Publications of Xinming Ou

  1. Experimental study of fuzzy hashing in malware clustering analysis. Yuping Li, Sathya Chandran Sundaramurthy, Alexandru G. Bardas, Xinming Ou, Doina Caragea, Xin Hu, and Jiyong Jang. 8th Workshop on Cyber Security Experimentation and Test (CSET'15), Washington, D.C., USA, Aug 10, 2015.
  2. A human capital model for mitigating security analyst burnout. Sathya Chandran Sundaramurthy, Alexandru G. Bardas, Jacob Case, Xinming Ou, Michael Wesch, John McHugh, and S. Raj Rajagopalan. Symposium On Usable Privacy and Security (SOUPS 2015), Ottawa, Canada, July 22-24, 2015. (Distinguished Paper Award)
  3. Practical always-on taint tracking on mobile devices. Justin Paupore, Earlence Fernandes, Atul Prakash, Sankardas Roy, and Xinming Ou. 15th Workshop on Hot Topics in Operating Systems (HotOS'15), Kartause, Switzerland, May 18-20, 2015.
  4. Compiling abstract specifications into concrete systems - bringing order to the cloud. Ian Unruh, Alexandru G. Bardas, Rui Zhuang, Xinming Ou, and Scott A. DeLoach. In 28th Large Installation System Administration Conference (LISA'14), Seattle, WA, USA, Nov, 2014.
  5. Amandroid: A precise and general inter-component data flow analysis framework for security vetting of Android apps. Fengguo Wei, Sankardas Roy, Xinming Ou, and Robby. In 21st ACM Conference on Computer and Communications Security (CCS 2014), Scottsdale, AZ, USA, Nov, 2014.
  6. Towards a theory of moving target defense. Rui Zhuang, Scott A. DeLoach, and Xinming Ou. In First ACM Workshop on Moving Target Defense (MTD 2014), Scottsdale, AZ, USA, Nov, 2014.
  7. Metrics of security. Yi Cheng, Julia Deng, Jason Li, Scott A. DeLoach, Anoop Singhal, and Xinming Ou. In Alexander Kott, Cliff Wang, Robert F. Erbacher (eds) Cyber Defense and Situational Awareness. Springer Advances in Information Security Volume 62, 2014, pp 263-295. Oct 3, 2014.
  8. An anthropological approach to studying CSIRTs. Sathya Chandran Sundaramurthy, John McHugh, Xinming Ou, S. Raj Rajagopalan, and Michael Wesch. IEEE Security & Privacy Special Issue on CSIRTs, Sept/Oct, 2014. Preprint.
  9. After we knew it: Empirical study and modeling of cost-effectiveness of exploiting prevalent known vulnerabilities across IaaS cloud. Su Zhang, Xinwen Zhang, and Xinming Ou. 9th ACM Symposium on Information, Computer and Communications Security (ASIACCS), Kyoto, Japan, June, 2014.
  10. A model for analyzing the effect of moving target defenses on enterprise networks. Rui Zhuang, Scott A. DeLoach, and Xinming Ou. 9th Cyber and Information Security Research Conference (CSIRC), Oak Ridge, Tennessee, USA, April, 2014
  11. Model-driven, moving-target defense for enterprise network security. Scott DeLoach, Xinming Ou, Rui Zhuang, and Su Zhang. In Uwe Aßmann, Nelly Bencomo, Gordon Blair, Betty H. C. Cheng, Robert France (eds) State-of-the-Art Survey Volume on Models @run.time. Springer LNCS, Volume 8378, 2014, pp 137-161.
  12. Aiding intrusion analysis using machine learning. Loai Zomlot, Sathya Chandran Sundaramurthy, Doina Caragea, and Xinming Ou. 12th International Conference on Machine Learning and Applications (ICMLA'13), Miami, Florida, USA, December, 2013.
  13. Aggregating vulnerability metrics in enterprise networks using attack graphs. John Homer, Su Zhang, Xinming Ou, David Schmidt, Yanhui Du, S. Raj Rajagopalan, and Anoop Singhal. Journal of Computer Security, Vol 21, No 4., September, 2013.
  14. Investigating the application of moving target defenses to network security. Rui Zhuang, Su Zhang, Alexandru G. Bardas, Scott A. DeLoach, Xinming Ou, and Anoop Singhal. 6th International Symposium on Resilient Control Systems (ISRCS), San Francisco, CA, August, 2013.
  15. Setting up and using a cyber security lab for education purposes. Alexandru G. Bardas and Xinming Ou. Journal of Computing Sciences in Colleges, Vol. 28, Issue 5, May 2013.
  16. Mission-oriented moving target defense based on cryptographically strong network dynamics. Justin Yackoski, Jason Li, Scott A. DeLoach, and Xinming Ou. The 8th Annual Cyber Security and Information Intelligence Research Workshop (CSIIRW), Oak Ridge, TN, Jan 2013.
  17. Investigative response modeling and predictive data collection. Dan Moor, S. Raj Rajagopalan, Sathya Chandran Sundaramurthy, and Xinming Ou. The seventh IEEE eCrime Researchers Summit (eCrime'12), Las Croabas, Puerto Rico, USA, October, 2012.
  18. Simulation-based approaches to studying effectiveness of moving-target network defense. Rui Zhuang, Su Zhang, Scott A. DeLoach, Xinming Ou, and Anoop Singhal. National Symposium on Moving Target Research, Annapolis, MD, USA, June, 2012.
  19. Classification of UDP traffic for DDoS detection. Alexandru G. Bardas, Loai Zomlot, Sathya Chandran Sundaramurthy, Xinming Ou, S. Raj Rajagopalan, and Marc R. Eisenbarth. 5th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), San Jose, CA, USA, March, 2012.
  20. A certificate infrastructure for machine-checked proofs of conditional information flow. Torben Amtoft, Josiah Dodds, Zhi Zhang, Andrew Appel, Lennart Beringer, John Hatcliff, Xinming Ou, and Andrew Cousino. First conference on Principles of Security and Trust (POST'12, part of ETAPS 2012), Tallinn, Estonia, March 2012.
  21. Distilling critical attack graph surface iteratively through minimum-cost SAT solving. Heqing Huang, Su Zhang, Xinming Ou, Atul Prakash, and Karem Sakallah. 27th Annual Computer Security Applications Conference (ACSAC), Orlando, FL, USA. Dec. 2011. (Best Student Paper Award).
  22. Quantitative security risk assessment of enterprise networks. Xinming Ou and Anoop Singhal. SpringerBrief Series, Information Security, 2011.
  23. Prioritizing intrusion analysis using Dempster-Shafer theory. Loai Zomlot, Sathya Chandran Sundaramurthy, Kui Luo, Xinming Ou, and S. Raj Rajagopalan. 4TH ACM Workshop on Artificial Intelligence and Security (AISec), Chicago, USA, Oct. 2011.
  24. Security risk analysis of enterprise networks using probabilistic attack graphs. Anoop Singhal and Xinming Ou. NIST Interagency Report 7788. Aug. 2011.
  25. An empirical study of using the National Vulnerability Database to predict software vulnerabilities. Su Zhang, Doina Caragea, and Xinming Ou. 22nd International Conference on Database and Expert Systems Applications (DEXA), Toulouse, France, August, 2011.
  26. Practical IDS alert correlation in the face of dynamic threats. Sathya Chandran Sundaramurthy, Loai Zomlot, and Xinming Ou. The 2011 International Conference on Security and Management (SAM'11), Las Vegas, USA, July 2011.
  27. An empirical study of a vulnerability metric aggregation method. Su Zhang, Xinming Ou, Anoop Singhal and John Homer. The 2011 International Conference on Security and Management (SAM'11), special track on Mission Assurance and Critical Infrastructure Protection (STMACIP'11), Las Vegas, USA, July 2011.
  28. Effective network vulnerability assessment through model abstraction. Su Zhang, Xinming Ou, and John Homer. the Eighth Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Amsterdam, The Netherlands, July 2011.
  29. Using Bayesian Networks for cyber security analysis. Peng Xie, Jason H Li, Xinming Ou, Peng Liu, and Renato Levy. The 40th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2010), Chicago, USA, June 2010.
  30. An empirical approach to modeling uncertainty in intrusion analysis. Xinming Ou, S. Raj Rajagopalan, and Sakthiyuvaraja Sakthivelmurugan. Annual Computer Security Applications Conference (ACSAC), Honolulu, Hawaii, USA, Dec 2009.
  31. Uncertainty and risk management in cyber situational awareness. Jason Li, Xinming Ou, and Raj Rajagopalan. In Sushil Jajodia et al., editor, Cyber Situational Awareness: Issues and Research , chapter 4. Springer, Nov. 2009.
  32. A sound and practical approach to quantifying security risk in enterprise networks. John Homer, Xinming Ou, and David Schmidt. Technical report 2009-3, Kansas State University, Computing and Information Sciences Department. August 2009.
  33. A host-based security assessment architecture for industrial control systems. Abhishek Rakshit and Xinming Ou. 2nd International Symposium on Resilient Control Systems (ISRCS), Idaho Falls, ID, USA, August 2009.
  34. Techniques for enterprise network security metrics. Anoop Singhal and Xinming Ou. Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies (CSIIRW) , Extended Abstract, April, 2009.
  35. SAT-solving approaches to context-aware enterprise network security management. John Homer and Xinming Ou, IEEE JSAC Special Issue on Network Infrastructure Configuration, Vol. 27, No. 3, April 2009.
  36. A practical approach to modeling uncertainty in intrusion analysis. Xinming Ou, Raj Rajagopalan, and Sakthiyuvaraja Sakthivelmurugan. Technical report 2008-2, Kansas State University, Computing and Information Sciences Department. November 2008.
  37. Identifying critical attack assets in dependency attack graphs. Reginald Sawilla and Xinming Ou. 13th European Symposium on Research in Computer Security (ESORICS 2008), Malaga, Spain, October 2008. The extended version.
  38. Improving attack graph visualization through data reduction and attack grouping. John Homer, Ashok Varikuti, Xinming Ou, and Miles A. McQueen. 5th International Workshop on Visualization for Cyber Security (VizSEC 2008), Cambridge, MA, U.S.A., September 2008.
  39. From attack graphs to automated configuration management - an iterative approach. John Homer, Xinming Ou, and Miles A. McQueen. Technical report 2008-1, Kansas State University, Computing and Information Sciences Department. January 2008.
  40. Googling attack graphs. Reginald Sawilla and Xinming Ou. Technical report, Defence R & D Canada -- Ottawa TM 2007-205, September 2007.
  41. A scalable approach to attack graph generation. Xinming Ou, Wayne F. Boyer, and Miles A. McQueen. 13th ACM Conference on Computer and Communications Security (CCS 2006), Alexandria, VA, U.S.A., October 2006.
  42. Authorization strategies for virtualized environments in grid computing systems. Xinming Ou, Anna Squicciarini, Sebastien Goasguen, and Elisa Bertino. IEEE Workshop on Web Services Security (WSSS), Berkeley, CA, U.S.A., May, 2006.
  43. A logic-programming approach to network security analysis. Xinming Ou. PhD dissertation, Princeton University, 2005.
  44. MulVAL: A logic-based network security analyzer. Xinming Ou, Sudhakar Govindavajhala, and Andrew W. Appel. 14th USENIX Security Symposium, Baltimore, Maryland, U.S.A., August 2005.
  45. A two-tier technique for supporting quantifiers in a lazily proof-explicating theorem prover. K. Rustan M. Leino, Madan Musuvathi, and Xinming Ou. 11th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 05), Edinburgh, U.K., April 2005.
  46. Dynamic typing with dependent types. Xinming Ou, Gang Tan, Yitzhak Mandelbaum, and David Walker. 3rd IFIP International Conference on Theoretical Computer Science (TCS 04), Toulouse, France, August 2004.
  47. Theorem proving using lazy proof explication. Cormac Flanagan, Rajeev Joshi, Xinming Ou, and James B. Saxe. 15th Computer-Aided Verification conference (CAV 2003), Boulder, CO, U.S.A., July 2003.
  48. Enforcing resource usage protocols via scoped methods. Gang Tan, Xinming Ou, and David Walker. 10th International Workshop on Foundations of Object-Oriented Languages (FOOL 10), New Orleans, LA, U.S.A., January 2003.
The documents contained in these pages are included to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.

Last update: Aug 27, 2015.