kun sun

Dr. Kun Sun
Professor, Information Sciences and Technology (IST)
Associate Director, Center for Secure Information Systems (CSIS)
Director, Sun Security Laboratory (Sunlab)
George Mason University

E-Mail:  ksun3@gmu.edu
Phone:  (703) 993-1715
Fax:    (703) 993-4776
Address: Research Hall, Suite 417
George Mason University
4400 University Drive
Fairfax, VA 22030-4422~~

 

Dr. Kun Sun is a Professor at George Mason University. He received his Ph.D. in Computer Science from North Carolina State University. His research focuses on systems and network security, with more than 20 years of working experience in both industry and academia. He also serves as the Director of the Sun Security Laboratory (SunLab) and the Associate Director of the Center for Secure Information Systems (CSIS). He is the Principal Investigator for the NSF’s CyberCorps® Scholarship for Service (SFS) program at Mason. He won the Presidential Award for Faculty Excellence in Research from George Mason University in 2022. Also, he won the Distinguished Paper Awards in NDSS 2024 and NDSS 2025.


What's New?
  • [ACSAC] Invited to serve in the TPC of ACSAC 2025.
  • [AsiaCCS 25] One conference paper titled "ChainMarks: Securing DNN Watermark with Cryptographic Chain" conditionally accepted by ACM AsiaCCS 2025. Congrats to Shu.
  • [CCS 25] One conference paper titled "Off-Path TCP Exploits: PMTUD Breaks TCP Connection Isolation in IP Address Sharing Scenarios" accepted by ACM CCS 2025. Congrats to Xuewei.
  • [DIMVA 25] One conference paper titled "An Empirical Study of Multi-Language Security Patches in Open Source Software" accepted by DIMVA 2025. Congrats to Shiyu and Yunlong.
  • [Usenix Security 25] One conference paper titled "TYPEPULSE: Detecting Type Confusion Bugs in Rust Programs" accepted by Usenix Security 2025. Congrats to Rafael.
  • [Usenix Security 25] One conference paper titled "DISPATCH: Unraveling Security Patches from Entangled Code Changes" accepted by Usenix Security 2025. Congrats to Shiyu and Yunlong.
  • [NDSS TPC] Invited to serve in the TPC of NDSS 2026.
  • [CACM 25] One magazine paper titled "Exploiting Cross-Layer Vulnerabilities: Off-Path Attacks on the TCP/IP Protocol Suite" published in Communications of the ACM, 03/2025.
  • [Distinguished Paper Award] Our paper titled "ReDAN: An Empirical Study on Remote DoS Attacks against NAT Networks" won the Distinguished Paper Award in NDSS 2025.
  • [STS Top 40 Finalist] Our high school summer intern, Elisa Zhang, has been named a top 40 finalist in the 84th Regeneron Science Talent Search, 2025. [news1][news2]
  • Dr. Xu He successfully defended his PhD thesis and joined Visa Inc. as a research scientist. Congrats to Xu.
  • [CCS Track Chair] Invited to serve as the Track Chair of Network Security for CCS 2025.
  • [NDSS 25] One paper titled "An Empirical Study on Remote DoS Attacks against NAT Networks" accepted by NDSS 2025.
  • [NDSS 25] One paper titled "Off-Path TCP Hijacking in Wi-Fi Networks: A Packet-Size Side Channel Attack" accepted by NDSS 2025.
  • [S&P TPC] Invited to serve in the TPC of S&P 2025.
  • [PatchDB] We release a large-scale security patch dataset called PatchDB that contains around 12K security patches and 24K non-security patches from the real world (Download Link).
Research Interests
  • Cyber Deception/Moving Target Defense: Against the experts in defense, the enemy does not know where to attack.  -- SunTzu
  • Software Security: software supply chain security, security patch management, automatic program repair.
  • AI Security: adversarial machine learning, automatic speech recognition security, Graph Neural Network. 
  • Confidential Computing: TPM/SMM/TrustZone/SGX, VM/Container.
  • Network Security: Internet security, IoT security, SDN security, wireless security. 
Students

Current Students:

Former PhD Students:

  • Xu He, PhD, January 2025, Initial placement at Visa Inc.
  • Shu Wang, PhD, November 2023, initial placement at Palo Alto Networks.
  • Xinda Wang, PhD, April 2023, initial placement at UT Dallas.
  • Songsong Liu, PhD, July 2022, initial placement at Security Innovation, Inc.
  • Shengye Wan, PhD, August 2020, initial placement at Facebook.
  • Jianhua Sun, PhD, August 2019, initial placement at Facebook.
  • Yue Li, PhD (with Prof. Haining Wang), March 2019, initial placement at Facebook.
  • Kyle Wallace, PhD (with Prof. Gang Zhou), August 2018, initial placement at MITRE.
Teaching
  • AIT 681Secure Software Engineering (Spring 2017-2023, 2025, GMU)
  • AIT 682 Network and Systems Security (Fall 2017-2022, 2024, GMU)
  • IT 366 Network Security (Fall 2021, GMU)
  • CYSE 411Secure Software Engineering (Spring 2017/2018, GMU)
  • CSCI 454/554 Computer and Network Security (Spring 2015/2016, W&M)
  • CSCI 680 Advanced System and Network Security (Fall 2015, W&M)
  • CSCI 780 Advanced Network Security (Fall 2014, W&M)
Professional Services
  • Track Chair: CCS 2025 (Network Security Track).
  • Travel Grant Co-Chair: CCS 2025.
  • Track Chair: ICDCS 2024.
  • Area Chair: CNS 2024-2025.
  • Sponsorship Chair: CCS 2024.
  • Geneal Chair: IEEE CNS 2021, SecureComm 2020.
  • Travel Grant Chair: RAID 2019.
  • TPC Co-Chair: SciSec 2021, First ACM Workshop on Moving Target Defense (MTD 2014) in conjunction with ACM CCS 2014.
  • TPC Member: S&P 2025, USENIX Security 2024, ASIACCS 2023-2025, NDSS 2020/2022-2025, CCS 2015-2017/2019-2025, DSN 2017/2020, ACSAC 2019-2025, INFOCOM 2016-2025, MTD 2015-2025, MILCOM 2021-2024, ICDCS 2019, 2024, SecureComm 2016-2018, ICICS 2018-2023, CNS 2014/2016-2020/2025.
Selected Publications (More Publications)

  • [CCS25] Xuewei Feng, Zhaoxi Li, Qi Li, Ziqiang Wang, Kun Sun, and Ke Xu. "Off-Path TCP Exploits: PMTUD Breaks TCP Connection Isolation in IP Address Sharing Scenarios". To appear in the Proceedings of ACM Conference on Computer and Communications Security (CCS), Taipei, Taiwan, October 13-17, 2025.
  • [USENIX Security 25] Hung Mao Chen, Xu He, Shu Wang, Xiaokuan Zhang, and Kun Sun. "TYPEPULSE: Detecting Type Confusion Bugs in Rust Programs". To appear in 34th USENIX Security Symposium (USENIX Security'25), Seattle, WA, USA, August 13–15, 2025.
  • [USENIX Security 25] Shiyu Sun, Yunlong Xing, Xinda Wang, Shu Wang, Qi Li, and Kun Sun. "DISPATCH: Unraveling Security Patches from Entangled Code Changes". To appear in 34th USENIX Security Symposium (USENIX Security'25), Seattle, WA, USA, August 13–15, 2025.
  • [NDSS25] Xuewei Feng, Yuxiang Yang, Qi Li, Xingxiang Zhan, Kun Sun, Ziqiang Wang, Ao Wang,Ganqiu Du, and Ke Xu. "ReDAN: An Empirical Study on Remote DoS Attacks against NAT Networks". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 23 - February 28, 2025. [Distinguished Paper Award] [pdf
  • [NDSS25] Ziqiang Wang, Xuewei Feng, Qi Li, Kun Sun, Yuxiang Yang, Mengyuan Li, Ganqiu Du, Ke Xu, and Jianping Wu. "Off-Path TCP Hijacking in Wi-Fi Networks: A Packet-Size Side Channel Attack". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 23 - February 28, 2025. [pdf]
  • [CCS24] Shu Wang, Kun Sun, and Yan Zhai. "Dye4AI: Assuring Data Boundary on Generative AI Services." To appear in the Proceedings of ACM Conference on Computer and Communications Security (CCS), Salt Lake City, UT, October 14-18, 2024. [pdf]
  • [CCS24] Xiyuan Zhao, Xinhao Deng, Qi Li, Yunpeng Liu, Zhuotao Liu, Kun Sun, and Ke Xu. "Towards Fine-Grained Webpage Fingerprinting at Scale." To appear in the Proceedings of ACM Conference on Computer and Communications Security (CCS), Salt Lake City, UT, October 14-18, 2024. [pdf]
  • [CCS24] Xijia Che, Yi He, Xuewei Feng, Kun Sun, Ke Xu, and Qi Li. "BlueSWAT: A Lightweight State-Aware Security Framework for Bluetooth Low Energy." To appear in the Proceedings of ACM Conference on Computer and Communications Security (CCS), Salt Lake City, UT, October 14-18, 2024. [pdf]
  • [USENIX Security 24] Yunlong Xing, Shu Wang, Shiyu Sun, Xu He, Kun Sun and Qi Li. "What IF Is Not Enough? Fixing Null Pointer Dereference With Contextual Check". To appear in 33rd USENIX Security Symposium (USENIX Security'24), Philadelphia, PA, August 14–16, 2024. [pdf]
  • [USENIX Security 24] Yuhao Wu, Jinwen Wang, Yujie Wang, Shixuan Zhai, Zihan Li, Yi He, Kun Sun, Qi Li, and Ning Zhang. "Your Firmware Has Arrived: A Study of Firmware Update Vulnerabilities". To appear in 33rd USENIX Security Symposium (USENIX Security'24), Philadelphia, PA, August 14–16, 2024. [pdf]
  • [NDSS24] Shiqing Luo, Anh Nguyen, Hafsa Farooq, Kun Sun, and Zhisheng Yan. "Eavesdropping on Controller Acoustic Emanation for Keystroke Inference Attack in Virtual Reality". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 26 - March 1, 2024. [Distinguished Paper Award] [pdf]
  • [NDSS24] Yue Xiao, Yi He, Xiaoli Zhang, Qian Wang, Renjie Xie, Kun Sun, Ke Xu, and Qi Li. "From Hardware Fingerprint to Access Token: Enhancing the Authentication on IoT Devices". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 26 - March 1, 2024. [pdf]
  • [NDSS24] Shu Wang, Kun Sun, and Qi Li. "Compensating Removed Frequency Components: Thwarting Voice Spectrum Reduction Attacks". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 26 - March 1, 2024. [pdf]
  • [NDSS24] Yuxiang Yang, Xuewei Feng, Qi Li, Kun Sun, Ziqiang Wang, and Ke Xu . "Exploiting Sequence Number Leakage: TCP Hijacking in NAT-Enabled Wi-Fi Networks". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 26 - March 1, 2024. [pdf]
  • [NDSS24] Yuqi Qing, Qilei Yin, Xinhao Deng, Yihao Chen, Zhuotao Liu, Kun Sun, Ke Xu, Jia Zhang, and Qi Li. "RAPIER: A Robust Framework for Detecting Encrypted Malicious Network Traffic with Low-Quality Training Data". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 26 - March 1, 2024. [pdf]
  • [USENIX Security23] Yi He, Roland Guo, Yunlong Xing, Xijia Che, Kun Sun, Zhuotao Liu, Ke Xu, and Qi Li. "Cross Container Attacks: The Bewildered eBPF on Clouds". To appear in 32nd USENIX Security Symposium (USENIX Security'23), August 9–11, 2023, ANAHEIM, CA, USA. [pdf]
  • [USENIX Security23] Renjie Xie, Jiahao Cao, Enhuan Dong, Mingwei Xu, Kun Sun, Qi Li, Licheng Shen, and Menghao Zhang. "Rosetta: Enabling Robust TLS Encrypted Traffic Classification in Diverse Network Environments with TCP-Aware Traffic Augmentation". To appear in 32nd USENIX Security Symposium (USENIX Security'23), August 9–11, 2023, ANAHEIM, CA, USA. [pdf]
  • [S&P23] Shu Wang, Xinda Wang, Kun Sun, Sushil Jajodia, Haining Wang, and Qi Li. "GraphSPD: Graph-Based Security Patch Detection with Enriched Code Semantics". To appear in the 44th IEEE Symposium on Security and Privacy (IEEE S&P 2023), SAN FRANCISCO, CA, May 22-26, 2023. [pdf] [web link]
  • [S&P23] Xuewei Feng, Qi Li, Kun Sun, Yuxiang Yang, and Ke Xu. "Man-in-the-Middle Attacks without Rogue AP: When WPAs Meet ICMP Redirects". To appear in the 44th IEEE Symposium on Security and Privacy (IEEE S&P 2023), SAN FRANCISCO, CA, May 22-26, 2023. [pdf] [web link]
  • [CCS22] Guannan Liu, Daiping Liu, Shuai Hao, Xing Gao, Kun Sun, and Haining Wang. "Ready Raider One: Exploring the Misuse of Cloud Gaming Services." To appear in the Proceedings of ACM Conference on Computer and Communications Security (CCS), Los Angeles, CA, November 7-11, 2022. [pdf]
  • [USENIX Security22] Xuewei Feng, Qi Li, Kun Sun, Zhiyun Qian, Chuanpu Fu, Gang Zhao, Xiaohui Kuang, and Ke Xu. "Off-Path Network Traffic Manipulation via Revitalizing ICMP Redirect Attacks". To appear in 31st USENIX Security Symposium (USENIX Security'22), BOSTON, MA, USA, August 10-12, 2022. [pdf]
  • [USENIX Security22] Yi He, Zhenhua Zou, Kun Sun, Zhuotao Liu, Ke Xu, Qian Wang, Chao Shen, Zhi Wang, and Qi Li. "RapidPatch: Firmware Hotpatching for Real-Time Embedded Devices". To appear in 31st USENIX Security Symposium (USENIX Security'22), BOSTON, MA, USA, August 10-12, 2022. [pdf
  • [USENIX Security22] Guannan Liu, Xing Gao, Haining Wang, and Kun Sun. "Exploring the Unchartered Space of Container Registry Typosquatting". To appear in 31st USENIX Security Symposium (USENIX Security'22), BOSTON, MA, USA, August 10-12, 2022. [pdf]
  • [NDSS22] Xuewei Feng, Qi Li, Kun Sun, Ke Xu, Baojun Liu, Xiaofeng Zheng, Qiushi Yang, Haixin Duan, and Zhiyun Qian. "PMTUD is not Panacea: Revisiting IP Fragmentation Attacks against TCP". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 27- March 3, 2022. [pdf]
  • [CCS21] Jiaming Mu, Binghui Wang, Qi Li, Kun Sun, Mingwei Xu, and Zhuotao Liu. "A Hard Label Black-box Adversarial Attack Against Graph Neural Networks." To appear in the Proceedings of ACM Conference on Computer and Communications Security (CCS), Seoul, South Korea, November 14-19, 2021. [pdf]
  • [CCS21] Xin Tan, Yuan Zhang, Chenyuan Mi, Jiajun Cao, Kun Sun, Yifan Lin, and Min Yang. "Locating the Security Patches for Disclosed OSS Vulnerabilities with Vulnerability-Commit Correlation Ranking." To appear in the Proceedings of ACM Conference on Computer and Communications Security (CCS), Seoul, South Korea, November 14-19, 2021. [pdf]
  • [CCS20] Jie Wang, Kun Sun, Lingguang Lei, Shengye Wan, Yuewu Wang, and Jiwu Jing. "Cache-in-the-Middle (CITM) Attacks : Manipulating Sensitive Data in Isolated Execution Environments". To appear in ACM Conference on Computer and Communications Security (CCS), Orlando, USA, November 9-13, 2020. [pdf]
  • [CCS20] Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu. "Off-Path TCP Exploits of the Mixed IPID Assignment". To appear in ACM Conference on Computer and Communications Security (CCS), Orlando, USA, November 9-13, 2020. [pdf] [Finalist for Best Paper Award (Top 4 Papers)]
  • [CCS20] Shu Wang, Jiahao Cao, Xu He, Kun Sun, and Qi Li. "When the Differences in Frequency Domain are Compensated: Understanding and Defeating Modulated Replay Attacks on Automatic Speech Recognition". To appear in ACM Conference on Computer and Communications Security (CCS), Orlando, USA, November 9-13, 2020. [pdf]
  • [NDSS20] Jiahao Cao, Renjie Xie, Kun Sun, Qi Li, Guofei Gu, and Mingwei Xu. "When Match Fields Do Not Need to Match: Buffered Packets Hijacking in SDN". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 23-26, 2020. [pdf]