ACSAC 2023

Web Security

1. PhishReplicant: A Language Model-based Approach to Detect Generated Squatting Domain Names.

PhishReplicant：一种基于语言模型的检测生成的领域名抢注的方法。

2. From Attachments to SEO: Click Here to Learn More about Clickbait PDFs!

从附件到SEO：点击这里了解更多关于点击诱饵PDF的信息！

3. Scamdog Millionaire: Detecting E-commerce Scams in the Wild.

骗子百万富翁：在野外检测电商骗局。

4. When Push Comes to Shove: Empirical Analysis of Web Push Implementations in the Wild.

当推送变得紧迫：野外Web推送实施的实证分析。

Application and Software Security

5. Triereme: Speeding up hybrid fuzzing through efficient query scheduling.

Triereme：通过高效查询调度加速混合模糊测试。

6. On the Feasibility of Cross-Language Detection of Malicious Packages in npm and PyPI.

论npm和PyPI中跨语言检测恶意包的可行性。

7. Artemis: Defanging Software Supply Chain Attacks in Multi-repository Update Systems.

Artemis：在多仓库更新系统中防御软件供应链攻击。

8. ANDetect: A Third-party Ad Network Libraries Detection Framework for Android Applications.

ANDetect：一个用于Android应用的第三方广告网络库检测框架。

Network and Enterprise Security

9. Delegation of TLS Authentication to CDNs using Revocable Delegated Credentials.

使用可撤销的委托凭证将TLS认证委托给CDN。

10. Domain and Website Attribution beyond WHOIS.

超越WHOIS的域名和网站归属。

11. FS3: Few-Shot and Self-Supervised Framework for Efficient Intrusion Detection in Internet of Things Networks.

FS3：物联网网络中高效入侵检测的少样本和自监督框架。

12. An Empirical Analysis of Enterprise-Wide Mandatory Password Updates.

企业范围强制密码更新的实证分析。

IoT and Cyber-Physical Systems Security

13. SealClub: Computer-aided Paper Document Authentication.

SealClub：计算机辅助的纸质文件认证。

14. Lightweight Privacy-Preserving Proximity Discovery for Remotely-Controlled Drones.

轻量级隐私保护的远程控制无人机邻近发现。

15. Unleashing IoT Security: Assessing the Effectiveness of Best Practices in Protecting Against Threats.

解放物联网安全：评估最佳实践在防御威胁中的有效性。

16. A Tagging Solution to Discover IoT Devices in Apartments.

在公寓中发现物联网设备的标签解决方案。

Authentication and Access Control

17. Hades: Practical Decentralized Identity with Full Accountability and Fine-grained Sybil-resistance.

Hades：具有完全责任性和细粒度伪造抵抗的实用去中心化身份。

18. Log2Policy: An Approach to Generate Fine-Grained Access Control Rules for Microservices from Scratch.

Log2Policy：从头开始为微服务生成细粒度访问控制规则的方法。

19. The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms.

皇后卫队：分布式数据分析平台中细粒度访问控制的安全执行。

20. OAuth 2.0 Redirect URI Validation Falls Short, Literally.

OAuth 2.0重定向URI验证不足，字面意义上的。

Connected Vehicles and Industrial Control Systems Security

21. Secure and Lightweight Over-the-Air Software Update Distribution for Connected Vehicles.

连接车辆的安全且轻量级的空中软件更新分发。

22. Secure and Lightweight ECU Attestations for Resilient Over-the-Air Updates in Connected Vehicles.

连接车辆中的安全且轻量级ECU认证以实现弹性空中更新。

23. Detection of Anomalies in Electric Vehicle Charging Sessions.

电动车充电会话中异常检测。

24. SePanner: Analyzing Semantics of Controller Variables in Industrial Control Systems based on Network Traffic.

SePanner：基于网络流量分析工业控制系统中控制器变量的语义。

Security and Machine Learning I

25. FraudLens: Graph Structural Learning for Bitcoin Illicit Activity Identification.

FraudLens：用于比特币非法活动识别的图结构学习。

26. Poisoning Network Flow Classifiers.

污染网络流分类器。

27. TGC: Transaction Graph Contrast Network for Ethereum Phishing Scam Detection.

TGC：以太坊钓鱼诈骗检测的交易图对比网络。

Security and Machine Learning II

28. Can Large Language Models Provide Security & Privacy Advice? Measuring the Ability of LLMs to Refute Misconceptions.

大型语言模型能提供安全和隐私建议吗？测量LLMs反驳误解的能力。

29. DefWeb: Defending User Privacy against Cache-based Website Fingerprinting Attacks with Intelligent Noise Injection.

DefWeb：用智能噪声注入防御基于缓存的网站指纹攻击来保护用户隐私。

30. Protecting Your Voice from Speech Synthesis Attacks.

保护你的声音免受语音合成攻击。

Wireless and Cyberphysical-Systems Security

31. Continuous Authentication Using Human-Induced Electric Potential.

使用人体诱发的电势进行连续认证。

32. Cross Body Signal Pairing (CBSP): A Key Generation Protocol for Pairing Wearable Devices with Cardiac and Respiratory Sensors.

跨身体信号配对（CBSP）：一个用于将可穿戴设备与心脏和呼吸传感器配对的密钥生成协议。

33. The Day-After-Tomorrow: On the Performance of Radio Fingerprinting over Time.

后天：关于随时间变化的无线电指纹的性能。

34. Enhanced In-air Signature Verification via Hand Skeleton Tracking to Defeat Robot-level Replays.

通过手骨骼跟踪进行空中签名验证以击败机器人级重放。

Machine Learning Security I

35. Secure Softmax/Sigmoid for Machine-learning Computation.

用于机器学习计算的安全Softmax/Sigmoid。

36. Link Membership Inference Attacks against Unsupervised Graph Representation Learning.

针对无监督图表示学习的链接成员推断攻击。

37. FLARE: Fingerprinting Deep Reinforcement Learning Agents using Universal Adversarial Masks.

FLARE：使用通用对抗性掩模对深度强化学习代理进行指纹识别。

Machine Learning Security II

38. On the Detection of Image-Scaling Attacks in Machine Learning.

关于机器学习中图像缩放攻击的检测。

39. A First Look at Toxicity Injection Attacks on Open-domain Chatbots.

首次探讨对开放领域聊天机器人的毒性注入攻击。

40. DeepTaster: Adversarial Perturbation-Based Fingerprinting to Identify Proprietary Dataset Use in Deep Neural Networks.

DeepTaster：基于对抗性扰动的指纹技术识别深度神经网络中专有数据集的使用。

Malware

41. Prioritizing Remediation of Enterprise Hosts by Malware Execution Risk.

通过恶意软件执行风险优先修复企业主机。

42. Global Analysis with Aggregation-based Beaconing Detection across Large Campus Networks.

在大型校园网络中使用基于聚合的信标检测进行全球分析。

43. PSP-Mal: Evading Malware Detection via Prioritized Experience-based Reinforcement Learning with Shapley Prior.

基于Shapley先验的优先级体验的强化学习逃避恶意软件检测。

44. Binary Sight-Seeing: Accelerating Reverse Engineering via Point-of-Interest-Beacons.

二进制观光：通过兴趣点信标加速逆向工程。

Trustworthy Machine Learning

45. DeepContract: Controllable Authorization of Deep Learning Models.

DeepContract：深度学习模型的可控授权。

46. Secure MLaaS with Temper: Trusted and Efficient Model Partitioning and Enclave Reuse.

Temper的安全MLaaS：可信且高效的模型分区和飞地重用。

47. ABFL: A Blockchain-enabled Robust Framework for Secure and Trustworthy Federated Learning.

ABFL：一个区块链启用的安全可信的联合学习稳健框架。

48. FLEDGE: Ledger-based Federated Learning Resilient to Inference and Backdoor Attacks.

FLEDGE：基于账本的对推理和后门攻击具有弹性的联合学习。

OS and Software Security

49. DOPE: DOmain Protection Enforcement with PKS.

DOPE：使用PKS的域保护执行。

50. RandCompile: Removing Forensic Gadgets from the Linux Kernel to Combat its Analysis.

RandCompile：从Linux内核中移除取证工具以对抗其分析。

51. Attack of the Knights: Non Uniform Cache Side Channel Attack.

骑士的攻击：非统一缓存侧信道攻击。

52. PAVUDI: Patch-based Vulnerability Discovery using Machine Learning.

PAVUDI：使用机器学习的基于补丁的漏洞发现。

Trustworthy Systems

53. Remote Attestation with Constrained Disclosure.

限制性披露的远程认证。

54. Remote attestation of confidential VMs using ephemeral vTPMs.

使用短暂的vTPM远程认证机密VM。

55. No Forking Way: Detecting Cloning Attacks on Intel SGX Applications.

不允许分叉：检测对Intel SGX应用的克隆攻击。

56. Detecting Weak Keys in Manufacturing Certificates: A Case Study.

检测制造证书中的弱密钥：一个案例研究。

Privacy

57. Differentially Private Resource Allocation.

差分隐私资源分配。

58. Mitigating Membership Inference Attacks via Weighted Smoothing.

通过加权平滑缓解成员推断攻击。

59. Mostree: Malicious Secure Private Decision Tree Evaluation with Sublinear Communication.

Mostree：具有亚线性通信的恶意安全私有决策树评估。