About me
Sitemap
A list of all the posts and pages found on the site. For you robots out there is an XML version available for digesting as well.
Pages
Posts
publications
Towards Visual Analytics for Web Security Data
Victor Le Pochat, Tom Van Goethem, Wouter Joosen
19th Passive and Active Measurement Conference (PAM 2018)
This extended abstract sets out the challenges of integrating visual analytics into the analysis process for web security studies.
Idea: Visual Analytics for Web Security
Victor Le Pochat, Tom Van Goethem, Wouter Joosen
10th International Symposium on Engineering Secure Software and Systems (ESSoS 2018)
This paper presents the potential of integrating visual analytics into the analysis process for web security studies, in order to make this process more efficient.
Tranco: A Research-Oriented Top Sites Ranking Hardened Against Manipulation
Victor Le Pochat, Tom Van Goethem, Samaneh Tajalizadehkhoob, Maciej Korczyński, Wouter Joosen
26th Annual Network and Distributed System Security Symposium (NDSS 2019)
ACSAC 2022 Cybersecurity Artifacts Competition Impactful Dataset Award
This paper studies the properties of top websites rankings (e.g. the Alexa top 1 million), uncovers that these rankings can be manipulated on a large scale, and provides a new improved ranking: Tranco.
Funny Accents: Exploring Genuine Interest in Internationalized Domain Names
Victor Le Pochat, Tom Van Goethem, Wouter Joosen
20th Passive and Active Measurement Conference (PAM 2019)
This paper explores Internationalized Domain Names with genuine interest: domains for brands or phrases that contain accented letters.
A Smörgåsbord of Typos: Exploring International Keyboard Layout Typosquatting
Victor Le Pochat, Tom Van Goethem, Wouter Joosen
4th International Workshop on Traffic Measurements for Cybersecurity (WTMC 2019)
Distinguished Paper Award
This paper explores typosquatting that exploits typos on keyboard layouts other than the standard US English layout.
Mobile Friendly or Attacker Friendly?: A Large-scale Security Evaluation of Mobile-first Websites
Tom Van Goethem, Victor Le Pochat, Wouter Joosen
2019 ACM Asia Conference on Computer and Communications Security (AsiaCCS 2019)
This paper assesses how organizations apply security consistently across their web estate through a comparison of the desktop and mobile-first versions of their website.
Evaluating the Long-term Effects of Parameters on the Characteristics of the Tranco Top Sites Ranking
Victor Le Pochat, Tom Van Goethem, Wouter Joosen
12th USENIX Workshop on Cyber Security Experimentation and Test (CSET 2019)
This paper provides a longitudinal evaluation of Tranco, in order to make researchers aware of its properties.
A Practical Approach for Taking Down Avalanche Botnets Under Real-World Constraints
Victor Le Pochat, Tim Van hamme, Sourena Maroofi, Tom Van Goethem, Davy Preuveneers, Andrzej Duda, Wouter Joosen, Maciej Korczyński
27th Annual Network and Distributed System Security Symposium (NDSS 2020)
In this paper, we develop a model that automates the classification of registered domains generated by Domain Generation Algorithms of malware using the Avalanche bulletproof hosting service.
Mis-shapes, Mistakes, Misfits: An Analysis of Domain Classification Services
Pelayo Vallina, Victor Le Pochat, Álvaro Feal, Marius Paraschiv, Julien Gamba, Tim Burke, Oliver Hohlfeld, Juan Tapiador, Narseo Vallina-Rodriguez
2020 Internet Measurement Conference (IMC 2020)
In this paper, we study 13 domain classification services, and find that their coverage and accuracy varies significantly and may be lacking for applications in end-user solutions or academic research.
The 2021 Web Almanac: Privacy
Yana Dimova, Victor Le Pochat
Published in 2021
Privacy chapter of the 2021 Web Almanac covering adoption and impact of online tracking, privacy preference signals and browser initiatives for a privacy-friendlier web.
Helping hands: Measuring the impact of a large threat intelligence sharing community
Xander Bouwman, Victor Le Pochat, Pawel Foremski, Tom Van Goethem, Carlos H. Gañán, Giovane C. M. Moura, Samaneh Tajalizadehkhoob, Wouter Joosen, Michel van Eeten
31st USENIX Security Symposium (USENIX Security 2022)
In this paper, we track a volunteer security information sharing community to understand whether collaboration at scale leads to better coverage and whether making threat data freely available improves the ability of defenders to act.
An Audit of Facebook’s Political Ad Policy Enforcement
Victor Le Pochat, Laura Edelson, Tom Van Goethem, Wouter Joosen, Damon McCoy, Tobias Lauinger
31st USENIX Security Symposium (USENIX Security 2022)
Distinguished Paper Award
In this paper, we quantify whether Facebook’s current enforcement correctly identifies political ads and ensures compliance by advertisers.
Tracking the Evolution of Cookie-based Tracking on Facebook
Yana Dimova, Gertjan Franken, Victor Le Pochat, Wouter Joosen, Lieven Desmet
21st Workshop on Privacy in the Electronic Society (WPES 2022)
We analyze in depth and longitudinally how Facebook’s cookie-based tracking behavior and its communication about tracking have evolved from 2015 to 2022.
A Run a Day Won’t Keep the Hacker Away: Inference Attacks on Endpoint Privacy Zones in Fitness Tracking Social Networks
Karel Dhondt, Victor Le Pochat, Alexios Voulimeneas, Wouter Joosen, Stijn Volckaert
2022 ACM Conference on Computer and Communications Security (CCS 2022)
2022 CNIL-Inria Privacy Protection Award Runner-up
We show that implementations of endpoint privacy zones by fitness tracking social networks remain vulnerable to inference attacks that reveal the sensitive location that those zones should protect.
Analyzing Cyber Security Research Practices through a Meta-Research Framework
Victor Le Pochat, Wouter Joosen
16th Cyber Security Experimentation and Test Workshop (CSET 2023)
We apply a framework for categorizing meta-research work that analyzes cyber security research practices, with the goal of gaining a better understanding on the research community’s efforts to examine its own research practices.
Sound data sets and methods for web security research
Victor Le Pochat
Published in 2023
My PhD dissertation.
Reflecting on Research Practices
Victor Le Pochat
Communications of the ACM (CACM 2024)
Sound research practices are crucial for having reliable and reproducible scientific results. In my Communications of the ACM Security column, I show why the research community should focus on studying those practices through meta-research.
Evaluating the impact of design decisions on passive DNS-based domain rankings
Victor Le Pochat, Simon Fernandez, Tom Van Goethem, Samaneh Tajalizadehkhoob, Lieven Desmet, Andrzej Duda, Wouter Joosen, Maciej Korczyński
8th Network Traffic Measurement and Analysis Conference (TMA 2024)
TMA 2024 Community Contribution Award
We evaluate how recent design decisions in ‘top sites’ rankings influence the composition and desired properties of passive DNS-based domain rankings.
Swipe Left for Identity Theft: An Analysis of User Data Privacy Risks on Location-based Dating Apps
Karel Dhondt, Victor Le Pochat, Yana Dimova, Wouter Joosen, Stijn Volckaert
33rd USENIX Security Symposium (USENIX Security 2024)
We analyze privacy risks in 15 location-based dating apps, asessing which personal and sensitive data is shared with other users, both as (intended) data exposure and as inadvertent API leaks, including exact user locations.
Partnërka in Crime: Characterizing Deceptive Affiliate Marketing Offers
Victor Le Pochat, Cameron Ballard, Lieven Desmet, Wouter Joosen, Damon McCoy, Tobias Lauinger
26th Passive and Active Measurement Conference (PAM 2025)
We monitor the deceptive affiliate marketing ecosystem from the vantage point of affiliates, collecting ground truth from 23 aggregators that list deceptive products and services.