Conference and Workshop papers

A Large-scale Study on the Risks of the HTML5 WebAPI for Mobile Sensor-based Attacks
Francesco Marcantoni, Michalis Diamantaris, Sotiris Ioannidis, and Jason Polakis
In Proceedings of the 30th Web Conference (WWW),
May 2019, San Francisco, CA. [Data, BibTex]

REAPER: Real-time App Analysis for Augmenting the Android Permission System
Michalis Diamantaris, Elias P. Papadopoulos, Evangelos P. Markatos, Sotiris Ioannidis, and Jason Polakis
In Proceedings of the 9th ACM Conference on Data and Application Security and Privacy (CODASPY),
March 2019, Dallas, TX. [PDF, Data, BibTex]

Please Forget Where I Was Last Summer: The Privacy Risks of Public Location (Meta)Data
Kostas Drakonakis, Panagiotis Ilia, Sotiris Ioannidis, and Jason Polakis
In Proceedings of the 25th Network and Distributed System Security Symposium (NDSS),
February 2019, San Diego, CA. [PDF, Data, BibTex]
▷ Media coverage: WIRED, The Register, Engadget

O Single Sign-Off, Where Art Thou? An Empirical Analysis of Single Sign-On Account Hijacking and Session Management on the Web
Mohammad Ghasemisharif, Amrutha Ramesh, Stephen Checkoway, Chris Kanich, and Jason Polakis
In Proceedings of the 27th USENIX Security Symposium
August 2018, Baltimore, MD. [PDF, Data, BibTex]
▷ Media coverage: New York Times (a), New York Times (b), WIRED, CNN, The Guardian, NBC, The Register, BuzzFeed, ThreatPost, Yahoo, Columbia Journalism Review, Reuters India Times, HelpNetSecurity (a), HelpNetSecurity (b), DataBreachToday, The Parallax, LifeHacker

In (Cyber)Space Bots Can Hear You Speak: Breaking Audio CAPTCHAs Using OTS Speech Recognition
Saumya Solanki, Gautam Krishnan, Varshini Sampath, and Jason Polakis
In Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security (AISEC),
co-located with the ACM Conference on Computer and Communications Security (CCS)
November 2017, Dallas, TX. [PDF, BibTex]
▷ Also presented at Usenix ScAINet 2018

Reveal: Fine-grained Recommendations in Online Social Networks
Markos Aivazoglou, Orestis Roussos, Sotiris Ioannidis, Dimitris Spiliotopoulos, and Jason Polakis
In Proceedings of the 2017 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM)
July 2017, Sydney, Australia. [PDF, BibTex]

Techu: Open and Privacy-preserving Crowdsourced GPS for the Masses
Ioannis Agadakos, Jason Polakis, and Georgios Portokalidis
In Proceedings of the 15thACM International Conference on Mobile Systems, Applications, and Services (MobiSys)
June 2017, NY, USA. [PDF, BibTex]

That's the Way the Cookie Crumbles: Evaluating HTTPS Enforcing Mechanisms
Suphannee Sivakorn, Angelos D. Keromytis, and Jason Polakis
In Proceedings of the 15thACM Workshop on Privacy in the Electronic Society (WPES),
co-located with the ACM Conference on Computer and Communications Security (CCS)
October 2016, Vienna, Austria. [PDF, BibTex]

The Cracked Cookie Jar: HTTP Cookie Hijacking and the Exposure of Private Information
Suphannee Sivakorn+, Iasonas Polakis+, and Angelos D. Keromytis
In Proceedings of the 37th IEEE Symposium on Security and Privacy (S&P)
May 2016, San Jose, CA. [PDF, BibTex]
+ Joint first authors.
▷ Also presented at BlackHat USA 2016
▷ Media Coverage: Threat Post, Security Intelligence, eWeek

I Am Robot: (Deep) Learning to Break Semantic Image CAPTCHAs
Suphannee Sivakorn, Iasonas Polakis, and Angelos D. Keromytis
In Proceedings of the 1st IEEE European Symposium on Security and Privacy (Euro-S&P)
March 2016, Saarbrucken, Germany. [Dataset, PDF, BibTex]
▷ Also presented at BlackHat Asia 2016, Usenix ScAINet 2018
▷ Media Coverage: NRP - Planet Money, NPR - All Things Considered, The Verge, The Register, Wired, Slashdot, Softpedia, Sophos, Schneier on Security, Gizmodo, Kaspersky, Information Week, Security Week, SC Magazine, Computing, The Inquirer, Security Affairs, Panda Security, DHS

Social Forensics: Searching for Needles in Digital Haystacks
Iasonas Polakis, Panagiotis Ilia, Zacharias Tzermias, Sotiris Ioannidis, and Paraskevi Fragopoulou
In Proceedings of the 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), co-located with the 18th International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
November 2015, Kyoto, Japan. [PDF, BibTex]

Where's Wally? Precise User Discovery Attacks in Location Proximity Services
Iasonas Polakis, George Argyros, Theofilos Petsios, Suphannee Sivakorn, and Angelos D. Keromytis
In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS)
October 2015, Denver, CO, USA. [PDF, BibTex, Software]

Face/Off: Preventing Privacy Leakage From Photos in Social Networks
Panagiotis Ilia, Iasonas Polakis, Elias Athanasopoulos, Federico Maggi, and Sotiris Ioannidis
In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS)
October 2015, Denver, Co, USA. [PDF, BibTex]

Powerslave: Analyzing the Energy Consumption of Mobile Antivirus Software
Iasonas Polakis, Michalis Diamantaris, Thanasis Petsas, Federico Maggi, and Sotiris Ioannidis
In Proceedings of the 12th Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA)
July 2015, Milan, Italy. [PDF, BibTex]
▷ Media Coverage: Dr.Shem

Faces in the Distorting Mirror: Revisiting Photo-based Social Authentication
Iasonas Polakis, Panagiotis Ilia, Federico Maggi, Marco Lancini, Georgios Kontaxis, Stefano Zanero, Sotiris Ioannidis, and Angelos D. Keromytis
In Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS)
November 2014, Arizona, USA. [PDF, BibTex]

Think before RT: An Experimental Study of Abusing Twitter Trends
Despoina Antonakaki, Iasonas Polakis, Elias Athanasopoulos, Paraskevi Fragopoulou, and Sotiris Ioannidis
In Proceedings of the Workshop On Social Influence (SI), co-located with the 6th International Conference on Social Informatics (SocInfo)
November 2014, Barcelona, Spain. [PDF, BibTex]

Security and Privacy Measurements in Social Networks: Experiences and Lessons Learned
Iasonas Polakis, Federico Maggi, Stefano Zanero, and Angelos D. Keromytis
In Proceedings of the 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), co-located with the 19th European Symposium on Research in Computer Security (ESORICS)
September 2014, Wroclaw, Poland [PDF, BibTex]

The Man Who Was There: Validating Check-ins in Location-based Services
Iasonas Polakis, Stamatis Volanis, Elias Athanasopoulos, and Evangelos P. Markatos
In Proceedings of the 29th Annual Computer Security Applications Conference (ACSAC)
December 2013, New Orleans, USA. [PDF, BibTex]

All Your Face Are Belong to Us: Breaking Facebook's Social Authentication
Iasonas Polakis, Marco Lancini, Georgios Kontaxis, Federico Maggi, Sotiris Ioannidis, Angelos D. Keromytis, and Stefano Zanero
In Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC)
December 2012, Florida, USA. [PDF, BibTex]
▷ Media Coverage: Computer World

dead.drop: URL-based Stealthy Messaging
Georgios Kontaxis, Iasonas Polakis, Michalis Polychronakis and Evangelos P. Markatos
In Proceedings of the 7th European Conference on Computer Network Defense (EC2ND)
September 2011, Gothenburg, Sweden. [PDF, BibTex]

CAPTCHuring Automated (Smart)Phone Attacks Iasonas Polakis, Georgios Kontaxis and Sotiris Ioannidis
In Proceedings of the 1stWorkshop on Systems Security (SysSec), co-located with the 8th Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA)
July 2011, Amsterdam, Netherlands. [PDF, BibTex]

Outsourcing Malicious Infrastructure to the Cloud
Georgios Kontaxis, Iasonas Polakis, and Sotiris Ioannidis
In Proceedings of the 1stWorkshop on Systems Security (SysSec), co-located with the 8th Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA)
July 2011, Amsterdam, Netherlands. [PDF, BibTex]

An Empirical Study on the Security of Cross-Domain Policies in Rich Internet Applications Georgios Kontaxis, Demetres Antoniades, Iasonas Polakis, and Evangelos P. Markatos
In Proceedings of the 4th European Workshop on System Security (EUROSEC)
April 2011, Salzburg, Austria. [PDF, BibTex )

we.b: The Web of Short URLs Demetres Antoniades, Iasonas Polakis, Georgios Kontaxis, Elias Athanasopoulos, Sotiris Ioannidis, Evangelos P. Markatos, and Thomas Karagiannis.
In Proceedings of the 20th International World Wide Web Conference (WWW)
March 2011 Hyderabad, India [PDF, BibTex]

Detecting Social Network Profile Cloning
Georgios Kontaxis, Iasonas Polakis, Sotiris Ioannidis, and Evangelos P. Markatos
In Proceedings of the 3rd IEEE International Workshop on SEcurity and SOCial Networking (SESOC), co-located with the IEEE International Conference on Pervasive Computing and Communications (PerCom)
March 2011 Seattle, WA [PDF, BibTex]

Using Social Networks to Harvest Email Addresses
Iasonas Polakis, Georgios Kontaxis, Spiros Antonatos, Eleni Gessiou, Thanasis Petsas and Evangelos P. Markatos
In Proceedings of the 9th Workshop on Privacy in the Electronic Society (WPES), co-located with the ACM Conference on Computer and Communications Security (CCS)
October 2010 Chicago, IL. [PDF, BibTex]

Experiences and Observations from the NoAH Infrastructure
Georgios Kontaxis, Iasonas Polakis, Spiros Antonatos and Evangelos P. Markatos
In Proceedings of the 6th European Conference on Computer Network Defense (EC2ND)
October 2010 Berlin, Germany. [PDF, BibTex]

D(e | i)aling with VoIP: Robust Prevention of DIAL Attacks
Alexandros Kapravelos, Iasonas Polakis, Elias Athanasopoulos, Sotiris Ioannidis, and Evangelos P. Markatos
In Proceedings of the 15th European Symposium on Research in Computer Security (ESORICS)
September 2010 Athens, Greece [PDF, BibTex]

A Systematic Characterization of IM Threats Using Honeypots
Spiros Antonatos, Iasonas Polakis, Thanasis Petsas and Evangelos P. Markatos
In Proceedings of the 17th Annual Network and Distributed System Security Symposium (NDSS)
March 2010 San Diego, CA. [PDF, BibTex]

Journal Publications

Evaluating the Privacy Guarantees of Location Proximity Services
George Argyros, Theofilos Petsios, Suphannee Sivakorn, Angelos D. Keromytis, and Jason Polakis.
In ACM Transactions on Privacy and Security (TOPS), 19, 4, Article 12 (February 2017) – (formerly TISSEC).

Exploiting abused trending topics to identify spam campaigns in Twitter
Despoina Antonakaki, Iasonas Polakis, Elias Athanasopoulos, Paraskevi Fragopoulou, and Sotiris Ioannidis.
In Social Network Analysis and Mining 2016, 6(1).

Technical Reports

Where's Wally? Precise User Discovery Attacks in Location Proximity Services
Iasonas Polakis, George Argyros, Theofilos Petsios, Suphannee Sivakorn, Angelos D. Keromytis.
Technical Report CUCS-012-15, Dept. of Computer Science, Columbia University, August 2015. [PDF]

Digital is Calling the Analog: Robust Prevention of Dial Attacks
Alexandros Kapravelos, Iasonas Polakis, Elias Athanasopoulos, Sotiris Ioannidis, and Evangelos P. Markatos.
Technical Report 399. FORTH, October 2009. [PDF]

Articles, Books, Posters

Honeypot Technologies - PenTest Magazine
Iasonas Polakis and Spiros Antonatos, September 2012.

The Red Book: A Roadmap for Systems Security Research
Evangelos Markatos and Davide Balzarotti (editors).
Available on: http://red-book.eu. The SysSec Consortium, August 2013.

(POSTER) Dynamic Monitoring of Dark IP Address Space
Iasonas Polakis, Georgios Kontaxis, Sotiris Ioannidis, and Evangelos P. Markatos
In Proceedings of the 3rd COST TMA International Workshop on Traffic Monitoring and Analysis (TMA)
April 2011, Vienna, Austria. [PDF, BibTex]