I'm an Assistant Professor in the Department of Computer Science and Information Engineering and Graduate Institute of Networking and Multimedia at National Taiwan University. I also hold an adjunct assistant researcher position in the Center for Information Technology Innovation at Academia Sinica. Since September 2018, I serve as a Section Chief in the Information Technology Office, National Taiwan University Hospital.

I completed my Ph.D. (2014) in Electrical and Computer Engineering at Carnegie Mellon University. I received my M.S. (2008) and B.S. (2006) degrees in Electrical Engineering at National Taiwan University.


Interested in joining Network Security Lab? We are interested in the field of computer and network security, with focuses on DDoS defense, automated vulnerability discovery, and IoT security lately. We are actively recruiting highly motivated students and researchers! Email me or drop by R307 to chat with awesome nslab members.

Selected Honors

Letters of Recommendation Policy: Please read this before requesting for letters of recommendation.



Journal Articles

  1. SAFECHAIN: Securing Trigger-Action Programming from Attack Chains. [dataset]
    K.-H. Hsu, Y.-H. Chiang, H.-C. Hsiao.
    To appear in IEEE Transactions on Information Forensics and Security.
  2. GROUPIT: Lightweight Group Key Management for Dynamic IoT Environments.
    Y.-H. Kung, H.-C. Hsiao.
    in IEEE Internet of Things Journal, vol. 5, no. 6, pp. 5155-5165, Dec. 2018.
  3. Traffic-aware Patching for Cyber Security in Mobile IoT.
    S.-M. Cheng, P.-Y. Chen, C.-C. Lin, H.-C. Hsiao.
    IEEE Communications Magazine, 2017.
  4. Decapitation via Digital Epidemics: A Bio-Inspired Transmissive Attack.
    P.-Y. Chen, C.-C. Lin, S.-M. Cheng, H.-C. Hsiao, and C.-Y. Huang.
    IEEE Communications Magazine, 2016.
  5. Insider Collusion Attack on Privacy-preserving Kernel-based Data Mining Systems.
    P. S. Wang, F. Lai, H.-C. Hsiao, and J.-L. Wu
    IEEE Access, vol. 4, pp. 2244-2255, 2016.
  6. Secure Distributed Data Aggregation.
    H. Chen, H.-C. Hsiao, A. Perrig, and D. Song.
    Journal of Foundations and Trends in Databases, Vol. 3, No. 3, pp 149-201, 2011.
  7. SPATE: Small-group PKI-less Authenticated Trust Establishment.
    Y.-H. Lin, A. Studer, Y.-H. Chen, H.-C. Hsiao, E. L.-H. Kuo, J. M. McCune, K.-H. Wang, M. Krohn, A. Perrig, B.-Y. Yang, H.-M. Sun, P.-L. Lin, and J. Lee.
    IEEE Transactions on Mobile Computing, 9(12): 1666-1681, 2010.
  8. A Survey of Secure Data Aggregation on Sensor Networks.
    Y.-S. Chen, H.-C. Hsiao, and C.-L. Lei.
    Communications of Chinese Cryptology and Information Security Association (CCISA), Vol.13 No.4 pp17-28, 2007.

Conference and Workshop Papers

  1. On the Feasibility of Rerouting-based DDoS Defenses.
    M. Tran, M. S. Kang, H.-C. Hsiao, W.-H. Chiang, S.-P. Tung and Y.-S. Wang
    To appear in IEEE Symposium on Security and Privacy (IEEE S&P), May 2019.
  2. An Investigation of Cyber Autonomy on Government Websites (Short Paper) [dataset]
    H.-C. Hsiao, T. H.-J. Kim, Y.-M. Ku, C.-M. Chang, H.-F. Chen, Y.-J. Chen, C.-W. Wang and W. Jeng
    To appear in The Web Conference (TheWebConf, formerly known as WWW), May 2019.
  3. Enhancing Symbolic Execution by Machine Learning Based Solver Selection [code]
    S.-H. Wen, W.-L. Mow, W.-N. Chen, C.-Y. Wang, H.-C. Hsiao
    in NDSS workshop on Binary Analysis Research, February 2019.
  4. Dynamic Path Pruning in Symbolic Execution.
    Y.-S. Chen, W.-N. Chen, C.-Y. Wu, H.-C. Hsiao, S.-K. Huang
    in IEEE Conference on Dependable and Secure Computing (DSC), December 2018.
  5. CLEF: Limiting the Damage Caused by Large Flows in the Internet Core.
    H. Wu, H.-C. Hsiao, D. E. Asoni, S. Scherrer, A. Perrig, Y.-C. Hu
    in International Conference on Cryptology and Network Security (CANS), September 2018.
  6. SDNProbe: Lightweight Fault Localization in the Error-Prone Environment. [code]
    Y.-M, Ke, H.-C. Hsiao, T. H.-J. Kim
    In IEEE International Conference on Distributed Computing Systems (ICDCS), July 2018.
  7. DAMUP: Practical and Privacy-aware Cloud-based DDoS Mitigation. [code]
    S.-C. Lin, P.-W. Huang, H.-Y. Wang, H.-C. Hsiao
    In IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT), April 2018.
  8. INSTRIM: Lightweight Instrumentation for Coverage-guided Fuzzing. [code]
    C.-C. Hsu, C.-Y. Wu, H.-C. Hsiao, S.-K. Huang
    In NDSS Workshop on Binary Analysis Research, February 2018.
  9. A Generic Web Application Testing and Attack Data Generation Method.
    H.-Y. Shih, H.-L. Lu, C.-C. Yeh, H.-C. Hsiao, S.-K. Huang
    In International Conference on Security with Intelligent Computing and Big-data Services (SICBS), December 2017.
  10. Security Implications of Redirection Trail in Popular Websites Worldwide.
    L. Chang, W.-H. Lin, H.-C. Hsiao, W. Jeng, T. H.-J. Kim
    In 26th International World Wide Web Conference (WWW), April 2017.
  11. SandUSB: An Installation-Free Sandbox for USB Peripherals.
    E. L. Loe, H.-C. Hsiao, T. H.-J. Kim, S.-C. Lee, and S.-M. Cheng.
    In IEEE World Forum on Internet of Things Workshop on User Centric Security, Privacy, and Interoperability in the Context of Internet of Things and Smart Cities, December 2016.
  12. Migrant Attack: A Multi-resource DoS Attack on Cloud Virtual Machine Migration Schemes.
    J.-R. Yeh, H.-C. Hsiao, A.-C. Pang
    In 11th Asia Joint Conference on Information Security (AsiaJCIS), August 2016.
  13. Securing Data Planes in Software-Defined Networks.
    T.-W. Chao, Y.-M. Ke, B.-H. Chen, J.-L. Chen, C. J. Hsieh, S.-C. Lee, H.-C. Hsiao.
    In IEEE International Workshop on Security in Virtualized Networks (Sec-VirtNet), June 2016.
  14. CICADAS: Congesting the Internet with Coordinated And Decentralized Pulsating Attacks.
    Y.-M. Ke, C.-W. Chen, H.-C. Hsiao, A. Perrig, V. Sekar.
    In ACM Asia Conference on Computer and Communications Security (ASIACCS), May 2016.
  15. SIBRA: Scalable Internet Bandwidth Reservation Architecture.
    C. Basescu, R. M. Reischuk, P. Szalachowski, A. Perrig, Y. Zhang, H.-C. Hsiao, A. Kubota, J. Urakawa.
    In Networked & Distributed System Security Symposium (NDSS), February 2016.
  16. A Secure Authorization System in PHR based on CP-ABE.
    H.-H. Chung, P. Wang, T.-W. Ho, H.-C. Hsiao, F. Lai.
    In IEEE E-Health and Bioengineering Conference (EHB), November 2015.
  17. A Practical System for Guaranteed Access in the Presence of DDoS Attacks and Flash Crowds.
    Y.-H. Kung, T. Lee, P.-N. Tseng, H.-C. Hsiao, T. H.-J. Kim, S. B. Lee, Y.-H. Lin, and A. Perrig.
    In IEEE International Conference on Internet Protocols (ICNP), November 2015.
  18. Efficient Large Flow Detection over Arbitrary Windows: An Algorithm Exact Outside An Ambiguity Region.
    H. Wu, H.-C. Hsiao, and Y.-C. Hu.
    In ACM Internet Measurement Conference (IMC), November 2014.
  19. YourPassword: Applying Feedback Loops to Improve Security Behavior of Managing Multiple Passwords. (Short Paper)
    T. H.-J. Kim, H. C. Stuart, H.-C. Hsiao, Y.-H. Lin, L. Zhang, L. Dabbish, and S. Kiesler.
    In ACM Symposium on Information, Computer and Communications Security (ASIACCS), June 2014.
  20. Policy-based secure deletion.
    C. Cachin, K. Haralambiev, H.-C. Hsiao, and A. Sorniotti.
    In ACM Conference on Computer and Communications Security (CCS), November 2013.
  21. STRIDE: Sanctuary Trail -- Refuge from Internet DDoS Entrapment.
    H.-C. Hsiao, T. H.-J. Kim, S. B. Lee, X. Zhang, S. Yoo, V. Gligor and A. Perrig.
    In ACM Symposium on Information, Computer and Communications Security (ASIACCS), May 2013.
  22. LAP: Lightweight Anonymity and Privacy.
    H.-C. Hsiao, T. H.-J. Kim, A. Perrig, A. Yamada, S. C. Nelson, M. Gruteser, and W. Meng.
    In IEEE Symposium on Security and Privacy (Oakland), May 2012.
  23. ShortMAC: Efficient Data-Plane Fault Localization.
    X. Zhang, Z. Zhou, H.-C. Hsiao, T. H.-J. Kim, A. Perrig, and P. Tague.
    In Networked & Distributed System Security Symposium (NDSS), February 2012.
  24. Flooding-Resilient Broadcast Authentication for VANETs.
    H.-C. Hsiao, A. Studer, C. Chen, A. Perrig, F. Bai, B. Bellur, and A. Iyer.
    In ACM Conference on Mobile Computing and Networking (MobiCom), September 2011.
  25. Efficient and Secure Threshold-based Event Validation for VANETs.
    H.-C. Hsiao, A. Studer, R. Dubey, E. Shi, and Adrian Perrig.
    In ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), June 2011.
  26. SCION: Scalability, Control, and Isolation On Next-Generation Networks.
    X. Zhang, H.-C. Hsiao, G. Hasker, H. Chan, A. Perrig, and D. Andersen.
    In IEEE Symposium on Security and Privacy (Oakland), May 2011.
  27. A Study of User-Friendly Hash Comparison Schemes.
    H.-C. Hsiao, Y.-H. Lin, A. Studer, C. Studer, K.-H. Wang, H. Kikuchi, A. Perrig, H.-M. Sun, and B.-Y. Yang.
    In Annual Computer Security Applications Conference (ACSAC), December 2009.
  28. SPATE: Small-group PKI-less Authenticated Trust Establishment.
    Y.-H. Lin, A. Studer, H.-C. Hsiao, J. M. McCune, K.-H. Wang, M. Krohn, P.-L. Lin, A. Perrig, H.-M. Sun, and B.-Y. Yang.
    In ACM Annual International Conference on Mobile Systems, Applications and Services (MobiSys) 2009.

Posters and Extended Abstracts

  1. Challenges in Realizing Privacy-aware Cloud-based DDoS Mitigation Mechanism.
    S.-C. Lin, W.-N. Chen, H.-C. Hsiao
    in USENIX Security Symposium Poster Session, August 2018.
  2. Need Tickets? A Case Study of Bot-enabled Ticket Scalping.
    C.-C. Lin, H.-C. Hsiao
    Extended Abstract in APWG.EU eCrime Cyber-Security Symposium, October 2017.
  3. Poster: VLC-based Authenticated Key Exchange.
    Y.-S. Chen, C.-L. Lin, H.-C. Hsiao, Y.-H. Lin, H.-M. Tsai
    in IEEE Symposium on Security and Privacy (Oakland), May 2016.

Technical Reports

  1. Verifiable Order Statistics for Secure Aggregation.
    H.-C. Hsiao, C.-Y. Wang, J. M. Hellerstein, W.-C. Teng, and C.-L. Lei.
    Technical Report No. UCB/EECS-2009-48, EECS, University of California, Berkeley, April 2009.
  2. Ho-Po Key: Leveraging physical constraints on human motion to authentically exchange information in a group.
    G. Mezzour, A. Studer, M. Farb, J. Lee, J. McCune, H.-C. Hsiao, and A. Perrig.
    Technical Report CMU-CyLab-11-004, CyLab, Carnegie Mellon University.


Computing Device to Detect Malware.
H.-C. Hsiao, D. Shuo, B. Salamat, R. Gupta, and S. M. Das.
US Patent publication number US20130247187, 2013.

Contact Info

Office: Room 511, CSIE Building, #1 Roosevelt Rd. Sec. 4, Taipei 106, Taiwan
Office phone: +886-2-3366-4888 ext. 511