New Security Threats Caused by IMS-based SMS Service in 4G LTE Networks 14:00-15:10pm May 27, 2021seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Hui Gao .Abstract:SIP协议部署安全性分析,提出了几种攻击并给出缓解措施。(值得一提的是,虽然文章是16年的,【RCS】 或者叫【5G消息】仍是基于SIP的)
Abusing Hidden Properties to Attack the Node.js Ecosystem 15:10-16:10pm May 27, 2021seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Kaixiang Chen .Abstract:
Your Phone is My Proxy: Detecting and Understanding Mobile Proxy Networks 15:10-16:10pm May 20, 2021seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Zhuoqun fu .Abstract:本文对移动代理网络进行了测量分析
TLS 1.3 in Practice How TLS 1.3 Contributes to the Internet + On the Origin of Scanning- The Impact of Location on Internet-Wide Scans 14:00-15:10pm May 13, 2021seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Jiachen Li .Abstract:对于一项TLS 1.3测量工作,以及“ipv4 扫描”方法本身准确性的讨论。
Understanding the Growth and Security Considerations of ECS 14:00-15:10pm April 29, 2021seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Chunying Leng .Abstract:本文对DNS的一个扩展协议——ECS进行了测量。
Classifying Sequences of Extreme Length with Constant Memory Applied to Malware Detection 15:10-16:10pm April 29, 2021seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Jialai Wang .Abstract:本文提出了一种训练大尺寸恶意软件的方法;并提出了一种新的模型结构来检测恶意软件。
TextShield: Robust Text Classification Based on Multimodal Embedding and Neural Machine Translation 14:00-15:10pm April 22, 2021seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Chuyun Deng .Abstract:通过机器翻译和多模型融合防御文本对抗攻击。
NtFuzz: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis 15:10-16:10pm April 22, 2021seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Sirui Mu .Abstract:本文介绍了一种对 Windows 内核进行模糊测试的方案
WINNIE: Fuzzing Windows Applications with Harness Synthesis and Fast Cloning 15:10-16:10pm April 15, 2021seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Zheyu Ma .Abstract:本文介绍了一种Fuzz Windows应用程序的工具
Topic:NLP-related Security Papers 14:00-15:10pm April 15, 2021seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Kaiwen Shen .Abstract:对网络安全领域利用NLP技术进行相关研究的简要分享
Zoom on the Keystrokes: Exploiting Video Calls for Keystroke Inference Attacks 14:00-15:10pm April 08, 2021seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Yiming Zhang .Abstract:介绍一种侧信道攻击,通过敲击键盘输入时的手臂移动,推断远程视频会议的参与者的私密输入内容
Introduction to Defi—DEx part 15:10-16:10pm April 08, 2021seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Dayu Wang .Abstract:去中心化金融和去中心化交易所的介绍
Fuzzing Hardware Like Software 15:10-16:10pm April 01, 2021seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Zheming Li .Abstract:将RTL转化为软件模型进行Fuzz
Detecting Probe-resistant Proxies 14:00-15:10pm April 01, 2021seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Tianyu Gao .Abstract:对隐蔽代理进行探测与测量
NXNSAttack: Recursive DNS Inefficiencies and Vulnerabilities 14:00-15:10pm March 25, 2021seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Xiang Li .Abstract:作者提出了一种新型的 DNS DoS 漏洞及对应的攻击,NXNSAttack,即不存在的 NS 记录,比已有的 NXDomain 攻击(Negative cache)危害更大。攻击者通过控制一个 authority,回复不存在 glue 记录的 NS referral 包,将 referral 指向受害者域名,利用 resolver 发起众多的查询来造成放大攻击。
Introduction to Secure Multi-party Computation 15:10-16:10pm March 25, 2021seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Yun Li .Abstract:对多方安全计算的简单介绍
WeepingCAN: A Stealthy CAN Bus-off Attack 15:10-16:10pm March 18, 2021seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Li Yue .Abstract:改进的CAN总线上Bus-Off攻击。
A talk about DNS measurement 14:00-15:10pm March 18, 2021seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Fenglu Zhang .Abstract:三篇关于DNS测量的工作介绍(IMC)
Accurately Measuring Global Risk of Ampli?cation Attacks using AmpMap 14:00-15:10pm March 11, 2021seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Mingming Zhang .Abstract:系统性地测量了UDP放大攻击的触发条件和影响规模
域名流行度相关论文综述 14:00-15:10pm March 04, 2021seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Qinge Xie .Abstract:对域名流行度排名的研究工作进行综述
KUBO: Precise and Scalable Detection of User-triggerable Undefined Behavior Bugs in OS Kernel 15:10-16:10pm March 04, 2021seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Bodong Zhao .Abstract:KUBO,一个可扩展性和精度兼备的Linux内核Undefined Behavior静态检测工具
HVLearn: Automated Black-box Analysis of Hostname Verification in SSL/TLS Implementations 15:10-16:10pm November 19, 2020seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Mingming Zhang .Abstract:利用自动机的方式自动化地分析SSL implementation中关于hostname验证逻辑问题
Cupid: Automatic Fuzzer Selection for Collaborative Fuzzing 14:00-15:10pm November 19, 2020seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Sirui Mu .Abstract:利用简单的概率模型选择EnFuzz的互补性最强的基模糊测试器
iDEA: Static Analysis on the Security of Apple Kernel Drivers 15:10-16:10pm November 12, 2020seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Ming Yuan .Abstract:
Privacy Risks of General-Purpose Language Models 14:00-15:10pm November 12, 2020seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Mingxuan Liu .Abstract:通用语言模型中的文本嵌入从纯文本中捕获了大量的敏感信息,可以通过逆向工程来披露受害者的敏感信息,以便进一步骚扰。
英文论文写作技巧 14:00-15:10pm November 12, 2020seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Chaoyi Lu .Abstract:介绍一些个人常用的英文论文写作技巧
Topic: CFG-based Binary Code Similarity Comparison 15:10-16:10pm November 05, 2020seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Zihan Zhang .Abstract:分析15篇基于控制流图来分析二进制代码相似性的工作
Topic: Automata Learning 14:00-15:10pm November 05, 2020seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Kaiwen Shen .Abstract:分享一些利用模型学习对网络协议形式化分析的方法
SoK: Understanding the Prevailing Security Vulnerabilities in TrustZone-assisted TEE Systems 15:10-16:10pm October 29, 2020seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Zhizheng Lv .Abstract:对主流TrustZone-assisted的TEE系统安全性分析
Ethical Considerations in Network Security Research 14:00-15:10pm October 29, 2020seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Yiming Zhang .Abstract:针对目前网络安全研究中的道德规范问题进行综述分享
UNIFUZZ: A Holistic and Pragmatic Metrics-Driven Platform for Evaluating Fuzzers 15:10-16:10pm October 22, 2020seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Shisong Qin .Abstract:提出一个指标驱动的fuzzer评估平台
Composition Kills: A Case Study of Email Sender Authentication 14:00-15:00pm October 22, 2020seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Chuhan Wang .Abstract:在目前邮件生态中,如何绕过现有防御措施进行邮件伪造攻击
Sunrise to Sunset: Analyzing the End-to-end Life Cycle and Effectiveness of Phishing Attacks at Scale 15:10-16:10pm October 15, 2020seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Chuyun Deng .Abstract:通过对大规模钓鱼攻击的端对端生命周期测量来隔离和识别钓鱼探测的真空期。
Rust: Security and Efficiency 15:10-16:10pm October 15, 2020seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Sirui Mu .Abstract:对 Rust 编程语言的特点、使用场景、基本语言设计以及其实现编译期内存安全和线程安全的方法进行介绍
Fuzzing Error Handling Code using Context-Sensitive Software Fault Injection 14:00-15:00pm October 15, 2020seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Zheyu Ma .Abstract:使用上下文敏感的软件错误注入(SFI)方法对程序中的错误处理函数进行Fuzz
IMP4GT: IMPersonation Attacks in 4G NeTworks 14:00-15:00pm October 08, 2020seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Xiang Li .Abstract:利用LTE网络中用户层面流量未被完整性保护的缺陷,可以任意伪造用户设备或者LTE网络进行通信
Machine Unlearning 15:10-16:10pm September 24, 2020seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Wenyu Zhu .Abstract:提出了针对深度神经网络的遗忘训练方法
You Are What You Broadcast: Identification of Mobile and IoT Devices from (Public) WiFi 14:00-15:00pm September 24, 2020seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Zhuoqun Fu .Abstract:利用广播/组播字段特征进行设备识别和恶意行为检测
FuzzGuard: Filtering out Unreachable Inputs in Directed Grey-box Fuzzing through Deep Learning 15:10-16:10pm September 17, 2020seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Hao Wang .Abstract:这篇工作使用深度学习的方法在执行一个输入前去预测该种子文件对定向的测试目标是否可达,帮助定向灰盒fuzzing来过滤无效的种子来提高fuzzing的效率
Cached and Confused: Web Cache Deception in the Wild 14:00-15:00pm September 17, 2020seminar @ Tencent Meeting, Tsinghua University, Beijing Presenters: Jiachen Li .Abstract:针对2017年提出的WCD漏洞的一次大规模自动化测量。
USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation (Usenix Sec 2020) 15:10-16:10pm June 18, 2020seminar @ zoom, Tsinghua University, Beijing Presenters: Bodong Zhao .Abstract:通过虚拟usb设备对usb驱动代码进行模糊测试。
CDN Backfired: Amplification Attacks Based on HTTP Range Requests (DSN 2020) 14:00-15:00pm June 18, 2020seminar @ zoom, Tsinghua University, Beijing Presenters: Weizhong Li .Abstract:HTTP范围请求机制在CDN环境中所导致的安全问题。
Squirrel: Testing Database Management Systems with Language Validity and Coverage Feedback (CCS 2020) 15:10-16:10pm June 04, 2020seminar @ zoom, Tsinghua University, Beijing Presenters: Xingman Chen .Abstract:对DBMS进行模糊测试,生成语言有效性的测试用例,并使用覆盖率反馈提高测试效果。
A Longitudinal Study of PII Leaks Across Android App Versions (NDSS 2018) 14:00-15:00pm June 04, 2020seminar @ zoom, Tsinghua University, Beijing Presenters: Yiming Zhang .Abstract:对移动APP用户隐私泄露现象的检测及测量分析。
Certificate Ecosystem研究综述 14:00-15:00pm May 28, 2020seminar @ zoom, Tsinghua University, Beijing Presenters: Mingming Zhang .Abstract:近年关于Certificate Ecosystem的研究综述。
FANS: Fuzzing Android Native System Services via Automated Interface Analysis 15:10-16:10pm May 28, 2020seminar @ zoom, Tsinghua University, Beijing Presenters: Baozheng Liu .Abstract:基于自动化接口分析的方式来测试Android原生系统服务。
内核中的原子性漏洞 15:10-16:10pm May 21, 2020seminar @ zoom, Tsinghua University, Beijing Presenters: Ming Yuan .Abstract:介绍内核中一些不常见的原子性漏洞。
分布式拒绝服务攻击研究综述 14:00-15:00pm May 21, 2020seminar @ zoom, Tsinghua University, Beijing Presenters: Run Guo, Weizhong Li .Abstract:近年DDoS攻击研究综述。
基于深度学习的恶意流量检测 15:30-16:30pm May 14, 2020seminar @ zoom, Tsinghua University, Beijing Presenters: Shuqiang Lu, Ennan Zheng .Abstract:基于深度学习的恶意流量检测综述。
IPv6地址发现相关研究 14:00-15:00pm May 07, 2020seminar @ zoom, Tsinghua University, Beijing Presenters: Tianyu Gan, Xiang Li .Abstract:IPv6地址发现相关安全问题介绍及研究。
FuzzGen: Automatic Fuzzer Generation (USENIX’20) 15:10-16:10pm May 07, 2020seminar @ zoom, Tsinghua University, Beijing Presenters: Sirui Mu .Abstract:本论文提出了一个自动化地为library生成fuzzer,且能够满足library function之间的依赖关系的方案。
EcoFuzz: Adaptive Energy-Saving Greybox Fuzzing as a Variant of the Adversarial Multi-Armed Bandit (USENIX’20) 15:10-16:10pm April 23, 2020seminar @ zoom, Tsinghua University, Beijing Presenters: Hao Wang .Abstract:用一个多臂老虎机模型的变种来给灰盒fuzz建模,给出了在一定执行次数情况下路径探索效率最大化的方法。
差分隐私简介和研究综述 14:00-15:00pm April 16, 2020seminar @ zoom, Tsinghua University, Beijing Presenters: Deliang Chang .Abstract:关于差分隐私的简单介绍和相关研究的介绍。
NativeX: Native Executioner Freezes Android (ASIACCS’20) 15:10-16:10pm April 16, 2020seminar @ zoom, Tsinghua University, Beijing Presenters: Qinsheng Hou .Abstract:Android Native进程管理机制的缺陷。
基于搜索引擎的漏洞分布测量 15:10-16:10pm April 09, 2020seminar @ zoom, Tsinghua University, Beijing Presenters: Yixiong Wu .Abstract:近年关于借助搜索引擎实现网络空间已知漏洞评估的相关研究综述。
ParmeSan: Sanitizer-guided Greybox Fuzzing (Usenix Sec’20) 15:10-16:10pm April 02, 2020seminar @ zoom, Tsinghua University, Beijing Presenters: Zheyu Ma .Abstract:本篇论提出了sanitizer引导的定向Fuzzer——ParmeSan。
Burglars’IoT Paradise: Understanding and Mitigating Security Risks of General Messaging Protocols on IoT Clouds (Oakland’20) 14:00-15:00pm April 02, 2020seminar @ zoom, Tsinghua University, Beijing Presenters: Huikai Xu .Abstract:本篇论文研究了MQTT协议在IoT云端的安全问题。
Bobtail: Improved Blockchain Security with Low-Variance Mining (NDSS’20) 15:10-16:10pm March 26, 2020seminar @ zoom, Tsinghua University, Beijing Presenters: Dayu Wang .Abstract:本篇论文提出了一种具有较低出块时间方差的PoW替代算法。
The Broken Broker - MQTT安全研究报告 14:00-15:00pm March 26, 2020seminar @ zoom, Tsinghua University, Beijing Presenters: Yue Liu .Abstract:MQTT安全研究。
Into the Deep Web: Understanding E-commerce Fraud from Autonomous Chat with Cybercriminals (NDSS’20) 14:00-15:00pm March 19, 2020seminar @ zoom, Tsinghua University, Beijing Presenters: Kun Du .Abstract:提出了第一个黑产聊天机器人Aubrey。
Automated Cross-Platform Reverse Engineering of CAN Bus Commands From Mobile Apps (NDSS’20) 15:10-16:10pm March 19, 2020seminar @ zoom, Tsinghua University, Beijing Presenters: Li Yue .Abstract:提出了一种自动化逆向CAN总线命令的系统CANHUNTER。
HYPER-CUBE: High-Dimensional Hypervisor Fuzzing (NDSS’20) 14:00-15:00pm March 12, 2020seminar @ zoom, Tsinghua University, Beijing Presenters: Zheming Li .Abstract:提出了一种新的针对Hypervisor的高效fuzzing方案。
Breaking LTE on Layer Two (Oakland’19) 15:10-16:10pm March 12, 2020seminar @ zoom, Tsinghua University, Beijing Presenters: Hui Gao .Abstract:分析了LTE协议栈数据链路层存在的漏洞,描述了3种攻击方式。
Spectre Attack and Defense Mechanism 15:10-16:10pm March 05, 2020seminar @ zoom, Tsinghua University, Beijing Presenters: Zhiyuan Lv .Abstract:Spectre攻击及防御综述。
对抗文本研究综述 14:00-15:00pm March 05, 2020seminar @ zoom, Tsinghua University, Beijing Presenters: Mingxuan Liu .Abstract:对抗文本研究综述。
Breif Talk on Represent Learning 14:00-15:00pm February 27, 2020seminar @ zoom, Tsinghua University, Beijing Presenters: Kaixiang Chen .Abstract:知识表示学习综述。
Detecting TCP/IP Connections via IPID Hash Collisions (PETS’19) 15:10-16:10pm February 27, 2020seminar @ zoom, Tsinghua University, Beijing Presenters: Fenglu Zhang .Abstract:描述了一种新的基于侧信道的TCP连接检测方案。