Doowon

Do you own an Android device? Then, please fill out our (anonymous) survey. It takes at most 5 minutes. We found out that a functionality of Android can be exploited for social engineering, and want to assess how widespread this problem may be. Link: forms.gle/aMVSpEWVyqso9E…

3. We are able to identify specific target webpages of legitimate brands used to mimic phishing attacks using HTML structure similarity and style similarity.

1. We reveal that phishing websites use a greater variety of JavaScript libraries than legitimate target brand websites, but the older versions are used for phishing. 2. We find that a considerable number of phishing websites still maintain a basic and simplistic structure

A bit late, but I would like to introduce our recent paper accepted at TheWebConf'24 (WWW). We conducted a comparative analysis of phishing websites and its corresponding legitimate target brand websites, with an emphasis on client-side resources. doowon.github.io/assets/papers/…

Seeking highly motivated and ambitious students! I'm very open to working on various security topics, such as CPS, malware, Android, LLM, the web, etc. If you're interested in working with me, please fill out this form (docs.google.com/forms/d/e/1FAI…).

@ffmagicbean @JaronMink @ASU Congrats!

Proud advisor moment! Jaron (@JaronMink) is joining ASU (@ASU) this fall as an Asst. Professor!

wisec2024.kaist.ac.kr/student-travel… We are excited to announce student travel grant opportunities for WiSec 24. These grants aim to support both US-based and non-US-based students by covering travel expenses, enabling broader participation. Please apply for the grants! @acm_wisec

@blue9057 팀즈가 좋은가요? 슬랙이 좋은가요?

일 하는데 빡쳐서 안되겠어서 Office 365 subscription 사 버렸다. 컴퓨터를 회사 (현재직장)/학교 (이전직장, $0 contract)/개인 용도로 네 대를 쓰니 어쩔 수 가 없도다. 이제 모든 컴퓨터에서 팀즈도 할 수 있다... ㅠㅠ

@BenjaminKim0920 @qialfredchen @IUBloomington @IULuddy Big congrats!

Thrilled to announce I'll be joining the CS Department at Indiana University, Bloomington (@IUBloomington, @IULuddy) as an Assistant Professor in Fall 2024. Huge thanks to my mentors and beloved family members for their unwavering support. Super excited about this new chapter!

My undergraduate research assistant (Parker Collier) wrote a blog post about how we built a code-signing PKI website that parses these certificates from uploaded Windows executables and displays them in a readable format. doowon.github.io/posts/2024/03/…

🔒 Lock in your chance to showcase your groundbreaking research in cybersecurity! 🚀 The RAID 2024 Call for Papers is out (raid2024.github.io)! Submit your paper by April, 9 and join us in Padua!

@ShirinNilizadeh @IEEESSP @SayakSahaRoy @poojithat512 @huggingface @OpenAI @GoogleAI @AnthropicAI Congrats! Looking forward to reading the paper. let me know when the paper is available.

📣 Just a quick reminder that tomorrow the deadline to submit nominations for the Program Committee of #ACSAC2024 is running out: docs.google.com/forms/d/1-Obh2…

Details of @vehiclesec_conf travel grant will appear soon on the website. Meanwhile, you can check the details and apply for the travel grant at this link (drive.google.com/file/d/1kce8st…). - Submission Due: January 26, 2024, 11:59 pm (AOE) - Notification Date: January 30, 2024

Zhou's ranking of top cybersecurity conferences - academic (2023) released -- jianying.space/conference-ran… Ranking history of past 13 years -- jianying.space/conference-ran… #cybersecurity, #ranking

To answer these research questions, we conducted an online study and an in-lab user study with real-world software developers. The short answers are 1) poisoning attacks can be very effective in the real world and 2) Code Generation tools (e.g., ChatGPT) are more effective.

2. We also wanted to compare which type of tools (Code Completion Vs. Code Generation) are more susceptible to poisoning attacks in a real-world setting.

Happy to share our recently accepted paper at @IEEESSP (IEEE S&P) 2024. arxiv.org/abs/2312.06227 We already know that AI-powered coding assistant tools (e.g., ChatGPT, Copilot, and IntelliCode) may be vulnerable to poisoning attacks and suggest insecure code for developers.