Publications

Copyright notice: The copyright of the papers available online had already been transferred to the corresponding organizations or presses. We make the paper available exclusively for the academic research community.

(new) E. Ear, J. Remy, A. Feffer, and S. Xu. Characterizing Cyber Attacks against Space Systems with Missing Data: Framework and Case Study. Accepted to 2023 IEEE Conference on Communications and Network Security (IEEE CNS’2023).
(new) J. Peng, H. Zhao, J. Mao, and S. Xu. How do repeated data breaches affect firm policies? Accepted to Applied Economics Letters.
(new) Z. Li, R. Zhang, D. Zou, N. Wang, Y. Li, S. Xu, C. Chen, H. Jin. Robin: A Novel Method to Produce Robust Interpreters for Deep Learning-Based Code Classifiers. The 38th IEEE/ACM International Conference on Automated Software Engineering (ASE’2023).
(new) K. Paarporn and S. Xu. Analysis of Contagion Dynamics with Active Cyber Defenders. The 62nd IEEE Conference on Decision and Control (CDC’2023)
(new) Z. Sun, M. Xu, K. Schweitzer, R. Bateman, A. Kott, and S. Xu. Cyber Attacks against Enterprise Networks: Characterization, Modelling and Forecasting. The 5th International Conference on Science of Cyber Security (SciSec’2023).
(new) M. Zaman, L. Tao, M. Maldonado, C. Liu, A. Sunny, S. Xu and L. Chen. Optimally Blending Honeypots into Production Networks: Hardness and Algorithms. The 5th International Conference on Science of Cyber Security (SciSec’2023).
(new) R. Rodriguez, T. Longtchi, K. Gwartney, E. Ear, D. Azari, C. Kelly and S. Xu. Quantifying Psychological Sophistication of Malicious Emails. The 5th International Conference on Science of Cyber Security (SciSec’2023).
(new) Qi Xia, Qian Chen, and Shouhuai Xu. Near-Ultrasound Inaudible Trojan (NUIT): Exploit your speaker to Attack your Voice-Controllable Devices. Usenix Security’2023.
(new) L. Tao, L. Chen, L. Xu, S. Xu, Z. Gao, and W. Shi. Electoral manipulation via influence: probabilistic model. Auton. Agents Multi Agent Syst. 37(1): 18(2023)
(new) D. Li, S. Cui, Y. Li, J. Xu, F. Xiao, and S. Xu. PAD: Towards Principled Adversarial Malware Detection Against Evasion Attacks. IEEE Transactions on Dependable and Secure Computing, accepted.
(new) E. Ear, J. Remy, and S. Xu. Towards Automated Cyber Range Design: Characterizing and Matching Demands to Supplies. IEEE International Conference on Cyber Security and Resilience (CSR’2023).
(new) Jin Peng, Haofei Zhang, Juan Mao, and Shouhuai Xu. Repeated data breaches and firm value. Economics Letters, 2023.
(new) Shouhuai Xu. AICA Development Challenges. Book Chapter in “Building an Artificial Intelligent Cyber-defense Agent”, to appear in 2023
Azizeh K. Sowan, Nancy Staggers, Charles C. Reed, Tommye Austin, Qian Chen, Shouhuai Xu, and Emme Lopez. State of Science in Alarm System Safety: Implications for Researchers, Vendors, and Clinical Leaders. Biomedical Instrumentation & Technology. (56)1 pp 19-28, 2022. https://doi.org/10.2345/0899-8205-56.1. AAMI Best Research Article Award.
Rosana Montanez Rodriguez, Adham Atyabi, and Shouhuai Xu. Social Engineering Attacks and Defenses in the Physical World vs. Cyberspace A Contrast Study. Book Chapter in “Cybersecurity and Cognitive Science”, 2022, pages 3-41.
Haoyu Chen, Deqing Zou, Hai Jin, Shouhuai Xu, and Bin Yuan. SAND: semi-automated adaptive network defense via programmable rule generation and deployment. Science China Information Sciences 65(7): 1-18 (2022)
Mir Mehedi Ahsan Pritom and Shouhuai Xu. Supporting Law-Enforcement to Cope with Blacklisted Websites: Framework and Case Study. Proc. of the 2022 IEEE Conference on Communications and Network Security (CNS’2022), pp 181-189.
Nathan Daughety, Marcus Pendleton, Rebeca Perez, Shouhuai Xu, and John Franco. Auditing a Software-Defined Cross Domain Solution Architecture. Proc. of the 2022 IEEE International Conference on Cyber Security and Resilience (CSR’2022), pp 96-103
Eric Ficke, Raymond M. Bateman, and Shouhuai Xu. Reducing Intrusion Alert Trees to Aid Visualization. Proc. of the 2022 International Conference on Network and System Security (NSS’2022): pp 140-154
Joshua H. Seaton, Sena Hounsinou, Timothy Wood, Shouhuai Xu, Philip N. Brown, and Gedare Bloom. Poster: Toward Zero-Trust Path-Aware Access Control. Proc. of SACMAT’2022: pp 267-269
Rosana Montanez Rodriguez and Shouhuai Xu. Cyber Social Engineering Kill Chain. Proc. of the 2022 International Conference on Science of Cyber Security (SciSec’2022): pp 487-504
Mir Pritom, Defending Against Malicious Websites: Themed Threats, Detection, and Law-Enforcement. PhD Dissertation. July 2022.
Eric Ficke, Reconstructing Alert Trees for Cyber Triage. PhD Dissertation. April 2022.
J. Shi, D. Zou, S. Xu, X. Deng, and H. Jin. Does OpenBSD and Firefox’s Security Improve with Time?, accepted to IEEE Transactions on Dependable and Secure Computing (IEEE TDSC), to appear
S. He, E. Ficke, M. Pritom, H. Chen, Q. Tang, Q. Chen, M. Pendleton, L. Njilla, and S. Xu. Blockchain-Based Automated and Robust Cyber Security Management, accepted to Journal of Parallel and Distributed Computing (JPDC), to appear. Here is the version from publisher’s website.
Z. Li, Q. Chen, C. Chen, Y. Zou and S. Xu. RoPGen: Towards Robust Code Authorship Attribution via Automatic Coding Style Transformation. International Conference on Software Engineering (ICSE’2022).
Huashan Chen. A Framework for Quantifying Security Effectiveness of Cyber Defenses, PhD Dissertation. Oct. 2021.
Rosana Montanez Rodriguez, Adham Atyabi, and Shouhuai Xu. Social Engineering Attacks and Defenses in the Physical World vs. Cyberspace A Contrast Study. Invited Book Chapter to “Cybersecurity and Cognitive Science”, 2021.
Brandon Collins, Shouhuai Xu, and Philip Brown. Paying Firms to Share Cyber Threat Intelligence. GameSec’2021.
Nathan Daughety, Marcus Pendleton, Shouhuai Xu, Laurent Njilla, and John Franco. vCDS: A Virtualized Cross Domain Solution Architecture. Milcom’2021.
D. Li, Q. Li, Y. Ye, and S. Xu. Arms Race in Adversarial Malware Detection: A Survey. Accepted to ACM Computing Survey, 2021.
D. Li, T. Qiu, S. Chen, Q. Li, and S. Xu. Can We Leverage Predictive Uncertainty to Detect Dataset Shift and Adversarial Examples in Android Malware Detection? ACSAC’2021
H. Chen, H. Cam, and S. Xu. Quantifying Cybersecurity Effectiveness of Dynamic Network Diversity. accepted to IEEE Transactions on Dependable and Secure Computing, 2021.
L. Chen, A. Sunny, L. Xu, S. Xu, Z. Gao, Y. Lu, W. Shi, and N. Shah. Computational Complexity Characterization of Protecting Elections from Bribery. Accepted to Theoretical Computer Science, 2021
S. Xu. SARR: A Cybersecurity Metrics and Quantification Framework (Keynote Address). The 3rd International Conference on Science of Cyber Security (SciSec’2021).
W. Fan, S. Chang, X. Zhou and S. Xu. ConMan: A Connection Manipulation-based Attack Against Bitcoin Networking. IEEE 2021 Conference on Communications and Network Security (IEEE CNS), 2021.
J. Charlton, P. Du, and S. Xu. A New Method for Inferring Ground-Truth Labels and Malware Detector Effectiveness Metrics. The 3rd International Conference on Science of Cyber Security (SciSec’2021).
S. Xu, M. Yung, and J. Wang. Seeking Foundations for the Science of Cyber Security. Information Systems Frontiers 23 (2), 263-267
L. Tao, L. Chen, L. Xu, S. Xu, Z. Gao, W. Shi and D. Huang. Hardness and Algorithms for Electoral Manipulation under Media Influence. The 15th Frontiers of Algorithmics Workshop, 2021.
V. Trieu-Do, R. Garcia-Lebron, M. Xu, S. Xu, and Y. Feng. Characterizing and Leveraging Granger Causality in Cybersecurity: Framework and Case Study. EAI Endorsed Transactions on Security and Safety 7 (25), e4
Z. Li, D. Zou, S. Xu, Z. Chen, Y. Zhu, and H. Jin. VulDeeLocator: A Deep Learning-based Fine-grained Vulnerability Detector. In IEEE Transactions on Dependable and Secure Computing (TDSC), 2021.
Q. Chen, P. Romanowich, J. Castillo, K. Roy, G. Chavez, and S. Xu. ExHPD: Exploiting Human, Physical and Driving Behaviors to Detect Vehicle Cyber Attacks. IEEE Internet of Things Journal, 2021
Y. Han, W. Lu, and S. Xu. Preventive and Reactive Cyber Defense Dynamics with Ergodic Time-dependent Parameters Is Globally Attractive. IEEE Transactions on Network Science and Engineering (TNSE), 2021.
Z. Fang, M. Xu, S. Xu, and T. Hu. A Framework for Predicting Data Breach Risk: Leveraging Dependence to Cope with Sparsity. IEEE Transactions on Information Forensics & Security (T-IFS), accepted for publication, 2021.
Z. Li, D. Zou, S. Xu, H. Jin, Y. Zhu, Z. Chen, S. Wang, and J. Wang. SySeVR: A Framework for Using Deep Learning to Detect Software Vulnerabilities. IEEE Transactions on Dependable and Secure Computing (TDSC), accepted for publication, 2021.

D. Li, Q. Li, Y. Ye, and S. Xu. Enhancing Deep Neural Networks Against Adversarial Malware Examples. IEEE Transactions on Network Science and Engineering (TNSE), accepted for publication, 2021.
D. Zou, Y. Zhu, S. Xu, Z. Li, H. Jin, and H. Ye. Interpreting Deep Learning-based Vulnerability Detector Predictions Based on Heuristic Searching. ACM Transactions on Software Engineering and Methodology (ACM TOSEM), accepted, 2020.
Z. Fang, P. Zhao, M. Xu, S. Xu, T. Hu, and X. Fang. Statistical Modeling of Computer Malware Propagation Dynamics in Cyberspace. Journal of Applied Statistics. Accepted, 2020.
Mir Mehedi Ahsan Pritom, Kristin Schweitzer, Raymond Bateman, Min Xu and Shouhuai Xu. Data-Driven Characterization and Detection of COVID-19 Themed Malicious Websites. IEEE ISI’2020.
Mir Mehedi Ahsan Pritom, Kristin Schweitzer, Raymond Bateman, Min Xu and Shouhuai Xu. Characterizing the Landscape of COVID-19 Themed Cyberattacks and Defenses. IEEE ISI’2020.
Eric Ficke and Shouhuai Xu. APIN: Automatic Attack Path Identification in Computer Networks. IEEE ISI’2020.
Z. Liu, R. Zheng, W. Lu, and S. Xu. Using Event-Triggered Control to Estimate Cybersecurity Equilibria. IEEE/CAA Journal of Automatica Sinica, accepted, 2020.
S. Xu. The Cybersecurity Dynamics Way of Thinking and Landscape (Invited Paper). ACM Workshop on Moving Target Defense (MTD’2020).
R. Rodriguez, E. Golob, and S. Xu. Human Cognition through the Lens of Social Engineering Cyberattacks. Frontiers in Psychology, to appear
Y. Zhang, Y. Fan, S. Hou, Y. Ye, X. Xiao, P. Li, C. Shi, L. Zhao, S. Xu. Cyber-guided Deep Neural Network for Malicious Repository Detection in GitHub. IEEE International Conference on Knowledge Graph (ICKG), 2020.
L. Chen, A. Sunny, L. Xu, S. Xu, Z. Gao, Y. Lu, W. Shi, and N. Shah. Computational complexity characterization of protecting elections from bribery. International Computing and Combinatorics Conference (COCOON), 85-97, 2020.
H. Chen, M. Pendleton, L. Njilla, and S. Xu. A Survey on Ethereum Systems Security: Vulnerabilities, Attacks, and Defenses. ACM Computing Surveys (CSUR) 53 (3), 1-43.
S. Xu, M. Saleh, and E. Ratazzi. Systems and methods for instructions-based detection of sophisticated obfuscation and packing. US Patent 10,594,705.
Paul Romanowich, Qian Chen, and Shouhuai Xu. Relationships between Driver Errors and Delay Discounting in a Simulated Driving Task. Perspectives on Behavior Science, 2020.
Lei Xu, Lin Chen, Zhimin Gao, Xinxin Fan, Kimberly Doan, Shouhuai Xu, and Weidong Shi. KCRS: A Blockchain-Based Key Compromise Resilient Signature System. BlockSys’2019. Won Best Paper Award at BlockSys’2019.
D. Zou, S. Wang, S. Xu, Z. Li, and H. Jin. muVulDeePecker: A Deep Learning-Based System for Multiclass Vulnerability Detection. IEEE Transactions on Dependable and Secure Computing (IEEE TDSC), 2019, to appear.
L. Chen, L. Xu, S. Xu, Z. Gao, and W. Shi. Election with Bribe-Effect Uncertainty: A Dichotomy Result. Proceedings of the 28th International Joint Conference on Artificial Intelligence (IJCAI’2019), acceptance rate: 850/4,752=17.9%
Y. Fan, Y. Zhang, S. Hou, L. Chen, Y. Ye, C. Shi, L. Zhao, and S. Xu. iDev: Enhancing Social Coding Security by Cross-platform User Identification Between GitHub and Stack Overflow. Proceedings of the 28th International Joint Conference on Artificial Intelligence (IJCAI’2019), acceptance rate: 850/4,752=17.9%
Z. Lin, W. Lu, and S. Xu. Unified Preventive and Reactive Cyber Defense Dynamics Is Still Globally Convergent. IEEE/ACM Transactions on Networking, 2019, to appear.
- Note: This paper unifies two widely-studied classes of cybersecurity dynamic models into a single framework and proves the resulting generalized dynamics is globally convergent.
J. Mireles, E. Ficke, J. Cho, P. Hurley, and S. Xu. Metrics Towards Measuring Cyber Agility. IEEE Transactions on Information Forensics & Security, 2019, to appear.
Eric Ficke, Kristin M. Schweitzery, Raymond M. Batemany, and Shouhuai Xu. Analyzing Root Causes of Intrusion Detection False-Negatives: Methodology and Case Study. IEEE Milcom 2019.
Gabriel C. Fernandez and Shouhuai Xu. A Case Study on Using Deep Learning for Network Intrusion Detection. IEEE Milcom 2019.
Lingwei Chen, Shifu Hou, Yanfang Ye, Thirimachos Bourlai, Shouhuai Xu and Liang Zhao. iTrustSO: An Intelligent System for Automatic Detection of Insecure Code Snippets in Stack Overflow. The Fourth International Workshop on Social Network Analysis Surveillance Technologies (SNAST 2019), In Proc. IEEE/ACM 2019 International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2019).
Richard Garcia Lebron, A Framework for Characterizing Cyber Attack Reconnaissance Behaviors, PhD Dissertation, July 2019.
G. Fernandez, Deep Learning Approaches for Network Intrusion Detection, MS Thesis, UTSA, May 2019.
X. Fang, M. Xu, S. Xu and P. Zhao. A deep learning framework for predicting cyber attacks rates, EURASIP Journal on Information Security, to appear
D. Li, Q. Li, Y. Ye, and S. Xu. Enhancing Robustness of Deep Neural Networks Against Adversarial Malware Samples: Principles, Framework, and AICS’2019 Challenge. AICS’2019. (Challenge Winner paper)
L. Chen, L. Xu, S. Xu, Z. Gao, and W. Shi. Election with Bribed Voter Uncertainty: Hardness and Approximation Algorithm. AAAI’2019, acceptance rate: 1,150/7,095=16.2%.
R. Garcia-Lebron, D. Myers, S. Xu, and J. Sun. Node Diversification in Complex Networks by Decentralized Coloring. Journal of Complex Networks, 2018 (preprint)
J. Cho, S. Xu, P. Hurley, M. Mackay, T. Benjamin, and M. Beaumont. STRAM: Measuring the Trustworthiness of Computer-based Systems. Appendix is here. ACM Computing Survey, accepted, 2018.
Y. Ye, S. Hou, L. Chen, X. Li, L. Zhao, S. Xu, J. Wang, Q. Xiong. ICSD: An Automatic System for Insecure Code Snippet Detection in Stack Overflow over Heterogeneous Information Network, ACSAC’2018.
L. Chen, S. Hou, Y. Ye, and S. Xu. DroidEye: Fortifying Security of Learning-based Classifier against Adversarial Android Malware Attacks. In Proc. IEEE/ACM 2018 International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2018).
Q. Chen, A. Sowan, and S. Xu. A Safety and Security Architecture for Reducing Accidents in Intelligent Transportation Systems, The 2018 International Conference on Computer Aided Design, Special Session on Security for Next-Generation Connected and Autonomous Vehicles, 2018.
E. Ficke, K. Schweitzer, R. Bateman, and S. Xu. Characterizing the Effectiveness of Network-based Intrusion Detection Systems, IEEE Milcom 2018, to appear.
R. Garcia-Lebron, K. Schweitzer, R. Bateman, and S. Xu. A Framework for Characterizing the Evolution of Cyber Attacker-Victim Relation Graphs, IEEE Milcom 2018.
J. Charlton, J. Cho, and S. Xu. Measuring Relative Accuracy of Malware Detectors in the Absence of Ground Truth, IEEE Milcom 2018.
Lei Xu, Jong-Hyuk Lee, Seung Hun Kim, Qingji Zheng, Shouhuai Xu, Taeweon Suh, Won Woo Ro, Weidong Shi. Architectural Protection of Application Privacy against Software and Physical Attacks in Untrusted Cloud Environment. IEEE Trans. Cloud Computing 6(2): 478-491 (2018).
Lei Xu, Lin Chen, Zhimin Gao, Shouhuai Xu, Weidong Shi. Efficient Public Blockchain Client for Lightweight Users. ICST Trans. Security Safety 4(13): e5 (2018)
M. Xu, K. Schweitzer, R. Bateman, and S. Xu. Modeling and Predicting Cyber Hacking Breaches. IEEE Trans. Information Forensics and Security, 13(11): 2856-2871 (2018).
P. Du, Z. Sun, H. Chen, J. Cho, and S. Xu. Statistical Estimation of Malware Detection Metrics in the Absence of Ground Truth. IEEE Trans. Information Forensics and Security, 13(12): 2965-2980 (2018).
W. Dai, P. Wan, W. Qiang, L. Yang, D. Zou, H. Jin, S. Xu, and Z. Huang. TNGuard: Securing IoT Oriented Tenant Networks Based on SDN. IEEE Internet of Things Journal 5(3): 1411-1423 (2018).
W. Dai, Y. Du, H. Jin, W. Qiang, D. Zou, S. Xu, and Z. Liu. RollSec: Automatically Secure Software States Against General Rollback. International Journal of Parallel Programming 46(4): 788-805 (2018)
L. Chen, L. Xu, S. Xu, Z. Gao, N. Shah, Y. Lu, and W. Shi. Protecting Election from Bribery: New Approach and Computational Complexity Characterization. AAMAS 2018: 1894-1896.
H. Chen, J. Cho, and S. Xu. Quantifying the Security Effectiveness of Firewalls and DMZs. 2018 Symposium and Bootcamp on the Science of Security (HotSoS’18).
H. Chen, J. Cho, and S. Xu. Poster: Quantifying the security effectiveness of network diversity. 2018 Symposium and Bootcamp on the Science of Security (HotSoS’18), 2018.
C. Peng, M. Xu, S. Xu, and T. Hu. Modeling Multivariate Cybersecurity Risks. Journal of Applied Statistics, 2018.
Zhen Li, Deqing Zou, Shouhuai Xu, Xinyu Ou, Hai Jin, Sujuan Wang, Zhijun Deng, Yuyi Zhong. VulDeePecker: A Deep Learning-Based System for Vulnerability Detection. Network and Distributed System Security Symposium 2018 (NDSS’18).
R. Zheng, W. Lu, and S. Xu. Preventive and Reactive Cyber Defense Dynamics Is Globally Stable. IEEE Transactions on Network Science and Engineering, 5(2): 156-170 (2018).
M. Saleh, T. Li, and S. Xu. Multi-context features for detecting malicious programs. Journal of Computer Virology and Hacking Techniques, 14(2): 181-193 (2018).
Lei Xu, Lin Chen, Zhimin Gao, Shouhuai Xu and Weidong Shi. EPBC: Efficient Public Blockchain Client for Lightweight Users . Accepted to 1st Workshop on Scalable and Resilient Infrastructures for Distributed Ledgers (SERIAL’17).
M. Pendleton and S. Xu. A Dataset Generator for Next Generation System Call Host Intrusion Detection Systems. Proceedings of Milcom’2017.
M. Saleh, P. Ratazzi, and S. Xu. A Control Flow Graph-based Signature for Packer Identification. Proceedings of Milcom’2017.
A. Tyra, Jingtao Li, Y. Shang, S. Jiang, Y. Zhao, and S. Xu. Robustness of non-interdependent and interdependent networks against dependent and adaptive attacks. Physica A 482 (2017) 713-727.
H. Chen, X. Zhao, F. Liu, S. Xu, and W. Lu. Optimizing inter-connections to maximize the spectral radius of interdependent networks. Physical Review E. 95, 032308, 7 March 2017
M. Xu, L. Hua, and S. Xu. A Vine Copula Model for Predicting the Effectiveness of Cyber Defense Early-Warning. Technometrics, to appear.
P. Chen, M. Xu, S. Xu, and T. Hu. Modeling and Predicting Extreme Cyber Attack Rates via Marked Point Processes. Journal of Applied Statistics, 2017.
- This paper is one of the two Highly Commended Finalists for the Best Paper Prize among ALL of the papers published in the Journal of Applied Statistics in year 2017!
X. Hu, M. Xu, S. Xu, and P. Zhao. Multiple Cyber Attacks against a Target with Observation Errors and Dependent Outcomes: Characterization and Optimization, Reliability Engineering & System Safety, 159, 119-133.
M. Pendleton, R. Garcia-Lebron, J. Cho, and S. Xu. A Survey on Systems Security Metrics. ACM Computing Survey, 49(4): 62:1-62:35 (2017).
- An earlier version without considering ontology.
Z. Li, D. Zou, S. Xu, H. Jin, H. Qi, and J. Hu. VulPecker: An Automated Vulnerability Detection System Based on Code Similarity Analysis. ACSAC’2016.
J. Mireles, J. Cho, and S. Xu. Extracting Attack Narratives from Traffic Datasets. The 1st International Conference on Cyber Conflict in the U.S. (CyCon U.S. ‘2016).
J. Cho, P. Hurley, and S. Xu. Metrics and Measurement of Trustworthy Systems. Milcom’2016.
G. Da, M. Xu and S. Xu. On the Quasi-Stationary Distribution of SIS Models. Probability in the Engineering and Informational Sciences, Volume 30, Issue 4, October 2016, pages 622-639.
Z. Zhan, M. Xu, and S. Xu. Predicting Cyber Attack Rates with Extreme Values. IEEE Trans. Information Forensics and Security 10(8): 1666-1677 (2015).
Y. Chen, Z. Huang, S. Xu and Y. Lai. Spatiotemporal patterns and predictability of cyberattacks. PLoS One 10(5): e0124472. doi:10.1371/journal.pone.0124472, 2015.
R. Zheng, W. Lu and S. Xu. Active Cyber Defense Dynamics Exhibiting Rich Phenomena. 2015 Symposium and Bootcamp on the Science of Security (HotSoS’15)
Q. Zheng and S. Xu. Verifiable Delegated Set Intersection Operations on Outsourced Encrypted Data. Proc. of 2015 IEEE International Conference on Cloud Engineering (IC2E).
Z. Zhan, M. Xu, and S. Xu. A Characterization of Cybersecurity Posture from Network Telescope Data. Proceedings of The 6th International Conference on Trustworthy Systems (InTrust’14), to appear.
S. Xu, E. Ratazzi, and W. Du. Security Architecture for Federated Mobile Cloud Computing. Book chapter in 2015 Springer book entitled “Mobile Cloud Security.” (40+ pages)
M. Saleh, P. Ratazzi, and S. Xu. Instructions-based Detection of Sophisticated Obfuscation and Packing. Proceedings of IEEE MILCOM’14.
W. Dai, H. Jin, D. Zou, S. Xu, W. Zheng, L. Shi, and L. Yang. TEE: A Virtual DRTM Based Execution Environment for Secure Cloud-End Computing. Future Generation Computer Systems, 2015.
- This is the fuller version of “TEE: a virtual DRTM based execution environment for secure cloud-end computing, ” a poster appeared in Proceedings of ACM CCS’2012, pp 663-665
E. Bertino, G. Ghinita, M. Kantarcioglu, D. Nguyen, J. Park, R. Sandhu, S. Sultana, B. Thuraisingham, and S. Xu. A roadmap for privacy-enhanced secure data provenance. Journal of Intelligent Information Systems, 2014, pp 1-21.
L. Xu, Z. Zhan, S. Xu, and K. Ye. An Evasion and Counter-Evasion Study in Malicious Websites Detection. IEEE 2014 Conference on Communications and Network Security (IEEE CNS’14).
Y. Han, W. Lu and S. Xu. Characterizing the Power of Moving Target Defense via Cyber Epidemic Dynamics. 2014 Symposium and Bootcamp on the Science of Security (HotSoS’14).
G. Da, M. Xu and S. Xu. A New Approach to Modeling and Analyzing Security of Networked Systems. 2014 Symposium and Bootcamp on the Science of Security (HotSoS’14).
S. Xu. Cybersecurity Dynamics (extended abstract). 2014 Symposium and Bootcamp on the Science of Security (HotSoS’14).
S. Xu. Emergent Behavior in Cybersecurity (extended abstract). 2014 Symposium and Bootcamp on the Science of Security (HotSoS’14).
M. Xu, G. Da, and S. Xu. Cyber Epidemic Models with Dependencies. Internet Mathematics.
- This paper won Taylor & Francis Mathematics & Statistics Readers’ Award in year 2015
Z. Liu, W. Shi, S. Xu, and Z. Lin. Programmable decoder and shadow threads: Tolerate remote code injection exploits with diversified redundancy. DATE’14.
Q. Zheng, S. Xu, and G. Ateniese. VABKS: Verifiable Attribute-based Keyword Search over Outsourced Encrypted Data. Infocom’14.
S. Xu, W. Lu, L. Xu, and Z. Zhan. Adaptive Epidemic Dynamics in Networks: Thresholds and Control. ACM Transactions on Autonomous and Adaptive Systems (TAAS), 8(4), Article 19, 2014
- This paper was accepted a long-time ago.
W. Lu, S. Xu, and X. Yi. Optimizing Active Cyber Defense . The ^4th Conference on Decision and Game Theory for Security (GameSec’13).
S. Xu, W. Lu, and H. Li, A Stochastic Model of Active Cyber Defense Dynamics. Internet Mathematics, 11:1, 23-71.
Z. Zhan, M. Xu, and S. Xu. Characterizing Honeypot-Captured Cyber Attacks: Statistical Framework and Case Study. IEEE Transactions on Information Forensics & Security (IEEE TIFS), 8(11): 1775-1789 (2013).
L. Xu, Z. Zhan, S. Xu, and K. Ye. Cross-Layer Detection of Malicious Websites. Proceedings of the Third ACM Conference on Data and Application Security and Privacy (ACM CODASPY’13).
Y. Wen, J. Lee, Z. Liu, Q. Zheng, W. Shi, S. Xu, and T. Suh. Multi-processor architectural support for protecting virtual machine privacy in untrusted cloud environment. ACM Conference on Computing Frontiers (CF’13), 2013, Artical no: 25 (10 pages)
W. Luo, S. Xu, and X. Jiang. Real-time detection and prevention of android SMS permission abuses. Proceedings of AisaCCS workshop on Security in Embedded Systems and Smartphones (SESP’13), 2013,pp 11–18.
W. Luo and L. Xu and Z. Zhan and Q. Zheng and S. Xu. Federated Cloud Security Architecture for Secure and Agile Clouds. Book chapter to appear in 2013 Springer book entitled “High Performance Cloud Auditing and Applications.”Springer book entitled ”High Performance Semantic Cloud Audit.”
J. Morales, S. Xu, and R. Sandhu. Analyzing Malware Detection Efficiency with Multiple Anti-Malware Programs. Proceedings of The 1st ASE International Conference on Cyber Security.
Q. Zheng, S. Xu and G. Ateniese. Efficient Query Integrity for Outsourced Dynamic Databases. ACM CCSW’12.
W. Dai, P. Parker, H. Jin and S. Xu. Enhancing Data Trustworthiness via Assured Digital Signing. IEEE Trans. Dependable Secure Computing 9(6): 838-851 (2012).
M. Xu and S. Xu. An Extended Stochastic Model for Quantitative Security Analysis of Networked Systems. Internet Mathematics, 8(3): 288-320 (2012)
M. Xu and S. Xu. An Extended Stochastic Model for Quantitative Security Analysis of Networked Systems. Internet Mathematics, 8(3): 288-320 (2012).
Y. Dodis, W. Luo, S. Xu and M. Yung. Key-Insulated Symmetric Key Cryptography and Mitigating Attacks against Cryptographic Cloud Software. AsiaCCS’12.
Q. Zheng and S. Xu. Secure and Efficient Proof of Storage with Deduplication. Proceedings of Second ACM Conference on Data and Application Security and Privacy (ACM CODASPY’12).
Y. Shang, W. Luo, and S. Xu. L-hop percolation on networks with arbitrary degree distributions and its applications. Physical Review E, Sept. 2011.
J. Morales, M. Main, W. Luo, S. Xu, and R. Sandhu. Building Malware Infection Trees. Proceedings of the 6^th International Conference on Malicious and Unwanted Software (Malware 2011).
S. Xu, W. Lu, and Z. Zhan. A Stochastic Model of Multi-Virus Dynamics. IEEE Transactions on Dependable and Secure Computing (IEEE TDSC), Jan 2012.
S. Xu, W. Lu, and L. Xu. Push- and Pull-based Epidemic Spreading in Networks: Thresholds and Deeper Insights. ACM Transactions on Autonomous and Adaptive Systems (TAAS), to appear.
S. Xu, X. Li, P. Parker, and X. Wang. Exploiting Trust-Based Social Networks for Distributed Protection of Sensitive Data. IEEE Transactions on Information Forensics & Security, 2011.
- Earlier version appeared in AsiaCCS’08

H. Qian and S. Xu. Non-Interactive Multisignatures in the Plain Public-Key Model with Efficient Verification. Information Processing Letters, accepted, 2010
H. Qian and S. Xu. Non-Interactive Editable Signatures for Assured Data Provenance. First ACM Conference on Data and Application Security and Privacy (ACM CODASPY’11).
Q. Zheng and S. Xu. Fair and Dynamic Proof of Retrievability. First ACM Conference on Data and Application Security and Privacy (ACM CODASPY’11).
X. Li, P. Parker, and S. Xu. A Stochastic Model for Quantitative Security Analysis of Networked Systems. IEEE Transactions on Dependable and Secure Computing (IEEE TDSC), 2011.
J. Morales, R. Sandhu, and S. Xu. Evaluating Detection and Treatment Effectiveness of Commercial Anti-Malware Programs. Proceedings of the 5th International Conference on Malicious and Unwanted Software (Malware 2010), pp ???.
J. Morales, A. Al-Bataineh, S. Xu and R. Sandhu. Analyzing and Exploiting Network Behaviors of Malware. SecureComm’10.
J. Morales, E. Kartaltepe, S. Xu, and R. Sandhu. Symptoms-Based Detection of Bot Processes. MMM-ACNS-2010 (5th International Conference on Mathematical Methods, Models, and Architectures for Computer Networks Security).
E. Kartaltepe, J. Morales, S. Xu, and R. Sandhu. Social Network-Based Botnet Command-and-Control: Emerging Threats and Countermeasures. ACNS’10. Springer Lecture Notes in Computer Science 6123, pp 511-528.
S. Xu, H. Qian, F. Wang, Z. Zhan, E. Bertino, and R. Sandhu. Trustworthy Information: Concepts and Mechanisms. WAIM’10 (11th International Conference on Web-Age Information Management). Springer Lecture Notes in Computer Science 6184, pp 398-404.
S. Xu. Towards a Theoretical Framework for Trustworthy Cyber Sensing. Proceedings of the 2010 SPIE Conference on SPIE Defense, Security, and Sensing (DSS’10).
P. Parker and S. Xu. A Method for Safekeeping Cryptographic Keys from Memory Disclosure Attacks. Intrust’09.
S. Xu and M. Yung. SocialClouds: Concept, Security Architecture and Some Mechanisms. Intrust’09.
J. Morales, A. Al-Bataineh, S. Xu, and R. Sandhu. Analyzing DNS Activities of Bot Processes. Proceedings of the 4th International Conference on Malicious and Unwanted Software (Malware 2009).
Q. Ni, S. Xu, E. Bertino, R. Sandhu and W. Han. An Access Control Language for a General Provenance Model. Proc. 6th VLDB Workshop on Secure Data Management (SDM’09).
S. Xu, R. Sandhu, and E. Bertino. TIUPAM: A Framework for Trustworthiness-Centric Information Sharing. Invited paper in Proc. 3rd IFIP WG 11.11 International Conference on Trust Management, 2009.
S. Xu, Q. Ni, E. Bertino and R. Sandhu. A Characterization of the Problem of Secure Provenance Management. Proc. Workshop on Assured Information Sharing at the IEEE International Conference on Intelligence and Security Informatics (ISI’09).
S. Xu and M. Yung. Expecting the Unexpected: Towards Robust Credential Infrastructure. FC’09
J. Leonard, S. Xu, and R. Sandhu. A First Step Towards Characterizing Stealthy Botnets. To appear in the Proceedings of The Fourth International Conference on Availability, Reliability and Security (ARES’09), IEEE press, pp ???-???.
J. Leonard, S. Xu, and R. Sandhu. A Framework for Understanding Botnets. To appear in the Proceedings of the Third International Workshop on Advances in Information Security (WAIS’09), IEEE press, pp ???-???.
S. Xu. Collaborative Attack vs. Collaborative Defense. Invited Paper in the Proceedings of The 4th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborativeCom’08), pp ???-???, Nov. 13-16, 2008.
S. Xu. (How) Can We Manage the Trustworthiness of Security Infrastructures and Services. Abstract of Keynote address in the Proceedings of The 3rd Asia-Pacific Trusted Infrastructure Technologies Conference (APTC’08), IEEE press, pp ???-???, Oct. 14-17, 2008.
X. Ding, G. Tsudik, and S. Xu. Leak-free Mediated Group Signatures. Journal of Computer Security, Volume 17, Number 4, 2009, pp. 489-514
- This is the full version of the ICDCS paper below.
A. Kiayias, S. Xu, and M. Yung. Privacy Preserving Data Mining within Anonymous Credential Systems. SCN’08.
S. Xu and S. Capkun. Distributed and Secure Bootstrapping of Mobile Ad Hoc Networks: Framework and Constructions. ACM Transactions on Information and Systems Security (ACM TISSEC), 12(1), 2008.
X. Li, P. Parker, and S. Xu. A Probabilistic Characterization of A Fault-Tolerant Gossiping Algorithm. Journal of Systems Science and Complexity, Springer, Accepted.
D. Walleck, Y. Li, and S. Xu. An Empirical Analysis of Certificate Revocation Lists. IFIP DBSec’08.
S. Xu, X. Li, and P. Parker. Exploiting Social Networks for Thresholding Signing: Attack-resilience vs. Availability. ASIACCS’08.
E. Kartaltepe, P. Parker, and S. Xu. How to Secure Your Email Address Book and Beyond. CANS’07.
X. Li, P. Parker, and S. Xu. A Stochastic Characterization of a Fault-tolerant Gossip Algorithm. HASE’07.
K. Harrison and S. Xu. Protecting Cryptographic Keys from Memory Disclosure Attacks. DSN-DCCS’07. (Preliminary full version with source code is here; a significantly enriched full version will become available some time soon.)
P. Sharkey, H. Tian, W. Zhang, and S. Xu. Privacy-Preserving Data Mining Through Knowledge Model Sharing. PinKDD’07.
X. Li, P. Parker, and S. Xu. Towards an Analytic Model of Epidemic Spreading in Heterogeneous Systems. Qshine’07.
S. Xu and K. Han. Envisioning Stealthy Botnet C&C and Graph-based Detection Metrics (Abstract). DSN’07 fast abstract track.
S. Xu and R. Sandhu. A Scalable and Secure Cryptographic Service. IFIP DBSec’07. Preliminary full version is here.
X. Li, P. Parker, and S. Xu. Towards Quantifying the (In)Security of Networked Systems. IEEE AINA’07.
S. Xu and Moti Yung. K-anonymous Multi-party Secret Handshakes. Financial Cryptography and Data Security 2007 (FC’07).
S. Xu. On the security of group communication schemes. Journal of Computer Security, Volume 15, Number 1, 2007, pp. 129 – 169.
- This is the full version of the SASN’05 paper below.
S. Zhu, S. Setia, S. Xu, and S. Jajodia. GKMPAN: An efficient group rekeying scheme for secure multicast in ad-hoc networks. Journal of Computer Security, Volume 14, Number 4, 2006, pp. 301 – 325.
- This is the full version of the Mobiquitous’04 paper below.
S. Zhu, S. Xu, S. Setia, and S. Jajodia. LHAP: A Lightweight Network Access Control Protocol for Ad-Hoc Networks. Elsevier Ad Hoc Networks Journal, Volume 4, Issue 5, Sept. 2006, pp 567-585.
- This is the full version of the MWN’03 paper below.
P. Parker and S. Xu. Towards Understanding the (In)security of Networked Systems under Topology-directed Stealthy Attacks. Proceedings of the 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing (DASC’06), pp ???-???.
G. Tsudik and S. Xu. A Flexible Framework for Secret Handshakes. In Proceedings of the 6th Workshop on Privacy Enhancing Technologies (PET’06).
- This is an extended version of the PODC’05 brief announcement.
J. Dowd, S. Xu, and W. Zhang. Privacy-Preserving Decision Tree Mining Based on Random Substitutions. In the Proceedings of the 2006 International Conference on Emerging Trends in Information and Communication Security (ETRICS’06), LNCS 3995, pp 145-159.
E. Kartaltepe and S. Xu. Towards Blocking Outgoing Malicious Impostor Emails. In the Proceedings of the 2nd International Workshop on Trust, Security and Privacy for Ubiquitous Computing. IEEE Press, pp 657-661.
S. Xu. On the Security of Group Communication Schemes based on Symmetric Key Cryptosystems. In the Proceedings of ACM Workshop on Security of Ad hoc and Sensor Network 2005 (ACM SASN’05), ACM press, pp 22-31.
- The full version is invited to submit to a special issue of Journal of Computer Security.
E. Kartaltepe and S. Xu. On Automatically Detecting Malicious Imposter Emails. In Proceedings of International Workshop on Applied PKI 2005 (IWAP’05), IOS Press, pp ??-??.
G. Tsudik and S. Xu. Brief Announcement: A Flexible Framework for Secret Handshakes. In Proceedings of ACM Symposium on Princples of Distributed Computing 2005 (ACM PODC’05), ACM Press, pp 39.
S. Xu and W. Zhang. Knowledge as a Service and Knowledge Breaching. In the Proceedings of IEEE International Conference on Service Computing (IEEE SCC’05), IEEE Press, pp 87-94.
S. Xu and M. Yung. K-Anonymous Secret Handshakes with Reusable Credentials. ACM CCS’04. (full version not available yet)
S. Xu and W. Zhang. PBKM: A Secure Knowledge Management Framework. NSF/NSA/AFRL Workshop on Secure Knowledge Management’04.
S. Xu and M. Yung. Accountable Ring Signatures: A Smart Card Approach. IFIP CARDIS’04.
S. Zhu, S. Setia, S. Xu, and S. Jajodia. GKMPAN: An Efficient Group Rekeying Scheme for Secure Multicast in Ad-Hoc Networks. Mobiquitous’04.
S. Xu, W. Nelson Jr. and R. Sandhu. Enhancing Anonymity via Market Competition. Information Assurance and Security — IEEE ITCC’04.
S. Xu and R. Sandhu. Applying OM-AM to Analyze Digital Rights Management. 7th International Conference on E-Commerce Research, 2004.
X. Ding, G. Tsudik, and S. Xu. Leak-free Group Signatures with Immediate Revocation. ICDCS’04.
G. Tsudik and S. Xu. Accumulating Composites and Improved Group Signing. Asiacrypt’03; an extended preliminary version is here.
S. Zhu, S. Xu, S. Setia, and S. Jajodia. Establishing Pair-Wise Keys for Secure Communication in Ad Hoc Networks: A Probabilistic Approach. ICNP’03.
A. Bagchi, A. Chaudhary, M. Goodrich, and S. Xu. Constructing Dijoint Paths for Secure Communication. DISC’03.
S. Zhu, S. Xu, S. Setia, and S. Jajodia. LHAP: A Light-weight Hop-by-hop Authentication Protocol For Ad-Hoc Networks. Workshop on Mobile and Wireless Networks (MWN’03, affiliated with ICDCS’03)
S. Xu and M. Yung. Retrofitting Fairness on the Original RSA-Based E-Cash. Financial Cryptography’03.
S. Xu and R. Sandhu. Two Efficient and Provably Secure Schemes for Server-Assisted Threshold Signatures. RSA-CT’03.
Y. Dodis, J. Katz, S. Xu, and M. Yung. Strong Key-Insulated Signature Schemes. PKC’03.
Y. Dodis, J. Katz, S. Xu, and M. Yung. Key-Insulated Public Key Cryptosystems. Eurocrypt’02.
S. Xu and M. Yung. The Dark Side of Threshold Cryptography. Financial Cryptography’02.
S. Xu and R. Sandhu. Authenticated Multicast Immune to Denial-of-Service Attacks. ACM SAC’02.
S. Xu, M. Yung, and G. Zhang. Friendly Observers Ease Off-Line E-Cash. CARDIS’00.
S. Xu, M. Yung, and G. Zhang. Scalable, Tax-Evasion Free, Anonymous Investing. IFIP SEC’00.
S. Xu, M. Yung, G. Zhang, and H. Zhu. Money Conservation via Atomicity in Fair Off-Line E-Cash. ISW’99, LNCS 1729.
S. Xu, G. Zhang, and H. Zhu. Securing Systems Using E-Cash. InfoSecu’99.
S. Xu, G. Zhang, and H. Zhu. Two Digital Signature Schemes Based on Graph 3-Colorability Problem. ICYCS’99.
S. Xu, H. Zhu, and G. Zhang. Digital Signature Schemes Based on Graph Isomorphism and Graph 3-Colorability Problems. CrypTEC’99.
S. Xu, G. Zhang, and H. Zhu. On the Security of Three-Party Cryptogrpahic Protocols. ACM Operating Systems Review, Vol. 32, No. 3, July 1998, pp 7-20.
S. Xu, G. Zhang, and H. Zhu. On the Security of Cryptogrpahic Protocols (Extended Abstract). ChinaCrypt’98.
S. Xu, G. Zhang, and H. Zhu. On the Properties of Cryptogrpahic Protocols and the Weaknesses of BAN-Like Logics. ACM Operating Systems Review, Vol. 31, No. 4, October 1997, pp 12-23.
S. Xu, G. Zhang, H. Zhu et al. A General Solution to the Security Problems on the Internet/Intranet Platform. Proceedings of the Sixth Chinese Symposium on Security and Privacy, 1997

Other Publications (in Chinese):

S. Xu. A Study in Digital Currency. PhD Dissertation, Dec. 1999, Department of Computer Science, Fudan University, Shanghai, China.
S. Xu, G. Zhang, and H. Zhu. A Self-Delegation System and the Knowledge Complexity of Problems. Journal of Software, Vol. 10, No. 2, February 1999, pp 170-174.

S. Xu and G. Zhang. Encryption Mechanism for Routing Information Based on the Internet Protocol. Computer Research and Development, Vol. 35, No. 8, August 1998, 753-759

S. Xu, G. Zhang, and H. Zhu. Recent Advances in Modern Cryptography. NCYCS’98.

S. Xu and M. Hu. Security Strategy for Oracle-Based Application Systems. Computer Engineering and Design, Vol. 18, No. 4, April 1997, pp 43-38.

S. Xu and M. Hu. Prospects on Database Security. Computer Engineering, Vol. 23, No. 3, March 1997, pp 50-53.

S. Xu and M. Hu. The Storage and Retrieve Techniques for Object-Oriented Multimedia DataBase Systems. Computer Engineering, Vol. 22, No. 5, May 1996, pp 14-17.

S. Xu and M. Hu. Database Based on Spatial Algebra. Software, Vol. 4, No. 3, March 1996, pp 20-23.