Trust Series. Morgan & Claypool. Oct. 2017. (Invited book)
  • Patents

    BOOK CHAPTERS

  • Xiaokui Shu, Fang Liu, and Danfeng Yao. Rapid Screening of Big Data Against Inadvertent Leaks. (Book Chapter) In Big Data: Theories, Applications and Concepts. Editors: Shui Yu and Song Guo. Springer. 2016.

  • Forward-Secure Hierarchical IBE with Applications to Broadcast Encryption Schemes. Danfeng Yao, Nelly Fazio, Yevgeniy Dodis, and Anna Lysyanskaya. In Cryptology and Information Security Series on Identity-Based Cryptography. Editors: Marc Joye and Greg Nevens. IOS Press. 2008.

  • MAGAZINES

  • Danfeng (Daphne) Yao, Sazzadur Rahaman, Ya Xiao, Sharmin Afrose, Miles Frantz, Ke Tian, Na Meng, Cristina Cifuentes, Yang Zhao, Nicholas Allen, Nathan Keynes, Barton P. Miller, Elisa R. Heymann, Murat Kantarcioglu, and Fahad Shaon. Being the Developers' Friend: Our Experience Developing a High-Precision Tool for Secure Coding.
    IEEE Security & Privacy. 2022.

  • Salman Ahmed, Ya Xiao, Taejoong (Tijay) Chung, Carol Fung, Moti Yung, and Danfeng (Daphne) Yao. Privacy Guarantees of BLE Contact Tracing: A Case Study on COVIDWISE.
    IEEE Computer. February 2022.

  • Danfeng (Daphne) Yao. Depth and Persistence: What Researchers Need to Know About Imposter Syndrome.
    Communications of the ACM June 2021, Vol. 64 No. 6, Pages 39-42.
    "我是骗子吗?" 研究者不得不了解的冒充者综合征 Chinese version in The Intellectual.

  • Daphne Yao. Rebuttal How-To: Strategies, Tactics, and the Big Picture in Research.
    Communications of the ACM, January 2024, Vol. 67 No. 1, Pages 47-49.
  • REFEREED CONFERENCES, JOURNALS, AND WORKSHOPS (BY YEAR)

    2024

  • Methods and Benchmark for Detecting Cryptographic API Misuses in Python.
    Miles Frantz, Ya Xiao, Tanmoy Sarkar Pias, Na Meng, and Danfeng (Daphne) Yao.
    IEEE Transactions on Software Engineering (TSE). Mar. 2024.

  • Epigenomic tomography for probing spatially-defined chromatin state in the brain.
    Zhengzhi Liu, Chengyu Deng, Zirui Zhou, Ya Xiao, Shan Jiang, Bohan Zhu, Lynette B. Naler, Xiaoting Jia, Danfeng (Daphne) Yao, and Chang Lu.
    Cell Reports Methods. 2024.

  • Resilient Routing for Low Earth Orbit Mega-Constellation Networks.
    Alex Kedrowitsch, Jonathan Black, and Daphne Yao.
    Proceedings of the 2nd Workshop on the Security of Space and Satellite Systems (SpaceSec), co-located with the NDSS Symposium. Mar. 2024.

  • 2023

  • Cybersecurity Usage in the Wild: A look at Deployment Challenges in Intrusion Detection and Alert Handling.
    Wyatt Sweat and Daphne Yao.
    Workshop on Research for Insider Threats (WRIT), co-located with the Annual Computer Security Applications Conference (ACSAC). Austin, TX. Dec. 2023.

  • Deep Phenotyping of Non-Alcoholic Fatty Liver Disease Patients with Genetic Factors for Insights into the Complex Disease.
    Tahmina Sultana Priya, Fan Leng, Anthony C. Luehrs, Eric W. Klee, Alina M. Allen, Konstantinos N. Lazaridis, Danfeng (Daphne) Yao, Shulan Tian.
    Extended Abstract presented at Machine Learning for Health (ML4H) symposium 2023, December 10th, 2023, New Orleans, United States.

  • DRGCoder: Explainable Clinical Coding for the Early Prediction of Diagnostic-Related Groups.
    Daniel Hajialigol, Derek Kaknes, Tanner Barbour, Daphne Yao, Chris North, Jimeng Sun, David Liem, and Xuan Wang.
    In Proc. 2023 Conf. on Empirical Methods in Natural Language Processing (EMNLP'23) (System Demonstration), Singapore, December 2023.

  • A First Look at Toxicity Injection Attacks on Open-domain Chatbots.
    Connor Weeks, Aravind Cheruvu, Sifat Muhammad Abdullah, Shravya Kanchi, Danfeng (Daphne) Yao, and Bimal Viswanath.
    Annual Computer Security Applications Conference (ACSAC). 2023.

  • Measurement of Embedding Choices on Cryptographic API Completion Tasks.
    Ya Xiao, Wenjia Song, Salman Ahmed, Xinyang Ge, Bimal Viswanath, Na Meng, and Danfeng (Daphne) Yao.
    ACM Transactions on Software Engineering and Methodology. 2023.

  • Not All Data are Created Equal: Data and Pointer Prioritization for Scalable Protection Against Data-Oriented Attacks.
    Salman Ahmed, Hans Liljestrand, Hani Jamjoom, Matthew Hicks, N. Asokan, and Danfeng (Daphne) Yao.
    In Proceedings of the USENIX Security Symposium. Aug. 2023.

  • Spatiotemporal Estimations of Temperature Rise During Electroporation Treatments using a Deep Neural Network.
    Edward Jacobs, IV, Sabrina Campelo, Kenneth Aycock, Danfeng (Daphne) Yao, and Rafael V. Davalos.
    Computers in Biology and Medicine. 2023. 10.1016/j.compbiomed.2023.107019

  • Epigenomic tomography for probing spatially-defined molecular state in the brain.
    Zhengzhi Liu, Chengyu Deng, Zirui Zhou, Ya Xiao, Shan Jiang, Bohan Zhu, Lynette B. Naler, Xiaoting Jia, Danfeng (Daphne) Yao, and Chang Lu.
    [Preprint]. 2022. DOI: 10.1101/2022.11.24.517865.

  • Crypto-ransomware Detection through Quantitative API-based Behavioral Profiling.
    Wenjia Song, Sanjula Karanam, Ya Xiao, Jingyuan Qi, Nathan Dautenhahn, Na Meng, Danfeng (Daphne) Yao.
    arXiv:2306.02270. 2023.

  • Specializing Neural Networks for Cryptographic Code Completion Applications.
    Ya Xiao, Wenjia Song, Jingyuan Qi, Bimal Viswanath, Patrick McDaniel, Danfeng (Daphne) Yao.
    IEEE Transactions on Software Engineering. 2023

  • SpanL: Creating Algorithms for Automatic API Misuse Detection with Program Analysis Compositions.
    Sazzadur Rahaman, Miles Frantz, Barton Miller, and Danfeng Yao.
    In Proceedings of the Workshop on Secure Cryptographic Implementation (SCI), co-located with International Conference on Applied Cryptography and Network Security (ACNS). Kyoto, Japan. 2023.

  • 2022

  • Subpopulation-specific Machine Learning Prognosis for Underrepresented Patients with Double Prioritized Bias Correction.
    Sharmin Afrose*, Wenjia Song*, Charles B. Nemeroff, Chang Lu, Danfeng (Daphne) Yao. (*Contributed equally)
    Communications Medicine (Nature portfolio). 2022
    (NPR/WGR radio interview)

  • Industrial Experience of Finding Cryptographic Vulnerabilities in Large-scale Codebases.
    Ya Xiao, Yang Zhao, Nicholas Allen, Nathan Keynes, Danfeng (Daphne) Yao, Cristina Cifuentes.
    ACM Digital Threats: Research and Practice. January 2022.

  • Evaluation of Static Vulnerability Detection Tools with Java Cryptographic API Benchmarks.
    Sharmin Afrose, Ya Xiao, Sazzadur Rahaman, Barton P. Miller, Danfeng (Daphne) Yao.
    IEEE Transactions on Software Engineering (TSE). February 2022.

  • Industrial Strength Static Detection for Cryptographic API Misuses
    Ya Xiao, Yang Zhao, Nicholas Allen, Nathan Keynes, Danfeng (Daphne) Yao, and Cristina Cifuentes.
    In Proceedings of the IEEE Secure Development Conference (SecDev). Practitioners' Session. Atlanta, GA. Oct. 2022.

  • How Do Developers Follow Security-Relevant Best Practices When Using NPM Packages?
    Md Mahir Asef Kabir, Ying Wang, Danfeng(Daphne) Yao, and Na Meng.
    In Proceedings of the IEEE Secure Development Conference (SecDev). Atlanta, GA. Oct. 2022.

  • Example-Based Vulnerability Detection and Repair in Java Code
    Ying Zhang, Ya Xiao, Md Mahir Asef Kabir, Danfeng(Daphne) Yao, and Na Meng.
    In Proceedings of IEEE/ACM International Conference on Program Comprehension (ICPC). Pittsburgh, PA. May 2022.

  • Automatic Detection of Java Cryptographic API Misuses: Are We There Yet?
    Ying Zhang, Mahir Kabir, Ya Xiao, Danfeng (Daphne) Yao, Na Meng.
    IEEE Transactions on Software Engineering (TSE). Feb. 2022
  • 2021

  • Exploitation Techniques for Data-Oriented Attacks with Existing and Potential Defense Approaches.
    Long Cheng, Salman Ahmed, Hans Liljestrand, Thomas Nyman, Haipeng Cai, Trent Jaeger, N. Asokan, Danfeng (Daphne) Yao.
    In ACM Transactions on Privacy and Security (TOPS), April 2021.

  • Embedding Code Contexts for Cryptographic API Suggestion: New Methodologies and Comparisons.
    Ya Xiao, Salman Ahmed, Wenjia Song, Xinyang Ge, Bimal Viswanath, Danfeng (Daphne) Yao.
    arXiv:2103.08747

  • Deep Learning-Based Anomaly Detection in Cyber-Physical Systems: Progress and Opportunities.
    Yuan Luo, Ya Xiao, Long Cheng, Guojun Peng, and Danfeng (Daphne) Yao.
    ACM Computing Surveys. Accepted. Feb. 2021. Impact Factor: 7.99.

  • Measurement of Local Differential Privacy Techniques for IoT-based Streaming Data.
    Sharmin Afrose, Danfeng (Daphne) Yao, and Olivera Kotevska.
    International Conference on Privacy, Security, and Trust (PST). Dec. 2021.
  • 2020

  • Coding Practices and Recommendations of Spring Security for Enterprise Applications.
    Mazharul Islam, Sazzadur Rahaman, Na Meng, Behnaz Hassanshahi, Padmanabhan Krishnan, Danfeng (Daphne) Yao.
    IEEE Secure Development Conference (SecDev 2020). Atlanta, GA, September 2020

  • Methodologies for Quantifying (Re-)randomization Security and Timing under JIT-ROP.
    Salman Ahmed, Ya Xiao, Kevin Z. Snow, Gang Tan, Fabian Monrose, and Danfeng (Daphne) Yao.
    In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS'20). November 9–13, 2020.

  • Prioritizing Data Flows and Sinks for App Security Transformation.
    Ke Tian, Gang Tan, Barbara G. Ryder, and Danfeng (Daphne) Yao.
    Computers & Security. Feb. 2020.

  • Identifying Mobile Inter-App Communication Risks.
    Karim O. Elish, Haipeng Cai, Daniel Barton, Danfeng (Daphne) Yao, and Barbara G. Ryder.
    IEEE Transactions on Mobile Computing, Vol. 19, No. 1, January 2020.

  • From Theory to Code: Identifying Logical Flaws in Cryptographic Implementations.
    Sazzadur Rahaman, Haipeng Cai, Omar Chowdhury and Danfeng (Daphne) Yao.
    IEEE Transactions on Dependable and Secure Computing (TDSC), 2020

  • GPU-Based Static Data-Flow Analysis for Fast and Scalable Android App Vetting
    Xiaodong Yu, Fengguo Wei, Xinming Ou, Michela Becchi, Tekin Bicer, and Danfeng (Daphne) Yao.
    The 34th IEEE International Parallel and Distributed Processing Symposium (IPDPS). New Orleans, LA. May 2020

  • Context-rich Privacy Leakage Analysis through Inferring Apps in Smart Home IoT.
    Yuan Luo, Long Cheng, Hongxin Hu, Guojun Peng, and Danfeng Yao.
    IEEE Internet of Things Journal. Aug. 2020.

  • Investigating The Reproducibility of NPM Packages.
    Pronnoy Goswami, Saksham Gupta, Zhiyuan Li, Na Meng, and Danfeng (Daphne) Yao.
    In Proceedings of the International Conference on Software Maintenance and Evolution (ICSME). Oct. 2020.

  • Detection of Repackaged Android Malware with Code-Heterogeneity Features.
    Ke Tian, Danfeng Yao, Barbara Ryder, Gang Tan, and Guojun Peng.
    IEEE Transactions on Dependable and Secure Computing (TDSC). Jan. 2020.
  • 2019

  • Security Certification in Payment Card Industry: Testbeds, Measurements, and Recommendations.
    Sazzadur Rahaman, Gang Wang, and Daphne Yao.
    ACM Conference on Computer and Communications Security (CCS). London, UK. Nov. 2019. (Acceptance rate: 16%)

  • CryptoGuard: High Precision Detection of Cryptographic Vulnerabilities in Massive-sized Java Projects.
    Sazzadur Rahaman, Ya Xiao, Sharmin Afrose, Fahad Shaon, Ke Tian, Miles Frantz, Murat Kantarcioglu, and Danfeng (Daphne) Yao.
    ACM Conference on Computer and Communications Security (CCS). London, UK. Nov. 2019. (Acceptance rate: 16%)

  • Neural Cryptanalysis: Metrics, Methodology, and Applications in CPS Ciphers.
    Ya Xiao, Qingying Hao and Danfeng Yao.
    IEEE Conference on Dependable and Secure Computing (DSC-2019) Hangzhou, China, 18-20 November, 2019

  • CryptoAPI-Bench: A Comprehensive Benchmark on Java Cryptographic API Misuses.
    Sharmin Afrose, Sazzadur Rahaman, Danfeng (Daphne) Yao.
    IEEE Secure Development Conference (SecDev). McLean, VA. Sept. 2019. (Acceptance rate: 36%)

  • Exploitation Techniques and Defenses for Data-Oriented Attacks.
    Long Cheng, Hans Liljestrand, Md Salman Ahmed, Thomas Nyman, Trent Jaeger, N. Asokan, and Danfeng (Daphne) Yao.
    IEEE Secure Development Conference (SecDev). McLean, VA. Sept. 2019. (Acceptance rate: 36%)

  • Comparative Measurement of Cache Configurations’ Impacts on Cache Timing Side-Channel Attacks.
    Xiaodong Yu, Ya Xiao, Kirk Cameron, and Danfeng (Daphne) Yao.
    The 12th USENIX Workshop on Cyber Security Experimentation and Test (CSET). Santa Clara, CA. Aug. 2019. (Acceptance rate: 31%)

  • Checking is Believing:Event-aware Program Anomaly Detection in Cyber-physical Systems.
    Long Cheng, Ke Tian, Danfeng Yao, Lui Sha, and Raheem Beyah.
    IEEE Transactions on Dependable and Secure Computing (TDSC). 2019. (Impact factor: 6.4)

  • Identifying Mobile Inter-App Communication Risks.
    Karim Elish, Haipeng Cai, Daniel Barton, Danfeng Yao, and Barbara Ryder.
    IEEE Transactions on Mobile Computing. 19(1). 90-102. 1-13. Dec., 2018. DOI: 10.1109/TMC.2018.2889495
  • 2018

  • Needle in a Haystack: Tracking Down Elite Phishing Domains in the Wild.
    Ke Tian, Steve Jan, Hang Hu, Danfeng Yao, and Gang Wang.
    In ACM Internet Measurement Conference (IMC). Boston, MA. Oct. 2018. (Acceptance rate: 25%)

  • FrameHanger: Evaluating and Classifying Iframe Injection at Large Scale.
    Ke Tian, Zhou Li, Kevin Bowers, and Danfeng Yao.
    In Proceedings of the International Conference on Security and Privacy in Communication Networks (SECURECOMM). Singapore. Aug. 2018. (Acceptance rate: 30.5%)

  • Secure Coding Practices in Java: Challenges and Vulnerabilities.
    Na Meng, Stefan Nagy, Danfeng Yao, Wenjie Zhuang, and Gustavo Argoty.
    International Conference on Software Engineering (ICSE). Gothenburg, Sweden. May, 2018. (Acceptance rate: 20.9%) Multiple high-profile media reports.

  • DroidCat: Effective Android Malware Detection and Categorization via App-Level Profiling.
    Haipeng Cai, Na Meng, Barbara Ryder, and Danfeng Yao.
    IEEE Transactions on Information Forensics & Security (TIFS). Oct. 2018.
  • 2017

  • ReDroid: Prioritizing Data Flows and Sinks for App Security Transformation.
    Ke Tian, Gang Tan, Danfeng Yao, and Barbara Ryder.
    In Proceedings of workshop on Forming an Ecosystem Around Software Transformation (FEAST). Collocated with the ACM Conference on Computer and Communications Security (CCS). Dallas, TX. Nov. 2017

  • A First Look: Using Linux Containers for Deceptive Honeypots.
    Alexander Kedrowitsch, Danfeng (Daphne) Yao, Gang Wang, and Kirk Cameron.
    In Proceedings of ACM Workshop on Assurable & Usable Security Configuration (SafeConfig). Collocated with the ACM Conference on Computer and Communications Security (CCS). Dallas, TX. Nov. 2017.

  • Enforcing Cyber-Physical Execution Semantics to Defend Against Data-Oriented Attacks.
    Long Cheng, Ke Tian, and Danfeng Yao.
    In Proceedings of Annual Computer Security Applications Conference (ACSAC). Puerto Rico, US. Dec. 2017. (Acceptance rate: 19.7%)

  • Program Analysis of Cryptography Implementations for Security.
    Sazzadur Rahaman and Danfeng (Daphne) Yao.
    In Proceedings of IEEE Secure Development Conference (SecDev) Cambridge, MA. Sep., 2017.

  • Measuring the Insecurity of Mobile Deep Links of Android.
    Fang Liu, Chun Wang, Andres Pico, Danfeng Yao, and Gang Wang.
    In Proceedings of the 26th USENIX Security Symposium. Vancouver, Canada. Aug. 2017.(Acceptance rate: 16.3%)

  • Provably Secure Anonymous-yet-Accountable Crowdsensing with Scalable Sublinear Revocation.
    Sazzadur Rahaman, Long Cheng, Danfeng Yao, He Li, and Jung-Min Park.
    The 17th Privacy Enhancing Technologies Symposium (PETS). Minneapolis, MN. Jul. 2017.(Acceptance rate: 21.7%)

  • On Threat Modeling and Mitigation of Medical Cyber-Physical Systems.
    Hussain Almohri, Long Cheng, Danfeng Yao, and Homa Alemzadeh.
    In Proceedings of IEEE International Workshop on Security, Privacy, and Trustworthiness in Medical Cyber-Physical Systems (MedSPT), in conjunction with the IEEE/ACM Conference on Connected Health: Applications, Systems and Engineering Technologies (CHASE). Philadelphia, PA. Jul. 2017. (Invited paper)

  • Cloud Data Analytics for Security: Applications, Challenges, and Opportunities.
    Danfeng Yao.
    In Proceedings of Security in Cloud Computing (SCC) Workshop, in conjunction with ASIACCS. Abu Dhabi, UAE. Apr., 2017.
    Keynote speech SLIDES are here.

  • MR-Droid: A Scalable and Prioritized Analysis of Inter-App Communication Risks.
    Fang Liu, Haipeng Cai, Gang Wang, Danfeng Yao, Karim O. Elish and Barbara G. Ryder.
    In Proceedings of Mobile Security Technologies (MoST) Workshop, in conjunction with the IEEE Symposium on Security and Privacy. San Jose, CA. May 2017.(Acceptance rate: 33%)

  • Collusive Data Leak and More: Large-scale Threat Analysis of Inter-app Communications.
    Amiangshu Bosu, Fang Liu, Danfeng Yao, and Gang Wang.
    In Proceedings of ACM Symposium on Information, Computer & Communication Security (ASIACCS) Apr. 2017. (Acceptance rate: 20%) DIALDroid SLIDES HERE

  • Long-Span Program Behavior Modeling and Attack Detection.
    Xiaokui Shu, Danfeng Yao, Naren Ramakrishnan, and Trent Jaeger
    ACM Transactions on Privacy and Security (TOPS). May 2017.

  • Enterprise Data Breach: Causes, Challenges, Prevention, and Future Directions.
    Long Cheng, Fang Liu, and Danfeng Yao.
    WIREs Data Mining and Knowledge Discovery. Wiley. 2017.
    Featured by Wiley’s Advanced Science News. Invited Review Paper

  • Provably Secure Anonymous-yet-Accountable Crowdsensing with Scalable Sublinear Revocation.
    Sazzadur Rahaman, Long Cheng, Danfeng Yao, He Li, and Jung-Min Park.
    Proceedings on Privacy Enhancing Technologies (PoPETs). De Gruyter Open. Accepted. (Journal paper of the hybrid venue PoPETs/PETS 2017).

  • Breaking the target: An analysis of target data breach and lessons learned.
    Xiaokui Shu, Ke Tian, Andrew Ciambrone, and Danfeng Yao.
    arXiv preprint arXiv:1701.04940 (2017)
  • 2016

  • Causality-based Sensemaking of Network Traffic for Android Application Security.
    Hao Zhang, Danfeng Yao, and Naren Ramakrishnan.
    In Proceedings of 9th ACM Workshop on Artificial Intelligence and Security (AISec), co-located with the 23nd ACM Conference on Computer and Communications (CCS). October 28, 2016, Hofburg Palace, Vienna, Austria.(Acceptance rate: 32%)

  • Analysis of Code Heterogeneity for High-Precision Classification of Repackaged Malware.
    Ke Tian, Danfeng Yao, Barbara Ryder, and Gang Tan.
    In Proceedings of Mobile Security Technologies (MoST), in conjunction with the IEEE Symposium on Security and Privacy. San Jose, CA. May 2016.(Acceptance rate: 29%)

  • A Sharper Sense of Self: Probabilistic Reasoning of Program Behaviors for Anomaly Detection with Context Sensitivity.
    Kui Xu, Ke Tian, Danfeng Yao, and Barbara Ryder.
    In Proceedings of the 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). Toulouse, France. Jun., 2016. (Acceptance rate: 22%)

  • O3FA: A Scalable, Finite Automata-based, Pattern-Matching Engine for Out-of-Order Packet Inspection in IDS.
    Xiaodong Yu, Wu-chun Feng, Danfeng Yao, and Michela Becchi.
    In Proceedings of The 12th ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), co-located with the 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI). Santa Clara, CA.Mar. 2016. (Acceptance rate: 21%).

  • DECT: Distributed Evolving Context Tree for Understanding User Behavior Pattern Evolution.
    Xiaokui Shu, Nikolay Laptev, and Danfeng Yao.
    In Proceedings of 19th International Conference on Extending Database Technology (EDBT), co-located with International Conference on Database Theory (ICDT). Mar., 2016. Bordeaux, France. (with Yahoo! Lab)

  • Causality Reasoning about Network Events for Detecting Stealthy Malware Activities.
    Hao Zhang, Danfeng Yao, Naren Ramakrishnan, and Zhibin Zhang.
    Computers & Security (C&S). 58: 180-198. Elsevier. 2016. (Patent Granted)

  • Fast Detection of Transformed Data Leaks.
    Xiaokui Shu, Jing Zhang, Danfeng Yao, and Wu-Chun Feng.
    IEEE Transactions on Information Forensics & Security (TIFS). 11(3): 528-542. 2016.

  • Security Optimization of Dynamic Networks with Probabilistic Graph Modeling and Linear Programming.
    Hussain Almohri, Layne T. Watson, Danfeng Yao, and Xinming Ou.
    IEEE Transactions on Secure and Dependable Computing (TDSC). 13(4): 474-487. 2016.
  • 2015

  • A Formal Framework for Program Anomaly Detection.
    Xiaokui Shu, Danfeng Yao, and Barbara Ryder.
    In Proceedings of the 18th International Symposium on Research in Attacks, Intrusions and Defenses(RAID). Kyoto, Japan. Nov. 2015.(Acceptance rate: 23.5%.)
    RAID SLIDES

  • Unearthing Stealthy Program Attacks Buried in Extremely Long Execution Paths
    Xiaokui Shu, Danfeng Yao, and Naren Ramakrishnan.
    In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS). Denver, Colorado. Oct. 2015.(Acceptance rate: 19.8%.) (Featured in Communications of ACM)
    CCS SLIDES

  • Probabilistic Program Modeling for High-Precision Anomaly Classification.
    Kui Xu, Danfeng Yao, Barbara Ryder, and Ke Tian.
    In Proceedings of the 2015 IEEE Computer Security Foundations Symposium (CSF). Verona, Italy. Jul. 2015.(Acceptance rate: 35%.)

  • On the Need of Precise Inter-App ICC Classification for Detecting Android Malware Collusions.
    Karim Elish, Danfeng Yao, and Barbara Ryder.
    In Proceedings of Mobile Security Technologies (MoST), in conjunction with the IEEE Symposium on Security and Privacy. San Jose, CA. May 2015.(Acceptance rate: 30%)

  • Rapid and Parallel Content Screening for Detecting Transformed Data Exposure.
    Xiaokui Shu, Jing Zhang, Danfeng Yao, and Wu-Chun Feng.
    In Proceedings of the International Workshop on Security and Privacy in Big Data (BigSecurity), co-located with IEEE INFOCOM. Hong Kong. April, 2015. (Acceptance rate: 26%)

  • Visualizing Traffic Causality for Analyzing Network Anomalies.
    Hao Zhang, Maoyuan Sun, Danfeng Yao, and Chris North.
    In Proceedings of International Workshop on Security and Privacy Analytics (SPA), co-located with ACM CODASPY. San Antonio, TX. Mar. 2015.

  • Privacy-Preserving Scanning of Big Content for Sensitive Data Exposure with MapReduce.
    Fang Liu, Xiaokui Shu, Danfeng Yao, and Ali Butt.
    In Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY). San Antonio, TX. Mar. 2015. (Acceptance rate: 21%) (Featured by S2ERC, an NSF I/UCRC on software security)

  • Rapid Screening of Transformed Data Leaks with Efficient Algorithms and Parallel Computing.
    Xiaokui Shu, Jing Zhang, Danfeng Yao, and Wu-Chun Feng.
    In Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY). San Antonio, TX. Mar. 2015. Extended abstract. (Best Poster Award)

  • MadeCR: Correlation-based Malware Detection for Cognitive Radio.
    Yanzhi Dou, Kexiong (Curtis) Zeng, Yaling Yang, and Danfeng Yao.
    In Proceedings of IEEE Conference on Computer Communications (INFOCOM). Hong Kong. Apr. 2015. (Acceptance rate: 19%).

  • Privacy-Preserving Detection of Sensitive Data Exposure.
    Xiaokui Shu, Danfeng Yao, and Elisa Bertino.
    IEEE Transactions on Information Forensics & Security (TIFS). 10(5). 1092-1103. May 2015.

  • Profiling User-Trigger Dependence for Android Malware Detection.
    Karim O. Elish, Xiaokui Shu, Danfeng Yao, Barbara Ryder, and Xuxian Jiang.
    Computers & Security (C&S) . 49, 255–273. March 2015.
  • 2014

  • High Precision Screening for Android Malware with Dimensionality Reduction.
    Britton Wolfe, Karim Elish, and Danfeng Yao.
    In Proceedings of the 13th International Conference on Machine Learning and Applications. (ICMLA) Detroit, MI. Dec. 2014. (Acceptance rate: 35%)

  • Role-Playing Game for Studying User Behaviors in Security: A Case Study on Email Secrecy.
    Kui Xu, Danfeng Yao, Manuel A. Perez-Quinones, Casey Link, and E. Scott Geller.
    In Proceedings of the IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom). Miami, FL. Oct. 2014. (Acceptance rate: 20%).

  • Comprehensive Behavior Profiling for Proactive Android Malware Detection.
    Britton Wolfe, Karim Elish, and Danfeng Yao.
    In Proceedings of the 7th International Conference on Information Security (ISC). Hong Kong. Oct. 2014. (Acceptance rate: 19%).

  • Detection of Stealthy Malware Activities with Traffic Causality and Scalable Triggering Relation Discovery.
    Hao Zhang, Danfeng Yao and Naren Ramakrishnan.
    In Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security (ASIACCS). Kyoto, Japan. Jun. 2014. (Acceptance rate: 20%).

  • DroidBarrier: Know What is Executing on Your Android.
    Hussain Almohri, Danfeng Yao, and Dennis Kafura.
    In Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY). San Antonio, TX. Mar. 2014.(Acceptance rate: 23.5%).

  • Process Authentication for High System Assurance.
    Hussain M.J. Almohri, Danfeng (Daphne) Yao, and Dennis Kafura.
    IEEE Transactions on Dependable and Secure Computing (TDSC). 11(2), 168-180. March/April 2014.
  • 2013

  • Massive Distributed and Parallel Log Analysis For Organizational Security.
    Xiaokui Shu, John Smiy, Danfeng Yao, and Heshan Lin.
    In Proceedings of the First International Workshop on Security and Privacy in Big Data (BigSecurity), in conjunct with Globecom. Atlanta, GA. Dec. 2013. (Acceptance rate: 35%).

  • CloudSafe: Securing Data Processing within Vulnerable Virtualization Environments in the Cloud.
    Huijun Xiong, Qingji Zheng, Xinwen Zhang, and Danfeng Yao.
    In Proceedings of the first IEEE Conference on Communications and Network Security (CNS). Washington, D. C. Oct. 2013. (Acceptance rate: 28%).

  • Device-Based Isolation for Securing Cryptographic Keys.
    Karim Elish, Yipan Deng, Danfeng Yao and Dennis Kafura.
    In Proceedings of the 3rd International Symposium on Internet of Ubiquitous and Pervasive Things (IUPT) Halifax, Canada. Jun. 2013.

  • DNS for Massive-Scale Command and Control.
    Kui Xu, Patrick Butler, Sudip Saha, and Danfeng (Daphne) Yao.
    IEEE Transactions on Dependable and Secure Computing (TDSC). 10(3), 143-153. May/June 2013.
  • 2012

  • A Semantics Aware Approach to Automated Reverse Engineering Unknown Protocols.
    Yipeng Wang, Xiaochun Yun, M. Zubair Shafiq, Alex X. Liu, Zhibin Zhang, Liyan Wang, Danfeng Yao, Yongzheng Zhang, and Li Guo.
    20th IEEE International Conference on Network Protocols (ICNP). Austin, TX. Oct. 2012. (Acceptance rate: 23%). (Best Paper Award)

  • Data Leak Detection As a Service.
    Xiaokui Shu and Danfeng Yao.
    In Proceedings of the 8th International Conference on Security and Privacy in Communication Networks (SECURECOMM). Padua, Italy. Sep. 2012. (Acceptance rate: 29%).
    Online demo
    SECURECOMM slides on privacy-preserving data leak detection.

  • User Intention-Based Traffic Dependence Analysis For Anomaly Detection.
    Hao Zhang, William Banick, Danfeng Yao and Naren Ramakrishnan.
    In Proceedings of Workshop on Semantics and Security (WSCS), in conjunction with the IEEE Symposium on Security and Privacy. San Francisco, CA. May 2012.
    The submitted journal version manuscript of our traffic dependency analysis work and CR-Miner prototype can be found HERE.

  • User-Centric Dependence Analysis For Identifying Malicious Mobile Apps.
    Karim O. Elish, Danfeng Yao, and Barbara G. Ryder.
    In Proceedings of the Workshop on Mobile Security Technologies (MoST), in conjunction with the IEEE Symposium on Security and Privacy. San Francisco, CA. May 2012.
    Full version technical report can be found HERE.

  • Identifying Native Applications with High Assurance.
    Hussain M. J. Almohri, Danfeng Yao, and Dennis Kafura.
    In Proceedings of ACM Conference on Data and Application Security and Privacy (CODASPY). San Antonio, TX, USA. Feb. 2012. (Acceptance rate: 25%).
    The submitted journal version manuscript of our process authentication work and A2 prototype system can be found HERE.

  • Towards End-to-End Secure Content Storage and Delivery with Public Cloud.
    Huijun Xiong, Xinwen Zhang, Danfeng Yao, Xiaoxin Wu, and Yonggang Wen.
    In Proceedings of ACM Conference on Data and Application Security and Privacy (CODASPY). San Antonio, TX, USA. Feb. 2012. (Acceptance rate: 25%).

  • Data-Provenance Verification For Secure Hosts.
    Kui Xu, Huijun Xiong, Chehai Wu, Deian Stefan, and Danfeng Yao.
    IEEE Transactions on Dependable and Secure Computing (TDSC). 9(2), 173-183. March/April 2012.

  • Robustness of Keystroke-Dynamics Based Biometrics Against Synthetic Forgeries.
    Deian Stefan, Xiaokui Shu, and Danfeng Yao.
    Computers & Security (C&S). 31. 109-121. 2012. Elsevier.
  • 2011

  • Detecting Infection Onset With Behavior-Based Policies.
    Kui Xu, Danfeng Yao, Qiang Ma, and Alex Crowell.
    In Proceedings of the Fifth International Conference on Network and System Security (NSS). Milan, Italy. Sep. 2011. (Acceptance rate: 22%).

  • K2C: Cryptographic Cloud Storage With Lazy Revocation and Anonymous Access.
    Saman Zarandioon, Danfeng Yao, and Vinod Ganapathy.
    In Proceedings of the 7th International ICST Conference on Security and Privacy in Communication Networks (SecureComm). Lecture Notes in Computer Science (LNCS). Sep. 2011. London, UK. (Acceptance rate: 24%).

  • CloudSeal: End-to-End Content Protection in Cloud-based Storage and Delivery Services.
    Huijun Xiong, Xinwen Zhang, Wei Zhu and Danfeng Yao.
    In Proceedings of the 7th International ICST Conference on Security and Privacy in Communication Networks(SecureComm). Lecture Notes in Computer Science (LNCS). Sep. 2011. London, UK.

  • Quantitatively Analyzing Stealthy Communication Channels.
    Patrick Butler, Kui Xu, and Danfeng Yao.
    In Proceedings of International Conference on Applied Cryptography and Network Security (ACNS). Lecture Notes in Computer Science. Jun. 2011 (LNCS). Acceptance rate: 18% (31/172).
    The submitted journal version manuscript of our DNS-based botnet command and control work can be found HERE.

  • Inferring Protocol-State Machine from Network Traces: A Probabilistic Description Method.
    Yipeng Wang, Zhibin Zhang, Danfeng Yao, Buyun Qu, and Li Guo.
    In Proceedings of International Conference on Applied Cryptography and Network Security (ACNS). Lecture Notes in Computer Science (LNCS). Jun. 2011. Acceptance rate: 18% (31/172).
  • 2010

  • Keystroke-Dynamics Authentication Against Synthetic Forgeries.
    Deian Stefan and Danfeng Yao.
    In Proceedings of the International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom). Chicago, IL. Nov. 2010. (Best Paper Award)

  • Knowing Where Your Input is From: Kernel-Level Provenance Verification.
    Deian Stefan, Chehau Wu, Danfeng Yao, and Gang Xu.
    In Proceedings of the 8th International Conference on Applied Cryptography and Network Security (ACNS). Pages 71-87. June, 2010. Beijing, China. (Patented)

  • Towards Publishing Recommendation Data With Predictive Anonymization.
    Chih-Cheng Chang, Brian Thompson, Hui Wang, and Danfeng Yao.
    In Proceedings of ACM Symposium on Information, Computer & Communication Security (ASIACCS). Apr. 2010.

  • Using a Trust Inference Model for Flexible and Controlled Information Sharing During Crises.
    Qian Yang, Danfeng Yao, Kaitlyn Muller, and James Garnett.
    Journal of Contingencies and Crisis Management. 18(4), 231-241. 2010. Wiley-Blackwell.

  • Applications and Security of Next-Generation User-Centric Wireless Systems.
    Jerry Rick Ramstetter, Yaling Yang, and Danfeng Yao.
    Future Internet, Special Issue on Security for Next Generation Wireless and Decentralized Systems. Editors: Ralf Steinmetz and Andre Koenig. 2010. (Invited Paper)

  • Independently-Verifiable Decentralized Role-Based Delegation.
    Roberto Tamassia, Danfeng Yao, and William H. Winsborough.
    IEEE Transactions on Systems, Man, and Cybernetics (SMC), Part A. 40(6), 1206-1219. Nov. 2010.
  • 2009

  • User-Assisted Host-Based Detection of Outbound Malware Traffic.
    Huijun Xiong, Prateek Malhotra, Deian Stefan, Chehai Wu, and Danfeng Yao.
    In Proceedings of International Conference on Information and Communications Security (ICICS). Beijing, P.R. China. Dec. 2009.

  • Towards Automatic Privacy Management in Web 2.0 with Semantic Analysis on Annotations.
    Nitya H. Vyas, Anna Squicciarini, Chih-Cheng Chang, and Danfeng Yao.
    In Proceedings of International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom). Washington DC. Nov. 2009.

  • Building Robust Authentication Systems With Activity-Based Personal Questions.
    Anitra Babic, Huijun Xiong, Danfeng Yao, and Liviu Iftode.
    In Proceedings of ACM Workshop on Assurable & Usable Security Configuration (SafeConfig). Collocated with the ACM Conference on Computer and Communications Security (CCS). Chicago, IL. Nov. 2009.
    ( Featured in NSF News)

  • Privacy-aware Identity Management for Client-side Mashup Applications.
    Saman Zarandioon, Danfeng Yao, and Vinod Ganapathy.
    In Proceedings of the Fifth ACM Workshop on Digital Identity Management (DIM). Collocated with ACM Conference on Computer and Communications Security (CCS). Chicago, IL. Nov. 2009.

  • Privacy-Preserving Computation and Verification of Aggregate Queries on Outsourced Databases.
    Brian Thompson, Danfeng Yao, Stuart Haber, William G. Horne, and Tomas Sander.
    In Proceedings of the 9th Privacy Enhancing Technologies Symposium (PETS). Seattle, WA. Aug. 2009.

  • Detection and Prevention of Insider Threats in Database Driven Web Services.
    Tzvika Chumash and Danfeng Yao.
    In Proceedings of The Third IFIP WG 11.11 International Conference on Trust Management (IFIPTM). Pages 117-132. Jun. 2009. West Lafayette, IN.

  • Union-Split Clustering Algorithm and Social Network Anonymization.
    Brian Thompson and Danfeng Yao.
    In Proceedings of ACM Symposium on Information, Computer & Communication Security (ASIACCS). Mar. 2009. Sydney, Australia.

  • Compact and Anonymous Role-Based Authorization Chain.
    Danfeng Yao and Roberto Tamassia.
    ACM Transactions on Information and System Security (TISSEC). 12(3). Mar. 2009.
  • 2008

  • Select Audit: A Secure and Efficient Audit Framework for Networked Virtual Environments.
    Tuan Phan and Danfeng Yao.
    In Proceedings of the 4th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom). Nov. 2008. Orlando, FL.

  • Design and Implementation of an Open Framework for Secure Communication in Mashup Applications.
    Saman Zarandioon, Danfeng Yao, and Vinod Ganapathy.
    Annual Computer Security Applications Conference (ACSAC). December 8-12, 2008. Anaheim, California, USA.

  • Securing Geographic Routing in Mobile Ad-hoc Networks.
    Vivek Pathak, Danfeng Yao, and Liviu Iftode.
    International Conference on Vehicular Electronics and Safety (ICVES). September 22-24, 2008. Columbus, Ohio.

  • Improving Email Trustworthiness through Social-Group Key Authentication.
    Vivek Pathak, Danfeng Yao, and Liviu Iftode.
    Fifth Conference on Email and Anti-Spam (CEAS). Microsoft Research Silicon Valley, Mountain View, California.Aug. 21-22, 2008.

  • Efficient signature schemes supporting redaction, pseudonymization, and data deidentification.
    Stuart Haber, Yasuo Hatano, Yoshinori Honda, William Horne, Kunihiko Miyazaki, Tomas Sander, Satoru Tezuka, Danfeng Yao.
    ACM Symposium on Information, Computer & Communication Security (ASIACCS) 2008.

  • Notarized Federated ID Management and Authentication.
    Michael T. Goodrich, Roberto Tamassia, and Danfeng Yao.
    Journal of Computer Security (JCS), 16(4): 399-418. 2008.

  • Efficient and Secure Content Processing and Distribution by Cooperative Intermediaries.
    Yunhua Koglin, Danfeng Yao, and Elisa Bertino.
    IEEE Transactions on Parallel and Distributed Systems (TPDS). 19(5): 615-626. 2008.

  • Private Information: To Reveal or Not To Reveal.
    Danfeng Yao, Keith Frikken, Mike Atallah, Roberto Tamassia.
    ACM Transactions on Information and System Security (TISSEC). 12(1). Feb. 2008.
  • 2007

  • Private Distributed Scalar Product Protocol With Application To Privacy-Preserving Computation of Trust. Danfeng Yao, Roberto Tamassia, and Seth Proctor. In Proceedings Joint iTrust and PST Conferences on Privacy, Trust Management and Security (IFIPTM). Moncton, New Brunswick, Canada. Jul. 2007.

  • Privacy-Preserving Schema Matching Using Mutual Information. Isabel F. Cruz, Roberto Tamassia, and Danfeng Yao. Extended Abstract. In Proceedings of the 21th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec) . Redondo Beach, CA. Jul. 2007. Extended Abstract. Slides (.ppt).

  • Decentralized Authorization and Data Security in Web Content Delivery. Danfeng Yao, Yunhua Koglin, Elisa Bertino, and Roberto Tamassia. In Proceedings of the 22nd ACM Symposium on Applied Computing (SAC). Seoul, Korea. March, 2007. Slides (.ppt).
  • 2006

  • Point-Based Trust: Define How Much Privacy Is Worth. (Best Student Paper Award) Danfeng Yao, Keith Frikken, Mike Atallah, Roberto Tamassia. In Proceedings of the Eighth International Conference on Information and Communications Security (ICICS). Lecture Notes in Computer Science (LNCS). Volume 4307, pages 190 – 209. Ning, Qing, and Li (Eds). Springer. Raleigh, North Carolina, USA. December, 2006. Full version. Slides (.ppt). (Best Student Paper Award)

  • Cascaded Authorization with Anonymous-Signer Aggregate Signatures. Danfeng Yao and Roberto Tamassia. In Proceedings of the Seventh Annual IEEE Systems, Man and Cybernetics Information Assurance Workshop (IAW). West Point, New York. June 2006. Full version. Slides (.ppt)

  • Notarized Federated Identity Management for Increased Trust in Web Services. Michael T. Goodrich, Roberto Tamassia, and Danfeng Yao. In Proceedings of the 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec). Sophia Antipolis, France. July 2006. Full version. Slides (.ppt)
  • 2005

  • Visualization of Automated Trust Negotiation. Danfeng Yao, Michael Shin, Roberto Tamassia, and William H. Winsborough. In Proceedings of the Workshop on Visualization for Computer Security (VizSEC), in conjunction with Vis 2005 and InfoVis 2005. Pages 65-74. IEEE Press. Minneapolis, MN. October 2005. Slides (.ppt)

  • On Improving the Performance of Role-Based Cascaded Delegation in Ubiquitous Computing. Danfeng Yao, Roberto Tamassia, and Seth Proctor. In Proceedings of the First Annual IEEE/CreateNet Conference on Security and Privacy for Emerging Areas in Communication Networks (SecureComm). Pages 157-168. IEEE Press. Athens, Greece. September 2005. Slides (.ppt)

  • Accredited DomainKeys: A Service Architecture for Improved Email Validation. Michael T. Goodrich, Roberto Tamassia, and Danfeng Yao. In the Second Conference on Email and Anti-Spam (CEAS). Stanford University, CA. July 2005. Slides (.ppt)
  • 2004

  • Role-Based Cascaded Delegation. Roberto Tamassia, Danfeng Yao, and William H. Winsborough. In Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT). Pages: 146 – 155. ACM Press. Yorktown Heights, NY, June 2004. Slides (.ppt)

  • ID-Based Encryption for Complex Hierarchies with Applications to Forward Security and Broadcast Encryption. Danfeng Yao, Nelly Fazio, Yevgeniy Dodis, and Anna Lysyanskaya. In Proceeding of the ACM Conference on Computer and Communications Security (CCS). Pages: 354 – 363. ACM Press. Washington DC, 2004. Full version Slides (.ppt)
  • back to top