Publications
- [*Top-tier] Security Top Conferences: S&P (Oakland), ACM CCS, USENIX Security, and NDSS
- [*Top-tier] Published CS Top Conferences: WWW, NeurIPS, ICML, PLDI, OOPSLA, and MobiSys
2025
-
[*Top-tier]
AdvPaint: Protecting Images from Inpainting Manipulation via Adversarial Attention Disruption (to appear)
- Joonsung Jeon, Woo Jae Kim, Suhyeon Ha, Sooel Son, and Sung-eui Yoon.
- 13th International Conference on Learning Representations (ICLR 2025)
-
Evaluating Robustness of Reference-based Phishing Detectors (to appear)
- Eunjin Roh, Sungwoo Jeon, Sooel Son, and Sanghyun Hong.
- 20th ACM ASIA Conference on Computer and Communications Security (AsiaCCS 2025)
2024
- You Only Perturb Once: Bypassing (Robust) Ad-Blockers Using Universal Adversarial Perturbations
-
Targeted Model Inversion: Distilling Style Encoded in Predictions
- Hoyong Jeong, Kiwon Chung, Sung Ju Hwang, and Sooel Son.
- Elsevier Computers & Security (Journal COSE 2024)
- [paper]
2023
-
[*Top-tier]
Effective Targeted Attacks for Adversarial Self-Supervised Learning
- Minseon Kim, Hyeonjeong Ha, Sooel Son, and Sung Ju Hwang.
- 37th Annual Conference on Neural Information Processing Systems (NeurIPS 2023)
- [paper]
- [*Top-tier] AdCPG: Classifying JavaScript Code Property Graphs with Explanations for Ad and Tracker Blocking
-
[*Top-tier]
Margin-based Neural Network Watermarking
- Byungjoo Kim, Suyoung Lee, Seanie Lee, Sooel Son, and Sung Ju Hwang.
- 40th International Conference on Machine Learning (ICML 2023)
- [paper]
- [*Top-tier] RICC: Robust Collective Classification of Sybil Accounts
- [*Top-tier] DiffCSP: Finding Browser Bugs in Content Security Policy Enforcement through Differential Testing
2022
- [*Top-tier] Learning to Generate Inversion-Resistant Model Explanations
-
Evaluating the Robustness of Trigger Set-Based Watermarks Embedded in Deep Neural Networks
- Suyoung Lee, Wonho Song, Suman Jana, Meeyoung Cha, and Sooel Son.
- IEEE Transactions on Dependable and Secure Computing (Journal TDSC 2022)
- [paper]
-
Revisiting Binary Code Similarity Analysis using Interpretable Feature Engineering and Lessons Learned
- Dongkwan Kim, Eunsoo Kim, Sang Kil Cha, Sooel Son, and Yongdae Kim.
- IEEE Transactions on Software Engineering (Journal TSE 2022)
- [paper]
- [*Top-tier] HearMeOut: Detecting Voice Phishing Activities in Android
- [*Top-tier] FUGIO: Automatic Exploit Generation for PHP Object Injection Vulnerabilities
-
[*Top-tier]
Watching the Watchers: Practical Video Identification Attack in LTE Networks
- Sangwook Bae, Mincheol Son, Dongkwan Kim, CheolJun Park, Jiho Lee, Sooel Son, and Yongdae Kim.
- 22nd USENIX Security Symposium (USENIX Security 2022)
- [paper]
- [*Top-tier] HiddenCPG: Large-Scale Vulnerable Clone Detection Using Subgraph Isomorphism of Code Property Graphs
- [*Top-tier] Link: Black-Box Detection of Cross-Site Scripting Vulnerabilities Using Reinforcement Learning
2021
- [*Top-tier] AdCube: WebVR Ad Fraud and Practical Confinement of Third-Party Ads
-
Security Analysis on Practices of Certificate Authorities in the HTTPS Phishing Ecosystem
- Doowon Kim, Haehyun Cho, Yonghwi Kwon, Adam Oest, Adam Doupe, Sooel Son, Gail-Joon Ahn, and Tudor Dumitras.
- 16th ACM ASIA Conference on Computer and Communications Security (ASIACCS 2021)
- [paper]
-
[*Top-tier]
The Abuser Inside Apps: Finding the Culprit Committing Mobile Ad Fraud
- Joongyum Kim, Junghwan Park (co-leading author), and Sooel Son.
- 28th Network & Distributed System Security Symposium (NDSS 2021)
- [paper]
2020
-
Lumos: Improving Smart Home IoT Visibility and Interoperability Through Analyzing Mobile Apps
- Jeongmin Kim, Steven Y. Ko, Sooel Son, and Dongsu Han.
- 28th IEEE International Conference on Network Protocols (ICNP 2020)
- [paper]
- [*Top-tier] Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer
- [*Top-tier] FUSE: Finding File Upload Bugs via Penetration Testing
2019
-
Who Spent My EOS? On the (In)Security of Resource Management of EOS.IO
- Sangsup Lee, Daejun Kim (co-leading author), Dongkwan Kim, Sooel Son, and Yongdae Kim.
- 13th USENIX Workshop on Offensive Technologies (WOOT 2019)
- [paper]
- An Empirical Study of Prioritizing JavaScript Engine Crashes via Machine Learning
-
[*Top-tier]
Doppelgängers on the Dark Web: A Large-scale Assessment on Phishing Hidden Web Services
- Changhoon Yoon, Kwanwoo Kim, Yongdae Kim, Seungwon Shin, and Sooel Son.
- The Web Conference 2019: Security, Privacy, and Trust Research Track (WWW 2019)
- [paper]
-
Hidden Figures: Comparative Latency Analysis of Cellular Networks with Fine-grained State Machine Models
- Sangwook Bae, Mincheol Son, Sooel Son, and Yongdae Kim.
- 20th International Workshop on Mobile Computing Systems and Applications (HOTMOBILE 2019)
- [paper]
-
[*Top-tier]
Cybercriminal Minds: An Investigative Study of Cryptocurrency Abuses in the Dark Web
- Seunghyeon Lee, Changhoon Yoon, Heedo Kang, Yeonkeun Kim, Yongdae Kim, Dongsu Han, Sooel Son, and Seungwon Shin.
- 26th Network & Distributed System Security Symposium (NDSS 2019)
- [paper]
2018
- [*Top-tier] Pride and Prejudice in Progressive Web Apps: Abusing Native App-like Features in Web Applications
~ 2017
- [*Top-tier] What Mobile Ads Know About Mobile Users
-
Toward better server-side Web security
- Sooel Son.
- UTCS Dissertation (2014)
- [paper]
-
[*Top-tier]
Diglossia: Detecting Code Injection Attacks with Precision and Efficiency
- Sooel Son, Kathryn S McKinley, and Vitaly Shmatikov.
- 20th ACM Conference on Computer and Communications Security (CCS 2013)
- [paper]
-
Model Checking Invariant Security Properties in OpenFlow
- Sooel Son, Seungwon Shin, Vinod Yegneswaran, Phil Porras, and Guofei Gu.
- IEEE International Conference on Communications (ICC 2013)
- [paper]
-
[*Top-tier]
The Postman Always Rings Twice: Attacking and Defending postMessage in HTML5 Websites
- Sooel Son and Vitaly Shmatikov.
- 20th Network & Distributed System Security Symposium (NDSS 2013)
- Best student paper award
- [paper]
-
[*Top-tier]
Fix Me Up: Repairing Access-Control Bugs in Web Applications
- Sooel Son, Kathryn S McKinley, and Vitaly Shmatikov.
- 20th Network & Distributed System Security Symposium (NDSS 2013)
- [paper]
-
[*Top-tier]
RoleCast: Finding Missing Security Checks When You Do Not Know What Checks Are
- Sooel Son, Kathryn S McKinley, and Vitaly Shmatikov.
- ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA 2011)
- [paper]
-
SAFERPHP: Finding Semantic Vulnerabilities in PHP Applications
- Sooel Son and Vitaly Shmatikov.
- ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security at PLDI 2011 (PLAS 2011)
- [paper]
-
The Hitckhiker's Guide to DNS Cache Poisoning
- Sooel Son and Vitaly Shmatikov.
- 6th International ICST Conference on Security and Privacy in Communication Networks (SecureCOMM 2010)
- [paper]