Haixin Duan

Haixin Duan

Director of NISL

Haixin Duan (段海新)

Professor of the Institute for Network Sciences and Cyberspace, Tsinghua University.
Email: duanhx [AT] tsinghua dot edu dot cn
Office: FIT Building, Room 3-211, Tsinghua University.

Dr. Haixin Duan is a professor of the Institute for Network Sciences and Cyberspace, Tsinghua University. He was once a visiting scholar at UC Berkeley and a senior scientist of International Computer Science Institute(ICSI) at Berkeley, CA. Prof. Duan has been working on network security for about 30 years. His recent research interests include network protocol security, intrusion detection, underground economy detection and Internet Governance. Many of his research papers have been published by top security or network conferences like IEEE Symposium on Security & Privacy, USENIX Security, ACM CCS, NDSS, SIGCOMM and IMC. He got several best paper or distinguished paper awards from top security conferences including CCS, NDSS and DSN. Some of his research results were deployed in some big IT companies like Baidu, Huawei and Qi-An-Xin Group.

Research Interests

  • DNS Security: vulnerability analysis and measurements

  • Web Security and Web PKI: vulnerability analysis of HTTP/HTTPS, CDN and Browser security,

  • Intrusion detection & underground economy detection.

  • Network measurement.

Teaching

  • Network security fundamental, for undergraduates in Computer Department of Tsinghua University, 2003-present
  • Network and system Security, for graduate in Tsinghua University, 2005-2019
  • Network Protocol Security Analysis, for graduate in the Institute for Network Sciences and Cyberspace, 2019-present

Appointments

  • Professor, Network Research Center (now Institute for Network Science and Cyberspace) of Tsinghua University, Beijing, China, 2009–.
  • Visiting Scholar, hosted by Professor Vern Paxson in UC Berkeley, CA, USA. 2011–2012.
  • Senior Scientist, International Computer Science Institue, Berkeley, CA, USA. 2012 - 2013.
  • Associate Professor, Tsinghua University, 2003–2009.
  • Assistant Professor, Tsinghua University, 2001–2003.
  • Part time Research Assistant in CERNET NOC, Beijing. 1996–2000.

Education

  • Tsinghua University, Beijing, China Computer Science, Ph.D., 2000
  • Harbin Institute of Technology, Heilongjiang, China. Computer Science, M.S., 1996
  • Harbin Institute of Technology, Heilongjiang, China. Computer Science, B.S., 1994

Awards and Honors

Selected Professional Activities

  • Associate Editor-in-Chief, Transaction on Privacy and Security, 2020-present
  • PC Chari of SecureComm 2023, Hong Kong
  • PC member of EthiCS 2022 (The 1st International Workshop on Ethics in Computer Security)
  • PC member of ESORICS 2021 (the 26th European Symposium on Research in Computer Security (ESORICS))
  • PC member of ICDCS 2021 (41st IEEE International Conference on Distributed Computing Systems)
  • PC member of The Network and Distributed System Security (NDSS) Symposium.
  • PC member of ESORICS 2020 (The 25th European Symposium on Research in Computer Security)
  • PC member of ESORICS19 (European Symposium on Research in Computer Security 2019)
  • PC Member of The ACM Conference on Computer and Communications Security (CCS 2018)
  • PC member of ICICS 2018 (20th International Conference on Information and Communications Security)
  • PC member of DSC 2018 (2018 IEEE Conference on Dependable and Secure Computing)
  • PC member of ESORICS 2018 (23rd European Symposium on Research in Computer Security)
  • PC member of SafeThings 2017 (1st ACM Workshop on the Internet of Safe Things)
  • PC member of IEEEPAC2017 (The first IEEE Symposium on Privacy-Aware Computing)
  • PC member of ACM TUR-C 2017 (Security and Privacy Track) (1st ACM China Annual Conference Sigsac china)
  • PC member of ACSW 2017 (The Australiasian Computer Science Week Conference)
  • PC member of SG-CRC 2017 (Singapore Cyber-security Research Conference 2017)
  • PC member of DSC 2016 (International Conference on Data Science in Cyberspace)
  • PC member of AsiaCCS 2016 (11th ACM Asia Conference on Computer and Communications Security)
  • PC member of SECURECOMM 2015 (11th International Conference on Security and Privacy in Communication Network)
  • PC member of SENT-2015 (NDSS Workshop on Security of Emerging Networking Technologies)
  • PC member of ISPEC 2015 (The 11st International Conference on Information Security Practice and Experience)
  • PC member of IEEE CISDA 2014 (Seventh IEEE Symposium on Computational Intelligence for Security and Defense Applications)
  • Member of Academic Degrees Commitee of the State Council, China, 2020 -present
  • Board member of Cyber Security Association of China, 2016- present
  • Committe member of Computer Security Technical Committee of China Computer Federation, 2019-present
  • Committe Member of Security Protocol techonical Committee of Chinese Association for Cryptologic Research (CACR), 2014-present.

Selected Publications

Conferences

2024

  1. Linkai Zheng, Xiang Li, Chuhan Wang Run Guo, Haixin Duan, Jianjun Chen, Chao Zhang, Kaiwen Shen, ReqsMiner: Automated Discovery of CDN Forwarding Request Inconsistencies and DoS Attacks with Grammar-based Fuzzing, NDSS 2024

  2. Mingxuan Liu, Yiming Zhang, Xiang Li, Chaoyi Lu Baojun Liu, Haixin Duan, Xiaofeng Zheng., Understanding the Implementation and Security Implications of Protective DNS Services, NDSS 2024

  3. Chuhan Wang, Yasuhiro Kuranaga, Yihang Wang, Mingming Zhang, Linkai Zheng, Xiang Li, Jianjun Chen, Haixin Duan, Yanzhong Lin, Qingfeng Pan,BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet, NDSS 2024

  4. Xiang Li, Dashuai Wu, Haixin Duan, Qi Li DNSBomb: A New Practical-and-Powerful Pulsing DoS Attack Exploiting DNS Queries-and-Responses, Security&Privacy 2024

  5. Xiang Li, Wei Xu, Baojun Liu, Mingming Zhang, Zhou Li, Jia Zhang, Deliang Chang, Xiaofeng Zheng, Chuhan Wang, Jianjun Chen, Haixin Duan, Qi Li. TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets. Security & Privacy 2024

  6. Yacong Gu, Lingyun Ying, Huajun Chai, Yingyuan Pu, Haixin Duan, Xing Gao, More Haste, Less Speed: Cache Related Security Threats in Continuous Integration Services, Security&Privacy 2024

  7. Enze Wang, Jianjun Chen, Wei Xie, Chuhan Wang, Yifei Gao, Zhenhua Wang, Haixin Duan, Yang Liu, Baosheng Wang. Where URLs Become Weapons: Automated Discovery of SSRF Vulnerabilities in Web Applications, Security & Privacy 2024

  8. Qi Wang, Jianjun Chen, Zheyu Jiang, Run Guo, Ximeng Liu, Chao Zhang, Haixin Duan, Break the Wall from bottom: Automated Discovery of Protocol-Level Evasion Vulnerabilities in Web Application Firewalls, Security&Privacy 2024

  9. Yunyi Zhang, Baojun Liu, Haixin Duan, Min Zhang, Xiang Li, Fan Shi and Chengxi Xu, Eihal Alowaisheq, Rethinking the Security Threats of Stale DNS Glue Records, USENIX Security 2024

  10. Yunyi Zhang, Mingxuan Liu, Baojun Liu, Tsinghua University, Yiming Zhang, Haixin Duan, Min Zhang, Hui Jiang, Yanzhe Li, Fan Shi, nto the Dark: Unveiling Internal Site Search Abused for Black Hat SEO, USENIX Security 2024

  11. Qifan Zhang and Xuesong Bai, Xiang Li, Haixin Duan, Qi Li, Zhou Li, ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing, USENIX Security 2024

  12. Yijing Liu, Yiming Zhang, Baojun Liu, Haixin Duan, Qiang Li, Mingxuan Liu, Ruixuan Li, Jia Yao, Tickets or Privacy? Understand the Ecosystem of Chinese Ticket Grabbing Apps, USENIX Security 2024

  13. Yunyi Zhang, Mingming Zhang, Baojun Liu, Zhan Liu and Jia Zhang, Haixin Duan, Min Zhang, Fan Shi, and Chengxi Xu, Cross the Zone: Toward a Covert Domain Hijacking via Shared DNS Infrastructure, USENIX Security 2024

  14. Zidong Zhang ,Qinsheng Hou, Lingyun Ying ,Wenrui Diao ,Yacong Gu, Rui Li, Shanqing Guo, aixin Duan , MiniCAT: Understanding and Detecting Cross-Page Request Forgery Vulnerabilities in Mini-Programs CCS 2024

  15. Chenyang Zhang,Huajun Chai, Yingyun Ying, Haixin Duan, Jun Tao, Ruijie Li. PowerPeeler: A Precise and General Dynamic Deobfuscation Method for PowerShell Scripts, CCS 2024

  16. Xiaofan Li, Yacong Gu, Chu Qiao, Zhenkai Zhang , Daiping Liu, Lingyun Ying, Haixin Duan, Xing Gao. Toward Understanding the Security of Plugins in Continuous Integration Services, CCS 2024

  17. Jiahe Zhang , Jianjun Chen , Qi Wang,Hangyu Zhang, Chuhan Wang Jianwei Zhuge, Haixin Duan. Inbox Invasion: Exploiting MIME Ambiguities to Evade Email Attachment Detectors. CCS 2024

  18. Yuejia Liang,Jianjun Chen ,Run Guo , Kaiwen Shen, Hui Jiang ,Man Hou ,Yue Yu , Haixin Duan. Internet’s Invisible Enemy: Detecting and Measuring Web Cache Poisoning in the Wild, CCS 2024

  19. Ruixuan Li, Shaodong Xiao, Baojun Liu, Yanzhong Lin, Haixin Duan, Qingfeng Pan, Jianjun Chen, Jia Zhang, Ximeng Liu, Xiuqi Lu, Jun Shao, Bounce in the Wild: A Deep Dive into Email Delivery Failures from a Large Email Service Provider, ACM on Internet Measurement Conference(IMC), 2024

  20. Yunpeng Xing, Chaoyi Lu, Baojun Liu, Haixin Duan, Junzhe Sun, Zhou Li, Yesterday Once More: Global Measurement of Internet Traffic Shadowing Behaviors., ACM on Internet Measurement Conference(IMC), 2024

  21. Jianing Wang, Shanqing Guo, Wenrui Diao, Yue Liu, Haixin Duan, Yichen Liu, Zhenkai Liang. CrypTody: Cryptographic Misuse Analysis of IoT Firmware via Data-flow Reasoning, RAID 2024

  22. Mingxuan Liu, Zhenglong Jin, Jiahai Yang, Baoiun Liu, Haixin Duan, Ying Liu, Ximeng Liu, Shujun Tang, ChatScam: Unveiling the Rising Impact of ChatGPT on Domain Name Abuse, DSN 2024

  23. Yaru Yang, Yiming Zhang, Tao Wan, Chuhan Wang, Haixin Duan, Jianjun Chen, Yishen Li, Uncovering Security Vulnerabilities in Real-world Implementation and Deployment of 5G Messaging Services, 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks(WiSec) 2024

  24. Xiaoyin Liu, Wenzhi Li, Qinsheng Hou, Shishuai Yang, Lingyun Ying, Wenrui Diao, Yanan Li, Shanqing Guo, Haixin Duan. From Promises to Practice: Evaluating the Private Browsing Modes of Android Browser Apps, ACM on Web Conference 2024

  25. Ruixuan Li, Baojun Liu, Chaoyi Lu, Haixin Duan, Jun Shao, A Worldwide View on the Reachability of Encrypted DNS Services, ACM on Web Conference 2024

  26. Fenglu Zhang, Baojun Liu, Chaoyi Lu, Yunpeng Xing, Haixin Duan, Ying Liu, Liyuan, Investigating Deployment Issues of DNS Root Server Instances from a China-wide View, IEEE Transactions on Dependable and Secure Computing, 2024/3/5

2023

  1. Zhenrui Zhang, Geng Hong, Xiang Li, Zhuoqun Fu, Jia Zhang, Mingxuan Liu, Chuhan Wang, Jianjun Chen, Baojun Liu, Haixin Duan, Chao Zhang, Min Yang. Under the Dark: A Systematical Study of Stealthy Mining Pools (Ab) use in the Wild. Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023(四大安全顶会,CCF A)

  2. Wei Xu, Xiang Li, Chaoyi Lu, Baojun Liu, Haixin Duan, Jia Zhang, Jianjun Chen, Tao Wan. TsuKing: Coordinating DNS Resolvers and Queries into Potent DoS Amplifiers. Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications security 2023(四大安全顶会,CCF A)

  3. Fenglu Zhang, Baojun Liu, Eihal Alowaisheq, Jianjun Chen, Chaoyi Lu, Linjian Song, Yong Ma, Ying Liu, Haixin Duan, Min Yang, Silence is not Golden: Disrupting the Load Balancing of Authoritative DNS Servers, Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023(四大安全顶会,CCF A)

  4. Fenglu Zhang, Yunyi Zhang, Baojun Liu, Eihal Alowaisheq, Lingyun Ying, Xiang Li, Zaifeng Zhang, Ying Liu, Haixin Duan, Min Zhang, Wolf in Sheep’s Clothing: Evaluating Security Risks of the Undelegated Record on DNS Hosting Services. Proceedings of the 2023 ACM on Internet Measurement Conference, 2023 (CCF A)

  5. Xiang Li, Wei Xu, Baojun Liu, Mingming Zhang, Zhou Li, Jia Zhang, Deliang Chang, Xiaofeng Zheng, Chuhan Wang, Jianjun Chen, Haixin Duan, Qi Li. TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets. 2024 IEEE Symposium on Security and Privacy (SP), 2023(四大安全顶会,CCF A)

  6. Qifan Zhang, Xuesong Bai, Xiang Li, Haixin Duan, Qi Li, Zhou Li. ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing, USENIX Security 2023(四大安全顶会,CCF A)

  7. Qinsheng Hou, Wenrui Diao, Yanhao Wang, Chenglin Mao, Lingyun Ying, Song Liu, Xiaofeng Liu, Yuanzhi Li, Shanqing Guo, Meining Nie, Haixin Duan. Can We Trust the Phone Vendors? Comprehensive Security Measurements on the Android Firmware Ecosystem, IEEE Transactions on Software Engineering(TOSE) 2023

  8. Yacong Gu, Lingyun Ying, Huajun Chai, Chu Qiao, Haixin Duan, Xing Gao. Continuous Intrusion: Characterizing the Security of Continuous Integration Services. 2023 IEEE Symposium on Security and Privacy (SP), 1561-1577 1 2023(四大安全顶会,CCF A)

  9. Yacong Gu, Lingyun Ying, Yingyuan Pu, Xiao Hu, Huajun Chai, Ruimin Wang, Xing Gao, Haixin Duan. Investigating package related security threats in software registries. 2023 IEEE Symposium on Security and Privacy (SP), 2023(四大安全顶会,CCF A)

  10. Mingming Zhang, Xiang Li, Baojun Liu, Jianyu Lu, Yiming Zhang, Jianjun Chen, Haixin Duan, Shuang Hao, Xiaofeng Zheng. Detecting and Measuring Security Risks of Hosting-Based Dangling Domains. Proceedings of the ACM on Measurement and Analysis of Computing Systems , 2023(CCF A)

  11. Zhongyu Pei, Xingman Chen, Songtao Yang, Haixin Duan, Chao Zhang. TAICHI: Transform Your Secret Exploits Into Mine From a Victim’s Perspective. IEEE Transactions on Dependable and Secure Computing, 2023(CCF A)

  12. Run Guo, Jianjun Chen, Yihang Wang, Keran Mu, Baojun Liu, Xiang Li, Chao Zhang, Haixin Duan, Jianping Wu. Temporal CDN-Convex Lens: A CDN-Assisted Practical Pulsing DDoS Attack. 32nd USENIX Security Symposium (USENIX Security 23), 6185-6202 2023(四大安全顶会,CCF A)

  13. Xingman Chen, Yinghao Shi, Zheyu Jiang, Yuan Li, Ruoyu Wang, Haixin Duan, Haoyu Wang, Chao Zhang. MTSan: A Feasible and Practical Memory Sanitizer for Fuzzing COTS Binaries. 32nd USENIX Security Symposium (USENIX Security 23), 841-858 2023(四大安全顶会,CCF A)

  14. Xiang Li, Baojun Liu, Xuesong Bai, Mingming Zhang, Qifan Zhang, Zhou Li, Haixin Duan, Qi Li. Ghost Domain Reloaded: Vulnerable Links in Domain Name Delegation and Revocation, Proceedings of the 30th Annual Network and Distributed System Security Symposium (NDSS’23) 2023(四大安全顶会,CCF A)

  15. Zihao Jin, Shuo Chen, Yang Chen, Haixin Duan, Jianjun Chen, Jianping Wu. A Security Study about Electron Applications and a Programming Methodology to Tame DOM Functionalities. NDSS, 2023(四大安全顶会,CCF A)

  16. Xiang Li, Chaoyi Lu, Baojun Liu, Qifan Zhang, Zhou Li, Haixin Duan, Qi Li, The Maginot Line: Attacking the Boundary of DNS Caching Protection. 32nd USENIX Security Symposium (USENIX Security 23), 3153-3170(四大安全顶会,CCF A)

2022

  1. Qinsheng Hou, Wenrui Diao, Yanhao Wang, Xiaofeng Liu, Song Liu, Lingyun Ying, Shanqing Guo, Yuanzhi Li, Meining Nie, Haixin Duan. Large-scale Security Measurements on the Android Firmware Ecosystem. International Conference on Software Engineering (ICSE’22), 2022.

  2. Shiyue Nie, Yiming Zhang, Tao Wan, Haixin Duan, Song Li. Measuring the Deployment of 5G Security Enhancement. The 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks. 2022.

  3. Fenglu Zhang, Chaoyi Lu, Baojun Liu, Haixin Duan, Ying Liu. Measuring the Practical Effect of DNS Root Server Instances: A China-Wide Case Study. International Conference on Passive and Active Network Measurement, 2013.

  4. Qinge Xie, Shujun Tang, Xiaofeng Zheng, Qingran Lin, Baojun Liu, Haixin Duan, Frank Li. Building an Open, Robust, and Stable Voting-Based Domain Top List, USENIX Security 2022.

  5. Zihao Jin, Ziqiao Kong, Shuo Chen, Haixin Duan. Site Isolation Enables Timing-Based Cross-Site Browsing Surveillance. IEEE Symposium on Security and Privacy, 2022.

  6. Hui Gao, Yiming Zhang, Tao Wan, Jia Zhang, Haixin Duan, On Evaluating Delegated Digital Signing of Broadcasting Messages in 5G. IEEE Global Communications Conference (GLOBECOM), 2021.

  7. Mingxuan Liu, Yiming Zhang, Baojun Liu, Zhou Li, Haixin Duan, Donghong Sun. Detecting and Characterizing SMS Spearphishing Attacks., Annual Computer Security Applications Conference(ACSAC), 2021.

  8. Yiming Zhang, Baojun Liu, Chaoyi Lu, Zhou Li, Haixin Duan, Jiachen Li, Zaifeng Zhang. Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem. ACM SIGSAC Conference on Computer and Communications Security(CCS) , 2021.

  9. Hao Yang, Kun Du, Yubao Zhang, Shuai Hao, Haining Wang, Jia Zhang, Haixin Duan. Mingling of Clear and Muddy Water: Understanding and Detecting Semantic Confusion in Blackhat SEO, European Symposium on Research in Computer Security., 2021.

  10. Xiang Li, Baojun Liu, Xiaofeng Zheng, Haixin Duan, Qi Li, Youjun Huang. Fast IPv6 Network Periphery Discovery and Security Implications, 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2021.

  11. Zihan Zhang, Mingxuan Liu, Chao Zhang, Yiming Zhang, Zhou Li, Qi Li, Haixin Duan, Donghong Sun. Argot: generating adversarial readable chinese texts. Proceedings of the Twenty-Ninth International Conference on International Joint Conferences on Artificial Intelligence, 2021.

  12. Libo Chen, Yanhao Wang, Quanpu Cai, Yunfan Zhan, Hong Hu, Jiaqi Linghu, Qinsheng Hou, Chao Zhang, Haixin Duan, Zhi Xue. Sharing more and checking less: Leveraging common input keywords to detect bugs in embedded systems, USENIX Security, 2021.

  13. Chaoyi Lu, Baojun Liu, Yiming Zhang, Zhou Li, Fenglu Zhang, Haixin Duan, Ying Liu, Joann Qiongna Chen, Jinjin Liang, Zaifeng Zhang, Shuang Hao, Min Yang, From WHOIS to WHOWAS: A Large-Scale Measurement Study of Domain Registration Privacy under the GDPR. NDSS 2021.

  14. Kaiwen Shen, Chuhan Wang, Minglei Guo, Xiaofeng Zheng, Chaoyi Lu, Baojun Liu, Yuxuan Zhao, Shuang Hao, Haixin Duan, Qingfeng Pan, Min Yang., Weak links in authentication chains: a large-scale analysis of email sender spoofing attacks., USENIX Security 2021.

  15. Kun Du, Hao Yang, Yubao Zhang, Haixin Duan, Haining Wang, Shuang Hao, Zhou Li, Min Yang, Understanding promotion-as-a-service on GitHub. Annual Computer Security Applications Conference(ACSAC) 2020.

  16. Keyu Man, Zhiyun Qian, Zhongjie Wang, Xiaofeng Zheng, Youjun Huang, Haixin Duan. DNS cache poisoning attack reloaded: Revolutions with side channels, ACM SIGSAC Conference on Computer and Communications Security(CCS), 2020.

  17. Mingming Zhang, Xiaofeng Zheng, Kaiwen Shen, Ziqiao Kong, Chaoyi Lu, Yu Wang, Haixin Duan, Shuang Hao, Baojun Liu, Min Yang., Talking with familiar strangers: an empirical study on https context confusion attacks, ACM SIGSAC Conference on Computer and Communications Security(CCS), 2021

  18. X. Zheng, C. Lu, J. Peng, Q. Yang, D. Zhou, B. Liu, K. Man, S. Hao, H. Duan, Z. Qian. Poison Over Troubled Forwarders: A Cache Poisoning Attack Targeting DNS Forwarding Devices, USENIX Security 2020

  19. Yiming Zhang, Baojun Liu, Chaoyi Lu, Zhou Li, Haixin, Shuang Hao, Mingxuan Liu, Ying Liu, Dong Wang, Qian Li. Lies in the Air: Characterizing Fake-base-station Spam Ecosystem in China, CCS 2020

  20. Weizhong Li, Kaiwen Shen, Run Guo, Baojun Liu, Jia Zhang, Haixin Duan, Shuang Hao, Xiarun Chen, Yao Wang. CDN Backfired: Amplification Attacks Based on HTTP Range Requests, DSN 2020 (best paper nominee). PDF download

  21. Run Guo, Weizhong Li, Baojun Liu, Shuang Hao, Jia Zhang, Haixin Duan, Kaiwen Shen, Jianjun Chen, Ying Liu. CDN Judo: Breaking the CDN DoS Protection with Itself, NDSS 2020. PDF download

  22. Kun Du, Hao Yang, Zhou Li, Haixin Duan, Shuang Hao and etc. TL; DR Hazard: A Comprehensive Study of Levelsquatting Scams, International Conference on Security and Privacy in Communication Systems, 2019

  23. Chaoyi Lu, Baojun Liu, Zhou Li, Shuang Hao, Haixin Duan, Mingming Zhang, Chunying Leng, Ying Liu, Zaifeng Zhang, Jianping Wu, An End-to-End, Large-Scale Measurement of DNS-over-Encryption: How Far Have We Come? ACM Internet Measurement Conference, 2019 PDF download

  24. Baojun Liu, Zhou Li, Peiyuan Zong, Chaoyi Lu, Haixin Duan, Ying Liu, Sumayah Alrwais, Xiaofeng Wang, Shuang Hao, Yaoqi Jia, Yiming Zhang, Kai Chen, Zaifeng Zhang. 4th IEEE European Symposium on Security and Privacy (EuroS&P’19). 4th IEEE European Symposium on Security and Privacy, 2019

  25. Run Guo, Jianjun Chen, Baojun Liu, Jia Zhang, Chao Zhang, Haixin Duan, Tao Wan, Jian Jiang, Shuang Hao, Yaoqi Jia. Abusing CDNs for Fun and Profit: Security Issues in CDNs’ Origin Validation. IEEE 37th Symposium on Reliable Distributed Systems (SRDS), 2018

  26. Kun Yang, Yuan Deng, Chao Zhang, Jianwei Zhuge, Haixin Duan, ICUFuzzer: Fuzzing ICU Library for Exploitable Bugs in Multiple Software, International Conference on Information Security, 2018

  27. Baojun Liu, Chaoyi Lu, Zhou Li, Ying Liu, Hai-Xin Duan, Shuang Hao, Zaifeng Zhang. A Reexamination of Internationalized Domain Names: The Good, the Bad and the Ugly. Dependable Systems and Networks, 2018

  28. Jian Jiang, Jia Zhang, Haixin Duan, Kang Li, Wu Liu. Analysis and Measurement of Zone Dependency in the Domain Name System, IEEE International Conference on Communications (ICC), 2018

  29. Fuqing Chen, Haixin Duan, Xiaofeng Zheng, Jian Jiang, Jianjun Chen, Path Leaks of HTTPS Side-Channel by Cookie Injection. International Workshop on Constructive Side-Channel Analysis and Secure Design , 2018

  30. Jianjun Chen, Jian Jiang, Haixin Duan, Tao Wan, Shuo Chen, Vern Paxson, Min Yang. We Still Don’t Have Secure Cross-Domain Requests: an Empirical Study of CORS, 27th USENIX Security Symposium, 2018

  31. Baojun Liu, Chaoyi Lu, Haixin Duan, Ying Liu, Zhou Li, Shuang Hao, Min Yang, Who is answering my queries: Understanding and characterizing interception of the DNS resolution path. 27th USENIX Security Symposium, 2018

  32. Mingming Zhang, Baojun Liu, Chaoyi Lu, Jia Zhang, Shuang Hao, Haixin Duan, Measuring Privacy Threats in China-Wide Mobile Networks. 8th USENIX Workshop on Free and Open Communications on the Internet (FOCI), 2018

  33. Hao Yang, Xiulin Ma, Kun Du, Zhou Li, Haixin Duan*, Xiaodong Su, Guang Liu, Zhifeng Geng, and Jianping Wu. How to Learn Klingon Without a Dictionary: Detection and Measurement of Black Keywords Used by the Underground Economy , IEEE Symposium on Security & Privacy, 2017

  34. Jianjun Chen, Jian Jiang, Haixin Duan, Nick Weaver, Tao Wan, Vern Paxson. Host of Troubles: Multiple Host Ambiguities in HTTP Implementations, CCS 2016

  35. Kun Du, Hao Yang, Zhou Li, Haixin Duan(*), Kehuan Zhang. The Ever-changing Labyrinth: A Large-scale Analysis of Wildcard DNS Powered Blackhat SEO, USENIX Security 2016

  36. Xiaojing Liao,Kan Yuan, Xiaofeng Wang(), Zhongyu Pei,Hao Yang, Jianjun Chen, Haixin Duan(), Kun Du, Eihal Alowaisheq, Sumayah Alrwais, Luyi Xing, Raheem Beyah, Seeking Nonsense, Looking for Trouble: Efficient Promotional­ Infection Detection through Semantic Inconsistency Search, IEEE Symposium on Security & Privacy, San Jose, California. May 23-26, 2016

  37. Jianjun Chen, Jian Jiang, Xiaofeng Zheng, Haixin Duan(*), Jinjin Liang, Tao Wan, Kang Li, Vern Paxson, Forwarding-Loop Attacks in Content Delivery Networks, NDSS 2016

  38. Song Li, Haixin Duan(*), Zhiliang Wang, and Xing Li, Route Leaks Identification by Detecting Routing Loops, SecureComm (11th EAI International Conference on Security and Privacy in Communication Networks), 2015

  39. Xiaofeng Zheng, Jian Jiang, Jinjin Liang, Haixin Duan, Shuo Chen, Tao Wan, Nicholas Weaver, Cookies lack integrity: real world implications, USENIX Security, 2015.

  40. Jinjin Liang, Jian Jiang, Haixin Duan, Kang Li, Tao Wan, Jianping Wu. “When HTTPS Meets CDN: A Case of Authentication in Delegated Service” Accepted by IEEE Symposium on Security & Privacy, 2014.

  41. Kun Yang, Lujue Zhou, Yongke Wang, Jianwei Zhuge and Haixin Duan. “IntentFuzzer: Detecting Capability Leaks of Android Applications”, ASIACCS 2014

  42. H. Gao, V. Yegneswaran, Y. Chen, P. Porras, S. Ghosh, J. Jiang, and H. Duan, “An empirical reexamination of global DNS behavior,” SIGCOMM, 2013.

  43. Man Hou, Haixin Duan,Jian Jiang, Jinjin Liang,Yan Ma, 中美银行网站HTTPS部署的测量与对比分析(Measurement and comparison of HTTPS deployment of Banking Websites in China and America), VARA 2013

  44. Jinjin Liang, Jian Jiang, Haixin Duan, Kang Li and Jianping Wu, Measuring Query Latency of Top Level DNS Servers, 14th Passive and Active Measurement conference(PAM), Mar. 2013, Hongkong

  45. J. Zhuge*, L. Gu, H. Duan, Investigating China’s Online Underground Economy. Conference on the Political Economy of Information Security in China, San Diego, US, Apr, 2012.

  46. Haixin Duan, Nicholas Weaver, Zongxu Zhao, Meng Hu, Jinjin Liang, Jian Jiang, Kang Li and Vern Paxson, Hold-On: Protecting Against On-Path DNS Poisoning, Securing and Trusting Internet Names, SATIN 2012.

  47. J. Jian, L. Jinjin, L. Kang, L. Jun, D. Haixin, W. Jianping, Ghost Domain Names: Revoked Yet Still Resolvable, 19th Annual Network & Distributed System Security Symposium (NDSS), 5-8 February 2012.

  48. Z. Jia, D. Haixin, L. Wu, W. Jianping WindTalker: A P2P-Based Low-Latency Anonymous Communication Network, IEICE Transactions on Communications, VOL. E92-B, NO.10, pp. 3183–3194, 2009.

  49. L. Wu, D. Haixin, L. Tao, L. Xing, W. Jianping. H6Proxy: ICMPv6 Weakness Analysis and Implementation of IPv6 Attacking Test Proxy, Cybercrime and Trustworthy Computing (CTC), Brisbane, Australia, 2009.

  50. L. Wu, D. Haixin, R. Ping, W. Jianping, Intrusion Detection Using SVM, Proc. IEEE 7th International Confer- ence on Wireless Communications (WiCOM), Wuhan, China, 2011.

  51. W. Lanjia, D. Haixin, L. Xing, Port scan behavior diagnosis by clustering, Proc. Information and communica- tion security, vol. 3783, pp. 243–255, 2005.

  52. Z. Jia, G. Yuntao, J. Xiaoxin, D. Haixin, W. Jianping, AMCAS: An Automatic Malicious Code Analysis System, Proc. 9th International Conference on Web-Age Information Management (WAIM) IEEE Computer Society Washington, DC, USA, 2008.

  53. Z.Jia,D.Haixin,W.Lanjia,AFastMethodofSignatureGenerationforPolymorphicWorms,Proc.International Conference on Computer and Electrical Engineering (ICCEE), Phuket, Thailand, 2009.

  54. L. Xing, D. Haixin, L. Xing, Identification of P2P traffic based on the content redistribution characteristic, Proc. International Symposium on Communications and Information Technologies (ISCIT), 2007.

  55. L. Xuefeng, D. Haixin, L., Wu, W. Jianping. Understanding the Construction Mechanism of Botnets, Proc. IEEE Symposia and Workshops on Ubiquitous, Autonomic and Trusted Computing (UIC/ATC), 2009.

Journals

  1. Mingxuan Liu, Zihan Zhang, Yiming Zhang, Chao Zhang, Zhou Li, Qi Li, Haixin Duan, Donghong Sun. Automatic Generation of Adversarial Readable Chinese Texts. IEEE Transactions on Dependable and Secure Computing, 2022

  2. Jia Zhang, Haixin Duan, Jian Jiang, Jinjin Liang, Jianping Wu. Finding the best answer: measuring the optimization of public and authoritative DNS. Science China Information Sciences volume 62, Article number: 39107 , 2019

  3. Hongyu Gao, Vinod Yegneswaran, Jian Jiang, Yan Chen, Member, IEEE, Phillip Porras, Shalini Ghosh, Haixin Duan, Reexamining DNS from a Global Recursive Resolver Perspective, to appear in IEEE/ACM TRANSACTIONS ON NETWORKING, Vol. 24, 2016

  4. Y. Feng, D. Haixin, L. Xing. Modeling and analyzing of the interaction between worms and antiworms during network worm propagation, Science in China, Series F (Information Sciences), vol. 48, pp. 91–106, 2005.