Visible to the public Biblio

Filters: Author is Huang, Danny Yuxing  [Clear All Filters]
2018-03-19
Portnoff, Rebecca S., Huang, Danny Yuxing, Doerfler, Periwinkle, Afroz, Sadia, McCoy, Damon.  2017.  Backpage and Bitcoin: Uncovering Human Traffickers. Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. :1595–1604.

Sites for online classified ads selling sex are widely used by human traffickers to support their pernicious business. The sheer quantity of ads makes manual exploration and analysis unscalable. In addition, discerning whether an ad is advertising a trafficked victim or an independent sex worker is a very difficult task. Very little concrete ground truth (i.e., ads definitively known to be posted by a trafficker) exists in this space. In this work, we develop tools and techniques that can be used separately and in conjunction to group sex ads by their true owner (and not the claimed author in the ad). Specifically, we develop a machine learning classifier that uses stylometry to distinguish between ads posted by the same vs. different authors with 90% TPR and 1% FPR. We also design a linking technique that takes advantage of leakages from the Bitcoin mempool, blockchain and sex ad site, to link a subset of sex ads to Bitcoin public wallets and transactions. Finally, we demonstrate via a 4-week proof of concept using Backpage as the sex ad site, how an analyst can use these automated approaches to potentially find human traffickers.

2019-04-05
Acar, Gunes, Huang, Danny Yuxing, Li, Frank, Narayanan, Arvind, Feamster, Nick.  2018.  Web-Based Attacks to Discover and Control Local IoT Devices. Proceedings of the 2018 Workshop on IoT Security and Privacy. :29-35.
In this paper, we present two web-based attacks against local IoT devices that any malicious web page or third-party script can perform, even when the devices are behind NATs. In our attack scenario, a victim visits the attacker's website, which contains a malicious script that communicates with IoT devices on the local network that have open HTTP servers. We show how the malicious script can circumvent the same-origin policy by exploiting error messages on the HTML5 MediaError interface or by carrying out DNS rebinding attacks. We demonstrate that the attacker can gather sensitive information from the devices (e.g., unique device identifiers and precise geolocation), track and profile the owners to serve ads, or control the devices by playing arbitrary videos and rebooting. We propose potential countermeasures to our attacks that users, browsers, DNS providers, and IoT vendors can implement.