Nick Nikiforakis

Department of Computer Science
Stony Brook University
Stony Brook, NY 11794-2424
+1 (631) 632-2464
nick@cs.stonybrook.edu

I am an Associate Professor in the Department of Computer Science at Stony Brook University.

My students and I work on all sorts of practical, hands-on security and privacy. The topics that I have been the most active in are:

  • Measurement and reduction of attack surface in web applications
  • Understanding the abuses of the Domain Name System
  • Identification of security and privacy issues specific to mobile web browsers
  • Measurement of online tracking and countermeasures against it
  • Assessment of the security of remote servers using mostly passive techniques
  • Client-side defense mechanisms against phishing and web application attacks

Downloadable CV

Teaching

Spring 2022CSE 361, Web Security
Fall 2021CSE 659, Computer Security Seminar
Spring 2021CSE 361, Web Security
Fall 2020CSE 659, Computer Security Seminar
Spring 2020CSE 659, Computer Security Seminar
Fall 2019CSE 331, Computer Security Fundamentals
Spring 2019CSE 509, System Security
Fall 2018CSE 331, Computer Security Fundamentals
Spring 2018CSE 659, Computer Security Seminar
Fall 2017CSE 361, Web Security
Fall 2016CSE 509, System Security
Spring 2016CSE 659, Computer Security Seminar
Fall 2015CSE 509, System Security
Spring 2015CSE 508, Network Security
Fall 2014CSE 509, System Security

News

May 2022Paper on Certificate Transparency bots was accepted to USENIX Security 2022. Congratulations to Brian and Johnny!
February 2022Paper on extension fingerprinting (in collaboration with UIC) was accepted to USENIX Security 2022. Congratulations Kostas, Panos, and Soroush!
January 2022Paper on post-publication title changes accepted at WWW 2022. Congratulations to Xingzhi and Brian!
November 2021Our work on MITM phishing kits got the 3rd place at the CSAW 2021 Applied Research Competition!
October 2021 Paper on mobile-sandbox evasions accepted to NDSS 2022. Congratulations to Brian and Babak!
August 2021 Paper on residual trust accepted at IEEE S&P 2022. Congratulations to Johnny!
  Year-long study on MITM phishing kits accepted at CCS 2021. Congratulations to Brian and Babak!
February 2021 Paper on deception-augmented authentication accepted at ASIACCS 2021. Congratulations to Tim and Johnny!
  Paper on characterization of web bots accepted at IEEE S&P 2021. Congratulations to Xigao and Babak!
January 2021 Paper accepted from collaboration with CMU at WWW 2021. Congratulations to Meng and Brian!
December 2020 Paper accepted at USENIX Security 2021. Congratulations to Pierre and Oleksii!
  Paper accepted at NDSS 2021. Congratulations to Brian!
April 2020 ONR funded my YIP proposal on monitoring web application updates. Thank you ONR!
  Two papers accepted at DIMVA! Congratulations to Babak, Pierre, and Oleksii!
March 2020 NSF funded my CAREER proposal on ensuring the integrity of web content! Thank you NSF!
  I have been promoted to Associate Professor with tenure.
February 2020 Paper accepted at IEEE S&P (Oakland) 2020. Congratulations Brian!
July 2019 Paper accepted at RAID 2019. Congratulations Tim and Najmeh!
May 2019 Paper accepted at DIMVA 2019. Congrats Pierre!
April 2019 Two papers accepted at USENIX Security 2019!! Congratulations to Babak, Pierre, and Oleksii!
  Paper accepted at AsiaCCS 2019! Congratulations to Najmeh!
January 2019 Paper accepted at WWW 2019!
  Amazon funded our proposal on using cloud services to detect bots. Thank you Amazon!
November 2018 Paper accepted at NDSS 2019!
September 2018 NSF funded our proposal on understanding and detecting malicious web bots. Thank you NSF!
December 2017 Three papers accepted at WWW 2018!
October 2017 Our S&P 2017 paper on malware sandbox evasion is a finalist in the CSAW 2017 competition!
August 2017 Three papers accepted at CCS 2017!
 Paper with Tim accepted at ACSAC 2017!
March 2017 Two papers accepted at IEEE S&P 2017!
  WIRED wrote about our work on technical support scams.
  Our paper on technical support scams received a "Distinguished Paper Award" at NDSS 2017!
Jan 2017 I am the publicity chair of RAID 2017. Don't forget to submit your cool work!
Dec 2016 Two papers accepted at WWW 2017!!
Oct 2016 Papers accepted at EuroS&P and NDSS!
Aug 2016I will be co-chairing eCrime 2017 with Damon McCoy! Consider submitting your best cybercrime work.
Jul 2016Our PETS paper got an Honorable Mention Award at PETS 2016
Jun 2016Our Dagstuhl Workshop on Online Privacy and Web Transparency was accepted!
Jun 2016NSF funded our two proposals on mobile web security and malware. Thank you NSF!
Mar 2016ONR funded our proposals on tripwires and honeypots. Thank you ONR!
Dec 2015Paper with Oleksii and Sharique accepted at WWW 2016!
Oct 2015Paper with Zubair accepted at NDSS 2016!
Jul 2015Paper with Oleksii accepted at PETS 2016!
Jan 2015Our paper got accepted at WWW 2015!
Oct 2014Two papers accepted at NDSS 2015!

Publications

    2022

  1. Uninvited Guests: Analyzing the Identity and Behavior of Certificate Transparency Bots
    Brian Kondracki, Johnny So, and Nick Nikiforakis
    To appear in Proceedings of USENIX Security Symposium (USENIX Security), 2022

  2. The Dangers of Human Touch: Fingerprinting Browser Extensions through User Actions
    Kostas Solomos, Panagiotis Ilia, Soroush Karami, Nick Nikiforakis, and Jason Polakis
    To appear in Proceedings of USENIX Security Symposium (USENIX Security), 2022

  3. Verba Volant, Scripta Volant: Understanding Post-publication Title Changes in News Outlets
    Xingzhi Guo, Brian Kondracki, Nick Nikiforakis, and Steven Skiena
    To appear in Proceedings of the 31st Web Conference (WWW), 2022

  4. The Droid is in the Details: Environment-aware Evasion of Android Sandboxes
    Brian Kondracki, Babak Amin Azad, Najmeh Miramirkhani, and Nick Nikiforakis
    To appear in Proceedings of the 29th Network and Distributed System Security Symposium (NDSS), 2022

  5. Domains Do Change Their Spots: Quantifying Potential Abuse of Residual Trust
    Johnny So, Najmeh Miramirkhani, Mike Ferdman, and Nick Nikiforakis
    To appear in Proceedings of the IEEE Symposium on Security and Privacy (IEEE S&P), 2022

  6. 2021

  7. Catching Transparent Phish: Analyzing and Detecting MITM Phishing Toolkits
    Brian Kondracki, Babak Amin Azad, Oleksii Starov, and Nick Nikiforakis
    Proceedings of ACM Conference on Computer and Communications Security (CCS), 2021
  8. (3rd place at the Applied Research Competition, CSAW 2021)

  9. Good Bot, Bad Bot: Characterizing Automated Browsing Activity
    Xigao Li, Babak Amin Azad, Amir Rahmati, and Nick Nikiforakis
    Proceedings of the 42nd IEEE Symposium on Security and Privacy (IEEE S&P), 2021

  10. Click This, Not That: Extending Web Authentication with Deception
    Timothy Barron, Johnny So, and Nick Nikiforakis
    Proceedings of the 16th ACM ASIA Conference on Computer and Communications Security (ASIACCS), 2021

  11. Where are you taking me? Understanding Abusive Traffic Distribution Systems
    Janos Szurdi, Meng Luo, Brian Kondracki, Nick Nikiforakis, and Nicolas Christin
    Proceedings of the 30th Web Conference (WWW), 2021

  12. To Err.Is Human: Characterizing the Threat of Unintended URLs in Social Media
    Beliz Kaleli, Brian Kondracki, Manuel Egele, Nick Nikiforakis, and Gianluca Stringhini
    Proceedings of the 28th Network and Distributed System Security Symposium (NDSS), 2021

  13. Fingerprinting in Style: Detecting Browser Extensions via Injected Style Sheets
    Pierre Laperdrix, Oleksii Starov, Quan Chen, Alexandros Kapravelos, and Nick Nikiforakis
    Proceedings of the USENIX Security Symposium (USENIX Security), 2021


  14. 2020

  15. You've Changed: Detecting Malicious Browser Extensions through their Update Deltas
    Nikolaos Pantelaios, Nick Nikiforakis, and Alexandros Kapravelos
    Proceedings of ACM Conference on Computer and Communications Security (CCS), 2020

  16. Web Runner 2049: Evaluating Third-Party Anti-bot Services
    Babak Amin Azad, Oleksii Starov, Pierre Laperdrix, and Nick Nikiforakis
    Proceedings of the 17th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2020

  17. Taming The Shape Shifter: Detecting Anti-fingerprinting Browsers
    Babak Amin Azad, Oleksii Starov, Pierre Laperdrix, and Nick Nikiforakis
    Proceedings of the 17th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2020

  18. Need for Mobile Speed: A Historical Study of Mobile Web Performance
    Javad Nejati, Meng Luo, Nick Nikiforakis, and Aruna Balasubramanian
    Proceedings of the 4th Network Traffic Measurement and Analysis Conference (TMA), 2020

  19. Meddling Middlemen: Empirical Analysis of the Risks of Data-Saving Mobile Browsers
    Brian Kondracki, Assel Aliyeva, Manuel Egele, Jason Polakis, and Nick Nikiforakis
    Proceedings of the 41st IEEE Symposium on Security and Privacy (IEEE S&P), 2020

  20. Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies
    Sebastian Roth, Timothy Barron, Stefano Calzavara, Nick Nikiforakis, and Ben Stock
    Proceedings of the 27th Network and Distributed System Security Symposium (NDSS), 2020

  21. 2019

  22. Now You See It, Now You Don't: A Large-scale Analysis of Early Domain Deletions
    Timothy Barron, Najmeh Miramirkhani, and Nick Nikiforakis
    Proceedings of the 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID), 2019

  23. Less is More: Quantifying the Security Benefits of Debloating Web Applications
    Babak Amin Azad, Pierre Laperdrix, and Nick Nikiforakis
    Proceedings of the 28th USENIX Security Symposium (USENIX Security), 2019

  24. Everyone is Different: Client-side Diversification for Defending Against Extension Fingerprinting
    Erik Trickel, Oleksii Starov, Alexandros Kapravelos, Nick Nikiforakis, and Adam Doupé
    Proceedings of the 28th USENIX Security Symposium (USENIX Security), 2019

  25. Morellian Analysis for Browsers: Making Web Authentication Stronger With Canvas Fingerprinting
    Pierre Laperdrix, Gildas Avoine, Benoit Baudry, and Nick Nikiforakis
    Proceedings of the 16th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2019

  26. Purchased Fame: Exploring the Ecosystem of Private Blog Networks
    Tom Van Goethem, Najmeh Miramirkhani, Wouter Joosen, and Nick Nikiforakis
    Proceedings of the 14th ACM ASIA Conference on Computer and Communications Security (ASIACCS), 2019

  27. Unnecessarily Identifiable: Quantifying the fingerprintability of browser extensions due to bloat
    Oleksii Starov, Pierre Laperdrix, Alexandros Kapravelos, and Nick Nikiforakis
    Proceedings of the Web Conference (WWW), 2019

  28. Time Does Not Heal All Wounds: A Longitudinal Analysis of Security-Mechanism Support in Mobile Browsers
    Meng Luo, Pierre Laperdrix, Nima Honarmand, and Nick Nikiforakis
    Proceedings of the 26th Network and Distributed System Security Symposium (NDSS), 2019

  29. 2018

  30. PrivacyMeter: Designing and Developing a Privacy-Preserving Browser Extension
    Oleksii Starov and Nick Nikiforakis
    Proceedings of the 10th International Symposium on Engineering Secure Software and Systems (ESSoS) 2018

  31. Panning for gold.com: Understanding the dynamics of domain dropcatching
    Najmeh Miramirkhani, Timothy Barron, Michael Ferdman, and Nick Nikiforakis
    Proceedings of the Web Conference (WWW), 2018

  32. Betrayed by Your Dashboard: Discovering Malicious Campaigns via Web Analytics
    Oleksii Starov, Yuchen Zhou, Xiao Zhang, Najmeh Miramirkhani, and Nick Nikiforakis
    Proceedings of the Web Conference (WWW), 2018

  33. Exposing Search and Advertisement Abuse Tactics and Infrastructure of Technical Support Scammers
    Bharat Srinivasan, Athanasios Kountouras, Najmeh Miramirkhani, Monjur Alam, Nick Nikiforakis, Manos Antonakakis, and Mustaque Ahamad
    Proceedings of the Web Conference (WWW), 2018

  34. 2017

  35. Picky Attackers: Quantifying the Role of System Properties on Intruder Behavior
    Timothy Barron and Nick Nikiforakis
    Proceedings of the 33rd Annual Computer Security Applications Conference (ACSAC), 2017

  36. Hindsight: Understanding the Evolution of UI Vulnerabilities in Mobile Browsers
    Meng Luo, Oleksii Starov, Nima Honarmand, and Nick Nikiforakis
    Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS), 2017

  37. The Wolf of Name Street: Hijacking Domains Through Their Nameservers
    Thomas Vissers, Timothy Barron, Tom Van Goethem, Wouter Joosen, and Nick Nikiforakis
    Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS), 2017

  38. Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse
    Panagiotis Kintis, Najmeh Miramirkhani, Charles Lever, Yizheng Chen, Rosa Romero-Gomez, Nikolaos Pitropakis,
    Nick Nikiforakis, and Manos Antonakakis

    Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS), 2017

  39. XHOUND: Quantifying the Fingerprintability of Browser Extensions
    Oleksii Starov and Nick Nikiforakis
    Proceedings of the 38th IEEE Symposium on Security and Privacy (IEEE S&P), 2017

  40. Spotless Sandboxes: Evading Malware Analysis Systems using Wear-and-Tear Artifacts
    Najmeh Miramirkhani, Mahathi Priya Appini, Nick Nikiforakis and Michalis Polychronakis
    Proceedings of the 38th IEEE Symposium on Security and Privacy (IEEE S&P), 2017
  41. (CSAW 2017 Finalist)

  42. Extended Tracking Powers: Measuring the Privacy Diffusion Enabled by Browser Extensions
    Oleksii Starov and Nick Nikiforakis
    Proceedings of the 26th International World Wide Web Conference (WWW), 2017

  43. What's in a Name? Understanding Profile Name Reuse on Twitter
    Enrico Mariconti, Jeremiah Onaolapo, Sharique Ahmad, Nicolas Nikiforou, Manuel Egele, Nick Nikiforakis and Gianluca Stringhini
    Proceedings of the 26th International World Wide Web Conference (WWW), 2017

  44. Block Me If You Can: A Large-Scale Study of Tracker-Blocking Tools
    Georg Merzdovnik, Markus Huber, Damjan Buhov, Nick Nikiforakis, Sebastian Neuner, Martin Schmiedecker, Edgar Weippl
    Proceedings of the 2nd IEEE European Symposium on Security and Privacy (IEEE EuroS&P), 2017

  45. Dial One for Scam: A Large-Scale Analysis of Technical Support Scams
    Najmeh Miramirkhani, Oleksii Starov, and Nick Nikiforakis
    Proceedings of the 24th Network and Distributed System Security Symposium (NDSS), 2017
  46. (Distinguished Paper Award)

    2016

  47. Why Allowing Profile Name Reuse Is A Bad Idea
    Enrico Mariconti, Jeremiah Onaolapo, Syed Sharique Ahmad, Nicolas Nikiforou, Manuel Egele, Nick Nikiforakis, and Gianluca Stringhini
    Proceedings of the 9th European Workshop on System Security (EUROSEC), 2016

  48. No Honor Among Thieves: A Large-Scale Analysis of Malicious Web Shells
    Oleksii Starov, Johannes Dahse, Syed Sharique Ahmad, Thorsten Holz, Nick Nikiforakis
    Proceedings of the 25th International World Wide Web Conference (WWW), 2016

  49. It's Free for a Reason: Exploring the Ecosystem of Free Live Streaming Services
    Zubair Rafique, Tom Van Goethem, Wouter Joosen, Christophe Huygens, Nick Nikiforakis
    Proceedings of the 23rd Network and Distributed System Security Symposium (NDSS), 2016

  50. Are You Sure You Want to Contact Us? Quantifying the Leakage of PII via Website Contact Forms
    Oleksii Starov, Phillipa Gill, Nick Nikiforakis
    Proceedings of the 16th Privacy Enhancing Technologies Symposium (PETS), 2016
    (Honorable mention)

  51. 2015

  52. The Clock is Still Ticking: Timing Attacks in the Modern Web
    Tom Van Goethem, Wouter Joosen, Nick Nikiforakis
    Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS), 2015

  53. Maneuvering Around Clouds: Bypassing Cloud-based Security Providers
    Thomas Vissers, Tom Van Goethem, Wouter Joosen, Nick Nikiforakis
    Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS), 2015

  54. Drops for Stuff: An Analysis of Reshipping Mule Scams
    Shuang Hao, Kevin Borgolte, Nick Nikiforakis, Gianluca Stringhini, Manuel Egele, Michael Eubanks, Brian Krebs, Giovanni Vigna
    Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS), 2015

  55. PriVaricator: Deceiving fingerprinters with Little White Lies
    Nick Nikiforakis, Wouter Joosen, Benjamin Livshits
    Proceedings of the 24th International World Wide Web Conference
    (WWW 2015)

  56. Parking Sensors: Analyzing and Detecting Parked Domains
    Thomas Vissers, Wouter Joosen, Nick Nikiforakis
    Proceedings of the 22nd Network and Distributed System Security Symposium (NDSS 2015)

  57. Seven Months' Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse
    Pieter Agten, Wouter Joosen, Frank Piessens, Nick Nikiforakis
    Proceedings of the 22nd Network and Distributed System Security Symposium (NDSS 2015)

  58. 2014

  59. Soundsquatting: Uncovering the use of homophones in domain squatting
    Nick Nikiforakis, Marco Balduzzi, Lieven Desmet, Frank Piessens, Wouter Joosen
    Proceedings of the 17th Information Security Conference (ISC 2014), Hong Kong (Best Paper Award)

  60. Clubbing Seals: Exploring the Ecosystem of Third-party Security Seals
    Tom Van Goethem, Frank Piessens, Wouter Joosen, Nick Nikiforakis
    Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS 2014), Scottsdale, Arizona, USA


  61. Security Analysis of the Chinese Web: How well is it protected?
    Ping Chen, Nick Nikiforakis, Lieven Desmet, Christoph Huygens
    Workshop of Cyber Security Analytics and Automation
    (SafeConfig 2014), Scottsdale, Arizona, USA

  62. Crying Wolf? On the Price Discrimination of Online Airline Tickets
    Thomas Vissers, Nick Nikiforakis, Nataliia Bielova, Wouter Joosen
    Workshop on Hot Topics in Privacy Enhancing Technologies
    (HotPETs 2014), Amsterdam, Netherlands

  63. Large-scale Security Analysis of the Web: Challenges and Findings
    Tom Van Goethem, Ping Chen, Nick Nikiforakis, Lieven Desmet, Wouter Joosen
    Proceedings of the 7th International Conference on Trust & Trustworthy Computing
    (TRUST 2014), Heraklion, Crete, Greece

  64. Monkey-in-the-browser: Malware and vulnerabilities in augmented browsing script markets Steven Van Acker, Nick Nikiforakis, Lieven Desmet, Frank Piessens, Wouter Joosen
    Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2014), Kyoto, Japan

  65. Stranger Danger: Exploring the Ecosystem of Ad-based URL Shortening Services Nick Nikiforakis, Federico Maggi, Gianluca Stringhini, M Zubair Rafique, Wouter Joosen, Christopher Kruegel, Frank Piessens, Giovanni Vigna, Stefano Zanero
    Proceedings of the 23rd International World Wide Web Conference (WWW 2014), Seoul, Korea

  66. 2013

  67. A Dangerous Mix: Large-scale analysis of mixed-content websites
    Ping Chen, Nick Nikiforakis, Lieven Desmet, Christophe Huygens Proceedings of the 16th Information Security Conference (ISC 2013), Dallas, Texas, USA

  68. FPDetective: Dusting the web for fingerprinters
    Güneş Acar, Marc Juárez Miró, Nick Nikiforakis, Claudia Diaz, Seda Gürses, Frank Piessens, Bart Preneel Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS 2013), Berlin, Germany (Runner up for 2015 Caspar Bowden PET award)

  69. HeapSentry: Kernel-assisted Protection against Heap Overflows
    Nick Nikiforakis, Frank Piessens, Wouter Joosen Proceedings of the 10th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2013), Berlin, Germany

  70. Bitsquatting: Exploiting bit-flips for fun, or profit?
    Nick Nikiforakis, Steven Van Acker, Wannes Meert, Lieven Desmet, Frank Piessens, Wouter Joosen
    Proceedings of the 22nd International World Wide Web Conference (WWW 2013), Rio de Janeiro, Brazil

  71. Cookieless Monster: Exploring the Ecosystem of Web-based Device Fingerprinting
    Nick Nikiforakis, Alexandros Kapravelos, Wouter Joosen, Christopher Kruegel, Frank Piessens, Giovanni Vigna Proceedings of the 34th IEEE Symposium of Security and Privacy (IEEE S&P 2013), San Francisco, CA, USA

  72. TabShots: Client-side detection of tabnabbing attacks
    Philippe De Ryck, Nick Nikiforakis, Lieven Desmet, Wouter Joosen
    Proceedings of the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013), Hangzhou, China

  73. 2012

  74. You Are What You Include: Large-scale Evaluation of Remote JavaScript Inclusions
    Nick Nikiforakis, Luca Invernizzi, Alexandros Kapravelos, Steven Van Acker, Wouter Joosen, Christopher Kruegel, Frank Piessens and Giovanni Vigna
    Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS 2012), Raleigh, NC, USA

  75. FlowFox: a Web Browser with Flexible and Precise Information Flow Control
    Willem De Groef, Dominique Devriese, Nick Nikiforakis, and Frank Piessens

    Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS 2012), Raleigh, NC, USA

  76. There is Safety in Numbers: Preventing Control-Flow Hijacking by Duplication
    Job Noorman, Nick Nikiforakis, and Frank Piessens
    Proceedings of the 17th Nordic Conference on Secure IT Systems (NordSec 2012), Karlskrona, Sweden

  77. DEMACRO: Defense against Malicious Cross-domain Requests
    Sebastian Lekies, Nick Nikiforakis, Walter Tighzert, Frank Piessens and Martin Johns
    Proceedings of the 15th International Symposium on Research In Attacks, Intrusions and Defenses (RAID 2012), Amsterdam, The Netherlands

  78. Serene: Self-Reliant Client-Side Protection against Session Fixation
    Philippe De Ryck, Nick Nikiforakis, Lieven Desmet, Frank Piessens and Wouter Joosen
    Proceedings of the 7th International Federated Conference on Distributed Computing Techniques (DAIS 2012), Stockholm, Sweden

  79. Exploring the Ecosystem of Referrer-Anonymizing Services
    Nick Nikiforakis, Steven Van Acker, Frank Piessens and Wouter Joosen
    Proceedings of the 12th Privacy Enhancing Technology Symposium (PETS 2012), Vigo, Spain

  80. Recent Developments in Low-Level Software Security
    Pieter Agten, Nick Nikiforakis, Raoul Strackx, Willem De Groef and Frank Piessens
    Proceedings of the 6th Workshop in Information Security Theory and Practice (WISTP 2012), London, UK

  81. FlashOver: Automated Discovery of Cross-site Scripting Vulnerabilities in Rich Internet Applications
    Steven Van Acker, Nick Nikiforakis, Lieven Desmet, Wouter Joosen and Frank Piessens
    Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2012), Seoul, South Korea

  82. HyperForce: Hypervisor-enForced Execution of Security-Critical Code
    Francesco Gadaleta, Nick Nikiforakis, Jan Tobias Muhlberg and Wouter Joosen
    Proceedings of the 27th IFIP International Information Security and Privacy Conference (IFIP SEC 2012), Heraklion, Crete, Greece

  83. 2011

  84. RIPE: Runtime Intrusion Prevention Evaluator
    John Wilander, Nick Nikiforakis, Yves Younan, Mariam Kamkar and Wouter Joosen
    Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC 2011), Orlando, US [source]

  85. Hello rootKitty: A lightweight invariance-enforcing framework
    Francesco Gadaleta, Nick Nikiforakis, Yves Younan and Wouter Joosen
    Proceedings of the 14th Information Security Conference (ISC 2011), Xi'an, China [Video Demo]

  86. Abusing Locality in Shared Web Hosting
    Nick Nikiforakis, Wouter Joosen and Martin Johns in Proceedings of the 4th European Workshop on System Security (EuroSec 2011), Salzburg, Austria

  87. Exposing the Lack of Privacy in File Hosting Services
    Nick Nikiforakis, Marco Balduzzi, Steven Van Acker, Wouter Joosen and Davide Balzarotti in Proceedings of the 4th USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET 2011), Boston, US

  88. SessionShield: Lightweight Protection against Session Hijacking
    Nick Nikiforakis,Wannes Meert, Yves Younan, Martin Johns and Wouter Joosen in Proceedings of the 3rd International Symposium on Engineering Secure Software and Systems (ESSoS 2011), Madrid, Spain

  89. 2010 and earlier

  90. ValueGuard: Protection of native applications against data-only buffer overflows
    Steven Van Acker, Nick Nikiforakis, Pieter Philippaerts, Yves Younan and Frank Piessens in Proceedings of the Sixth International Conference on Information Systems Security (ICISS 2010), Gujarat, India

  91. HProxy: Client-side detection of SSL stripping attacks
    Nick Nikiforakis, Yves Younan and Wouter Joosen in Proceedings of the 7th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2010, Bonn, Germany

  92. Monitoring three National Research Networks for Eight Weeks: Observations and Implications
    Demetris Antoniades, Michalis Polychronakis, Nick Nikiforakis, Evangelos P. Markatos, Yiannis Mitsos in the 6th IEEE Workshop on End-to-End Monitoring Techniques and Services (E2EMon). April 2008, Salvador, Bahia, Brazil.

  93. Alice, what did you do last time? Fighting Phishing Using Past Activity Tests,
    Nikos Nikiforakis, Andreas Makridakis, Elias Athanasopoulos, and Evangelos P. Markatos in Proceedings of the 3rd European Conference on Computer Network Defense (EC2ND). October 2007, Heraklion, Greece.

    Attack Surface Measurement and Reduction

  1. Less is More: Quantifying the Security Benefits of Debloating Web Applications
    Babak Amin Azad, Pierre Laperdrix, and Nick Nikiforakis
    Proceedings of the 28th USENIX Security Symposium (USENIX Security), 2019

  2. Unnecessarily Identifiable: Quantifying the fingerprintability of browser extensions due to bloat
    Oleksii Starov, Pierre Laperdrix, Alexandros Kapravelos, and Nick Nikiforakis
    Proceedings of the Web Conference (WWW), 2019

  3. Large-scale Security Analysis of the Web: Challenges and Findings
    Tom Van Goethem, Ping Chen, Nick Nikiforakis, Lieven Desmet, Wouter Joosen
    in Proceedings of the 7th International Conference on Trust & Trustworthy Computing
    (TRUST), 2014

  4. You Are What You Include: Large-scale Evaluation of Remote JavaScript Inclusions
    Nick Nikiforakis, Luca Invernizzi, Alexandros Kapravelos, Steven Van Acker, Wouter Joosen, Christopher Kruegel, Frank Piessens and Giovanni Vigna in Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS), 2012


  5. Mobile Web Browsers

  6. Meddling Middlemen: Empirical Analysis of the Risks of Data-Saving Mobile Browsers
    Brian Kondracki, Assel Aliyeva, Manuel Egele, Jason Polakis, Nick Nikiforakis
    Proceedings of the 41st IEEE Symposium on Security and Privacy (IEEE S&P), 2020

  7. Need for Mobile Speed: A Historical Study of Mobile Web Performance
    Javad Nejati, Meng Luo, Nick Nikiforakis, and Aruna Balasubramanian
    Proceedings of the 4th Network Traffic Measurement and Analysis Conference (TMA), 2020

  8. Time Does Not Heal All Wounds: A Longitudinal Analysis of Security-Mechanism Support in Mobile Browsers
    Meng Luo, Pierre Laperdrix, Nima Honarmand, and Nick Nikiforakis
    Proceedings of the 26th Network and Distributed System Security Symposium (NDSS) 2019

  9. Hindsight: Understanding the Evolution of UI Vulnerabilities in Mobile Browsers
    Meng Luo, Oleksii Starov, Nima Honarmand, and Nick Nikiforakis
    Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS), 2017


  10. Online tracking and privacy

  11. The Dangers of Human Touch: Fingerprinting Browser Extensions through User Actions
    Kostas Solomos, Panagiotis Ilia, Soroush Karami, Nick Nikiforakis, and Jason Polakis
    To appear in Proceedings of USENIX Security Symposium (USENIX Security), 2022

  12. Fingerprinting in Style: Detecting Browser Extensions via Injected Style Sheets
    Pierre Laperdrix, Oleksii Starov, Quan Chen, Alexandros Kapravelos, Nick Nikiforakis
    Proceedings of the USENIX Security Symposium (USENIX Security), 2021


  13. Everyone is Different: Client-side Diversification for Defending Against Extension Fingerprinting
    Erik Trickel, Oleksii Starov, Alexandros Kapravelos, Nick Nikiforakis, and Adam Doupé
    Proceedings of the 28th USENIX Security Symposium (USENIX Security), 2019

  14. PrivacyMeter: Designing and Developing a Privacy-Preserving Browser Extension
    Oleksii Starov and Nick Nikiforakis
    Proceedings of the 10th International Symposium on Engineering Secure Software and Systems (ESSoS) 2018

  15. XHOUND: Quantifying the Fingerprintability of Browser Extensions
    Oleksii Starov and Nick Nikiforakis
    Proceedings of the 38th IEEE Symposium on Security and Privacy (IEEE S&P), 2017

  16. Extended Tracking Powers: Measuring the Privacy Diffusion Enabled by Browser Extensions
    Oleksii Starov and Nick Nikiforakis
    Proceedings of the 26th International World Wide Web Conference (WWW), 2017

  17. Block Me If You Can: A Large-Scale Study of Tracker-Blocking Tools
    Georg Merzdovnik, Markus Huber, Damjan Buhov, Nick Nikiforakis, Sebastian Neuner, Martin Schmiedecker, Edgar Weippl
    Proceedings of the 2nd IEEE European Symposium on Security and Privacy (IEEE EuroS&P), 2017

  18. Are You Sure You Want to Contact Us? Quantifying the Leakage of PII via Website Contact Forms
    Oleksii Starov, Phillipa Gill, Nick Nikiforakis
    in Proceedings of the 16th Privacy Enhancing Technologies Symposium (PETS), 2016.
    (Honorable mention)

  19. PriVaricator: Deceiving fingerprinters with Little White Lies
    Nick Nikiforakis, Wouter Joosen, Benjamin Livshits
    in Proceedings of the 24th International World Wide Web Conference
    (WWW 2015)

  20. Crying Wolf? On the Price Discrimination of Online Airline Tickets
    Thomas Vissers, Nick Nikiforakis, Nataliia Bielova, Wouter Joosen
    in the 7th Workshop on Hot Topics in Privacy Enhancing Technologies
    (HotPETs 2014), Amsterdam, Netherlands

  21. FPDetective: Dusting the web for fingerprinters
    Güneş Acar, Marc Juárez Miró, Nick Nikiforakis, Claudia Diaz, Seda Gürses, Frank Piessens, Bart Preneel in Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS 2013), Berlin, Germany (Runner up for 2015 Caspar Bowden PET award)

  22. Cookieless Monster: Exploring the Ecosystem of Web-based Device Fingerprinting
    Nick Nikiforakis, Alexandros Kapravelos, Wouter Joosen, Christopher Kruegel, Frank Piessens, Giovanni Vigna in Proceedings of the 34th IEEE Symposium of Security and Privacy (IEEE S&P 2013), San Francisco, CA, USA

  23. Exploring the Ecosystem of Referrer-Anonymizing Services
    Nick Nikiforakis, Steven Van Acker, Frank Piessens and Wouter Joosen in Proceedings of the 12th Privacy Enhancing Technology Symposium (PETS 2012), Vigo, Spain

  24. DNS security

  25. Domains Do Change Their Spots: Quantifying Potential Abuse of Residual Trust
    Johnny So, Najmeh Miramirkhani, Mike Ferdman, and Nick Nikiforakis
    To appear in Proceedings of the IEEE Symposium on Security and Privacy (IEEE S&P), 2022

  26. To Err.Is Human: Characterizing the Threat of Unintended URLs in Social Media
    Beliz Kaleli, Brian Kondracki, Manuel Egele, Nick Nikiforakis, and Gianluca Stringhini
    Proceedings of the 28th Network and Distributed System Security Symposium (NDSS), 2021

  27. Now You See It, Now You Don't: A Large-scale Analysis of Early Domain Deletions
    Timothy Barron, Najmeh Miramirkhani, and Nick Nikiforakis
    Proceedings of the 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID), 2019

  28. Panning for gold.com: Understanding the dynamics of domain dropcatching
    Najmeh Miramirkhani, Timothy Barron, Michael Ferdman, and Nick Nikiforakis
    Proceedings of the Web Conference (WWW), 2018

  29. The Wolf of Name Street: Hijacking Domains Through Their Nameservers
    Thomas Vissers, Timothy Barron, Tom Van Goethem, Wouter Joosen, and Nick Nikiforakis
    Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS), 2017

  30. Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse
    Panagiotis Kintis, Najmeh Miramirkhani, Charles Lever, Yizheng Chen, Rosa Romero-Gomez, Nikolaos Pitropakis,
    Nick Nikiforakis, and Manos Antonakakis

    Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS), 2017

  31. Seven Months' Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse
    Pieter Agten, Wouter Joosen, Frank Piessens, Nick Nikiforakis
    in Proceedings of the 22nd Network and Distributed System Security Symposium (NDSS 2015)

  32. Parking Sensors: Analyzing and Detecting Parked Domains
    Thomas Vissers, Wouter Joosen, Nick Nikiforakis
    in Proceedings of the 22nd Network and Distributed System Security Symposium (NDSS 2015)

  33. Soundsquatting: Uncovering the use of homophones in domain squatting
    Nick Nikiforakis, Marco Balduzzi, Lieven Desmet, Frank Piessens, Wouter Joosen
    in Proceedings of the 17th Information Security Conference (ISC 2014), Hong Kong (Best Paper Award)

  34. Bitsquatting: Exploiting bit-flips for fun, or profit?
    Nick Nikiforakis, Steven Van Acker, Wannes Meert, Lieven Desmet, Frank Piessens, Wouter Joosen
    in Proceedings of the 22nd International World Wide Web Conference (WWW 2013), Rio de Janeiro, Brazil

  35. Malicious advertising and cybercrime

  36. Uninvited Guests: Analyzing the Identity and Behavior of Certificate Transparency Bots
    Brian Kondracki, Johnny So, and Nick Nikiforakis
    To appear in Proceedings of USENIX Security Symposium (USENIX Security), 2022

  37. Catching Transparent Phish: Analyzing and Detecting MITM Phishing Toolkits
    Brian Kondracki, Babak Amin Azad, Oleksii Starov, and Nick Nikiforakis
    Proceedings of ACM Conference on Computer and Communications Security (CCS), 2021
  38. (3rd place at the Applied Research Competition, CSAW 2021)

  39. Where are you taking me? Understanding Abusive Traffic Distribution Systems
    Janos Szurdi, Meng Luo, Brian Kondracki, Nick Nikiforakis, and Nicolas Christin
    Proceedings of the 30th Web Conference (WWW), 2021

  40. You've Changed: Detecting Malicious Browser Extensions through their Update Deltas
    Nikolaos Pantelaios, Nick Nikiforakis, and Alexandros Kapravelos
    Proceedings of ACM Conference on Computer and Communications Security (CCS), 2020

  41. Exposing Search and Advertisement Abuse Tactics and Infrastructure of Technical Support Scammers
    Bharat Srinivasan, Athanasios Kountouras, Najmeh Miramirkhani, Monjur Alam, Nick Nikiforakis, Manos Antonakakis, and Mustaque Ahamad
    Proceedings of the Web Conference (WWW), 2018

  42. Dial One for Scam: A Large-Scale Analysis of Technical Support Scams
    Najmeh Miramirkhani, Oleksii Starov, and Nick Nikiforakis
    Proceedings of the 24th Network and Distributed System Security Symposium (NDSS), 2017
  43. (Distinguished Paper Award)

  44. What's in a Name? Understanding Profile Name Reuse on Twitter
    Enrico Mariconti, Jeremiah Onaolapo, Sharique Ahmad, Nicolas Nikiforou, Manuel Egele, Nick Nikiforakis and Gianluca Stringhini
    Proceedings of the 26th International World Wide Web Conference (WWW), 2017

  45. Why Allowing Profile Name Reuse Is A Bad Idea
    Enrico Mariconti, Jeremiah Onaolapo, Syed Sharique Ahmad, Nicolas Nikiforou, Manuel Egele, Nick Nikiforakis, and Gianluca Stringhini
    Proceedings of the 9th European Workshop on System Security (EUROSEC), 2016

  46. It's Free for a Reason: Exploring the Ecosystem of Free Live Streaming Services
    Zubair Rafique, Tom Van Goethem, Wouter Joosen, Christophe Huygens, Nick Nikiforakis
    Proceedings of the 23rd Network and Distributed System Security Symposium (NDSS), 2016

  47. Drops for Stuff: An Analysis of Reshipping Mule Scams
    Shuang Hao, Kevin Borgolte, Nick Nikiforakis, Gianluca Stringhini, Manuel Egele, Michael Eubanks, Brian Krebs, Giovanni Vigna
    Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS), 2015.

  48. Stranger Danger: Exploring the Ecosystem of Ad-based URL Shortening Services
    Nick Nikiforakis, Federico Maggi, Gianluca Stringhini, M Zubair Rafique, Wouter Joosen, Christopher Kruegel, Frank Piessens, Giovanni Vigna, Stefano Zanero
    Proceedings of the 23rd International World Wide Web Conference (WWW 2014), Seoul, Korea

  49. Attacks and Forensics

  50. The Droid is in the Details: Environment-aware Evasion of Android Sandboxes
    Brian Kondracki, Babak Amin Azad, Najmeh Miramirkhani, and Nick Nikiforakis
    To appear in Proceedings of the 29th Network and Distributed System Security Symposium (NDSS), 2022

  51. Taming The Shape Shifter: Detecting Anti-fingerprinting Browsers
    Babak Amin Azad, Oleksii Starov, Pierre Laperdrix, and Nick Nikiforakis
    Proceedings of the 17th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2020

  52. Betrayed by Your Dashboard: Discovering Malicious Campaigns via Web Analytics
    Oleksii Starov, Yuchen Zhou, Xiao Zhang, Najmeh Miramirkhani, and Nick Nikiforakis
    Proceedings of the Web Conference (WWW), 2018

  53. Spotless Sandboxes: Evading Malware Analysis Systems using Wear-and-Tear Artifacts
    Najmeh Miramirkhani, Mahathi Priya Appini, Nick Nikiforakis and Michalis Polychronakis
    Proceedings of the 38th IEEE Symposium on Security and Privacy (IEEE S&P), 2017
  54. (CSAW 2017 Finalist)

  55. The Clock is Still Ticking: Timing Attacks in the Modern Web
    Tom Van Goethem, Wouter Joosen, Nick Nikiforakis
    in Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS), 2015

  56. Maneuvering Around Clouds: Bypassing Cloud-based Security Providers
    Thomas Vissers, Tom Van Goethem, Wouter Joosen, Nick Nikiforakis
    in Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS), 2015
  57. FlashOver: Automated Discovery of Cross-site Scripting Vulnerabilities in Rich Internet Applications
    Steven Van Acker, Nick Nikiforakis, Lieven Desmet, Wouter Joosen and Frank Piessens in Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2012), Seoul, South Korea

  58. Abusing Locality in Shared Web Hosting
    Nick Nikiforakis, Wouter Joosen and Martin Johns in Proceedings of the 4th European Workshop on System Security (EuroSec 2011), Salzburg, Austria

  59. Exposing the Lack of Privacy in File Hosting Services
    Nick Nikiforakis, Marco Balduzzi, Steven Van Acker, Wouter Joosen and Davide Balzarotti in Proceedings of the 4th USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET 2011), Boston, US

  60. Security Measurements

  61. Verba Volant, Scripta Volant: Understanding Post-publication Title Changes in News Outlets
    Xingzhi Guo, Brian Kondracki, Nick Nikiforakis, and Steven Skiena
    To appear in Proceedings of the 31st Web Conference (WWW), 2022

  62. Good Bot, Bad Bot: Characterizing Automated Browsing Activity
    Xigao Li, Babak Amin Azad, Amir Rahmati, Nick Nikiforakis
    Proceedings of the 42nd IEEE Symposium on Security and Privacy (IEEE S&P), 2021

  63. Web Runner 2049: Evaluating Third-Party Anti-bot Services
    Babak Amin Azad, Oleksii Starov, Pierre Laperdrix, and Nick Nikiforakis
    Proceedings of the 17th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2020

  64. Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies
    Sebastian Roth, Timothy Barron, Stefano Calzavara, Nick Nikiforakis, and Ben Stock
    Proceedings of the 27th Network and Distributed System Security Symposium (NDSS), 2020

  65. Purchased Fame: Exploring the Ecosystem of Private Blog Networks
    Tom Van Goethem, Najmeh Miramirkhani, Wouter Joosen, and Nick Nikiforakis
    Proceedings of the 14th ACM ASIA Conference on Computer and Communications Security (ASIACCS), 2019

  66. Picky Attackers: Quantifying the Role of System Properties on Intruder Behavior
    Timothy Barron and Nick Nikiforakis
    Proceedings of the 33rd Annual Computer Security Applications Conference (ACSAC), 2017


  67. No Honor Among Thieves: A Large-Scale Analysis of Malicious Web Shells
    Oleksii Starov, Johannes Dahse, Syed Sharique Ahmad, Thorsten Holz, Nick Nikiforakis
    in Proceedings of the 25th International World Wide Web Conference (WWW), 2016

  68. Clubbing Seals: Exploring the Ecosystem of Third-party Security Seals
    Tom Van Goethem, Frank Piessens, Wouter Joosen, Nick Nikiforakis
    in Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS 2014), Scottsdale, Arizona, USA

  69. Security Analysis of the Chinese Web: How well is it protected?
    Ping Chen, Nick Nikiforakis, Lieven Desmet, Christoph Huygens
    in the Workshop of Cyber Security Analytics and Automation
    (SafeConfig 2014), Scottsdale, Arizona, USA

  70. Monkey-in-the-browser: Malware and vulnerabilities in augmented browsing script markets
    Steven Van Acker, Nick Nikiforakis, Lieven Desmet, Frank Piessens, Wouter Joosen in Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2014), Kyoto, Japan

  71. A Dangerous Mix: Large-scale analysis of mixed-content websites
    Ping Chen, Nick Nikiforakis, Lieven Desmet, Christophe Huygens in Proceedings of the 16th Information Security Conference (ISC 2013), Dallas, Texas, USA

  72. Monitoring three National Research Networks for Eight Weeks: Observations and Implications
    Demetris Antoniades, Michalis Polychronakis, Nick Nikiforakis, Evangelos P. Markatos, Yiannis Mitsos in the 6th IEEE Workshop on End-to-End Monitoring Techniques and Services (E2EMon). April 2008, Salvador, Bahia, Brazil.

  73. Countermeasures for the web

  74. Click This, Not That: Extending Web Authentication with Deception
    Timothy Barron, Johnny So, Nick Nikiforakis
    Proceedings of the 16th ACM ASIA Conference on Computer and Communications Security (ASIACCS), 2021

  75. Morellian Analysis for Browsers: Making Web Authentication Stronger With Canvas Fingerprinting
    Pierre Laperdrix, Gildas Avoine, Benoit Baudry, and Nick Nikiforakis
    Proceedings of the 16th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2019

  76. TabShots: Client-side detection of tabnabbing attacks
    Philippe De Ryck, Nick Nikiforakis, Lieven Desmet, Wouter Joosen in Proceedings of the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013), Hangzhou, China

  77. FlowFox: a Web Browser with Flexible and Precise Information Flow Control
    Willem De Groef, Dominique Devriese, Nick Nikiforakis, and Frank Piessens
    in Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS 2012), Raleigh, NC, USA

  78. DEMACRO: Defense against Malicious Cross-domain Requests
    Sebastian Lekies, Nick Nikiforakis, Walter Tighzert, Frank Piessens and Martin Johns in Proceedings of the 15th International Symposium on Research In Attacks, Intrusions and Defenses (RAID 2012), Amsterdam, The Netherlands

  79. Serene: Self-Reliant Client-Side Protection against Session Fixation
    Philippe De Ryck, Nick Nikiforakis, Lieven Desmet, Frank Piessens and Wouter Joosen in Proceedings of the 7th International Federated Conference on Distributed Computing Techniques (DAIS 2012), Stockholm, Sweden

  80. SessionShield: Lightweight Protection against Session Hijacking
    Nick Nikiforakis,Wannes Meert, Yves Younan, Martin Johns and Wouter Joosen in Proceedings of the 3rd International Symposium on Engineering Secure Software and Systems (ESSoS 2011), Madrid, Spain

  81. HProxy: Client-side detection of SSL stripping attacks
    Nick Nikiforakis, Yves Younan and Wouter Joosen in Proceedings of the 7th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2010, Bonn, Germany

  82. Alice, what did you do last time? Fighting Phishing Using Past Activity Tests,
    Nikos Nikiforakis, Andreas Makridakis, Elias Athanasopoulos, and Evangelos P. Markatos in Proceedings of the 3rd European Conference on Computer Network Defense (EC2ND). October 2007, Heraklion, Greece.

  83. Low-level Security

  84. HeapSentry: Kernel-assisted Protection against Heap Overflows
    Nick Nikiforakis, Frank Piessens, Wouter Joosen in Proceedings of the 10th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2013), Berlin, Germany

  85. Recent Developments in Low-Level Software Security
    Pieter Agten, Nick Nikiforakis, Raoul Strackx, Willem De Groef and Frank Piessens in Proceedings of the 6th Workshop in Information Security Theory and Practice (WISTP 2012), London, UK

  86. There is Safety in Numbers: Preventing Control-Flow Hijacking by Duplication
    Job Noorman, Nick Nikiforakis, and Frank Piessens in Proceedings of the 17th Nordic Conference on Secure IT Systems (NordSec 2012), Karlskrona, Sweden

  87. HyperForce: Hypervisor-enForced Execution of Security-Critical Code
    Francesco Gadaleta, Nick Nikiforakis, Jan Tobias Muhlberg and Wouter Joosen in Proceedings of the 27th IFIP International Information Security and Privacy Conference (IFIP SEC 2012), Heraklion, Crete, Greece

  88. RIPE: Runtime Intrusion Prevention Evaluator
    John Wilander, Nick Nikiforakis, Yves Younan, Mariam Kamkar and Wouter Joosen in Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC 2011), Orlando, US [source]

  89. Hello rootKitty: A lightweight invariance-enforcing framework
    Francesco Gadaleta, Nick Nikiforakis, Yves Younan and Wouter Joosen in Proceedings of the 14th Information Security Conference (ISC 2011), Xi'an, China [Video Demo]

  90. ValueGuard: Protection of native applications against data-only buffer overflows
    Steven Van Acker, Nick Nikiforakis, Pieter Philippaerts, Yves Younan and Frank Piessens in Proceedings of the Sixth International Conference on Information Systems Security (ICISS 2010), Gujarat, India

Articles

  1. Protected Web Components: Hiding Sensitive Information in the Shadows
    Philippe De Ryck, Nick Nikiforakis, Lieven Desmet, Frank Piessens, Wouter Joosen in IEEE IT Pro magazine, January/February 2015

  2. Browse at your own risk
    Nick Nikiforakis and Gunes Acarin in IEEE Spectrum, Volume 41, Issue 8, August 2014

  3. On the Workings and Current Practices of Web-based Device Fingerprinting
    Nick Nikiforakis, Alexandros Kapravelos, Wouter Joosen, Christopher Kruegel, Frank Piessens, Giovanni Vigna in IEEE Security & Privacy Magazine, Issue 99, 2013

  4. Direct Object Reference or, How a Toddler can hack your Web application
    Nick Nikiforakis in Hackin9, Volume 1, Number 3, 2011

  5. IPv6 Resiliency Study
    Sotiris Ioannidis,George Apostolopoulos, Kostas Anagnostakis, Nick Nikiforakis, Andreas Makridakis and Charalampos Gkikas with the collaboration of ENISA STA staff

Service

Program Committee Chair

  • Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb), co-chair with Alexandros Karpavelos and
    Oleksii Starov: 2020
  • Security, Privacy, and Trust track of The Web Conference (WWW), co-chair with Bruno Crispo: 2020
  • Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb), co-chair with Alexandros Karpavelos: 2019
  • Symposium on Electronic Crime Research (eCrime), co-chair with Gianluca Stringhini: 2018
  • Symposium on Electronic Crime Research (eCrime), co-chair with Damon McCoy: 2017
  • OWASP AppSec Europe - Research Track: 2015

Conference Organization

  • Sponsorship Chair, Conference on Computer and Communications Security (CCS): 2019
  • Poster Chair, USENIX Security Symposium: 2017
  • Publicity Chair, International Symposium on Research in Attacks, Intrusions and Defenses (RAID): 2017

Program Commitee member

  • Conference on Computer and Communications Security (CCS): 2015, 2016, 2017, 2020, 2021, 2022
  • USENIX Security Symposium: 2015, 2016, 2017, 2018, 2021, 2022
  • IEEE European Symposium on Security and Privacy (EuroS&P): 2017, 2020, 2021, 2022
  • International World Wide Web Conference (WWW): 2015, 2017, 2018, 2022
  • SecWeb Workshop: 2021, 2022
  • European Symposium on Research in Computer Security (ESORICS): 2021
  • IEEE Symposium on Security and Privacy (IEEE S&P): 2019, 2020, 2021
  • Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA): 2015, 2016, 2017, 2018, 2019, 2020
  • Network and Distributed System Security Symposium (NDSS): 2018, 2019, 2020
  • Workshop on Technology and Consumer Protection (ConPro): 2019, 2020
  • International Symposium on Research in Attacks, Intrusions and Defenses (RAID): 2019, 2020
  • Information Security Conference (ISC): 2019
  • Symposium on Electronic Crime Research (eCrime): 2016, 2019
  • International Symposium on Engineering Secure Software and Systems (ESSoS): 2015, 2016, 2018
  • ACM ASIA Conference on Information, Computer and Communications Security (AsiaCCS): 2018
  • Annual Computer Security Applications Conference (ACSAC): 2016, 2017
  • European Workshop on Usable Security (EuroUSEC): 2017
  • Conference on Data and Application Security and Privacy (CODASPY): 2016, 2017
  • Symposium On Applied Computing (SAC), Security Track : 2017
  • ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec): 2015
  • European Workshop on System Security (EuroSec): 2012, 2013, 2014, 2015
  • IEEE International Conference on Embedded and Ubiquitous Computing (EUC): 2014
  • IFIP Conference on Communications and Multimedia Security (CMS): 2012, 2013
  • International Conference on Emerging Ubiquitous Systems and Pervasive Networks (EUSPN): 2013
  • IEEE Workshop on Network Measurements (IEEE WNM): 2013
  • OWASP AppSec Europe 2013 - Research Track (AppSec EU): 2013