Bo LuoUniversity of Kansas | KU · Department of Electrical Engineering and Computer Science
Bo Luo
Doctor of Philosophy
About
121
Publications
20,066
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
3,589
Citations
Publications
Publications (121)
The increasing use of the Internet of Things (IoT) technology has made our lives convenient, however, it also poses new security and privacy threats. In this work, we study a new type of privacy threat enabled by cross-app chains built among multiple seemingly benign IoT apps. We find that interactions among apps could leak privacy-sensitive inform...
Vision Transformers have made remarkable progress in recent years, achieving state-of-the-art performance in most vision tasks. A key component of this success is due to the introduction of the Multi-Head Self-Attention (MHSA) module, which enables each head to learn different representations by applying the attention mechanism independently. In th...
Generative AI models can produce high-quality images based on text prompts. The generated images often appear indistinguishable from images generated by conventional optical photography devices or created by human artists (i.e., real images). While the outstanding performance of such generative models is generally well received, security concerns a...
The Vision Transformer (ViT) leverages the Transformer's encoder to capture global information by dividing images into patches and achieves superior performance across various computer vision tasks. However, the self-attention mechanism of ViT captures the global context from the outset, overlooking the inherent relationships between neighboring pi...
In the past decade, we have witnessed an exponential growth of deep learning models, platforms, and applications. While existing DL applications and Machine Learning as a service (MLaaS) frameworks assume fully trusted models, the need for privacy-preserving DNN evaluation arises. In a secure multi-party computation scenario, both the model and the...
This research addresses the challenge of conducting interpretable causal inference between a binary treatment and its resulting outcome when not all confounders are known. Confounders are factors that have an influence on both the treatment and the outcome. We relax the requirement of knowing all confounders under desired treatment, which we refer...
Aphid infestation poses a significant threat to crop production, rural communities, and global food security. While chemical pest control is crucial for maximizing yields, applying chemicals across entire fields is both environmentally unsustainable and costly. Hence, precise localization and management of aphids are essential for targeted pesticid...
Aphid infestation poses a significant threat to crop production, rural communities, and global food security. While chemical pest control is crucial for maximizing yields, applying chemicals across entire fields is both environmentally unsustainable and costly. Hence, precise localization and management of aphids are essential for targeted pesticid...
Aphids are one of the main threats to crops, rural families, and global food security. Chemical pest control is a necessary component of crop production for maximizing yields, however, it is unnecessary to apply the chemical approaches to the entire fields in consideration of the environmental pollution and the cost. Thus, accurately localizing the...
With ChatGPT under the spotlight, utilizing large language models (LLMs) for academic writing has drawn a significant amount of discussions and concerns in the community. While substantial research efforts have been stimulated for detecting LLM-Generated Content (LLM-content), most of the attempts are still in the early stage of exploration. In thi...
Flexible laryngoscopy is commonly performed by otolaryngologists to detect laryngeal diseases and to recognize potentially malignant lesions. Recently, researchers have introduced machine learning techniques to facilitate automated diagnosis using laryngeal images and achieved promising results. The diagnostic performance can be improved when patie...
Flexible laryngoscopy is commonly performed by otolaryngologists to detect laryngeal diseases and to recognize potentially malignant lesions. Recently, researchers have introduced machine learning techniques to facilitate automated diagnosis using laryngeal images and achieved promising results. Diagnostic performance can be improved when patients'...
In the resource-constrained environment such as the Internet of Things, the windowed Non-Adjacent-Form (wNAF) representation is usually used to improve the calculation speed of the scalar multiplication of ECDSA. This paper presents a practical cache side channel attack on ECDSA implementations which use wNAF representation. Compared with existing...
Word embedding aims to learn the dense representation of words and has become a regular input preparation in many NLP tasks. Due to the data and computation intensive nature of learning embeddings from scratch, a more affordable way is to borrow the pretrained embedding available in public and fine-tune the embedding through a domain specific downs...
The growth of IoT apps poses increasing concerns about sensitive data leaks. While privacy policies are required to describe how IoT apps use private user data (i.e., data practice), problems such as missing, inaccurate, and inconsistent policies have been repeatedly reported. Therefore, it is important to assess the actual data practice in IoT app...
With the growing popularity of artificial intelligence (AI) and machine learning (ML), a wide spectrum of attacks against deep learning (DL) models have been proposed in the literature. Both the evasion attacks and the poisoning attacks attempt to utilize adversarially altered samples to fool the victim model to misclassify the adversarial sample....
Label assignment plays a significant role in modern object detection models. Detection models may yield totally different performances with different label assignment strategies. For anchor-based detection models, the IoU (Intersection over Union) threshold between the anchors and their corresponding ground truth bounding boxes is the key element s...
With the growing popularity of artificial intelligence and machine learning, a wide spectrum of attacks against deep learning models have been proposed in the literature. Both the evasion attacks and the poisoning attacks attempt to utilize adversarially altered samples to fool the victim model to misclassify the adversarial sample. While such atta...
Label assignment plays a significant role in modern object detection models. Detection models may yield totally different performances with different label assignment strategies. For anchor-based detection models, the IoU threshold between the anchors and their corresponding ground truth bounding boxes is the key element since the positive samples...
With the development of computing and communication technologies, an extremely large amount of data has been collected, stored, utilized, and shared, while new security and privacy challenges arise. Existing access control mechanisms provided by big data platforms have limitations in granularity and expressiveness. In this article, we present Spark...
The paper proposes a semantic clustering based deduction learning by mimicking the learning and thinking process of human brains. Human beings can make judgments based on experience and cognition, and as a result, no one would recognize an unknown animal as a car. Inspired by this observation, we propose to train deep learning models using the clus...
The paper proposes a semantic clustering based deduction learning by mimicking the learning and thinking process of human brains. Human beings can make judgments based on experience and cognition, and as a result, no one would recognize an unknown animal as a car. Inspired by this observation, we propose to train deep learning models using the clus...
Federated learning (FL) is an emerging machine learning paradigm. With FL, distributed data owners aggregate their model updates to train a shared deep neural network collaboratively, while keeping the training data locally. However, FL has little control over the local data and the training process. Therefore, it is susceptible to poisoning attack...
In the evasion attacks against deep neural networks (DNN), the attacker generates adversarial instances that are visually indistinguishable from benign samples and sends them to the target DNN to trigger misclassifications. In this paper, we propose a novel multi-view adversarial image detector, namely Argos, based on a novel observation. That is,...
The Controller Area Network (CAN) has been widely adopted as the de facto standard to support the communication between the ECUs and other computing components in automotive and industrial control systems. In its initial design, CAN only provided very limited security features, which is seriously behind today’s standards for secure communication. T...
Artificial intelligence enabled medical big data analysis has the potential to revolutionize medical practice from diagnosis and prediction of complex diseases to making recommendations and resource allocation decisions in an evidence-based manner. However, big data comes with big disclosure risks. To preserve privacy, excessive data anonymization...
Nowadays, news apps have taken over the popularity of paper-based media, providing a great opportunity for personalization. Recurrent Neural Network (RNN)-based sequential recommendation is a popular approach that utilizes users' recent browsing history to predict future items. This approach is limited that it does not consider the societal influen...
Adversaries create phishing websites that spoof the visual appearances of frequently used legitimate websites in order to trick victims into providing their private information, such as bank accounts and login credentials. Phishing detection is an ongoing combat between the defenders and the attackers, where various defense mechanisms have been pro...
With the emergence of virtualization technologies, various services have been migrated to the cloud. Beyond the tenants' own security controls implemented in the virtual machine (VM), the binary integrity verification mechanism in the virtual machine manager (VMM) provides stronger protections against malware. Unfortunately, none of existing integr...
Federated learning (FL) is promising in supporting collaborative learning applications that involve large datasets, massively distributed data owners and unreliable network connectivity. To protect data privacy, existing FL approaches adopt (k,n)-threshold secret sharing schemes, based on the semi-honest assumption for clients, to enable secure mul...
With the growing popularity of online social networks, a large amount of private or sensitive information has been posted online. In particular, studies show that users sometimes reveal too much information or unintentionally release regretful messages, especially when they are careless, emotional, or unaware of privacy risks. As such, there exist...
With the advancement of Internet of Things (IoT), a large number of electronic devices are connected to the Internet. These connected electronic devices acquire, transmit information and respond to any received actions. In medical ecosystem, hospitals can implement medical diagnosis with medical sensors, especially for remote auxiliary medical diag...
Cache timing side channels allow a remote attacker to disclose the cryptographic keys, by repeatedly invoking the encryption/decryption functions and measuring the execution time. Warm and Delay are two algorithm-independent and implementation-transparent countermeasures against remote cache-based timing side channels for block ciphers. They destro...
With the increasing popularity of online review systems, a large volume of user-generated content becomes available to help people make reasonable judgments about the quality of services and products from unknown providers. However, these platforms are frequently abused since fraudulent information can be freely inserted by potentially malicious us...
Many popular online social networks, such as Twitter, Tumblr, and Sina Weibo, adopt too simple privacy models to satisfy users’ diverse needs for privacy protection. In platforms with no (i.e., completely open) or binary (i.e., “public” and “friends-only”) access control, users cannot control the dissemination boundary of the content they share. Fo...
- [...]
Sensitive data in a process could be scattered over the memory of a computer system for a prolonged period of time. Unfortunately, DRAM chips were proven insecure in previous studies. The problem becomes worse in the mobile environment, in which users' smartphones are easily lost or stolen. The powered-on phones may contain sensitive data in the vu...
Cryptography is essential for computer and network security. In practice, the cryptographic keys are loaded into the memory as plaintext during cryptographic computations. Therefore, the keys are subject to memory disclosure attacks that read unauthorized data from RAM. This paper presents Mimosa, protecting RSA private keys against both software-b...
Sensitive data (e.g., passwords, health data and private videos) can be leaked due to many reasons, including (1) the misuse of legitimate operating system (OS) functions such as core dump, swap and hibernation, and (2) physical attacks to the DRAM chip such as cold-boot attacks and DMA attacks. While existing software-based memory encryption is ef...
The rapid expansion of IoT-enabled home automation is accompanied by substantial security and privacy risks. A large number of real-world security incidents exploiting various device vulnerabilities have been revealed. The Onion IoT gateways have been proposed to provide strong security protection for potentially vulnerable IoT devices by hiding th...
In Android malware detection, fine-grained features can provide a more accurate description of the application’s behavior. Nonetheless fine-grained feature extraction has not been done perfectly, hence, invalid features will not only bring additional overhead but also reduce the detection accuracy. In this paper, we propose FGFDect, a malware class...
With the dramatically increasing participation in online social networks (OSNs), huge amount of private information becomes available on such sites. It is critical to preserve users' privacy without preventing them from socialization and sharing. Unfortunately, existing solutions fall short meeting such requirements. We argue that the key component...
The increasing growth of cybercrimes targeting mobile devices urges an efficient malware analysis platform. With the emergence of evasive malware, which is capable of detecting that it is being analyzed in virtualized environments, bare-metal analysis has become the definitive resort. Existing works mainly focus on extracting the
malicious behavior...
Online Social Networks (OSNs), such as Facebook and Twitter, provide open platforms for users to easily share their statuses, opinions, and ideas, ranging from personal experiences/activities to breaking news. With the increasing popularity of online social networks and the explosion of blog and microblog messages, we have observed large amounts of...
Multimedia data needs huge storage space, and application of multimedia data needs powerful capability of computing. Cloud computing can help owner of multimedia data to deal with it. But, multimedia data on cloud may reveal privacy of data owner, such as sex, hobbies, address, looks, and so on. Data owner can encrypt multimedia data for confidenti...
With the exponential growth of automotive security research, new security vulnerabilities and attacks have been revealed and new challenges have emerged. In recent years, various attacks ranging from replay attacks, through false information injection, to Denial of Service (DoS), have shown how fragile automotive security is. As a result, a number...
Automatic social circle detection in ego-networks is a fundamentally important task for social network analysis. So far, most studies focused on how to detect overlapping circles or how to detect based on both network structure and node profiles. This paper asks an orthogonal research question: how to detect circles by leveraging multiple views of...
With the exponential growth of cyber-physical systems (CPS), new security challenges have emerged. Various vulnerabilities, threats, attacks, and controls have been introduced for the new generation of CPS. However, there lack a systematic study of CPS security issues. In particular, the heterogeneity of CPS components and the diversity of CPS syst...
With the exponential growth of cyber-physical systems (CPS), new security challenges have emerged. Various vulnerabilities, threats, attacks, and controls have been introduced for the new generation of CPS. However, there lack a systematic study of CPS security issues. In particular, the heterogeneity of CPS components and the diversity of CPS syst...
Cryptosystems are essential for computer and communication security, e.g., RSA or ECDSA in PGP Email clients and AES in full disk encryption. In practice, the cryptographic keys are loaded and stored in RAM as plain-text, and therefore vulnerable to cold-boot attacks exploiting the remanence effect of RAM chips to directly read memory data. To tack...
Caches' unique features have enabled researchers to build secure computing environments, effectively preventing various physical and software memory attacks. Existing solutions provide confidentiality and integrity in certain applications and services. Identifying various solutions' advantages and limitations can guide future research in hardware-a...
In social network analysis, automatic social circle detection in ego-networks is becoming a fundamental and important task, with many potential applications such as user privacy protection or interest group recommendation. So far, most studies have focused on addressing two questions, namely, how to detect overlapping circles and how to detect circ...
Hardware primitives provide significant promises to support cryptographic primitives and security mechanisms against various forms of compromises. In this work, we study the intrinsic hardware characteristics of modern graphics processing units (GPUs) due to random manufacturing variations, and exploits the inherent randomness to generate device-sp...
With the widespread growth of social networking there are several online forums that are dedicated to discussing health and well-being. These forums are great resources for collecting patient and health related information, as people tend to freely share and discuss their health conditions and treatments with others having similar experiences. Ther...
With the increasing usage of XML on information sharing over the Internet, a mechanism for defining and enforcing XML access control is demanded, such that only authorized entities can access the sets of XML data that they are allowed to. The research interests in these areas have grown significantly in recent years. Various access control enforcem...
With the growing popularity of social networks, extremely large amount of users routinely post messages about their daily life to online social networking services. In particular, we have observed that family related information, including some very sensitive information, are freely available and easily extracted from Twitter. In this paper, we pre...
Cryptography plays an important role in computer and communication security. In practical implementations of cryptosystems, the cryptographic keys are usually loaded into the memory as plaintext, and then used in the cryptographic algorithms. Therefore, the private keys are subject to memory disclosure attacks that read unauthorized data from RAM....
As the passenger vehicles evolve to be "smart", electronic components, including communication and intelligent software, are continuously introduced to new models and concept vehicles. The new paradigm introduces new features and benefits, but also brings new security concerns.
Smart cars are considered cyber-physical systems (CPS) because of their...
In conventional database access control models, access control policies are explicitly specified for each role against each data object. In large-scale content-centric data sharing, it might be difficult to explicitly identify accessible records for each role/user, especially when the semantic content of data is expected to play a role in access de...
With the development of information technology, online social networks grow dramatically. They now play a significant role in people's social life, especially for the younger generation. While huge amount of information is available in online social networks, privacy concerns arise. Among various privacy protection proposals, the notions of privacy...
Background
Adverse Drug Reactions are one of the leading causes of injury or death among patients undergoing medical treatments. Not all Adverse Drug Reactions are identified before a drug is made available in the market. Current post-marketing drug surveillance methods, which are based purely on voluntary spontaneous reports, are unable to provide...
With the development of Internet and Web 2.0, large-volume multimedia contents have been made available online. It is highly desired to provide easy accessibility to such contents, i.e., efficient and precise retrieval of images that satisfies users' needs. Toward this goal, content-based image retrieval (CBIR) has been intensively studied in the r...
Conventional database access control models have difficulties in dealing with big data, especially for the features of volume, variety and velocity. To address the problem, we introduce the Content-based Access Control (CBAC) model for content-centric information sharing. As a complement to conventional models, CBAC makes access control decisions b...
Currently, a large amount of data is produced in healthcare informatics due to the growth of web technologies like social networks, wikis, blogs and RSS feeds. However, not all health information provided online is trustworthy. Even though many experts are involved in publishing trusted information, it is difficult for the general population to det...
While XML has been widely adopted for information sharing over the Internet, the need for efficient XML access control naturally arise. Various XML access control enforcement mechanisms have been proposed in the research community, such as view-based approaches and pre-processing approaches. Each category of solutions has its inherent advantages an...
- [...]
Today's organizations raise an increasing need for information sharing via on-demand access. Information brokering systems (IBSs) have been proposed to connect large-scale loosely federated data sources via a brokering overlay, in which the brokers make routing decisions to direct client queries to the requested data servers. Many existing IBSs ass...
Location context in social media plays an important role in many applications. In addition to explicit location sharing via popular âcheck inâ service, user-posted content could also implicitly reveals usersâ location context. Identifying such a location context based on content is an interesting problem because it is not only important in in...
In smart grid systems, secure in-network data aggregation approaches have been introduced to efficiently collect aggregation data, while preserving data privacy of individual meters. Nevertheless, it is also important to maintain the integrity of aggregate data in the presence of accidental errors and internal/external attacks. To ensure the correc...