Suphannee Sivakorn

Detecting Malware Injection with Program-DNS Behavior
Y. Sun, K. Jee, S. Sivakorn, Z. Li, C. Lumezanu, L. Korts-Pärn, Z. Wu, J. Rhee, C. H. Kim, M. Chiang, P. Mittal
Proceedings of the 5th IEEE European Symposium on Security and Privacy (EuroS&P), All Digital Event (due to COVID-19), September 2020. (Acceptance rate: 15%)

Countering Malicious Processes with Process-DNS Association
S. Sivakorn, K. Jee, Y. Sun, L. Korts-Pärn, Z. Li, C. Lumezanu, Z. Wu, L. Tang, D. Li.
In Proceedings of the 26th Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, February 2019. (Acceptance rate: 17.08%)

HVLearn: Automated Black-box Analysis of Hostname Verification in SSL/TLS Implementations.
S. Sivakorn, G. Argyros, K. Pei, A. D. Keromytis, S. Jana.
In Proceedings of the 38th IEEE Symposium on Security and Privacy (S&P), San Jose, California, USA, May 2017. (Acceptance rate: 13.33%)
- Project repository: github.com/HVLearn/HVLearn, wiki

Evaluating the Privacy Guarantees of Location Proximity Services.
G. Argyros, T. Petsios, S. Sivakorn, A. D. Keromytis, J. Polakis.
In ACM Transactions on Privacy and Security (TOPS, formerly TISSEC), Volume 19(4), Article 12, February 2017.

That's the Way the Cookie Crumbles: Evaluating HTTPS Enforcing Mechanisms.
S. Sivakorn, A. D. Keromytis, J. Polakis.
In Proceedings of the 15th ACM Workshop on Privacy in the Electronic Society (WPES), Vienna, Austria, October 2016. (Acceptance rate: 19.44%)

The Cracked Cookie Jar: HTTP Cookie Hijacking and the Exposure of Private Information.
S. Sivakorn*, I. Polakis*, A. D. Keromytis.
In Proceedings of the 37th IEEE Symposium on Security and Privacy (S&P), San Jose, California, USA, May 2016. (Acceptance rate: 13.75%)
- Also presented at Black Hat USA 2016
- Media Coverage: Security Intelligence | Threat Post | eWeek | Active Cypher

I Am Robot: (Deep) Learning to Break Semantic Image CAPTCHAs.
S. Sivakorn, I. Polakis, A. D. Keromytis.
In Proceedings of the 1st IEEE European Symposium on Security and Privacy (EuroS&P), Saarbrücken, GERMANY, March 2016. (Acceptance rate: 17.3%)
- Also presented at Black Hat Asia 2016
- Media Coverage: The Register | Slashdot | Softpedia | Gizmodo | Sophos | Schneier on Security | Kaspersky | Information Week | Security Week | SC Magazine | The Inquirer | Computing | Security Affairs | BotWatch | DHS
- Dataset: Image CAPTCHA dataset collected from Google reCAPTCHA and Facebook image CAPTCHA services

Where's Wally? Precise User Discovery Attacks in Location Proximity Services.
I. Polakis, G. Argyros, T. Petsios, S. Sivakorn, A. D. Keromytis.
In Proceedings of the 22nd ACM Computer and Communications Security Conference (CCS), Denver, Colorado, USA, October 2015. (Acceptance rate: 19.8%)
- Video of our live attack demonstration against Foursquare Swarm service
- Project repository: github.com/nettrino/LBSProximityAuditor (Audit framework for Location Based Services)

Selected Publications