Chao Zhang (张超)

清华大学 网络研究院 副教授
清华大学FIT楼3-209
chaoz # tsinghua.edu.cn
chao.zhang # pku.edu.cn
chaoz # berkeley.edu (expired)

头条

  • 长期招聘对安全感兴趣的博士后、工程师、客座研究生、实习生等,详情查询,邮件联系。

履历

社会兼职

  • 清华大学副教授,博士生导师;
  • 中国科学院·信工所·客座研究员(客座博导)
  • 中国科学院·软件所·客座研究员
  • 中国科学院·网络测评技术重点实验室·学术委员会委员
  • 人工智能学会·人工智能与安全专委会·常务委员(2019)
  • 中国青年科技工作者协会·第六届理事(2019)
  • 北京大学数学学院院友会·第二届理事(2019)
  • InForSec网安国际学术论坛·组委会&技术委员会

研究领域

构建自动、智能软件安全分析与防御系统(黑客AlphaGo)

  • 核心技术
    • 漏洞挖掘、利用、缓解
    • 恶意代码分析与检测
    • 程序分析与测试(源码、二进制)
    • AI for security
  • 目标场景
    • 软件与系统安全
    • AI与安全
    • 物联网、区块链、移动安全

荣誉

  • 清华大学学术新人(2018)
  • 中国区35岁以下科技创新35人(MIT TR35 China,2018)
  • 求是杰出青年学者(2018)
  • 国家X计划青年项目(2018)
  • 中国科协“青年人才托举工程”( 2016-2018)
  • 中国计算机学会“青年人才发展计划”(2017)

Hack for Fun

  • 腾讯CSS安全探索论坛,专业奖(第二名),2019
  • 腾讯CSS安全探索论坛,突破奖(第一名),2018
  • DARPA Cyber Grand Challenge机器自动攻防竞赛
  • Defcon CTF世界黑客夺旗攻防赛,第二名(2016)第五名(2015,2017)
  • Microsoft BlueHat Prize Contest 特别提名奖(2012)

学生成绩

  • 2019, SECCON CTF, 第三名
  • 2019, HITCON CTF, 第一名
  • 2019, GeekPwn,云安全挑战赛(线上赛第一名),智能隐身比赛(第三名)
  • 2019,腾讯CSS安全探索论坛,专业奖(第二名)
  • 2019,DEFCON CTF,第三名
  • 2018,天府杯开放赛,工控设备穿透攻击,优胜奖
  • 2018:腾讯CSS安全探索论坛,突破奖(第一名)
  • 2018:DEFCON CTF,第六名
  • 2018:CNCERT年会,智能设备破解,优胜奖
  • 2017:DoraHacks区块链安全挑战赛,第三名
  • 2017:DEFCON CTF,第五名
  • 2017:GeekPwn,路由器破解,优胜奖

学术成果

会议论文:

  1. Argot: Generating Adversarial Readable Chinese Texts
    Zihan Zhang, Mingxuan Liu, Chao Zhang*, Yiming Zhang, Zhou Li, Qi Li, Haixin Duan, Donghong Sun.
    To appear in the 29th International Joint Conference on Artificial Intelligence (IJCAI’20)
  2. FANS: Fuzzing Android Native System Services via Automated Interface Analysis
    Baozheng Liu, Chao Zhang*, Guang Gong, Yishun Zeng, Haifeng Ruan, Jianwei Zhuge*.
    To appear in the 29th USENIX Security Symposium (USENIX Security’20)
  3. A Large-Scale Empirical Study on Vulnerability Distribution within Projects and the Lessons Learned
    Bingchang Liu, Guozhu Meng*, Wei Zou, Qi Gong, Feng Li, Min Lin, Dandan Sun, Wei Huo, Chao Zhang. To appear in the International Conference on Software Engineering (ICSE 2020)
  4. DRAMD: Detect Advanced DRAM-based Stealthy Communication Channels with Neural Networks
    Zhiyuan Lv, Youjian Zhao, Chao Zhang*, Haibin Li
    To appear in the IEEE Conference on Computer Communications (IEEE INFOCOM 2020)
  5. GreyOne: Data-Flow Sensitive Fuzzing
    Shuitao Gan, Chao Zhang*, Xiaojun Qin, Peng Chen, Bodong Zhao, Zuoning Chen
    To appear in the 29th USENIX Security Symposium (USENIX Security’20)
  6. SRFuzzer: An Automatic Fuzzing Framework for Physical SOHO Router Devices to Discover Multi-Type Vulnerabilities
    Yu Zhang, Wei Huo, Kunpeng Jian, Ji Shi, Haoliang Lu, Longquan Liu, Chen Wang, and Dandan Sun, Chao Zhang, Baoxu Liu
    In the 35th Annual Computer Security Applications Conference (ACSAC’19)
  7. Fuzzing IPC with Knowledge Inference
    Kun Yang, Hanqing Zhao, Chao Zhang*, Jianwei Zhuge and Haixin Duan
    In the 38th International Symposium on Reliable Distributed Systems (SRDS’19)
  8. MOPT: Optimized Mutation Scheduling for Fuzzers
    Chenyang Lyu, Shouling Ji*, Chao Zhang*, Yuwei Li, Wei-Han Lee, Yu Song, Raheem Beyah
    In the 28th USENIX Security Symposium (USENIX Security’19), Santa Clara, CA, Aug 2019
  9. Revery: from Proof-of-Concept to Exploitable (One Step towards Automatic Exploit Generation)
    Yan Wang, Chao Zhang*, Xiaobo Xiang, Zixuan Zhao, Wenjie Li, Xiaorui Gong*, Bingchang Liu, Kaixiang Chen, Wei Zou
    In the ACM Conference on Computer and Communications Security (CCS’18), Toronto, Canada, Oct 2018
  10. Abusing CDNs for Fun and Profit: Security Issues in CDNs’ Origin Validation
    Run Guo, Jianjun Chen, Baojun Liu, Jia Zhang*, Chao Zhang*, Haixin Duan, Tao Wan, Jian Jiang, Shuang Hao, Yaoqi Jia
    In 37th IEEE International Symposium on Reliable Distributed Systems (SRDS 2018), Bahia, Brazil, Oct 2018
  11. αDiff: Cross-Version Binary Code Similarity Detection with DNN
    Binchang Liu, Wei Huo*, Chao Zhang*, Wenchao Li, Feng Li, Aihua Piao, Wei Zou
    In IEEE/ACM Automated Software Engineering (ASE’18), Montpellier, France, Sep 2018
  12. ICUFuzzer: Fuzzing ICU Library for Exploitable Bugs in Multiple Software
    Kun Yang, Yuan Deng, Chao Zhang, Jianwei Zhuge and Haixin Duan
    In Information Security Conference (ISC’18), London, UK, Sep 2018

  13. CollAFL: Path Sensitive Fuzzing
    Shuitao Gan, Chao Zhang*, Xiaojun Qin, Xuwen Tu, Kang Li, Zhongyu Pei, Zuoning Chen
    In IEEE Security & Privacy 2018 (IEEE S&P’18), San Francisco, CA, May 2018

  14. Towards Efficient Heap Overflow Discovery
    Xiangkun Jia, Chao Zhang*, Purui Su*, Yi Yang, Huafeng Huang, Dengguo Feng
    In the 26th {USENIX} Security Symposium ({USENIX} Security 17), Vancouver, BC, Aug 2017
  15. VTrust: Regaining Trust on Virtual Calls
    Chao Zhang, Scott A. Carr, Tongxin Li, Yu Ding, Chengyu Song, Mathias Payer, Dawn Song
    In the Network and Distributed System Security Symposium (NDSS’16), San Diego, CA, Feb 2016
  16. VTint: Protecting Virtual Function Tables’ Integrity
    Chao Zhang, Chengyu Song, Kevin Zhijie Chen, Zhaofeng Chen, Dawn Song
    In the Network and Distributed System Security Symposium (NDSS’15), San Diego, CA, Feb 2015
  17. Exploiting and Protecting Dynamic Code Generation
    Chengyu Song, Chao Zhang, Tielei Wang, Wenke Lee, David Melski
    In the Network and Distributed System Security Symposium (NDSS’15), San Diego, CA, Feb 2015
  18. JITScope: Protecting Web Users from Control-Flow Hijacking Attacks
    Chao Zhang, Mehrdad Niknami, Kevin Zhijie Chen, Chengyu Song, Zhaofeng Chen, Dawn Song
    In the 34th Annual IEEE International Conference on Computer Communications (INFOCOM’15), Hong Kong, China, April 2015 <!– 1. Poster: Classifying Downloaders
    Ding, Yu, Liang Guo, Chao Zhang, Yulong Zhang, Hui Xue, Tao Wei, Yuan Zhou, and Xinhui Han.
    In IEEE Symposium on Security and Privacy (IEEE S&P’15). 2015.
  19. Poster: UAFChecker: Scalable Static Detection of Use-After-Free Vulnerabilities
    Jiayi Ye, Chao Zhang, Xinhui Han
    In the 21st ACM Conference on Computer and Communications Security (CCS’14), Scottsdale, Arizona, Nov 2014
  20. Poster: PHPGate: A Practical White-Delimiter-Tracking Protection against SQL-Injection for PHP
    Lihua Zhang, Yu Ding, Chao Zhang, Lei Duan, Zhaofeng Chen, Tao Wei, Xinhui Han
    In the 24th USENIX Security Symposium, San Diego, CA, Aug 2014 –>
  21. The Store-and-Flood Distributed Reflective Denial of Service Attack
    Bingshuang Liu, Skyler Berg, Jun Li, Tao Wei, Chao Zhang, Xinhui Han
    In the 23rd International Conference on Computer Communications and Networks (ICCCN‘14), Shanghai, China, Aug 2014
  22. Android Low Entropy Demystified
    Yu Ding, Zhuo Peng, Yuanyuan Zhou, Chao Zhang
    In IEEE International Conference on Communications (ICC’14), Sydney, Australia, June 2014
  23. Splider: A Split-based Crawler of the BT-DHT Network and its Applications
    Bingshuang Liu, Shidong Wu, Tao Wei, Chao Zhang, Jun Li, Jianyu Zhang, Yu Chen, Chen Li
    In the 11th Annual IEEE Consumer Communications & Networking Conference (CCNC’14), Las Vegas, Nevada, Jan 2014
  24. Practical Control Flow Integrity & Randomization for Binary Executables
    Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Laszlo Szekeres, Stephen McCamant, Dawn Song, Wei Zou.
    In the 34th IEEE Symposium on Security & Privacy (IEEE S&P’13), San Francisco, CA, May 2013.
  25. Protecting Function Pointers in Binary
    Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Stephen McCamant, Laszlo Szekeres.
    In the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS’13), Hangzhou, China, May 2013. <!– 1. SecGOT: Secure global offset tables in ELF executables
    Chao Zhang, Lei Duan, Tao Wei, Wei Zou.
    In the Proceedings of the International Conference on Computer Science and Electronics Engineering, Hangzhou, China,Mar 2013.
  26. LinkTrust:一种基于PageRank的钓鱼网站检测方法
    张利华,韦韬,李坤,毛剑, 张超,邹维
    第五届信息安全漏洞分析与风险评估大会 (VARA 2012),上海,2012年12月
  27. FPGate: The Last Building Block For A Practical CFI Solution
    Tao Wei, Chao Zhang, Zhaofeng Chen, Lei Duan, Laszlo Szekeres, Stephen McCamant, Dawn Song.
    Technical Report for Microsoft BlueHat Prize Contest, Apr. 2012. –>
  28. A Framework to Eliminate Backdoors from Response Computable Authentication
    Shuaifu Dai, Tao Wei, Chao Zhang, Tielei Wang, Yu Ding, Wei Zou, Zhenkai Liang.
    In the 33rd IEEE Symposium on Security and Privacy (IEEE S&P’12), San Francisco, CA, May 2012.
  29. IntPatch: Automatically Fix Integer-Overflow-to-Buffer-Overflow Vulnerability at Compile-Time
    Chao Zhang, Tielei Wang, Tao Wei, Yu Chen, Wei Zou.
    In the 15th European Symposium on Research in Computer Security (ESORICS’10), Athens, Greece, Sep. 2010.

期刊论文

  1. From Proof-of-Concept to Exploitable (One Step towards Automatic Exploitability Assessment)
    Wang, Yan, Wei Wu, Xiaorui Gong, Chao Zhang, Xinyu Xing, and Wei Zou.
    Accepted by Cybersecurity, 2019
  2. 程序分析研究进展
    张健,张超,玄跻峰,熊英飞,王千祥,梁彬,李炼,窦文生,陈振邦,陈立前,蔡彦
    软件学报,2019,30(1):0
  3. Fuzzing: a survey
    Jun Li, Bodong Zhao, Chao Zhang*
    In Cybersecurity, Jun 2018, 1(1)
  4. Glibc 堆利用的若干方法
    裴中煜, 张超*, 段海新
    信息安全学报, 2018, 3(1): 1-15
  5. 二进制程序中的use-after-free漏洞检测技术
    韩心慧, 魏爽, 叶佳奕, 张超, 叶志远
    清华大学学报(自然科学版), 2017, 57(10): 1022-1029
  6. 基于敏感字符的 SQL注入攻击防御方法
    张慧琳, 丁羽, 张利华, 段镭, 张超, 韦韬, 李冠成, 韩心慧
    计算机研究与发展,2016, 53(10)
  7. Accurate and Efficient Exploit Capture and Classification
    Yu Ding, Tao Wei, Hui Xue, Yulong Zhang, Chao Zhang, Xinhui Han
    In SCIENCE CHINA Information Sciences (SCIS), Vol. 60, No. 5, 2016
  8. SF-DRDoS: The store-and-flood distributed reflective denial of service attack
    Bingshuang Liu, Jun Li, Tao Wei, Skyler Berg, Jiayi Ye, Chen Li, Chao Zhang, Jianyu Zhang, Xinhui Han
    In Computer Communications, Vol. 69, Sep. 2015
  9. Improving lookup reliability in Kad
    Bingshuang Liu, Tao Wei, Chao Zhang, Jun Li, Jianyu Zhang
    In Peer-to-Peer Networking and Applications (PPNA), Vol. 8, Issue 1, Jan. 2015
  10. Using Type Analysis in Compiler to Eliminate Integer-Overflow-to-Buffer-Overflow Threat.
    Chao Zhang, Wei Zou, Tielei Wang, Yu Chen, Tao Wei.
    In Journal of Computer Security (JCS), Vol. 19, No. 6, Dec. 2011

学术服务

Conference co-chair:

  • RAID’19,(Publicity Chair)
  • ACM TUR-C SIGSAC’19, (Publicity Chair)

Conference TPC:

  • CCS’19
  • ASIACCS’19, ‘20
  • RAID’19
  • ICICS’19
  • BAR’18, ‘19
  • CSET’17, ’18
  • SecureComm’18
  • NASAC’18

Journal Editorial Board Member:

Journal Reviewer:

Resources