Detection of Intrusions and Malware, and Vulnerability Assessment

.- Web Security .

.- ScamFerret: Detecting Scam Websites Autonomously with Large Language Models.

.- Domain Name Encryption Does Not Ensure Privacy: Website Fingerprinting Attack With Only a Few Samples Using Siamese Network.

.- Making (Only) the Right Calls: Preventing Remote Code Execution Attacks in PHP Applications with Contextual, State-Sensitive System Call Filtering.

.- Poster: Generating the WEB-IDS23 Dataset.

.- Vulnerability Detection .

.- Sourcerer: channeling the void.

.- CodeGrafter: Unifying Source and Binary Graphs for Robust Vulnerability Detection.

.- SyzFroge: An Automated System Call Specification Generation Process for Efficient Kernel Fuzzing.

.- Poster: Machine Learning for Vulnerability Detection as Target Oracle in Automated Fuzz Driver Generation.

.- Side channels .

.- Reverse-Engineering the Address Translation Caches.

.- The HMB Timing Side Channel: Exploiting the SSD's Host Memory Buffer.

.- Cohere+Reload: Re-enabling High-Resolution Cache Attacks on AMD SEV-SNP.

.- Poster: Extracting Cryptographic Keys from Windows Live Processes.

.- Obfuscation .

.- Experimental Study of Binary Diffing Resilience on Obfuscated Programs.

.- Quantifying and Mitigating the Impact of Obfuscations on Machine-Learning-Based Decompilation Improvement.

.- Exploring the Potential of LLMs for Code Deobfuscation.

.- Poster: All Right Then, (Don't) Keep Your Secrets: Exposing API Hashing in Malware.