Conference
Enhanced Web Application Security Through Proactive Dead Drop Resolver Remediation.
Jonanthan Fuller*, Mingxuan Yao*, Saumya Agarwal, Srimanta Barua, Taleb Hirani, Amit Kumar Sikder, and Brendan Saltaformaggio.
In Proc. 32nd ACM Conference on Computer and Communications Security (CCS), Taipei, Taiwan, 2025.(Acceptance rate: TBD). [Source Code]
*Authors contributed equally.
Lock the Door But Keep the Window Open: Extracting App-Protected Accessibility Information from Browser-Rendered Websites.
Haichuan Xu, Runze Zhang, Mingxuan Yao, David Oygenblik, Yizhi Huang, Jeman Park, and Brendan Saltaformaggio.
In Proc. 32nd ACM Conference on Computer and Communications Security (CCS), Taipei, Taiwan, 2025.(Acceptance rate: TBD). [Source Code]
Identifying Incoherent Search Sessions: Search Click Fraud Remediation Under Real-World Constraints
Runze Zhang, Ranjita Pai Sridhar, Mingxuan Yao, Zheng Yang, David Oygenblik, Haichuan Xu, Vacha Dave, Cormac Herley, Paul England, Brendan Saltaformaggio, To Appear In 46th IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, May. 2025. (Acceptance Rate: 14.8%) [Source Code]
Hitchhiking Vaccine: Enhancing Botnet Remediation With Remote Code Deployment Reuse
Runze Zhang, Mingxuan Yao, Haichuan Xu, Omar Alrawi, Jeman Park, Brendan Saltaformaggio, In Proceedings of 2025 Network and Distributed System Security Symposium (NDSS), San Diego, CA, Feb. 2025. (Acceptance Rate: 16.1%) [Demo Video] [Source Code]
Artifact Evaluated Badges: Available, Functional.
DVa: Extracting Victims and Abuse Vectors from Android Accessibility Malware
Haichuan Xu, Mingxuan Yao, Runze Zhang, Mohamed Moustafa, Jeman Park, Brendan Saltaformaggio, In Proceedings of the 33rd USENIX Security Symposium (Security), Philadelphia, PA, Aug. 2024. (Acceptance Rate: 17.6%) [Conf. Presentation Video] [Source Code]
Artifact Evaluated Badges: Available, Functional.
Media: [The Hacker News] [WizCase] [TechRadar] [TechXplore] [NY Breaking] [Science of Security] [Sensi Tech Hub] [MSN] [Hackread] [vosvete IT] [hackerdose] [xatakaen] [i-hls] [Hypepotamus] [GlobalSpec] [CFIC-SQUADRONE] [Georgia Tech Research]
Pulling Off The Mask: Forensic Analysis of the Deceptive Creator Wallets Behind Smart Contract Fraud
Mingxuan Yao, Runze Zhang, Haichuan Xu, Shih-Huan Chou, Varun Chowdhary Paturi, Amit K. Sikder, and Brendan Saltaformaggio, In Proceedings of the 45th IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, May. 2024. (Acceptance Rate: 17.8%)
[Conf. Presentation Video] [Source Code]
Led to collaboration and investigations with the US FBI.
Media: [Georgia Institute of Technology]
Hiding in Plain Sight: An Empirical Study of Web Application Abuse in Malware
Mingxuan Yao, Jonathan Fuller, Ranjita Pai Sridhar, Saumya Agarwal, Amit K. Sikder, and Brendan Saltaformaggio,” In Proceedings of the 32nd USENIX Security Symposium (USENIX), 2023. (Acceptance Rate: 29%)
[Conf. Presentation Video] [Source Code]
Artifact Evaluated Badges: Available, Functional.
Invited for a Tutorial at the 2023 IEEE Secure Development Conference (SecDev).
Media: [ACM Tech News] [Tech Xplore] [Tech Times] [Israel Homeland Security] [News8Plus] [IlSoftware] [How2Do] [TIISys] [S2E Research] [Georgia Institute of Technology]
LHCSAS: A lightweight and highly-compatible solution for ADS-B security
Haomiao Yang, Mingxuan Yao, Zili Xu, and Baoshu Liu
In GLOBECOM 2017-2017 IEEE Global Communications Conference (pp. 1-7). IEEE.
Privacy-preserving extraction of hog features based on integer vector homomorphic encryption
Haomiao Yang, Yunfan Huang, Yong Yu, Mingxuan Yao, and Xiaosong Zhang
In International Conference on Information Security Practice and Experience, pp. 102-117. Springer, Cham, 2017.
Journal
A practical and compatible cryptographic solution to ADS-B security
Haomiao Yang, Qixian Zhou, Mingxuan Yao, Rongxing Lu, Hongwei Li, and Xiaosong Zhang
In IEEE Internet of Things Journal 6, no. 2 (2018): 3322-3334.