Adam Doupé

Associate Professor, Arizona State University
Director, Center for Cybersecurity and Trusted Foundations

Publications

Journals

Challenges in cybersecurity: Lessons from biological defense systems
Edward Schrom, Ann Kinzig, Stephanie Forrest, Andrea L. Graham, Simon A. Levin, Carl T. Bergstrom, Carlos Castillo-Chavez, James P. Collins, Rob J. de Boer, Adam Doupé, Roya Ensafi, Stuart Feldman, Bryan T. Grenfell, J. Alex Halderman, Silvie Huijben, Carlo Maley, Melanie Moses, Alan S. Perelson, Charles Perrings, Joshua Plotkin, Jennifer Rexford, and Mohit Tiwari
Mathematical Biosciences, June, 2023.

Toward Standardization of Authenticated Caller ID Transmission (pdf) (bibtex)
Huahong Tu, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn
IEEE Communications Standards Magazine, 1(3), pp. 30-30, October, 2017.

E-mail Header Injection Vulnerabilities (pdf) (bibtex)
Sai Prashanth Chandramouli, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn
it - Information Technology, 59(2), pp. 67-72, March, 2017.

Conferences

Browser Polygraph: Efficient Deployment of Coarse-Grained Browser Fingerprints for Web-Scale Detection of Fraud Browsers (pdf) (bibtex)
Faezeh Kalantari, Mehrnoosh Zaeifi, Yeganeh Safaei, Marzieh Bitaab, Adam Oest, Gianluca Stringhini, Yan Shoshitaishvili, and Adam Doupé
Proceedings of the ACM Internet Measurement Conference (IMC), November, 2024.

Fuzz to the Future: Uncovering Occluded Future Vulnerabilities via Robust Fuzzing (pdf) (bibtex)
Arvind S Raj, Wil Gibbs, Fangzhou Dong, Jayakrishna Vadayath, Michael Tompkins, Steven Wirsz, Yibo Liu, Zhenghao Hu, Chang Zhu, Gokulkrishna Praveen Menon, Brendan Dolan-Gavitt, Adam Doupé, Ruoyu Wang, Yan Shoshitaishvili, and Tiffany Bao
Proceedings of the ACM Conference on Computer and Communications Security (CCS), October, 2024.

From Victims to Defenders: An Exploration of the Phishing Attack Reporting Ecosystem (pdf) (bibtex)
Zhibo Sun, Faris Bugra Kokulu, Penghui Zhang, Adam Oest, Gianluca Stringhini, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn
Proceedings of the International Symposium on Research in Attacks, Intrusions and Defenses (RAID), September, 2024.

Ahoy SAILR! There is No Need to DREAM of C: A Compiler-Aware Structuring Algorithm for Binary Decompilation (pdf) (bibtex)
Zion Leonahenahe Basque, Ati Priya Bajaj, Wil Gibbs, Jude O'Kain, Derron Miao, Tiffany Bao, Adam Doupé, Yan Shoshitaishvili, and Ruoyu Wang
Proceedings of the USENIX Security Symposium (USENIX), August, 2024.

"I feel physically safe but not politically safe": Understanding the Digital Threats and Safety Practices of OnlyFans Creators (pdf) (bibtex)
Ananta Soneji, Vaughn Hamilton, Adam Doupé, Allison McDonald, and Elissa M. Redmiles
Proceedings of the USENIX Security Symposium (USENIX), August, 2024.

Operation Mango: Scalable Discovery of Taint-Style Vulnerabilities in Binary Firmware Services (pdf) (bibtex)
Wil Gibbs, Arvind S Raj, Jayakrishna Vadayath, Hui Jun Tay, Justin Miller, Akshay Ajayan, Zion Leonahenahe Basque, Audrey Dutcher, Fangzhou Dong, Xavier J. Maso, Giovanni Vigna, Christopher Kruegel, Adam Doupé, Yan Shoshitaishvili, and Ruoyu Wang
Proceedings of the USENIX Security Symposium (USENIX), August, 2024.

Spider-Scents: Grey-box Database-aware Web Scanning for Stored XSS (pdf) (bibtex) (code)
Eric Olsson, Benjamin Eriksson, Adam Doupé, and Andrei Sabelfeld
Proceedings of the USENIX Security Symposium (USENIX), August, 2024.

Take a Step Further: Understanding Page Spray in Linux Kernel Exploitation (pdf) (bibtex)
Ziyi Guo, Dang K Le, Zhenpeng Lin, Kyle Zeng, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili, Adam Doupé, and Xinyu Xing
Proceedings of the USENIX Security Symposium (USENIX), August, 2024.

TYGR: Type Inference on Stripped Binaries using Graph Neural Networks (pdf) (bibtex) (code)
Chang Zhu, Ziyang Li, Anton Xue, Ati Priya Bajaj, Wil Gibbs, Yibo Liu, Rajeev Alur, Tiffany Bao, Hanjun Dai, Adam Doupé, Mayur Naik, Yan Shoshitaishvili, Ruoyu Wang, and Aravind Machiry
Proceedings of the USENIX Security Symposium (USENIX), August, 2024.

Nothing Personal: Understanding the Spread and Use of Personally Identifiable Information in the Financial Ecosystem (pdf) (bibtex)
Mehrnoosh Zaeifi, Faezeh Kalantari, Adam Oest, Zhibo Sun, Gail-Joon Ahn, Yan Shoshitaishvili, Tiffany Bao, Ruoyu Wang, and Adam Doupé
Proceedings of the ACM on Conference on Data and Application Security and Privacy (CODASPY), June, 2024.

"Len or index or count, anything but v1": Predicting Variable Names in Decompilation Output with Transfer Learning (pdf) (bibtex)
Kuntal Kumar Pal, Ati Priya Bajaj, Pratyay Banerjee, Audrey Dutcher, Mutsumi Nakamura, Zion Leonahenahe Basque, Himanshu Gupta, Saurabh Arjun Sawant, Ujjwala Anantheswaran, Yan Shoshitaishvili, Adam Doupé, Chitta Baral, and Ruoyu Wang
Proceedings of the IEEE Symposium on Security and Privacy, May, 2024.

"Watching over the shoulder of a professional": Why Hackers Make Mistakes and How They Fix Them (pdf) (bibtex)
Irina Ford, Ananta Soneji, Faris Bugra Kokulu, Jayakrishna Vadayath, Zion Leonahenahe Basque, Gaurav Vipat, Adam Doupé, Ruoyu Wang, Gail-Joon Ahn, Tiffany Bao, and Yan Shoshitaishvili
Proceedings of the IEEE Symposium on Security and Privacy, May, 2024.

RetSpill: Igniting User-Controlled Data to Burn Away Linux Kernel Protections (pdf) (bibtex)
Kyle Zeng, Zhenpeng Lin, Kangjie Lu, Xinyu Xing, Ruoyu Wang, Adam Doupé, Yan Shoshitaishvili, and Tiffany Bao
Proceedings of the ACM Conference on Computer and Communications Security (CCS), November, 2023.

Targeted Privacy Attacks by Fingerprinting Mobile Apps in LTE Radio Layer (pdf) (bibtex)
Jaejong Baek, Pradeep Kumar Duraisamy Soundrapandian, Sukwha Kyung, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn
Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), June, 2023.

Greenhouse: Single-Service Rehosting of Linux-Based Firmware Binaries in User-Space Emulation (pdf) (bibtex)
Hui Jun Tay, Kyle Zeng, Jayakrishna Vadayath, Arvind S Raj, Audrey Dutcher, Tejesh Reddy, Wil Gibbs, Zion Leonahenahe Basque, Fangzhou Dong, Zack Smith, Adam Doupé, Tiffany Bao, Yan Shoshitaishvili, and Ruoyu Wang
Proceedings of the USENIX Security Symposium (USENIX), August, 2023.

Beyond Phish: Toward Detecting Fraudulent e-Commerce Websites at Scale (pdf) (bibtex) (thread)
Marzieh Bitaab, Haehyun Cho, Adam Oest, Zhuoer Lyu, Wei Wang, Jorij Abraham, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili, and Adam Doupé
Proceedings of the IEEE Symposium on Security and Privacy, May, 2023.

Toss a Fault to Your Witcher: Applying Grey-box Coverage-Guided Mutational Fuzzing to Detect SQL and Command Injection Vulnerabilities (pdf) (bibtex) (thread)
Erik Trickel, Fabio Pagani, Chang Zhu, Lukas Dresel, Giovanni Vigna, Christopher Kruegel, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili, and Adam Doupé
Proceedings of the IEEE Symposium on Security and Privacy, May, 2023.

I'm Spartacus, No, I'm Spartacus: Proactively Protecting Users from Phishing by Intentionally Triggering Cloaking Behavior (pdf) (bibtex)
Penghui Zhang, Zhibo Sun, Sukwha Kyung, Hans Walter Behrens, Zion Leonahenahe Basque, Haehyun Cho, Adam Oest, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili, Gail-Joon Ahn, and Adam Doupé
Proceedings of the ACM Conference on Computer and Communications Security (CCS), November, 2022.

Mitigating Threats Emerging from the Interaction between SDN Apps and SDN (Configuration) Datastore (pdf) (bibtex)
Sana Habib, Tiffany Bao, Yan Shoshitaishvili, and Adam Doupé
Proceedings of the ACM Cloud Computing Security Workshop (CCSW), November, 2022.

Context-Auditor: Context-sensitive Content Injection Mitigation (pdf) (bibtex) (code)
Faezeh Kalantari, Mehrnoosh Zaeifi, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, and Adam Doupé
Proceedings of the International Symposium on Research in Attacks, Intrusions and Defenses (RAID), October, 2022.

Using Deception in Markov Game to Understand Adversarial Behaviors through a Capture-The-Flag Environment (pdf) (bibtex)
Siddhant Bhambri*, Purv Chauhan*, Frederico Araujo, Adam Doupé, and Subbarao Kambhampati
*Co-first authors
Proceedings of the Conference on Decision and Game Theory for Security (GameSec), October, 2022.

Unleash the Simulacrum: Shifting Browser Realities for Robust Extension-Fingerprinting Prevention (pdf) (bibtex) (code)
Soroush Karami*, Faezeh Kalantari*, Mehrnoosh Zaeifi, Xavier J. Maso, Erik Trickel, Panagiotis Ilia, Yan Shoshitaishvili, Adam Doupé, and Jason Polakis
*Co-first authors
Proceedings of the USENIX Security Symposium (USENIX), August, 2022.

Arbiter: Bridging the Static and Dynamic Divide in Vulnerability Discovery on Binary Programs (pdf) (bibtex) (code)
Jayakrishna Vadayath, Moritz Eckert, Kyle Zeng, Nicolaas Weideman, Gokulkrishna Praveen Menon, Yanick Fratantonio, Davide Balzarotti, Adam Doupé, Tiffany Bao, Ruoyu Wang, Christophe Hauser, and Yan Shoshitaishvili
Proceedings of the USENIX Security Symposium (USENIX), August, 2022.

Playing for K(H)eaps: Understanding and Improving Linux Kernel Exploit Reliability (pdf) (bibtex) (code)
Kyle Zeng*, Yueqi Chen*, Haehyun Cho, Xinyu Xing, Adam Doupé, Yan Shoshitaishvili, and Tiffany Bao
*Co-first authors
Proceedings of the USENIX Security Symposium (USENIX), August, 2022.

Improving Source-Code Representations to Enhance Search-based Software Repair (pdf) (bibtex)
Pemma Reiter*, Antonio M. Espinoza*, Adam Doupé, Ruoyu Wang, Westley Weimer, and Stephanie Forrest
*Co-first authors
Proceedings of the Genetic and Evolutionary Computation Conference (GECCO), July, 2022.

"Flawed, but like democracy we don't have a better system": The Experts' Insights on the Peer Review Process of Evaluating Security Papers (pdf) (bibtex) (thread)
Ananta Soneji, Faris Bugra Kokulu, Carlos E. Rubio-Medrano, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, and Adam Doupé
Proceedings of the IEEE Symposium on Security and Privacy, May, 2022.

Above and Beyond: Organizational Efforts to Complement U.S. Digital Security Compliance Mandates (pdf) (bibtex)
Rock Stevens*, Faris Bugra Kokulu*, Adam Doupé, and Michelle Mazurek
*Co-first authors
Proceedings of the Symposium on Network and Distributed System Security (NDSS), February, 2022.

ViK: Practical Mitigation of Temporal Memory Safety Violations through Object ID Inspection (pdf) (bibtex)
Haehyun Cho, Jinbum Park, Adam Oest, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn
Proceedings of the ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), February, 2022.

Having Your Cake and Eating It: An Analysis of Concession-Abuse-as-a-Service (pdf) (bibtex)
Zhibo Sun, Adam Oest, Penghui Zhang, Carlos E. Rubio-Medrano, Tiffany Bao, Ruoyu Wang, Ziming Zhao, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn
Proceedings of the USENIX Security Symposium (USENIX), August, 2021.

Security Analysis on Practices of Certificate Authorities in the HTTPS Phishing Ecosystem (pdf) (bibtex)
Doowon Kim, Haehyun Cho, Yonghwi Kwon, Adam Doupé, Sooel Son, Gail-Joon Ahn, and Tudor Dumitras
Proceedings of the ACM Symposium on Information, Computer and Communications Security (AsiaCCS), June, 2021.

CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing (pdf) (bibtex) (thread)
Best Student Paper Award
Penghui Zhang, Adam Oest, Haehyun Cho, Zhibo Sun, RC Johnson, Brad Wardman, Shaown Sarker, Alexandros Kapravelos, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn
Proceedings of the IEEE Symposium on Security and Privacy, May, 2021.

Everything You Ever Wanted to Know About Bitcoin Mixers (But Were Afraid to Ask) (pdf) (bibtex) (video)
Jaswant Pakki, Yan Shoshitaishvili, Ruoyu Wang, Tiffany Bao, and Adam Doupé
Proceedings of the Financial Cryptography and Data Security Conference, March, 2021.

Favocado: Fuzzing the Binding Code of JavaScript Engines Using Semantically Correct Test Cases (pdf) (bibtex)
Sung Ta Dinh, Haehyun Cho, Kyle Martin, Adam Oest, Kyle Zeng, Alexandros Kapravelos, Gail-Joon Ahn, Tiffany Bao, Ruoyu Wang, Adam Doupé, and Yan Shoshitaishvili
Proceedings of the Symposium on Network and Distributed System Security (NDSS), February, 2021.

Software Deception Steering through Version Emulation (pdf) (bibtex) (code)
Frederico Araujo, Sailik Sengupta, Jiyong Jang, Adam Doupé, Kevin W. Hamlen, and Subbarao Kambhampati
Proccedings of the Hawaii International Conference on System Sciences, January, 2021.

MuTent: Dynamic Android Intent Protection with Ownership-Based Key Distribution and Security Contracts
Pradeep Kumar Duraisamy Soundrapandian, Tiffany Bao, Jaejong Baek, Yan Shoshitaishvili, Adam Doupé, Ruoyu Wang, and Gail-Joon Ahn
Proccedings of the Hawaii International Conference on System Sciences, January, 2021.

Scam Pandemic: How Attackers Exploit Public Fear through Phishing (pdf) (bibtex)
Marzieh Bitaab, Haehyun Cho, Adam Oest, Penghui Zhang, Zhibo Sun, Rana Pourmohamad, Doowon Kim, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn
Proceedings of the Symposium on Electronic Crime Research (eCrime), November, 2020.

HoneyPLC: A Next-Generation Honeypot for Industrial Control Systems (pdf) (bibtex) (code) (thread)
Efrén López Morales, Carlos E. Rubio-Medrano, Adam Doupé, Yan Shoshitaishvili, Ruoyu Wang, Tiffany Bao, and Gail-Joon Ahn
Proceedings of the ACM Conference on Computer and Communications Security (CCS), November, 2020.

Sunrise to Sunset: Analyzing the End-to-end Life Cycle and Effectiveness of Phishing Attacks at Scale (pdf) (bibtex) (thread)
Media coverage: ZDNet article, RedesZone article, The Register article, ASU Now article
Distinguished Paper Award
Second Place Facebook's Internet Defense Prize
Adam Oest, Penghui Zhang, Brad Wardman, Eric Nunes, Jakub Burgis, Ali Zand, Kurt Thomas, Adam Doupé, and Gail-Joon Ahn
Proceedings of the USENIX Security Symposium (USENIX), August, 2020.

PhishTime: Continuous Longitudinal Measurement of the Effectiveness of Anti-phishing Blacklists (pdf) (bibtex) (thread)
Adam Oest, Yeganeh Safaei, Penghui Zhang, Brad Wardman, Kevin Tyers, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn
Proceedings of the USENIX Security Symposium (USENIX), August, 2020.

Exploiting Uses of Uninitialized Stack Variables in Linux Kernels to Leak Kernel Pointers (pdf) (bibtex) (code) (thread)
Haehyun Cho, Jinbum Park, Joonwon Kang, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn
Proceedings of the USENIX Workshop on Offensive Technologies (WOOT), August, 2020.

You shall not pass: Mitigating SQL Injection Attacks on Legacy Web Applications (pdf) (bibtex)
Rasoul Jahanshahi, Adam Doupé, and Manuel Egele
Proceedings of the ACM Symposium on Information, Computer and Communications Security (AsiaCCS), June, 2020.

Exploring Abstraction Functions in Fuzzing (pdf) (bibtex)
Christopher Salls, Aravind Machiry, Adam Doupé, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna
Proceedings of the IEEE Conference on Communications and Network Security (CNS), June, 2020.

SmokeBomb: Effective Mitigation Against Cache Side-channel Attacks on the ARM Architecture (pdf) (bibtex) (code) (thread)
Haehyun Cho, Jinbum Park, Donguk Kim, Ziming Zhao, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn
Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys), June, 2020.

Matched and Mismatched SOCs: A Qualitative Study on Security Operations Center Issues (pdf) (bibtex)
Faris Bugra Kokulu, Ananta Soneji, Tiffany Bao, Yan Shoshitaishvili, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn
Proceedings of the ACM Conference on Computer and Communications Security (CCS), November, 2019.

Users Really Do Answer Telephone Scams (pdf) (bibtex)
Distinguished Paper Award
Huahong Tu, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn
Proceedings of the USENIX Security Symposium (USENIX), August, 2019.

Everyone is Different: Client-side Diversification for Defending Against Extension Fingerprinting (pdf) (bibtex)
Erik Trickel, Oleksii Starov, Alexandros Kapravelos, Nick Nikfiorakis, and Adam Doupé
Proceedings of the USENIX Security Symposium (USENIX), August, 2019.

PhishFarm: A Scalable Framework for Measuring the Effectiveness of Evasion Techniques Against Browser Phishing Blacklists (pdf) (bibtex)
Adam Oest, Yeganeh Safaei, Adam Doupé, Gail-Joon Ahn, Brad Wardman, and Kevin Tyers
Proceedings of the IEEE Symposium on Security and Privacy, May, 2019.

iCORE: Continuous and Proactive Extrospection on Multi-core IoT Devices (pdf) (bibtex)
Penghui Zhang, Haehyun Cho, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn
Proceedings of the ACM Symposium on Applied Computing (SAC), April, 2019.

Understanding and Detecting Private Interactions in Underground Forums (pdf) (bibtex)
Zhibo Sun, Carlos E. Rubio-Medrano, Ziming Zhao, Tiffany Bao, Adam Doupé, and Gail-Joon Ahn
Proceedings of the ACM on Conference on Data and Application Security and Privacy (CODASPY), March, 2019.

Prime+Count: Novel Cross-world Covert Channels on ARM TrustZone (pdf) (bibtex) (code)
Haehyun Cho, Penghui Zhang, Donguk Kim, Jinbum Park, Choong-Hoon Lee, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn
Proceedings of the Annual Computer Security Applications Conference (ACSAC), December, 2018.

Wi Not Calling: Practical Privacy and Availability Attacks in Wi-Fi Calling (pdf) (bibtex) (code)
Jaejong Baek, Sukwha Kyung, Haehyun Cho, Ziming Zhao, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn
Proceedings of the Annual Computer Security Applications Conference (ACSAC), December, 2018.

AIM-SDN: Attacking Information Mismanagement in SDN-datastores (pdf) (bibtex)
Vaibhav Dixit, Adam Doupé, Yan Shoshitaishvili, Ziming Zhao, and Gail-Joon Ahn
Proceedings of the ACM Conference on Computer and Communications Security (CCS), October, 2018.

Inside a Phisher's Mind: Understanding the Anti-phishing Ecosystem Through Phishing Kit Analysis (pdf) (bibtex)
Adam Oest, Yeganeh Safaei, Adam Doupé, Gail-Joon Ahn, Brad Wardman, and Gary Warner
Proceedings of the Symposium on Electronic Crime Research (eCrime), May, 2018.

Measuring E-Mail Header Injections on the World Wide Web (pdf) (bibtex) (code)
Sai Prashanth Chandramouli, Pierre-Marie Bajan, Christopher Kruegel, Giovanni Vigna, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn
Proceedings of the ACM Symposium on Applied Computing (SAC), April, 2018.

HoneyProxy: Design and Implementation of Next-Generation Honeynet via SDN (pdf) (bibtex)
Sukwha Kyung, Wonkyu Han, Mohit Tiwari, Vaibhav Dixit, Lakshmi Srinivas, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn
Proceedings of the IEEE Conference on Communications and Network Security (CNS), October, 2017.

A Game Theoretic Approach of Strategy Generation for Moving Target Defense in Web Applications (pdf) (bibtex)
Sailik Sengupta, Satya Gautam Vadlamudi, Subbarao Kambhampati, Adam Doupé, Ziming Zhao, Marthony Taguinod, and Gail-Joon Ahn
Proceedings of the International Conference on Autonomous Agents and Multiagent Systems (AAMAS), May, 2017.

Deep Android Malware Detection (pdf) (bibtex)
Niall McLaughlin, Jesus Martinez del Rincon, BooJoong Kang, Suleiman Yerima, Paul Miller, Sakir Sezer, Yeganeh Safaei, Erik Trickel, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn
Proceedings of the ACM on Conference on Data and Application Security and Privacy (CODASPY), March, 2017.

Toward Authenticated Caller ID Transmission: The Need for a Standardized Authentication Scheme in Q.731.3 Calling Line Identification Presentation (pdf) (bibtex)
Media coverage: Ars Technica article, WNCN Interview, 3TV/CBS 5 Interview
Best Paper Award
Huahong Tu, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn
Proceedings of the ITU Kaleidoscope (ITU), November, 2016.

Towards Automated Threat Intelligence Fusion (pdf) (bibtex)
Ajay Modi, Zhibo Sun, Anupam Panwar, Tejas Khairnar, Ziming Zhao, Adam Doupé, Gail-Joon Ahn, and Paul Black
Proceedings of the IEEE International Conference on Collaboration and Internet Computing (CIC), November, 2016.

dbling: Identifying Extensions Installed on Encrypted Web Thin Clients (pdf) (bibtex) (code)
Mike Mabey, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn
Proceedings of the Digital Forensics Research Conference (DFRWS), August, 2016.

State-aware Network Access Management for Software-Defined Networks (pdf) (bibtex)
Wonkyu Han, Hongxin Hu, Ziming Zhao, Adam Doupé, Gail-Joon Ahn, Kuang-Ching Wang, and Juan Deng
Proceedings of the ACM Symposium on Access Control Models And Technologies (SACMAT), June, 2016.

Behind Closed Doors: Measurement and Analysis of CryptoLocker Ransoms in Bitcoin (pdf) (bibtex)
Kevin Liao, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn
Proceedings of the Symposium on Electronic Crime Research (eCrime), June, 2016.

SoK: Everyone Hates Robocalls: A Survey of Techniques against Telephone Spam (pdf) (bibtex) (slides) (video)
Media coverage: The Orange County Register, Ars Technica
Huahong Tu, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn
Proceedings of the IEEE Symposium on Security and Privacy, May, 2016.

Checking Intent-based Communication in Android with Intent Space Analysis (pdf) (bibtex)
Yiming Jing, Gail-Joon Ahn, Adam Doupé, and Jeong Hyun Yi
Proceedings of the ACM Symposium on Information, Computer and Communications Security (AsiaCCS), May, 2016.

Moving Target Defense for Web Applications using Bayesian Stackelberg Games (Extended Abstract) (pdf) (bibtex) (code)
Satya Gautam Vadlamudi, Sailik Sengupta, Marthony Taguinod, Ziming Zhao, Adam Doupé, Gail-Joon Ahn, and Subbarao Kambhampati
Proceedings of the International Conference on Autonomous Agents and Multiagent Systems (AAMAS), May, 2016.

Going Native: Using a Large-Scale Analysis of Android Apps to Create a Practical Native-Code Sandboxing Policy (pdf) (bibtex)
Vitor Afonso, Antonio Bianchi, Yanick Fratantonio, Adam Doupé, Mario Polino, Paulo de Geus, Christopher Kruegel, and Giovanni Vigna
Proceedings of the Symposium on Network and Distributed System Security (NDSS), February, 2016.

Toward a Moving Target Defense for Web Applications (pdf) (bibtex)
Marthony Taguinod, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn
Proceedings of the IEEE International Conference on Information Reuse and Integration (IRI), August, 2015.

Federated Access Management for Collaborative Network Environments: Framework and Case Study (pdf) (bibtex)
Carlos E. Rubio-Medrano, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn
Proceedings of the ACM Symposium on Access Control Models And Technologies (SACMAT), June, 2015.

Do You Feel Lucky? A Large-Scale Analysis of Risk-Rewards Trade-Offs in Cyber Security (pdf) (bibtex)
Yan Shoshitaishvili, Luca Invernizzi, Adam Doupé, and Giovanni Vigna
Proceedings of the ACM Symposium on Applied Computing (SAC), March, 2014.

deDacota: Toward Preventing Server-Side XSS via Automatic Code and Data Separation (pdf) (bibtex) (slides)
Adam Doupé, Weidong Cui, Mariusz H. Jakubowski, Marcus Peinado, Christopher Kruegel, and Giovanni Vigna
Proceedings of the ACM Conference on Computer and Communications Security (CCS), November, 2013.

Writing Groups in Computer Science Research Labs (pdf) (bibtex) (slides)
Adam Doupé and Janet L. Kayfetz
Proceedings of the Frontiers in Education Conference (FIE), October, 2013.

EARs in the Wild: Large-Scale Analysis of Execution After Redirect Vulnerabilities (pdf) (bibtex)
Pierre Payet, Adam Doupé, Christopher Kruegel, and Giovanni Vigna
Proceedings of the ACM Symposium on Applied Computing (SAC), March, 2013.

Enemy of the State: A State-Aware Black-Box Web Vulnerability Scanner (pdf) (bibtex) (slides) (video) (code)
Outstanding Publication Award in Computer Science, UC Santa Barbara
Adam Doupé, Ludovico Cavedon, Christopher Kruegel, and Giovanni Vigna
Proceedings of the USENIX Security Symposium (USENIX), August, 2012.

Hit 'em Where it Hurts: A Live Security Exercise on Cyber Situational Awareness (pdf) (bibtex) (slides) (data)
Adam Doupé, Manuel Egele, Benjamin Caillat, Gianluca Stringhini, Gorkem Yakin, Ali Zand, Ludovico Cavedon, and Giovanni Vigna
Proceedings of the Annual Computer Security Applications Conference (ACSAC), December, 2011.

Fear the EAR: Discovering and Mitigating Execution After Redirect Vulnerabilities (pdf) (bibtex) (slides) (code)
Adam Doupé, Bryce Boe, Christopher Kruegel, and Giovanni Vigna
Proceedings of the ACM Conference on Computer and Communications Security (CCS), October, 2011.

Why Johnny Can't Pentest: An Analysis of Black-box Web Vulnerability Scanners (pdf) (bibtex) (slides) (code)
Adam Doupé, Marco Cova, and Giovanni Vigna
Proceedings of the Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), July, 2010.

Workshops

CacheLight: Defeating the CacheKit Attack (pdf) (bibtex)
Mauricio Gutierrez, Ziming Zhao, Adam Doupé, Yan Shoshitaishvili, and Gail-Joon Ahn
Proceedings of the Workshop on Attacks and Solutions in Hardware Security (ASHES), October, 2018.

Challenges and Preparedness of SDN-based Firewalls (pdf) (bibtex)
Vaibhav Dixit, Sukwha Kyung, Ziming Zhao, Adam Doupé, Yan Shoshitaishvili, and Gail-Joon Ahn
Proceedings of the ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization (SDN-NFV Sec), March, 2018.

Mutated Policies: Towards Proactive Attribute-based Defenses for Access Control (pdf) (bibtex)
Carlos E. Rubio-Medrano, Josephine Lamp, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn
Proceedings of the Workshop on Moving Target Defense (MTD), October, 2017.

Shell We Play A Game? CTF-as-a-service for Security Education (pdf) (bibtex)
Erik Trickel, Francesco Disperati, Eric Gustafson, Faezeh Kalantari, Mike Mabey, Mohit Tiwari, Yeganeh Safaei, Adam Doupé, and Giovanni Vigna
Proceedings of the USENIX Workshop on Advances in Security Education (ASE), August, 2017.

Target Fragmentation in Android Apps (pdf) (bibtex)
Patrick Mutchler, Yeganeh Safaei, Adam Doupé, and John Mitchell
Proceedings of the Mobile Security Technologies Workshop (MoST), May, 2016.

Position Paper: Towards a Moving Target Defense Approach for Attribute-based Access Control (pdf) (bibtex)
Carlos E. Rubio-Medrano, Josephine Lamp, Marthony Taguinod, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn
Proceedings of the ACM Workshop on Attribute Based Access Control (ABAC), March, 2016.

HoneyMix: Toward SDN-based Intelligent Honeynet (pdf) (bibtex)
Wonkyu Han, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn
Proceedings of the ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization (SDN-NFV Sec), March, 2016.

A Large-Scale Study of Mobile Web App Security (pdf) (bibtex)
Best Paper Award
Patrick Mutchler, Adam Doupé, John Mitchell, Christopher Kruegel, and Giovanni Vigna
Proceedings of the Mobile Security Technologies Workshop (MoST), May, 2015.

Ten Years of iCTF: The Good, The Bad, and The Ugly (pdf) (bibtex) (code)
Giovanni Vigna, Kevin Borgolte, Jacopo Corbetta, Adam Doupé, Yanick Fratantonio, Luca Invernizzi, Dhilung Kirat, and Yan Shoshitaishvili
Proceedings of the USENIX Summit on Gaming, Games and Gamification in Security Education (3GSE), August, 2014.

Dissertation

Advanced Automated Web Application Vulnerability Analysis (pdf) (bibtex) (code)
Adam Doupé
University of California, Santa Barbara, September, 2014.