51. Connecting the Dots: An Investigative Study on Linking Private User Data Across Messaging Apps
In Proc. of 33rd Network and Distributed System Security Symposium
Junkyu Kang, Soyoung Lee, Yonghwi Kwon, and Sooel Son
@inproceedings{ndss26_connecting,
author = {Junkyu Kang and Soyoung Lee and Yonghwi Kwon and Sooel Son},
title = {Connecting the Dots: An Investigative Study on Linking Private User Data Across Messaging Apps},
booktitle = {33rd Network and Distributed System Security Symposium, {NDSS} 2026, San Diego, California, USA, February 22-25, 2026},
year = {2026}
publisher = {The Internet Society},
}
50. IMUFUZZER: Resilience-based Discovery of Signal Injection Attacks on Robotic Vehicles
In Proc. of 40th IEEE/ACM International Conference on Automated Software Engineering
Sudharssan Mohan, Kyeongseok Yang, Zelun Kong, Yonghwi Kwon, Junghwan Rhee, Tyler Summers, Hongjun Choi, Heejo Lee, and Chung Hwan Kim
@inproceedings{ase25_imufuzzer,
author = {Sudharssan Mohan and Kyeongseok Yang and Zelun Kong and Yonghwi Kwon and Junghwan Rhee and Tyler Summers and Hongjun Choi and Heejo Lee and Chung Hwan Kim},
title = {IMUFUZZER: Resilience-based Discovery of Signal Injection Attacks on Robotic Vehicles},
booktitle = {40th {IEEE/ACM} International Conference on Automated Software Engineering ({ASE})},
year = {2025}
}
49. What's in Phishers: A Longitudinal Study of Security Configurations in Phishing Websites and Kits
In Proc. of 34th The Web Conference
Kyungchan Lim, Kiho Lee, Fujiao Ji, Yonghwi Kwon, Hyoungshick Kim, and Doowon Kim
@inproceedings{www25_phishers,
author = {Lim, Kyungchan
and Lee, Kiho
and Ji, Fujiao
and Kwon, Yonghwi
and Kim, Hyoungshick
and Kim, Doowon},
title = {What's in Phishers: A Longitudinal Study of Security Configurations in Phishing Websites and Kits},
booktitle = {Proceedings of the ACM on Web Conference 2025},
year = {2025},
pages = {957--968},
numpages = {12},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
location = {Sydney NSW, Australia},
series = {WWW '25},
isbn = {9798400712746},
doi = {10.1145/3696410.3714710},
url = {https://doi.org/10.1145/3696410.3714710}
}
48. 7 Days Later: Analyzing Phishing-Site Lifespan After Detected
In Proc. of 34th The Web Conference
Kiho Lee*, Kyungchan Lim* (co-first author), Hyoungshick Kim, Yonghwi Kwon, and Doowon Kim
@inproceedings{www25_7days,
author = {Lee, Kiho
and Lim, Kyungchan
and Kim, Hyoungshick
and Kwon, Yonghwi
and Kim, Doowon},
title = {7 Days Later: Analyzing Phishing-Site Lifespan After Detected},
booktitle = {Proceedings of the ACM on Web Conference 2025},
year = {2025},
pages = {945--956},
numpages = {12},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
location = {Sydney NSW, Australia},
series = {WWW '25},
isbn = {9798400712746},
doi = {10.1145/3696410.3714678},
url = {https://doi.org/10.1145/3696410.3714678}
}
47. RaceDB: Detecting Request Race Vulnerabilities in Database-Backed Web Applications
In Proc. of the 46th IEEE Symposium on Security and Privacy
An Chen, Yonghwi Kwon, and Kyu Hyung Lee
@inproceedings{sp25_racedb,
author = {Chen, An
and Kwon, Yonghwi
and Lee, Kyu Hyung},
title = {{RaceDB: Detecting Request Race Vulnerabilities in Database-Backed Web Applications}},
booktitle = {2025 IEEE Symposium on Security and Privacy (SP)},
year = {2025},
pages = {939--955},
publisher = {IEEE Computer Society},
address = {Los Alamitos, CA, USA},
month = {May},
doi = {10.1109/SP61157.2025.00029},
url = {https://doi.ieeecomputersociety.org/10.1109/SP61157.2025.00029}
}
In Proc. of the 46th IEEE Symposium on Security and Privacy
Junwha Hong, Wonil Jang, Mijung Kim, Lei Yu, Yonghwi Kwon, and Yuseok Jeon
@inproceedings{sp25_cmasan,
author = {Hong, Junwha
and Jang, Wonil
and Kim, Mijung
and Yu, Lei
and Kwon, Yonghwi
and Jeon, Yuseok},
title = {{CMASan: Custom Memory Allocator-Aware Address Sanitizer}},
booktitle = {2025 IEEE Symposium on Security and Privacy (SP)},
year = {2025},
pages = {740--757},
publisher = {IEEE Computer Society},
address = {Los Alamitos, CA, USA},
month = {May},
doi = {10.1109/SP61157.2025.00110},
url = {https://doi.ieeecomputersociety.org/10.1109/SP61157.2025.00110}
}
45. Scavy: Automated Discovery of Memory Corruption Targets in Linux Kernel for Privilege Escalation
In Proc. of the 33rd USENIX Security Symposium
Erin Avllazagaj, Yonghwi Kwon, and Tudor DumitraČ™
@inproceedings{usenix24_scavy,
author = {Avllazagaj, Erin
and Kwon, Yonghwi
and Dumitra{\c{s}}, Tudor},
title = {SCAVY: automated discovery of memory corruption targets in linux kernel for privilege escalation},
booktitle = {Proceedings of the 33rd USENIX Conference on Security Symposium},
year = {2024},
articleno = {399},
numpages = {18},
publisher = {USENIX Association},
address = {USA},
location = {Philadelphia, PA, USA},
series = {SEC '24},
isbn = {978-1-939133-44-1}
}
44. FreePart: Hardening Data Processing Software via Framework-based Partitioning and Isolation
In Proc. of the 29th International Conference on Architectural Support for Programming Languages and Operating Systems
Ali Ahad, Gang Wang, Chung Hwan Kim, Suman Jana, Zhiqiang Lin, and Yonghwi Kwon
@inproceedings{asplos24_freepart,
author = {Ahad, Ali
and Wang, Gang
and Kim, Chung Hwan
and Jana, Suman
and Lin, Zhiqiang
and Kwon, Yonghwi},
title = {FreePart: Hardening Data Processing Software via Framework-based Partitioning and Isolation},
booktitle = {Proceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 4},
year = {2024},
pages = {169--188},
numpages = {20},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
location = {Vancouver, BC, Canada},
series = {ASPLOS '23},
isbn = {9798400703942},
doi = {10.1145/3623278.3624760},
url = {https://doi.org/10.1145/3623278.3624760}
}
43. BTFuzzer: a profile-based fuzzing framework for Bluetooth protocols
In Proc. of the 26th Annual International Conference on Information Security and Cryptology
Min Jang, Yuna Hwang, Yonghwi Kwon, and Hyoungshick Kim
@inproceedings{icisc23_btfuzzer,
author = {Jang, Min
and Hwang, Yuna
and Kwon, Yonghwi
and Kim, Hyoungshick},
title = {BTFuzzer: A Profile-Based Fuzzing Framework for Bluetooth Protocols},
booktitle = {Information Security and Cryptology - ICISC 2023: 26th International Conference on Information Security and Cryptology, ICISC 2023, Seoul, South Korea, November 29 - December 1, 2023},
year = {2023},
pages = {20--38},
numpages = {19},
publisher = {Springer-Verlag},
address = {Berlin, Heidelberg},
location = {Seoul, Korea (Republic of)},
isbn = {978-981-97-1237-3},
}
42. A Longitudinal Study of Vulnerable Client-side Resources and Web Developers' Updating Behaviors
In Proc. of the 23rd ACM Internet Measurement Conference
Kyungchan Lim, Yonghwi Kwon, and Doowon Kim
@inproceedings{imc23_longitudinal,
author = {Lim, Kyungchan
and Kwon, Yonghwi
and Kim, Doowon},
title = {A Longitudinal Study of Vulnerable Client-side Resources and Web Developers' Updating Behaviors},
booktitle = {Proceedings of the 2023 ACM on Internet Measurement Conference},
year = {2023},
pages = {162--180},
numpages = {19},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
location = {Montreal QC, Canada},
series = {IMC '23},
isbn = {9798400703829},
doi = {10.1145/3618257.3624804},
url = {https://doi.org/10.1145/3618257.3624804}
}
41. BFTDetector: Automatic Detection of Business Flow Tampering for Digital Content Service
In Proc. of the 45th International Conference on Software Engineering
I Luk Kim, Weihang Wang, Yonghwi Kwon, and Xiangyu Zhang
@inproceedings{icse23_bftdetector,
author = {Kim, I Luk and Wang, Weihang and Kwon, Yonghwi and Zhang, Xiangyu},
title = {BFTDETECTOR: Automatic Detection of Business Flow Tampering for Digital Content Service},
booktitle = {Proceedings of the 45th International Conference on Software Engineering},
year = {2023},
pages = {448--459},
numpages = {12},
publisher = {IEEE Press},
location = {Melbourne, Victoria, Australia},
series = {ICSE '23},
isbn = {9781665457019},
doi = {10.1109/ICSE48619.2023.00048},
url = {https://doi.org/10.1109/ICSE48619.2023.00048},
}
40. SynthDB: Synthesizing Database via Program Analysis for Security Testing of Web Applications
In Proc. of the 30th Network and Distributed System Security Symposium
An Chen, JiHo Lee, Basanta Chaulagain, Yonghwi Kwon, and Kyu Hyung Lee
@inproceedings{ndss23_synthdb,
author = {An Chen and
Jiho Lee and
Basanta Chaulagain and
Yonghwi Kwon and
Kyu Hyung Lee},
title = {SynthDB: Synthesizing Database via Program Analysis for Security Testing of Web Applications},
booktitle = {30th Annual Network and Distributed System Security Symposium, {NDSS} 2023, San Diego, California, USA, February 27 - March 3, 2023},
publisher = {The Internet Society},
year = {2023},
url = {https://www.ndss-symposium.org/ndss-paper/synthdb-synthesizing-database-via-program-analysis-for-security-testing-of-web-applications/},
}
39. PyFET: Forensically Equivalent Transformation for Python Binary Decompilation
In Proc. of the 44th IEEE Symposium on Security and Privacy
Ali Ahad, Chijung Jung, Ammar Askar, Doowon Kim, Taesoo Kim, and Yonghwi Kwon
@inproceedings{sp23_pyfet,
author={Ahad, Ali and Jung, Chijung and Askar, Ammar and Kim, Doowon and Kim, Taesoo and Kwon, Yonghwi},
booktitle={2023 IEEE Symposium on Security and Privacy (SP)},
title={Pyfet: Forensically Equivalent Transformation for Python Binary Decompilation},
year={2023},
volume={},
number={},
pages={3296-3313},
doi={10.1109/SP46215.2023.10179370}
}
38. Automated Discovery of Sensor Spoofing Attacks on Robotic Vehicles
In Proc. of the 29th ACM Conference on Computer and Communications Security
Kyeongseok Yang*, Sudharssan Mohan* (*: co-first authors), Yonghwi Kwon, Heejo Lee, and Chung Hwan Kim
@inproceedings{ccs22_autospoof,
author = {Yang, Kyeongseok and Mohan, Sudharssan and Kwon, Yonghwi and Lee, Heejo and Kim, Chung Hwan},
title = {Poster: Automated Discovery of Sensor Spoofing Attacks on Robotic Vehicles},
year = {2022},
isbn = {9781450394505},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3548606.3563551},
doi = {10.1145/3548606.3563551},
booktitle = {Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security},
pages = {3503-3505},
numpages = {3},
keywords = {fuzzing, robotic vehicle, sensor spoofing},
location = {Los Angeles, CA, USA},
series = {CCS '22}
}
37. DriveFuzz: Discovering Autonomous Driving Bugs through Driving Quality-Guided Fuzzing
In Proc. of the 29th ACM Conference on Computer and Communications Security
Seulbae Kim, Major Liu, Junghwan Rhee, Yuseok Jeon, Yonghwi Kwon, and Chung Hwan Kim
@inproceedings{ccs22_drivefuzz,
author = {Kim, Seulbae and Liu, Major and Rhee, Junghwan John and Jeon, Yuseok and Kwon, Yonghwi and Kim, Chung Hwan},
title = {DriveFuzz: Discovering Autonomous Driving Bugs through Driving Quality-Guided Fuzzing},
year = {2022},
isbn = {9781450394505},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3548606.3560558},
doi = {10.1145/3548606.3560558},
booktitle = {Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security},
pages = {1753-1767},
numpages = {15},
location = {Los Angeles, CA, USA},
series = {CCS '22}
}
36. Dazzle-attack: Anti-Forensic Server-side Attack via Fail-free Dynamic State Machine
In Proc. of the 23rd World Conference on Information Security Applications
Bora Lee*, Kyungchan Lim* (*: co-first authors), JiHo Lee, Chijung Jung, Doowon Kim, Kyu Hyung Lee, Haehyun Cho, and Yonghwi Kwon
@inproceedings{wisa22_dazzle,
author = {Bora Lee and
Kyungchan Lim and
JiHo Lee and
Chijung Jung and
Doowon Kim and
Kyu Hyung Lee and
Haehyun Cho and
Yonghwi Kwon},
editor = {Ilsun You and
Taek{-}Young Youn},
title = {Dazzle-attack: Anti-Forensic Server-side Attack via Fail-Free Dynamic State Machine},
booktitle = {Information Security Applications - 23rd International Conference, {WISA} 2022, Jeju Island, South Korea, August 24-26, 2022},
series = {Lecture Notes in Computer Science},
volume = {13720},
pages = {204--221},
publisher = {Springer},
year = {2022},
}
35. Hiding Critical Program Components via Ambiguous Translation
In Proc. of the 44th International Conference on Software Engineering
Chijung Jung, Doowon Kim, An Chen, Weihang Wang, Yunhui Zheng, Kyu Hyung Lee, and Yonghwi Kwon
@inproceedings{conf_icse22_ambitr,
author = {Chijung Jung and
Doowon Kim and
An Chen and
Weihang Wang and
Yunhui Zheng and
Kyu Hyung Lee and
Yonghwi Kwon},
title = {Hiding Critical Program Components via Ambiguous Translation},
booktitle = {44th {IEEE/ACM} 44th International Conference on Software Engineering,
{ICSE} 2022, Pittsburgh, PA, USA, May 25-27, 2022},
pages = {1120--1132},
publisher = {{IEEE}},
year = {2022},
url = {https://doi.org/10.1145/3510003.3510139},
doi = {10.1145/3510003.3510139},
}
34. SwarmFlawFinder: Discovering and Exploiting Logic Flaws of Swarm Algorithms
In Proc. of the 43rd IEEE Symposium on Security and Privacy
Chijung Jung, Ali Ahad, Yuseok Jeon, and Yonghwi Kwon
@inproceedings{conf_oakland22_swarmflawfinder,
author = {Chijung Jung and
Ali Ahad and
Yuseok Jeon and
Yonghwi Kwon},
title = {{SwarmFlawFinder:} Discovering and Exploiting Logic Flaws of Swarm Algorithms},
booktitle = {43rd {IEEE} Symposium on Security and Privacy, {SP} 2022, San Francisco,
CA, USA, 23-26 May 2021},
pages = {1447-1464},
publisher = {{IEEE}},
year = {2022},
url = {https://doi.ieeecomputersociety.org/10.1109/SP46214.2022.00084},
doi = {10.1109/SP46214.2022.00084},
}
33. Sofware Watermarking via a Binary Function Relocation
In Proc. of 37th Annual Conference on Computer Security Applications
Honggoo Kang, Yonghwi Kwon, Sangjin Lee, and Hyungjoon Koo
@inproceedings{conf_acsac21_watermarking,
author = {Honggoo Kang and
Yonghwi Kwon and
Sangjin Lee and
Hyungjoon Koo},
title = {SoftMark: Software Watermarking via a Binary Function Relocation},
booktitle = {{ACSAC} '21: Annual Computer Security Applications Conference, Virtual
Event, USA, December 6 - 10, 2021},
pages = {169--181},
publisher = {{ACM}},
year = {2021},
url = {https://doi.org/10.1145/3485832.3488027},
doi = {10.1145/3485832.3488027},
}
32. Defeating Program Analysis Techniques via Ambiguous Translation
In Proc. of 36th IEEE/ACM International Conference on Automated Software Engineering (New Ideas and Emerging Results Track)
Chijung Jung, Doowon Kim, Weihang Wang, Yunhui Zheng, Kyu Hyung Lee, and Yonghwi Kwon
@inproceedings{conf_ase21nier,
author = {Chijung Jung and
Doowon Kim and
Weihang Wang and
Yunhui Zheng and
Kyu Hyung Lee and
Yonghwi Kwon},
title = {Defeating Program Analysis Techniques via Ambiguous Translation},
booktitle = {36th {IEEE/ACM} International Conference on Automated Software Engineering,
{ASE} 2021, Melbourne, Australia, November 15-19, 2021},
pages = {1382--1387},
publisher = {{IEEE}},
year = {2021},
url = {https://doi.org/10.1109/ASE51524.2021.9678912},
doi = {10.1109/ASE51524.2021.9678912},
}
31. TRACE: Enterprise-Wide Provenance Tracking For Real-Time APT Detection
IEEE Transactions on Information Forensics and Security
Hassaan Irshad, Gabriela Ciocarlie, Ashish Gehani, Vinod Yegneswaran, Kyu Hyung Lee, Jignesh Patel, Somesh Jha, Yonghwi Kwon, Dongyan Xu, and Xiangyu Zhang
@article{journal_tifs_trace,
author = {Hassaan Irshad and
Gabriela F. Ciocarlie and
Ashish Gehani and
Vinod Yegneswaran and
Kyu Hyung Lee and
Jignesh M. Patel and
Somesh Jha and
Yonghwi Kwon and
Dongyan Xu and
Xiangyu Zhang},
title = {{TRACE:} Enterprise-Wide Provenance Tracking for Real-Time {APT} Detection},
journal = {{IEEE} Trans. Inf. Forensics Secur.},
volume = {16},
pages = {4363--4376},
year = {2021},
url = {https://doi.org/10.1109/TIFS.2021.3098977},
doi = {10.1109/TIFS.2021.3098977},
}
30. An Empirical Study of Bugs in WebAssembly Compilers
In Proc. of 36th IEEE/ACM International Conference on Automated Software Engineering
Alan Romano, Xinyue Liu, Yonghwi Kwon, and Weihang Wang
@inproceedings{conf_ase21_wasmcompiler,
author = {Alan Romano and
Xinyue Liu and
Yonghwi Kwon and
Weihang Wang},
title = {An Empirical Study of Bugs in WebAssembly Compilers},
booktitle = {36th {IEEE/ACM} International Conference on Automated Software Engineering,
{ASE} 2021, Melbourne, Australia, November 15-19, 2021},
pages = {42--54},
publisher = {{IEEE}},
year = {2021},
url = {https://doi.org/10.1109/ASE51524.2021.9678776},
doi = {10.1109/ASE51524.2021.9678776},
}
29. Swarmbug: Debugging Configuration Bugs in Swarm Robotics
In Proc. of 29th ACM SIGSOFT International Symposium on the Foundations of Software Engineering
Chijung Jung, Ali Ahad, Jinho Jung, Sebastian Elbaum, and Yonghwi Kwon
@inproceedings{conf_fse21_swarmbug,
author = {Chijung Jung and
Ali Ahad and
Jinho Jung and
Sebastian G. Elbaum and
Yonghwi Kwon},
editor = {Diomidis Spinellis and
Georgios Gousios and
Marsha Chechik and
Massimiliano Di Penta},
title = {Swarmbug: debugging configuration bugs in swarm robotics},
booktitle = {{ESEC/FSE} '21: 29th {ACM} Joint European Software Engineering Conference
and Symposium on the Foundations of Software Engineering, Athens,
Greece, August 23-28, 2021},
pages = {868--880},
publisher = {{ACM}},
year = {2021},
url = {https://doi.org/10.1145/3468264.3468601},
doi = {10.1145/3468264.3468601},
}
In Proc. of 28th ACM Conference on Computer and Communications Security
Chijung Jung, Ali Ahad, and Yonghwi Kwon
@inproceedings{conf_ccs21_spinner,
author = {Meng Wang and
Chijung Jung and
Ali Ahad and
Yonghwi Kwon},
editor = {Yongdae Kim and
Jong Kim and
Giovanni Vigna and
Elaine Shi},
title = {Spinner: Automated Dynamic Command Subsystem Perturbation},
booktitle = {{CCS} '21: 2021 {ACM} {SIGSAC} Conference on Computer and Communications
Security, Virtual Event, Republic of Korea, November 15 - 19, 2021},
pages = {1839--1860},
publisher = {{ACM}},
year = {2021},
url = {https://doi.org/10.1145/3460120.3484577},
doi = {10.1145/3460120.3484577}
}
27. Security Analysis on Practices of Certificate Authorities in the HTTPS Phishing Ecosystem
In Proc. of 16th ACM ASIA Conference on Computer and Communications Security
Doowon Kim, Haehyun Cho, Yonghwi Kwon, Adam Doupe, Sooel Son, Gail-Joon Ahn, and Tudor Dumitras
@inproceedings{conf_asiaccs21_certificate,
author = {Doowon Kim and
Haehyun Cho and
Yonghwi Kwon and
Adam Doup{\'{e}} and
Sooel Son and
Gail{-}Joon Ahn and
Tudor Dumitras},
editor = {Jiannong Cao and
Man Ho Au and
Zhiqiang Lin and
Moti Yung},
title = {Security Analysis on Practices of Certificate Authorities in the {HTTPS}
Phishing Ecosystem},
booktitle = {{ASIA} {CCS} '21: {ACM} Asia Conference on Computer and Communications
Security, Virtual Event, Hong Kong, June 7-11, 2021},
pages = {407--420},
publisher = {{ACM}},
year = {2021},
url = {https://doi.org/10.1145/3433210.3453100},
doi = {10.1145/3433210.3453100},
}
26. TLS 1.3 in Practice: How TLS 1.3 Contributes to the Internet
In Proc. of 30th The Web Conference
Hyunwoo Lee, Doowon Kim, and Yonghwi Kwon
@inproceedings{conf_www21_tls13,
author = {Hyunwoo Lee and
Doowon Kim and
Yonghwi Kwon},
editor = {Jure Leskovec and
Marko Grobelnik and
Marc Najork and
Jie Tang and
Leila Zia},
title = {{TLS} 1.3 in Practice: How {TLS} 1.3 Contributes to the Internet},
booktitle = {{WWW} '21: The Web Conference 2021, Virtual Event / Ljubljana, Slovenia,
April 19-23, 2021},
pages = {70--79},
publisher = {{ACM} / {IW3C2}},
year = {2021},
url = {https://doi.org/10.1145/3442381.3450057},
doi = {10.1145/3442381.3450057},
}
25. OSPREY: Recovery of Variable and Data Structure via Probabilistic Analysis for Stripped Binary
In Proc. of the 42nd IEEE Symposium on Security and Privacy
Zhuo Zhang, Yapeng Ye, Wei You, Guanhong Tao, Wen-chuan Lee, Yonghwi Kwon, Yousra Aafer, and Xiangyu Zhang
@inproceedings{conf_oakland21_osprey,
author = {Zhuo Zhang and
Yapeng Ye and
Wei You and
Guanhong Tao and
Wen{-}Chuan Lee and
Yonghwi Kwon and
Yousra Aafer and
Xiangyu Zhang},
title = {{OSPREY:} Recovery of Variable and Data Structure via Probabilistic
Analysis for Stripped Binary},
booktitle = {42nd {IEEE} Symposium on Security and Privacy, {SP} 2021, San Francisco,
CA, USA, 24-27 May 2021},
pages = {813--832},
publisher = {{IEEE}},
year = {2021},
url = {https://doi.org/10.1109/SP40001.2021.00051},
doi = {10.1109/SP40001.2021.00051},
}
24. C2SR: Cybercrime Scene Reconstruction for Post-mortem Forensic Analysis
In Proc. of the 28th Network and Distributed System Security Symposium
Yonghwi Kwon, Weihang Wang, Jinho Jung, Kyu Hyung Lee, and Roberto Perdisci
@inproceedings{conf_ndss21_c2sr,
author = {Yonghwi Kwon and
Weihang Wang and
Jinho Jung and
Kyu Hyung Lee and
Roberto Perdisci},
title = {C{\^{2}}SR: Cybercrime Scene Reconstruction for Post-mortem Forensic
Analysis},
booktitle = {28th Annual Network and Distributed System Security Symposium, {NDSS}
2021, Virtual, February 21-25, 2021},
publisher = {The Internet Society},
year = {2021},
url = {https://www.ndss-symposium.org/ndss-paper/c2sr-cybercrime-scene-reconstruction-for-post-mortem-forensic-analysis/},
}
23. TARDIS: Rolling Back The Clock On CMS-Targeting Cyber Attacks
In Proc. of the 41st IEEE Symposium on Security and Privacy
Ranjita Pai Kasturi, Yiting Sun, Ruian Duian, Omar Alrawi, Ehsan Asdar, Victor Zhu, Yonghwi Kwon, and Brendan Saltaformaggio
@inproceedings{conf_oakland20_tardis,
author = {Ranjita Pai Kasturi and
Yiting Sun and
Ruian Duan and
Omar Alrawi and
Ehsan Asdar and
Victor Zhu and
Yonghwi Kwon and
Brendan Saltaformaggio},
title = {{TARDIS:} Rolling Back The Clock On CMS-Targeting Cyber Attacks},
booktitle = {2020 {IEEE} Symposium on Security and Privacy, {SP} 2020, San Francisco,
CA, USA, May 18-21, 2020},
pages = {1156--1171},
publisher = {{IEEE}},
year = {2020},
url = {https://doi.org/10.1109/SP40000.2020.00116},
doi = {10.1109/SP40000.2020.00116},
}
22. PMP: Cost-effective Forced Execution with Probabilistic Memory Pre-planning
In Proc. of the 41st IEEE Symposium on Security and Privacy
Wei You, Zhuo Zhang, Yonghwi Kwon, Yousra Aafer, Fei Peng, Yu Shi, Carson Makena Harmon, and Xiangyu Zhang
@inproceedings{conf_oakland20_pmp,
author = {You, Wei and
Zhang, Zhuo and
Kwon, Yonghwi and
Aafer, Yousra and
Peng, Fei and
Shi, Yu and
Harmon, Carson and
Zhang, Xiangyu},
booktitle = {2020 IEEE Symposium on Security and Privacy (SP)},
title = {PMP: Cost-effective Forced Execution with Probabilistic Memory Pre-planning},
year = {2020},
volume = {},
number = {},
pages = {1121-1138},
doi = {10.1109/SP40000.2020.00035}
}
21. MalMax: Multi-Aspect Execution for Automated Dynamic Web Server Malware Analysis
In Proc. of the 26th ACM Conference on Computer and Communications Security
Abbas Naderi-Afooshteh, Yonghwi Kwon, Anh Nguyen-Tuong, Ali Razmjoo-Qalaei, Mohammad-Reza Zamiri-Gourabi, and Jack W. Davidson
@inproceedings{conf_ccs19_malmax,
author = {Naderi-Afooshteh, Abbas and
Kwon, Yonghwi and
Nguyen-Tuong, Anh and
Razmjoo-Qalaei, Ali and
Zamiri-Gourabi, Mohammad-Reza and
Davidson, Jack W.},
title = {MalMax: Multi-Aspect Execution for Automated Dynamic Web Server Malware Analysis},
year = {2019},
isbn = {9781450367479},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3319535.3363199},
doi = {10.1145/3319535.3363199},
booktitle = {Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security},
pages = {1849-1866},
numpages = {18},
keywords = {multi-aspect execution, counterfactual execution, PHP, malware, security},
location = {London, United Kingdom},
series = {CCS '19}
}
20. CUBISMO: Decloaking Server-side Malware via Cubist Program Analysis
In Proc. of the 35th Annual Conference on Computer Security Applications
Abbas Naderi-Afooshteh, Yonghwi Kwon, Anh Nguyen-Tuong, Mandana Bagheri-Marzijarani, and Jack W. Davidson
@inproceedings{conf_acsac19_cubismo,
author = {Naderi-Afooshteh, Abbas and
Kwon, Yonghwi and
Nguyen-Tuong, Anh and
Bagheri-Marzijarani, Mandana and
Davidson, Jack W.},
title = {Cubismo: Decloaking Server-Side Malware via Cubist Program Analysis},
year = {2019},
isbn = {9781450376280},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3359789.3359821},
doi = {10.1145/3359789.3359821},
booktitle = {Proceedings of the 35th Annual Computer Security Applications Conference},
pages = {430-443},
numpages = {14},
keywords = {PHP, malware, counterfactual execution, obfuscation, evasion, security},
location = {San Juan, Puerto Rico},
series = {ACSAC '19}
}
19. BDA: Practical Dependence Analysis for Binary Executables by Unbiased Whole-program Path Sampling and Per-path Abstract Interpretation
In Proc. of the 2019 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications
Zhuo Zhang, Wei You, Guanhong Tao, Guannan Wei, Yonghwi Kwon, and Xiangyu Zhang
@article{conf_oopsla19_bda,
author = {Zhang, Zhuo and
You, Wei and
Tao, Guanhong and
Wei, Guannan and
Kwon, Yonghwi and
Zhang, Xiangyu},
title = {BDA: Practical Dependence Analysis for Binary Executables by Unbiased Whole-Program Path Sampling and per-Path Abstract Interpretation},
year = {2019},
issue_date = {October 2019},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
volume = {3},
number = {OOPSLA},
url = {https://doi.org/10.1145/3360563},
doi = {10.1145/3360563},
journal = {Proc. ACM Program. Lang.},
month = {oct},
articleno = {137},
numpages = {31},
}
18. Probabilistic Disassembly
In Proc. of the 41st International Conference on Software Engineering
Kenneth Adam Miller, Yonghwi Kwon, Yi Sun, Zhuo Zhang, Xiangyu Zhang, and Zhiqiang Lin
@inproceedings{conf_icse19_probdisasm,
author = {Miller, Kenneth and
Kwon, Yonghwi and
Sun, Yi and
Zhang, Zhuo and
Zhang, Xiangyu and
Lin, Zhiqiang},
title = {Probabilistic Disassembly},
booktitle = {Proceedings of the 41st International Conference on Software Engineering},
series = {ICSE '19},
year = {2019},
location = {Montreal, Quebec, Canada},
pages = {1187--1198},
numpages = {12},
url = {https://doi.org/10.1109/ICSE.2019.00121},
doi = {10.1109/ICSE.2019.00121},
acmid = {3339653},
publisher = {IEEE Press},
address = {Piscataway, NJ, USA},
}
In Proc. of the 34th Annual Conference on Computer Security Applications
Fei Wang, Yonghwi Kwon, Shiqing Ma, Xiangyu Zhang, and Dongyan Xu
@inproceedings{conf_acsac18_lprov,
author = {Fei Wang and
Yonghwi Kwon and
Shiqing Ma and
Xiangyu Zhang and
Dongyan Xu},
title = {{Lprov}: Practical Library-aware Provenance Tracing},
booktitle = {Proceedings of the 34th Annual Computer Security Applications Conference
({ACSAC}'18), San Juan, PR, USA, December 03-07, 2018},
pages = {605--617},
year = {2018},
doi = {10.1145/3274694.3274751},
timestamp = {Wed, 05 Dec 2018 09:44:25 +0100},
}
16. Kernel-Supported Cost-Effective Audit Logging for Causality Tracking
In Proc. of the 2018 USENIX Annual Technical Conference
Shiqing Ma, Juan Zhai, Yonghwi Kwon, Kyu Hyung Lee, Xiangyu Zhang, Gabriela Ciocarlie, Ashish Gehani, Vinod Yegneswaran, Dongyan Xu, and Somesh Jha
@inproceedings{conf_atc18_kcal,
author = {Shiqing Ma and
Juan Zhai and
Yonghwi Kwon and
Kyu Hyung Lee and
Xiangyu Zhang and
Gabriela F. Ciocarlie and
Ashish Gehani and
Vinod Yegneswaran and
Dongyan Xu and
Somesh Jha},
title = {Kernel-Supported Cost-Effective Audit Logging for Causality Tracking},
booktitle = {Proceedings of the 2018 {USENIX} Annual Technical Conference, ({ATC}'18), Boston,
MA, USA, July 11-13, 2018},
pages = {241--254},
year = {2018},
timestamp = {Mon, 16 Jul 2018 15:47:29 +0200},
}
15. Combatting Advanced Persistent Threat via Causality Inference and Program Analysis
Ph.D. Thesis
Yonghwi Kwon
@phdthesis{phdthesis_yonghwi_kwon,
author = "Yonghwi Kwon",
title = "Combatting Advanced Persistent Threat via Causality Inference and Program Analysis",
school = "Purdue University",
year = "2018"
}
In Proc. of the 27th International World Wide Web Conference
I Luk Kim, Weihang Wang, Yonghwi Kwon, Yunhui Zheng, Yousra Aafer, Weijie Meng, and Xiangyu Zhang
@inproceedings{conf_www18_adbudgetkiller,
author = {I Luk Kim and
Weihang Wang and
Yonghwi Kwon and
Yunhui Zheng and
Yousra Aafer and
Weijie Meng and
Xiangyu Zhang},
title = {{AdBudgetKiller}: Online Advertising Budget Draining Attack},
booktitle = {Proceedings of the 2018 World Wide Web Conference on World Wide Web
({WWW}'18), Lyon, France, April 23-27, 2018},
pages = {297--307},
year = {2018},
doi = {10.1145/3178876.3186096},
timestamp = {Wed, 21 Nov 2018 12:44:11 +0100},
}
13. MCI: Modeling-based Causality Inference in Audit Logging for Attack Investigation
In Proc. of the 25th Network and Distributed System Security Symposium
Yonghwi Kwon, Fei Wang, Weihang Wang, Kyu Hyung Lee, Wen-Chuan Lee, Shiqing Ma, Xiangyu Zhang, Dongyan Xu, Somesh Jha, Gabriela Ciocarlie, Ashish Gehani, and Vinod Yegneswaran
@inproceedings{conf_ndss18_mci,
author = {Yonghwi Kwon and
Fei Wang and
Weihang Wang and
Kyu Hyung Lee and
Wen{-}Chuan Lee and
Shiqing Ma and
Xiangyu Zhang and
Dongyan Xu and
Somesh Jha and
Gabriela F. Ciocarlie and
Ashish Gehani and
Vinod Yegneswaran},
title = {{MCI}: Modeling-based Causality Inference in Audit Logging for Attack
Investigation},
booktitle = {Proceedings of the 25th Annual Network and Distributed System Security Symposium ({NDSS}'18),
San Diego, California, USA, February 18-21, 2018},
timestamp = {Thu, 09 Aug 2018 10:56:55 +0200},
}
12. RevARM: A Platform-Agnostic ARM Binary Rewriter for Security Applications
In Proc. of the 33rd Annual Conference on Computer Security Applications
Taegyu Kim, Chung Hwan Kim, Hongjun Choi, Yonghwi Kwon, Brendan Saltaformaggio, Xiangyu Zhang, and Dongyan Xu
@inproceedings{conf_acsac17_revarm,
author = {Taegyu Kim and
Chung Hwan Kim and
Hongjun Choi and
Yonghwi Kwon and
Brendan Saltaformaggio and
Xiangyu Zhang and
Dongyan Xu},
title = {{RevARM}: {A} Platform-Agnostic {ARM} Binary Rewriter for Security Applications},
booktitle = {Proceedings of the 33rd Annual Computer Security Applications Conference ({ACSAC}'17),
Orlando, FL, USA, December 4-8, 2017},
pages = {412--424},
year = {2017},
doi = {10.1145/3134600.3134627},
timestamp = {Tue, 06 Nov 2018 16:59:23 +0100},
}
11. PAD: Programming Third-party Web Advertisement Censorship
In Proc. of the 32nd IEEE/ACM International Conference on Automated Software Engineering
Weihang Wang, Yonghwi Kwon, Yunhui Zheng, Yousra Aafer, I Luk Kim, Wen-Chuan Lee, Yingqi Liu, Weijie Meng, Xiangyu Zhang, and Patrick Eugster
@inproceedings{conf_ase17_pad,
author = {Weihang Wang and
Yonghwi Kwon and
Yunhui Zheng and
Yousra Aafer and
I Luk Kim and
Wen{-}Chuan Lee and
Yingqi Liu and
Weijie Meng and
Xiangyu Zhang and
Patrick Eugster},
title = {{PAD:} programming third-party web advertisement censorship},
booktitle = {Proceedings of the 32nd {IEEE/ACM} International Conference on Automated
Software Engineering ({ASE}'17), Urbana, IL, USA, October 30 - November
03, 2017},
pages = {240--251},
year = {2017},
doi = {10.1109/ASE.2017.8115637},
timestamp = {Thu, 05 Jul 2018 01:00:00 +0200},
}
10. CPR: Cross Platform Binary Code Reuse via Platform Independent Trace Program
In Proc. of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis
Yonghwi Kwon, Weihang Wang, Yunhui Zheng, Xiangyu Zhang, and Dongyan Xu
@inproceedings{conf_issta17_cpr,
author = {Yonghwi Kwon and
Weihang Wang and
Yunhui Zheng and
Xiangyu Zhang and
Dongyan Xu},
title = {{CPR:} cross platform binary code reuse via platform independent trace
program},
booktitle = {Proceedings of the 26th {ACM} {SIGSOFT} International Symposium on
Software Testing and Analysis ({ISSTA}'17), Santa Barbara, CA, USA, July 10 - 14,
2017},
pages = {158--169},
year = {2017},
doi = {10.1145/3092703.3092707},
timestamp = {Tue, 06 Nov 2018 16:57:30 +0100},
}
9. J-Force: Forced Execution on JavaScript
In Proc. of the 26th International World Wide Web Conference
Kyungtae Kim, I Luk Kim, Chung Hwan Kim, Yonghwi Kwon, Yunhui Zheng, Xiangyu Zhang, and Dongyan Xu
@inproceedings{conf_www17_jforce,
author = {Kyungtae Kim and
I Luk Kim and
Chung Hwan Kim and
Yonghwi Kwon and
Yunhui Zheng and
Xiangyu Zhang and
Dongyan Xu},
title = {{J-Force}: Forced Execution on JavaScript},
booktitle = {Proceedings of the 26th International Conference on World Wide Web
({WWW}'17), Perth, Australia, April 3-7, 2017},
pages = {897--906},
year = {2017},
doi = {10.1145/3038912.3052674},
timestamp = {Tue, 06 Nov 2018 16:57:07 +0100},
}
8. A2C: Self Destructing Exploit Executions via Input Perturbation
In Proc. of the 24th Network and Distributed System Security Symposium
Yonghwi Kwon, Brendan Saltaformaggio, I Luk Kim, Kyu Hyung Lee, Xiangyu Zhang, and Dongyan Xu
@inproceedings{conf_ndss17_a2c,
author = {Yonghwi Kwon and
Brendan Saltaformaggio and
I Luk Kim and
Kyu Hyung Lee and
Xiangyu Zhang and
Dongyan Xu},
title = {{A2C}: Self Destructing Exploit Executions via Input Perturbation},
booktitle = {Proceedings of the 24th Annual Network and Distributed System Security Symposium ({NDSS}'17),
San Diego, California, USA, February 26 - March 1, 2017},
timestamp = {Thu, 05 Jul 2018 01:00:00 +0200},
}
In Proc. of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications
Dohyeong Kim, Yonghwi Kwon, Peng Liu, I Luk Kim, David Mitchel Perry, Xiangyu Zhang, and Gustavo Rodriguez-Rivera
@inproceedings{conf_oopsla16_apex,
author = {Dohyeong Kim and
Yonghwi Kwon and
Peng Liu and
I Luk Kim and
David Mitchel Perry and
Xiangyu Zhang and
Gustavo Rodriguez{-}Rivera},
title = {{Apex}: automatic programming assignment error explanation},
booktitle = {Proceedings of the 2016 {ACM} {SIGPLAN} International Conference on
Object-Oriented Programming, Systems, Languages, and Applications
({OOPSLA}'16), Amsterdam, The Netherlands,
October 30 - November 4, 2016},
pages = {311--327},
year = {2016},
doi = {10.1145/2983990.2984031},
timestamp = {Tue, 06 Nov 2018 16:57:16 +0100},
}
6. WebRanz: Web Page Randomization For Better Advertisement Delivery and Web-Bot Prevention
In Proc. of the 24th ACM SIGSOFT International Symposium on the Foundations of Software Engineering
Weihang Wang, Yunhui Zheng, Xinyu Xing, Yonghwi Kwon, Xiangyu Zhang, and Patrick Eugster
@inproceedings{conf_fse16_webranz,
author = {Weihang Wang and
Yunhui Zheng and
Xinyu Xing and
Yonghwi Kwon and
Xiangyu Zhang and
Patrick Th. Eugster},
title = {{WebRanz}: web page randomization for better advertisement delivery
and web-bot prevention},
booktitle = {Proceedings of the 24th {ACM} {SIGSOFT} International Symposium on
Foundations of Software Engineering ({FSE}'16), Seattle, WA, USA,
November 13-18, 2016},
pages = {205--216},
year = {2016},
doi = {10.1145/2950290.2950352},
timestamp = {Tue, 06 Nov 2018 16:59:23 +0100},
}
5. Eavesdropping on Fine-Grained User Activities Within Smartphone Apps Over Encrypted Network Traffic
In Proc. of the 10th USENIX Workshop on Offensive Technologies
Brendan Saltaformaggio, Hongjun Choi, Kristen Johnson, Yonghwi Kwon, Qi Zhang, Xiangyu Zhang, Dongyan Xu, and John Qian
@inproceedings{workshop_woot16_netscope,
author = {Brendan Saltaformaggio and
Hongjun Choi and
Kristen Johnson and
Yonghwi Kwon and
Qi Zhang and
Xiangyu Zhang and
Dongyan Xu and
John Qian},
title = {Eavesdropping on Fine-Grained User Activities Within Smartphone Apps
Over Encrypted Network Traffic},
booktitle = {Proceedings of the 10th {USENIX} Workshop on Offensive Technologies ({WOOT}'16),
Austin, TX, USA, August 8-9, 2016.},
year = {2016},
timestamp = {Thu, 05 Jul 2018 01:00:00 +0200},
}
4. LDX: Causality Inference by Lightweight Dual Execution
In Proc. of the 21st International Conference on Architectural Support for Programming Languages and Operating Systems
Yonghwi Kwon, Dohyeong Kim, William N. Sumner, Kyungtae Kim, Brendan Saltaformaggio, Xiangyu Zhang, and Dongyan Xu
@inproceedings{conf_asplos16_ldx,
author = {Yonghwi Kwon and
Dohyeong Kim and
William N. Sumner and
Kyungtae Kim and
Brendan Saltaformaggio and
Xiangyu Zhang and
Dongyan Xu},
title = {{LDX:} Causality Inference by Lightweight Dual Execution},
booktitle = {Proceedings of the 21st International Conference on Architectural
Support for Programming Languages and Operating Systems ({ASPLOS}'16),
Atlanta, GA, USA, April 2-6, 2016},
pages = {503--515},
year = {2016},
doi = {10.1145/2872362.2872395},
timestamp = {Tue, 06 Nov 2018 00:00:00 +0100},
}
3. Dual Execution for On the Fly Fine Grained Execution Comparison
In Proc. of the 20th International Conference on Architectural Support for Programming Languages and Operating Systems
Dohyeong Kim, Yonghwi Kwon, William N. Sumner, Xiangyu Zhang, and Dongyan Xu
@inproceedings{conf_asplos15_dualexec,
author = {Dohyeong Kim and
Yonghwi Kwon and
William N. Sumner and
Xiangyu Zhang and
Dongyan Xu},
title = {Dual Execution for On the Fly Fine Grained Execution Comparison},
booktitle = {Proceedings of the Twentieth International Conference on Architectural
Support for Programming Languages and Operating Systems ({ASPLOS}'15),
Istanbul, Turkey, March 14-18, 2015},
pages = {325--338},
year = {2015},
doi = {10.1145/2694344.2694394},
timestamp = {Tue, 06 Nov 2018 00:00:00 +0100},
}
2. P2C: Understanding Output Data Files via On-the-Fly Transformation from Producer to Consumer Executions
In Proc. of the 22nd Network and Distributed System Security Symposium
Yonghwi Kwon, Fei Peng, Dohyeong Kim, Kyungtae Kim, Xiangyu Zhang, Dongyan Xu, Vinod Yegneswaran, and John Qian
@inproceedings{conf_ndss15_p2c,
author = {Yonghwi Kwon and
Fei Peng and
Dohyeong Kim and
Kyungtae Kim and
Xiangyu Zhang and
Dongyan Xu and
Vinod Yegneswaran and
John Qian},
title = {{P2C:} Understanding Output Data Files via On-the-Fly Transformation
from Producer to Consumer Executions},
booktitle = {Proceedings of the 22nd Annual Network and Distributed System Security Symposium ({NDSS}'15),
San Diego, California, USA, February 8-11, 2015},
year = {2015},
timestamp = {Thu, 05 Jul 2018 01:00:00 +0200},
}
In Proc. of the 28th IEEE/ACM International Conference on Automated Software Engineering
Yonghwi Kwon, Xiangyu Zhang, and Dongyan Xu
@inproceedings{conf_ase13_pietrace,
author = {Yonghwi Kwon and
Xiangyu Zhang and
Dongyan Xu},
title = {{PIEtrace:} Platform independent executable trace},
booktitle = {Proceedings of the 28th {IEEE/ACM} International Conference on Automated Software
Engineering ({ASE}'13), Silicon Valley, CA, USA, November 11-15,
2013},
pages = {48--58},
year = {2013},
doi = {10.1109/ASE.2013.6693065},
timestamp = {Thu, 05 Jul 2018 01:00:00 +0200},
}