• Publications
  • Influence
Detecting SYN flooding attacks
We propose a simple and robust mechanism for detecting SYN flooding attacks. Instead of monitoring the ongoing traffic at the front end (like firewall or proxy) or a victim server itself, we detectExpand
  • 657
  • 38
Detecting Automation of Twitter Accounts: Are You a Human, Bot, or Cyborg?
Twitter is a new web application playing dual roles of online social networking and microblogging. Users communicate with each other by publishing text-based posts. The popularity and open structureExpand
  • 387
  • 34
Who is tweeting on Twitter: human, bot, or cyborg?
Twitter is a new web application playing dual roles of online social networking and micro-blogging. Users communicate with each other by publishing text-based posts. The popularity and open structureExpand
  • 430
  • 31
Hop-count filtering: an effective defense against spoofed DDoS traffic
IP spoofing has been exploited by Distributed Denial of Service (DDoS) attacks to (1) conceal flooding sources and localities in flooding traffic, and (2) coax legitimate hosts into becomingExpand
  • 512
  • 30
Whispers in the Hyper-space: High-speed Covert Channel Attacks in the Cloud
Information security and privacy in general are major concerns that impede enterprise adaptation of shared or public cloud computing. Specifically, the concern of virtual machine (VM) physicalExpand
  • 218
  • 20
Detecting covert timing channels: an entropy-based approach
The detection of covert timing channels is of increasing interest in light of recent practice on the exploitation of covert timing channels over the Internet. However, due to the high variation inExpand
  • 183
  • 19
You Are How You Touch: User Verification on Smartphones via Tapping Behaviors
Smartphone users have their own unique behavioral patterns when tapping on the touch screens. These personal patterns are reflected on the different rhythm, strength, and angle preferences of theExpand
  • 215
  • 16
An efficient user verification system via mouse movements
Biometric authentication verifies a user based on its inherent, unique characteristics --- who you are. In addition to physiological biometrics, behavioral biometrics has proven very useful inExpand
  • 200
  • 16
Change-point monitoring for the detection of DoS attacks
This paper presents a simple and robust mechanism, called change-point monitoring (CPM), to detect denial of service (DoS) attacks. The core of CPM is based on the inherent network protocol behaviorExpand
  • 256
  • 15
An Entropy-Based Approach to Detecting Covert Timing Channels
The detection of covert timing channels is of increasing interest in light of recent exploits of covert timing channels over the Internet. However, due to the high variation in legitimate networkExpand
  • 97
  • 13