I am an Associate Professor in the Department of Computer Science at Stony Brook University.
My students and I work on all sorts of practical, hands-on security and privacy. The topics that I have been the most active in are:
Spring 2024 | CSE 361, Web Security |
Fall 2023 | CSE 659, Computer Security Seminar |
Spring 2023 | CSE 361, Web Security |
Fall 2022 | CSE 659, Computer Security Seminar |
Spring 2022 | CSE 361, Web Security |
Fall 2021 | CSE 659, Computer Security Seminar |
Spring 2021 | CSE 361, Web Security |
Fall 2020 | CSE 659, Computer Security Seminar |
Spring 2020 | CSE 659, Computer Security Seminar |
Fall 2019 | CSE 331, Computer Security Fundamentals |
Spring 2019 | CSE 509, System Security |
Fall 2018 | CSE 331, Computer Security Fundamentals |
Spring 2018 | CSE 659, Computer Security Seminar |
Fall 2017 | CSE 361, Web Security |
Fall 2016 | CSE 509, System Security |
Spring 2016 | CSE 659, Computer Security Seminar |
Fall 2015 | CSE 509, System Security |
Spring 2015 | CSE 508, Network Security |
Fall 2014 | CSE 509, System Security |
Septenmber 2024 | IMC 2024 accepted our paper on ENS dropcatching. Congratulations to Muzammil and Zhengyu! |
August 2024 | Our USENIX Security paper on web application fingerprinting won a Distinguished Paper Award! |
eCrime 2024 accepted our paper on Web3 typosquatting. Congratulations to Muzammil! | |
May 2024 | Paper on using deception to protect web applications accepted at DIMVA 2024. Congrats to Billy! |
February 2024 | Our 2022 paper on Certificate Transparency Bots won the NSA Annual Best Scientific Cybersecurity paper award! |
September 2023 | Two papers accepted at IEEE S&P 2024 and NDSS 2024. Congratulations to Chris, Xigao, and Brian! |
June 2023 | Two papers accepted at USENIX Security 2023. Congratulations to Babak and Chris! |
January 2023 | Two papers accepted at WWW 2023. Congratulations to Xigao, Babak, and Johnny! |
December 2022 | Papers on debloating and cryptocurrency scams were accepted at CODASPY and NDSS. Congratulations Babak and Xigao! |
August 2022 | Paper on continuous extension fingerprinting (in collaboration with UIC) was accepted at CCS. Congratulations Kostas and Panos! |
May 2022 | Paper on Certificate Transparency bots was accepted to USENIX Security 2022. Congratulations to Brian and Johnny! |
February 2022 | Paper on extension fingerprinting (in collaboration with UIC) was accepted to USENIX Security 2022. Congratulations Kostas, Panos, and Soroush! |
January 2022 | Paper on post-publication title changes accepted at WWW 2022. Congratulations to Xingzhi and Brian! |
November 2021 | Our work on MITM phishing kits got the 3rd place at the CSAW 2021 Applied Research Competition! |
October 2021 | Paper on mobile-sandbox evasions accepted to NDSS 2022. Congratulations to Brian and Babak! |
August 2021 | Paper on residual trust accepted at IEEE S&P 2022. Congratulations to Johnny! |
Year-long study on MITM phishing kits accepted at CCS 2021. Congratulations to Brian and Babak! | |
February 2021 | Paper on deception-augmented authentication accepted at ASIACCS 2021. Congratulations to Tim and Johnny! |
Paper on characterization of web bots accepted at IEEE S&P 2021. Congratulations to Xigao and Babak! | |
January 2021 | Paper accepted from collaboration with CMU at WWW 2021. Congratulations to Meng and Brian! |
December 2020 | Paper accepted at USENIX Security 2021. Congratulations to Pierre and Oleksii! |
Paper accepted at NDSS 2021. Congratulations to Brian! | |
April 2020 | ONR funded my YIP proposal on monitoring web application updates. Thank you ONR! |
Two papers accepted at DIMVA! Congratulations to Babak, Pierre, and Oleksii! | |
March 2020 | NSF funded my CAREER proposal on ensuring the integrity of web content! Thank you NSF! |
I have been promoted to Associate Professor with tenure. | |
February 2020 | Paper accepted at IEEE S&P (Oakland) 2020. Congratulations Brian! |
July 2019 | Paper accepted at RAID 2019. Congratulations Tim and Najmeh! |
May 2019 | Paper accepted at DIMVA 2019. Congrats Pierre! |
April 2019 | Two papers accepted at USENIX Security 2019!! Congratulations to Babak, Pierre, and Oleksii! |
Paper accepted at AsiaCCS 2019! Congratulations to Najmeh! | |
January 2019 | Paper accepted at WWW 2019! |
Amazon funded our proposal on using cloud services to detect bots. Thank you Amazon! | |
November 2018 | Paper accepted at NDSS 2019! |
September 2018 | NSF funded our proposal on understanding and detecting malicious web bots. Thank you NSF! |
December 2017 | Three papers accepted at WWW 2018! |
October 2017 | Our S&P 2017 paper on malware sandbox evasion is a finalist in the CSAW 2017 competition! |
August 2017 | Three papers accepted at CCS 2017! |
Paper with Tim accepted at ACSAC 2017! | |
March 2017 | Two papers accepted at IEEE S&P 2017! |
WIRED wrote about our work on technical support scams. | |
Our paper on technical support scams received a "Distinguished Paper Award" at NDSS 2017! | |
Jan 2017 | I am the publicity chair of RAID 2017. Don't forget to submit your cool work! |
Dec 2016 | Two papers accepted at WWW 2017!! |
Oct 2016 | Papers accepted at EuroS&P and NDSS! |
Aug 2016 | I will be co-chairing eCrime 2017 with Damon McCoy! Consider submitting your best cybercrime work. |
Jul 2016 | Our PETS paper got an Honorable Mention Award at PETS 2016 |
Jun 2016 | Our Dagstuhl Workshop on Online Privacy and Web Transparency was accepted! |
Jun 2016 | NSF funded our two proposals on mobile web security and malware. Thank you NSF! |
Mar 2016 | ONR funded our proposals on tripwires and honeypots. Thank you ONR! |
Dec 2015 | Paper with Oleksii and Sharique accepted at WWW 2016! |
Oct 2015 | Paper with Zubair accepted at NDSS 2016! |
Jul 2015 | Paper with Oleksii accepted at PETS 2016! |
Jan 2015 | Our paper got accepted at WWW 2015! |
Oct 2014 | Two papers accepted at NDSS 2015! |
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010 and earlier
Content Integrity and Residual Trust
Deception and Honeypots
Attack Surface Measurement and Reduction
Browser Fingerprinting
Mobile Web Browsers
Online tracking and privacy
DNS security
Malicious advertising and cybercrime
Attacks and Forensics
Security Measurements
Countermeasures for the web
Low-level Security