The Empirical Security Research Group (ESRG) is a research lab in the Stanford Computer Science Department that focuses on Internet security and privacy, online hate and harassment, and the spread of misinformation. We are an empirical lab — we build systems to collect global datasets, analyze data to better understand real-world behavior and problems, and architect more resiliant systems and protocols.

  • Internet Security.   Real-world security outcomes are influenced by a tremendous number of factors ranging from manufacturer inventives to end-user confusion. We study how security plays out in practice and uncover weaknesses that can only be detected in the wild. We have uncovered fundamental flaws in protocols like HTTPS, SSH, and SMTP, and our work has influenced the design of TLS 1.3, the Linux random number generator, browser trust decisions, how CAs generate certificates, and how researchers notify operators of vulnerabilities.
  • Hate and Harassment.   Online hate and harassment is a pernicious problem that impacts Internet users around the world. We study how hate and harassment is spread on major platforms and where current defenses fail to protect users, with the ultimate goal of developing better systems to help people protect themselves from online hate and harassment attacks.
  • Misinformation.   Falsehoods, fake news, conspiracies, and misinformation are often deliberately spread in dense and complex networks across the Internet. We build large-scale systems to identify and analyze misinformation on social media, websites, and decentralized communication networks. Our work has included understanding the role of conspiracy theories in the spread of misinformation and documenting the disproportionate reliance of misinformation websites on particular Internet infrastructure providers.
  • Internet Measurement.   The Internet is a constantly evolving world-wide ecosystem, composed of a myriad of services, network structures, operator configurations, and users. We build new systems and methods to collect and analyze data about the Internet at scale. Our work includes building scanners that identify unexpected Internet services and publically accessible cloud storage buckets, as well as developing a system that classifies organizations that own and operate the Internet.

People

Zakir Durumeric
Investigator
Gautam Akiwate
Postdoctoral Scholar
Veronica Rivera
Postdoctoral Scholar
Dolière Francis Somé
Visiting Scholar
Liz Izhikevich
Ph.D. Candidate
Gerry Wan
Ph.D. Candidate
Kimberly Ruth
Ph.D. Candidate
Hans Hanley
Ph.D. Candidate
Catherine Han
Ph.D. Candidate
Agur Adams
Ph.D. Candidate
Rumaisa Habib
Ph.D. Student
Anne Li
Research Assistant
Lauren Saue- Fletcher
Research Assistant
Daniel Rebelsky
Research Assistant
Aditya Saligrama
Research Assistant
Anna Ascheman
Research Assistant
Nathan Bhak
Research Assistant
Mo Akintan
Research Assistant
Michelina Hanlon
Research Assistant
Rishi Sreekanth
Research Assistant
Yousef AbuHashem
Research Assistant
Sean Mori
Research Assistant
Jay Park
Research Assistant
Emily Okabe
Research Assistant
Cadence Patrick
Research Assistant
Tobias Moser
Research Assistant
Chetan Nair
Research Assistant
Bridget Patrick
Research Assistant
David Adrian
Research Scientist
Phillip Stephens
Staff Software Engineer

Alumni

Deepak Kumar
Aurore Fass
Jordan Byrd
Ihyun Nam
Sasha Ronaghi
Seonghee Lee
Laura Bauman
Jessica Yu
Kai Kato
Cynthia Chen
Manda Tran
Sheryl Hsu
George Hosono
Britney Tran
America Sophia George
Mark Tran
Jaylene Martinez
Fengchen Gong
Vrushank Gunjur
Nahum Maru
Basheerah Abdus-Shakur
Luca Pistor
Vishal Mohanty
Briana Berger
Maya Ziv
Jack Cable
Drew Gregory
Katherine Izhikevich
Conrad Edwards
Anna Zeng
Camelia Simoiu
Wilson Nguyen
Alan Flores-Lopez
Benton Case

Joining the Lab

Stanford Students. We're always looking for Stanford students who are interested in becoming involved with research! We have a variety of projects that range from system and model building to data analysis and user research. We expect undergraduate and M.S. students working with the lab to commit a minimum of 8 hours of time to research every week as well as to attend weekly full lab meetings.

We typically require that students have taken the introductory course in the topic area that they want to work in (e.g., CS144: Introduction to Computer Networking, CS155: Computer and Network Security, CS 152: Trust and Safety Engineering, or CS229: Machine Learning). Please reach out to Zakir Durumeric or Liz Izhikevich to become involved. You can also browse some of our current projects on CURIS.

External Students. We do not currently have research opportunities for students outside of Stanford University, nor do we have influence over admission into Stanford programs.

Software, Datasets, and Resources

Retina

Network analysis framework that supports 100+ Gbps traffic analysis on a single server with no specialized hardware.

Github Paper

ZMap

Fast single-packet network scanner for Internet-scale network surveys. ZMap can scan the public IPv4 address space in 45 minutes.

Webpage Github

ZGrab

Stateful network scanner that efficiently completes application-layer handshakes and transcribes handshakes to JSON.

Github

LZR

Network scanner than quickly detects and fingerprints network protocols and services running on unexpected ports.

Github Paper

ZDNS

High-speed recursive resolver that captures complete DNS resolutions and handles billions of lookups from a single server.

Github Paper

ZLint

Certificate linter that checks for conformity with RFCs, CA/Browser Forum baseline requirements, and root store policies.

Github Paper

GPS

Network scanning platform that learns and predicts the locations of network services on IPv4 hosts across all 65K ports.

Github Paper

Stratosphere

Scanner that harnesses password generation algorithms to guess publicly accessible cloud storage buckets (e.g., S3 buckets).

Github Paper

ASdb

Dataset of Autonomous Systems and their business categories (e.g., Internet Service Provider vs. Manufacturer).

Data Paper

Censys

Dataset of all hosts and services on the public Internet collected through daily Internet-wide scans of 100 protocols on 3,500 ports.

Search Data Paper

Scans.IO

Public data repository for sharing Internet datasets collected through Internet scans, web crawls, and other large-scale measurements.

Repository

Publications

Machine-Made Media: Monitoring the Mobilization of Machine-Generated Articles on Misinformation and Mainstream News Websites
  • Hans W. A. Hanley and Zakir Durumeric
  • International AAAI Conference on Web and Social Media (ICWSM), June 2024
Partial Mobilization: Tracking Multilingual Information Flows Amongst Russian Media Outlets and Telegram
  • Hans W. A. Hanley and Zakir Durumeric
  • International AAAI Conference on Web and Social Media (ICWSM), June 2024
Specious Sites: Tracking the Spread and Sway of Spurious News Stories at Scale
  • Hans W. A. Hanley, Deepak Kumar, and Zakir Durumeric
  • 45th IEEE Symposium on Security and Privacy (Oakland), May 2024
TATA: Stance Detection via Topic-Agnostic and Topic-Aware Embeddings
  • Hans W. A. Hanley and Zakir Durumeric
  • The Conference on Empirical Methods in Natural Language Processing (EMNLP), December 2023
Cloud Watching: Understanding Attacks Against Cloud-Hosted Services
  • Liz Izhikevich, Manda Tran, Michalis Kallitsis, Aurore Fass, and Zakir Durumeric
  • ACM Internet Measurement Conference (IMC), October 2023
Stale TLS Certificates: Investigating Precarious Third-Party Access to Valid TLS Keys
  • Zane Ma, Aaron Faulkenberry, Thomas Papastergiou, Zakir Durumeric, Michael Bailey, Angelos Keromytis, Fabian Monrose, and Manos Antonakakis
  • ACM Internet Measurement Conference (IMC), October 2023
Democratizing LEO Satellite Network Measurement
  • Liz Izhikevich, Manda Tran, Katherine Izhikevich, Gautam Akiwate, and Zakir Durumeric
  • Preprint, June 2023
A Golden Age: Conspiracy Theories' Relationship with Misinformation Outlets, News Media, and the Wider Internet
  • Hans W. A. Hanley, Deepak Kumar, and Zakir Durumeric
  • ACM Computer-Supported Cooperative Work And Social Computing (CSCW), October 2023
Hate Raids on Twitch: Echoes of the Past, New Modalities, and Implications for Platform Governance
  • Catherine Han, Joseph Seering, Deepak Kumar, Jeff Hancock, and Zakir Durumeric
  • ACM Computer-Supported Cooperative Work And Social Computing (CSCW), October 2023
  • Best Paper Award
Happenstance: Utilizing Semantic Search to Track Russian State Media Narratives about the Russo-Ukrainian War On Reddit
  • Hans W. A. Hanley, Deepak Kumar, and Zakir Durumeric
  • International AAAI Conference on Web and Social Media (ICWSM), June 2023
"A Special Operation": A Quantitative Approach to Dissecting and Comparing Different Media Ecosystems' Coverage of the Russo-Ukrainian War
  • Hans W. A. Hanley, Deepak Kumar, and Zakir Durumeric
  • International AAAI Conference on Web and Social Media (ICWSM), June 2023
A World Wide View of Browsing the World Wide Web
  • Kimberly Ruth, Aurore Fass, Jonathan Azose, Mark Pearson, Emma Thomas, Caitlin Sadowski, and Zakir Durumeric
  • ACM Internet Measurement Conference (IMC), October 2022
Toppling Top Lists: Evaluating the Accuracy of Popular Website Lists
  • Kimberly Ruth, Deepak Kumar, Brandon Wang, Luke Valenta, and Zakir Durumeric
  • ACM Internet Measurement Conference (IMC), October 2022
Retroactive Identification of Targeted DNS Infrastructure Hijacking
  • Gautam Akiwate, Raffaele Sommese, Mattijs Jonker, Zakir Durumeric, kc Claffy, Geoffrey Voelker, and Stefan Savage
  • ACM Internet Measurement Conference (IMC), October 2022
ZDNS: A Fast DNS Toolkit for Internet Measurement
  • Liz Izhikevich, Gautam Akiwate, Briana Berger, Spencer Drakontaidis, Anna Ascheman, Paul Pearce, David Adrian, and Zakir Durumeric
  • ACM Internet Measurement Conference (IMC), October 2022
  • Community Contribution Award
Retina: Analyzing 100 GbE Traffic on Commodity Hardware
  • Gerry Wan, Fengchen Gong, Tom Barbette, and Zakir Durumeric
  • ACM Special Interest Group on Data Communication (SIGCOMM), August 2022
Predicting IPv4 Services Across All Ports
  • Liz Izhikevich, Renata Teixeira, and Zakir Durumeric
  • ACM Special Interest Group on Data Communication (SIGCOMM), August 2022
On the Infrastructure Providers that Support Misinformation Websites
  • Catherine Han, Deepak Kumar, and Zakir Durumeric
  • International AAAI Conference on Web and Social Media (ICWSM), June 2022
No Calm in the Storm: Investigating QAnon Website Relationships
  • Hans W. A. Hanley, Deepak Kumar, and Zakir Durumeric
  • International AAAI Conference on Web and Social Media (ICWSM), June 2022
ASdb: A System for Classifying Owners of Autonomous Systems
  • Maya Ziv, Liz Izhikevich, Kimberly Ruth, Katherine Izhikevich, and Zakir Durumeric
  • ACM Internet Measurement Conference (IMC), November 2021
Tracing Your Roots: Exploring the TLS Trust Anchor Ecosystem
  • Zane Ma, James Austgen, Joshua Mason, Zakir Durumeric, and Michael Bailey
  • ACM Internet Measurement Conference (IMC), November 2021
Stratosphere: Finding Vulnerable Cloud Storage Buckets
  • Jack Cable, Drew Gregory, Liz Izhikevich, and Zakir Durumeric
  • 24th Symposium on Research in Attacks, Intrusions and Defenses (RAID), October 2021
Designing Toxic Content Classification for a Diversity of Perspectives
  • Deepak Kumar, Patrick Kelley, Sunny Consolvo, Joshua Mason, Elie Bursztein, Zakir Durumeric, Kurt Thomas, and Michael Bailey
  • USENIX Symposium on Usable Privacy and Security (SOUPS), August 2021
LZR: Identifying Unexpected Internet Services
  • Liz Izhikevich, Renata Teixeira, and Zakir Durumeric
  • USENIX Security Symposium, August 2021
What’s in a Name? Exploring CA Certificate Control
  • Zane Ma, Joshua Mason, Manos Antonakakis, Zakir Durumeric, and Michael Bailey
  • USENIX Security Symposium, August 2021
An Empirical Analysis of HTTPS Configuration Security
  • Camelia Simoiu, Wilson Nguyen, Zakir Durumeric
  • Technical Report, 2021
SoK: Hate, Harassment, and the Changing Landscape of Online Abuse
  • Kurt Thomas, Devdatta Akhawe, Michael Bailey, Elie Bursztein, Dan Boneh, Sunny Consolvo, Nicki Dell, Zakir Durumeric, Patrick Gage Kelley, Deepak Kumar, Damon McCoy, Sarah Meiklejohn, Thomas Ristenpart, and Gianluca Stringhini
  • IEEE Symposium on Security and Privacy ("Oakland"), May 2021
On the Origin of Scanning: The Impact of Location on Internet-Wide Scans
  • Gerry Wan, Liz Izhikevich, David Adrian, Katsunari Yoshioka, Ralph Holz, Christian Rossow, Zakir Durumeric
  • ACM Internet Measurement Conference (IMC), October 2020
An Empirical Analysis of California Data Breaches
  • Richard Chen, Zakir Durumeric
  • Technical Report
Let's Encrypt: An Automated Certificate Authority to Encrypt the Entire Web
  • Josh Aas, Richard Barnes, Benton Case, Zakir Durumeric, Peter Eckersley, Alan Flores-Lopez, J. Alex Halderman, Jacob Hoffman-Andrews, James Kasten, Eric Rescorla, Seth Schoen, Brad Warren
  • ACM Conference on Computer and Communications Security (CCS), November 2019
All Things Considered: An Analysis of IoT Devices on Home Networks
  • Deepak Kumar, Kelly Shen, Benton Case, Deepali Garg, Galina Alperovich, Dmitry Kuznetsov, Rajarshi Gupta, Zakir Durumeric
  • USENIX Security Symposium, August 2019
Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice
  • David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Beguelin, and Paul Zimmermann
  • Communications of the ACM. January 2019.
Tracking Certificate Misissuance in the Wild
  • Deepak Kumar, Zhengping Wang, Matthew Hyder, Joseph Dickinson, Gabrielle Beck, David Adrian, Joshua Mason, Zakir Durumeric, J. Alex Halderman, Michael Bailey
  • IEEE Symposium on Security and Privacy ("Oakland"), May 2018
Scanning the Internet for Liveness
  • Shehar Bano, Philipp Richter, Mobin Javed, Srikanth Sundaresan, Zakir Durumeric, Steven Murdoch, Richard Mortier, Vern Paxson
  • SIGCOMM Computer Communication Review April 2018 (CCR)
  • IETF Applied Networking Research Prize (ANRP)
Target Generation for IPv6 Scanning
  • Austin Murdock, Frank Li, Paul Bramsen, Zakir Durumeric, Vern Paxson
  • ACM Internet Measurement Conference (IMC), November 2017
Understanding the Mirai Botnet
  • Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, Yi Zhou
  • USENIX Security Symposium (USENIX Security), August 2017
Security Challenges in an Increasingly Tangled Web
  • Deepak Kumar, Zane Ma, Zakir Durumeric, Ariana Mirian, Joshua Mason,
  • J. Alex Halderman, and Michael Bailey
  • World Wide Web Conference (WWW), April 2017
The Danger of USB Drives
  • Matthew Tischer, Zakir Durumeric, Elie Bursztein, and Michael Bailey
  • IEEE Security & Privacy (S&P Magazine). March 2017.
The Security Impact of HTTPS Interception
  • Zakir Durumeric, Zane Ma, Drew Springall, Richard Barnes, Nick Sullivan, Elie Bursztein, Michael Bailey, J. Alex Halderman, and Vern Paxson
  • Network and Distributed System Security Symposium (NDSS), February 2017
An Internet-Wide View of ICS Devices
  • Ariana Mirian, Zane Ma, David Adrian, Matthew Tischer, Thasphon Chuenchujit, Tim Yardley, Robin Berthier, Josh Mason, Zakir Durumeric, J. Alex Halderman and Michael Bailey
  • IEEE Conference on Privacy, Security and Trust (PST), December 2016
Measuring the Security Harm of TLS Crypto Shortcuts
  • Drew Springall, Zakir Durumeric, and J. Alex Halderman
  • ACM Internet Measurement Conference (IMC), November 2016
Towards a Complete View of the Certificate Ecosystem
  • Benjamin VanderSloot, Johanna Amann, Matthew Bernhard, Zakir Durumeric, Michael Bailey, and J. Alex Halderman
  • ACM Internet Measurement Conference (IMC), November 2016
You’ve Got Vulnerability: Exploring Effective Vulnerability Notifications
  • Frank Li, Zakir Durumeric, Jakub Czyz, Mohammad Karami, Michael Bailey, Damon McCoy, Stefan Savage, and Vern Paxson
  • USENIX Security Symposium (USENIX Security), August 2016
FTP: The Forgotten Cloud
  • Drew Springall, Zakir Durumeric, and J. Alex Halderman
  • IEEE/IFIP Conference on Dependable Systems and Networks (DSN), June 2016
Users Really Do Plug in USB Drives They Find
  • Matthew Tischer, Zakir Durumeric, Sam Foster, Sunny Duan, Alec Mori, Elie Bursztein, and Michael Bailey
  • IEEE Symposium on Security & Privacy ("Oakland"), May 2016
Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery Security
  • Zakir Durumeric, David Adrian, Ariana Mirian, James Kasten, Kurt Thomas, Vijay Eranti, Nicholas Lidzborski, Elie Bursztein, Michael Bailey, and J. Alex Halderman
  • ACM Internet Measurement Conference (IMC), October 2015
  • IETF Applied Networking Research Prize (ANRP)
Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice
  • David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Beguelin, and Paul Zimmermann
  • ACM Computer and Communications Security (CCS), October 2015
  • Best Paper Award
Censys: A Search Engine Backed by Internet-Wide Scanning
  • Zakir Durumeric, David Adrian, Ariana Mirian, Michael Bailey, and J. Alex Halderman
  • ACM Computer and Communications Security (CCS), October 2015
The Matter of Heartbleed
  • Zakir Durumeric, Frank Li, James Kasten, Johanna Amann, Jethro Beekman, Mathias Payer, Nicolas Weaver, David Adrian, Vern Paxson, Michael Bailey, and J. Alex Halderman
  • ACM Internet Measurement Conference (IMC), November 2014
  • Best Paper Award
Security Analysis of the Estonian Internet Voting System
  • Drew Springall, Travis Finkenauer, Zakir Durumeric, Jason Kitcat, Harri Hursti, Margaret MacAlpine and J. Alex Halderman
  • ACM Computer and Communications Security (CCS), November 2014
An Internet-Wide View of Internet-Wide Scanning
  • Zakir Durumeric, Michael Bailey, and J. Alex Halderman
  • USENIX Security Symposium (USENIX Security), August 2014
Zippier ZMap: Internet-Wide Scanning at 10 Gbps
  • David Adrian, Zakir Durumeric, Gulshan Singh, and J. Alex Halderman
  • USENIX Workshop on Offensive Technologies (WOOT), August 2014
Outsmarting Proctors with Smartwatches: A Case Study on Wearable Computing Security
  • Alex Migicovsky, Zakir Durumeric, Jeff Ringenberg, and J. Alex Halderman
  • Financial Cryptography and Data Security (Financial Crypto), March 2014
On the Mismanagement and Maliciousness of Networks
  • Jing Zhang, Zakir Durumeric, Michael Bailey, Manish Karir, and Mingyan Liu
  • Network and Distributed System Security Symposium (NDSS), February 2014
Analysis of the HTTPS Certificate Ecosystem
  • Zakir Durumeric, James Kasten, Michael Bailey, and J. Alex Halderman
  • ACM Internet Measurement Conference (IMC), October 2013
ZMap: Fast Internet-Wide Scanning and its Security Applications
  • Zakir Durumeric, Eric Wustrow, and J. Alex Halderman
  • USENIX Security Symposium (USENIX Security), August 2013
Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices
  • Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman
  • USENIX Security Symposium (USENIX Security), August 2012
  • Best Paper Award