Network and Information Security Lab @ Tsinghua University

A research team focusing on cyber security at Tsinghua University.
A playground for fun hacking and fundamental research.
Base of the CTF teams Blue-Lotus and RedBud.


Sep 2020 - Our paper Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks was accepted by USENIX Security 2021.

Sep 2020 - Our paper POP and PUSH: Demystifying and Defending against (Mach) Port-Oriented Programming was accepted by NDSS 2021.

Aug 2020 - Our paper Lies in the Air: Characterizing Fake-base-station Spam Ecosystem in China was accepted by CCS 2020.

Aug 2020 - Our paper Finding Cracks in Shields: On the Security of Control Flow Integrity Mechanisms was accepted by CCS 2020.

July 2020 - Our paper CDN Backfired: Amplification Attacks Based on HTTP Range Requests received Best Paper Award in DSN 2020.

June 2020 - Our paper Talking with Familiar Strangers: An Empirical Study on HTTPS Context Confusion Attacks was accepted by CCS 2020.

May 2020 - Our paper Poison Over Troubled Forwarders: A Cache Poisoning Attack Targeting DNS Forwarding Devices was accepted by USENIX Security 2020.

Apr 2020 - Our paper Argot: Generating Adversarial Readable Chinese Texts was accepted by IJCAI 2020.

Mar 2020 - Our paper FANS: Fuzzing Android Native System Services via Automated Interface Analysis was accepted by USENIX Security 2020.

Feb 2020 - Our paper CDN Judo: Breaking the CDN DoS Protection with Itself was accepted by NDSS 2020.

Feb 2020 - Our paper When Match Fields Do Not Need to Match: Buffered Packets Hijacking in SDN was accepted by NDSS 2020.

Feb 2020 - Our paper Poseidon: Mitigating Volumetric DDoS Attacks with Programmable Switches was accepted by NDSS 2020.

Feb 2020 - Our paper A Large-Scale Empirical Study on Vulnerability Distribution within Projects and the Lessons Learned was accepted by ICSE 2020.

Nov 2019 - Our paper DRAMD: Detect Advanced DRAM-based Stealthy Communication Channels with Neural Networks was accepted by INFOCOM 2020.

Jun 2019 - Our paper GreyOne: Data Flow Sensitive Fuzzing was accepted by USENIX Security 2020.


Web Security

Cookie Integrity...

Network Security

Protocol security analysis and design, HTTPS, SDN, 5G, IPv6.

System Security

BlockChain Security, IoT Security, ICS Security

Software Security

Vulnerability analysis, discovery, exploit and mitigation. Malware analysis.

Data-driven Security

Intrusion detection, underground economy analysis.

AI Security

AI for security, and Secure AI.


Looking for highly motivated students, postdoc, and research assistants.

Faculty positions are available as well.

Read more ...