Dr. Kun Sun is a Professor at George Mason University. He received his Ph.D. in Computer Science from North Carolina State University. His research focuses on systems and network security. Dr. Sun has more than 15 years of working experience in both industry and academia and serves as the director of the Sun Security Laboratory (SunLab) and the Associate Director of the Center for Secure Information Systems (CSIS). The lab is continuously hiring self-motivated graduate and undergraduate students who have research interests on cyber security, programming language, operating system, and computer networks.

• Ms. Elisa Zhang, our summer intern from Dougherty Valley High School, CA, gave a presentation of our paper titled "Exploring Security Commits in Python" to ICSME 2023. Her presentation video can be found at https://youtu.be/uTaHssIjckA?si=3bdAgaYnMM1i4OyE
• Dr. Shu Wang sucessfully defended his PhD thesis titled "Securing Voice Processing Systems from Malicious Audio Attacks" and will join Palo Alto Networks as Senior Staff Researcher in Nov. 2023. Congrats to Shu.
• [USENIX Security 24] One paper titled "What IF Is Not Enough? Fixing Null Pointer Dereference With Contextual Check" accepted by USENIX Security 2024. Congrats to Yunlong
• [USENIX Security 24] One paper titled "Your Firmware Has Arrived: A Study of Firmware Update Vulnerabilities" accepted by USENIX Security 2024. Congrats to Yuhao.
• [USENIX Security TPC] Invited to serve in the TPC of USENIX Security 2024.
• [NDSS 24] One paper titled "Eavesdropping on Controller Acoustic Emanation for Keystroke Inference Attack in Virtual Reality" accepted by NDSS 2024. Congrats to Shiqing and Anh.
• [NDSS 24] One paper titled "From Hardware Fingerprint to Access Token: Enhancing the Authentication on IoT Devices" accepted by NDSS 2024. Congrats to Yue and Yi.
• [NDSS 24] One paper titled "Compensating Removed Frequency Components: Thwarting Voice Spectrum Reduction Attacks" accepted by NDSS 2024. Congrats to Shu.
• [NDSS 24] One paper titled "Exploiting Sequence Number Leakage: TCP Hijacking in NAT-Enabled Wi-Fi Networks" accepted by NDSS 2024. Congrats to Yuxiang and Xuewei.
• [NDSS 24] One paper titled "RAPIER: A Robust Framework for Detecting Encrypted Malicious Network Traffic with Low-Quality Training Data" accepted by NDSS 2024. Congrats to Yuqi and Qilei.
• Dr. Xinda Wang sucessfully defended her PhD thesis titled "AI-Enhanced Software Vulnerability and Security Patch Analysis" and will join the Department of Computer Science at the University of Texas at Dallas as an assistant professor in Fall 2023. Congrats to Xinda.
• [ASIACCS TPC] Invited to serve in the TPC of ASIACCS 2024.
• [WWW TPC] Invited to serve in the TPC of The Web Conference 2024.
• [INFOCOM TPC] Invited to serve in the TPC of INFOCOM 2024.
• [NDSS TPC] Invited to serve in the TPC of NDSS 2024.
• [ACSAC TPC] Invited to serve in the TPC of ACSAC 2023.
• [USENIX Security 23] One paper titled "Cross Container Attacks: The Bewildered eBPF on Clouds" accepted by USENIX Security 2023. Congrats to Yi He and Yunlong Xing.
• [USENIX Security 23] One paper titled "Rosetta: Enabling Robust TLS Encrypted Traffic Classification in Diverse Network Environments with TCP-Aware Traffic Augmentation" accepted by USENIX Security 2023. Congrats to Renjie Xie and Jiahao Cao.
• [Award] Dr. Sun recognized by Mason with Presidential Award for Faculty Excellence in Research in 2022.
• [CCS TPC] Dr. Sun received a Top Reviewer certificate of ACM CCS 2022 and was invited to serve in the TPC of CCS 2023.
• [S&P 23] One paper titled "GraphSPD: Graph-Based Security Patch Detection with Enriched Code Semantics" accepdted by IEEE S&P 2023. Congrats to Shu Wang and Xinda Wang. (web link)
• [S&P 23] One paper titled "Man-in-the-Middle Attacks without Rogue AP: When WPAs Meet ICMP Redirects" accepdted by IEEE S&P 2023. Congrats to Xuewei Feng. (web link)
• [PatchDB] We release a large-scale security patch dataset called PatchDB that contains around 12K security patches and 24K non-security patches from the real world (download link).

• Cyber Deception/Moving Target Defense: Against the experts in defense, the enemy does not know where to attack.  -- SunTzu
• Trusted Computing Systems: TPM/SMM/TrustZone/SGX, VM/Container.
• Network Security: Internet security, SDN security, Wireless security.
• Software Security: Software supply chain security, Security patch management, Automatic program repair.
• AI Security: Adversarial machine learning, Automatic speech recognition security, Graph Neural Network.   

Current Students:

• Xu He, PhD
• Tommy Chin, PhD
• Shiyu Sun, PhD
• Rafael Chen, PhD
• Yunlong Xing, PhD
• Di Wu, PhD

Former Students:

• Shu Wang, PhD, November 2023, initial placement at Palo Alto Networks.
• Xinda Wang, PhD, April 2023, initial placement at UT Dallas.
• Songsong Liu, PhD, July 2022, initial placement at Security Innovation, Inc.
• Jie Wang, PhD, June 2021, initial placement at Huazhong University of Science and Technology, China.
• Shengye Wan, PhD, August 2020, initial placement at Facebook.
• Jianhua Sun, PhD, August 2019, initial placement at Facebook.
• Yue Li, PhD (with Prof. Haining Wang), March 2019, initial placement at Facebook.
• Kyle Wallace, PhD (with Prof. Gang Zhou), August 2018, initial placement at MITRE.
  

• AIT 681Secure Software Engineering (Spring 2017-2023, GMU)
• AIT 682 Network and Systems Security (Fall 2017-2022, GMU)
• IT 366 Network Security (Fall 2021, GMU)
• CYSE 411Secure Software Engineering (Spring 2017/2018, GMU)
  
• CSCI 454/554 Computer and Network Security (Spring 2015/2016, W&M)
• CSCI 680 Advanced System and Network Security (Fall 2015, W&M)
• CSCI 780 Advanced Network Security (Fall 2014, W&M)
  

• NSF Panelist 2013, 2017, 2018, 2019 (2).
• Geneal Chair: IEEE CNS 2021, SecureComm 2020.
• TPC Co-Chair: SciSec, 2021, First ACM Workshop on Moving Target Defense (MTD 2014) in conjunction with ACM CCS 2014.
• TPC Member: ASIACCS 2023, NDSS 2020/2022-2024, CCS 2015-2017/2019-2023, DSN 2017/2020, ACSAC 2019-2023, INFOCOM 2016-2023, MTD 2015-2022, MILCOM 2021-2022, ICDCS 2019, SecureComm 2016-2018, ICICS 2018-2023, CNS 2014/2016-2020/2023.
• Travel Grant Chair: RAID 2019.
• Workshop Co-chair: IEEE CNS 2018, NSF SPS 2018.

• [USENIX Security 24] Yunlong Xing, Shu Wang, Shiyu Sun, Xu He, Kun Sun and Qi Li. "What IF Is Not Enough? Fixing Null Pointer Dereference With Contextual Check". To appear in 33rd USENIX Security Symposium (USENIX Security'24), Philadelphia, PA, August 14–16, 2024.
• [USENIX Security 24] Yuhao Wu, Jinwen Wang, Yujie Wang, Shixuan Zhai, Zihan Li, Yi He, Kun Sun, Qi Li, and Ning Zhang. "Your Firmware Has Arrived: A Study of Firmware Update Vulnerabilities". To appear in 33rd USENIX Security Symposium (USENIX Security'24), Philadelphia, PA, August 14–16, 2024.
• [NDSS24] Shiqing Luo, Anh Nguyen, Hafsa Farooq, Kun Sun, and Zhisheng Yan. "Eavesdropping on Controller Acoustic Emanation for Keystroke Inference Attack in Virtual Reality". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 26 - March 1, 2024.
• [NDSS24] Yue Xiao, Yi He, Xiaoli Zhang, Qian Wang, Renjie Xie, Kun Sun, Ke Xu, and Qi Li. "From Hardware Fingerprint to Access Token: Enhancing the Authentication on IoT Devices". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 26 - March 1, 2024.
• [NDSS24] Shu Wang, Kun Sun, and Qi Li. "Compensating Removed Frequency Components: Thwarting Voice Spectrum Reduction Attacks". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 26 - March 1, 2024.
• [NDSS24] Yuxiang Yang, Xuewei Feng, Qi Li, Kun Sun, Ziqiang Wang, and Ke Xu . "Exploiting Sequence Number Leakage: TCP Hijacking in NAT-Enabled Wi-Fi Networks". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 26 - March 1, 2024.
• [NDSS24] Yuqi Qing, Qilei Yin, Xinhao Deng, Yihao Chen, Zhuotao Liu, Kun Sun, Ke Xu, Jia Zhang, and Qi Li. "RAPIER: A Robust Framework for Detecting Encrypted Malicious Network Traffic with Low-Quality Training Data". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 26 - March 1, 2024.
• [USENIX Security23] Yi He, Roland Guo, Yunlong Xing, Xijia Che, Kun Sun, Zhuotao Liu, Ke Xu, and Qi Li. "Cross Container Attacks: The Bewildered eBPF on Clouds". To appear in 32nd USENIX Security Symposium (USENIX Security'23), August 9–11, 2023, ANAHEIM, CA, USA. [pdf]
• [USENIX Security23] Renjie Xie, Jiahao Cao, Enhuan Dong, Mingwei Xu, Kun Sun, Qi Li, Licheng Shen, and Menghao Zhang. "Rosetta: Enabling Robust TLS Encrypted Traffic Classification in Diverse Network Environments with TCP-Aware Traffic Augmentation". To appear in 32nd USENIX Security Symposium (USENIX Security'23), August 9–11, 2023, ANAHEIM, CA, USA. [pdf]
• [S&P23] Shu Wang, Xinda Wang, Kun Sun, Sushil Jajodia, Haining Wang, and Qi Li. "GraphSPD: Graph-Based Security Patch Detection with Enriched Code Semantics". To appear in the 44th IEEE Symposium on Security and Privacy (IEEE S&P 2023), SAN FRANCISCO, CA, May 22-26, 2023. [pdf] [web link]
• [S&P23] Xuewei Feng, Qi Li, Kun Sun, Yuxiang Yang, and Ke Xu. "Man-in-the-Middle Attacks without Rogue AP: When WPAs Meet ICMP Redirects". To appear in the 44th IEEE Symposium on Security and Privacy (IEEE S&P 2023), SAN FRANCISCO, CA, May 22-26, 2023. [pdf] [web link]
• [CCS22] Guannan Liu, Daiping Liu, Shuai Hao, Xing Gao, Kun Sun, and Haining Wang. "Ready Raider One: Exploring the Misuse of Cloud Gaming Services." To appear in the Proceedings of ACM Conference on Computer and Communications Security (CCS), Los Angeles, CA, November 7-11, 2022. [pdf]
• [USENIX Security22] Xuewei Feng, Qi Li, Kun Sun, Zhiyun Qian, Chuanpu Fu, Gang Zhao, Xiaohui Kuang, and Ke Xu. "Off-Path Network Traffic Manipulation via Revitalizing ICMP Redirect Attacks". To appear in 31st USENIX Security Symposium (USENIX Security'22), BOSTON, MA, USA, August 10-12, 2022. [pdf]
• [USENIX Security22] Yi He, Zhenhua Zou, Kun Sun, Zhuotao Liu, Ke Xu, Qian Wang, Chao Shen, Zhi Wang, and Qi Li. "RapidPatch: Firmware Hotpatching for Real-Time Embedded Devices". To appear in 31st USENIX Security Symposium (USENIX Security'22), BOSTON, MA, USA, August 10-12, 2022. [pdf] 
• [USENIX Security22] Guannan Liu, Xing Gao, Haining Wang, and Kun Sun. "Exploring the Unchartered Space of Container Registry Typosquatting". To appear in 31st USENIX Security Symposium (USENIX Security'22), BOSTON, MA, USA, August 10-12, 2022. [pdf]
• [NDSS22] Xuewei Feng, Qi Li, Kun Sun, Ke Xu, Baojun Liu, Xiaofeng Zheng, Qiushi Yang, Haixin Duan, and Zhiyun Qian. "PMTUD is not Panacea: Revisiting IP Fragmentation Attacks against TCP". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 27- March 3, 2022. [pdf]
• [CCS21] Jiaming Mu, Binghui Wang, Qi Li, Kun Sun, Mingwei Xu, and Zhuotao Liu. "A Hard Label Black-box Adversarial Attack Against Graph Neural Networks." To appear in the Proceedings of ACM Conference on Computer and Communications Security (CCS), Seoul, South Korea, November 14-19, 2021. [pdf]
• [CCS21] Xin Tan, Yuan Zhang, Chenyuan Mi, Jiajun Cao, Kun Sun, Yifan Lin, and Min Yang. "Locating the Security Patches for Disclosed OSS Vulnerabilities with Vulnerability-Commit Correlation Ranking." To appear in the Proceedings of ACM Conference on Computer and Communications Security (CCS), Seoul, South Korea, November 14-19, 2021. [pdf]
• [CCS20] Jie Wang, Kun Sun, Lingguang Lei, Shengye Wan, Yuewu Wang, and Jiwu Jing. "Cache-in-the-Middle (CITM) Attacks : Manipulating Sensitive Data in Isolated Execution Environments". To appear in ACM Conference on Computer and Communications Security (CCS), Orlando, USA, November 9-13, 2020. [pdf]
• [CCS20] Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu. "Off-Path TCP Exploits of the Mixed IPID Assignment". To appear in ACM Conference on Computer and Communications Security (CCS), Orlando, USA, November 9-13, 2020. [pdf]
• [CCS20] Shu Wang, Jiahao Cao, Xu He, Kun Sun, and Qi Li. "When the Differences in Frequency Domain are Compensated: Understanding and Defeating Modulated Replay Attacks on Automatic Speech Recognition". To appear in ACM Conference on Computer and Communications Security (CCS), Orlando, USA, November 9-13, 2020. [pdf]
• [NDSS20] Jiahao Cao, Renjie Xie, Kun Sun, Qi Li, Guofei Gu, and Mingwei Xu. "When Match Fields Do Not Need to Match: Buffered Packets Hijacking in SDN". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 23-26, 2020. [pdf]