Nick Nikiforakis

Department of Computer Science
Stony Brook University
Stony Brook, NY 11794-2424
+1 (631) 632-2464
nick@cs.stonybrook.edu

I am an Assistant Professor in the Department of Computer Science at Stony Brook University.

My students and I work on all sorts of practical, hands-on security and privacy. The topics that I have been the most active in are:

  • Analysis of online ecosystems
  • Understanding domain squatting
  • Measurement and countermeasures against unwanted tracking
  • Assessment of the security of remote servers using mostly passive techniques
  • Client-side defense mechanisms against phishing and web application attacks

I received my B.Sc. ('07) and M.Sc. ('09) in Computer Science from the University of Crete, and my Ph.D. ('13) in Computer Science from KU Leuven. Before joining Stony Brook, I worked, for a year, as a Postdoctoral Researcher in KU Leuven.

To Prospective Students: I (as well as the other security faculty at Stony Brook) am always looking for talented students to join my lab. The next deadline for graduate aplications is January 15, 2017. If you are wondering why you should apply, you can find a few good reasons here.

Downloadable CV

Teaching

Fall 2016CSE 509, System Security
Spring 2016CSE 659, Computer Security Seminar
Fall 2015CSE 509, System Security
Spring 2015CSE 508, Network Security
Fall 2014CSE 509, System Security

News

  • Oct 2016 - Papers accepted at EuroS&P and NDSS!
  • Aug 2016 - I will be co-chairing eCrime 2017 with Damon McCoy! Consider submitting your best cybercrime work.
  • Jul 2016 - Our PETS paper got an Honorable Mention Award at PETS 2016
  • Jun 2016 - Our Dagstuhl Workshop on Online Privacy and Web Transparency was accepted!
  • Jun 2016 - NSF funded our two proposals on mobile web security and malware. Thank you NSF!
  • Dec 2015 - Paper with Oleksii and Sharique accepted at WWW 2016!
  • Oct 2015 - Paper with Zubair accepted at NDSS 2016!
  • Jul 2015 - Paper with Oleksii accepted at PETS 2016!
  • Jan 2015 - Our paper got accepted at WWW 2015!
  • Oct 2014 - Two papers accepted at NDSS 2015!

Publications

    2017

  1. Dial One for Scam: A Large-Scale Analysis of Technical Support Scams,
    Najmeh Miramirkhani, Oleksii Starov, and Nick Nikiforakis
    Proceedings of the 24th Network and Distributed System Security Symposium (NDSS), 2017


  2. Block Me If You Can: A Large-Scale Study of Tracker-Blocking Tools,
    Georg Merzdovnik, Markus Huber, Damjan Buhov, Nick Nikiforakis, Sebastian Neuner, Martin Schmiedecker, Edgar Weippl
    Proceedings of the 2nd IEEE European Symposium on Security and Privacy (IEEE EuroS&P), 2017

  3. 2016

  4. Why Allowing Profile Name Reuse Is A Bad Idea,
    Enrico Mariconti, Jeremiah Onaolapo, Syed Sharique Ahmad, Nicolas Nikiforou, Manuel Egele, Nick Nikiforakis, and Gianluca Stringhini
    Proceedings of the 9th European Workshop on System Security (EUROSEC), 2016

  5. No Honor Among Thieves: A Large-Scale Analysis of Malicious Web Shells,
    Oleksii Starov, Johannes Dahse, Syed Sharique Ahmad, Thorsten Holz, Nick Nikiforakis
    in Proceedings of the 25th International World Wide Web Conference (WWW), 2016

  6. It's Free for a Reason: Exploring the Ecosystem of Free Live Streaming Services,
    Zubair Rafique, Tom Van Goethem, Wouter Joosen, Christophe Huygens, Nick Nikiforakis
    in Proceedings of the 23rd Network and Distributed System Security Symposium (NDSS), 2016

  7. Are You Sure You Want to Contact Us? Quantifying the Leakage of PII via Website Contact Forms,
    Oleksii Starov, Phillipa Gill, Nick Nikiforakis
    in Proceedings of the 16th Privacy Enhancing Technologies Symposium (PETS), 2016.
    (Honorable mention)

  8. 2015

  9. The Clock is Still Ticking: Timing Attacks in the Modern Web,
    Tom Van Goethem, Wouter Joosen, Nick Nikiforakis
    in Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS), 2015.

  10. Maneuvering Around Clouds: Bypassing Cloud-based Security Providers,
    Thomas Vissers, Tom Van Goethem, Wouter Joosen, Nick Nikiforakis
    in Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS), 2015.

  11. Drops for Stuff: An Analysis of Reshipping Mule Scams,
    Shuang Hao, Kevin Borgolte, Nick Nikiforakis, Gianluca Stringhini, Manuel Egele, Michael Eubanks, Brian Krebs, Giovanni Vigna
    in Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS), 2015.

  12. PriVaricator: Deceiving fingerprinters with Little White Lies,
    Nick Nikiforakis, Wouter Joosen, Benjamin Livshits
    in Proceedings of the 24th International World Wide Web Conference
    (WWW 2015)

  13. Parking Sensors: Analyzing and Detecting Parked Domains,
    Thomas Vissers, Wouter Joosen, Nick Nikiforakis
    in Proceedings of the 22nd Network and Distributed System Security Symposium (NDSS 2015)

  14. Seven Months' Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse,
    Pieter Agten, Wouter Joosen, Frank Piessens, Nick Nikiforakis
    in Proceedings of the 22nd Network and Distributed System Security Symposium (NDSS 2015)

  15. 2014

  16. Soundsquatting: Uncovering the use of homophones in domain squatting,
    Nick Nikiforakis, Marco Balduzzi, Lieven Desmet, Frank Piessens, Wouter Joosen
    in Proceedings of the 17th Information Security Conference (ISC 2014), Hong Kong (Best Paper Award)

  17. Clubbing Seals: Exploring the Ecosystem of Third-party Security Seals,
    Tom Van Goethem, Frank Piessens, Wouter Joosen, Nick Nikiforakis
    in Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS 2014), Scottsdale, Arizona, USA


  18. Security Analysis of the Chinese Web: How well is it protected?
    Ping Chen, Nick Nikiforakis, Lieven Desmet, Christoph Huygens
    in the Workshop of Cyber Security Analytics and Automation
    (SafeConfig 2014), Scottsdale, Arizona, USA

  19. Crying Wolf? On the Price Discrimination of Online Airline Tickets,
    Thomas Vissers, Nick Nikiforakis, Nataliia Bielova, Wouter Joosen
    in the 7th Workshop on Hot Topics in Privacy Enhancing Technologies
    (HotPETs 2014), Amsterdam, Netherlands

  20. Large-scale Security Analysis of the Web: Challenges and Findings,
    Tom Van Goethem, Ping Chen, Nick Nikiforakis, Lieven Desmet, Wouter Joosen
    in Proceedings of the 7th International Conference on Trust & Trustworthy Computing
    (TRUST 2014), Heraklion, Crete, Greece

  21. Monkey-in-the-browser: Malware and vulnerabilities in augmented browsing script markets,
    Steven Van Acker, Nick Nikiforakis, Lieven Desmet, Frank Piessens, Wouter Joosen in Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2014), Kyoto, Japan

  22. Stranger Danger: Exploring the Ecosystem of Ad-based URL Shortening Services,
    Nick Nikiforakis, Federico Maggi, Gianluca Stringhini, M Zubair Rafique, Wouter Joosen, Christopher Kruegel, Frank Piessens, Giovanni Vigna, Stefano Zanero in Proceedings of the 23rd International World Wide Web Conference (WWW 2014), Seoul, Korea

  23. 2013

  24. A Dangerous Mix: Large-scale analysis of mixed-content websites,
    Ping Chen, Nick Nikiforakis, Lieven Desmet, Christophe Huygens in Proceedings of the 16th Information Security Conference (ISC 2013), Dallas, Texas, USA

  25. FPDetective: Dusting the web for fingerprinters,
    Güneş Acar, Marc Juárez Miró, Nick Nikiforakis, Claudia Diaz, Seda Gürses, Frank Piessens, Bart Preneel in Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS 2013), Berlin, Germany (Runner up for 2015 Caspar Bowden PET award)

  26. HeapSentry: Kernel-assisted Protection against Heap Overflows,
    Nick Nikiforakis, Frank Piessens, Wouter Joosen in Proceedings of the 10th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2013), Berlin, Germany

  27. Bitsquatting: Exploiting bit-flips for fun, or profit?,
    Nick Nikiforakis, Steven Van Acker, Wannes Meert, Lieven Desmet, Frank Piessens, Wouter Joosen in Proceedings of the 22nd International World Wide Web Conference (WWW 2013), Rio de Janeiro, Brazil

  28. Cookieless Monster: Exploring the Ecosystem of Web-based Device Fingerprinting,
    Nick Nikiforakis, Alexandros Kapravelos, Wouter Joosen, Christopher Kruegel, Frank Piessens, Giovanni Vigna in Proceedings of the 34th IEEE Symposium of Security and Privacy (IEEE S&P 2013), San Francisco, CA, USA

  29. TabShots: Client-side detection of tabnabbing attacks,
    Philippe De Ryck, Nick Nikiforakis, Lieven Desmet, Wouter Joosen in Proceedings of the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013), Hangzhou, China

  30. 2012

  31. You Are What You Include: Large-scale Evaluation of Remote JavaScript Inclusions,
    Nick Nikiforakis, Luca Invernizzi, Alexandros Kapravelos, Steven Van Acker, Wouter Joosen, Christopher Kruegel, Frank Piessens and Giovanni Vigna in Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS 2012), Raleigh, NC, USA

  32. FlowFox: a Web Browser with Flexible and Precise Information Flow Control,
    Willem De Groef, Dominique Devriese, Nick Nikiforakis, and Frank Piessens
    in Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS 2012), Raleigh, NC, USA

  33. There is Safety in Numbers: Preventing Control-Flow Hijacking by Duplication,
    Job Noorman, Nick Nikiforakis, and Frank Piessens in Proceedings of the 17th Nordic Conference on Secure IT Systems (NordSec 2012), Karlskrona, Sweden

  34. DEMACRO: Defense against Malicious Cross-domain Requests,
    Sebastian Lekies, Nick Nikiforakis, Walter Tighzert, Frank Piessens and Martin Johns in Proceedings of the 15th International Symposium on Research In Attacks, Intrusions and Defenses (RAID 2012), Amsterdam, The Netherlands

  35. Serene: Self-Reliant Client-Side Protection against Session Fixation,
    Philippe De Ryck, Nick Nikiforakis, Lieven Desmet, Frank Piessens and Wouter Joosen in Proceedings of the 7th International Federated Conference on Distributed Computing Techniques (DAIS 2012), Stockholm, Sweden

  36. Exploring the Ecosystem of Referrer-Anonymizing Services,
    Nick Nikiforakis, Steven Van Acker, Frank Piessens and Wouter Joosen in Proceedings of the 12th Privacy Enhancing Technology Symposium (PETS 2012), Vigo, Spain

  37. Recent Developments in Low-Level Software Security,
    Pieter Agten, Nick Nikiforakis, Raoul Strackx, Willem De Groef and Frank Piessens in Proceedings of the 6th Workshop in Information Security Theory and Practice (WISTP 2012), London, UK

  38. FlashOver: Automated Discovery of Cross-site Scripting Vulnerabilities in Rich Internet Applications,
    Steven Van Acker, Nick Nikiforakis, Lieven Desmet, Wouter Joosen and Frank Piessens in Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2012), Seoul, South Korea

  39. HyperForce: Hypervisor-enForced Execution of Security-Critical Code,
    Francesco Gadaleta, Nick Nikiforakis, Jan Tobias Muhlberg and Wouter Joosen in Proceedings of the 27th IFIP International Information Security and Privacy Conference (IFIP SEC 2012), Heraklion, Crete, Greece

  40. 2011

  41. RIPE: Runtime Intrusion Prevention Evaluator,
    John Wilander, Nick Nikiforakis, Yves Younan, Mariam Kamkar and Wouter Joosen in Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC 2011), Orlando, US [source]

  42. Hello rootKitty: A lightweight invariance-enforcing framework,
    Francesco Gadaleta, Nick Nikiforakis, Yves Younan and Wouter Joosen in Proceedings of the 14th Information Security Conference (ISC 2011), Xi'an, China [Video Demo]

  43. Abusing Locality in Shared Web Hosting,
    Nick Nikiforakis, Wouter Joosen and Martin Johns in Proceedings of the 4th European Workshop on System Security (EuroSec 2011), Salzburg, Austria

  44. Exposing the Lack of Privacy in File Hosting Services,
    Nick Nikiforakis, Marco Balduzzi, Steven Van Acker, Wouter Joosen and Davide Balzarotti in Proceedings of the 4th USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET 2011), Boston, US

  45. SessionShield: Lightweight Protection against Session Hijacking,
    Nick Nikiforakis,Wannes Meert, Yves Younan, Martin Johns and Wouter Joosen in Proceedings of the 3rd International Symposium on Engineering Secure Software and Systems (ESSoS 2011), Madrid, Spain

  46. 2010 and earlier

  47. ValueGuard: Protection of native applications against data-only buffer overflows,
    Steven Van Acker, Nick Nikiforakis, Pieter Philippaerts, Yves Younan and Frank Piessens in Proceedings of the Sixth International Conference on Information Systems Security (ICISS 2010), Gujarat, India

  48. HProxy: Client-side detection of SSL stripping attacks,
    Nick Nikiforakis, Yves Younan and Wouter Joosen in Proceedings of the 7th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2010, Bonn, Germany

  49. Monitoring three National Research Networks for Eight Weeks: Observations and Implications,
    Demetris Antoniades, Michalis Polychronakis, Nick Nikiforakis, Evangelos P. Markatos, Yiannis Mitsos in the 6th IEEE Workshop on End-to-End Monitoring Techniques and Services (E2EMon). April 2008, Salvador, Bahia, Brazil.

  50. Alice, what did you do last time? Fighting Phishing Using Past Activity Tests,
    Nikos Nikiforakis, Andreas Makridakis, Elias Athanasopoulos, and Evangelos P. Markatos in Proceedings of the 3rd European Conference on Computer Network Defense (EC2ND). October 2007, Heraklion, Greece.

    Online tracking and privacy

  1. Block Me If You Can: A Large-Scale Study of Tracker-Blocking Tools,
    Georg Merzdovnik, Markus Huber, Damjan Buhov, Nick Nikiforakis, Sebastian Neuner, Martin Schmiedecker, Edgar Weippl
    Proceedings of the 2nd IEEE European Symposium on Security and Privacy (IEEE EuroS&P), 2017

  2. Are You Sure You Want to Contact Us? Quantifying the Leakage of PII via Website Contact Forms,
    Oleksii Starov, Phillipa Gill, Nick Nikiforakis
    in Proceedings of the 16th Privacy Enhancing Technologies Symposium (PETS), 2016.
    (Honorable mention)

  3. PriVaricator: Deceiving fingerprinters with Little White Lies,
    Nick Nikiforakis, Wouter Joosen, Benjamin Livshits
    in Proceedings of the 24th International World Wide Web Conference
    (WWW 2015)

  4. Crying Wolf? On the Price Discrimination of Online Airline Tickets,
    Thomas Vissers, Nick Nikiforakis, Nataliia Bielova, Wouter Joosen
    in the 7th Workshop on Hot Topics in Privacy Enhancing Technologies
    (HotPETs 2014), Amsterdam, Netherlands

  5. FPDetective: Dusting the web for fingerprinters,
    Güneş Acar, Marc Juárez Miró, Nick Nikiforakis, Claudia Diaz, Seda Gürses, Frank Piessens, Bart Preneel in Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS 2013), Berlin, Germany (Runner up for 2015 Caspar Bowden PET award)

  6. Cookieless Monster: Exploring the Ecosystem of Web-based Device Fingerprinting,
    Nick Nikiforakis, Alexandros Kapravelos, Wouter Joosen, Christopher Kruegel, Frank Piessens, Giovanni Vigna in Proceedings of the 34th IEEE Symposium of Security and Privacy (IEEE S&P 2013), San Francisco, CA, USA

  7. Exploring the Ecosystem of Referrer-Anonymizing Services,
    Nick Nikiforakis, Steven Van Acker, Frank Piessens and Wouter Joosen in Proceedings of the 12th Privacy Enhancing Technology Symposium (PETS 2012), Vigo, Spain

  8. Domain squatting and advertising abuse

  9. Why Allowing Profile Name Reuse Is A Bad Idea,
    Enrico Mariconti, Jeremiah Onaolapo, Syed Sharique Ahmad, Nicolas Nikiforou, Manuel Egele, Nick Nikiforakis, and Gianluca Stringhini
    Proceedings of the 9th European Workshop on System Security (EUROSEC), 2016

  10. It's Free for a Reason: Exploring the Ecosystem of Free Live Streaming Services,
    Zubair Rafique, Tom Van Goethem, Wouter Joosen, Christophe Huygens, Nick Nikiforakis
    in Proceedings of the 23rd Network and Distributed System Security Symposium (NDSS), 2016

  11. Seven Months' Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse,
    Pieter Agten, Wouter Joosen, Frank Piessens, Nick Nikiforakis
    in Proceedings of the 22nd Network and Distributed System Security Symposium (NDSS 2015)

  12. Parking Sensors: Analyzing and Detecting Parked Domains,
    Thomas Vissers, Wouter Joosen, Nick Nikiforakis
    in Proceedings of the 22nd Network and Distributed System Security Symposium (NDSS 2015)

  13. Soundsquatting: Uncovering the use of homophones in domain squatting,
    Nick Nikiforakis, Marco Balduzzi, Lieven Desmet, Frank Piessens, Wouter Joosen
    in Proceedings of the 17th Information Security Conference (ISC 2014), Hong Kong (Best Paper Award)

  14. Stranger Danger: Exploring the Ecosystem of Ad-based URL Shortening Services,
    Nick Nikiforakis, Federico Maggi, Gianluca Stringhini, M Zubair Rafique, Wouter Joosen, Christopher Kruegel, Frank Piessens, Giovanni Vigna, Stefano Zanero in Proceedings of the 23rd International World Wide Web Conference (WWW 2014), Seoul, Korea

  15. Bitsquatting: Exploiting bit-flips for fun, or profit?,
    Nick Nikiforakis, Steven Van Acker, Wannes Meert, Lieven Desmet, Frank Piessens, Wouter Joosen in Proceedings of the 22nd International World Wide Web Conference (WWW 2013), Rio de Janeiro, Brazil

  16. Attacks

  17. The Clock is Still Ticking: Timing Attacks in the Modern Web,
    Tom Van Goethem, Wouter Joosen, Nick Nikiforakis
    in Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS), 2015.

  18. Maneuvering Around Clouds: Bypassing Cloud-based Security Providers,
    Thomas Vissers, Tom Van Goethem, Wouter Joosen, Nick Nikiforakis
    in Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS), 2015.
  19. FlashOver: Automated Discovery of Cross-site Scripting Vulnerabilities in Rich Internet Applications,
    Steven Van Acker, Nick Nikiforakis, Lieven Desmet, Wouter Joosen and Frank Piessens in Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2012), Seoul, South Korea

  20. Abusing Locality in Shared Web Hosting,
    Nick Nikiforakis, Wouter Joosen and Martin Johns in Proceedings of the 4th European Workshop on System Security (EuroSec 2011), Salzburg, Austria

  21. Exposing the Lack of Privacy in File Hosting Services,
    Nick Nikiforakis, Marco Balduzzi, Steven Van Acker, Wouter Joosen and Davide Balzarotti in Proceedings of the 4th USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET 2011), Boston, US

  22. Security Measurements

  23. Dial One for Scam: A Large-Scale Analysis of Technical Support Scams,
    Najmeh Miramirkhani, Oleksii Starov, and Nick Nikiforakis
    Proceedings of the 24th Network and Distributed System Security Symposium (NDSS), 2017


  24. No Honor Among Thieves: A Large-Scale Analysis of Malicious Web Shells,
    Oleksii Starov, Johannes Dahse, Syed Sharique Ahmad, Thorsten Holz, Nick Nikiforakis
    in Proceedings of the 25th International World Wide Web Conference (WWW), 2016

  25. Drops for Stuff: An Analysis of Reshipping Mule Scams,
    Shuang Hao, Kevin Borgolte, Nick Nikiforakis, Gianluca Stringhini, Manuel Egele, Michael Eubanks, Brian Krebs, Giovanni Vigna
    in Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS), 2015.

  26. Clubbing Seals: Exploring the Ecosystem of Third-party Security Seals,
    Tom Van Goethem, Frank Piessens, Wouter Joosen, Nick Nikiforakis
    in Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS 2014), Scottsdale, Arizona, USA

  27. Security Analysis of the Chinese Web: How well is it protected?
    Ping Chen, Nick Nikiforakis, Lieven Desmet, Christoph Huygens
    in the Workshop of Cyber Security Analytics and Automation
    (SafeConfig 2014), Scottsdale, Arizona, USA

  28. Large-scale Security Analysis of the Web: Challenges and Findings,
    Tom Van Goethem, Ping Chen, Nick Nikiforakis, Lieven Desmet, Wouter Joosen
    in Proceedings of the 7th International Conference on Trust & Trustworthy Computing
    (TRUST 2014), Heraklion, Crete, Greece

  29. Monkey-in-the-browser: Malware and vulnerabilities in augmented browsing script markets,
    Steven Van Acker, Nick Nikiforakis, Lieven Desmet, Frank Piessens, Wouter Joosen in Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2014), Kyoto, Japan

  30. A Dangerous Mix: Large-scale analysis of mixed-content websites,
    Ping Chen, Nick Nikiforakis, Lieven Desmet, Christophe Huygens in Proceedings of the 16th Information Security Conference (ISC 2013), Dallas, Texas, USA

  31. You Are What You Include: Large-scale Evaluation of Remote JavaScript Inclusions,
    Nick Nikiforakis, Luca Invernizzi, Alexandros Kapravelos, Steven Van Acker, Wouter Joosen, Christopher Kruegel, Frank Piessens and Giovanni Vigna in Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS 2012), Raleigh, NC, USA

  32. Monitoring three National Research Networks for Eight Weeks: Observations and Implications,
    Demetris Antoniades, Michalis Polychronakis, Nick Nikiforakis, Evangelos P. Markatos, Yiannis Mitsos in the 6th IEEE Workshop on End-to-End Monitoring Techniques and Services (E2EMon). April 2008, Salvador, Bahia, Brazil.

  33. Countermeasures for the web

  34. TabShots: Client-side detection of tabnabbing attacks,
    Philippe De Ryck, Nick Nikiforakis, Lieven Desmet, Wouter Joosen in Proceedings of the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013), Hangzhou, China

  35. FlowFox: a Web Browser with Flexible and Precise Information Flow Control,
    Willem De Groef, Dominique Devriese, Nick Nikiforakis, and Frank Piessens
    in Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS 2012), Raleigh, NC, USA

  36. DEMACRO: Defense against Malicious Cross-domain Requests,
    Sebastian Lekies, Nick Nikiforakis, Walter Tighzert, Frank Piessens and Martin Johns in Proceedings of the 15th International Symposium on Research In Attacks, Intrusions and Defenses (RAID 2012), Amsterdam, The Netherlands

  37. Serene: Self-Reliant Client-Side Protection against Session Fixation,
    Philippe De Ryck, Nick Nikiforakis, Lieven Desmet, Frank Piessens and Wouter Joosen in Proceedings of the 7th International Federated Conference on Distributed Computing Techniques (DAIS 2012), Stockholm, Sweden

  38. SessionShield: Lightweight Protection against Session Hijacking,
    Nick Nikiforakis,Wannes Meert, Yves Younan, Martin Johns and Wouter Joosen in Proceedings of the 3rd International Symposium on Engineering Secure Software and Systems (ESSoS 2011), Madrid, Spain

  39. HProxy: Client-side detection of SSL stripping attacks,
    Nick Nikiforakis, Yves Younan and Wouter Joosen in Proceedings of the 7th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2010, Bonn, Germany

  40. Alice, what did you do last time? Fighting Phishing Using Past Activity Tests,
    Nikos Nikiforakis, Andreas Makridakis, Elias Athanasopoulos, and Evangelos P. Markatos in Proceedings of the 3rd European Conference on Computer Network Defense (EC2ND). October 2007, Heraklion, Greece.

  41. Low-level Security

  42. HeapSentry: Kernel-assisted Protection against Heap Overflows,
    Nick Nikiforakis, Frank Piessens, Wouter Joosen in Proceedings of the 10th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2013), Berlin, Germany

  43. Recent Developments in Low-Level Software Security,
    Pieter Agten, Nick Nikiforakis, Raoul Strackx, Willem De Groef and Frank Piessens in Proceedings of the 6th Workshop in Information Security Theory and Practice (WISTP 2012), London, UK

  44. There is Safety in Numbers: Preventing Control-Flow Hijacking by Duplication,
    Job Noorman, Nick Nikiforakis, and Frank Piessens in Proceedings of the 17th Nordic Conference on Secure IT Systems (NordSec 2012), Karlskrona, Sweden

  45. HyperForce: Hypervisor-enForced Execution of Security-Critical Code,
    Francesco Gadaleta, Nick Nikiforakis, Jan Tobias Muhlberg and Wouter Joosen in Proceedings of the 27th IFIP International Information Security and Privacy Conference (IFIP SEC 2012), Heraklion, Crete, Greece

  46. RIPE: Runtime Intrusion Prevention Evaluator,
    John Wilander, Nick Nikiforakis, Yves Younan, Mariam Kamkar and Wouter Joosen in Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC 2011), Orlando, US [source]

  47. Hello rootKitty: A lightweight invariance-enforcing framework,
    Francesco Gadaleta, Nick Nikiforakis, Yves Younan and Wouter Joosen in Proceedings of the 14th Information Security Conference (ISC 2011), Xi'an, China [Video Demo]

  48. ValueGuard: Protection of native applications against data-only buffer overflows,
    Steven Van Acker, Nick Nikiforakis, Pieter Philippaerts, Yves Younan and Frank Piessens in Proceedings of the Sixth International Conference on Information Systems Security (ICISS 2010), Gujarat, India

Articles

  1. Protected Web Components: Hiding Sensitive Information in the Shadows
    Philippe De Ryck, Nick Nikiforakis, Lieven Desmet, Frank Piessens, Wouter Joosen in IEEE IT Pro magazine, January/February 2015

  2. Browse at your own risk
    Nick Nikiforakis and Gunes Acarin in IEEE Spectrum, Volume 41, Issue 8, August 2014

  3. On the Workings and Current Practices of Web-based Device Fingerprinting,
    Nick Nikiforakis, Alexandros Kapravelos, Wouter Joosen, Christopher Kruegel, Frank Piessens, Giovanni Vigna in IEEE Security & Privacy Magazine, Issue 99, 2013

  4. Direct Object Reference or, How a Toddler can hack your Web application,
    Nick Nikiforakis in Hackin9, Volume 1, Number 3, 2011

  5. IPv6 Resiliency Study,
    Sotiris Ioannidis,George Apostolopoulos, Kostas Anagnostakis, Nick Nikiforakis, Andreas Makridakis and Charalampos Gkikas with the collaboration of ENISA STA staff

Service

Program Committee Chair

  • Symposium on Electronic Crime Research (eCrime) 2017 - co-chair with Damon McCoy
  • OWASP AppSec Europe 2015 - Research Track

Program Commitee member

  • Conference on Data and Application Security and Privacy (CODASPY): 2016, 2017
  • International World Wide Web Conference (WWW): 2015, 2017
  • IEEE European Symposium on Security and Privacy (EuroS&P): 2017
  • Symposium On Applied Computing (SAC), Security Track : 2017
  • Annual Computer Security Applications Conference (ACSAC): 2016
  • Conference on Computer and Communications Security (CCS): 2015, 2016
  • USENIX Security Symposium: 2015, 2016
  • Symposium on Electronic Crime Research (eCrime): 2016
  • Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA): 2015, 2016
  • International Symposium on Engineering Secure Software and Systems (ESSoS): 2015, 2016
  • ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec): 2015
  • European Workshop on System Security (EuroSec): 2012, 2013, 2014, 2015
  • IEEE International Conference on Embedded and Ubiquitous Computing (EUC): 2014
  • IFIP Conference on Communications and Multimedia Security (CMS): 2012, 2013
  • International Conference on Emerging Ubiquitous Systems and Pervasive Networks (EUSPN): 2013
  • IEEE Workshop on Network Measurements (IEEE WNM): 2013
  • OWASP AppSec Europe 2013 - Research Track (AppSec EU): 2013