Security and Privacy

Our research group develops data-driven approaches to security and privacy, with a focus on applying machine learning to detect and mitigate Internet-based attacks. Our work has resulted in foundational systems for spam filtering, botnet detection, and IoT security, as well as frameworks for analyzing privacy through the lens of contextual integrity.

Spam and Abuse Detection

We pioneered network-level approaches to spam and abuse detection, developing systems that identify malicious activity based on network behavior rather than content analysis.

SNARE (Spatio-temporal Network-level Automatic Reputation Engine) was the first spam filtering system based on network-level features, using lightweight traffic analysis to identify spam senders without inspecting message content. Our earlier work on understanding the network-level behavior of spammers laid the foundation for this approach.

Our work on DNS-based reputation systems pioneered techniques for detecting malicious domains. Notos (2010) introduced dynamic reputation scoring for DNS, while PREDATOR (2016) enables proactive recognition and elimination of domain abuse at time-of-registration, catching malicious domains before they can be used.

ASwatch exposes bulletproof hosting providers by analyzing AS-level reputation, identifying network operators that systematically harbor malicious activity.

Security and Privacy

IoT Security and Privacy

The proliferation of smart home devices has created new security and privacy challenges. We study these devices in our IoT Lab, developing techniques to understand and mitigate risks.

IoT Inspector enables crowdsourced collection of labeled network traffic from smart home devices, creating datasets that support security and privacy research at scale.

Our research on smart TV tracking revealed extensive data collection by streaming devices, documenting how over-the-top TV platforms track viewing behavior and share data with advertisers. Recent work examines acoustic keystroke leakage on smart TVs.

We have developed traffic shaping techniques to protect smart home privacy from network observers, hiding device activity patterns that could reveal sensitive information about occupants' behavior. Our early work showed that a smart home is no castle, with encrypted IoT traffic revealing private activities.

Privacy

Contextual Integrity and Privacy Policies

We apply the contextual integrity framework to analyze privacy in networked systems, examining whether information flows align with user expectations and social norms.

Our work on discovering smart home IoT privacy norms uses contextual integrity to understand user expectations, while research on IoT toy privacy uncovered mismatches between privacy regulations (like COPPA) and parents' actual privacy norms.

We have developed contextual integrity approaches to privacy policy analysis, and studied user perceptions of smart home IoT privacy.

Recently, we have studied dark patterns in privacy opt-out processes, examining how companies make it difficult for users to exercise their rights under privacy laws like the California Consumer Privacy Act (CCPA).

DNS Privacy

DNS queries reveal sensitive information about user behavior. We develop protocols and systems to improve DNS privacy while maintaining performance.

Oblivious DNS (ODNS) protects user privacy against powerful adversaries by preventing any single party from learning both who is making a query and what domain they are querying. This work laid the foundation for the IETF's Oblivious HTTP standard.

We have extensively studied the costs and benefits of encrypted DNS, including performance analysis of DoH and DoT, cost-benefit analysis for the modern web, and policy implications of DNS-over-HTTPS.

We also study user expectations and understanding of encrypted DNS settings, examining how users perceive and configure DNS privacy features.

Selected Publications

Privacy

IoT Security

Spam and Abuse Detection