대학소식 게시판목록 | Sungkyunkwan University ( SKKU ) College of Computing and Informatics

본문 바로가기
주메뉴 바로가기
서브메뉴 바로가기

High Tech, High Touch

Research

Research
Research News

Research

Research News

[Research] Security Engineering Laboratory (SecLab) under Professor Kim Hyung-sik – Paper Accepted for Publication at the S&P 2025

Security Engineering Laboratory (SecLab) at SKKU (Advisor: Kim Hyung-sik, https://seclab.skku.edu) – "Open Sesame! On the Security and Memorability of Verbal Passwords" Accepted for IEEE Symposium on Security and Privacy (S&P) 2025 The paper "Open Sesame! On the Security and Memorability of Verbal Passwords," conducted by Ph.D. candidate Kim Eun-soo and Professor Kim Hyung-sik at the Security Engineering Laboratory, has been accepted for publication at the IEEE Symposium on Security and Privacy (S&P) 2025, one of the most prestigious conferences in the field of computer security. The study was conducted in collaboration with Professor Kim Doo-won of the University of Tennessee and alumnus Lee Ki-ho from the Security Engineering Laboratory (currently at ETRI). The research quantitatively analyzed the security and memorability of verbal passwords through two large-scale user experiments, demonstrating that verbal passwords offer a practical and secure alternative to traditional text-based passwords by overcoming their inherent limitations. In the first user experiment, verbal passwords freely generated by 2,085 participants were evaluated for both short-term and long-term memorability as well as security. Security testing conducted using the PassphraseGPT model—trained on over 20 million common English phrases—revealed that approximately 39.76% of the user-generated verbal passwords could be predicted within one billion guess attempts. In the second experiment, involving 600 participants, a password creation policy that enforced a minimum word count and incorporated a blocklist was implemented. This approach significantly improved security while maintaining ease of memorability. In long-term memory tests, 65.6% of users in the verbal password group were able to successfully recall their passwords, compared to 54.11% for text-based passwords. Moreover, the proportion of verbal passwords susceptible to guessing attacks was lower than that of text passwords, indicating a stronger resistance to such attacks. This research has been highly acclaimed for demonstrating that verbal passwords provide a practical and secure alternative to text-based passwords in scenarios where keyboard input is either impossible or inconvenient—such as with smart assistants, wearable devices, in-vehicle systems, and VR/AR environments. The study will be presented in May 2025 in San Francisco, California, USA. Abstract Despite extensive research on text passwords, the security and memorability of verbal passwords—spoken rather than typed—remain underexplored. Verbal passwords hold significant potential for scenarios where keyboard input is impractical (e.g., smart speakers, wearables, vehicles) or users have motor impairments that make typing difficult. Through two large-scale user studies, we assessed the viability of verbal passwords. In our first study (N = 2,085), freely chosen verbal passwords were found to have a limited guessing space, with 39.76% cracked within 10^9 guesses. However, in our second study (n = 600), applying word count and blocklist policies for verbal password creation significantly enhanced verbal password performance, achieving better memorability and security than traditional text passwords. Specifically, 65.6% of verbal password users (under the password creation policy using minimum word counts and a blocklist) successfully recalled their passwords in long-term tests, compared to 54.11% for text passwords. Additionally, verbal passwords with enforced policies exhibited a lower crack rate (6.5%) than text passwords (10.3%). These findings highlight verbal passwords as a practical and secure alternative for contexts where text passwords are infeasible, offering strong memorability with robust resistance to guessing attacks.
- 작성일 2025-04-29
- 조회수 308
[Research] Security Engineering Laboratory (Advisor: Kim Hyung-sik) – Two Papers Accepted for Oral Sessions at The Web Conference

The Security Engineering Laboratory, under the supervision of Professor Kim Hyung-sik, in collaboration with Professor Kim Doo-won from the University of Tennessee, has had two research papers accepted for oral sessions at The Web Conference (WWW) 2025, one of the premier international conferences in the web domain. In this research, alumnus Lee Ki-ho, a former member of the Security Engineering Laboratory (currently at ETRI), participated as a visiting researcher at the University of Tennessee and collaborated with Professor Kim Hyung-sik. Both papers, based on extensive empirical data, quantitatively analyze the characteristics and structures of phishing attacks. They have been highly acclaimed for providing a fundamental understanding of phishing attacks and proposing new countermeasures. The presentations are scheduled to take place in May 2025 in Sydney, Australia. Paper 1. 7 Days Later: Analyzing Phishing-Site Lifespan After DetectedThis paper presents an empirical study analyzing the lifetime and evolution of phishing sites after detection. Over a period of five months, 286,237 phishing URLs were tracked at 30-minute intervals to examine the attack patterns of phishing sites, shedding light on why the effectiveness of conventional phishing detection strategies is diminishing. Phishing sites have a short lifespan—with an average survival time of 54 hours and a median of 5.46 hours—highlighting the limitations of training and detection approaches. For instance, Google Safe Browsing detects phishing sites, on average, 4.5 days after their emergence; however, 84% of phishing sites cease operations before detection, demonstrating the inherent limitations of such detection methods. Paper 2. What's in Phishers: A Longitudinal Study of Security Configurations in Phishing Websites and Kits This paper presents a systematic analysis of phishing infrastructure by comprehensively examining the security configurations and structural vulnerabilities based on a combined dataset of 906,731 phishing websites and 13,344 phishing kits collected over a period of 2 years and 7 months. The study has attracted attention for proposing a proactive strategy that leverages the structural weaknesses of phishing sites to neutralize the attack infrastructure, thereby moving away from traditional passive detection and blocking methods and towards an early shutdown approach for phishing sites.
- 작성일 2025-04-29
- 조회수 320
[Research] IEEE S&P 2025 Paper Acceptance Announcement from Professor Lee Ho-jun’s Research Laboratory (SSLab)

[IEEE S&P 2025 Acceptance Announcement – SSLab, Professor Hojoon Lee] The paper from the System Security Laboratory (SSLab), under the supervision of Professor Hojoon Lee, has been accepted for publication at IEEE S&P 2025, one of the four premier international conferences in the security field. The paper is scheduled for presentation in May in San Francisco, California, USA. Title: IncognitOS: A Practical Unikernel Design for Full-System Obfuscation in Confidential Virtual Machines Authors: Kha Dinh Duy, Jaeyoon Kim, Hajeong Lim, Hojoon Lee Summary: Recent works have repeatedly proven the practicality of side-channel attacks in undermining the confidentiality guarantees of Trusted Execution Environments such as Intel SGX. Meanwhile, the trusted execution in the cloud is witnessing a trend shift towards confidential virtual machines (CVMs). Unfortunately, several side-channel attacks have survived the shift and are feasible even for CVMs, along with the new attacks discovered on the CVM architectures. Previous works have explored defensive measures for securing userspace enclaves (i.e., Intel SGX) against side-channel attacks. However, the design space for a CVM-based obfuscation execution engine is largely unexplored. This paper proposes a unikernel design named IncognitOS to provide full-system obfuscation for CVM-based cloud workloads. IncognitOS fully embraces unikernel principles such as minimized TCB and direct hardware access to render full-system obfuscation feasible. IncognitOS retrofits two key OS components, the scheduler and memory management, to implement a novel adaptive obfuscation scheme. IncognitOS's scheduling is designed to be self-sovereign from the timer interrupts from the untrusted hypervisor with its synchronous tick delivery. This allows IncognitOS to reliably monitor the frequency of the hypervisor's possession of execution control (i.e., VMExits) and adjust the frequency of memory rerandomization performed by the paging subsystem, which transparently performs memory rerandomization through direct MMU access. The resulting IncognitOS design makes a case for self-obfuscating unikernel as a secure CVM deployment strategy while further advancing the obfuscation technique compared to previous works. Evaluation results demonstrate IncognitOS's resilience against CVM attacks and show that its adaptive obfuscation scheme enables practical performance for real-world programs.
- 작성일 2025-04-29
- 조회수 343
[Research] Three Short Papers accepted at TheWebConf (WWW) 2025 from Professor Simon S. Woo’s Lab (DASH Lab)

The Data-driven AI & Security HCI Lab (DASH Lab, Advisor: Simon S. Woo) has had three short papers accepted for publication at the International World Wide Web Conference (WWW), a top-tier international conference in BK Computer Science, covering web technologies, internet advancements, data science, and artificial intelligence. The papers will be presented in April in Sydney, Australia. 1. Towards Safe Synthetic Image Generation On the Web: A Multimodal Robust NSFW Defense and Million Scale Dataset, WWW 2025 Authors:Muhammad Shahid Muneer (Ph.D. Student, Department of Software), Simon S. Woo (Professor, Department of Software, Sungkyunkwan University) 2. Fairness and Robustness in Machine Unlearning, WWW 2025 Authors: Khoa Tran (Integrated M.S./Ph.D. Student, Department of Software), Simon S. Woo (Professor, Department of Software, Sungkyunkwan University) Machine unlearning addresses the challenge of removing the influence of specific data from a pretrained model, which is a crucial issue in privacy protection. While existing approximated unlearning techniques emphasize accuracy and time efficiency, they fail to achieve exact unlearning. In this study, we are the first to incorporate fairness and robustness into machine unlearning research. Our study analyzes the relationship between fairness and robustness based on fairness conjectures, and experimental results confirm that a larger fairness gap makes the model more vulnerable. Additionally, we demonstrate that state-of-the-art approximated unlearning methods are highly susceptible to adversarial attacks, significantly degrading model performance. Therefore, we argue that fairness-gap measurement and robustness metrics should be essential evaluation criteria for unlearning algorithms. Finally, our findings show that unlearning at the intermediate and final layers is sufficient while also improving time and memory efficiency. 3. SADRE: Saliency-Aware Diffusion Reconstruction for Effective Invisible Watermark Removal, WWW 2025 Authors: Inzamamul Alam (Ph.D. Student, Department of Software), Simon S. Woo (Professor, Department of Software, Sungkyunkwan University) To address the robustness limitations of existing watermarking techniques, this study proposes SADRE (Saliency-Aware Diffusion Reconstruction), a novel watermark removal framework. SADRE applies saliency mask-guided noise injection and diffusion-based reconstruction to preserve essential image features while effectively removing watermarks. Additionally, it adapts to varying watermark strengths through adaptive noise adjustment and ensures high-quality image restoration via a reverse diffusion process. Experimental results demonstrate that SADRE outperforms state-of-the-art watermarking techniques across key performance metrics, including PSNR, SSIM, Wasserstein Distance, and Bit Recovery Accuracy. This research establishes a theoretically robust and practically effective watermark removal solution, proving its reliability for real-world web content applications.
- 작성일 2025-03-05
- 조회수 1165
[Research] One paper accepted at EuroS&P 2025 from Professor Simon S Woo's (DASH Lab)

The Data-driven AI & Security HCI Lab (DASH Lab, Advisor: Simon S. Woo) has had one System of Knowledge (SoK) paper accepted for publication at the 10th IEEE European Symposium on Security and Privacy (Euro S&P), a prestigious international conference covers Machine Learning Security, System & Network Security, Cryptographic Protocols, Data Privacy. The papers will be presented in July in Venice, Italy. SoK: Systematization and Benchmarking of Deepfake Detectors in a Unified Framework, EuroS&P 2025 Authors: Binh Le and Jiwon Kim (Ph.D. Student, Department of Software), Simon S. Woo (Professor, Department of Software, Sungkyunkwan University) This work is jointly performed with CSIRO Data61 as an international collaboration. Paper Link: https://arxiv.org/abs/2401.04364
- 작성일 2025-03-05
- 조회수 1165
[Research] Professor Woo Hongwook’s Research Lab (CSI Lab), ICLR 2025 Paper Acceptance

[Professor Woo Hongwook’s Research Lab (CSI Lab), ICLR 2025 Paper Acceptance] Two papers from CSI Lab (Supervised by Professor Woo Hongwook) have been accepted for presentation at ICLR 2025 (The 13th International Conference on Learning Representations), a prestigious conference in the field of Artificial Intelligence. The papers will be presented in April 2025 at the Singapore Expo in Singapore. 1. Paper “Model Risk-sensitive Offline Reinforcement Learning” The author of this paper is Kwangpyo Yoo, a Ph.D. candidate in the Department of Software. This study proposes a Model Risk-sensitive Reinforcement Learning (Model Risk-sensitive RL) framework for critical mission domains, such as robotics and finance, where decision-making is crucial. The paper particularly details a model risk-sensitive offline reinforcement learning technique (MR-IQN). MR-IQN aims to minimize the "model risk" loss in cases where the model's learned data differs from the real environment, leading to decreased accuracy. To achieve this, it calculates the model's confidence in each data point and evaluates the model risk per data point using a Critic-Ensemble Criterion. It also introduces a Fourier Feature Network that limits the gap between the actual policy's value function and the inferred policy’s value in an offline setting. MR-IQN outperformed other state-of-the-art risk-sensitive reinforcement learning techniques in experiments conducted in MT-Sim (financial trading environment) and AirSim (autonomous driving simulator), achieving lower risk and higher average performance. 2. Paper “NeSyC: A Neuro-symbolic Continual Learner For Complex Embodied Tasks In Open Domains” This paper was co-authored by Wonje Choi (Ph.D. candidate, Department of Software), Jinwoo Park (Master’s student, Department of Artificial Intelligence), Sanghyun Ahn (Master’s student, Department of Software), and Daehui Lee (Integrated Master’s and Ph.D. candidate). The study proposes a Neuro-symbolic Continual Learner (NeSyC) framework that continuously generalizes knowledge (Actionable Knowledge) from embodied experiences to be applied to various tasks in open-domain physical environments. NeSyC mimics the human cognitive process of hypothesizing and deducing (hypothetico-deductive reasoning) to improve performance in open domains. This is achieved by: Using LLMs and symbolic tools to repeatedly generate and verify hypotheses from acquired experiences in a contrastive generality improvement approach. Utilizing memory-based monitoring to detect action errors of embodied agents in real-time and refine their knowledge, ultimately improving the agent's task performance and generalization across open-domain environments. NeSyC was evaluated across various benchmark environments, including ALFWorld, VirtualHome, Minecraft, RLBench, and real-world robotic tabletop scenarios. It demonstrated robust performance across dynamic open-domain environments and outperformed state-of-the-art methods, such as AutoGen, ReAct, and CLMASP, in task success rates. CSI Lab conducts research on network and cloud system optimization, autonomous driving of robots and drones, and other self-learning technologies by leveraging Embodied Agent, Reinforcement Learning, and Self-Learning. Contact Information:Professor Woo Hongwook | hwoo@skku.edu | CSI Lab | https://sites.google.com/view/csi-agent-group
- 작성일 2025-02-20
- 조회수 1552
[Research] Security Engineering Lab, Two Papers Accepted at CHI 2025

[25.01.21] Security Engineering Lab, Two Papers Accepted at CHI 2025 The Security Engineering Lab (Advisor: Professor Hyungsik Kim) has had two papers accepted at CHI 2025 (ACM SIGCHI Conference on Human Factors in Computing Systems), one of the top-tier conferences in the field of Human-Computer Interaction (HCI). The papers will be presented in April 2025 in Yokohama, Japan. 1. Paper: "Understanding and Improving User Adoption and Security Awareness in Password Checkup Services" Authors: Sanghak Oh (PhD Student, Department of Electrical and Computer Engineering) Heewon Baek (MS Student, Department of Electrical and Computer Engineering) Taeyoung Kim (PhD Student, Department of Electrical and Computer Engineering) Woojin Jeon (PhD Student, Department of Electrical and Computer Engineering) Junho Heo (Samsung Research) Professor Ian Oakley (KAIST) Professor Hyungsik Kim (Sungkyunkwan University) Password Checkup Services (PCS) help users protect accounts by identifying compromised, reused, or weak passwords. However, these services have low adoption rates. This study conducted an online survey (N=238) to identify factors influencing PCS adoption and barriers to changing compromised passwords. Key findings include: Adoption factors: Perceived usefulness, ease of use, and self-efficacy were significant motivators. Barriers to password changes: Warning fatigue from frequent alerts, low awareness of password compromise risks, and reliance on other security measures discouraged users from taking action. To address these issues, the research team redesigned the PCS interface by: Clarifying warning messages related to compromised passwords. Automating the password change process, such as enabling users to update multiple reused passwords simultaneously or directly linking to password change pages. A task-based interview study (N=50) validated the effectiveness of the new design, showing a significant increase in password change rates in two scenarios: 40% and 74% change rates, compared to 16% and 60% in Google's existing PCS design. 2. Paper: "I Was Told to Install the Antivirus App, but I’m Not Sure I Need It: Understanding the Adoption, Discontinuation, and Non-Use of Smartphone Antivirus Software in South Korea" Authors: Seyoung Jin (MS Student, Department of Software) Heewon Baek (MS Student, Department of Software) Professor Euijin Lee (KAIST) Professor Hyungsik Kim (Sungkyunkwan University) This study investigates the limited effectiveness of smartphone antivirus software, despite recommendations from security firms, due to user misconceptions, regulatory requirements, and improper usage. Using a mixed-methods approach, including in-depth interviews (N=23) and a survey (N=250), the study examined the adoption status of smartphone antivirus software, particularly in South Korea, where it is often mandatory for banking and financial apps. Key findings: Many users confused antivirus software with general security tools and were unaware of its limited scope in addressing mobile malware threats. Factors influencing adoption: Perceived vulnerability, response efficacy, self-efficacy, social norms, and awareness. Factors leading to discontinuation or non-use: Concerns about system performance impact and skepticism about necessity. Additionally, the mandatory installation of antivirus software for financial apps in South Korea has contributed to user misconceptions, negative perceptions, and a false sense of security. This research highlights the need for better user education, clearer communication on mobile-specific security threats, and improved guidance to enhance effective antivirus software usage.
- 작성일 2025-02-20
- 조회수 1393
[Research] CSI Lab (Prof. Hongwook Woo), Paper Accepted at AAAI 2025

[Prof. Hongwook Woo] CSI Lab , Paper Accepted at AAAI 2025 The CSI Lab (Advisor: Professor Hongwook Woo) has had its paper accepted at AAAI 2025 (The 39th Annual AAAI Conference on Artificial Intelligence), one of the prestigious conferences in the field of artificial intelligence. The paper is scheduled to be presented in February 2025 in Philadelphia, USA. Paper Details The paper, “In-Context Policy Adaptation Via Cross-Domain Skill Diffusion,” was authored by Minjong Yoo (Integrated MS/PhD Program, Department of Software) as the first author, with Wookyung Kim (Integrated MS/PhD Program, Department of Software) as a co-author. This research proposes an In-Context Policy Adaptation (ICPAD) framework for long-horizon, multi-task environments across various domains and introduces diffusion-based skill learning techniques in cross-domain settings. ICPAD is designed to rapidly adapt reinforcement learning (RL) policies to diverse target domains using only limited target domain data—without requiring model updates. To achieve this, ICPAD: Learns domain-invariant prototype skills and domain-grounded skill adapters to maintain consistency across domains while adapting policies to new target domains through cross-domain skill diffusion. Optimizes diffusion-based skill translation by utilizing limited target domain data as prompts, enhancing policy adjustment via dynamic domain prompting. Experimental Results Experiments demonstrated that ICPAD outperforms state-of-the-art (SOTA) methods in adapting to dynamic environmental changes and various domain settings in: MetaWorld (robotic manipulation environment) CARLA (autonomous driving simulator) CSI Lab Research and Funding The CSI Lab focuses on machine learning, reinforcement learning, and self-supervised learning for optimizing networks, cloud systems, robotics, and autonomous drone navigation. This AAAI 2025 research is supported by: Core AI Technology Project for Human-Centered AI (IITP) National Research Foundation of Korea (NRF) Individual Basic Research Program Graduate School of AI ICT Elite Talent Development Program BK21 FOUR Program (BK21) Institute for Information & Communications Technology Planning & Evaluation (IITP) Samsung Electronics Contact Information Professor Hongwook Woo | hwoo@skku.edu CSI Lab | https://sites.google.com/view/csi-agent-group
- 작성일 2025-02-20
- 조회수 1251
[Research] LearnData Lab, Research on Graph Neural Networks Accepted at WSDM 2025

LearnData Lab's Research on Graph Neural Networks Accepted at WSDM 2025 (Master's Graduate: Jongwon Park, PhD Candidate: Heesoo Jeong) A research paper from LearnData Lab (Advisor: Professor Hogun Park) has been accepted at The 18th ACM International Conference on Web Search and Data Mining (WSDM 2025), one of the top-tier conferences in the field of artificial intelligence. Paper Details The paper, “CIMAGE: Exploiting the Conditional Independence in Masked Graph Auto-encoders”, was published with Jongwon Park (Master’s Graduate, AI Department) as the first author, and Heesoo Jeong (PhD Candidate, Software Department) as the co-first author. Research Highlights Professor Hogun Park's research team at Sungkyunkwan University has achieved significant advancements in Graph Neural Network (GNN) learning based on self-supervised learning. This study introduces a novel model called CIMAGE (Conditional Independence Aware Masked Graph Auto-Encoder), which overcomes the limitations of conventional random masking techniques and significantly enhances the expressive power of GNNs. The CIMAGE model leverages conditional independence to design a more effective masking strategy, significantly improving both efficiency and accuracy in graph representation learning. A key aspect of this research is the use of high-confidence pseudo-labels to generate two independent contexts, enabling a novel pretext task that enhances the masking and reconstruction processes. The effectiveness of CIMAGE has been demonstrated across various graph benchmark datasets, achieving outstanding performance in downstream tasks such as node classification and link prediction. This breakthrough establishes a new standard in graph representation learning. Significance and Future Applications This research represents an important milestone in Sungkyunkwan University's commitment to innovative and pioneering research. The findings have high potential for application in graph neural networks and self-supervised learning. LearnData Lab focuses on developing cutting-edge machine learning and data mining technologies across various modalities, including graphs, natural language, sensor data, and images. The lab is also actively involved in explainable AI research. The WSDM 2025 paper was supported by funding from the Graduate School of AI, the Institute for Information & Communications Technology Planning & Evaluation (IITP), and the Korea Creative Content Agency (KOCCA). Contact Information Professor Hogun Park | hogunpark@skku.edu LearnData Lab | https://learndatalab.github.io
- 작성일 2025-02-20
- 조회수 1095
[Research] SALab, Papers Approved for Publication at the ICSE 2025 International Conference

[Prof. Sooyoung Cha] SALab, Papers Approved for Publication at the ICSE 2025 International Conference ■ Title: TopSeed: Learning Seed Selection Strategies for Symbolic Execution from Scratch ■ Author of a paper: Jaehyeok Lee, Prof. Sooyoung Cha ■ Conference: IEEE/ACM International Conference on Software Engineering (ICSE 2025) ■ Abstract: We present TopSeed, a new approach that automatically selects optimal seeds to enhance symbolic execution. Recently, the performance of symbolic execution has significantly improved through various state-of-the-art techniques, including search strategies and state-pruning heuristics. However, these techniques have typically demonstrated their effectiveness without considering “seeding”, which efficiently initializes program states for exploration. This paper aims to select valuable seeds from candidate inputs generated during interactions with any symbolic execution technique, without the need for a predefined seed corpus, thereby maximizing the technique's effectiveness. One major challenge is the vast number of candidates, making it difficult to identify promising seeds. To address this, we introduce a customized online learning algorithm that iteratively groups candidate inputs, ranks each group, and selects a seed from the top-ranked group based on data accumulated during symbolic execution. Experimental results on 17 open-source C programs show that TopSeed significantly enhances four distinct cutting-edge techniques, implemented on top of two symbolic executors, in terms of branch coverage and bug-finding abilities.
- 작성일 2025-02-20
- 조회수 1074