Hsu-Chun Hsiao

I'm an Assistant Professor in the Department of Computer Science and Information Engineering and Graduate Institute of Networking and Multimedia at National Taiwan University. I also hold an adjunct assistant researcher position in the Center for Information Technology Innovation at Academia Sinica.

I completed my Ph.D. in 2014 under the supervision of Prof. Adrian Perrig at Carnegie Mellon University. I received my M.S. (2008) and B.S. (2006) degrees at National Taiwan University.

Interested in joining Network Security Lab? We are interested in the field of network and systems security, with focuses on DDoS defense, IoT security, and automated vulnerability discovery lately. We are actively recruiting highly motivated students and researchers! Email me or drop by R307 to chat with awesome nslab members.

Letters of Recommendation Policy: Please read this before requesting for letters of recommendation.




  1. Traffic-aware Patching for Cyber Security in Mobile IoT.
    S.-M. Cheng, P.-Y. Chen, C.-C. Lin, H.-C. Hsiao.
    IEEE Communication Magazine, 2017.
  2. Decapitation via Digital Epidemics: A Bio-Inspired Transmissive Attack.
    P.-Y. Chen, C.-C. Lin, S.-M. Cheng, H.-C. Hsiao, and C.-Y. Huang.
    IEEE Communication Magazine, 2016.
  3. Insider Collusion Attack on Privacy-preserving Kernel-based Data Mining Systems.
    P. S. Wang, F. Lai, H.-C. Hsiao, and J.-L. Wu
    IEEE Access, vol. 4, pp. 2244-2255, 2016.
  4. Secure Distributed Data Aggregation.
    H. Chen, H.-C. Hsiao, A. Perrig, and D. Song.
    Journal of Foundations and Trends in Databases, Vol. 3, No. 3, pp 149-201, 2011.
  5. SPATE: Small-group PKI-less Authenticated Trust Establishment.
    Y.-H. Lin, A. Studer, Y.-H. Chen, H.-C. Hsiao, E. L.-H. Kuo, J. M. McCune, K.-H. Wang, M. Krohn, A. Perrig, B.-Y. Yang, H.-M. Sun, P.-L. Lin, and J. Lee.
    IEEE Transaction on Mobile Computing, 9(12): 1666-1681, 2010.
  6. A Survey of Secure Data Aggregation on Sensor Networks.
    Y.-S. Chen, H.-C. Hsiao, and C.-L. Lei.
    Communications of Chinese Cryptology and Information Security Association (CCISA), Vol.13 No.4 pp17-28, 2007.


  1. DAMUP: Practical and Privacy-aware Cloud-based DDoS Mitigation.
    Su-Chin Lin, Po-Wei Huang, Hsin-Yi Wang, H.-C. Hsiao
    To appear in IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT), April 2018.
  2. INSTRIM: Lightweight Instrumentation for Coverage-guided Fuzzing.
    C.-C. Hsu, C.-Y. Wu, H.-C. Hsiao, S.-K. Huang
    To appear in NDSS Workshop on Binary Analysis Research, February 2018.
  3. A Generic Web Application Testing and Attack Data Generation Method.
    H.-Y. Shih, H.-L. Lu, C.-C. Yeh, H.-C. Hsiao, S.-K. Huang
    In International Conference on Security with Intelligent Computing and Big-data Services (SICBS), December 2017.
  4. Need Tickets? A Case Study of Bot-enabled Ticket Scalping.
    C.-C. Lin, H.-C. Hsiao
    In APWG.EU eCrime Cyber-Security Symposium, October 2017.
  5. Security Implications of Redirection Trail in Popular Websites Worldwide.
    L. Chang, W.-H. Lin, H.-C. Hsiao, W. Jeng, T. H.-J. Kim
    In 26th International World Wide Web Conference (WWW), April 2017.
  6. SandUSB: An Installation-Free Sandbox for USB Peripherals.
    E. L. Loe, H.-C. Hsiao, T. H.-J. Kim, S.-C. Lee, and S.-M. Cheng.
    In IEEE World Forum on Internet of Things Workshop on User Centric Security, Privacy, and Interoperability in the Context of Internet of Things and Smart Cities, December 2016.
  7. Migrant Attack: A Multi-resource DoS Attack on Cloud Virtual Machine Migration Schemes.
    J.-R. Yeh, H.-C. Hsiao, A.-C. Pang
    In 11th Asia Joint Conference on Information Security (AsiaJCIS), August 2016.
  8. Securing Data Planes in Software-Defined Networks.
    T.-W. Chao, Y.-M. Ke, B.-H. Chen, J.-L. Chen, C. J. Hsieh, S.-C. Lee, H.-C. Hsiao.
    In IEEE International Workshop on Security in Virtualized Networks (Sec-VirtNet), June 2016.
  9. CICADAS: Congesting the Internet with Coordinated And Decentralized Pulsating Attacks.
    Y.-M. Ke, C.-W. Chen, H.-C. Hsiao, A. Perrig, V. Sekar.
    In ACM Asia Conference on Computer and Communications Security (ASIACCS), May 2016.
  10. Poster: VLC-based Authenticated Key Exchange.
    Y.-S. Chen, C.-L. Lin, H.-C. Hsiao, Y.-H. Lin, H.-M. Tsai
    In IEEE Symposium on Security and Privacy (Oakland), May 2016.
  11. SIBRA: Scalable Internet Bandwidth Reservation Architecture.
    C. Basescu, R. M. Reischuk, P. Szalachowski, A. Perrig, Y. Zhang, H.-C. Hsiao, A. Kubota, J. Urakawa.
    In Networked & Distributed System Security Symposium (NDSS), February 2016.
  12. A Secure Authorization System in PHR based on CP-ABE.
    H.-H. Chung, P. Wang, T.-W. Ho, H.-C. Hsiao, F. Lai.
    In IEEE E-Health and Bioengineering Conference (EHB), November 2015.
  13. A Practical System for Guaranteed Access in the Presence of DDoS Attacks and Flash Crowds.
    Y.-H. Kung, T. Lee, P.-N. Tseng, H.-C. Hsiao, T. H.-J. Kim, S. B. Lee, Y.-H. Lin, and A. Perrig.
    In IEEE International Conference on Internet Protocols (ICNP), November 2015.
  14. Efficient Large Flow Detection over Arbitrary Windows: An Algorithm Exact Outside An Ambiguity Region.
    H. Wu, H.-C. Hsiao, and Y.-C. Hu.
    In ACM Internet Measurement Conference (IMC), November 2014.
  15. YourPassword: Applying Feedback Loops to Improve Security Behavior of Managing Multiple Passwords.
    T. H.-J. Kim, H. C. Stuart, H.-C. Hsiao, Y.-H. Lin, L. Zhang, L. Dabbish, and S. Kiesler.
    In ACM Symposium on Information, Computer and Communications Security (ASIACCS), June 2014.
  16. Policy-based secure deletion.
    C. Cachin, K. Haralambiev, H.-C. Hsiao, and A. Sorniotti.
    In ACM Conference on Computer and Communications Security (CCS), November 2013.
  17. STRIDE: Sanctuary Trail -- Refuge from Internet DDoS Entrapment.
    H.-C. Hsiao, T. H.-J. Kim, S. B. Lee, X. Zhang, S. Yoo, V. Gligor and A. Perrig.
    In ACM Symposium on Information, Computer and Communications Security (ASIACCS), May 2013.
  18. LAP: Lightweight Anonymity and Privacy.
    H.-C. Hsiao, T. H.-J. Kim, A. Perrig, A. Yamada, S. C. Nelson, M. Gruteser, and W. Meng.
    In IEEE Symposium on Security and Privacy (Oakland), May 2012.
  19. ShortMAC: Efficient Data-Plane Fault Localization.
    X. Zhang, Z. Zhou, H.-C. Hsiao, T. H.-J. Kim, A. Perrig, and P. Tague.
    In Networked & Distributed System Security Symposium (NDSS), February 2012.
  20. Flooding-Resilient Broadcast Authentication for VANETs.
    H.-C. Hsiao, A. Studer, C. Chen, A. Perrig, F. Bai, B. Bellur, and A. Iyer.
    In ACM Conference on Mobile Computing and Networking (MobiCom), September 2011.
  21. Efficient and Secure Threshold-based Event Validation for VANETs.
    H.-C. Hsiao, A. Studer, R. Dubey, E. Shi, and Adrian Perrig.
    In ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), June 2011.
  22. SCION: Scalability, Control, and Isolation On Next-Generation Networks.
    X. Zhang, H.-C. Hsiao, G. Hasker, H. Chan, A. Perrig, and D. Andersen.
    In IEEE Symposium on Security and Privacy (Oakland), May 2011.
  23. A Study of User-Friendly Hash Comparison Schemes.
    H.-C. Hsiao, Y.-H. Lin, A. Studer, C. Studer, K.-H. Wang, H. Kikuchi, A. Perrig, H.-M. Sun, and B.-Y. Yang.
    In Annual Computer Security Applications Conference (ACSAC), December 2009.
  24. SPATE: Small-group PKI-less Authenticated Trust Establishment.
    Y.-H. Lin, A. Studer, H.-C. Hsiao, J. M. McCune, K.-H. Wang, M. Krohn, P.-L. Lin, A. Perrig, H.-M. Sun, and B.-Y. Yang.
    In ACM Annual International Conference on Mobile Systems, Applications and Services (MobiSys) 2009.

Technical Reports

  1. Verifiable Order Statistics for Secure Aggregation.
    H.-C. Hsiao, C.-Y. Wang, J. M. Hellerstein, W.-C. Teng, and C.-L. Lei.
    Technical Report No. UCB/EECS-2009-48, EECS, University of California, Berkeley, April 2009.
  2. Ho-Po Key: Leveraging physical constraints on human motion to authentically exchange information in a group.
    G. Mezzour, A. Studer, M. Farb, J. Lee, J. McCune, H.-C. Hsiao, and A. Perrig.
    Technical Report CMU-CyLab-11-004, CyLab, Carnegie Mellon University.


Computing Device to Detect Malware.
Hsu-Chun Hsiao, Deng Shuo, Babak Salamat, Rajarshi Gupta, and Saumitra Mohan Das.
US Patent publication number US20130247187, 2013.

Contact Info

Office: Room 511, CSIE Building, #1 Roosevelt Rd. Sec. 4, Taipei 106, Taiwan
Office phone: +886-2-3366-4888 ext. 511