• 2024

Understanding and Analyzing Appraisal Systems in the Underground Marketplaces
Zhengyi Li, Xiaojing Liao
in Proceedings of ISOC Network and Distributed System Security Symposium (NDSS), 2024 (Acceptance rate: ??%) 

​MAWSEO: Adversarial Wiki Search Poisoning for Illicit Online Promotion
Zilong Lin, Zhengyi Li, Xiaojing Liao, XiaoFeng Wang, Xiaozhong Liu
in Proceeding of IEEE Symposium on Security and Privacy (Oakland), 2024. (Acceptance rate: ??%) 

• 2023

Vulnerability Intelligence Alignment via Masked Graph Attention Networks
Yue Qin, Yue Xiao, Xiaojing Liao
in Proceedings of ACM Conference on Computer and Communications Security (CCS), 2023. (Acceptance rate: ??%) 

Stolen Risks of Models with Security Properties
Yue Qin, Zhuoqun Fu, Chuyun Deng, Xiaojing Liao, Jia Zhang, Haixin Duan
in Proceedings of ACM Conference on Computer and Communications Security (CCS), 2023. (Acceptance rate: ??%) 

Understanding and Detecting Abusive Image Hosting Modules as Malicious Services.
Geng Hong, Mengying Wu, Pei Chen, Xiaojing Liao, Guoyi Ye, Min Yang.  
in Proceedings of ACM Conference on Computer and Communications Security (CCS), 2023. (Acceptance rate: ??%) ​

Lalaine: Measuring and Characterizing Non-Compliance of Apple Privacy Labels at Scale
​Yue Xiao, Zhengyi Li, Yue Qin, Xiaolong Bai, Jiale Guan, Xiaojing Liao, Luyi Xing
in Proceedings of USENIX Security Symposium (Security), 2023. (Acceptance rate: 29%)
           [Artifact Appendix]
​​Showcase in the 2023 NSA CAE-R Research Symposium

Are You Spying on Me? Large-Scale Analysis on IoT Data Exposure through Companion Apps
Yuhong Nan*, Xueqiang Wang*, Luyi Xing, Xiaojing Liao,Ruoyu Wu, Jianliang Wu, Yifan Zhang, XiaoFeng Wang
in Proceedings of USENIX Security Symposium (Security), 2023. (Acceptance rate: 29%)
​(* with equal contribution)

Detecting and Measuring Aggressive Location Harvesting in Mobile Apps via Data-flow Path Embedding
Haoran Lu*, Qingchuan Zhao*, Yongliang Chen, Xiaojing Liao, Zhiqiang Lin
in Proceedings of ACM SIGMETRICS conference, 2023. (Acceptance rate: 21%)
(* with equal contribution)

•  2022

OS-Aware Vulnerability Prioritization via Differential Severity Analysis
Qiushi Wu*, Yue Xiao*, Xiaojing Liao, Kangjie Lu
in Proceedings of USENIX Security Symposium (Security), 2022. (Acceptance rate: 17.2%)
(* with equal contribution)
           [code/data]
​
Analyzing Ground-Truth Data of Mobile Gambling Scam
Geng Hong, Zhemin Yang, Sen Yang, Xiaojing Liao, Xiaolin Du, Min Yang, Haixin Duan.
in Proceedings of IEEE Symposium on Security and Privacy (Oakland), 2022. (Acceptance rate: 14.5%)

Robbery on DevOps: Understanding and Mitigating Illicit Cryptomining on Continuous Integration Service Platforms
Zhi Li, Weijie Liu, Hongbo Chen, XiaoFeng Wang, Xiaojing Liao, Luyi Xing, Mingming Zha, Hai Jin, Deqing Zou
in Proceedings of IEEE Symposium on Security and Privacy (Oakland), 2022. (Acceptance rate: 14.5%)

Demystifying Local Business Search Poisoning for Illicit Drug Promotion
Peng Wang*, Zilong Lin*, Xiaojing Liao, XiaoFeng Wang
 in Proceedings of ISOC Network and Distributed System Security Symposium (NDSS), 2022. (Acceptance rate: 16.2%)
(* with equal contribution)
Top10 finalist in CSAW Best Applied Research Paper Competition, 2022

Exploring the Reproductive Black Market: Fertility Medications on the Dark Web
Zhengyi Li, Kyle Le, Xiaojing Liao, Brent Monseur.  
The American Society for Reproductive Medicine Scientific Congress & Expo, 2022

• 2021​

Learning Security Classifiers with Verified Global Robustness Properties
Yizheng Chen, Shiqi Wang, Yue Qin, Xiaojing Liao, Suman Jana, David Wagner
in Proceedings of ACM Conference on Computer and Communications Security (CCS), 2021. (Acceptance rate: 22.3%) 
           [code/data]
ACM CCS Best Paper Award runner-up, 2021

Understanding Malicious Cross-library Data Harvesting on Android
Jice Wang*, Yue Xiao*, Xueqiang Wang, Yuhong Nan, Luyi Xing, Xiaojing Liao, JinWei Dong, Nicolas Serrano, XiaoFeng Wang, Yuqing Zhang, Haoran Lu
in Proceedings of USENIX Security Symposium (Security), 2021. (Acceptance rate: 18.7%)
(* with equal contribution)
           [code/data]
           ​Media coverage: Forbes, CNBC, ZDNet, The Register, The Hacker News, Naked Security, etc.

Evil Under the Sun: Understanding and Discovering Attacks on Ethereum Decentralized Applications
Liya Su*, Xinyue Shen*, Xiangyu Du, Xiaojing Liao, XiaoFeng Wang, Luyi Xing, Baoxu Liu
in Proceedings of USENIX Security Symposium (Security), 2021. (Acceptance rate: 18.7​%)
(* with equal contribution)

Your Phone is My Proxy: Detecting and Understanding Mobile Proxy Networks
Xianghang Mi, Siyuan Tang, Zhengyi Li, Xiaojing Liao, Feng Qian, XiaoFeng Wang
in Proceedings of ISOC Network and Distributed System Security Symposium (NDSS), 2021. (Acceptance rate: 15.2%)

​Demystifying the Dark Web Opioid Trade: Content Analysis on Anonymous Market Listings and Forum Posts
Zhengyi Li, Xiangyu Du, Xiaojing Liao, Xiaoqian Jiang, Tiffany Champagne-Langabeer
Journal of Medical Internet Research (JMIR). (Impact Factor: 5.03)
           Media coverage: U.S.News, HealthDay
​
Price TAG: Towards Semi-Automatically Discovery Tactics, Techniques and Procedures of E-Commerce Cyber Threat Intelligence.
Yiming Wu, Qianjun Liu, Xiaojing Liao, Shouling Ji, Peng Wang, Xiaofeng Wang, Chunming Wu, Zhao Li.
IEEE Transactions on Dependable and Secure Computing.

• 2020

Design Pitfalls in Commercial Mini-Programs on Android and iOS
Haoran Lu, Luyi Xing, Xiaojing Liao
Black Hat Europe 2020

RTFM! Automatic Assumption Discovery and Verification Derivation from Library Document for API Misuse Detection
Tao Lv, Ruishi Li, Yi Yang, Kai Chen, Xiaojing Liao, XiaoFeng Wang, Peiwei Hu, Luyi Xing
in the ACM Conference on Computer and Communications Security (CCS), 2020. (Acceptance rate: 17%)
​
Zombie Awakening: Stealthy Hijacking of Active Domains Through DNS Hosting Referral
Eihal Alowaisheq, Siyuan Tang, Zhihao Wang, Fatemah Alharbi, Xiaojing Liao, XiaoFeng Wang
in the ACM Conference on Computer and Communications Security (CCS), 2020. (Acceptance rate: 17%)

Demystifying Resource Management Risks in Emerging Mobile App-in-App Ecosystems
Haoran Lu, Luyi Xing,  ​Yue Xiao, Yifan Zhang, Xiaojing Liao, Xiaofeng Wang, Xueqiang Wang
in the ACM Conference on Computer and Communications Security (CCS), 2020. (Acceptance rate: 17%)
          [attack demo/code/data]
          CVE-2019-5767, Opera Security Hall of Fame

Into the Deep Web: Understanding E-commerce Fraud from Autonomous Chat with Cybercriminals
Peng Wang, Xiaojing Liao, Yue Qin, XiaoFeng Wang
in the Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS), 2020. (Acceptance rate: 17%)
          [code/data]

• 2019

Devils in the Guidance: Predicting Logic Vulnerabilities in Payment Syndication Services through Automated Documentation Analysis
Yi Chen, Luyi Xing, Yue Qin, Xiaojing Liao, XiaoFeng Wang, Kai Chen, Wei Zou
in Proceedings of USENIX Security Symposium (Security), 2019. (Acceptance rate: 16%)
            [code/data]

Understanding and Securing Device Vulnerabilities through Automated Bug Report Analysis
Xuan Feng, Xiaojing Liao, XiaoFeng Wang, Haining Wang, Qiang Li, Kai Yang, Hongsong Zhu, Limin Sun
in Proceedings of USENIX Security Symposium (Security), 2019. (Acceptance rate: 16%)

Understanding iOS-based Crowdturfing through Hidden UI Analysis
Yeonjoon Lee, Xueqiang Wang, Kwangwuk Lee, Xiaojing Liao, XiaoFeng Wang, Tongxin Li, Xianghang Mi
in Proceedings of USENIX Security Symposium (Security), 2019. (Acceptance rate: 16%)

Stealthy Porn: Understanding Real-World Adversarial Images for Illicit Online Promotion
Kan Yuan, Di Tang, Xiaojing Liao, XiaoFeng Wang, Xuan Feng, Yi Chen, Menghan Sun, Haoran Lu, Kehuan Zhang
in Proceedings of IEEE Symposium on Security and Privacy (Oakland), 2019. (Acceptance rate: 12%)
            [code]
​
Resident Evil: Understanding Residential IP Proxy as a Dark Service
Xianghang Mi, Xuan Feng, Xiaojing Liao, Baojun Liu, XiaoFeng Wang, Feng Qian, Zhou Li, Sumayah Alrwais, Limin Su, Ying Liu.
in Proceedings of IEEE Symposium on Security and Privacy (Oakland), 2019. (Acceptance rate: 12%)
            [code/data]
​
Cracking Wall of Confinement: Understanding and Analyzing Malicious Domain Takedowns
Eihal Alowaisheq, Peng Wang, Sumayah Alrwais, Xiaojing Liao, XaioFeng Wang, Tasneem Alowaisheq, XiangHang Mi,
Siyuan Tang, Baojun Liu
in the Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS), 2019. ​ (Acceptance rate: 17%)
NDSS Distinguished Paper Award, 2019.

​

• 2018

​Reading Thieves' Cant: Automatically Identifying and Understanding Dark Jargons from Cybercrime Marketplaces 
Kan Yuan, Haoran Lu, Xiaojing Liao, XiaoFeng Wang. 
in Proceedings of USENIX Security Symposium (Security), 2018. (Acceptance rate: 19%)
         [code/data]

Game of Missuggestions: Semantic Analysis of Search-Autocomplete Manipulations
Peng Wang, Xianghang Mi, Xiaojing Liao, XiaoFeng Wang, Kan Yuan, Feng Qian, and Raheem Beyah.
in the Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS), 2018. ​ (Acceptance rate: 21%)
         [summary on the Morning Paper]
         Media coverage: BleepingComputer

Cloud Repository as a Malicious Service: Challenge, Identification and Implication.
Xiaojing Liao, Sumach Alrwais, Kan Yuan, Luyi Xing, XiaoFeng Wang, Shuang Hao, and Raheem Beyah. 
Cybersecurity. 2018 (Invited paper)

• 2017

SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits.
Wei You, Peiyuan Zong, Kai Chen, Xiaofeng Wang, Xiaojing Liao, Pan Bian, Bin Liang
in the Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2017.  (Acceptance rate: 18.1%)

Under the Shadow of Sunshine: Understanding and Detecting BulletProof Hosting on Legitimate Service.
Sumayah Alrwais, Xiaojing Liao, Xianghang Mi, Peng Wang, XiaoFeng Wang,  Feng Qian, Raheem Beyah, Damon McCoy.
in the Proceedings of the IEEE Symposium on Security and Privacy (Oakland), 2017. (Acceptance rate: 13.3%)

Di-PriDA: Differentially Private Distributed Load Balancing Control for the Smart Grid.
Xiaojing Liao, Preethi Srinivasan, David Formby, and Raheem Beyah.  
IEEE Transactions on Dependable and Secure Computing (TDSC), 2017.

Apple ZeroConf Holes: How Hackers Can Steal iPhone Photos.
Luyi Xing, Xiaolong Bai, Nan Zhang, XiaoFeng Wang, Xiaojing Liao, Tongxin Li, and Shi-min Hu.  
IEEE Security & Privacy Magazine, 2017. (Invited paper)

• 2016

Seeking Nonsense, Looking for Trouble: Efficient Promotional-Infection Detection through Semantic Inconsistency Search.
Xiaojing Liao, Kan Yuan, XiaoFeng Wang, Zhongyu Pei, Hao Yang, Jianjun Chen, Haixin Duan, Kun Du, Eihal Alowaisheq, Sumayah Alrwais, Luyi Xing, and Raheem Beyah.  
in the Proceedings of the IEEE Symposium on Security and Privacy (Oakland), 2016. (Acceptance rate: 13.3%)
​
Staying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf. 
Luyi Xing, Xiaolong Bai, Nan Zhang, XiaoFeng Wang, Xiaojing Liao, Tongxin Li, and Shi-min Hu. 
in the IEEE Symposium on Security and Privacy (Oakland), 2016. (Acceptance rate: 13.3%)

Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service. 
Xiaojing Liao, Sumach Alrwais, Kan Yuan, Luyi Xing, XiaoFeng Wang, Shuang Hao, and Raheem Beyah. 
in the Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2016. (Acceptance rate: 15.3%)

Acing the IOC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence. 
Xiaojing Liao, Kan Yuan, XiaoFeng Wang, Zhou Li, Luyi Xing, and Raheem Beyah. 
in the Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2016. (Acceptance rate: 15.3%)

• [supplementary material]|[summary on the Morning Paper]

Third place in CSAW Best Applied Research Paper Competition, 2016.
Showcase in Defense Innovation Technology Challenge, 2017

Characterizing Long-tail SEO Spam on Cloud Web Hosting Services. 
Xiaojing Liao, Chang Liu, Damon Mccoy, Elaine Shi, Shuang Hao, and Raheem Beyah. 
in the Proceedings of the International World Wide Web (WWW) Conference, 2016. (Acceptance rate: 15.8%)

Catching Predators at Watering Holes: Finding and Understanding Strategically Compromised Websites. 
Sumayah Alrwais, Kan Yuan, Eihal Alowaisheq, Xiaojing Liao, Alina Oprea, Xiaofeng Wang, Zhou Li. 
in Proceedings of the 32nd Annual Computer Security Applications Conference (ACSAC), 2016. (Acceptance rate: 22.8%)

• 2015

Cracking App Isolation on Apple: Unauthorized Cross-App Resource Access on MAC OS X and iOS. 
Luyi Xing, Xiaolong Bai, Tongxin Li, XiaoFeng Wang, Kai Chen, and Xiaojing Liao. 
in the Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2015. (Acceptance rate: 19.8%)
Top10 finalist in CSAW Best Applied Research Paper Competition, 2015.

• 2014

S-MATCH: Verifiable Privacy-preserving Profile Matching for Mobile Social Services. 
Xiaojing Liao, Selcuk Uluagac, and Raheem A. Beyah. 
in the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2014. (Acceptance rate: 19.8%)

Towards Secure Meter Data Analysis via Distributed Differential Privacy.
Xiaojing Liao, David Formby, Carson Day and Raheem Beyah.  
In the International Workshop on Trustworthiness of Smart Grids (ToSG), June 2014. 

• 2013

Minimum-sized Positive Influential Node Set Selection for Social Networks: Considering Both Positive and Negative Influences. 
Jing (Selena) He, Shouling Ji, Xiaojing Liao, Hisham Haddad, and Raheem Beyah. 
in the IEEE International Performance, Computing, and Communication Conference (IPCCC), 2013. (Acceptance rate: 18.9%)

• 2012

Privacy-preserving and Secure Top-k Query in Two-tier Wireless Sensor Network.
Xiaojing Liao, Jianzhong Li. 
in the Proceedings of the IEEE Global Communications Conference (GLOBECOM), 2012. (Acceptance rate: 23.5%)