Publications

2019

Hack for Hire: Exploring the Emerging Market for Account Hijacking
Ariana Mirian, Joe DeBlasio, Stefan Savage, Geoffrey M. Voelker, and Kurt Thomas
Proceedings of the World Wide Web Conference (WWW 2019)

Evaluating Login Challenges as a Defense Against Account Takeover
Periwinkle Doerfler, Maija Marincenko, Juri Ranieri, Yu Jiang, Angelika Moscicki, Damon McCoy, and Kurt Thomas
Proceedings of the World Wide Web Conference (WWW 2019)

Rethinking the detection of child sexual abuse imagery on the Internet
Elie Bursztein, Travis Bright, Einat Clarke, Michelle DeLaune, David M. Eliff, Nick Hsu, Lindsey Olson, John Shehan, Madhukar Thakur, and Kurt Thomas
Proceedings of the World Wide Web Conference (WWW 2019)

“They Don’t Leave Us Alone Anywhere We Go”: Gender and Digital Abuse in South Asia
Nithya Sambasivan, Amna Batool, Nova Ahmed, Tara Matthews, Kurt Thomas, Laura Sanely Gaytán-Lugo, David Nemer, Elie Bursztein, Elizabeth Churchill, and Sunny Consolvo
Proceedings of the CHI Conference on Human Factors in Computing Systems (CHI 2019)

2018

Data Breaches: User Comprehension, Expectations, and Concerns with Handling Exposed Data
Sowmya Karunakaran, Kurt Thomas, Elie Bursztein, and Oxana Comanescu
Proceedings of the Symposium on Usable Privacy and Security (SOUPS 2018)

SybilFuse: Combining Local Attributes with Global Structure to Perform Robust Sybil Detection
Peng Gao, Binghui Wang, Neil Zhenqiang Gong, Sanjeev R. Kulkarni, Kurt Thomas, and Prateek Mittal
Proceedings of the Conference on Communications and Network Security (CNS 2018)

2017

Data breaches, phishing, or malware? Understanding the risks of stolen credentials
Kurt Thomas, Frank Li, Ali Zand, Jake Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Dan Margolis, Vern Paxson, Elie Bursztein
Proceedings of the Conference on Computer and Communications Security (CCS 2017)

Understanding the Mirai Botnet
Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, Yi Zhou
Proceedings of the USENIX Security Symposium (USENIX Security 2017)

Pinning Down Abuse on Google Maps
Danny Yuxing Huang, Doug Grundman, Kurt Thomas, Abhishek Kumar, Elie Bursztein, Kirill Levchenko, and Alex C. Snoeren
Proceedings of the World Wide Web Conference (WWW 2017)

2016

Picasso: Lightweight Device Class Fingerprinting for Web Clients
Elie Bursztein, Artem Malyshev, Tadek Pietraszek and Kurt Thomas
Proceedings of the Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2016)

The Abuse Sharing Economy: Understanding the Limits of Threat Exchanges
Kurt Thomas, Rony Amira, Adi Ben-Yoash, Ari Berger, Ori Folger, Amir Hardon, Elie Bursztein, Michael Bailey
Proceedings of the Symposium on Research in Attacks, Intrusions and Defenses (RAID 2016)

Investigating Commercial Pay-Per-Install and the Distribution of Unwanted Software
Kurt Thomas, Juan Antonio Elices Crespo, Ryan Rasti, Jean-Michel Picod, Cait Phillips, Marc-André (MAD) Decoste, Chris Sharp, Fabio Tirelo, Ali Tofigh, Marc-Antoine Courteau, Lucas Ballard, Robert Shield, Nav Jagpal, Moheeb Abu Rajab, Panos Mavrommatis, Niels Provos, Elie Bursztein, Damon McCoy
Proceedings of the USENIX Security Symposium (USENIX Security 2016)

Cloak of Visibility: Detecting When Machines Browse a Different Web
Luca Invernizzi, Kurt Thomas, Alexandros Kapravelos, Oxana Comanescu, Jean-Michel Picod, Elie Bursztein
Proceedings of the IEEE Symposium on Security and Privacy (IEEE S&P 2016)

Remedying Web Hijacking: Notification Effectiveness and Webmaster Comprehension
Frank Li, Grant Ho, Eric Kuan, Yuan Niu, Lucas Ballard, Kurt Thomas, Elie Bursztein, Vern Paxson
Proceedings of the World Wide Web Conference (WWW 2016)

2015

Neither Snow Nor Rain Nor MITM … An Empirical Analysis of Email Delivery Security
Zakir Durumeric, David Adrian, Ariana Mirian, James Kasten, Elie Bursztein, Nicolas Lidzborski, Kurt Thomas, Vijay Eranti, Michael Bailey, J. Alex Halderman
Proceedings of the Internet Measurement Conference (IMC 2015)

Trends and Lessons from Three Years Fighting Malicious Extensions
Nav Jagpal, Eric Dingle, Jean-Philippe Gravel, Panayiotis Mavrommatis, Niels Provos, Moheeb Abu Rajab, Kurt Thomas
Proceedings of the USENIX Security Symposium (USENIX Security 2015)

Framing Dependencies Introduced by Underground Commoditization
Kurt Thomas, Danny Yuxing Huang, David Wang, Elie Bursztein, Chris Grier, Thomas J. Holt, Christopher Kruegel, Damon McCoy, Stefan Savage, Giovanni Vigna
Proceedings of the Workshop on the Economics of Information Security (WEIS 2015)

Ad Injection at Scale: Assessing Deceptive Advertisement Modifications
Kurt Thomas, Elie Bursztein, Chris Grier, Grant Ho, Nav Jagpal, Alexandros Kapravelos, Damon McCoy, Antonio Nappa, Vern Paxson, Paul Pearce, Niels Provos, Moheeb Abu Rajab
Proceedings of the IEEE Symposium on Security and Privacy (IEEE S&P 2015)

2014

Dialing Back Abuse on Phone Verified Accounts
Kurt Thomas, Dmytro Iatskiv, Elie Bursztein, Tadek Pietraszek, Chris Grier, Damon McCoy
Proceedings of the Conference on Computer and Communications Security (CCS 2014)

Consequences of Connectivity: Characterizing Account Hijacking on Twitter
Kurt Thomas, Frank Li, Chris Grier, Vern Paxson
Proceedings of the Conference on Computer and Communications Security (CCS 2014)

2013

Trafficking Fraudulent Accounts: The Role of the Underground Market in Twitter Spam and Abuse
Kurt Thomas, Damon McCoy, Chris Grier, Alek Kolcz, Vern Paxson
Proceedings of the USENIX Security Symposium (USENIX Security 2013)

Practical Comprehensive Bounds on Surreptitious Communication Over DNS
Vern Paxson, Mihai Christodorescu, Mobin Javed, Josyula Rao, Reiner Sailer, Douglas Schales, Marc Ph Stoecklin, Kurt Thomas, Wietse Venema, Nicholas Weaver
Proceedings of the USENIX Security Symposium (USENIX Security 2013)

2012

Manufacturing Compromise: The Emergence of Exploit-as-a-Service
Chris Grier, Lucas Ballard, Juan Caballero, Neha Chachra, Christian J. Dietrichq, Kirill Levchenko, Panayiotis Mavrommatis, Damon McCoy, Antonio Nappa, Andreas Pitsillidis, Niels Provos, M. Zubair Rafique, Moheeb Abu Rajab, Christian Rossow, Kurt Thomas, Vern Paxson, Stefan Savage, Geoffrey M. Voelker
Proceedings of the Conference on Computer and Communications Security (CCS 2012)

Adapting Social Spam Infrastructure for Political Censorship
Kurt Thomas, Chris Grier, Vern Paxson
Proceedings of the 5th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET 2012)

2011

Suspended Accounts in Retrospect: An Analysis of Twitter Spam
Kurt Thomas, Chris Grier, Vern Paxson, Dawn Song
Proceedings of the Internet Measurement Conference 2011 (IMC 2011)

Design and Evaluation of a Real-Time URL Spam Filtering Service
Kurt Thomas, Chris Grier, Justin Ma, Vern Paxson, Dawn Song
Proceedings of the IEEE Symposium on Security and Privacy (IEEE S&P 2011)

2010

The Koobface Botnet and the Rise of Social Malware
Kurt Thomas, David M. Nicol
Proceedings of the International Conference on Malicious and Unwanted Software (MALWARE 2010)

@spam: The underground on 140 characters or less
Chris Grier, Kurt Thomas, Vern Paxson, Michael Zhang
Proceedings of the CCS Conference on Computer and Communications Security (CCS 2010)

unFriendly: Multi-Party Privacy Risks in Social Networks
Kurt Thomas, Chris Grier, David M. Nicol
Proceedings of the Privacy Enhancing Technologies Symposium (PETS 2010).

Barriers to Security and Privacy Research in the Web Era
Kurt Thomas, Chris Grier, David M. Nicol
Proceedings of the Workshop on Ethics in Computer Security Research (WECSR 2010).