University of Saskatchewan

Computer Security Research Lab

Publications

2025

| PDF | Bibtex
Revealing Unreported OT Vulnerabilities from Public Discussions A.Halilou and N. Stakhanova. The 20th International Conference on Risks and Security of Internet and Systems (CRiSIS)
| PDF | Bibtex
An End to End Analysis of Crypto Scams on Ethereum J.Kimber, E. Branca, A. Natadze and N. Stakhanova. ACM Transactions on Internet Technology 
  @inproceedings{Ridley25,
  author = {Kimber, Jadyn  and  Branca, Enrico and Natadze, Andrei and Stakhanova, Natalia},
  title = {{An End to End Analysis of Crypto Scams on Ethereum}},
  year = {2025},
  publisher = {Association for Computing Machinery},
  address = {New York, NY, USA},
  booktitle = {ACM Transactions on Internet Technology},
  pages = {},
  numpages = {},
  location = {},
  }
| PDF | Bibtex
More Than You Signed Up For: Exposing Gaps in the Validation of Android's App Signing N. Ridley, E. Branca and N. Stakhanova. In Proceedings of the 22nd Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA '25) 
  @inproceedings{Ridley25,
  author = {Ridley,Norah and  Branca, Enrico and Stakhanova, Natalia},
  title = {{More Than You Signed Up For: Exposing Gaps in the Validation of Android's App Signing}},
  year = {2025},
  publisher = {Association for Computing Machinery},
  address = {New York, NY, USA},
  booktitle = {Proceedings of the 22nd Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA '25)},
  pages = {},
  numpages = {},
  location = {},
  }

2024

| PDF | Bibtex
A Systematic Evaluation of Non-SDK Interface Restrictions in Android: Bridging the Gap Between Guidelines and Practice G. Silva, N. Ridley, E. Branca and N. Stakhanova. In Proceedings of the 16th International Symposium on Foundations & Practice of Security (FPS2024)
Noination for Best Paper Award 
@inproceedings{Silva24,
author = {Silva, George and Ridley,Norah and  Branca, Enrico and Stakhanova, Natalia},
title = {{A Systematic Evaluation of Non-SDK Interface Restrictions in Android: Bridging the Gap Between Guidelines and Practice}},
year = {2024},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
booktitle = {Proceedings of the 17th International Symposium on Foundations \& Practice of Security (FPS2024)},
pages = {},
numpages = {},
location = {},
}
| PDF | Bibtex
Adversarial analysis of software composition analysis tools. E. Ivanova, N. Stakhanova, and B. Sistany, In Proceedings of the 27th Information Security Conference (ISC 2024) 
@inproceedings{Ivanova24,
author = {Ivanova, Ekaterina and  Stakhanova, Natalia and Sistany, Bahman},
title = {{Adversarial analysis of software composition analysis tools}},
year = {2024},
publisher = {ACM/IEEE},
address = {New York, NY, USA},
booktitle = {Proceedings of The  27th Information Security Conference (ISC 2024) },
pages = {},
numpages = {},
location = {},
}
| PDF | Bibtex
Measuring and Characterizing Propagation of Reuse RSA Certificates and Keys across PKI Ecosystem F. Nezhadian, E. Branca, A. Barzolevskaia, A. Natadze, N. Stakhanova, IEEE/ACM Transactions on Networking 
@ARTICLE{Nezhadian24,
author={Nezhadian, Fatemeh and Branca, Enrico and Barzolevskaia, Anna and Natadze, Andrei and Stakhanova, Natalia},
journal={ IEEE/ACM Transactions on Networking },
 title={{ Measuring and Characterizing Propagation of Reuse RSA Certificates and Keys Across PKI Ecosystem }},
year={2024},
volume={},
number={01},
ISSN={1558-2566},
pages={1-17},
publisher={IEEE Computer Society},
address={Los Alamitos, CA, USA},
month=nov}
| PDF | Bibtex
Navigating (in)security of AI-generated code. S. H. Ambati, N. Ridley, E. Branca, and N. Stakhanova, In Proceedings of IEEE International Conference on Cyber Security and Resilience (IEEE CSR), 2024. 
@inproceedings{Ambati24,
author = {Ambati, Sri Haritha and Ridley,Norah and  Branca, Enrico  and Stakhanova, Natalia},
title = {{Navigating (in)security of AI-generated code}},
year = {2024},
publisher = {IEEE},
address = {New York, NY, USA},
booktitle = {Proceedings of  IEEE International Conference on Cyber Security and Resilience (IEEE CSR)},
pages = {},
numpages = {},
location = {},
}
| PDF | Bibtex
Decoding Android Permissions: A Study of Developer Challenges and Solutions on Stack Overflow. S. Jannat Oishwee, Z. Codabux, and N. Stakhanova. In Proceedings of The ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM). 
@inproceedings{Oishwee24,
author = { Jannat Oishwee,Sahrima and  Codabux,Zadia and  Stakhanova,Natalia},
title = {{Decoding Android Permissions: A Study of Developer Challenges and Solutions on Stack Overflow}},
year = {2024},
publisher = {ACM/IEEE},
address = {New York, NY, USA},
booktitle = {Proceedings of The ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)},
pages = {},
numpages = {},
location = {},
}
| PDF | Bibtex
Measuring and Characterizing (mis)compliance of the Android permission system A.Barzolevskaia, E. Branca, N. Stakhanova IEEE Transactions on Software Engineering, 2024 
@article{Barzolevskaia24,
author = {Barzolevskaia, Anna and Branca, Enrico and Stakhanova, Natalia},
title = {Measuring and Characterizing (mis)compliance of the Android permission system},
year = {2024},
journal = {IEEE Transactions on Software Engineering},
volume = {},
number = {01},
issn = {1939-3520},
pages = {1-23},
publisher = {IEEE Computer Society},
address = {Los Alamitos, CA, USA},
month = {feb}
}
| PDF | Bibtex
Large Language Model vs. Stack Overflow in Addressing Android Permission Related Challenges Sahrima Oishwee, Natalia Stakhanova, Zadia Codabux International conference on Mining Software Repositories (MSR 2024) 

@inproceedings{Jannat24,
author = {Oishwee, Sahrima Jannat and Codabux, Zadia and Stakhanova, Natalia},
title = {{Large Language Model vs. Stack Overflow in Addressing Android Permission Related Challenges}},
year = {2024},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
booktitle = {Proceedings of the International conference on Mining Software Repositories (MSR 2024)},
pages = {},
numpages = {},
location = {},

                   }

2023

| PDF | Bibtex
EtherShield: Time Interval Analysis for Detection of Malicious Behavior on Ethereum Bofeng Pan, Natalia Stakhanova, Zhongwen Zhu ACM Transactions on Internet Technology (ACM TIOT) 

@article{pan23EtherShield,
author = {Pan, Bofeng and Stakhanova, Natalia and Zhu, Zhongwen},
title = {EtherShield: Time-interval Analysis for Detection of Malicious Behavior on Ethereum},
year = {2024},
issue_date = {February 2024},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
volume = {24},
number = {1},
issn = {1533-5399},
url = {https://doi.org/10.1145/3633514},
doi = {10.1145/3633514},
journal = {ACM Trans. Internet Technol.},
month = {jan},
articleno = {2},
numpages = {30},
keywords = {Blockchain, security}
}
| PDF | Bibtex
Enhancing Code Security Through Open-source Large Language Models: A Comparative Study Norah Ridley, Enrico Branca, Jadyn Kimber, Natalia Stakhanova, 16th International Symposium on Foundations & Practice of Security (FPS2023)
Best Paper Award 
@inproceedings{Ridley23,
author = { Ridley,Norah and  Branca, Enrico and  Kimber,Jadyn  and Stakhanova, Natalia},
title = {{Enhancing Code Security Through Open-source Large Language Models: A Comparative Study}},
year = {2023},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
booktitle = {Proceedings of the 16th International Symposium on Foundations \& Practice of Security (FPS2023)},
pages = {},
numpages = {},
location = {},

                   }
| PDF | Bibtex
Certificate reuse in Android applications Fateme Nezhadian, Enrico Branca, Natalia Stakhanova, The Information Security Conference (ISC2023) 
@inproceedings{Nezhadian23,
author = { Nezhadian, Fateme and  Branca, Enrico    and Stakhanova, Natalia},
title = {Certificate reuse in {Android }applications},
year = {2023},

publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
booktitle = {Proceedings of the Information Security Conference (ISC2023) },
pages = {},
numpages = {},
location = {},

}
| PDF | Bibtex
Detecting overlay attacks in Android A.Kar, N. Stakhanova, E.Branca the 14th International Conference on Emerging Ubiquitous Systems and Pervasive Networks (EUSPN)
Best Paper Award 
@InProceedings{Kar23overlay,
author="Kar, Animesh and Branca, Enrico
and Stakhanova, Natalia",

title="{Detecting Overlay Attacks in Android}",
booktitle="Proceedings of the 14th International Conference on Emerging Ubiquitous Systems and Pervasive Networks (EUSPN)",
year="2023",
publisher="Elsevier",
address="",
pages="",

}
| PDF | Bibtex
Exploiting Android Browsers. A.Kar, N. Stakhanova The International Conference on Cryptology and Network Security (CANS 2023), 
@InProceedings{Kar23,
author="Kar, Animesh
and Stakhanova, Natalia",
editor="Deng, Jing
and Kolesnikov, Vladimir
and Schwarzmann, Alexander A.",
title="{Exploiting Android Browser}",
booktitle="Proceedings of the Conference on Cryptology and Network Security",
year="2023",
publisher="Springer Nature Singapore",
address="Singapore",
pages="162--185",

}
| PDF | Bibtex
Learning AI coding style for software plagiarism detection. S. Ambati, E. Branca, N. Stakhanova International Conference on Security and Privacy in Communication Networks (SecureComm 2023) 
                   @INPROCEEDINGS{Ambati23,

author={ Ambati, Sriharita and  Branca, Enrico  and Stakhanova, Natalia},
booktitle={18th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2022)},
title={{Learning AI coding style for software plagiarism detection.}},
year={2023},
volume={},
number={},
pages={},

}
| PDF | Bibtex

by:yegor

Authenticated Range Querying of Historical Blockchain Healthcare Data using Authenticated Multi-Version Skip List. S. Linoy, S. Ray and N. Stakhanova, E. Scheme ACM Distributed Ledger Technologies: Research and Practice, 2023 
@article{Linoy23,
author = {Linoy, Shlomi and Ray, Suprio and Stakhanova, Natalia and Scheme, Erik},
title = {{Authenticated Range Querying of Historical Blockchain Healthcare Data using Authenticated Multi-Version Index}},
year = {2023},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},

note = {Just Accepted},
journal = {ACM Distrib. Ledger Technol.},
month = {oct},

}
| PDF | Bibtex
Data provenance in security and privacy B.Pan, N. Stakhanova, S.Ray ACM Computing Surveys, 2023 
@article{pan23Provenance,
author = {Pan, Bofeng and Stakhanova, Natalia and Ray, Suprio},
title = {Data Provenance in Security and Privacy},
year = {2023},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
issn = {0360-0300},
url = {https://doi.org/10.1145/3593294},
doi = {10.1145/3593294},
note = {Just Accepted},
journal = {ACM Comput. Surv.},
month = {apr},
keywords = {Threat provenance, Data provenance, Security, Privacy, Secure provenance}
}

2022

| PDF | Bibtex
Language and platform independent attribution of heterogeneous code F. Abazari, E. Branca, E. Novikova, N. Stakhanova 18th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2022) 
@InProceedings{10.1007/978-3-031-25538-0_10,
author="Abazari, Farzaneh
and Branca, Enrico
and Novikova, Evgeniya
and Stakhanova, Natalia",
editor="Li, Fengjun
and Liang, Kaitai
and Lin, Zhiqiang
and Katsikas, Sokratis K.",
title="Language and Platform Independent Attribution of Heterogeneous Code",
booktitle="Security and Privacy in Communication Networks",
year="2023",
publisher="Springer Nature Switzerland",
address="Cham",
pages="173--191",
isbn="978-3-031-25538-0"
}
| PDF | Bibtex
An Exploratory Study on the Relationship of Smells and Design Issues with Software Vulnerabilities S. Jannat Oishwee, Z. Codabux, N. Stakhanova The International Workshop on Mining Software Repositories Applications for Privacy and Security (MSR4P&S '22) 
@inproceedings{Sahrima22,
author = {Oishwee, Sahrima Jannat and Codabux, Zadia and Stakhanova, Natalia},
title = {An Exploratory Study on the Relationship of Smells and Design Issues with Software Vulnerabilities},
year = {2022},
isbn = {9781450394574},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3549035.3561182},
doi = {10.1145/3549035.3561182},
booktitle = {Proceedings of the 1st International Workshop on Mining Software Repositories Applications for Privacy and Security},
pages = {16–20},
numpages = {5},
keywords = {Software Vulnerabilities, Mining Software Repositories, Code Smells, Design Issues, Software Security},
location = {Singapore, Singapore},
series = {MSR4P&S 2022}
}
| PDF | Bibtex
Authenticated Multi-Version Index for Blockchain-Based Range Queries on Historical Data S. Linoy, S.Ray, N. Stakhanova IEEE International Conference on Blockchain (IEEE Blockchain 2022) 
@INPROCEEDINGS{Linoy22,
author={Linoy, Shlomi and Ray, Suprio and Stakhanova, Natalia},
booktitle={2022 IEEE International Conference on Blockchain (Blockchain)},
title={Authenticated Multi-Version Index for Blockchain-based Range Queries on Historical Data},
year={2022},
volume={},
number={},
pages={177-186},
doi={10.1109/Blockchain55522.2022.00032}
}
| PDF | Bibtex
HTTPFuzz: Web Server Fingerprinting with HTTP Request Fuzzing A. Kar, A. Natadze, E. Branca, and N. Stakhanova The 19th International Conference on Security and Cryptography (SECRYPT 2022)
HTTPFuzz code
@inproceedings{KarNBS22,
author = {Animesh Kar and
Andrei Natadze and
Enrico Branca and
Natalia Stakhanova},
editor = {Sabrina De Capitani di Vimercati and
Pierangela Samarati},
title = {HTTPFuzz: Web Server Fingerprinting with {HTTP} Request Fuzzing},
booktitle = {Proceedings of the 19th International Conference on Security and Cryptography,
{SECRYPT} 2022, Lisbon, Portugal, July 11-13, 2022},
pages = {261--271},
publisher = {{SCITEPRESS}},
year = {2022},
url = {https://doi.org/10.5220/0011328900003283},
doi = {10.5220/0011328900003283},

}
| PDF | Bibtex
Analysis and prediction of web proxies misbehavior Z.Nezhadian, E. Branca, and N. Stakhanova The Proceedings of the 17th International Conference on Availability, Reliability and Security (ARES 2022) 
@inproceedings{Nezhadian22,
author = {Nezhadian, Zahra and Branca, Enrico and Stakhanova, Natalia},
title = {Analysis and Prediction of Web Proxies Misbehavior},
year = {2022},
isbn = {9781450396707},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3538969.3544412},
doi = {10.1145/3538969.3544412},
booktitle = {Proceedings of the 17th International Conference on Availability, Reliability and Security},
articleno = {61},
numpages = {11},
location = {Vienna, Austria},
series = {ARES '22}
}
| PDF | Bibtex
AndroClonium: bytecode level clone detection for obfuscated Android apps A.Foroughipour N. Stakhanova, F. Abazari, B. Sistany 37th International Conference on ICT Systems Security and Privacy Protection (IFIP SEC) 2022

Simulator:
Smali Simulator
Execution trace analyzer 
@article{Foroughipour22,
author = {A.Foroughipour  N. Stakhanova, F. Abazari and B. Sistany},
title = {AndroClonium: bytecode level clone detection for obfuscated Android apps},
year = {2022},
issue_date = {June 2022},
publisher="Springer International Publishing",
address="Cham",
volume = {},
number = {},
booktitle= {37th International Conference on ICT Systems Security and Privacy Protection (IFIP SEC},
month = {},
articleno = {},
numpages = {}}

2021

| PDF | Bibtex
Dataset characteristics for reliable code authorship attribution F. Abazari, E. Branca, N. Ridley, N. Stakhanova, M. Dalla Preda. IEEE Transactions on Dependable and Secure Computing (TDSC), 2022 
@inproceedings{Abazari22,
author = {Farzaneh Abazari, Enrico Branca, Norah Ridley,  Natalia Stakhanova, Mila Dalla Preda},
title = {Dataset characteristics for reliable code authorship attribution},
year = {2022},
issue_date = {February 2022},
publisher = {IEEE},
address = {New York, NY, USA},
volume = {},
number = {},
journal = {IEEE Transactions on Dependable and Secure Computing},
month = {},
articleno = {},
numpages = {}}
| PDF | Bibtex
EtherProv: Provenance-Aware Detection, Analysis, and Mitigation of Ethereum Smart Contract Security Issues S.Linoy, S.Ray, N. Stakhanova. IEEE International Conference on Blockchain (Blockchain 2021) 
@inproceedings{Linoy21,
author = {S.Linoy, S.Ray, N. Stakhanova},
title={EtherProv: Provenance-Aware Detection, Analysis, and Mitigation of Ethereum Smart Contract Security Issues},
year = {2021},
}
| PDF | Bibtex
Automated Security Assessment Framework for Wearable BLE-enabled Health Monitoring Devices G.Zendehdel, R. Kaur, I. Chopra, N. Stakhanova, E. Scheme. ACM Transactions on Internet Technology, 2022 
@article{Zendehdel22,
author = {Zendehdel, Ghazale Amel and Kaur, Ratinder and Chopra, Inderpreet and Stakhanova, Natalia and Scheme, Erik},
title = {Automated Security Assessment Framework for Wearable BLE-Enabled Health Monitoring Devices},
year = {2021},
issue_date = {February 2022},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
volume = {22},
number = {1},
journal = {ACM Trans. Internet Technol.},
month = {sep},
articleno = {14},
numpages = {31}
}
| PDF | Bibtex
Origin Attribution of RSA Public Keys E. Branca, F. Abazari, R. Rivera Carranza, N. Stakhanova. EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2021) 
@InProceedings{Branca21,
author="Branca, Enrico
and Abazari, Farzaneh
and Carranza, Ronald Rivera
and Stakhanova, Natalia",
editor="Garcia-Alfaro, Joaquin
and Li, Shujun
and Poovendran, Radha
and Debar, Herv{\'e}
and Yung, Moti",
title="Origin Attribution of RSA Public Keys",
booktitle="Security and Privacy in Communication Networks",
year="2021",
publisher="Springer International Publishing",
address="Cham",
pages="374--396"
}

2020

| PDF | Bibtex
De-anonymizing Ethereum Blockchain Smart Contracts through Code Attribution S. Linoy, N. Stakhanova, S. Ray International Journal of Network Management, 2020 
@article{Linoy20,
author = {Linoy, Shlomi and Stakhanova, Natalia and Ray, Suprio},
title = {De‐Anonymizing Ethereum Blockchain Smart Contracts through Code Attribution},
year = {2021},
issue_date = {January/February 2021},
publisher = {John Wiley & Sons, Inc.},
address = {USA},
volume = {31},
number = {1},
issn = {1099-1190},
journal = {Int. J. Netw. Manag.},
month = {jan},
numpages = {24}
}
| PDF | Bibtex
Code authorship attribution: Methods and challenges V. Kalgutkar, R. Kaur, H. Gonzalez, and N. Stakhanova, A.Matyukhina ACM Computing Surveys, 2020 
@article{Kalgutkar20,
author = {Kalgutkar, Vaibhavi and Kaur, Ratinder and Gonzalez, Hugo and Stakhanova, Natalia and Matyukhina, Alina},
title = {Code Authorship Attribution: Methods and Challenges},
year = {2020},
issue_date = {January 2020},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
volume = {52},
number = {1},
issn = {0360-0300},
journal = {ACM Comput. Surv.},
month = {feb},
articleno = {3},
numpages = {36}

}
| PDF | Bibtex
Towards Eidetic Blockchain Systems with Enhanced Provenance S. Linoy, S. Ray, N. Stakhanova Blockchain and Data Management (BlockDM'2020) 
@INPROCEEDINGS{Linoy20,
author={Linoy, Shlomi and Ray, Suprio and Stakhanova, Natalia},
booktitle={2020 IEEE 36th International Conference on Data Engineering Workshops (ICDEW)},
title={Towards Eidetic Blockchain Systems with Enhanced Provenance},
year={2020},
volume={},
number={},
pages={7-10}
}

2019

| PDF | Bibtex
Adversarial author attribution in open-source projects A. Matyukhina, N. Stakhanova, M. Dalla Preda and C. Perley. ACM Conference on Data and Application Security and Privacy (CODASPY'19)

Datasets:
GitHub data
GoogleCodeJam data 
@inbook{Matyukhina19,
author = {Matyukhina, Alina and Stakhanova, Natalia and Dalla Preda, Mila and Perley, Celine},
title = {Adversarial Authorship Attribution in Open-Source Projects},
year = {2019},
isbn = {9781450360999},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},

booktitle = {Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy},
pages = {291–302},
numpages = {12}
}
| PDF | Bibtex
Exploring Ethereum’s blockchain anonymity using smart contract code attribution S. Linoy, N. Stakhanova, A. Matyukhina. 15th International Conference on Network and Service Management (CNSM 2020) 
@INPROCEEDINGS{Linoy19,
author={Linoy, Shlomi and Stakhanova, Natalia and Matyukhina, Alina},
booktitle={2019 15th International Conference on Network and Service Management (CNSM)},
title={Exploring Ethereum’s Blockchain Anonymity Using Smart Contract Code Attribution},
year={2019},
volume={},
number={},
pages={1-9},
}
| PDF | Bibtex
PoliDOM: Mitigation of DOM-XSS by Detection and Prevention of Unauthorized DOM Tampering J. Iqbal, R. Kaur, and N. Stakhanova. International Conference on Availability, Reliability and Security (ARES '19) 
@inproceedings{Iqbal19,
author = {Iqbal, Junaid and Kaur, Ratinder and Stakhanova, Natalia},
title = {PoliDOM: Mitigation of DOM-XSS by Detection and Prevention of Unauthorized DOM Tampering},
year = {2019},
isbn = {9781450371643},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
articleno = {17},
numpages = {10},
location = {Canterbury, CA, United Kingdom},
series = {ARES '19}
  }
| PDF | Bibtex
Scalable Privacy-Preserving Query Processing Over Ethereum Blockchain S. Linoy, H. Mahdikhani, S. Ray, R. Lu, N. Stakhanova and A. Ghorbani IEEE Symposium on Recent Advances on Blockchain and Its Applications (held in conjunction with IEEE Blockchain) 
@INPROCEEDINGS{Linoy19Blockchain,
author={Linoy, Shlomi and Mahdikhani, Hassan and Ray, Suprio and Lu, Rongxing and Stakhanova, Natalia and Ghorbani, Ali},
booktitle={2019 IEEE International Conference on Blockchain (Blockchain)},
title={Scalable Privacy-Preserving Query Processing over Ethereum Blockchain},
year={2019},
volume={},
number={},
pages={398-404}}

2018

| PDF | Bibtex
Android authorship attribution through string analysis V. Kalgutkar, N. Stakhanova, P. Cook, and A. Matyukhina. 13th International Conference on Availability, Reliability and Security (ARES 2018)
Best Presentation Award, a runner-up nomination for Best Paper Award

Datasets:
GitHub authors source code
Github authors APKs
Benign authors APKs 
@inproceedings{Kalgutkar18,
author = {Kalgutkar, Vaibhavi and Stakhanova, Natalia and Cook, Paul and Matyukhina, Alina},
title = {Android Authorship Attribution through String Analysis},
year = {2018},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
booktitle = {Proceedings of the 13th International Conference on Availability, Reliability and Security},
articleno = {4},
numpages = {10},
keywords = {Obfuscation, String analysis, Android, Authorship attribution, Mobile malware},
location = {Hamburg, Germany},
series = {ARES 2018}
}
| PDF | Bibtex
A Security Assessment of HCE-NFC Enabled E-Wallet Banking Android Apps R. Kaur, Y. Li, J. Iqbal, H. Gonzalezand N. Stakhanova. IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC 2018) 
@INPROCEEDINGS{Kaur18,
author={Kaur, Ratinder and Li, Yan and Iqbal, Junaid and Gonzalez, Hugo and Stakhanova, Natalia},
booktitle={2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC)},
title={A Security Assessment of HCE-NFC Enabled E-Wallet Banking Android Apps},
year={2018},
volume={02},
number={},
pages={492-497},
}
| PDF | Bibtex
Authorship Attribution of Android Apps H. Gonzalez, N. Stakhanova, and A. A. Ghorbani. ACM Conference on Data and Application Security and Privacy (CODASPY 2018) 
Dataset:

 Benigh authors apps  

@inproceedings{Gonzalez18,
author = {Gonzalez, Hugo and Stakhanova, Natalia and Ghorbani, Ali A.},
title = {Authorship Attribution of Android Apps},
year = {2018},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
booktitle = {Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy},
pages = {277–286},
numpages = {10},
location = {Tempe, AZ, USA},
series = {CODASPY '18}
}
| PDF | Bibtex
Unmasking Android Obfuscation Tools Using Spatial Analysis R. Kaur, Y.Ning, H. Gonzalez and N. Stakhanova the Privacy, Security and Trust Conference (PST 2018) 
@inproceedings{Kaur18,
                        author={Kaur, Ratinder and Ning, Ye and Gonzalez, Hugo and Stakhanova, Natalia},
                        booktitle={2018 16th Annual Conference on Privacy, Security and Trust (PST)},
                        title={Unmasking Android Obfuscation Tools Using Spatial Analysis},
                        year={2018},
                        volume={},
                        number={},
                        pages={1-10},
                        }
| PDF | Bibtex
Understanding Android Financial Malware Attacks: Taxonomy, Characteristics, and Challenges. A. Abdul Kadir, N. Stakhanova, and A. Ghorbani Journal of Cyber Security and Mobility, 2018

Before 2018 (Selected publications)

| PDF | Bibtex
Detecting HTTP-based Application Layer DoS attacks on Web Servers in the presence of sampling. H. Jazi, H. Gonzalez, N. Stakhanova, A.A. Ghorbani Computer Networks, 2017 
@article{Jazi17,
                        title = {Detecting HTTP-based application layer DoS attacks on web servers in the presence of sampling},
                        journal = {Computer Networks},
                        volume = {121},
                        pages = {25-36},
                        year = {2017},
                        issn = {1389-1286},
                        author = {Hossein Hadian Jazi and Hugo Gonzalez and Natalia Stakhanova and Ali A. Ghorbani}
                        }
| PDF | Bibtex
Measuring code reuse in Android apps. H. Gonzalez, N. Stakhanova, and A. Ghorbani. Privacy, Security and Trust Conference, 2016. 
@INPROCEEDINGS{Gonzalez16,
                        author={Gonzalez, Hugo and Stakhanova, Natalia and Ghorbani, Ali A.},
                        booktitle={2016 14th Annual Conference on Privacy, Security and Trust (PST)},
                        title={Measuring code reuse in Android apps},
                        year={2016},
                        volume={},
                        number={},
                        pages={187-195},
                        }
| PDF | Bibtex
Detecting Malicious URLs Using Lexical Analysis. M. Mamun, M. Rathore, A. Lashkari, N. Stakhanova and A. Ghorbani. International Conference on Network and System Security (NSS), 2016. 
@InProceedings{Mamun16,
                        author="Mamun, Mohammad Saiful Islam
                        and Rathore, Mohammad Ahmad
                        and Lashkari, Arash Habibi
                        and Stakhanova, Natalia
                        and Ghorbani, Ali A.",
                        editor="Chen, Jiageng
                        and Piuri, Vincenzo
                        and Su, Chunhua
                        and Yung, Moti",
                        title="Detecting Malicious URLs Using Lexical Analysis",
                        booktitle="Network and System Security",
                        year="2016",
                        publisher="Springer International Publishing",
                        address="Cham",
                        pages="467--482"}
| PDF | Bibtex
Android malware classication through linguistic analysis of string literals. R. Killam, N. Stakhanova, and P. Cook. Workshop on Text Analytics for Cybersecurity and Online Safety (TA-COS), 2016
| PDF | Bibtex
A Taxonomy of Application-Layer Denial of Service (DoS) Attacks G. Mantas, N. Stakhanova, H. Gonzalez, and A. Ghorbani. International Journal of Information and Computer Security, 2015
| PDF | Bibtex
Enriching reverse engineering through visual exploration of Android binaries. A. Jain, H. Gonzalez, and N. Stakhanova. Program Protection and Reverse Engineering Workshop (PPREW-5), 2015 
Software: GitHub
| PDF | Bibtex
A performance evaluation of hash functions for IP reputation lookup using Bloom filters. M. A. Gosselin-Lavigne, H. Gonzalez, N. Stakhanova, and A. A. Ghorbani. Conference on Availability, Reliability and Security (ARES), Workshop on Software Assurance, 2015
| PDF | Bibtex
Android botnets: What urls are telling us. A. Abdul Kadir, N. Stakhanova, and A. Ghorbani. Conference on Network and System Security (NSS'15)
| PDF | Bibtex
An entropy-based encrypted traffic classification using machine learning. M. S. I. Mamun, A. Ghorbani, and N. Stakhanova. Conference on Information and Communication Security (ICICS 2015)
| PDF | Bibtex
Exploring reverse engineering symptoms in Android apps. H. Gonzalez, A. A. Kadir, N. Stakhanova, A. J. Alzahrani, and A. A. Ghorbani. European Workshop on System Security (EuroSec '15)
| PDF | Bibtex
Characterizing Evaluation Practices of Intrusion Detection Methods for Smartphones A. J. Alzahrani, N. Stakhanova, H. Gonzalez, and A. Ghorbani Journal of Cyber Security and Mobility, 2014
| PDF | Bibtex
The impact of application-layer denial-of-service attacks H. Gonzalez, M.A. Gosselin-Lavigne, N. Stakhanova, and A. A. Ghorbani. In Case Studies in Secure Computing: Achievements and Trends. CRC Press, Boca Raton, FL, 261--272
| PDF | Bibtex
Detecting machine-morphed malware variants via engine attribution. R. Chouchane, N. Stakhanova, A.Walenstein, and A. Lakhotia. Journal of Computer Virology, 2013 
@article{ChouchaneSWL13,
                        author    = {Radhouane Chouchane and
                        Natalia Stakhanova and
                        Andrew Walenstein and
                        Arun Lakhotia},
                        title     = {Detecting machine-morphed malware variants via engine attribution},
                        journal   = {J. Comput. Virol. Hacking Tech.},
                        volume    = {9},
                        number    = {3},
                        pages     = {137--157},
                        year      = {2013}
                        }
| PDF | Bibtex
Towards cost-sensitive assessment of intrusion response selection. N. Stakhanova, C. Strasburg, S. Basu, and J. S. Wong Journal of Computer Security
| PDF | Bibtex
Toward Credible Evaluation of Anomaly- Based Intrusion-Detection Methods M. Tavallaee, N. Stakhanova, and A. Ghorbani IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews, 2010 
@ARTICLE{Tavallaee10,
                        author={Tavallaee, Mahbod and Stakhanova, Natalia and Ghorbani, Ali Akbar},
                        journal={IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews)},
                        title={Toward Credible Evaluation of Anomaly-Based Intrusion-Detection Methods},
                        year={2010},
                        volume={40},
                        number={5},
                        pages={516-524}
                        }
| PDF | Bibtex
On the symbiosis of specication-based and anomaly-based detection N. Stakhanova, S. Basu, and J. Wong Computers & Security, 2010
| PDF | Bibtex
A taxonomy of intrusion response systems N. Stakhanova, S. Basu, and J. Wong International Journal of Information and Computer Security,2007 
@article{Stakhanova07,
                        author = {Stakhanova, Natalia and Basu, Samik and Wong, Johnny},
                        title = {A Taxonomy of Intrusion Response Systems},
                        year = {2007},
                        issue_date = {January 2007},
                        publisher = {Inderscience Publishers},
                        address = {Geneva 15, CHE},
                        volume = {1},
                        number = {1/2},
                        issn = {1744-1765},
                        journal = {Int. J. Inf. Comput. Secur.},
                        month = {jan},
                        pages = {169–184},
                        numpages = {16},

                        }
| PDF | Bibtex
Software fault tree and coloured petri net based specication, design and implementation of agent-based intrusion detection systems G. Helmer, J. Wong, M. Slagell, V. Honavar, L. Miller, Y. Wang, X. Wang, and N. Stakhanova Int. Journal Information and Computer Security