Best Talks at Network and Distributed System Security (NDSS) Symposium 2026

Editor's picks · 12 talks

Hand-picked from in-depth reviewer verdicts. View all talks at Network and Distributed System Security (NDSS) Symposium 2026 →

  1. 1. NeuroStrike: Neuron-Level Attacks on Aligned LLMs — Lichao Wu

    This talk presents **NeuroStrike**, a neuron-level attack that jailbreaks aligned large language models by identifying and pruning **safety neurons** -- the specific neurons responsible for the model's refusal behavior when presented with…

  2. 2. Breaking Isolation: A New Perspective on Hypervisor Exploitation via Cross-Domain Attacks — Gaoning Pan

    Virtual machine escape from hypervisors like **QEMU** and **VirtualBox** is one of the most consequential exploit classes in cloud security. This talk introduces **cross-domain attacks**, a systematic exploitation technique that makes…

  3. 3. Trust Me, I Know This Function: Hijacking LLM Static Analysis using Bias — Shir Bernstein

    This talk presents a novel attack class called **Familiar Pattern Attacks (FPAs)** that exploits a fundamental weakness in how LLMs analyze code: **abstraction bias**. When LLMs encounter code patterns they have seen thousands of times…

  4. 4. IsolatOS: Detecting Double Fetch Bugs in COTS RTOS by Re-enabling Kernel Isolation — Yingjie Cao

    Real-time operating systems (RTOS) are the invisible backbone of cyber-physical systems -- from automotive ECUs and aerospace systems to power plants and medical devices. With over **2.2 billion embedded devices** relying on RTOS, the…

  5. 5. Unknown Target: Uncovering and Detecting Novel In-Flight Attacks to Collision Avoidance (TCAS) — Giacomo Longo

    Giacomo Longo presents groundbreaking research analyzing what may be the **first real-world cyber attack against aircraft collision avoidance systems (TCAS)**. On March 1, 2025, at Washington National Airport (DCA), 10 aircraft…

  6. 6. ObliInjection: Order-Oblivious Prompt Injection Attack to LLM Agents with Multi-source Data — Reachal Wang

    Most prompt injection attacks assume the attacker controls the entire data portion of an LLM's input. In real-world multi-source scenarios -- product review summarization, AI-powered search, multi-document QA -- the attacker controls only…

  7. 7. FlyTrap: Physical Distance-Pulling Attack Towards Camera-based Autonomous Target Tracking Systems — Shaoyuan Xie

    FlyTrap is the first **distance-pulling attack** against camera-based autonomous drone tracking systems. By printing adversarial patterns on an ordinary **umbrella** ($20 on Amazon), an attacker can trick a tracking drone into…

  8. 8. SIPConfusion: Exploiting SIP Semantic Ambiguities for Caller ID and SMS Spoofing — Qi Wang

    The **Session Initiation Protocol (SIP)** underpins modern voice, video, and messaging infrastructure -- from VoIP (projected at **$326 billion by 2032**) to **Rich Communication Services (RCS)** with over **1 billion active users**…

  9. 9. Actively Understanding the Dynamics and Risks of the Threat Intelligence Ecosystem — Tillson Galloway

    The **threat intelligence (TI) ecosystem** is a multi-billion dollar industry where vendors ingest, analyze, and share malware samples and indicators of compromise (IoCs) through complex supply chain relationships. This talk presents a…

  10. 10. A Hard-Label Black-Box Evasion Attack against ML-based Malicious Traffic Detection Systems — Zixuan Liu

    This talk introduces **NetMasquerade**, a practical hard-label black-box evasion attack against machine learning-based malicious traffic detection systems. The research addresses a critical gap in adversarial ML for network security…

  11. 11. In-Context Probing for Membership Inference in Fine-Tuned Language Models — Zhexi Lu

    This talk presents a novel **membership inference attack (MIA)** against fine-tuned language models that exploits a fundamental property of training dynamics called the **optimization gap**. The key insight is that member samples (data…

  12. 12. Characterizing the Implementation of Censorship Policies in Chinese LLM Services — Anna Ablove

    This talk presents a systematic study of how five major Chinese LLM services -- **DeepSeek**, **Kimi**, **Qwen**, **Doubao**, and **Baidu Chat (Wenxiaoyan)** -- implement censorship through combinations of **input filtering**…

View all talks at Network and Distributed System Security (NDSS) Symposium 2026