I currently work as a Senior Security Researcher at Censys. I completed
my Ph.D in 2023 in Computer Science and Engineering
at the University of California - San Diego.
I am broadly
interested in quantifying and improving security processes
using data and research science methods. Most recently, I've
been exploring questions related to the Web and Internet
scanning. In the past, I used large-scale empirical
analyses to understand and improve security processes within an
enterprise, examine user behaviors via network traffic, and
answer Web related questions from the perspective of Chrome.
- News
-
- 2024-11-23 --- Our paper titled "Understanding the Efficacy of Phishing Training in Practice" was accepted to IEEE S&P 2025! I am especially proud of this paper as it was the culmination of multiple years of work across many groups, and is a fantastic example of how and why we should be empirically quantifying security phenomenon.
- 2024-08-06 --- I presented two talks at Bsides Las Vegas! The first was an overview of some preliminary findings examining Internet Ephemerality (stay tuned for more!), and the second impromtu talk was a rehash of why we should be using Internet Measurement to answer our burning security questions, and some examples of how this plays out in practice.
- 2024-05-27 --- I presented at my first Bsides in Vancouver! I presented an argument of why we should be using Internet Measurement to answer our burning security questions, and some examples of how this plays out in practice.
- Publications
-
Understanding the Efficacy of Phishing Training in Practice
Grant Ho, Ariana Mirian, Elisa Luo, Khang Tong, Euyhyun Lee, Lin Liu, Christopher A. Longhurst, Christian Dameff, Stefan Savage, Geoffrey M. Voelker
46th IEEE Symposium on Security and Privacy, San Francisco, California, 2025
An Empirical Analysis of Enterprise-Wide Mandatory Password Updates
Ariana Mirian, Grant Ho, Stefan Savage, Geoffrey M. Voelker
Annual Computer Security Applications Conference (ACSAC), Austin, Texas, 2023
Prioritizing Security Practices via Large-Scale Measurement of User Behavior
Ariana Mirian, advised by Stefan Savage and Geoff Voelker
Ph.D Dissertation, University of California, San Diego 2023
Defense Video ("celebration" ends and slides begin at 11:00)
In the Line of Fire: Risks of DPI-triggered Data Collection
Ariana Mirian, Alisha Ukani, Ian Foster, Gautam Akiwate, Taner Halicioglu, Cynthia T. Moore, Alex C. Snoeren, Geoffrey M. Voelker, Stefan Savage
16th Cyber Security Experimentation and Test Workshop (CSET), Marina Del Rey, California, 2023
Forward Pass: On the Security Implications of Email Forwarding Mechanism and Policy
Enze Liu, Gautam Akiwate, Mattijs Jonker, Ariana Mirian, Grant Ho, Geoffrey M. Voelker, Stefan Savage
8th IEEE European Symposium on Security and Privacy (EuroS&P), Delft, Netherlands, 2023
Distinguished Paper Award WinnerLocked-In in During Lock-Down: Undergraduate Life on the Internet in a Pandemic
Alisha Ukani, Ariana Mirian, Alex C. Snoeren
21st Internet Measurement Conference (IMC), Virtual, November 2021
Who’s Got Your Mail? Characterizing Mail Service Provider Usage
Enze Liu, Gautam Akiwate, Mattijs Jonker, Ariana Mirian, Stefan Savage, Geoffrey M. Voelker
21st Internet Measurement Conference (IMC), Virtual, November 2021
CoResident Evil: Covert Communication in the Cloud With Lambdas
Anil Yelam, Shibani Subbareddy, Keerthana Ganesan, Stefan Savage, Ariana Mirian
The Web Conference, Ljubljana, Slovenia, April 2021
Hack for Hire: Investigating the Black Market of Retail Email Account Hacking Services
Ariana Mirian
ACM Queue, Volume 17 Issue 4, October 2019
Communications of the ACM, Volume 62 No. 12, December 2019
Measuring Security Practices and How They Impact Security
Louis DeKoven, Audrey Randall, Ariana Mirian, Gautam Akiwate, Ansel Blume, Lawrence K. Saul, Aaron Schulman, Geoffrey M.Voelker, Stefan Savage
19th Internet Measurement Conference (IMC), Amsterdam, Netherlands, October 2019
Web Feature Deprecation: A Case Study for Chrome
Ariana Mirian, Nikunj Bhagat, Caitlin Sadowski, Adrienne Porter Felt, Stefan Savage, Geoffrey M. Voelker
41st International Conference for Software Engineering, Software Engineering in Practice (ICSE SEIP), Montreal, Canada, May 2019
Hack for Hire: Exploring the Emerging Market for Account Hijacking
Ariana Mirian, Joe DeBlasio, Stefan Savage, Geoffrey M. Voelker, Kurt Thomas
The Web Conference, San Francisco, United States, May 2019
HTTPS Adoption in the Longtail
Ariana Mirian, Christopher Thompson, Stefan Savage, Geoffrey M. Voelker, Adrienne Porter Felt
Google Tech Report, 2018
Security Challenges in an Increasingly Tangled Web
Deepak Kumar, Zane Ma, Zakir Durumeric, Ariana Mirian, Joshua Mason, J. Alex Halderman, Michael Bailey
26th International World Wide Web Conference, Perth, Australia, April 2017
An Internet-Wide View of ICS Devices
Ariana Mirian, Zane Ma, David Adrian, Matthew Tischer, Thasphon Chuenchujit, Tim Yardley, Robin Berthier, Josh Mason, Zakir Durumeric, J. Alex Halderman, and Michael Bailey
14th Annual Privacy, Security and Trust Conference (PST), Auckland, NZ, December 2016
A Search Engine Backed by Internet Wide Scanning
Zakir Durumeric, David Adrian, Ariana Mirian, Michael Bailey, J. Alex Halderman
22nd ACM Computer and Communications Security (CCS), Denver, CO, October 2015
Neither Snow Nor Rain Nor MITM…An Empirical Analysis of Mail Delivery Security
Zakir Durumeric, David Adrian, Ariana Mirian, James Kasten, Kurt Thomas, Vijay Eranti, Nicolas Lidzborski, Elie Bursztein, Michael Bailey, J. Alex Halderman
15th ACM Internet Measurement Conference (IMC), Tokyo, October 2015 IRTF Applied Networking Research Prize (ANRP)
- Industry Experience
-
Researcher ITS Security Team, ITS Security Team, 2021-2023
Assessed problems with security processes collaboration with IT employees around: vulnerability remediation, phishing training, security policy communications, and security education training effects on outcome.
Software Engineering Intern Metrics team, Google Chrome, 2018
Mentor: Nik Bhagat, Caitlin Sadowski, and Adrienne Porter Felt
Examined web feature deprecation process via Chrome, and developed a new set of guidelines and corresponding (internal) tool to better the deprecation process
Software Engineering Intern Enamel team, Google Chrome Security, 2017
Mentor: Adrienne Porter Felt and Emily Stark
Explored HTTPS adoption hurdles for small (longtail) site owners, which culminated in a publication submission.
Product Manager Intern RetailMeNot, 2014
Mentors: Jaimee McCord and Sonia Nagar
Successfully led a team of three other interns towards completion of a product (now deprecated) for the company.
- Other Writings
-
- 2023-12-05 On Novelty
- 2023-06-28 On Finishing My PhD
- 2023-06-28 On Writing
- Service
- Usenix Security PC Member: 2021 - 2023
- Usenix CSET PC Member: 2019 - 2021
- Department Leadership
- CSE Diversity, Equity, and Inclusion committee, 2018-2021
- CSE Graduate Women in Computing, 2017-2021
- CSE PhD Admissions Committee, 2017-2020
- CSE Social Hour and Coffee Hour Chair, 2016-2017