Publications

In Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD 2020)

In Proceedings of The Web Conference (WWW 2020)
We present the first comprehensive study of the possible security and privacy implications that clicks can have from a user perspective, analyzing the disconnect that exists between what is shown to users and what actually happens after.

In Proceedings of the 2020 CHI Workshop on Designing Interactions for the Ageing Populations - Addressing Global Challenges
Older adults are disproportionately affected by scams, many of which target them specifically. We present Fraud Bingo, an intervention designed by WISE \& Healthy Aging Center in Southern California prior to 2012, that has been played by older adults throughout the United States. We also present the Scam Defender Obstacle Course (SDOC), an interactive web application that tests a user's ability to identify scams, and subsequently teaches them how to recognize the scams. SDOC is patterned after existing phishing-recognition training tools for working professionals. We present the results of running a workshop with 17 senior citizens, where we performed a controlled study that and used SDOC to measure the effectiveness of Fraud Bingo. We outline the difficulties several participants had with completing SDOC, which indicate that tools like SDOC should be tailored to the needs of older adults.

In Proceedings of the 13th ACM International Conference on Web Search and Data Mining (WSDM 2020) In this paper, we study the graph-based semi-supervised learning for classifying nodes in attributed networks, where the nodes and edges possess content information. Recent approaches like graph convolution networks and attention mechanisms have been pro-posed to ensemble the first-order neighbors and incorporate the relevant neighbors. However, it is costly (especially in memory) to consider all neighbors without a prior differentiation. We propose to explore the neighborhood in a reinforcement learning setting and find a walk path well-tuned for classifying the unlabeled target nodes. We let an agent (of node classification task) walk over the graph and decide where to move to maximize classification accuracy. We define the graph walk as a partially observable Markov decision process (POMDP). The proposed method is flexible for working in both transductive and inductive setting. Extensive experiments on four data sets demonstrate that our proposed method outperforms several state-of-the-art methods. Several case studies also illustrate the meaningful movement trajectory made by the agent.

To appear in the proceedings of the 2020 USENIX Annual Technical Conference (USENIX ATC '20)
We propose SEAL, a family of new searchable encryption schemes with adjustable leakage. In SEAL, the amount of privacy loss is expressed in leaked bits of search or access pattern and can be defined at setup. As our experiments show, when protecting only a few bits of leakage (e.g., three to four bits of access pattern),enough for existing and even new more aggressive attacks to fail, SEAL query execution time is within the realm of practical for real-world applications (a little over one order of magnitude slowdown compared to traditional SE-based encrypted databases).

In Proceedings of the 42nd IEEE Symposium on Security and Privacy (S&P 2021) Our analysis lets us paint a highly detailed picture of the cookie ecosystem, discovering an intricate network of connections between players that reciprocally exchange information and include each other's content in web pages whose owners may not even be aware.

In Proceedings of the 41st IEEE Symposium on Security and Privacy (S&P 2020)
This paper looks at past research conducted in the area of cyber insurance and classifies previous studies in four different areas. Then it identifies, a group of practical research problems where security experts could help the cyber insurance domain.