- 2025
Yue Qin*, Yue Xiao*, Xiaojing Liao.
in Proceeding of the ISOC Network and Distributed System Security Symposium (NDSS), 2025.
(* with equal contribution)
Tweezers: A Framework for Security Event Detection via Event Attribution-centric Tweet Embedding
Jian Cui, Hanna Kim, Eugene Jang, Dayeon Yim, Kicheol Kim, Yongjae Lee, Jin-Woo Chung, Seungwon Shin, Xiaojing Liao.
in Proceeding of the ISOC Network and Distributed System Security Symposium (NDSS), 2025.
- 2024
Ece Gumusel*, Yue Xiao*, Yue Qin, Jiaxin Qin, Xiaojing Liao.
in Proceeding of ACM Conference on Computer and Communications Security (CCS), 2024.
(* with equal contribution)
Measuring Compliance Implications of Third-party Libraries’ Privacy Label Disclosure Guidelines
Yue Xiao, Chaoqi Zhang, Yue Qin, Fares Fahad S Alharbi, Luyi Xing, Xiaojing Liao
in Proceeding of ACM Conference on Computer and Communications Security (CCS), 2024.
[Artifact/Code/Demo]
Avara: A Uniform Evaluation System for Perceptibility Analysis Against Adversarial Object Evasion Attacks
Xinyao Ma*, Chaoqi Zhang*, Huadi Zhu*, Jean Camp, Ming Li, Xiaojing Liao
in Proceeding of ACM Conference on Computer and Communications Security (CCS), 2024.
(* with equal contribution)
[Artifact/Code/Demo]
Understanding Cross-Platform Referral Traffic for Illicit Drug Promotion
Mingming Zha, Zilong Lin, Siyuan Tang, Xiaojing Liao, Yuhong Nan, XiaoFeng Wang.
in Proceeding of ACM Conference on Computer and Communications Security (CCS), 2024.
[Artifact/Code/Demo]
Enhancing Transparency and Accountability of TPLs with PBOM: A Privacy Bill of Materials
Yue Xiao, Adwait Nadkarni, Xiaojing Liao.
in Proceeding of the 3rd ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses (SCORED), 2024
Malla: Demystifying Real-world Large Language Model Integrated Malicious Services
Zilong Lin, Jian Cui, Xiaojing Liao, XiaoFeng Wang
in Proceedings of USENIX Security Symposium (Security), 2024. (Acceptance rate: 18.3 %)
Media coverage: Le Monde, The Wall Street Journal, Tech Policy Press, Fast Company
[Artifact Appendix]
Towards Privacy-Preserving Social-Media SDKs on Android
Haoran Lu, Yichen Liu, Xiaojing Liao, Luyi Xing
in Proceedings of USENIX Security Symposium (Security), 2024. (Acceptance rate: 18.3 %)
[Artifact Appendix]
MAWSEO: Adversarial Wiki Search Poisoning for Illicit Online Promotion
Zilong Lin, Zhengyi Li, Xiaojing Liao, XiaoFeng Wang, Xiaozhong Liu
in Proceeding of IEEE Symposium on Security and Privacy (Oakland), 2024. (Acceptance rate: 17.8%)
Understanding and Analyzing Appraisal Systems in the Underground Marketplaces
Zhengyi Li, Xiaojing Liao
in Proceedings of ISOC Network and Distributed System Security Symposium (NDSS), 2024 (Acceptance rate: 20%)
- 2023
Yue Qin, Yue Xiao, Xiaojing Liao
in Proceedings of ACM Conference on Computer and Communications Security (CCS), 2023. (Acceptance rate: 19%)
Stolen Risks of Models with Security Properties
Yue Qin, Zhuoqun Fu, Chuyun Deng, Xiaojing Liao, Jia Zhang, Haixin Duan
in Proceedings of ACM Conference on Computer and Communications Security (CCS), 2023. (Acceptance rate: 19%)
Understanding and Detecting Abusive Image Hosting Modules as Malicious Services
Geng Hong, Mengying Wu, Pei Chen, Xiaojing Liao, Guoyi Ye, Min Yang.
in Proceedings of ACM Conference on Computer and Communications Security (CCS), 2023. (Acceptance rate: 19%)
Lalaine: Measuring and Characterizing Non-Compliance of Apple Privacy Labels at Scale
Yue Xiao, Zhengyi Li, Yue Qin, Xiaolong Bai, Jiale Guan, Xiaojing Liao, Luyi Xing
in Proceedings of USENIX Security Symposium (Security), 2023. (Acceptance rate: 29%)
[Artifact Appendix]
Showcase in the 2023 NSA CAE-R Research Symposium
Are You Spying on Me? Large-Scale Analysis on IoT Data Exposure through Companion Apps
Yuhong Nan*, Xueqiang Wang*, Luyi Xing, Xiaojing Liao,Ruoyu Wu, Jianliang Wu, Yifan Zhang, XiaoFeng Wang
in Proceedings of USENIX Security Symposium (Security), 2023. (Acceptance rate: 29%)
(* with equal contribution)
Detecting and Measuring Aggressive Location Harvesting in Mobile Apps via Data-flow Path Embedding
Haoran Lu*, Qingchuan Zhao*, Yongliang Chen, Xiaojing Liao, Zhiqiang Lin
in Proceedings of ACM SIGMETRICS conference, 2023. (Acceptance rate: 21%)
(* with equal contribution)
- 2022
Qiushi Wu*, Yue Xiao*, Xiaojing Liao, Kangjie Lu
in Proceedings of USENIX Security Symposium (Security), 2022. (Acceptance rate: 17.2%)
(* with equal contribution)
[code/data]
Analyzing Ground-Truth Data of Mobile Gambling Scam
Geng Hong, Zhemin Yang, Sen Yang, Xiaojing Liao, Xiaolin Du, Min Yang, Haixin Duan.
in Proceedings of IEEE Symposium on Security and Privacy (Oakland), 2022. (Acceptance rate: 14.5%)
Robbery on DevOps: Understanding and Mitigating Illicit Cryptomining on Continuous Integration Service Platforms
Zhi Li, Weijie Liu, Hongbo Chen, XiaoFeng Wang, Xiaojing Liao, Luyi Xing, Mingming Zha, Hai Jin, Deqing Zou
in Proceedings of IEEE Symposium on Security and Privacy (Oakland), 2022. (Acceptance rate: 14.5%)
Demystifying Local Business Search Poisoning for Illicit Drug Promotion
Peng Wang*, Zilong Lin*, Xiaojing Liao, XiaoFeng Wang
in Proceedings of ISOC Network and Distributed System Security Symposium (NDSS), 2022. (Acceptance rate: 16.2%)
(* with equal contribution)
Top10 finalist in CSAW Best Applied Research Paper Competition, 2022
Exploring the Reproductive Black Market: Fertility Medications on the Dark Web
Zhengyi Li, Kyle Le, Xiaojing Liao, Brent Monseur.
The American Society for Reproductive Medicine Scientific Congress & Expo, 2022
- 2021
Yizheng Chen, Shiqi Wang, Yue Qin, Xiaojing Liao, Suman Jana, David Wagner
in Proceedings of ACM Conference on Computer and Communications Security (CCS), 2021. (Acceptance rate: 22.3%)
[code/data]
ACM CCS Best Paper Award runner-up, 2021
Understanding Malicious Cross-library Data Harvesting on Android
Jice Wang*, Yue Xiao*, Xueqiang Wang, Yuhong Nan, Luyi Xing, Xiaojing Liao, JinWei Dong, Nicolas Serrano, XiaoFeng Wang, Yuqing Zhang, Haoran Lu
in Proceedings of USENIX Security Symposium (Security), 2021. (Acceptance rate: 18.7%)
(* with equal contribution)
[code/data]
Media coverage: Forbes, CNBC, ZDNet, The Register, The Hacker News, Naked Security, etc.
Evil Under the Sun: Understanding and Discovering Attacks on Ethereum Decentralized Applications
Liya Su*, Xinyue Shen*, Xiangyu Du, Xiaojing Liao, XiaoFeng Wang, Luyi Xing, Baoxu Liu
in Proceedings of USENIX Security Symposium (Security), 2021. (Acceptance rate: 18.7%)
(* with equal contribution)
Your Phone is My Proxy: Detecting and Understanding Mobile Proxy Networks
Xianghang Mi, Siyuan Tang, Zhengyi Li, Xiaojing Liao, Feng Qian, XiaoFeng Wang
in Proceedings of ISOC Network and Distributed System Security Symposium (NDSS), 2021. (Acceptance rate: 15.2%)
Demystifying the Dark Web Opioid Trade: Content Analysis on Anonymous Market Listings and Forum Posts
Zhengyi Li, Xiangyu Du, Xiaojing Liao, Xiaoqian Jiang, Tiffany Champagne-Langabeer
Journal of Medical Internet Research (JMIR). (Impact Factor: 5.03)
Media coverage: U.S.News, HealthDay
Price TAG: Towards Semi-Automatically Discovery Tactics, Techniques and Procedures of E-Commerce Cyber Threat Intelligence.
Yiming Wu, Qianjun Liu, Xiaojing Liao, Shouling Ji, Peng Wang, Xiaofeng Wang, Chunming Wu, Zhao Li.
IEEE Transactions on Dependable and Secure Computing.
- 2020
Haoran Lu, Luyi Xing, Xiaojing Liao
Black Hat Europe 2020
RTFM! Automatic Assumption Discovery and Verification Derivation from Library Document for API Misuse Detection
Tao Lv, Ruishi Li, Yi Yang, Kai Chen, Xiaojing Liao, XiaoFeng Wang, Peiwei Hu, Luyi Xing
in the ACM Conference on Computer and Communications Security (CCS), 2020. (Acceptance rate: 17%)
Zombie Awakening: Stealthy Hijacking of Active Domains Through DNS Hosting Referral
Eihal Alowaisheq, Siyuan Tang, Zhihao Wang, Fatemah Alharbi, Xiaojing Liao, XiaoFeng Wang
in the ACM Conference on Computer and Communications Security (CCS), 2020. (Acceptance rate: 17%)
Demystifying Resource Management Risks in Emerging Mobile App-in-App Ecosystems
Haoran Lu, Luyi Xing, Yue Xiao, Yifan Zhang, Xiaojing Liao, Xiaofeng Wang, Xueqiang Wang
in the ACM Conference on Computer and Communications Security (CCS), 2020. (Acceptance rate: 17%)
[attack demo/code/data]
CVE-2019-5767, Opera Security Hall of Fame
Into the Deep Web: Understanding E-commerce Fraud from Autonomous Chat with Cybercriminals
Peng Wang, Xiaojing Liao, Yue Qin, XiaoFeng Wang
in the Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS), 2020. (Acceptance rate: 17%)
[code/data]
- 2019
Yi Chen, Luyi Xing, Yue Qin, Xiaojing Liao, XiaoFeng Wang, Kai Chen, Wei Zou
in Proceedings of USENIX Security Symposium (Security), 2019. (Acceptance rate: 16%)
[code/data]
Understanding and Securing Device Vulnerabilities through Automated Bug Report Analysis
Xuan Feng, Xiaojing Liao, XiaoFeng Wang, Haining Wang, Qiang Li, Kai Yang, Hongsong Zhu, Limin Sun
in Proceedings of USENIX Security Symposium (Security), 2019. (Acceptance rate: 16%)
Understanding iOS-based Crowdturfing through Hidden UI Analysis
Yeonjoon Lee, Xueqiang Wang, Kwangwuk Lee, Xiaojing Liao, XiaoFeng Wang, Tongxin Li, Xianghang Mi
in Proceedings of USENIX Security Symposium (Security), 2019. (Acceptance rate: 16%)
Stealthy Porn: Understanding Real-World Adversarial Images for Illicit Online Promotion
Kan Yuan, Di Tang, Xiaojing Liao, XiaoFeng Wang, Xuan Feng, Yi Chen, Menghan Sun, Haoran Lu, Kehuan Zhang
in Proceedings of IEEE Symposium on Security and Privacy (Oakland), 2019. (Acceptance rate: 12%)
[code]
Resident Evil: Understanding Residential IP Proxy as a Dark Service
Xianghang Mi, Xuan Feng, Xiaojing Liao, Baojun Liu, XiaoFeng Wang, Feng Qian, Zhou Li, Sumayah Alrwais, Limin Su, Ying Liu.
in Proceedings of IEEE Symposium on Security and Privacy (Oakland), 2019. (Acceptance rate: 12%)
[code/data]
Cracking Wall of Confinement: Understanding and Analyzing Malicious Domain Takedowns
Eihal Alowaisheq, Peng Wang, Sumayah Alrwais, Xiaojing Liao, XaioFeng Wang, Tasneem Alowaisheq, XiangHang Mi,
Siyuan Tang, Baojun Liu
in the Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS), 2019. (Acceptance rate: 17%)
NDSS Distinguished Paper Award, 2019.
- 2018
Kan Yuan, Haoran Lu, Xiaojing Liao, XiaoFeng Wang.
in Proceedings of USENIX Security Symposium (Security), 2018. (Acceptance rate: 19%)
[code/data]
Game of Missuggestions: Semantic Analysis of Search-Autocomplete Manipulations
Peng Wang, Xianghang Mi, Xiaojing Liao, XiaoFeng Wang, Kan Yuan, Feng Qian, and Raheem Beyah.
in the Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS), 2018. (Acceptance rate: 21%)
[summary on the Morning Paper]
Media coverage: BleepingComputer
Cloud Repository as a Malicious Service: Challenge, Identification and Implication.
Xiaojing Liao, Sumach Alrwais, Kan Yuan, Luyi Xing, XiaoFeng Wang, Shuang Hao, and Raheem Beyah.
Cybersecurity. 2018 (Invited paper)
- 2017
Wei You, Peiyuan Zong, Kai Chen, Xiaofeng Wang, Xiaojing Liao, Pan Bian, Bin Liang
in the Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2017. (Acceptance rate: 18.1%)
Under the Shadow of Sunshine: Understanding and Detecting BulletProof Hosting on Legitimate Service.
Sumayah Alrwais, Xiaojing Liao, Xianghang Mi, Peng Wang, XiaoFeng Wang, Feng Qian, Raheem Beyah, Damon McCoy.
in the Proceedings of the IEEE Symposium on Security and Privacy (Oakland), 2017. (Acceptance rate: 13.3%)
Di-PriDA: Differentially Private Distributed Load Balancing Control for the Smart Grid.
Xiaojing Liao, Preethi Srinivasan, David Formby, and Raheem Beyah.
IEEE Transactions on Dependable and Secure Computing (TDSC), 2017.
Apple ZeroConf Holes: How Hackers Can Steal iPhone Photos.
Luyi Xing, Xiaolong Bai, Nan Zhang, XiaoFeng Wang, Xiaojing Liao, Tongxin Li, and Shi-min Hu.
IEEE Security & Privacy Magazine, 2017. (Invited paper)
- 2016
Xiaojing Liao, Kan Yuan, XiaoFeng Wang, Zhongyu Pei, Hao Yang, Jianjun Chen, Haixin Duan, Kun Du, Eihal Alowaisheq, Sumayah Alrwais, Luyi Xing, and Raheem Beyah.
in the Proceedings of the IEEE Symposium on Security and Privacy (Oakland), 2016. (Acceptance rate: 13.3%)
Staying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf.
Luyi Xing, Xiaolong Bai, Nan Zhang, XiaoFeng Wang, Xiaojing Liao, Tongxin Li, and Shi-min Hu.
in the IEEE Symposium on Security and Privacy (Oakland), 2016. (Acceptance rate: 13.3%)
Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service.
Xiaojing Liao, Sumach Alrwais, Kan Yuan, Luyi Xing, XiaoFeng Wang, Shuang Hao, and Raheem Beyah.
in the Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2016. (Acceptance rate: 15.3%)
Acing the IOC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence.
Xiaojing Liao, Kan Yuan, XiaoFeng Wang, Zhou Li, Luyi Xing, and Raheem Beyah.
in the Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2016. (Acceptance rate: 15.3%) Third place in CSAW Best Applied Research Paper Competition, 2016.
Showcase in Defense Innovation Technology Challenge, 2017
Characterizing Long-tail SEO Spam on Cloud Web Hosting Services.
Xiaojing Liao, Chang Liu, Damon Mccoy, Elaine Shi, Shuang Hao, and Raheem Beyah.
in the Proceedings of the International World Wide Web (WWW) Conference, 2016. (Acceptance rate: 15.8%)
Catching Predators at Watering Holes: Finding and Understanding Strategically Compromised Websites.
Sumayah Alrwais, Kan Yuan, Eihal Alowaisheq, Xiaojing Liao, Alina Oprea, Xiaofeng Wang, Zhou Li.
in Proceedings of the 32nd Annual Computer Security Applications Conference (ACSAC), 2016. (Acceptance rate: 22.8%)
- 2015
Luyi Xing, Xiaolong Bai, Tongxin Li, XiaoFeng Wang, Kai Chen, and Xiaojing Liao.
in the Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2015. (Acceptance rate: 19.8%)
Top10 finalist in CSAW Best Applied Research Paper Competition, 2015.
- 2014
Xiaojing Liao, Selcuk Uluagac, and Raheem A. Beyah.
in the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2014. (Acceptance rate: 19.8%)
Towards Secure Meter Data Analysis via Distributed Differential Privacy.
Xiaojing Liao, David Formby, Carson Day and Raheem Beyah.
In the International Workshop on Trustworthiness of Smart Grids (ToSG), June 2014.
- 2013
Jing (Selena) He, Shouling Ji, Xiaojing Liao, Hisham Haddad, and Raheem Beyah.
in the IEEE International Performance, Computing, and Communication Conference (IPCCC), 2013. (Acceptance rate: 18.9%)
- 2012
Xiaojing Liao, Jianzhong Li.
in the Proceedings of the IEEE Global Communications Conference (GLOBECOM), 2012. (Acceptance rate: 23.5%)