Jianwei Zhuge (诸葛建伟)
FIT 4-204, Tsinghua University, Beijing, China 100084
zhugejw [at] tsinghua -dot- edu -dot- cn
Headline
I am looking for highly-motivated collaborators all the time.
Positions: visiting scholars, research assistants, master students, interns Topics: SCADA Security, IoT Security and Hardware Security. Email me if you are interested.
About
Dr. Jianwei Zhuge, Assoicate Research Professor in the Institute for Network Science and Cyberspace of Tsinghua University, Adjunt Research Scientist of Zhongguancun Laboratory. Co-Founder, Organizer and Sponsor Professor of the Blue-Lotus Team. Co-Founder, Organizer of the XCTF International League.
His research area is network and system security. He has published more than 100 academic papers, two books, and nearly ten translated books. Based on Google Scholar, his papers have been cited 1869 times, and the h-index of his publication is 22, as of Aug 2023. He is also a Distinguished Member of CCF.
Research Interests
- Measurement and Counter-Strike Mechanisms of Emerging Internet Threats
- Collection, Analysis, Detection and Defense Techniques for Various forms of Malware
- Software Vulnerability Analysis, Detection and Mitigation
- SCADA and IoT Security
Education
- Ph.D. in Computer Science, Peking University, China. 2001-2006. Advisor: Prof. Wang Xuan, Prof. Xiao Jianguo, Dissertation: Research on Technologies for Network Intrusion Detection and Behavior Correlation Analysis. With additional guidance from Prof. Yang Zhenkun, Prof. Pan Aimin, and Prof. Zou Wei.
- B.S. in Computer Science, Peking University, China. 1997-2001.
Professional Experience
- Associate Research Professor, Institute for Network Science and Cyberspace / BNRist, Tsinghua University; 2010 – present.
- Adjunt Research Scientist, Zhongguancun Laboratory, China, 2022 - present.
- Adjunt Ph.D. Advisor, School of Cyber Science and Engineering, Southeast University, China, 2019 – 2021.
- Adjunt Professor, College of Compute Science, Haerbin Insitute of Technology, WeiHai, China, 2016 – 2018.
- Associate Research Professor, Institute of Computer Science and Technology, Peking University, China, 2009 – 2010.
- Assistant Research Professor, Institute of Computer Science and Technology, Peking University, China, 2006 – 2009.
Conference Papers
- Yi He and Yunchao Guan(Co-first author), Ruoyu Lun, Shangru Song, Zhihao Guo, Jianwei Zhuge*, Jianjun Chen, Qiang Wei, Zehui Wu, Miao Yu, Hetian Shi, Qi Li. Demystifying the Security Implications in IoT Device Rental Services, USENIX Security 2024. (to appear)
- Jiahe Zhang, Jianjun Chen, Qi Wang, Hangyu Zhang, Chuhan Wang, Jianwei Zhuge, Haixin Duan, Inbox Invasion: Exploiting MIME Ambiguities to Evade Email Attachment Detectors. 31th ACM Conference on Computer and Communications Security: CCS 2024 (to appear).
- Hetian Shi, Yi He, Qing Wang, Jianwei Zhuge*, Qi Li, Xin Liu. Laser-Based Command Injection Attacks on Voice-Controlled Microphone Arrays. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2024(2), 654-676. CHES 2024. (to appear)
- Hetian Shi, Shangru Song, Jianwei Zhuge*, Xin Liu. Poster: Advanced Ultrasonic Jamming Technology for Privacy Protection: Dynamic Inter-modulation Modulation (DIM), IEEE S&P 2024.
- Guo, Minglei; Xiao, Zhenghang; Liu, Xin; Zhuge, Jianwei*. Discovering and Understanding the Security Flaws of Authentication and Authorization in IoT Cloud APIs for Smart Home. SecureComm 2023, October 19-21, 2023, Hong Kong SAR, China.
- Wang, Yuxuan; Li, Yishen; Zheng, Jihu; Zhuge, Jianwei*. CV2XFuzzer: C-V2X Parsing Vulnerability Discovery System Based on Fuzzing. SecureComm 2023, October 19-21, 2023, Hong Kong SAR, China.
- Xin Liu, Yuan Tan, Zhenghang Xiao, Jianwei Zhuge*, Rui Zhou. Not The End of Story: An Evaluation of ChatGPT-Driven Vulnerability Description Mappings. ACL 2023, Toronto, Canada.
- Shangru Song, Hetian Shi, Ruoyu Lun, Yunchao Guan, Xiang Li, Jihu Zheng, Jianwei Zhuge*. Demo: Ransom Vehicle through Charging Pile. Symposium on Vehicles Security and Privacy (VehicleSec) 2023, co-located with NDSS 2023, 27 February 2023, San Diego, CA, USA.
- Xin Liu, Yixiong Wu, Qingchen Yu, Shangru Song, Yue Liu, Qingguo Zhou, Jianwei Zhuge*. PG-VulNet: Detect Supply Chain Vulnerabilities in IoT Devices using Pseudo-code and Graphs, ESEM 2022, Helsinki, Finland, Sun 18 - Fri 23 September 2022.
- Hao Wang, Wenjie Qu, Gilad Katz, Wenyu Zhu, Zeyu Gao, Han Qiu, Jianwei Zhuge, Chao Zhang*,jTrans: Jump-Aware Transformer for Binary Code Similarity Detection,ISSTA 2022, 18-22 July 2022, Online.
- H. Xu, M. Yu, Y. Wang, Y. Liu, Q. Hou, Z. Ma, H. Duan, J. Zhuge*, B. Liu. Trampoline Over the Air: Breaking in IoT Devices Through MQTT Brokers. EuroS&P 2022, Genoa, Italy, June 6-10, 2022.
- Yixiong Wu, Jianwei Zhuge*, Tingting Yin, Tianyi Li, Junmin Zhu, Guannan Guo, Yue Liu, Jianju Hu. From Exposed to Exploited: Drawing the Picture of Industrial Control Systems Security Status in the Internet Age, ICISSP 2021, Online, February 2021, 237-248.
- Gengqian Zhou, Jianwei Zhuge*, Adapting to local conditions: Similarities and differences in anonymous online market between Chinese and English Speaking Communities, 11th EAI International Conference on Digital Forensics and Cyber Crime, ICDF2C 2020, Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 351 164-181.
- Baozheng Liu , Chao Zhang* , Guang Gong , Yishun Zeng , Haifeng Ruan , Jianwei Zhuge* . FANS: Fuzzing Android Native System Services via Automated Interface Analysis, USENIX Security 2020.
- Kun Yang, Hanqing Zhao, Chao Zhang, Jianwei Zhuge and Haixin Duan. Fuzzing IPC with Knowledge Inference. SRDS 2019. October 1-4.
- Guannan Guo, Jianwei Zhuge*, Mengmeng Yang, Gengqian Zhou, Yixiong Wu. A Survey of Industrial Control System Devices on the Internet, The International Conference on Internet of Things, Embedded Systems and Communications (IINTEC 2018), Hammamet, Tunisia December 20-22, 2018.
- Yukun Liu, Jianwei Zhuge*, and Chao Zhang. CBTracer: Continuously Building Datasets for Binary Vulnerability and ExploitResearch. AsiaCCS 1st Radical and Experiential Security Workshop, Incheon, Republic of Korea. 2018/6/4.
- Kun Yang, Yuan Deng, Chao Zhang, Jianwei Zhuge, Haixin Duan. ICUFuzzer: Fuzzing ICU Library for Exploitable Bugs inMultiple Software. 21st Information Security Conference (ISC 2018). London(Guildford), UK. 9-12 Sep 2018.
- Yang, Haiyu(#) ; Zhuge, Jianwei(*); Liu, Huiming; Liu, Wei, A TOOL FOR VOLATILE MEMORY ACQUISITION FROM ANDROID DEVICES, 12th IFIP WG 11.9 International Conference on Advances in Digital Forensics, 2016.
- Kun Yang; Jianwei Zhuge (*); Yongke Wang; Lujue Zhou; Haixin Duan, Intent Fuzzer: Detecting Capability Leaks of Android Applications, ACM Symposium on Information, Computer and Communications Security(AsiaCCS) 2014., 2014.6.4-2014.6.8.
- Wang, Yongke; Zhuge, Jianwei; Sun, Donghong; Liu, Wu; Li, Fenghua* , ActivityFuzzer: Detecting the Security Vulnerabilities of Android Activity Components, SMTA 2015, 262-267.
- Yinzhi Cao; Xiang Pan; Yan Chen; Jianwei Zhuge, JShield: Towards Real-time and Vulnerability-based Detection of Polluted Drive-by Download Attacks, Annual Computer Security Applications Conference (ACSAC), 2014. 12.8-2014.12.10.
- Y Hou, JW Zhuge*, D Xin, W Feng. SBE− A Precise Shellcode Detection Engine Based on Emulation and Support Vector Machine, International Conference on Information Security Practice and Experience, Volume 8434 LNCS, Pages 159-171, 2014.
- X. Lu(#) ; J. Zhuge(*); R. Wang; Y. Cao; Y. Chen, De-obfuscation and Detection of Malicious PDF Files with High Accuracy, HICSS-46 Forensics Analysis Track, 2013.1.7-2013.1.10.
- J. Zhuge*, L. Gu, H. Duan, Investigating China’s Online Underground Economy. Conference on the Political Economy of Information Security in China, San Diego, US, Apr, 2012.
- Z. Chen, G. Gu, J. Zhuge, J. Nazario, X. Han, WebPatrol: Automated Collection and Replay of Web-based Malware Scenarios, to appear inProceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS’11) , HongKong, China, March 2011.
- C. Song, J. Zhuge*, X. Han, Z. Ye, Preventing Drive-by Download via Inter-Module Communication Monitoring, In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS’10) , Beijing, China, Apr 2010. (full paper accept ratio: 25/166 = 15%)
- C. Song, C. Qin, J. Zhuge*, et al, MwSandbox: On Improving the Efficiency of Automated Coarse-grained Dynamic Malware Analysis, Proceedings of the 14th Youth Conference on Communication, July 2009.
- J. Zhuge*, T. Holz, C. Song, J. Guo, X. Han, and W. Zou. Studying Malicious Websites and the Underground Economy on the Chinese Web, In Proceedings of the 7th Workshop on the Economics of Information Security (WEIS’08), Hanover, NH, USA, June 2008.
- J. Zhuge, Y. Zhou, J. Guo, et al. Malicious Websites on the Chinese Web: Overview and Case Study, 20th Annual FIRST Conference (FIRST’08), British Columbia, Canada, June 2008.
- Y. Zhou, J. Zhuge*, et al. Matrix: a Distributed Honeynet and its Applications, 20th Annual FIRST Conference (FIRST’08), British Columbia, Canada, June 2008.
- J. Zhuge*, T. Holz, X. Han, C. Song, and W. Zou. Collecting Autonomous Spreading Malware Using High-interaction Honeypots, In Proceedings of 9th International Conference on Information and Communications Security (ICICS’07), Zhengzhou, China, Lecture Notes in Computer Science 4861, 438~451. Dec 2007.
- J. Zhuge*, X. Han, Y. Chen, Z. Ye, and W. Zou. Towards High Level Attack Scenario Graph through Honeynet Data Correlation Analysis, In Proceedings of the 7th IEEE Workshop on Information Assurance (IAW’06), West Point, New York, USA, 2006.
- J. Zhuge, and R. Yao*. Security Mechanisms for Wireless Home Network, In Proceedings of IEEE Global Telecommunications Conference 2003 (GLOBECOM’03), Vol. 3, pp. 1527-1531, San Francisco, USA, 2003.
Journal Papers in English
Qingchen Yu, Xin Liu, Qingguo Zhou, Jianwei Zhuge, Chunming Wu*, Code classification with graph neural networks: Have you ever struggled to make it work? Expert Systems with Applications, Volume 233, 15 December 2023.https://doi.org/10.1016/j.eswa.2023.120978.
Miao Yu, Jianwei Zhuge*, Ming Cao, Zhiwei Shi, and Lin Jiang. A Survey of Security Vulnerability Analysis, Discovery, Detection, and Mitigation on IoT Devices. Future Internet 2020, 12(2), 27; https://doi.org/10.3390/fi12020027.
Gengqian Zhou, Jianwei Zhuge*, Yunqian, Fan, Kun Du, Shuqiang Lu. A Market in Dream: The Rapid Development of Anonymous Cybercrime, Mobile Networks and Applications, 2020, 25(4). (SCI IF: 2.497)
YUAN WEI, SENLIN LUO, JIANWEI ZHUGE, JING GAO, ENNAN ZHENG, BO LI, LIMIN PAN. ARG: Automatic ROP chains Generation, IEEE Access ( Volume: 7 ): 120152 - 120163. 2019. (SCI IF: 4.098).
Selected Journal Papers in Chinese
- JW Zhuge, Y Tang, XH Han, HX Duan, Honeypot technology research and application, Journal of Software 24 (4), 825-842, 2013.
- J Jiang, JW Zhuge*, HX Duan, JP Wu, Research on botnet mechanisms and defenses, Journal of Software 23 (1), 82-96, 2012.
- S Li, JW Zhuge*, X Li, Study on BGP security, Journal of Software 24 (1), 121-138, 2013.
- X Han, X Gong, J Zhuge, L Zou, W Zou*,Detection of drive-by downloads based on the frequent embedded subtree pattern-mining algorithm,Journal of Tsinghua University Science and Technology,2011.
- J Zhuge*, X Han, Y Zhou, Z Ye, W Zou, Research and development of botnets, Journal of Software 19 (3), 2008.
- X Han, J Guo, Y Zhou, J Zhuge, W Zou, Investigation on the botnets activities, JOURNAL-CHINA INSTITUTE OF COMMUNICATIONS 28 (12), 167, 2007.
- J Zhuge, X Han, Y Zhou, C Song, J Guo, W Zou, HoneyBow: An automated malware collection tool based on the high-interaction honeypot principle, JOURNAL-CHINA INSTITUTE OF COMMUNICATIONS 28 (12), 8, 2007.
- JW Zhuge*, XH Han, ZY Ye, W Zou, Network attack plan recognition algorithm based on the extended goal graph, Chinese Journal of Computers 29 (8), 1356-1366, 2006.
- JW ZHUGE, DW WANG, Y Chen, ZY YE, W ZOU, A network anomaly detector based on the DS evidence theory, Journal of software 17 (3), 463-471,2006.
- J ZHUGE, H XU, A PAN, An Attack Knowledge Model Based on Object-Oriented Technology [J], Journal of Computer Research and Development 41 (7), 1110-1116, 2004.
Other Publications in Chinese
- Yan Ming, Zhou Ming, Liu Quan, Zhuge Jianwei, Zhou Qinggen, et,al. National Occupational Skills Standards - Information Security Tester (Occupational Code 4-04-04-04), 2021 Edition. Download the Standard in Chinese
Jianwei Zhuge, On the origin of Zhuge’s clan by the method of historical geography, The 25th National Zhuge Liang Academic Symposium, Xiangyang, Hubei, China, Nov 7, 2019. Download Paper in Chinese
- Jianwei Zhuge, The Evolution of the Official System in the Han and Jin Dynasties and the Research on Officials of the Zhuge Clan, Ruian History Society WeChat Public Account Ruian Humanities,Feb 28, 2023. Full Article in Chinese.
Books
- Book Chapter: Yixiong Wu, Shangru Song, Jianwei Zhuge*, Tingting Yin, Tianyi Li, Junmin Zhu, Guannan Guo, Yue Liu, Jianju Hu. ICScope: Detecting and Measuring Vulnerable ICS Devices Exposed on the Internet, In: Mori, P., Lenzini, G., Furnell, S. (eds) Information Systems Security and Privacy. ICISSP 2021 2022 (revised selected papers). Communications in Computer and Information Science, vol 1851. Springer, Cham. https://doi.org/10.1007/978-3-031-37807-2_1, First Online: 11 July 2023.
- Book Chapter: J. Zhuge*, L. Gu, H. Duan, T. Reberts, Investigating China’s Online Underground Economy. In: China and Cybersecurity: Understanding the Political, Economic, and Strategic Dimensions, Oxford University Press, 2015.
- Book Chapter: J. Zhuge*, T. Holz, C. Song, J. Guo, X. Han, and W. Zou. Studying Malicious Websites and the Underground Economy on the Chinese Web, In: Managing Information Risk and the Economics of Security”, Springer 2009.
- Zhuge Jianwei. Network Attack and Defense Technology and Practice, (in Chinese), Electronic Industry Press, June 2011. Won the first prize for the National Excellent Textbook on Cryptography and Network Information Security.
- Zhuge Jianwei, Wang Heng, Sun Songbai and others translated. Metasploit Penetration Testing Guide, Electronic Industry Press, January 2012. Ranked 3rd among Dangdang Network Information Security Penetration Books in 2012.
- Zhuge Jianwei, Chen Lin, Xu Weilin and others translated. Wireshark Packet Analysis in Practice (2nd Edition), People’s Posts and Telecommunications Press, March 2013. Ranked second in online book sales in China-pub sales list in 2013.
- Zhuge Jianwei, Chen Libo, Sun Songbai, Wang Heng, Tian Fan are waiting. Metasploit Penetration Test Devil Training Camp, Machinery Industry Press, September 2013. In 2013, Dangdang ranked first in the popularity list of new computer/network books.
- Zhuge Jianwei, Liang Zhiyi. Ghost In the Wires: The Autobiography of Mitnick, the World’s Number One Hacker, Electronic Industry Press, January 2014.
- Zhuge Jianwei, Jiang Hui and Zhang Guangkai. Malware analysis in practice, Electronic Industry Press, April 2014.
- Zhuge Jianwei, Yang Kun and Xiao Zihang. Android Security: Attacks and Defenses, People’s Posts and Telecommunications Press Turing Company, April 2015.
- Zhuge Jianwei organized and reviewed, Liu Huiming, and Liu Yue translated. Android Security Internals: An In-Depth Guide to Android’s Security Architecture, Electronic Industry Press, March 2016.
- Zhuge Jianwei, Wang Heng, Liu Yup and Liang Zhiyi translated. Kali Linux Revealed: Mastering the Penetration Testing Distribution. Electronic Industry Press, August 2018.
- Zhuge Jianwei, Lu Yuxiang, Zeng Haochen and others translated. Wireshark Packet Analysis in Practice (3rd Edition), People’s Posts and Telecommunications Press, March 2020.
Teaching
- Advaced Cyber Attack & Defense Practice, for graduated students of Insitute for Networking Science and Cyberspace, Tsinghua University, Summer Semester Since 2019.
- Pratical Malware Analysis, for graduated students of Insitute for Networking Science and Cyberspace, Tsinghua University, Fall Semester 2017.
- Cyber Attack & Defense Practice, for undergraduate students of CS, Tsinghua University, Summer Semester from 2015 to 2018.
- Network Security Engineering and Practice, for undergraduate students of CS, Tsinghua University, Fall Semester from 2011 to 2013.
- Computer Network Security Technology and Practice, for graduated students of CS, Tsinghua University, Spring Semester from 2011 to 2013.
- SRT (Student Research Training) Course for undergraduate students, Tsinghua University, from 2011 to present.
- Network Hacking and Defense: Technology and Practice, for graduated students of EECS, Peking University, Fall Semester from 2008 to 2010.
- Research Course for undergraduate students, EECS, Yuanpei, and Other departments of Peking University.
Academic/Open Source/Contest Activities
Book Reviewer: PHEI Press, Science Press, Since 2011.
Editor of ACM China Magazine, From 2014 to 2017. 《Future Internet》Special Issue Co-Guest Editor 2013.
WWW 2012 Security, Privacy, Trust, and Abuse Track, AsiaCCS SESP 2013,VARA 2015-2018,OS2ATC 2014-2015 PC Member.
Paper Reviewer: TDSC, Computer Networks, NWSC, TKDE, Chinese Journal of Electronics, Chinese Journal of Computer, Journal on Communications, NOMS 2016,APNOMS 2015, HICSS 2013, OSDA 2013, HICSS 46, CCFICoC’12, NetSec’12, etc.
The Honeynet Project Full Member, Chinese Chapter Leader. Since 2006.
Google Summer of Code 2009, 2010, 2012 Mentor, 2011 Org Admin.
Technical Committee Chair, Co-Founder of XCTF International League, Since 2015.
Judge of GeekPwn/GEEKCON Since 2014, Judge of Tianfu Cup, WangDing Cup, QiangWang Cup Since 2018, Judge of Butian Cup Since 2020, Judge of Tianwang Cup Since 2023, Judge of Matrix Cup Since 2024.
Technical Committee Member/Judge of National College Students Information Security Competition Innovation Practice Competition, Since 2018.
Awards and Honors
- Student Hacking Competition Awards (as Advisor of Blue-Lotus, RedBud, TQL, etc.)
- First Prize of Science and Technology Award of China Society of Communications, 2022.(National, honored by China Society of Communications)
- CVVD Security Expert Outstanding Contribution Award, 2022 (National, honored by National Intelligent Connected Vehicle Innovation Center.)
- Cyber Security Man of the Year, 2017, WitAwards (National, honored by Freebuf.)
- Hacker’s Hero Award, 2017, Baidu.
- Best Book Author Award, 2014, 2018, PHIE Press.
- Best Book Author/Translator Award, 2016, China Machine Press.
- Achievement Conversion Award, 2014, Tencent-Tsinghua Joint Lab.
- IBM Ph.D. Fellowship, 2005 (worldwide, honored by IBM Corp.)
- Microsoft Research Asia Fellowship, 2004 (Asia Pacific-wide, honored by MSRA)
- The HP Chinese Excellent Student Scholarship, 2003 (nationwide, honored by HP China)