姓名:段海新

职称:教授

电话:+86-10-62603220

邮箱:duanhx@tsinghua.edu.cn

实验室主页:http://netsec.ccert.edu.cn

教育背景

工学博士 (计算机系统结构), 清华大学, 中国,2001

工学硕士 (计算机系统结构), 哈尔滨工业大学, 中国, 1998

工学学士 (计算机科学与技术),哈尔滨工业大学,中国, 1996

社会兼职

哈尔滨工业大学(威海)客座教授

中国网络空间安全协会理事

中国互联网协会安全工作委员会委员

中国密码学会安全协议专委会委员

担任ACM CCS,  ACM AsiaCCS,IEEE DSC, IEEE ICICS,ESORICS, SECURECOMM, SecDev等多个国际学术会议TPC成员

研究领域

网络安全

网络测量

入侵检测

漏洞挖掘

物联网安全

互联网治理

研究概况

      在网络安全领域进行了20多年研究,成果在国际网络安全学术界和工业界有广泛的影响力。近年来在国际网络安全领域四大顶级学术会议(Security&Privacy、USENIX Security、NDSS和CSS)上连续发表多篇论文,并获NDSS 2016年杰出论文奖。研究成果在工业界广泛应用,并推动了工业界安全产品和标准的升级,2016年获中央网信办组织的首届“网络安全优秀人才奖”。

近年来,带领团队在网络基础设施安全、端到端协议安全、地下经济和网络犯罪检测等方面取得的重点研究成果包括:

1. 网络基础设施安全:发现了互联网基础设施的系列安全漏洞,提出的解决方案被国际工业界广泛采纳,提高了互联网基础设施的安全。其中包括1)发现了幽灵域名(Ghost Domain)等DNS协议设计漏洞并提出了解决方案,在工业界普遍部署,提高了DNS服务的安全性。2)提出内容分发网络(CDN)系统设计缺陷和转发循环攻击,可导致大规模网络瘫痪,并提出了解决方案,在世界学术和工业界引起了普遍重视,提高了CDN的安全性。研究成果获得四大国际安全顶级会议NDSS 2016杰出论文奖,这是中国学者在国际顶级安全会议上获得的第一个最佳论文奖。

2. 端到端协议安全:发现了端到端协议在现实中间盒子网络中存在的系列安全漏洞并提出了解决方案,促进了主流浏览器、内容分发网络(CDN)等产品和协议标准的更新,提高了网络通信协议的安全。重点包括:1)发现中间盒子在HTTP协议实现中的歧义漏洞可致严重攻击,并提出了解决方案,提高了主流CDN、防火墙产品和开源软件的安全。研究成果促进工业界相关厂商改进设计,提高了网络安全产品的安全,引起了世界IT媒体的广泛重视。2) 发现HTTPS中Cookie完整性问题的严重危害和解决方案,推动了Google等厂商和IETF国际标准组织提高了浏览器和标准的安全。研究成果引起了相关产业和媒体的广泛关注。3)提出了HTTPS在CDN授权服务中的安全问题及解决方案,推动了学术和工业界的深入研究并推动了国际标准的制定和更新。该研究引起了工业界主流CDN厂商的广泛关注和进一步研究,并推动IETF开始研究新的安全标准。

3. 地下经济和网络犯罪检测:用自动化的方法大规模检测网络犯罪相关的地下经济,检测结果应用于百度等互联网企业,净化了网络空间。重点包括:1)提出了“蜘蛛池”检测方法,并部署到百度相关产品,净化了搜索结果。2)提出了地下经济中“黑词”的自动化检测方法并部署在百度搜索引擎,净化了搜索结果。
       作为联合创始人创建了网络安全攻防战队“蓝莲花”、网络安全国际学术交流组织 “网络安全研究国际学术论坛(InForSec)”,通过组织学术报告、安全竞赛等形式,促进了实战型和创新型网络安全人才的培养,促进了国内外、学术和工业界的学术和技术交流。

奖励与荣誉

中央网信办首届“网络安全优秀人才”奖
国际顶级安全学术会议NDSS 2016杰出论文奖

学术成果

会议论文
[1]
Daiping Liu, Zhou Li, Kun Du, Haining Wang, Baojun Liu, Haixin Duan.  Don’t Let One Rotten Apple Spoil the Whole Barrel: Towards Automated Detection of Shadowed Domains,  ACM CCS 2017

[2] Hao Yang, Xiulin Ma, Kun Du, Zhou Li, Haixin Duan*, Xiaodong Su, Guang Liu, Zhifeng Geng, and Jianping Wu. How to Learn Klingon Without a Dictionary: Detection and Measurement of Black Keywords Used by the Underground Economy , IEEE Symposium on Security & Privacy, 2017

[3] Jianjun Chen, Jian Jiang, Haixin Duan, Nick Weaver, Tao Wan, Vern Paxson. Host of Troubles: Multiple Host Ambiguities in HTTP Implementations, CCS 2016

[4] Wei Liu, Yueqian Zhang, Zhou Li, Haixin Duan.  What You See Isn't Always What You Get: A Measurement Study of Usage Fraud on Android Apps. The 6th Workshop on Security and Privacy in Smartphones and Mobile Devices(SPSM). 2016

[5] Kun Du, Hao Yang, Zhou Li, Haixin Duan(*), Kehuan Zhang. The Ever-changing Labyrinth: A Large-scale Analysis of Wildcard DNS Powered Blackhat SEO, Accepted by USENIX Security 2016

[6] Xiaojing Liao,Kan Yuan, Xiaofeng Wang(*), Zhongyu Pei,Hao Yang, Jianjun Chen, Haixin Duan(*), Kun Du, Eihal Alowaisheq, Sumayah Alrwais, Luyi Xing, Raheem Beyah, Seeking Nonsense, Looking for Trouble: Efficient Promotional­ Infection Detection through Semantic Inconsistency Search, IEEE Symposium on Security & Privacy, San Jose, California. May 23-26, 2016 

[7] Jianjun Chen, Jian Jiang, Xiaofeng Zheng, Haixin Duan(*), Jinjin Liang, Tao Wan, Kang Li, Vern Paxson, Forwarding-Loop Attacks in Content Delivery Networks, NDSS 2016, Distinguished Paper

[8] Song Li, Haixin Duan(*), Zhiliang Wang, and Xing Li, Route Leaks Identification by Detecting Routing Loops, SecureComm 2015(11th EAI International Conference on Security and Privacy in Communication Networks)

[9] Xiaofeng Zheng, Jian Jiang, Jinjin Liang, Haixin Duan(*), Shuo Chen, Tao Wan, Nicholas Weaver, Cookies lack integrity: real world implications, USENIX Security, 2015.

[10] Jinjin Liang, Jian Jiang, Haixin Duan(*), Kang Li, Tao Wan, Jianping Wu. “When HTTPS Meets CDN: A Case of Authentication in Delegated Service”, IEEE Symposium on Security & Privacy, 2014.

[11] Kun Yang, Lujue Zhou, Yongke Wang, Jianwei Zhuge and Haixin Duan(*). “IntentFuzzer: Detecting Capability Leaks of Android Applications”, AsiaCCS 2014

[12] H. Gao, V. Yegneswaran, Y. Chen, P. Porras, S. Ghosh, J. Jiang, and Haixin Duan, “An empirical reexamination of global DNS behavior”, SIGCOMM, 2013

[13] Jinjin Liang, Jian Jiang, Haixin Duan(*), Kang Li and Jianping Wu, Measuring Query Latency of Top Level DNS Servers, PAM (Passive and Active Measurement conference)2013, Hongkong

[14] Zheng, Ming; Wu, Jianping; Duan, Haixin(*); "Research on the anti-attack design principles of low-latency anonymous communication", 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2013

[15] J. Jian, L. Jinjin, L. Kang, L. Jun, D. Haixin(*), W. Jianping, Ghost Domain Names: Revoked Yet Still Resolvable, 19th Annual Network & Distributed System Security Symposium (NDSS), 2012

[16] Liu Wu, Duan Haixin(*), Ren Ping; "Cooperation-based trust model and its application in network security management”, Algorithms and Architectures for Parallel Processing(ICA3PP), 2011

[17] Ming Zheng, Haixin Duan(*); Jianping Wu; "Anonymous Communication over Invisible Mix” Rings,Algorithms and Architectures for Parallel Processing(ICA3PP), 2011

[18] Hou, Lei; Duan, Haixin(*); Wu, Jianping; “Scheduling peers based on credit construction period in peer-to-peer networks”, 14th IEEE International Conference on Parallel and Distributed Systems(ICPADS), 2008 

[19] L. Xing, D. Haixin(*), L. Xing, Identification of P2P traffic based on the content redistribution characteristic, Proc. International Symposium on Communications and Information Technologies (ISCIT), 2007

[20] Lu, Xing; Duan, Haixin(*); Li, Xing; "Identification of P2P traffic based on the content redistribution characteristic”, IEEE International Symposium on Communications and Information Technologies(ISCIT), 2007

[21] W. Lanjia, D. Haixin(*), L. Xing, Port scan behavior diagnosis by clustering, Proceedings of the 7th international conference on Information and Communications Security (ICICS), 2005

[22] Chang-Ji, WANG; Jian-ping, Wu; Hai-Xin, DUAN(*); "Using attribute certificate to design role-based access control”, IEEE Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies(PDCAT), 2003

[23] Haixin, Duan(*); Jianping, Wu; Xing, Li; "Policy based access control framework for large networks”, IEEE International Conference on Networks (ICON), 2000

[24] Duan, Haixin(*); Wu, Jianping; "Security management for large computer networks”, Fifth Asia Pacific Conference on Communications (APCC) 1999

期刊论文
[1] Yi GUO, Haixin DUAN, Liancheng ZHANG, Han QIU, A threat perception method for inter-domain routing system based on weighted similarity.  SCIENTIA SINICA Informationis, 2017/3/22

[2] Y Guo, H Duan, J Chen, F Miao. MAF-SAM: An effective method to perceive data plane threats of inter domain routing system. Computer Networks Volume 110 Issue C, December 2016 Pages 133-153

[3] Hongyu Gao, Vinod Yegneswaran, Jian Jiang, Yan Chen, Member, IEEE, Phillip Porras, Shalini Ghosh, Haixin Duan, “Reexamining DNS from a Global Recursive Resolver Perspective”, IEEE/ACM TRANSACTIONS ON NETWORKING, Vol. 26, Issue 1, 2016

[4] Hongyu Gao, Vinod Yegneswaran, Yan Chen, Phillip Porras, Shalini Ghosh, Jian Jiang, Haixin Duan.  “An empirical reexamination of global DNS behavior”, ACM SIGCOMM Computer Communication Review(CCR), Vol. 43, Issue 4, 2013

[5] JIANG, Jian; ZHUGE, Jian-Wei; DUAN, Hai-Xin(*); WU, Jian-Ping; "Research on Botnet Mechanisms and Defenses”, Journal of Software, 2012

[6] Jia Zhang, Haixin Duan(*), Wu Liu, Jianping Wu, “Anonymity analysis of P2P anonymous communication systems”. Computer Communications, Vol 34, Issue 3. 2011

[7] Z. Jia, D. Haixin(*), L. Wu, W. Jianping WindTalker: A P2P-Based Low-Latency Anonymous Communication Network, IEICE Transactions on Communications, VOL. E92-B, NO.10, pp. 3183–3194, 2009

[8] Tran, Quang-Anh; Li, Xing; Duan, Haixin; "Efficient performance estimate for one-class support vector machine”, Pattern Recognition Letters, Vol.26, Issue 8,1174-1182,2005

[9] Yang, Jiahai; Duan, Haixin(*); Wu, Jianping; Li, Xing; "Thresholds: workflow oriented network management: a web/java approach”, Journal of Network and Systems Management,Vol.12, Issue 4,p431-439,2004

[10] Yang, Jiahai; Duan, Haixin(*); Wu, Jianping; Li, Xing; Boavida, Fernando; Paik, EK; Cho, H; Choi, Y; Yi, Zhang; Yong, Zhang; "Forthcoming Contributions,Journal of Network and Systems Management”, Vol.12, Issue 3, 2004

[11] Duan, HX; WU, Jianping(*); "An Entity Security Architecture for Computer Networks”, CHINESE JOURNAL OF COMPUTERS-CHINESE EDITION, Vol. 24, Issue 8, p853-859,2001

[12] Duan, Haixin; Yang, Jiahai(*); Wu, Jianping; "Design and implementation of a network management system based on Web and database”, Journal of Software, Vol. 11, Issue 4, pp468-472,2000