Publication

Our new research CONSET (“Semantics Over Syntax: Uncovering Pre-Authentication 5G Baseband Vulnerabilities”) will appear in USENIX Security’26. This work leverages LLM and builds a new framework CONSET, which systematically extracts specification-level constraints and turns them into semantic violations for testing 5G UE implementations. On commercial smartphones, it confirms 6 device-level flaws through responsible disclosure, including 3 high-severity CVEs. These vulnerabilities affect 41 chipset models and over 466 commercially available smartphones.

This is joint work with researchers (Prof. Hongxin Hu and his students) at University of Buffalo. Congratulations on the amazing work, Qiqing!

Our new research Heracles (“𝑶𝒏 𝒕𝒉𝒆 𝑺𝒆𝒄𝒖𝒓𝒊𝒕𝒚 𝑹𝒊𝒔𝒌𝒔 𝒐𝒇 𝑴𝒆𝒎𝒐𝒓𝒚 𝑨𝒅𝒂𝒑𝒕𝒂𝒕𝒊𝒐𝒏 𝒂𝒏𝒅 𝑨𝒖𝒈𝒎𝒆𝒏𝒕𝒂𝒕𝒊𝒐𝒏 𝒊𝒏 𝑫𝒂𝒕𝒂-𝒑𝒍𝒂𝒏𝒆 𝑫𝒐𝑺 𝑴𝒊𝒕𝒊𝒈𝒂𝒕𝒊𝒐𝒏”) will appear in NDSS’26. This work examines emerging security risks in modern programmable network infrastructures and highlights how design choices for efficiency can introduce new attack surfaces. We further propose Shield , a multi-layered mitigation scheme that successfully mitigates the Heracles attack while preserving line-rate performance and adaptive detection accuracy.

This is joint work with researchers (Prof. Min Suk Kang and his students) at KAIST. Congratulations on the amazing work, Hocheol! And thank you for spending time with us at the SUCCESS Lab as a visiting student in 2025!

Our DSN’15 paper “FloodGuard: A DoS Attack Prevention Extension in Software-Defined Networks” (by Haopei Wang, Lei Xu, Guofei Gu) received the Test of Time Award at this year’s DSN conference (2025 Annual IEEE/IFIP International Conference on Dependable Systems and Networks)! We are so honored and humbled to receive this recognition for our SDN security research in 2015! Congratulations again, Haopei & Lei!

Some background information about this award: “The Test-of-Time Award recognizes two outstanding papers published 10 years ago at DSN, in the DSN proceedings (research track, practical experience report or tool papers), that have had a sustained and important impact on the theory and/or practice of dependable systems and networks computing research. DSN has several areas under its umbrella and with two awards there are conditions to recognize more than one area. In exceptional situations (not enough nominations), the time frame for awards can be extended to 10-12 years, and only one paper can be awarded, in this order.”

Our new paper on understanding the risks of dynamic content in the Alexa skill ecosystem is going to appear in ACM WiSec’25! Congratulations, Nathan!

Shreyas has two papers on human-centered security research to appear in Euro S&P’25! They are “Demystifying the Perceptions Gap Between Designers and Practitioners in Two Security Standards” and “Incentivizing Security Excellence in Cyber Liability Insurance”. Congratulations, Shreyas!

Our paper “Beyond Visual Confusion: Understanding How Inconsistencies in ENS Normalization Facilitate Homoglyph Attacks” is accepted to WWW’25. Congratulations, Jianwei!

Recently, automatic moving target defense (AMTD) is recognized as a promising proactive defense technique against cyber attacks. In particular, NTO (Network Topology Obfuscation) is an emerging AMTD approach for dynamic reconfiguration of network infrastructure/configuration. In our new research that will appear in USENIX Security’24, we introduce a new CrossPoint attack that can escape the security protections of state-of-the-art NTO defenses. Congratulations, Xuanbo!

Our paper “WIRE: Web3 Integrated Reputation Engine” is accepted to ICDCS’24. Inspired by the FICO score system in traditional finance, we introduce WIRE, a new reputation engine designed to evaluate the trustworthiness of deployed DApps in the Web3 (blockchain/cryptocurrency/etc.) world! We’re releasing our prototype here! Congratulations to Suraj & Huancheng!

Our ACSAC’07 paper “A Taxonomy of Botnet Structures” (by David Dagon, Guofei Gu, Christopher P. Lee, and Wenke Lee) received the Test of Time Paper Award at this year’s ACSAC conference (2023)! We are so honored and humbled to receive this recognition for our botnet research in 2007!

Some background on the award from ACSAC: “These awards provide an opportunity to honor papers that have been published at ACSAC that have had enduring significance and impact to the security community. The committee considered papers published more than 15 years ago, and discussed their impact on academia, industry, and government. “