kun sunDr. Kun Sun
Professor, Information Sciences and Technology (IST)
Associate Director, Center for Secure Information Systems (CSIS)
Director, Sun Security Laboratory (Sunlab)

George Mason University

E-Mail:  ksun3@gmu.edu
Phone:  (703) 993-1715
Fax:    (703) 993-4776
Address: Research Hall, Suite 417
George Mason University
4400 University Drive
Fairfax, VA 22030-4422
~~~~~~~~~~~~~~~~~~~~~~

 

Dr. Kun Sun is a Professor at George Mason University. He received his Ph.D. in Computer Science from North Carolina State University. His research focuses on systems and network security, with more than 20 years of working experience in both industry and academia. He also serves as the Director of the Sun Security Laboratory (SunLab) and the Associate Director of the Center for Secure Information Systems (CSIS). He won the Presidential Award for Faculty Excellence in Research from George Mason University in 2022.


What's New?
  • Dr. Xu He successfully defended his PhD thesis and will join Visa Inc. as a research scientist. Congrats to Xu.
  • [CRAM First Prize] Our team won the First Place with $60K prize from Cyber Resiliency and Measurement Challenge (CRAM) sponsored by NSWCDD in Oct. 2024. Congrats to Noah, Sam, and Tommy. [GMU News] [NSWCDD News]
  • [CSAW 24 ARC Finalist] Our paper titled "What IF Is Not Enough? Fixing Null Pointer Dereference With Contextual Check" selected as one of the finalists of CSAW 2024 Applied Research Competition (15 out of 194 submissions). Congrats to Yunlong.
  • [CCS Track Chair] Invited to serve as the Track Chair of Network Security for CCS 2025.
  • [Best Paper Award] Our paper titled "Enhancing Fraud Transaction Detection via Unlabeled Suspicious Records" won the Best Paper Award in IWQoS 2024.
  • [NDSS 25] One paper titled "An Empirical Study on Remote DoS Attacks against NAT Networks" accepted by NDSS 2025. Congrats to Xuewei.
  • [NDSS 25] One paper titled "Off-Path TCP Hijacking in Wi-Fi Networks: A Packet-Size Side Channel Attack" accepted by NDSS 2025. Congrats to Ziqiang and Xuewei.
  • [CCS 24] One paper titled "Dye4AI: Assuring Data Boundary on Generative AI Services" accepted by CCS 2024. Congrats to Shu.
  • [CCS 24] One paper titled "Towards Fine-Grained Webpage Fingerprinting at Scale" accepted by CCS 2024. Congrats to Xiyuan and Xinhao.
  • [CCS 24] One paper titled "BlueSWAT: A Lightweight State-Aware Security Framework for Bluetooth Low Energy" accepted by CCS 2024. Congrats to Xijia.
  • [S&P TPC] Invited to serve in the TPC of S&P 2025.
  • [NDSS TPC] Invited to serve in the TPC of NDSS 2025.
  • [Excellent Award for Research] Recognized by the College of Engineering and Computing with CEC Faculty Excellence Award for Research in 2024.
  • [Distinguished Paper Award] Our paper titled "Eavesdropping on Controller Acoustic Emanation for Keystroke Inference Attack in Virtual Reality" won the Distinguished Paper Award in NDSS 2024.
  • [ICDCS TC] Invited to serve as the Track Chair (Mobile and Wireless Computing) of ICDCS 2024.
  • [ACSAC TPC] Invited to serve in the TPC of ACSAC 2024.
  • [CCS TPC] Invited to serve in the TPC of CCS 2024.
  • [TIFS AE] Invited to serve as Associate Editor of TIFS.
  • [USENIX Security TPC] Invited to serve in the TPC of USENIX Security 2024.
  • [STS Evaluator] Invited to serve as an evaluator for the Regeneron Science Talent Search (STS) 2024.
  • [USENIX Security 24] One paper titled "What IF Is Not Enough? Fixing Null Pointer Dereference With Contextual Check" accepted by USENIX Security 2024. Congrats to Yunlong
  • [USENIX Security 24] One paper titled "Your Firmware Has Arrived: A Study of Firmware Update Vulnerabilities" accepted by USENIX Security 2024. Congrats to Yuhao.
  • [NDSS 24] One paper titled "Eavesdropping on Controller Acoustic Emanation for Keystroke Inference Attack in Virtual Reality" accepted by NDSS 2024. Congrats to Shiqing and Anh.
  • [NDSS 24] One paper titled "From Hardware Fingerprint to Access Token: Enhancing the Authentication on IoT Devices" accepted by NDSS 2024. Congrats to Yue and Yi.
  • [NDSS 24] One paper titled "Compensating Removed Frequency Components: Thwarting Voice Spectrum Reduction Attacks" accepted by NDSS 2024. Congrats to Shu.
  • [NDSS 24] One paper titled "Exploiting Sequence Number Leakage: TCP Hijacking in NAT-Enabled Wi-Fi Networks" accepted by NDSS 2024. Congrats to Yuxiang and Xuewei.
  • [NDSS 24] One paper titled "RAPIER: A Robust Framework for Detecting Encrypted Malicious Network Traffic with Low-Quality Training Data" accepted by NDSS 2024. Congrats to Yuqi and Qilei.
  • [PatchDB] We release a large-scale security patch dataset called PatchDB that contains around 12K security patches and 24K non-security patches from the real world (Download Link).
Research Interests
  • Cyber Deception/Moving Target Defense: Against the experts in defense, the enemy does not know where to attack.  -- SunTzu
  • Software Security: software supply chain security, security patch management, automatic program repair.
  • AI Security: adversarial machine learning, automatic speech recognition security, Graph Neural Network. 
  • Confidential Computing: TPM/SMM/TrustZone/SGX, VM/Container.
  • Network Security: Internet security, IoT security, SDN security, wireless security. 
Students

Current Students:

Former Students:

  • Shu Wang, PhD, November 2023, initial placement at Palo Alto Networks.
  • Xinda Wang, PhD, April 2023, initial placement at UT Dallas.
  • Songsong Liu, PhD, July 2022, initial placement at Security Innovation, Inc.
  • Jie Wang, PhD, June 2021, initial placement at Huazhong University of Science and Technology, China.
  • Shengye Wan, PhD, August 2020, initial placement at Facebook.
  • Jianhua Sun, PhD, August 2019, initial placement at Facebook.
  • Yue Li, PhD (with Prof. Haining Wang), March 2019, initial placement at Facebook.
  • Kyle Wallace, PhD (with Prof. Gang Zhou), August 2018, initial placement at MITRE.
Teaching
  • AIT 681Secure Software Engineering (Spring 2017-2023, GMU)
  • AIT 682 Network and Systems Security (Fall 2017-2022, 2024, GMU)
  • IT 366 Network Security (Fall 2021, GMU)
  • CYSE 411Secure Software Engineering (Spring 2017/2018, GMU)
  • CSCI 454/554 Computer and Network Security (Spring 2015/2016, W&M)
  • CSCI 680 Advanced System and Network Security (Fall 2015, W&M)
  • CSCI 780 Advanced Network Security (Fall 2014, W&M)
Professional Services
  • Track Chair: CCS 2025 (Network Security Track).
  • Track Chair: ICDCS 2024.
  • Area Chair: CNS 2024.
  • Sponsorship Chair: CCS 2024.
  • Geneal Chair: IEEE CNS 2021, SecureComm 2020.
  • TPC Co-Chair: SciSec 2021, First ACM Workshop on Moving Target Defense (MTD 2014) in conjunction with ACM CCS 2014.
  • TPC Member: S&P 2025, USENIX Security 2024, ASIACCS 2023-2025, NDSS 2020/2022-2025, CCS 2015-2017/2019-2025, DSN 2017/2020, ACSAC 2019-2024, INFOCOM 2016-2025, MTD 2015-2025, MILCOM 2021-2024, ICDCS 2019, 2024, SecureComm 2016-2018, ICICS 2018-2023, CNS 2014/2016-2020/2025.
  • Travel Grant Chair: RAID 2019.
  • Workshop Co-chair: IEEE CNS 2018, NSF SPS 2018.
Selected Publications (More Publications)
  • [NDSS25] Xuewei Feng, Yuxiang Yang, Qi Li, Xingxiang Zhan, Kun Sun, Ziqiang Wang, Ao Wang,Ganqiu Du, and Ke Xu. "An Empirical Study on Remote DoS Attacks against NAT Networks". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 23 - February 28, 2025.
  • [NDSS25] Ziqiang Wang, Xuewei Feng, Qi Li, Kun Sun, Yuxiang Yang, Mengyuan Li, Ganqiu Du, Ke Xu, and Jianping Wu. "Off-Path TCP Hijacking in Wi-Fi Networks: A Packet-Size Side Channel Attack". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 23 - February 28, 2025.
  • [CCS24] Shu Wang, Kun Sun, and Yan Zhai. "Dye4AI: Assuring Data Boundary on Generative AI Services." To appear in the Proceedings of ACM Conference on Computer and Communications Security (CCS), Salt Lake City, UT, October 14-18, 2024. [pdf]
  • [CCS24] Xiyuan Zhao, Xinhao Deng, Qi Li, Yunpeng Liu, Zhuotao Liu, Kun Sun, and Ke Xu. "Towards Fine-Grained Webpage Fingerprinting at Scale." To appear in the Proceedings of ACM Conference on Computer and Communications Security (CCS), Salt Lake City, UT, October 14-18, 2024. [pdf]
  • [CCS24] Xijia Che, Yi He, Xuewei Feng, Kun Sun, Ke Xu, and Qi Li. "BlueSWAT: A Lightweight State-Aware Security Framework for Bluetooth Low Energy." To appear in the Proceedings of ACM Conference on Computer and Communications Security (CCS), Salt Lake City, UT, October 14-18, 2024. [pdf]
  • [USENIX Security 24] Yunlong Xing, Shu Wang, Shiyu Sun, Xu He, Kun Sun and Qi Li. "What IF Is Not Enough? Fixing Null Pointer Dereference With Contextual Check". To appear in 33rd USENIX Security Symposium (USENIX Security'24), Philadelphia, PA, August 14–16, 2024. [pdf]
  • [USENIX Security 24] Yuhao Wu, Jinwen Wang, Yujie Wang, Shixuan Zhai, Zihan Li, Yi He, Kun Sun, Qi Li, and Ning Zhang. "Your Firmware Has Arrived: A Study of Firmware Update Vulnerabilities". To appear in 33rd USENIX Security Symposium (USENIX Security'24), Philadelphia, PA, August 14–16, 2024. [pdf]
  • [NDSS24] Shiqing Luo, Anh Nguyen, Hafsa Farooq, Kun Sun, and Zhisheng Yan. "Eavesdropping on Controller Acoustic Emanation for Keystroke Inference Attack in Virtual Reality". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 26 - March 1, 2024. [Distinguished Paper Award] [pdf]
  • [NDSS24] Yue Xiao, Yi He, Xiaoli Zhang, Qian Wang, Renjie Xie, Kun Sun, Ke Xu, and Qi Li. "From Hardware Fingerprint to Access Token: Enhancing the Authentication on IoT Devices". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 26 - March 1, 2024. [pdf]
  • [NDSS24] Shu Wang, Kun Sun, and Qi Li. "Compensating Removed Frequency Components: Thwarting Voice Spectrum Reduction Attacks". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 26 - March 1, 2024. [pdf]
  • [NDSS24] Yuxiang Yang, Xuewei Feng, Qi Li, Kun Sun, Ziqiang Wang, and Ke Xu . "Exploiting Sequence Number Leakage: TCP Hijacking in NAT-Enabled Wi-Fi Networks". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 26 - March 1, 2024. [pdf]
  • [NDSS24] Yuqi Qing, Qilei Yin, Xinhao Deng, Yihao Chen, Zhuotao Liu, Kun Sun, Ke Xu, Jia Zhang, and Qi Li. "RAPIER: A Robust Framework for Detecting Encrypted Malicious Network Traffic with Low-Quality Training Data". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 26 - March 1, 2024. [pdf]
  • [USENIX Security23] Yi He, Roland Guo, Yunlong Xing, Xijia Che, Kun Sun, Zhuotao Liu, Ke Xu, and Qi Li. "Cross Container Attacks: The Bewildered eBPF on Clouds". To appear in 32nd USENIX Security Symposium (USENIX Security'23), August 9–11, 2023, ANAHEIM, CA, USA. [pdf]
  • [USENIX Security23] Renjie Xie, Jiahao Cao, Enhuan Dong, Mingwei Xu, Kun Sun, Qi Li, Licheng Shen, and Menghao Zhang. "Rosetta: Enabling Robust TLS Encrypted Traffic Classification in Diverse Network Environments with TCP-Aware Traffic Augmentation". To appear in 32nd USENIX Security Symposium (USENIX Security'23), August 9–11, 2023, ANAHEIM, CA, USA. [pdf]
  • [S&P23] Shu Wang, Xinda Wang, Kun Sun, Sushil Jajodia, Haining Wang, and Qi Li. "GraphSPD: Graph-Based Security Patch Detection with Enriched Code Semantics". To appear in the 44th IEEE Symposium on Security and Privacy (IEEE S&P 2023), SAN FRANCISCO, CA, May 22-26, 2023. [pdf] [web link]
  • [S&P23] Xuewei Feng, Qi Li, Kun Sun, Yuxiang Yang, and Ke Xu. "Man-in-the-Middle Attacks without Rogue AP: When WPAs Meet ICMP Redirects". To appear in the 44th IEEE Symposium on Security and Privacy (IEEE S&P 2023), SAN FRANCISCO, CA, May 22-26, 2023. [pdf] [web link]
  • [CCS22] Guannan Liu, Daiping Liu, Shuai Hao, Xing Gao, Kun Sun, and Haining Wang. "Ready Raider One: Exploring the Misuse of Cloud Gaming Services." To appear in the Proceedings of ACM Conference on Computer and Communications Security (CCS), Los Angeles, CA, November 7-11, 2022. [pdf]
  • [USENIX Security22] Xuewei Feng, Qi Li, Kun Sun, Zhiyun Qian, Chuanpu Fu, Gang Zhao, Xiaohui Kuang, and Ke Xu. "Off-Path Network Traffic Manipulation via Revitalizing ICMP Redirect Attacks". To appear in 31st USENIX Security Symposium (USENIX Security'22), BOSTON, MA, USA, August 10-12, 2022. [pdf]
  • [USENIX Security22] Yi He, Zhenhua Zou, Kun Sun, Zhuotao Liu, Ke Xu, Qian Wang, Chao Shen, Zhi Wang, and Qi Li. "RapidPatch: Firmware Hotpatching for Real-Time Embedded Devices". To appear in 31st USENIX Security Symposium (USENIX Security'22), BOSTON, MA, USA, August 10-12, 2022. [pdf
  • [USENIX Security22] Guannan Liu, Xing Gao, Haining Wang, and Kun Sun. "Exploring the Unchartered Space of Container Registry Typosquatting". To appear in 31st USENIX Security Symposium (USENIX Security'22), BOSTON, MA, USA, August 10-12, 2022. [pdf]
  • [NDSS22] Xuewei Feng, Qi Li, Kun Sun, Ke Xu, Baojun Liu, Xiaofeng Zheng, Qiushi Yang, Haixin Duan, and Zhiyun Qian. "PMTUD is not Panacea: Revisiting IP Fragmentation Attacks against TCP". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 27- March 3, 2022. [pdf]
  • [CCS21] Jiaming Mu, Binghui Wang, Qi Li, Kun Sun, Mingwei Xu, and Zhuotao Liu. "A Hard Label Black-box Adversarial Attack Against Graph Neural Networks." To appear in the Proceedings of ACM Conference on Computer and Communications Security (CCS), Seoul, South Korea, November 14-19, 2021. [pdf]
  • [CCS21] Xin Tan, Yuan Zhang, Chenyuan Mi, Jiajun Cao, Kun Sun, Yifan Lin, and Min Yang. "Locating the Security Patches for Disclosed OSS Vulnerabilities with Vulnerability-Commit Correlation Ranking." To appear in the Proceedings of ACM Conference on Computer and Communications Security (CCS), Seoul, South Korea, November 14-19, 2021. [pdf]
  • [CCS20] Jie Wang, Kun Sun, Lingguang Lei, Shengye Wan, Yuewu Wang, and Jiwu Jing. "Cache-in-the-Middle (CITM) Attacks : Manipulating Sensitive Data in Isolated Execution Environments". To appear in ACM Conference on Computer and Communications Security (CCS), Orlando, USA, November 9-13, 2020. [pdf]
  • [CCS20] Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu. "Off-Path TCP Exploits of the Mixed IPID Assignment". To appear in ACM Conference on Computer and Communications Security (CCS), Orlando, USA, November 9-13, 2020. [pdf]
  • [CCS20] Shu Wang, Jiahao Cao, Xu He, Kun Sun, and Qi Li. "When the Differences in Frequency Domain are Compensated: Understanding and Defeating Modulated Replay Attacks on Automatic Speech Recognition". To appear in ACM Conference on Computer and Communications Security (CCS), Orlando, USA, November 9-13, 2020. [pdf]
  • [NDSS20] Jiahao Cao, Renjie Xie, Kun Sun, Qi Li, Guofei Gu, and Mingwei Xu. "When Match Fields Do Not Need to Match: Buffered Packets Hijacking in SDN". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 23-26, 2020. [pdf]