Publications
Dongwon Shin, Suyoung Lee, Sanghyun Hong, and Sooel Son. You Only Perturb Once: Bypassing (Robust) Ad-Blockers Using Universal Adversarial Perturbations. ACSAC 2024. (to appear)
40th Annual Computer Security Applications Conference
Hoyong Jeong, Kiwon Chung, Sung Ju Hwang, and Sooel Son. Targeted Model Inversion: Distilling style encoded in predictions. Journal COSE.
Elsevier Computers & Security 2024.
Minseon Kim, Hyeonjeong Ha, Sooel Son, and Sung Ju Hwang. Effective Targeted Attacks for Adversarial Self-Supervised Learning. NeurIPS 2023.
37th Annual Conference on Neural Information Processing Systems
Changmin Lee, Sooel Son. AdCPG: Classifying JavaScript Code Property Graphs with Explanations for Ad and Tracker Blocking. CCS 2023.
30th ACM Conference on Computer and Communications Security
Byungjoo Kim, Suyoung Lee, Seanie Lee, Sooel Son, Sung Ju Hwang. Margin-based Neural Network Watermarking. ICML 2023.
40th International Conference on Machine Learning
Dongwon Shin, Suyoung Lee, Sooel Son. RICC: Robust Collective Classification of Sybil Accounts. WWW 2023.
The Web Conference 2023: Security, Privacy, and Trust Research Track
Seongil Wi, Trung Tin Nguyen, Jihwan Kim, Ben Stock, Sooel Son. DiffCSP: Finding Browser Bugs in Content Security Policy Enforcement through Differential Testing. NDSS 2023.
30th Network & Distributed System Security Symposium
Juhyeng Han, Insu Yun, Seongmin Kim, Taesoo Kim, Sooel Son, Dongsu Han. Scalable and Secure Virtualization of HSM with ScaleTrust. Journal ToN 2023.
IEEE/ACM Transactions on Networking
Hoyong Jeong, Suyoung Lee, Sung Ju Hwang, Sooel Son. Learning to Generate Inversion-Resistant Model Explanations. NeurIPS 2022.
36th Annual Conference on Neural Information Processing Systems
Suyoung Lee, Wonho Song, Suman Jana, Meeyoung Cha, Sooel Son. Evaluating the Robustness of Trigger Set-Based Watermarks Embedded in Deep Neural Networks. Journal TDSC 2022.
IEEE Transactions on Dependable and Secure Computing
Dongkwan Kim, Eunsoo Kim, Sang Kil Cha, Sooel Son, Yongdae Kim. Revisiting Binary Code Similarity Analysis using Interpretable Feature Engineering and Lessons Learned. Journal TSE 2022.
IEEE Transactions on Software Engineering
Joongyum Kim, Jihwan Kim, Seongil Wi, Yongdae Kim, Sooel Son. HearMeOut: Detecting Voice Phishing Activities in Android. MobiSys 2022.
20th ACM International Conference on Mobile Systems, Applications, and Services 2022
Seongil Wi, Sijae Woo, Joyce Whang, Sooel Son. HiddenCPG: Large-Scale Vulnerable Clone Detection Using Subgraph Isomorphism of Code Property Graphs. WWW 2022.
The Web Conference 2022: Security, Privacy, and Trust Research Track
Soyoung Lee, Seongil Wi, Sooel Son. Link: Black-Box Detection of Cross-Site Scripting Vulnerabilities Using Reinforcement Learning. WWW 2022.
The Web Conference 2022: Security, Privacy, and Trust Research Track
Sunnyeo Park, Daejun Kim, Suman Jana, Sooel Son. FUGIO: Automatic Exploit Generation for PHP Object Injection Vulnerabilities. USENIX Security 2022.
22nd USENIX Security Symposium
Sangwook Bae, Mincheol Son, Dongkwan Kim, CheolJun Park, Jiho Lee, Sooel Son, Yongdae Kim. Watching the Watchers: Practical Video Identification Attack in LTE Networks. USENIX Security 2022.
22nd USENIX Security Symposium
Suyoung Lee, Wonho Song, Suman Jana, Meeyoung Cha, Sooel Son. Evaluating the Robustness of Trigger Set-Based Watermarks Embedded in Deep Neural Networks. arXiv 2021.
Doowon Kim, Haehyun Cho, Yonghwi Kwon, Adam Oest, Adam Doupe, Sooel Son, Gail-Joon Ahn, Tudor Dumitras. Security Analysis on Practices of Certificate Authorities in the HTTPS Phishing Ecosystem. ASIACCS 2021.
16th ACM ASIA Conference on Computer and Communications Security
Hyunjoo Lee, Jiyeon Lee, Daejun Kim, Suman Jana, Insik Shin, Sooel Son. AdCube: WebVR Ad Fraud and Practical Confinement of Third-Party Ads. USENIX Security 2021.
21st USENIX Security Symposium
Joongyum Kim, Junghwan Park, Sooel Son. The Abuser Inside Apps: Finding the Culprit Committing Mobile Ad Fraud. NDSS 2021.
28th Network & Distributed System Security Symposium
Jeongmin Kim, Steven Y. Ko, Sooel Son, Dongsu Han. Lumos: Improving Smart Home IoT Visibility and Interoperability Through Analyzing Mobile Apps. ICNP 2020.
28th IEEE International Conference on Network Protocols
Suyoung Lee, HyungSeok Han, Sang Kil Cha , Sooel Son. Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer. USENIX Security 2020.
20th USENIX Security Symposium,
Taekjin Lee, Seongil Wi, Suyoung Lee, Sooel Son. FUSE: Finding File Upload Bugs via Penetration Testing. NDSS 2020.
27th Network & Distributed System Security Symposium
Sangsup Lee, Daejun Kim, Dongkwan Kim, Sooel Son, Yongdae Kim. Who Spent My EOS? On the (In)Security of Resource Management of EOS.IO. WOOT 2019.
13th USENIX Workshop on Offensive Technologies
Sunnyeo Park, Dohyeok Kim, Sooel Son. An Empirical Study of Prioritizing JavaScript Engine Crashes via Machine Learning, ASIACCS 2019.
14th ACM ASIA Conference on Computer and Communications Security
Changhoon Yoon, Kwanwoo Kim, Yongdae Kim, Seungwon Shin, Sooel Son. Doppelgängers on the Dark Web: A Large-scale Assessment on Phishing Hidden Web Services. WWW 2019.
The Web Conference 2019: Security, Privacy, and Trust Research Track [oral presentation]
Sangwook Bae, Mincheol Son, Sooel Son, Yongdae Kim. Hidden Figures: Comparative Latency Analysis of Cellular Networks with Fine-grained State Machine Models. HOTMOBILE 2019.
20th International Workshop on Mobile Computing Systems and Applications
Seunghyeon Lee, Changhoon Yoon, Heedo Kang, Yeonkeun Kim, Yongdae Kim, Dongsu Han, Sooel Son, Seungwon Shin. Cybercriminal Minds: An Investigative Study of Cryptocurrency Abuses in the Dark Web. NDSS 2019.
26th Network & Distributed System Security Symposium
Jiyeon Lee, Hayeon Kim, Junghwan Park, Insik Shin, Sooel Son. Pride and Prejudice in Progressive Web Apps:Abusing Native App-like Features in Web Applications. CCS 2018.
25th ACM Conference on Computer and Communications Security
There is an error in our paper in the proceedings: Safari 11.1 is NOT vulnerable to the history sniffing attack via cache.
Sooel Son, Daehyeok Kim, Vitaly Shmatikov. What Mobile Ads Know About Mobile Users. NDSS 2016.
23rd Network & Distributed System Security Symposium
Sooel Son. Toward better server-side Web security.
UTCS Dissertation (2014)
Sooel Son, Kathryn S McKinley, Vitaly Shmatikov. Diglossia: Detecting Code Injection Attacks with Precision and Efficiency. CCS 2013.
20th ACM Conference on Computer and Communications Security (CCS 2013)
Sooel Son, Seungwon Shin, Vinod Yegneswaran, Phil Porras, and Guofei Gu. Model Checking Invariant Security Properties in OpenFlow. ICC 2013.
IEEE International Conference on Communications
Sooel Son, Vitaly Shmatikov. The Postman Always Rings Twice: Attacking and Defending postMessage in HTML5 Websites. NDSS 2013.
20th Network & Distributed System Security Symposium
Best student paper award
Sooel Son, Kathryn S McKinley, Vitaly Shmatikov. Fix Me Up: Repairing Access-Control Bugs in Web Applications. NDSS 2013.
20th Network & Distributed System Security Symposium
Sooel Son, Kathryn S McKinley, Vitaly Shmatikov. RoleCast: Finding Missing Security Checks When You Do Not Know What Checks Are. OOPSLA 2011.
ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications
Sooel Son, Vitaly Shmatikov. SAFERPHP: Finding Semantic Vulnerabilities in PHP Applications. PLAS 2011.
ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security at PLDI2011
Sooel Son, Vitaly Shmatikov. The Hitckhiker's Guide to DNS Cache Poisoning. SecureCOMM 2010.
6th International ICST Conference on Security and Privacy in Communication Networks