Damon's Photo

Damon McCoy


Assistant Professor
Computer Science and Engineering Department
Tandon School of Engineering
New York University

E-Mail: mccoy@nyu.edu
CV
Office: 10.074 2 Metro Tech
Mail: 2 Metro Tech, Brooklyn, NY 11201 USA

NYU

My research focuses on empirically measuring the security and privacy of technology systems and their intersections with society. Some of my current projects explore the socio-economics of e-crime, censorship evasion, anonymous communication, cyber-physical systems. More generally, I am interested in exploring and improving the security and privacy of large-scale systems.

Recent Publications
Investigating Commercial Pay-Per-Install and the Distribution of Unwanted Software
Kurt Thomas, Juan A. Elices Crespo, Ryan Rasti, Jean-Michel Picod, Cait Phillips, Marc-Andre Decoste, Chris Sharp, Fabio Tirelo, Ali Tofigh, Marc-Antoine Courteau, Lucas Ballard, Robert Shield, Nav Jagpal, Moheeb Abu Rajab, Panayiotis Mavrommatis, Niels Provos, Elie Bursztein, and Damon McCoy
Proceedings of the USENIX Security Symposium, Austin, TX, August 2016.

You've Got Vulnerability: Exploring Effective Vulnerability Notifications
Frank Li, Zakir Durumeric, Jakub Czyz, Mohammad Karami, Michael Bailey, Damon McCoy, Stefan Savage, and Vern Paxson
Proceedings of the USENIX Security Symposium, Austin, TX, August 2016.

A Security Analysis of an In Vehicle Infotainment and App Platform
Sahar Mazloom, Mohammad Rezaeirad, Aaron Hunter, and Damon McCoy
10th USENIX Workshop on Offensive Technologies (WOOT), Austin, TX , August 2016.

Deterring Financially Motivated Cybercrime
Zachary K. Goldman and Damon McCoy
Journal of National Security Law and Policy, Vol. 8, No. 3, 2016.

Profiling Underground Merchants Based on Network Behavior
Srikanth Sundaresan, Damon McCoy, Sadia Afroz, and Vern Paxson
Proceedings of the IEEE Symposium on Electronic Crime Research (eCrime), Toronto, Canada, June 2016.

Stress Testing the Booters: Understanding and Undermining the Business of DDoS Services
Mohammad Karami, Youngsam Park and Damon McCoy
Proceedings of the World Wide Web Conference (WWW), Montreal, Canada, April 2016.

Characterizing Long-tail SEO Spam on Cloud Web Hosting Services
Xiaojing Liao, Chang Liu, Damon McCoy, Elaine Shi and Raheem Beyah
Proceedings of the World Wide Web Conference (WWW), Montreal, Canada, April 2016.

Understanding Craigslist Rental Scams
Youngsam Park, Damon McCoy and Elaine Shi
Proceedings of Financial Cryptography and Data Security Conference (FC), Barbados, February 2016.

Stressing Out: Bitcoin "Stress Testing"
Khaled Baqer, Danny Yuxing Huang, Damon McCoy and Nicholas Weaver
Workshop on Bitcoin and Blockchain Research (BITCOIN), Barbados, February 2016.

Do You See What I See: Differential Treatment of Anonymous Users
Sheharbano Khattak, David Fifield, Sadia Afroz, Mobin Javed, Srikanth Sundaresan, Vern Paxson, Steven J. Murdoch, and Damon McCoy
Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2016.

Fuzzing E-mail Filters with Generative Grammars and N-Gram Analysis
Sean Palka and Damon McCoy
9th USENIX Workshop on Offensive Technologies (WOOT 15), Washington, D.C., August 2015

Framing Dependencies Introduced by Underground Commoditization
Kurt Thomas, Danny Huang, David Wang, Elie Bursztein, Chris Grier, Thomas J. Holt, Christopher Kruegel, Damon McCoy, Stefan Savage, Giovanni Vigna
Workshop on the Economics of Information Security, Amsterdam, NL, June 2015

Ad Injection at Scale: Assessing Deceptive Advertisement Modifications
Kurt Thomas, Elie Bursztein, Chris Grier, Grant Ho, Nav Jagpal, Alexandros Kapravelos, Damon McCoy, Antonio Nappa, Vern Paxson, Paul Pearce, Niels Provos, Moheeb Abu Rajab
IEEE Symposium on Security & Privacy (Oakland 2014), San Jose, CA, May 2015.

Dynamic Phishing Content Using Generative Grammars
Sean Palka and Damon Mccoy
Proceedings of the IEEE Workshop on Security Testing, Graz, Austria, April 2015

"I Saw Images I Didn't Even Know I Had:" Understanding User Perceptions of Cloud Storage Privacy
Jason W. Clark, Peter Snyder, Damon McCoy, Chris Kanich
Proceedings of the ACM Conference on Computer-Human Interaction, Seoul, Korea, April 2015

Dialing Back Abuse on Phone Verified Accounts
Kurt Thomas, Dima Iatskiv, Elie Bursztein, Tadek Pietraszek, Chris Grier, Damon McCoy
Proceedings of the ACM Conference on Computer and Communications Security, Scotsdale, Arizona, November 2014

Characterizing Large-Scale Click Fraud in ZeroAccess
Paul Pearce, Vacha Dave, Chris Grier, Kirill Levchenko, Saikat Guha, Damon McCoy, Vern Paxson, Stefan Savage, and Geoffrey M. Voelker
Proceedings of the ACM Conference on Computer and Communications Security, Scotsdale, Arizona, November 2014

Search + Seizure: The Effectiveness of Interventions on SEO Campaigns
David Wang, Matthew Der, Mohammad Karami, Lawrence Saul, Damon McCoy, Stefan Savage, and Geoffrey M. Voelker
Proceedings of the ACM Internet Measurement Conference, Vancouver, BC, Canada, November 2014

The Check is in the Mail: Monetization of Craigslist Buyer Scams
Jackie Jones and Damon McCoy
IEEE eCrime Research Summit, Birmingham, AL, September 2014

Empirically Characterizing Domain Abuse and the Revenue Impact of Blacklisting
Neha Chachra, Damon McCoy, Stefan Savage, and Geoffrey M. Voelker
Proceedings of the Workshop on the Economics of Information Security (WEIS), State College, PA, June 2014.

Doppelgänger Finder: Taking Stylometry To The Underground
Sadia Afroz, Aylin Caliskan Islam, Ariel Stolerman, Rachel Greenstadt, Damon McCoy
IEEE Symposium on Security & Privacy (Oakland 2014), San Jose, CA, May 2014.

Constructing and Analyzing Criminal Networks
Hamed Sarvari, Ehab Abozinadah, Alex Mbaziira, Damon McCoy
IEEE International Workshop on Cyber Crime (IWCC 2014), San Jose, CA, May 2014.

Botcoin: Monetizing Stolen Cycles
Danny Yuxing Huang, Hitesh Dharmdasani, Sarah Meiklejohn, Vacha Dave, Kirill Levchenko, Alex C. Snoeren, Stefan Savage, Nicholas Weaver, Chris Grier, and Damon McCoy
Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2014.

Scambaiter: Understanding Targeted Nigerian Scams on Craigslist
Youngsam Park, Jackie Jones, Damon McCoy, Elaine Shi and Markus Jakobsson
Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2014.

Full Publication List
Students
PhD
Periwinkle Doerfler
Laura Edelson
Mohammad Rezaeirad

Graduated
Mohammad Karami (PhD 2016) Google
Sean Palka (PhD 2015) Booz Allen Hamilton
Jason Clark (PhD 2014) CMU SEI
Hitesh Dharmdasani (MS 2013) FireEye
Teaching
CS 468 (Secure Programming and Systems) Spring 2014 (GMU)
ISA 656 (Network Security) Fall 2013 (GMU)
ISA 656 (Network Security) Spring 2013 (GMU)
CS 795-004/ISA 797-002 (Cyber Crime) Fall 2012
ISA 656 (Network Security) Spring 2012


Program Committees
Research in Attacks, Intrusions and Defenses (RAID) Symposium 2014
23rd USENIX Security Symposium (SECURITY) 2014
Annual Computer Security Applications Conference (ACSAC) 2013
Research in Attacks, Intrusions and Defenses (RAID) Symposium 2013
Privacy Enhancing Technologies Symposium (PETS) 2013
Usenix Workshop on Cyber Security Experimentation and Test (CSET) 2012
Privacy Enhancing Technologies Symposium (PETS) 2012
IEEE International Conference on Distributed Computing System 2012
ACM Workshop on Mobile Cloud Computing and Services 2011
Privacy Enhancing Technologies Symposium (PETS) 2011