Jianwei Zhuge

Jianwei Zhuge

PKU->THU

Jianwei Zhuge (诸葛建伟)

Associate Research Professor
FIT 4-204, Tsinghua University, Beijing, China 100084
zhugejw [at] tsinghua -dot- edu -dot- cn
zhugejw [at] cernet -dot- edu -dot- cn

Headline

I am looking for highly-motivated collaborators all the time.

Positions: visiting scholars, research assistants, master students, interns Topics: SCADA Security, IoT Security and Hardware Security. Email me if you are interested.

About

Dr. Jianwei Zhuge, Assoicate Research Professor in the Institute for Network Science and Cyberspace of Tsinghua University, Adjunt Research Scientist of Zhongguancun Laboratory. Co-Founder, Organizer and Sponsor Professor of the Blue-Lotus Team. Co-Founder, Organizer of the XCTF International League.

His research area is network and system security. He has published more than 80 academic papers, two books, and nearly ten translated books. Based on Google Scholar, his papers have been cited 1597 times, and the h-index of his publication is 19, as of Feb 2023. He is also a Senior Member of CCF.

Research Interests

  • Measurement and Counter-Strike Mechanisms of Emerging Internet Threats
  • Collection, Analysis, Detection and Defense Techniques for Various forms of Malware
  • Software Vulnerability Analysis, Detection and Mitigation
  • SCADA and IoT Security

Education

  • Ph.D. in Computer Science, Peking University, China. 2001-2006. Advisor: Prof. Wang Xuan, Prof. Xiao Jianguo, Dissertation: Research on Technologies for Network Intrusion Detection and Behavior Correlation Analysis. With additional guidance from Prof. Yang Zhenkun, Prof. Pan Aimin, and Prof. Zou Wei.
  • B.S. in Computer Science, Peking University, China. 1997-2001.

Professional Experience

  • Associate Research Professor, Institute for Network Science and Cyberspace / BNRist, Tsinghua University; 2010 – present.
  • Adjunt Research Scientist, Zhongguancun Laboratory, China, 2022 - present.
  • Adjunt Ph.D. Advisor, School of Cyber Science and Engineering, Southeast University, China, 2019 – 2021.
  • Adjunt Professor, College of Compute Science, Haerbin Insitute of Technology, WeiHai, China, 2016 – 2018.
  • Associate Research Professor, Institute of Computer Science and Technology, Peking University, China, 2009 – 2010.
  • Assistant Research Professor, Institute of Computer Science and Technology, Peking University, China, 2006 – 2009.

Conference Papers

  • Guo, Minglei; Xiao, Zhenghang; Liu, Xin; Zhuge, Jianwei*. Discovering and Understanding the Security Flaws of Authentication and Authorization in IoT Cloud APIs for Smart Home. SecureComm 2023, October 19-21, 2023, Hong Kong SAR, China.

  • Wang, Yuxuan; Li, Yishen; Zhuge, Jianwei*. CV2XFuzzer: C-V2X Parsing Vulnerability Discovery System Based on Fuzzing. SecureComm 2023, October 19-21, 2023, Hong Kong SAR, China.

  • Xin Liu, Yuan Tan, Zhenghang Xiao, Jianwei Zhuge*, Rui Zhou. Not The End of Story: An Evaluation of ChatGPT-Driven Vulnerability Description Mappings. Findings of ACL 2023, Toronto, Canada.

  • Shangru Song, Hetian Shi, Ruoyu Lun, Yunchao Guan, Xiang Li, Jihu Zheng, Jianwei Zhuge*. Demo: Ransom Vehicle through Charging Pile. Symposium on Vehicles Security and Privacy (VehicleSec) 2023, co-located with NDSS 2023, 27 February 2023, San Diego, CA, USA.

  • Xin Liu, Yixiong Wu, Qingchen Yu, Shangru Song, Yue Liu, Qingguo Zhou, Jianwei Zhuge*. PG-VulNet: Detect Supply Chain Vulnerabilities in IoT Devices using Pseudo-code and Graphs, ESEM 2022, Helsinki, Finland, Sun 18 - Fri 23 September 2022.

  • Hao Wang, Wenjie Qu, Gilad Katz, Wenyu Zhu, Zeyu Gao, Han Qiu, Jianwei Zhuge, Chao Zhang*,jTrans: Jump-Aware Transformer for Binary Code Similarity Detection,ISSTA 2022, 18-22 July 2022, Online.

  • H. Xu, M. Yu, Y. Wang, Y. Liu, Q. Hou, Z. Ma, H. Duan, J. Zhuge*, B. Liu. Trampoline Over the Air: Breaking in IoT Devices Through MQTT Brokers. EuroS&P 2022, Genoa, Italy, June 6-10, 2022.

  • Yixiong Wu, Jianwei Zhuge*, Tingting Yin, Tianyi Li, Junmin Zhu, Guannan Guo, Yue Liu, Jianju Hu. From Exposed to Exploited: Drawing the Picture of Industrial Control Systems Security Status in the Internet Age, ICISSP 2021, Online, February 2021, 237-248.

  • Gengqian Zhou, Jianwei Zhuge*, Adapting to local conditions: Similarities and differences in anonymous online market between Chinese and English Speaking Communities, 11th EAI International Conference on Digital Forensics and Cyber Crime, ICDF2C 2020, Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 351 164-181.

  • Baozheng Liu , Chao Zhang* , Guang Gong , Yishun Zeng , Haifeng Ruan , Jianwei Zhuge* . FANS: Fuzzing Android Native System Services via Automated Interface Analysis, USENIX Security 2020.

  • Kun Yang, Hanqing Zhao, Chao Zhang, Jianwei Zhuge and Haixin Duan. Fuzzing IPC with Knowledge Inference. SRDS 2019. October 1-4.

  • Guannan Guo, Jianwei Zhuge*, Mengmeng Yang, Gengqian Zhou, Yixiong Wu. A Survey of Industrial Control System Devices on the Internet, The International Conference on Internet of Things, Embedded Systems and Communications (IINTEC 2018), Hammamet, Tunisia December 20-22, 2018.

  • Yukun Liu, Jianwei Zhuge*, and Chao Zhang. CBTracer: Continuously Building Datasets for Binary Vulnerability and ExploitResearch. AsiaCCS 1st Radical and Experiential Security Workshop, Incheon, Republic of Korea. 2018/6/4.

  • Kun Yang, Yuan Deng, Chao Zhang, Jianwei Zhuge, Haixin Duan. ICUFuzzer: Fuzzing ICU Library for Exploitable Bugs inMultiple Software. 21st Information Security Conference (ISC 2018). London(Guildford), UK. 9-12 Sep 2018.

  • Yang, Haiyu(#) ; Zhuge, Jianwei(*); Liu, Huiming; Liu, Wei, A TOOL FOR VOLATILE MEMORY ACQUISITION FROM ANDROID DEVICES, 12th IFIP WG 11.9 International Conference on Advances in Digital Forensics, 2016.

  • Kun Yang; Jianwei Zhuge (*); Yongke Wang; Lujue Zhou; Haixin Duan, Intent Fuzzer: Detecting Capability Leaks of Android Applications, ACM Symposium on Information, Computer and Communications Security(AsiaCCS) 2014., 2014.6.4-2014.6.8.

  • Yinzhi Cao; Xiang Pan; Yan Chen; Jianwei Zhuge, JShield: Towards Real-time and Vulnerability-based Detection of Polluted Drive-by Download Attacks, Annual Computer Security Applications Conference (ACSAC), 2014. 12.8-2014.12.10.

  • X. Lu(#) ; J. Zhuge(*); R. Wang; Y. Cao; Y. Chen, De-obfuscation and Detection of Malicious PDF Files with High Accuracy, HICSS-46 Forensics Analysis Track, 2013.1.7-2013.1.10.

  • J. Zhuge*, L. Gu, H. Duan, Investigating China’s Online Underground Economy. Conference on the Political Economy of Information Security in China, San Diego, US, Apr, 2012.

  • Z. Chen, G. Gu, J. Zhuge, J. Nazario, X. Han, WebPatrol: Automated Collection and Replay of Web-based Malware Scenarios, to appear inProceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS’11) , HongKong, China, March 2011.

  • C. Song, J. Zhuge*, X. Han, Z. Ye, Preventing Drive-by Download via Inter-Module Communication Monitoring, In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS’10) , Beijing, China, Apr 2010. (full paper accept ratio: 25/166 = 15%)

  • C. Song, C. Qin, J. Zhuge*, et al, MwSandbox: On Improving the Efficiency of Automated Coarse-grained Dynamic Malware Analysis, Proceedings of the 14th Youth Conference on Communication, July 2009.

  • J. Zhuge*, T. Holz, C. Song, J. Guo, X. Han, and W. Zou. Studying Malicious Websites and the Underground Economy on the Chinese Web, In Proceedings of the 7th Workshop on the Economics of Information Security (WEIS’08), Hanover, NH, USA, June 2008.

  • J. Zhuge, Y. Zhou, J. Guo, et al. Malicious Websites on the Chinese Web: Overview and Case Study, 20th Annual FIRST Conference (FIRST’08), British Columbia, Canada, June 2008.

  • Y. Zhou, J. Zhuge*, et al. Matrix: a Distributed Honeynet and its Applications, 20th Annual FIRST Conference (FIRST’08), British Columbia, Canada, June 2008.

  • J. Zhuge*, T. Holz, X. Han, C. Song, and W. Zou. Collecting Autonomous Spreading Malware Using High-interaction Honeypots, In Proceedings of 9th International Conference on Information and Communications Security (ICICS’07), Zhengzhou, China, Lecture Notes in Computer Science 4861, 438~451. Dec 2007.

  • J. Zhuge*, X. Han, Y. Chen, Z. Ye, and W. Zou. Towards High Level Attack Scenario Graph through Honeynet Data Correlation Analysis, In Proceedings of the 7th IEEE Workshop on Information Assurance (IAW’06), West Point, New York, USA, 2006.

  • J. Zhuge, and R. Yao*. Security Mechanisms for Wireless Home Network, In Proceedings of IEEE Global Telecommunications Conference 2003 (GLOBECOM’03), Vol. 3, pp. 1527-1531, San Francisco, USA, 2003.

Journal Papers in English

  • Miao Yu, Jianwei Zhuge*, Ming Cao, Zhiwei Shi, and Lin Jiang. A Survey of Security Vulnerability Analysis, Discovery, Detection, and Mitigation on IoT Devices. Future Internet 2020, 12(2), 27; https://doi.org/10.3390/fi12020027.

  • Gengqian Zhou, Jianwei Zhuge*, Yunqian, Fan, Kun Du, Shuqiang Lu. A Market in Dream: The Rapid Development of Anonymous Cybercrime, Mobile Networks and Applications, 2020, 25(4). (SCI IF: 2.497)

  • YUAN WEI, SENLIN LUO, JIANWEI ZHUGE, JING GAO, ENNAN ZHENG, BO LI, LIMIN PAN. ARG: Automatic ROP chains Generation, IEEE Access ( Volume: 7 ): 120152 - 120163. 2019. (SCI IF: 4.098).

Selected Journal Papers in Chinese

  • J Zhuge, X Han, Y Zhou, Z Ye, W Zou, Research and development of botnets, Journal of Software 19 (3), 2008.
  • JW ZHUGE, DW WANG, Y Chen, ZY YE, W ZOU, A network anomaly detector based on the DS evidence theory, Journal of software 17 (3), 463-471,2006.
  • J Jiang, JW Zhuge, HX Duan, JP Wu, Research on botnet mechanisms and defenses, Journal of Software 23 (1), 82-96, 2012.
  • J Zhuge, X Han, Y Zhou, C Song, J Guo, W Zou, HoneyBow: An automated malware collection tool based on the high-interaction honeypot principle, JOURNAL-CHINA INSTITUTE OF COMMUNICATIONS 28 (12), 8, 2007.
  • JW Zhuge, XH Han, ZY Ye, W Zou, Network attack plan recognition algorithm based on the extended goal graph, Chinese Journal of Computers 29 (8), 1356-1366, 2006.
  • S Li, JW Zhuge, X Li, Study on BGP security, Journal of Software 24 (1), 121-138, 2013.
  • JW Zhuge, Y Tang, XH Han, HX Duan, Honeypot technology research and application, Journal of Software 24 (4), 825-842, 2013.
  • X Han, J Guo, Y Zhou, J Zhuge, W Zou, Investigation on the botnets activities, JOURNAL-CHINA INSTITUTE OF COMMUNICATIONS 28 (12), 167, 2007.
  • J ZHUGE, H XU, A PAN, An Attack Knowledge Model Based on Object-Oriented Technology [J], Journal of Computer Research and Development 41 (7), 1110-1116, 2004.

Other Publications in Chinese

  • Yan Ming, Zhou Ming, Liu Quan, Zhuge Jianwei, Zhou Qinggen, et,al. National Occupational Skills Standards - Information Security Tester (Occupational Code 4-04-04-04), 2021 Edition. Download the Standard in Chinese

  • Jianwei Zhuge, On the origin of Zhuge’s clan by the method of historical geography, The 25th National Zhuge Liang Academic Symposium, Xiangyang, Hubei, China, Nov 7, 2019. Download Paper in Chinese

  • Jianwei Zhuge, The Evolution of the Official System in the Han and Jin Dynasties and the Research on Officials of the Zhuge Clan, Ruian History Society WeChat Public Account Ruian Humanities,Feb 28, 2023. Full Article in Chinese.

Teaching

  • Advaced Cyber Attack & Defense Practice, for graduated students of Insitute for Networking Science and Cyberspace, Tsinghua University, Summer Semester Since 2019.
  • Pratical Malware Analysis, for graduated students of Insitute for Networking Science and Cyberspace, Tsinghua University, Fall Semester 2017.
  • Cyber Attack & Defense Practice, for undergraduate students of CS, Tsinghua University, Summer Semester from 2015 to 2018.
  • Network Security Engineering and Practice, for undergraduate students of CS, Tsinghua University, Fall Semester from 2011 to 2013.
  • Computer Network Security Technology and Practice, for graduated students of CS, Tsinghua University, Spring Semester from 2011 to 2013.
  • SRT (Student Research Training) Course for undergraduate students, Tsinghua University, from 2011 to present.
  • Network Hacking and Defense: Technology and Practice, for graduated students of EECS, Peking University, Fall Semester from 2008 to 2010.
  • Research Course for undergraduate students, EECS, Yuanpei, and Other departments of Peking University.

Academic/Open Source/Contest Activities

  • Book Reviewer: PHEI Press, Science Press, Since 2011.

  • Editor of ACM China Magazine, From 2014 to 2017. 《Future Internet》Special Issue Co-Guest Editor 2013.

  • WWW 2012 Security, Privacy, Trust, and Abuse Track, AsiaCCS SESP 2013,VARA 2015-2018,OS2ATC 2014-2015 PC Member.

  • Paper Reviewer: TDSC, Computer Networks, NWSC, TKDE, Chinese Journal of Electronics, Chinese Journal of Computer, Journal on Communications, NOMS 2016,APNOMS 2015, HICSS 2013, OSDA 2013, HICSS 46, CCFICoC’12, NetSec’12, etc.

  • The Honeynet Project Full Member, Chinese Chapter Leader. Since 2006.

  • Google Summer of Code 2009, 2010, 2012 Mentor, 2011 Org Admin.

  • Technical Committee Chair, Co-Founder of XCTF International League, Since 2015.

  • Judge of GeekPwn Since 2014, Judge of Tianfu Cup, WangDing Cup, QiangWang Since 2018, Judge of Butian Cup Since 2020.

  • Technical Committee Member/Judge of National College Students Information Security Competition Innovation Practice Competition, Since 2018.

Awards and Honors

  • Student Hacking Competition Awards (as Advisor of Blue-Lotus, RedBud, TQL, etc.)
  • First Prize of Science and Technology Award of China Society of Communications, 2022.(National, honored by China Society of Communications)
  • CVVD Security Expert Outstanding Contribution Award, 2022 (National, honored by National Intelligent Connected Vehicle Innovation Center.)
  • Cyber Security Man of the Year, 2017, WitAwards (National, honored by Freebuf.)
  • Hacker’s Hero Award, 2017, Baidu.
  • Best Book Author Award, 2014, 2018, PHIE Press.
  • Best Book Author/Translator Award, 2016, China Machine Press.
  • Achievement Conversion Award, 2014, Tencent-Tsinghua Joint Lab.
  • IBM Ph.D. Fellowship, 2005 (worldwide, honored by IBM Corp.)
  • Microsoft Research Asia Fellowship, 2004 (Asia Pacific-wide, honored by MSRA)
  • The HP Chinese Excellent Student Scholarship, 2003 (nationwide, honored by HP China)