!-- Features Section -->

Software & Datasets

Author Obfuscation


A. Matyukhina, N. Stakhanova, M. Dalla Preda and C. Perley. 2019. Adversarial author attribution in open-source projects. In Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy, CODASPY '19, , New York, NY, USA, 2019. ACM


GitHub data
GoogleCodeJam data

Android malware authorship attribution through string analysis


V. Kalgutkar, N. Stakhanova, P. Cook, and A. Matyukhina. 2018. Android authorship attribution through string analysis. In Proceedings of the 13th International Conference on Availability, Reliability and Security (ARES 2018). ACM, New York, NY, USA.


GitHub authors source code
Github authors APKs
Benign authors APKs

Authorship Attribution of Android Apps


H. Gonzalez, N. Stakhanova, and A. Ghorbani. Authorship attribution of android apps. In Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy (CODASPY '18). ACM, New York, NY, USA, 277-286


Benigh authors apps

Fingerprinting Android Obfuscation Tools


R. Kaur, Y.Ning, H. Gonzalez and N. Stakhanova, “Unmasking Android Obfuscation Tools Using Spatial Analysis”, In The Proceedings of the Privacy, Security and Trust Conference, Hamburg, Germany, 2018

Dataset (Available on request):

Out of 1399 unique Android app's source code collected from F-droid, we successfully compiled 325 apps. Then obfuscated each with 5 different obfuscators: Allatori, DexGuard, Jshrink, Klassmaster, and ProGuard, and for each of the obfuscator, we further complied apps with 4 different obfuscation types: Default, Layout, Data, and Control. Resulting in total 4559 apps for experimentation.

Visual Exploration of Android binaries


A. Jain, H. Gonzalez, and N. Stakhanova. Enriching reverse engineering through visual exploration of android binaries. In Proceedings of the 5th Program Protection and Reverse Engineering Workshop, PPREW-5, pages 9:1–9:9, New York, NY, USA, 2015. ACM

Software download: GitHub.

Runtime Detection and Prevention of DOM Tampering

The project prototype is implemented in an open source browser, Chromium by patching various parts of the code inside the Blink rendering engine and by modifying in-built CSS parser to identify and parse the newly introduced DOM security policy directives. The whole solution is implemented using C++ programming language. This secured browser prototype is easy to adopt and deploy in other browsers as well, with only few tweaks in DOM APIs and CSS parser. The prototype is thoroughly tested and does not introduce any additional performance overheads, does not conflict with existing in-built browser protection as CSP, etc., and does not even interfere in the rendering of websites that do not implement the provided solution.


J. Iqbal, R. Kaur, and N. Stakhanova. 2019. PoliDOM: Mitigation of DOM-XSS by Detection and Prevention of Unauthorized DOM Tampering. In Proceedings of the 14th International Conference on Availability, Reliability and Security (ARES '19). ACM, New York, NY, USA, Article 17, 10 pages.

Software: GitHub Link

Detecting HTTP-based Application Layer DoS Attacks


1. H. Gonzalez, M.-A. Gosselin-Lavigne, N. Stakhanova, and A. Ghorbani. The impact of application layer denial of service attacks. In B. Issac and N. Israr, editors, Case Studies in Secure Computing - Achievements and Trends. CRC Press, Taylor and Francis, 2014

2. H. Jazi, H. Gonzalez, N. Stakhanova, A.A. Ghorbani. Detecting HTTP-based Application Layer DoS attacks on Web Servers in the presence of sampling. Computer Networks, 2017.

3. Mantas, N. Stakhanova, H. Gonzalez, and A. Ghorbani. A Taxonomy of Application- Layer Denial of Service (DoS) Attacks. International Journal of Information and Computer Security, 7(2/3/4): 216-239, 2015