Cyber Security Lab

Papers

---

2023

• Co-creation in secure software development: Applied ethnography and the interface of software and development.
  Daniel Lende, Alexis Monkhouse, Jay Ligatti, and Xinming Ou.
  Human Organization.
  To appear, March 2023.

• Security Analysis of Trust on the Controller in the Matter Protocol Specification
  Kumar Shashwat, Francis Hahn, Xinming Ou, and Anoop Singhal.
  In 2023 IEEE Conference on Communications and Network Security (CNS).
  

---

2022

• Towards optimal triage and mitigation of context-sensitive cyber vulnerabilities
  Soumyadeep Hore, Fariha Moomtaheen, Ankit Shah, and Xinming Ou.
  IEEE Transactions on Dependable and Secure Computing (TDSC).
  

---

2021

• An analysis of the role of situated learning in starting a security culture in a software company.
  Anwesh Tuladhar, Daniel Lende, Jay Ligatti, and Xinming Ou. In Seventeenth Symposium on Usable Privacy and Security (SOUPS).
  Distinguished Paper Award.
  (Acceptance rate: 26.5%).

---

2020

• Cyber-physical-social interdependencies and organizational resilience: A review of water, transportation, and cyber infrastructure systems and processes.
  Shima Mohebbi, Qiong Zhang, E Christian Wells, Tingting Zhao, Hung Nguyen, Mingyang Li, Noha Abdel-Mottaleb, Shihab Uddin, Qing Lu, Mathews J Wakhungu, Zhiqiang Wu, Yu Zhang, Anwesh Tuladhar, and Xinming Ou.
  Sustainable Cities and Society.

• An ethnographic understanding of software (in)security and a co-creation model to improve secure software development.
  Hernan Palombo, Armin Ziaie Tabari, Daniel Lende, Jay Ligatti, and Xinming Ou.
  In Sixteenth Symposium on Usable Privacy and Security (SOUPS) .
  (Acceptance rate: 19.8%).

• Hybrid analysis of Android apps for security vetting using deep learning.
  Dewan Chaulagain, Prabesh Poudel, Prabesh Pathak, Sankardas Roy, Doina Caragea, Guojun Liu, and Xinming Ou.
  In IEEE Conference on Communications and Network Security (CNS) .

• GPU-based static data-flow analysis for fast and scalable Android app vetting.
  Xiaodong Yu, Fengguo Wei, Xinming Ou, Michela Becchi, Tekin Bicer, and Danfeng Yao.
  In IEEE International Symposium on Parallel and Distributed Processing (IPDPS).

• Experimental study of machine learning based malware detection systems’ practical utility.
  Yuping Li, Doina Caragea, Lawrence Hall, and Xinming Ou.
  In HICSS Symposium on Cybersecurity Big Data Analytics .

---

2019

• Topology-aware hashing for effective control flow graph similarity analysis.
  Yuping Li, Jiyong Jang, and Xinming Ou.
  In 15th EAI International Conference on Security and Privacy in Communication Networks. (SecureComm)

---

2018

• JNSAF: Precise and Efficient NDK/JNI-aware Inter-language Static Analysis Framework for Security Vetting of Android Applications with Native Code. Fengguo Wei, Xingwei Lin, Xinming Ou, Ting Chen, Xiaosong Zhang. In the 25th ACM Conference on Computer and Communications Security. (CCS 2018) (Acceptance rate: 16.6%)

• Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps. Fengguo Wei, Sankardas Roy, Xinming Ou, and Robby. ACM Transactions on Privacy and Security. (TOPS 2018)

---

2017

• Android malware clustering through malicious payload mining. Yuping Li, Jiyong Jang, Xin Hu, and Xinming Ou. In the 20th International Symposium on Research on Attacks, Intrusions and Defenses (RAID 2017), Atlanta, GA, September 18-20, 2017. (Acceptance rate: 20%)

• Amandroid: A precise and general inter-component data flow analysis framework for security vetting of android apps Fengguo Wei, Sankardas Roy, Xinming Ou, and Robby. Technical report 2017-4, Argus Cybersecurity Lab, University of South Florida, Computer Science and Engineering Department. May, 2017.

• MTD CBITS: Moving target defense for cloud-based IT systems Alexandru G. Bardas, Sathya C. Sundaramurthy, Xinming Ou and Scott A. Deloach. European Symposium on Research in Computer Security (ESORICS’17), Oslo, Norway, September 11-13, 2017.

• Deep ground truth analysis of current android malware. Fengguo Wei, Yuping Li, Sankardas Roy, Xinming Ou, and Wu Zhou. In 14th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2017), Bonn, Germany. July 6-7, 2017. (Acceptance rate: 27%)

• Enhanced security of building automation systems through microkernel-based controller platforms. Xiaolong Wang, Richard Habeeb, Xinming Ou, Siddharth Amaravadi, John Hatcliff, Masaaki Mizuno, Mitchell Neilsen, S. Raj Rajagopalan, Srivatsan Varadarajan. In The Second IEEE International Workshop on Communication, Computing, and Networking in Cyber Physical Systems (CCNCPS 2017), Atlanta, GA, USA, June 5, 2017.

• Humans are dynamic - our tools should be too. Sathya Chandran Sundaramurthy, Michael Wesch, Xinming Ou, John McHugh, S. Raj Rajagopalan, and Alexandru G. Bardas. IEEE Internet Computing, Volume: 21, Issue: 3, May-June 2017.

• Android malware clustering through malicious payload mining. Yuping Li, Jiyong Jang, Xin Hu, and Xinming Ou. Technical report 2017-1, Argus Cybersecurity Lab, University of South Florida, Computer Science and Engineering Department. February, 2017.

---

2016

• Risk analysis with execution-based model generation. Jaime C. Acosta, Edgar Padilla, John Homer, and Xinming Ou. Journal of Cyber Security and Information Systems, Vol 5, No. 1, December, 2016.

• Android malware detection with weak ground truth data. Jordan DeLoach, Doina Caragea, and Xinming Ou.
  In 3rd International Workshop on Pattern Mining and Application of Big Data (BigPMA), Washington D.C., USA, December 5-8, 2016.

• A bottom-up approach to applying graphical models in security analysis (invited paper). Xinming Ou. In Third International Workshop on Graphical Models for Security (GramSec’16), Lisbon, Portugal, June 27, 2016. Lecture Notes in Computer Science, Vol 9987, pp 1-24, September, 2016.

• Turning contradictions into innovations or: How we learned to stop whining and improve security operations. Sathya Chandran Sundaramurthy, John McHugh, Xinming Ou, Michael Wesch, Alexandru G. Bardas, and S. Raj Rajagopalan. In Symposium On Usable Privacy and Security (SOUPS 2016), Denver, CO, USA, June 22-24, 2016. (Acceptance rate: 28%)

---

2015

• Experimental study with real-world data for Android app security analysis using machine learning. Sankardas Roy, Jordan DeLoach, Yuping Li, Nic Herndon, Doina Caragea, Xinming Ou, Venkatesh Prasad Ranganath, Hongmin Li, and Nicolais Guevara. 31st Annual Computer Security Applications Conference (ACSAC’15), Los Angeles, California, USA, Dec 7-11, 2015. (Acceptance rate: 24%)

• Predicting cyber risks through national vulnerability database. Su Zhang, Xinming Ou and Doina Caragea. Information Security Journal: A Global Perspective 24:4-6, 194-206, Taylor & Francis, Nov 30, 2015.

• Assessing attack surface with component-based package dependency. Su Zhang, Xinwen Zhang, Xinming Ou, Nigel Edwards, Jing Jin, and Liqun Chen. In the 9th International Conference on Network and System Security (NSS), New York, USA, November, 2015. (Acceptance rate: 36%)

• Secure RTOS architecture for building automation. Xiaolong Wang, Masaaki Mizuno, Mitch Neilsen, Xinming Ou, S. Raj Rajagopalan, Will G. Baldwin, and Bryan Phillips. In First ACM Workshop on Cyber-Physical Systems Security and Privacy (CPS-SPC)}, Denver, CO, USA, October, 2015.

• An empirical study on current models for reasoning about digital evidence. Stefan Nagy, Imani Palmer, Sathya Chandran Sundaramurthy, Xinming Ou, and Roy Campbell. In 10th International Conference on Systematic Approaches to Digital Forensic Engineering (SADFE), Málaga, Spain, Sept 30-Oct 2, 2015.

• A theory of cyber attacks – a step towards analyzing MTD systems. Rui Zhuang, Alexandru G. Bardas, Scott A. Deloach, and Xinming Ou. In CCS 2015 MTD Workshop, Denver, CO, USA, October, 2015.

• Experimental study of fuzzy hashing in malware clustering analysis. Yuping Li, Sathya Chandran Sundaramurthy, Alexandru G. Bardas, Xinming Ou, Doina Caragea, Xin Hu, and Jiyong Jang. 8th Workshop on Cyber Security Experimentation and Test (CSET’15), Washington, D.C., USA, Aug 10, 2015. (Acceptance rate: 31%)

• A human capital model for mitigating security analyst burnout. Sathya Chandran Sundaramurthy, Alexandru G. Bardas, Jacob Case, Xinming Ou, Michael Wesch, John McHugh, and S. Raj Rajagopalan. Symposium On Usable Privacy and Security (SOUPS 2015), Ottawa, Canada, July 22-24, 2015. (Distinguished Paper Award. Acceptance rate: 25%)

• Practical always-on taint tracking on mobile devices. Justin Paupore, Earlence Fernandes, Atul Prakash, Sankardas Roy, and Xinming Ou. 15th Workshop on Hot Topics in Operating Systems (HotOS’15), Kartause, Switzerland, May 18-20, 2015. (Acceptance rate: 32%)

• Security optimization of dynamic networks with probabilistic graph modeling and linear programming. Hussain M.J. Almohri, Layne T. Watson, Danfeng Yao, and Xinming Ou IEEE Transactions on Dependable and Secure Computing (TDSC), vol.PP, no.99, March 2015.

---

2014

• Compiling abstract specifications into concrete systems - bringing order to the cloud. Ian Unruh, Alexandru G. Bardas, Rui Zhuang, Xinming Ou, and Scott A. DeLoach. 28th Large Installation System Administration Conference (LISA’14).

• Amandroid: A precise and general inter-component data flow analysis framework for security vetting of Android apps. Fengguo Wei, Sankardas Roy, Xinming Ou, and Robby. In 21st ACM Conference on Computer and Communications Security (CCS 2014).

• Towards a theory of moving target defense. Rui Zhuang, Scott A. DeLoach, and Xinming Ou. In First ACM Workshop on Moving Target Defense (MTD 2014).

• Metrics of security. Yi Cheng, Julia Deng, Jason Li, Scott A. DeLoach, Anoop Singhal, and Xinming Ou. In Alexander Kott, Cliff Wang, Robert F. Erbacher (eds) Cyber Defense and Situational Awareness. Springer Advances in Information Security Volume 62, 2014, pp 263-295. Oct 3, 2014.

• A aale of three security operation centers. Sathya Chandran Sundaramurthy, Jacob Case, Tony Truong, Loai Zomlot, and Marcel Hoffmann. CCS Workshop on Security Information Workers.

• An anthropological approach to studying CSIRTs. Sathya Chandran Sundaramurthy, John McHugh, Xinming Ou, S. Raj Rajagopalan, and Michael Wesch. IEEE Security & Privacy Special Issue on CSIRTs. Sept/Oct, 2014. PrePrint.

• After we knew it: Empirical study and modeling of cost-effectiveness of exploiting prevalent known vulnerabilities across iaas cloud. Su Zhang, Xinwen Zhang, and Xinming Ou. 9th ACM Symposium on Information, Computer and Communications Security (ASIACCS), Kyoto, Japan, June, 2014.

• A model for analyzing the effect of moving target defenses on enterprise networks. Rui Zhuang, Scott A. DeLoach, and Xinming Ou. 9th Cyber and Information Security Research Conference (CSIRC), Oak Ridge, Tennessee, USA, April, 2014.

• Model-driven, moving-target defense for enterprise network security. Scott DeLoach, Xinming Ou, Rui Zhuang, Su Zhang. In Uwe Aßmann, Nelly Bencomo, Gordon Blair, Betty H. C. Cheng, Robert France(eds) State-of-the-Art Survey Volume on Models @run.time. Springer LNCS (in press).

---

2013

• Aiding intrusion analysis using machine learning. Loai Zomlot, Sathya Chandran, Doina Caragea, and Xinming Ou. 12th International Conference on Machine Learning and Applications (ICMLA’13), Miami, Florida, USA, December, 2013.

• Aggregating vulnerability metrics in enterprise networks using attack graphs. John Homer, Su Zhang, Xinming Ou, David Schmidt, Yanhui Du, S. Raj Rajagopalan, and Anoop Singhal. Journal of Computer Security, Vol 21, No. 4, September, 2013.

• Investigating the application of moving target defenses to network security. Rui Zhuang, Su Zhang, Alexandru G. Bardas, Scott A. DeLoach, Xinming Ou, and Anoop Singhal. 6th International Symposium on Resilient Control Systems (ISRCS), August, 2013.

• Setting up and using a cyber security lab for education purposes. Alexandru G. Bardas and Xinming Ou. Journal of Computing Sciences in Colleges Vol. 28, Issue 5, May 2013.

• Mission-oriented moving target defense based on cryptographically strong network dynamics. Justin Yackoski, Jason Li, Scott A. DeLoach, and Xinming Ou. The 8th Annual Cyber Security and Information Intelligence Research Workshop (CSIIRW), Oak Ridge National Laboratory, Oka Ridge, TN, USA, Jan 2013.

---

2012

• Investigative response modeling and predictive datacollection. Dan Moor, S. Raj Rajagopalan, Sathya Chandran Sundaramurthy, and Xinming Ou. The seventh IEEE eCrime Researchers Summit (eCrime’12), Las Croabas, Puerto Rico, USA, October, 2012.

• Simulation-based approaches to studying effectiveness of moving-target network defense. Rui Zhuang, Su Zhang, Scott A. DeLoach, Xinming Ou, and Anoop Singhal. National Symposium on Moving Target Research, Annapolis, MD, USA, June, 2012.

• Classification of UDP traffic for DDoS detection. Alexandru G. Bardas, Loai Zomlot, Sathya Chandran Sundaramurthy, Xinming Ou, S. Raj Rajagopalan, and Marc R. Eisenbarth. 5th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), San Jose, California, USA, April 2012.

• A certificate infrastructure for machine-checked proofs of conditional information flow. Torben Amtoft, Josiah Dodds, Zhi Zhang, Andrew Appel, Lennart Beringer, John Hatcliff, Xinming Ou, and Andrew Cousino. First conference on Principles of Security and Trust (POST’12, part of ETAPS 2012), Tallinn, Estonia, March 2012. (Acceptance rate: 30%)

---

2011

• Distilling critical attack graph surface iteratively through minimum-cost SAT solving. Hequing Huang, Su Zhang, Xinming Ou, Atul Prakash, and Karem Sakallah. 27th Annual Computer Security Applications Conference (ACSAC), Orlando, Florida, USA, Dec 2011.

• Quantitative security risk assessment of enterprise networks. Xinming Ou and Anoop Singhal. SpringerBrief Series, Information Security, 2011.

• Prioritizing intrusion analysis using Dempster-Shafer theory. Loai Zomlot, Sathya Chandran Sundaramurthy, Kui Luo, Xinming Ou, and S. Raj Rajagopalan. 4th ACM Workshop on Artificial Intelligence and Security (AISec), Chicago, USA, Oct 2011.

• Security risk analysis of enterprise networks using probabilistic attack graphs. Anoop Singhal and Xinming Ou.
  NIST Interagency Report 7788. Aug. 2011.

• An empirical study of using the national vulnerability database to predict software vulnerabilities. Su Zhang, Doina Caragea, and Xinming Ou. 22nd International Conference on Database and Expert Systems Applications (DEXA), Toulouse, France, August 2011.

• Practical IDS alert correlation in the face of dynamic threats. Sathya Chandran Sundaramurthy, Loai Zomlot, and Xinming Ou. The 2011 International Conference on Security and Management (SAM’11), Las Vegas, USA, July 2011.

• An empirical study of a vulnerability metric aggregation method. Su Zhang, Xinming Ou, Anoop Singhal and John Homer. The 2011 International Conference on Security and Management (SAM’11), special track on Mission Assurance and Critical Infrastructure Protection (STMACIP’11), Las Vegas, USA, July 2011.

• Effective network vulnerability assessment through model abstraction. Su Zhang, Xinming Ou, and John Homer. the Eighth Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Amsterdam, The Netherlands, July 2011.

---

2010

• Using Bayesian Networks for cyber security analysis. Peng Xie, Jason H Li, Xinming Ou, Peng Liu, and Renato Levy. The 40th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2010), Chicago, USA, June 2010. (Acceptance rate: 23%)

---

2009

• An empirical approach to modeling uncertainty in intrusion analysis. Xinming Ou, S. Raj Rajagopalan, and Sakthiyuvaraja Sakthivelmurugan. Annual Computer Security Applications Conference (ACSAC), Honolulu, Hawaii, USA, Dec 2009.

• Uncertainty and risk management in cyber situational awareness. Jason Li, Xinming Ou, and Raj Rajagopalan. In Sushil Jajodia, editor, Cyber Situational Awareness chapter 3. Springer, to appear.

• A sound and practical approach to quantifying security risk in enterprise networks. John Homer, Xinming Ou, and David Schmidt. Technical report, Kansas State University, Computing and Information Sciences Department. August 2009.

• A host-based security assessment architecture for industrial control systems. Abhishek Rakshit and Xinming Ou. 2nd International Symposium on Resilient Control Systems (ISRCS), Idaho Falls, ID, USA, August 2009.

• A comprehensive approach to enterprise network security management. John Homer. Ph.D. dissertation, Kansas State University, May 2009.

• A host-based security assessment architecture for effective leveraging of shared knowledge. Abhishek Rakshit. MS Report, Kansas State University, 2009.

• Techniques for enterprise network security metrics. Anoop Singhal and Xinming Ou. Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies (CSIIRW) , Extended Abstract, April, 2009.

---

2008

• SAT-solving approaches to context-aware enterprise network security management. John Homer and Xinming Ou. IEEE JSAC Special Issue on Network Infrastructure Configuration,

• Security risk prioritization for logical attack graphs. Hussain Almohri MS Thesis, Kansas State University, 2008.

• A practical approach to modeling uncertainty in intrusion analysis. Xinming Ou, Raj Rajagopalan, and Sakthiyuvaraja Sakthivelmurugan. Technical report, Kansas State University, Computing and Information Sciences Department. November 2008.

• Identifying critical attack assets in dependency attack graphs. Reginald Sawilla and Xinming Ou. 13th European Symposium on Research in Computer Security (ESORICS 2008), Malaga, Spain, October 2008. The extended version.

• Improving attack graph visualization through data reduction and attack grouping. John Homer, Ashok Varikuti, Xinming Ou, and Miles A. McQueen. 5th International Workshop on Visualization for Cyber Security (VizSEC 2008), Cambridge, MA, U.S.A., September 2008.

• From attack graphs to automated configuration management - an iterative approach. John Homer, Xinming Ou, and Miles A. McQueen. Technical report, Kansas State University, Computing and Information Sciences Department. January 2008.

---

2007

• Googling attack graphs. Reginald Sawilla and Xinming Ou. Technical report, Defence R&D Canada – Ottawa TM 2007-205, September 2007.

---

2006

• A scalable approach to attack graph generation. Xinming Ou, Wayne F. Boyer, and Miles A. McQueen. 13th ACM Conference on Computer and Communications Security (CCS 2006), Alexandria, VA, U.S.A., October 2006.

• Authorization strategies for virtualized environments in grid computing systems. Xinming Ou, Anna Squicciarini, Sebastien Goasguen, and Elisa Bertino. IEEE Workshop on Web Services Security (WSSS), Berkeley, CA, U.S.A., May, 2006.

---

2005

• A logic-programming approach to network security analysis. Xinming Ou. PhD dissertation, Princeton University, 2005.

• MulVAL: A logic-based network security analyzer. Xinming Ou, Sudhakar Govindavajhala, and Andrew W. Appel. 14th USENIX Security Symposium, Baltimore, Maryland, U.S.A., August 2005. (Acceptance rate: 15%)

• A two-tier technique for supporting quantifiers in a lazily proof-explicating theorem prover. K. Rustan M. Leino, Madan Musuvathi, and Xinming Ou. 11th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 05), Edinburgh, U.K., April 2005.

---

2004

• Dynamic typing with dependent types. Xinming Ou, Gang Tan, Yitzhak Mandelbaum, and David Walker. 3rd IFIP International Conference on Theoretical Computer Science (TCS 04), Toulouse, France, August 2004.

---

2003

• Theorem proving using lazy proof explication. Cormac Flanagan, Rajeev Joshi, Xinming Ou, and James B. Saxe. 15th Computer-Aided Verification conference (CAV 2003), Boulder, CO, U.S.A., July 2003.

• Enforcing resource usage protocols via scoped methods. Gang Tan, Xinming Ou, and David Walker. 10th International Workshop on Foundations of Object-Oriented Languages (FOOL 10), New Orleans, LA, U.S.A., January 2003.

The documents contained in these pages are included to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.