Main page

@inproceedings{andropup,
  author = {Platon Kotzias and Juan Caballero and Leyla Bilge},
  title = {{How Did That Get In My Phone? Unwanted App Distribution on Android Devices}},
  booktitle = {Proceedings of the 42nd IEEE Symposium on Security and Privacy},
  address = {San Francisco, CA, USA},
  month = {May},
  year = {2021},
  doi = {},
  url = {https://arxiv.org/abs/2010.10088},
}

@inproceedings{avclass2,
  author = {Silvia Sebastián and Juan Caballero},
  title = {{AVClass2: Massive Malware Tag Extraction from AV Labels}},
  booktitle = {Proceedings of the 2020 Annual Computer Security Applications Conference},
  address = {Virtual Event},
  month = {December},
  year = {2020},
  doi = {10.1145/3427228.3427261},
  url = {https://arxiv.org/pdf/2006.10615},
}

@inproceedings{attribution,
  author = {Silvia Sebastián and Juan Caballero},
  title = {{Towards Attribution in Mobile Markets: Identifying Developer Account Polymorphism}},
  booktitle = {Proceedings of the 27th ACM Conference on Computer and Communication Security},
  address = {Virtual Event},
  month = {November},
  year = {2020},
  doi = {10.1145/3372297.3417281},
}

@inproceedings{cosi,
  author = {Avinash Sudhodanan and Soheil Khodayari and Juan Caballero},
  title = {{Cross-Origin State Inference (COSI) Attacks: Leaking Web Site States through XS-Leaks}},
  booktitle = {Network and Distributed Systems Security Symposium},
  address = {San Diego, CA, USA},
  month = {February},
  year = {2020},
  doi = {https://dx.doi.org/10.14722/ndss.2020.24278},
  url = {https://www.ndss-symposium.org/wp-content/uploads/2020/02/24278.pdf},
}

@article{malsource-journal,
  author = {Alejandro Calleja and Juan Tapiador and Juan Caballero},
  title = {{The MalSource Dataset: Quantifying Complexity and Code Reuse in Malware Development}},
  journal = {IEEE Transactions on Information Forensics and Security},
  publisher = {IEEE},
  volume = {14},
  number = {12},
  month = {December},
  year = {2019},
  pages = {3175-3190},
  issn = {1556-6013},
  doi = {10.1109/TIFS.2018.2885512},
  jcr = {5.824},
  url = {https://arxiv.org/pdf/1811.06888},
}

@article{binsim,
  author = {Irfan Ul Haq and Juan Caballero},
  title = {{A Survey of Binary Code Similarity}},
  journal = {arXiv preprint},
  month = {September},
  year = {2019},
  url = {https://arxiv.org/pdf/1909.11424},
}

@inproceedings{enterprise,
  author = {Platon Kotzias and Leyla Bilge and Pierre-Antoine Vervier and Juan Caballero},
  title = {{Mind your Own Business: A Longitudinal Study of Threats and Vulnerabilities in Enterprises}},
  booktitle = {Network and Distributed Systems Security Symposium},
  address = {San Diego, CA, USA},
  month = {February},
  year = {2019},
  doi = {https://dx.doi.org/10.14722/ndss.2019.23522},
  url = {https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_03B-1-2_Kotzias_paper.pdf},
}

@article{portals,
  author = {Richard Rivera and Platon Kotzias and Avinash Sudhodanan and Juan Caballero},
  title = {{Costly Freeware: A Systematic Analysis of Abuse in Download Portals}},
  journal = {IET Information Security},
  publisher = {IET},
  volume = {13},
  number = {1},
  month = {January},
  year = {2019},
  pages = {27--35},
  issn = {1751-8709},
  doi = {10.1049/iet-ifs.2017.0585},
  jcr = {1.420},
  url = {https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=8611518},
}

@proceedings{DBLP:conf/acsac/2018,
  editor = {Juan Caballero and Guofei Gu},
  title = {Proceedings of the 34th Annual Computer Security Applications Conference,
  {ACSAC} 2018, San Juan, PR, USA, December 03-07, 2018},
  location = {San Juan, Puerto Rico},
  publisher = {{ACM}},
  month = {December},
  year = {2018},
  doi = {10.1145/3274694},
  isbn = {978-1-4503-6569-7},
}

@inproceedings{tls,
  author = {Platon Kotzias and Abbas Razaghpanah and Johanna Amann and Kenneth G. Paterson and Narseo Vallina-Rodriguez and Juan Caballero},
  title = {{Coming of Age: A Longitudinal Study of TLS Deployment}},
  booktitle = {Proceedings of ACM Internet Measurement Conference},
  address = {Boston, MA},
  month = {October},
  year = {2018},
  doi = {10.1145/3278532.3278568},
}

@inproceedings{khunt,
  author = {Juanru Li and Zhiqiang Lin and Juan Caballero and Yuanyuan Zhang and Dawu Gu},
  title = {{K-Hunt: Pinpointing Insecure Cryptographic Keys from Execution Traces}},
  booktitle = {Proceedings of the 25th ACM Conference on Computer and Communication Security},
  address = {Toronto, Canada},
  month = {October},
  year = {2018},
  doi = {10.1145/3243734.3243783},
}

@article{lineage,
  author = {Irfan Ul Haq and Sergio Chica and Juan Caballero and Somesh Jha},
  title = {{Malware Lineage in the Wild}},
  journal = {Computers \& Security},
  publisher = {Elsevier},
  volume = {78},
  month = {August},
  year = {2018},
  pages = {347--363},
  issn = {0167-4048},
  doi = {10.1016/j.cose.2018.07.012},
  jcr = {2.862},
}

@inproceedings{bcd,
  author = {Vishal Karande and Swarup Chandra and Zhiqiang Lin and Juan Caballero and Latifur Khan and Kevin Hamlen},
  title = {{BCD: Decomposing Binary Code Into Components Using Graph-Based Clustering}},
  booktitle = {13th ACM ASIA Conference on Information, Computer and Communications Security},
  address = {Songdo, Korea},
  month = {June},
  year = {2018},
  doi = {10.1145/3196494.3196504},
  url = {https://doi.org/10.1145/3196494.3196504},
}

@proceedings{DBLP:conf/acsac/2017,
  editor = {Davide Balzarotti and Juan Caballero},
  title = {{Proceedings of the 33rd Annual Computer Security Applications Conference,
  Orlando, FL, USA, December 4-8, 2017}},
  location = {Orlando, FL, USA},
  publisher = {{ACM}},
  month = {December},
  year = {2017},
  doi = {10.1145/3134600},
  isbn = {978-1-4503-5345-8},
}

@inproceedings{ppieconomics,
  author = {Platon Kotzias and Juan Caballero},
  title = {{An Analysis of Pay-per-Install Economics Using Entity Graphs}},
  booktitle = {16th Annual Workshop on the Economics of Information Security},
  address = {San Diego, CA, USA},
  month = {June},
  year = {2017},
  doi = {},
  url = {},
}

@inproceedings{candia,
  author = {Chaz Lever and Platon Kotzias and Davide Balzarotti and Juan Caballero and Manos Antonakakis},
  title = {{A Lustrum of Malware Network Communication: Evolution and Insights}},
  booktitle = {Proceedings of the 38th IEEE Symposium on Security and Privacy},
  address = {San Jose, CA, USA},
  month = {May},
  year = {2017},
  doi = {10.1109/SP.2017.59},
}

@inproceedings{torbridges,
  author = {Srdjan Matic and Carmela Troncoso and Juan Caballero},
  title = {{Dissecting Tor Bridges: a Security Evaluation of their Private and
  Public Infrastructures}},
  booktitle = {Proceedings of the Network and Distributed System Security Symposium},
  address = {San Diego, CA, USA},
  month = {February},
  year = {2017},
  doi = {10.14722/ndss.2017.23345},
}

@inproceedings{revprobe,
  author = {Antonio Nappa and Rana Faisal Munir and Irfan Khan Tanoli and Christian Kreibich and Juan Caballero},
  title = {{RevProbe: Detecting Silent Reverse Proxies in Malicious Server Infrastructures}},
  booktitle = {Proceedings of the 2016 Annual Computer Security Applications Conference},
  address = {Los Angeles, CA, USA},
  month = {December},
  year = {2016},
  doi = {10.1145/2991079.2991093},
}

@inproceedings{avclass,
  author = {Marcos Sebasti{\'a}n and Richard Rivera and Platon Kotzias and Juan Caballero},
  title = {{AVClass: A Tool for Massive Malware Labeling}},
  booktitle = {Proceedings of the 19th International Symposium on Research in Attacks, Intrusions and Defenses},
  address = {Evry, France},
  month = {September},
  year = {2016},
  doi = {10.1007/978-3-319-45719-2_11},
}

@inproceedings{malsource,
  author = {Alejandro Calleja and Juan Tapiador and Juan Caballero},
  title = {{A Look into 30 Years of Malware Development from a Software Metrics Perspective}},
  booktitle = {Proceedings of the 19th International Symposium on Research in Attacks, Intrusions and Defenses},
  address = {Evry, France},
  month = {September},
  year = {2016},
  doi = {10.1007/978-3-319-45719-2_15},
}

@inproceedings{ppipup,
  author = {Platon Kotzias and Leyla Bilge and Juan Caballero},
  title = {{Measuring PUP Prevalence and PUP Distribution through Pay-Per-Install Services}},
  booktitle = {Proceedings of the 25th USENIX Security Symposium},
  address = {Austin, TX, USA},
  month = {August},
  year = 2016,
}

@proceedings{DBLP:conf/dimva/2016,
  editor = {Juan Caballero and Urko Zurutuza and Ricardo J. Rodr{\'{\i}}guez},
  title = {Detection of Intrusions and Malware, and Vulnerability Assessment - 13th International Conference, {DIMVA} 2016, San Sebasti{\'{a}}n, Spain, July 7-8, 2016, Proceedings},
  location = {San Sebasti{\'{a}}n, Spain},
  series = {Lecture Notes in Computer Science},
  volume = {9721},
  publisher = {Springer},
  year = {2016},
  doi = {10.1007/978-3-319-40667-1},
  isbn = {978-3-319-40666-4},
}

@article{types,
  author = {Juan Caballero and Zhiqiang Lin},
  title = {{Type Inference on Executables}},
  journal = {ACM Computing Surveys},
  publisher = {ACM},
  volume = {48},
  number = {4},
  month = {May},
  year = {2016},
  pages = {1--35},
  issn = {0360-0300},
  doi = {10.1145/2896499},
  jcr = {5.243},
}

@proceedings{DBLP:conf/essos/2016,
  author = {Juan Caballero and Eric Bodden and Elias Athanasopoulos},
  title = {{Engineering Secure Software and Systems - 8th International
  Symposium, ESSoS 2016. Proceedings}},
  series = {Lecture Notes in Computer Science},
  volume = {9639},
  publisher = {Springer},
  year = {2016},
  doi = {10.1007/978-3-319-30806-7},
  isbn = {978-3-319-30805-0},
}

@inproceedings{ayudante,
  author = {Irfan Ul Haq and Juan Caballero and Michael D. Ernst},
  title = {{Ayudante: Identifying Undesired Variable Interactions}},
  booktitle = {Proceedings of the 13th International Workshop on Dynamic Analysis},
  address = {Pittsburgh, PA, USA},
  month = {October},
  year = {2015},
  doi = {10.1145/2823363.2823366},
}

@inproceedings{malsign,
  author = {Platon Kotzias and Srdjan Matic and Richard Rivera and Juan Caballero},
  title = {{Certified PUP: Abuse in Authenticode Code Signing}},
  booktitle = {Proceedings of the 22nd ACM Conference on Computer and Communication Security},
  address = {Denver, CO, USA},
  month = {October},
  year = {2015},
  doi = {10.1145/2810103.2813665},
}

@inproceedings{caronte,
  author = {Srdjan Matic and Platon Kotzias and Juan Caballero},
  title = {{CARONTE: Detecting Location Leaks for Deanonymizing Tor Hidden Services}},
  booktitle = {Proceedings of the 22nd ACM Conference on Computer and Communication Security},
  address = {Denver, CO, USA},
  month = {October},
  year = {2015},
  doi = {10.1145/2810103.2813667},
}

@inproceedings{wine,
  author = {Antonio Nappa and Richard Johnson and Leyla Bilge and Juan Caballero and Tudor Dimitras},
  title = {{The Attack of the Clones: A Study of the Impact of Shared Code on Vulnerability Patching}},
  booktitle = {Proceedings of the 36th IEEE Symposium on Security and Privacy},
  address = {San Jose, CA, USA},
  month = {May},
  year = {2015},
  doi = {10.1109/SP.2015.48},
}

@proceedings{DBLP:conf/eurosec/2015,
  editor = {Juan Caballero and Michalis Polychronakis},
  title = {Proceedings of the Eighth European Workshop on System Security, EuroSec 2015, Bordeaux, France, April 21, 2015},
  location = {Bordeaux, France},
  publisher = {ACM},
  year = {2015},
  doi = {10.1145/2751323},
  isbn = {978-1-4503-3479-2},
}

@proceedings{DBLP:conf/essos/2015,
  author = {Frank Piessens and Juan Caballero and Nataliia Bielova},
  title = {{Engineering Secure Software and Systems - 7th International
  Symposium, ESSoS 2015, Milan, Italy, March, 4-6, 2015. Proceedings}},
  location = {Milan, Italy},
  series = {Lecture Notes in Computer Science},
  volume = {8978},
  publisher = {Springer},
  year = {2015},
  doi = {10.1007/978-3-319-15618-7},
  isbn = {978-3-319-15617-0},
}

@inproceedings{ndm,
  author = {M. Zubair Rafique and Juan Caballero and Christophe Huygens and Wouter Joosen},
  title = {{Network Dialog Minimization and Network Dialog Diffing: Two Novel Primitives for Network Security Applications}},
  booktitle = {Proceedings of the 2014 Annual Computer Security Applications Conference},
  address = {New Orleans, LA, USA},
  month = {December},
  year = {2014},
  doi = {10.1145/2664243.2664261},
}

@inproceedings{autoprobe,
  author = {Zhaoyan Xu and Antonio Nappa and Robert Baykov and Guangliang Yang and Juan Caballero and Guofei Gu},
  title = {{AutoProbe: Towards Automatic Active Malicious Server Probing Using Dynamic Binary Analysis}},
  booktitle = {Proceedings of the 21st ACM Conference on Computer and Communication Security},
  address = {Scottsdale, AZ, USA},
  month = {November},
  year = {2014},
  doi = {10.1145/2660267.2660352},
}

@inproceedings{whowas,
  author = {Liang Wang and Antonio Nappa and Juan Caballero and Thomas Ristenpart and Aditya Akella},
  title = {{WhoWas: A Platform for Measuring Web Deployments on IaaS Clouds}},
  booktitle = {Proceedings of the 2014 ACM Internet Measurement Conference},
  address = {Vancouver, Candada},
  month = {November},
  year = {2014},
  doi = {10.1145/2663716.2663742},
}

@article{dfrws2014,
  author = {Juan Caballero and Simson Garfinkel},
  title = {{Fourteenth Annual DFRWS Conference}},
  journal = {Digital Investigation},
  volume = {11, Supplement 2},
  number = {0},
  pages = {1--2},
  year = {2014},
  note = {The Proceedings of the 14th Annual Digital Forensics Research Conference},
  issn = {1742-2876},
  doi = {10.1016/j.diin.2014.06.005},
  url = {http://www.sciencedirect.com/science/article/pii/S1742287614000796},
}

@article{malicia-dataset,
  author = {Antonio Nappa and M. Zubair Rafique and Juan Caballero},
  title = {{The MALICIA Dataset: Identification and Analysis of Drive-by Download Operations}},
  journal = {International Journal of Information Security},
  publisher={Springer Berlin Heidelberg},
  volume={14},
  number={1},
  pages={15-33},
  month = {February},
  year = {2015},
  issn={1615-5262},
  doi = {10.1007/s10207-014-0248-7},
  jcr = {1.446},
}

@proceedings{DBLP:conf/eurosec/2014,
  editor = {Davide Balzarotti and Juan Caballero},
  title = {Proceedings of the Seventh European Workshop on System Security, EuroSec 2014, April 13, 2014, Amsterdam, The Netherlands},
  location = {Amsterdam, The Netherlands},
  publisher = {{ACM}},
  year = {2014},
  url = {http://dl.acm.org/citation.cfm?id=2592791},
  isbn = {978-1-4503-2715-2},
}

@inproceedings{sigpath,
  author = {David Urbina and Yufei Gu and Juan Caballero and Zhiqiang Lin},
  title = {{SigPath: A Memory Graph Based Approach for Program Data Introspection and Modification}},
  booktitle = {Proceedings of the 19th European Symposium on Research in Computer Security},
  address = {Wroclaw, Poland},
  month = {September},
  year = {2014},
  doi = {10.1007/978-3-319-11212-1_14},
}

@inproceedings{cyberprobe,
  author = {Antonio Nappa and Zhaoyan Xu and Juan Caballero and Guofei Gu},
  title = {{CyberProbe: Towards Internet-Scale Active Detection of Malicious Servers}},
  booktitle = {Proceedings of the Network and Distributed System Security Symposium},
  address = {San Diego, CA, USA},
  month = {February},
  year = {2014},
  doi = {10.14722/ndss.2014.23218},
}

@inproceedings{xplat,
  author = {Martina Lindorfer and Matthias Neumayr and Juan Caballero and Christian Platzer},
  title = {{POSTER: Cross-Platform Malware: Write Once, Infect Everywhere}},
  booktitle = {Proceedings of the 20th ACM Conference on Computer and Communications Security},
  address = {Berlin, Germany},
  month = {November},
  year = {2013},
  doi = {10.1145/2508859.2512517},
}

@inproceedings{firma,
  author = {M. Zubair Rafique and Juan Caballero},
  title = {{FIRMA: Malware Clustering and Network Signature Generation with Mixed Network Behaviors}},
  booktitle = {Proceedings of the 16th International Symposium on Research in Attacks, Intrusions and Defenses},
  address = {St. Lucia},
  month = {October},
  year = {2013},
  doi = {10.1007/978-3-642-41284-4_8},
}

@article{dfrws2013,
  author = {Clay Shields and Juan Caballero},
  title = {{Thirteenth Annual DFRWS Conference}},
  journal = {Digital Investigation},
  volume = {10, Supplement},
  number = {0},
  pages = {1--2},
  year = {2013},
  note = {The Proceedings of the 13th Annual Digital Forensics Research Conference},
  issn = {1742-2876},
  doi = {10.1016/j.diin.2013.06.015},
  url = {http://www.sciencedirect.com/science/article/pii/S1742287613000613},
}

@inproceedings{driving,
  author = {Antonio Nappa and M. Zubair Rafique and Juan Caballero},
  title = {{Driving in the Cloud: An Analysis of Drive-by Download Operations and Abuse Reporting}},
  booktitle = {Proceedings of the 10th Conference on Detection of Intrusions and Malware \& Vulnerability Assessment},
  address = {Berlin, Germany},
  month = {July},
  year = {2013},
  doi = {10.1007/978-3-642-39235-1_1},
}

@article{protos-journal,
  author = {Juan Caballero and Dawn Song},
  title = {{Automatic Protocol Reverse-Engineering: Message Format Extraction and Field Semantics}},
  journal = {Computer Networks},
  publisher = {Elsevier},
  volume = {57},
  number = {2},
  pages = {451-474},
  month = {February},
  year = {2013},
  doi = {10.1016/j.comnet.2012.08.003},
  jcr = {1.279},
}

@inproceedings{eaas,
  author = {Chris Grier and Lucas Ballard and Juan Caballero and Neha
  Chachra and Christian J. Dietrich and Kirill Levchenko
  and Panayiotis Mavrommatis and Damon McCoy and
  Antonio Nappa and Andreas Pitsillidis and Niels Provos
  and M. Zubair Rafique and Moheeb Abu Rajab and
  Christian Rossow and Kurt Thomas and Vern Paxson and
  Stefan Savage and Geoffrey M. Voelker},
  title = {{Manufacturing Compromise: The Emergence of Exploit-as-a-Service}},
  booktitle = {Proceedings of the 19th ACM Conference on Computer and
  Communication Security},
  address = {Raleigh, NC, USA},
  month = {October},
  year = {2012},
  doi = {10.1145/2382196.2382283},
}

@techreport{artisteTR,
  author = {Juan Caballero and Gustavo Grieco and Mark Marron and Zhiqiang Lin and David Urbina},
  title = {{ARTISTE: Automatic Generation of Hybrid Data Structure Signatures from Binary Code Executions}},
  institution = {IMDEA Software Institute},
  address = {Madrid, Spain},
  number = {TR-IMDEA-SW-2012-001},
  month = {August},
  year = 2012,
}

@article{malicia,
  author = {Juan Caballero},
  title = {{Understanding the Role of Malware in Cybercrime}},
  journal = {ERCIM News},
  volume = {2012},
  number = {90},
  month = {July},
  year = 2012,
  pages = {15-16},
  ee = {http://ercim-news.ercim.eu/images/stories/EN90/EN90-web.pdf},
}

@inproceedings{undangle,
  author = {Juan Caballero and Gustavo Grieco and Mark Marron and Antonio Nappa},
  title = {{Early Detection of Dangling Pointers in Use-After-Free and Double-Free Vulnerabilities}},
  booktitle = {Proceedings of the 2012 International Symposium on Software Testing and Analysis},
  address = {Minneapolis, MN, USA},
  month = {July},
  year = 2012,
  doi = {10.1145/2338965.2336769},
}

@incollection{sniffChapter,
  author = {Juan Caballero and Adam Barth and Dawn Song},
  title = {{Content-Sniffing XSS Attacks: XSS with non-HTML Content}},
  chapter = {4},
  booktitle = {The Death of the Internet},
  editor = {Markus Jakobsson},
  publisher = {Wiley},
  month = {July},
  year = 2012,
  isbn = {978-1-1180-6241-8},
}

@inproceedings{ppi,
  author = {Juan Caballero and Chris Grier and Christian Kreibich and Vern Paxson},
  title = {{Measuring Pay-per-Install: The Commoditization of Malware Distribution}},
  booktitle = {Proceedings of the 20th USENIX Security Symposium},
  address = {San Francisco, CA, USA},
  month = {August},
  year = 2011,
}

@inproceedings{debugging,
  author = {Noah M. Johnson and Juan Caballero and Kevin Chen and
  Stephen McCamant and Pongsin Poosankam and Daniel
  Reynaud and Dawn Song},
  title = {{Differential Slicing: Identifying Causal Execution Differences for Security Applications}},
  booktitle = {Proceedings of the IEEE Symposium on Security and Privacy},
  address = {Oakland, CA, USA},
  month = {May},
  year = 2011,
  doi = {10.1109/SP.2011.41},
}

@phdthesis{caballero-thesis,
  author = {Juan Caballero},
  title = {{Grammar and Model Extraction for Security Applications using Dynamic Program Binary Analysis}},
  month = {September},
  year = 2010,
  address = {Pittsburgh, PA, USA},
  school = {Department of Electrical and Computer Engineering,
  Carnegie Mellon University},
  isbn = {978-1-124-96045-6},
}

@inproceedings{decomposition,
  author = {Juan Caballero and Pongsin Poosankam and Stephen McCamant and Domagoj Babic and Dawn Song},
  title = {{Input Generation Via Decomposition and Re-Stitching: Finding Bugs in Malware}},
  booktitle = {Proceedings of the ACM Conference on Computer and Communications Security},
  address = {Chicago, IL, USA},
  month = {October},
  year = 2010,
  doi = {10.1145/1866307.1866354},
}

@inproceedings{milking,
  author = {Chia Yuan Cho and Juan Caballero and Chris Grier and Vern Paxson and Dawn Song},
  title = {{Insights from the Inside: A View of Botnet Management from Infiltration}},
  booktitle = {Proceedings of the USENIX Workshop on Large-Scale Exploits and Emergent Threats},
  address = {San Jose, CA, USA},
  month = {April},
  year = 2010,
}

@inproceedings{bcr,
  author = {Juan Caballero and Noah M. Johnson and Stephen McCamant and Dawn Song},
  title = {{Binary Code Extraction and Interface Identification for Security Applications}},
  booktitle = {Proceedings of the Network and Distributed System Security Symposium},
  address = {San Diego, CA, USA},
  month = {February},
  year = 2010,
}

@inproceedings{dispatcher,
  author = {Juan Caballero and Pongsin Poosankam and Christian Kreibich and Dawn Song},
  title = {{Dispatcher: Enabling Active Botnet Infiltration Using Automatic Protocol Reverse-Engineering}},
  booktitle = {Proceedings of the ACM Conference on Computer and Communications Security},
  address = {Chicago, IL, USA},
  month = {November},
  year = 2009,
  doi = {10.1145/1653662.1653737},
}

@inproceedings{fieldsig,
  author = {Juan Caballero and Zhenkai Liang and Pongsin Poosankam and Dawn Song},
  title = {{Towards Generating High Coverage Vulnerability-Based Signatures with Protocol-Level Constraint-Guided Exploration}},
  booktitle = {Proceedings of the International Symposium on Recent Advances in Intrusion Detection},
  address = {Saint-Malo, France},
  month = {September},
  year = 2009,
  doi = {10.1007/978-3-642-04342-0_9},
}

@inproceedings{mimesniff,
  author = {Adam Barth and Juan Caballero and Dawn Song},
  title = {{Secure Content Sniffing for {W}eb Browsers {\em or} How to Stop Papers from Reviewing Themselves}},
  booktitle = {Proceedings of the IEEE Symposium on Security and Privacy},
  address = {Oakland, CA, USA},
  month = {May},
  year = 2009,
  doi = {10.1109/SP.2009.3},
}

@inproceedings{bitblaze,
  author = {Dawn Song and David Brumley and Heng Yin and Juan
  Caballero and Ivan Jager and Min Gyung Kang and
  Zhenkai Liang and James Newsome and Pongsin
  Poosankam and Prateek Saxena},
  title = {{BitBlaze: A New Approach to Computer Security Via Binary
  Analysis}},
  booktitle = {Proceedings of the International Conference on Information Systems Security},
  address = {Hyderabad, India},
  month = {December},
  year = 2008,
  doi = {10.1007/978-3-540-89862-7_1},
  note = {Keynote invited paper},
}

@inproceedings{diversity,
  author = {Juan Caballero and Theocharis Kampouris and Dawn Song and Jia Wang},
  title = {{Would Diversity Really Increase the Robustness of the Routing Infrastructure against Software Defects?}},
  booktitle = {Proceedings of the Network and Distributed System Security Symposium},
  address = {San Diego, CA, USA},
  month = {February},
  year = 2008,
}

@inproceedings{polyglot,
  author = {Juan Caballero and Heng Yin and Zhenkai Liang and Dawn Song},
  title = {{Polyglot: Automatic Extraction of Protocol Message Format Using Dynamic Binary Analysis}},
  booktitle = {Proceedings of the ACM Conference on Computer and Communications Security},
  address = {Alexandria, VA, USA},
  month = {October},
  year = 2007,
  doi = {10.1145/1315245.1315286},
}

@inproceedings{deviation,
  author = {David Brumley and Juan Caballero and Zhenkai Liang and James Newsome and Dawn Song},
  title = {{Towards Automatic Discovery of Deviations in Binary Implementations with Applications to Error Detection and Fingerprint Generation}},
  booktitle = {Proceedings of the USENIX Security Symposium},
  address = {Boston, MA, USA},
  month = {August},
  year = 2007,
}

@inproceedings{evasion,
  author = {Min Gyung Kang and Juan Caballero and Dawn Song},
  title = {{Distributed Evasive Scan Techniques and Countermeasures}},
  booktitle = {Proceedings of the GI International Conference on Detection of Intrusions \& Malware, and Vulnerability Assessment},
  address = {Lucerne, Switzerland},
  month = {July},
  year = 2007,
  doi = {10.1007/978-3-540-73614-1_10},
}

@inproceedings{fig,
  author = {Juan Caballero and Shobha Venkataraman and Pongsin Poosankam and Min G. Kang and Dawn Song and Avrim Blum},
  title = {{FiG: Automatic Fingerprint Generation}},
  booktitle = {Proceedings of the Network and Distributed System Security Symposium},
  address = {San Diego, CA, USA},
  month = {February},
  year = {2007},
}

@inproceedings{utopian,
  author = {Shobha Venkataraman and Juan Caballero and Dawn Song and Avrim Blum and Jennifer Yates},
  title = {{Black-box Anomaly Detection: Is it Utopian?}},
  booktitle = {Proceedings of the Workshop on Hot Topics in Networking},
  address = {Irvine, CA, USA},
  month = {November},
  year = 2006,
}

@techreport{fieldsigTR,
  author = {Juan Caballero and Zhenkai Liang and Pongsin Poosankam and Dawn Song},
  title = {{Towards Generating High Coverage Vulnerability-Based Signatures with Protocol-Level Constraint-Guided Exploration}},
  institution = {Cylab, Carnegie Mellon University},
  address = {Pittsburgh, PA, USA},
  number = {CMU-CyLab-08-009},
  month = {June},
  year = 2008,
}

@techreport{stringsTR,
  author = {Juan Caballero and Stephen McCamant and Adam Barth and Dawn Song},
  title = {{Extracting Models of Security-Sensitive Operations Using String-Enhanced White-Box Exploration on Binaries}},
  institution = {EECS Department, University of California, Berkeley},
  address = {Berkeley, CA, USA},
  number = {UCB/EECS-2009-36},
  month = {March},
  year = 2009,
}

@techreport{rosettaTR,
  author = {Juan Caballero and Dawn Song},
  title = {{Rosetta: Extracting Protocol Semantics Using Binary Analysis with Applications to Protocol Replay and {NAT} Rewriting}},
  institution = {Cylab, Carnegie Mellon University},
  address = {Pittsburgh, PA, USA},
  number = {CMU-CyLab-07-014},
  month = {October},
  year = 2007,
}

@techreport{diversityTR,
  author = {Juan Caballero and Theocharis Kampouris and Dawn Song and Jia Wang},
  title = {{Would Diversity Really Increase the Robustness of the Routing Infrastructure against Software Defects}},
  institution = {Cylab, Carnegie Mellon University},
  address = {Pittsburgh, PA, USA},
  number = {CMU-CyLab-07-002},
  month = {February},
  year = 2007,
}