Ad Injection at Scale: Assessing Deceptive Advertisement Modifications

Connection-Oriented DNS to Improve Privacy and Security

The Attack of the Clones: A Study of the Impact of Shared Code on Vulnerability Patching

What the App is That? Deception and Countermeasures in the Android User Interface

Post-Mortem of a Zombie: Conficker Cleanup After Six Years

Trends and Lessons from Three Years Fighting Malicious Extensions

Meerkat: Detecting Website Defacements through Image-based Object Recognition

Finding Unknown Malice in 10 Seconds: Mass Vetting for New Threats at the Google-Play Scale

Cookies Lack Integrity: Real-World Implications

The Unexpected Dangers of Dynamic JavaScript

ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities

Bohatei: Flexible and Elastic DDoS Defense

Vulnerability Disclosure in the Age of Social Media: Exploiting Twitter for Predicting Real-World Exploits

Needles in a Haystack: Mining Information from Public Dynamic Analysis Sandboxes for Malware Intelligence

The SICILIAN Defense: Signature-based Whitelisting of Web JavaScript

Security by Any Other Name: On the Effectiveness of Provider Based Email Security