Haixin Duan (段海新)

Dr. Haixin Duan is a professor of the Institute for Network Sciences and Cyberspace, Tsinghua University. He was once a visiting scholar at UC Berkeley and a senior scientist of International Computer Science Institute(ICSI) at Berkeley, CA. Prof. Duan has been working on network security for about 30 years. His recent research interests include network protocol security, intrusion detection, underground economy detection and Internet Governance. Many of his research papers have been published by top security or network conferences like IEEE Symposium on Security & Privacy, USENIX Security, ACM CCS, NDSS, SIGCOMM and IMC. He got several best paper or distinguished paper awards from top security conferences including CCS, NDSS and DSN. Some of his research results were deployed in some big IT companies like Baidu, Huawei and Qi-An-Xin Group.

Research Interests

• DNS Security: vulnerability analysis and measurements

• Web Security and Web PKI: vulnerability analysis of HTTP/HTTPS, CDN and Browser security,

• Intrusion detection & underground economy detection.

• Network measurement.

Teaching

• Network security fundamental, for undergraduates in Computer Department of Tsinghua University, 2003-present
• Network and system Security, for graduate in Tsinghua University, 2005-2019
• Network Protocol Security Analysis, for graduate in the Institute for Network Sciences and Cyberspace, 2019-present

Appointments

• Professor, Network Research Center (now Institute for Network Science and Cyberspace) of Tsinghua University, Beijing, China, 2009–.
• Visiting Scholar, hosted by Professor Vern Paxson in UC Berkeley, CA, USA. 2011–2012.
• Senior Scientist, International Computer Science Institue, Berkeley, CA, USA. 2012 - 2013.
• Associate Professor, Tsinghua University, 2003–2009.
• Assistant Professor, Tsinghua University, 2001–2003.
• Part time Research Assistant in CERNET NOC, Beijing. 1996–2000.

Education

• Tsinghua University, Beijing, China Computer Science, Ph.D., 2000
• Harbin Institute of Technology, Heilongjiang, China. Computer Science, M.S., 1996
• Harbin Institute of Technology, Heilongjiang, China. Computer Science, B.S., 1994

Awards and Honors

• Excellent Talent in Cyber Security, by the Cyberspace Administration of China
• Best paper awards, ACM CCS , 2020
• Best paper awards, The 50nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks(DSN 2020)
• Distinguished Paper, NDSS Symposium 2016
• Applied Network Research Prize, 2020
• [Best Mentor and Helpful Friends, voted by students]（http://www.sc.tsinghua.edu.cn/newsletter/2526.jhtml）

Selected Professional Activities

• Associate Editor-in-Chief, Transaction on Privacy and Security, 2020-present
• PC Chari of SecureComm 2023, Hong Kong
• PC member of EthiCS 2022 (The 1st International Workshop on Ethics in Computer Security)
• PC member of ESORICS 2021 (the 26th European Symposium on Research in Computer Security (ESORICS))
• PC member of ICDCS 2021 (41st IEEE International Conference on Distributed Computing Systems)
• PC member of The Network and Distributed System Security (NDSS) Symposium.
• PC member of ESORICS 2020 (The 25th European Symposium on Research in Computer Security)
• PC member of ESORICS19 (European Symposium on Research in Computer Security 2019)
• PC Member of The ACM Conference on Computer and Communications Security (CCS 2018)
• PC member of ICICS 2018 (20th International Conference on Information and Communications Security)
• PC member of DSC 2018 (2018 IEEE Conference on Dependable and Secure Computing)
• PC member of ESORICS 2018 (23rd European Symposium on Research in Computer Security)
• PC member of SafeThings 2017 (1st ACM Workshop on the Internet of Safe Things)
• PC member of IEEEPAC2017 (The first IEEE Symposium on Privacy-Aware Computing)
• PC member of ACM TUR-C 2017 (Security and Privacy Track) (1st ACM China Annual Conference Sigsac china)
• PC member of ACSW 2017 (The Australiasian Computer Science Week Conference)
• PC member of SG-CRC 2017 (Singapore Cyber-security Research Conference 2017)
• PC member of DSC 2016 (International Conference on Data Science in Cyberspace)
• PC member of AsiaCCS 2016 (11th ACM Asia Conference on Computer and Communications Security)
• PC member of SECURECOMM 2015 (11th International Conference on Security and Privacy in Communication Network)
• PC member of SENT-2015 (NDSS Workshop on Security of Emerging Networking Technologies)
• PC member of ISPEC 2015 (The 11st International Conference on Information Security Practice and Experience)
• PC member of IEEE CISDA 2014 (Seventh IEEE Symposium on Computational Intelligence for Security and Defense Applications)

• Member of Academic Degrees Commitee of the State Council, China, 2020 -present
• Board member of Cyber Security Association of China, 2016- present
• Committe member of Computer Security Technical Committee of China Computer Federation, 2019-present
• Committe Member of Security Protocol techonical Committee of Chinese Association for Cryptologic Research (CACR), 2014-present.

• Co-Fouder and Chair of International Forum for Security Research (InForSec), the community for security researchers, 2015-present
• Co-Fouder of XCTF, a community for Chinese CTF(Capture the flag) players, 2016-present
• Co-Fouder of DataCon, Data security contest & conference, 2019-present

Publications

• My publication list on DBLP

• My publication list on Google Scholar

Publication data source: https://duanhaixin.cn/#publications, retrieved 2026-05-18. PDF download links point to https://duanhaixin.cn when available on the source page.

2026

1. Kaihua Wang, Jianjun Chen 0005, Pinji Chen, Jianwei Zhuge, Jiaju Bai, Haixin Duan. Identifying Logical Vulnerabilities in QUIC Implementations. Network and Distributed System Security Symposium (NDSS) 2026. PDF download

2. Qi Wang 0094, Jianjun Chen 0005, Jingcheng Yang, Jiahe Zhang, Yaru Yang, Haixin Duan. SIPConfusion: Exploiting SIP Semantic Ambiguities for Caller ID and SMS Spoofing. Network and Distributed System Security Symposium (NDSS) 2026. PDF download

3. Jingcheng Yang, Enze Wang, Jianjun Chen 0005, Qi Wang 0094, Yuheng Zhang, Haixin Duan, Wei Xie 0007, Baosheng Wang. Token Time Bomb: Evaluating JWT Implementations for Vulnerability Discovery. Network and Distributed System Security Symposium (NDSS) 2026. PDF download

4. Yaru Yang, Yiming Zhang 0009, Tao Wan 0004, Haixin Duan, Deliang Chang, Yishen Li, Shujun Tang. Small Cell, Big Risk: A Security Assessment of 4G LTE Femtocells in the Wild. Network and Distributed System Security Symposium (NDSS) 2026. PDF download

5. Hanqing Zhao, Yiming Zhang 0009, Lingyun Ying, Mingming Zhang 0010, Baojun Liu 0002, Haixin Duan, Zi-Quan You, Shuhao Zhang. Understanding the Status and Strategies of the Code Signing Abuse Ecosystem. Network and Distributed System Security Symposium (NDSS) 2026. PDF download

6. Shibo Cui, Mingxuan Liu 0006, Baojun Liu 0002, Haixin Duan, Ruixuan Li 0008, Chaoyi Lu, Jin Zhang, Zhicheng Wang, Jinghua Bai. Characterizing Iran’s Phased National Internet Shutdown in 2025: A Progressive and Distributed Action. The Web Conference (WWW) 2026. PDF download

7. Shiqi Yan, Yubo Chen 0002, Ruiqi Zhou, Zhengxi Yao, Shuai Chen, Tianyi Zhang, Shijie Zhang, Wei Qiang Zhang, Yongfeng Huang 0001, Haixin Duan, Yunqi Zhang. Explore-on-Graph: Incentivizing Autonomous Exploration of Large Language Models on Knowledge Graphs with Path-refined Reward Modeling. arXiv preprint (CoRR) 2026.

2025

1. Xiang Li 0108, Mingming Zhang 0010, Zuyao Xu, Fasheng Miao, Yuqi Qiu, Baojun Liu 0002, Jia Zhang 0004, Xiaofeng Zheng, Haixin Duan, Zheli Liu, Yunhai Zhang, Dunqiu Fan. RebirthDay Attack: Reviving DNS Cache Poisoning with the Birthday Paradox. ACM Conference on Computer and Communications Security (CCS) 2025. PDF download

2. Dashuai Wu, Yunyi Zhang, Baojun Liu 0002, Xiang Li 0108, Eihal Alowaisheq, Haixin Duan. Exploring and Analyzing Cross Layer DoS Attack Against UDP-based Services on Linux. ACM Conference on Computer and Communications Security (CCS) 2025. PDF download

3. Qihang Peng, Mingming Zhang 0010, Deliang Chang, Jia Zhang 0004, Baojun Liu 0002, Haixin Duan. Decoding DNS Centralization: Measuring and Identifying NS Domains Across Hosting Providers. IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) 2025. PDF download

4. Bingyang Guo, Mingxuan Liu 0006, Yihui Ma, Ruixuan Li 0008, Fan Shi 0003, Min Zhang 0054, Baojun Liu 0002, Chengxi Xu, Haixin Duan, Geng Hong, Min Yang 0002, Qingfeng Pan. Email Cloaking: Deceiving Users and Spam Email Detectors with Invisible HTML Settings. European Symposium on Research in Computer Security (ESORICS) 2025. PDF download

5. Guancheng Li, Minghao Zhang, Jianjun Chen 0005, Ge Dai, Pinji Chen, Huiming Liu, Yang Yu, Haixin Duan, Zhiyun Qian. The Danger of Packet Length Leakage: Off-path TCP/IP Hijacking Attacks Against Wireless and Mobile Networks. IEEE European Symposium on Security and Privacy (EuroS&P) 2025. PDF download

6. Mengying Wu, Geng Hong, Wuyuao Mai, Xinyi Wu, Lei Zhang 0096, Yingyuan Pu, Huajun Chai, Lingyun Ying, Haixin Duan, Min Yang 0002. Exposing the Hidden Layer: Software Repositories in the Service of Seo Manipulation. IEEE/ACM International Conference on Software Engineering (ICSE) 2025. PDF download

7. Yijing Liu, Mingxuan Liu 0006, Yiming Zhang 0009, Baojun Liu 0002, Jia Zhang 0004, Geng Hong, Haixin Duan, Min Yang 0002. Dive into the Cloud: Unveiling the (Ab)Usage of Serverless Cloud Function in the Wild. ACM Internet Measurement Conference (IMC) 2025. PDF download

8. Jia Yao, Yiming Zhang 0009, Baojun Liu 0002, Zhan Liu, Mingming Zhang 0010, Haixin Duan. Chaos in the Chain: Evaluate Deployment and Construction Compliance of Web PKI Certificate Chain. ACM Internet Measurement Conference (IMC) 2025. PDF download

9. Ruixuan Li 0008, Chaoyi Lu, Baojun Liu 0002, Yanzhong Lin, Haixin Duan, Qingfeng Pan, Jun Shao 0001. Understanding and Characterizing Intermediate Paths of Email Delivery: The Hidden Dependencies. ACM Internet Measurement Conference (IMC) 2025. PDF download

10. Mingming Zhang 0010, Jinfeng Guo, Yiming Zhang 0009, Shenglin Zhang, Baojun Liu 0002, Hanqing Zhao, Xiang Li 0108, Haixin Duan. Analyzing Compliance and Complications of Integrating Internationalized X.509 Certificates. ACM Internet Measurement Conference (IMC) 2025. PDF download

11. Ruixuan Li 0008, Chaoyi Lu, Baojun Liu 0002, Yunyi Zhang, Geng Hong, Haixin Duan, Yanzhong Lin, Qingfeng Pan, Min Yang 0002, Jun Shao 0001. HADES Attack: Understanding and Evaluating Manipulation Risks of Email Blocklists. Network and Distributed System Security Symposium (NDSS) 2025. PDF download

12. Pinji Chen, Jianjun Chen 0005, Mingming Zhang 0010, Qi Wang 0094, Yiming Zhang 0009, Mingwei Xu, Haixin Duan. Cross-Origin Web Attacks via HTTP/2 Server Push and Signed HTTP Exchange. Network and Distributed System Security Symposium (NDSS) 2025. PDF download

13. Shushang Wen, Yiming Zhang 0009, Yuxiang Shen, Bingyu Li, Haixin Duan, Jingqiang Lin 0001. Automatic Insecurity: Exploring Email Auto-configuration in the Wild. Network and Distributed System Security Symposium (NDSS) 2025. PDF download

14. Mengying Wu, Geng Hong, Jinsong Chen, Qi Liu, Shujun Tang, Youhao Li, Baojun Liu 0002, Haixin Duan, Min Yang 0002. Revealing the Black Box of Device Search Engine: Scanning Assets, Strategies, and Ethical Consideration. Network and Distributed System Security Symposium (NDSS) 2025. PDF download

15. Jiawei Zhou, Zidong Zhang, Lingyun Ying, Huajun Chai, Jiuxin Cao, Haixin Duan. Hey, Your Secrets Leaked! Detecting and Characterizing Secret Leakage in the Wild. IEEE Symposium on Security and Privacy (S&P) 2025. PDF download

16. Yiming Zhang 0009, Tao Wan 0004, Yaru Yang, Haixin Duan, Yichen Wang, Jianjun Chen 0005, Zixiang Wei, Xiang Li 0108. Invade the Walled Garden: Evaluating GTP Security in Cellular Networks. IEEE Symposium on Security and Privacy (S&P) 2025. PDF download

17. Youjun Huang, Xiang Li 0108, Jia Zhang 0004, Haixin Duan. Detection and Mitigation of Unknown Threats in IPv6 Networks via Layered Data Adaptation. IEEE International Conference on Trust, Security and Privacy in Computing (TrustCom) 2025.

18. Yufan You, Jianjun Chen 0005, Qi Wang 0094, Haixin Duan. My ZIP isn’t your ZIP: Identifying and Exploiting Semantic Gaps Between ZIP Parsers. USENIX Security Symposium 2025. PDF download

19. Chuhan Wang 0001, Chenkai Wang 0001, Songyi Yang, Sophia Liu, Jianjun Chen 0005, Haixin Duan, Gang Wang 0011. Email Spoofing with SMTP Smuggling: How the Shared Email Infrastructures Magnify this Vulnerability. USENIX Security Symposium 2025. PDF download

20. Keran Mu, Jianjun Chen 0005, Jianwei Zhuge, Qi Li 0002, Haixin Duan, Nick Feamster. The Silent Danger in HTTP: Identifying HTTP Desync Vulnerabilities with Gray-box Testing. USENIX Security Symposium 2025. PDF download

21. Jinsong Chen, Mengying Wu, Geng Hong, Baichao An, Mingxuan Liu 0006, Lei Zhang 0096, Baojun Liu 0002, Haixin Duan, Min Yang 0002. Beyond Exploit Scanning: A Functional Change-Driven Approach to Remote Software Version Identification. USENIX Security Symposium 2025. PDF download

22. Mingxuan Liu 0006, Yunyi Zhang, Lijie Wu, Baojun Liu 0002, Geng Hong, Yiming Zhang 0009, Hui Jiang, Jia Zhang 0004, Haixin Duan, Min Zhang 0054, Wei Guan, Fan Shi 0003, Min Yang 0002. NOKEScam: Understanding and Rectifying Non-Sense Keywords Spear Scam in Search Engines. USENIX Security Symposium 2025. PDF download

23. Mingming Zhang 0010, Yunyi Zhang, Baojun Liu 0002, Haixin Duan, Min Zhang 0054, Fan Shi 0003, Chengxi Xu. Misty Registry: An Empirical Study of Flawed Domain Registry Operation. USENIX Security Symposium 2025. PDF download

24. Wuyuao Mai, Geng Hong, Pei Chen, Xudong Pan, Baojun Liu 0002, Yuan Zhang 0009, Haixin Duan, Min Yang 0002. You Can’t Eat Your Cake and Have It Too: The Performance Degradation of LLMs with Jailbreak Defense. The Web Conference (WWW) 2025. PDF download

25. Hequan Shi, Lingyun Ying, Libo Chen 0001, Haixin Duan, Ming Liu, Zhi Xue. Dr. Docker: A Large-Scale Security Measurement of Docker Image Ecosystem. The Web Conference (WWW) 2025. PDF download

26. Wuyuao Mai, Geng Hong, Pei Chen, Xudong Pan, Baojun Liu 0002, Yuan Zhang 0009, Haixin Duan, Min Yang 0002. You Can’t Eat Your Cake and Have It Too: The Performance Degradation of LLMs with Jailbreak Defense. arXiv preprint (CoRR) 2025. PDF download

2024

1. Pei Chen, Geng Hong, Mengying Wu, Jinsong Chen, Haixin Duan, Min Yang 0002. Underground Application Collection Method Based on Spiking Traffic Analysis. International Journal of Software and Informatics 2024.

2. Fenglu Zhang, Baojun Liu 0002, Chaoyi Lu, Yunpeng Xing, Haixin Duan, Ying Liu 0024, Liyuan Chang. Investigating Deployment Issues of DNS Root Server Instances From a China-Wide View. IEEE Transactions on Dependable and Secure Computing 2024. PDF download

3. Yu Bi, Mingshuo Yang, Yong Fang, Xianghang Mi, Shanqing Guo, Shujun Tang, Haixin Duan. Dissecting Open Edge Computing Platforms: Ecosystem, Usage, and Security Risks. Annual Computer Security Applications Conference (ACSAC) 2024. PDF download

4. Yuejia Liang, Jianjun Chen 0005, Run Guo, Kaiwen Shen, Hui Jiang, Man Hou, Yue Yu, Haixin Duan. Internet’s Invisible Enemy: Detecting and Measuring Web Cache Poisoning in the Wild. ACM Conference on Computer and Communications Security (CCS) 2024. PDF download

5. Jiahe Zhang, Jianjun Chen 0005, Qi Wang 0094, Hangyu Zhang, Chuhan Wang 0001, Jianwei Zhuge, Haixin Duan. Inbox Invasion: Exploiting MIME Ambiguities to Evade Email Attachment Detectors. ACM Conference on Computer and Communications Security (CCS) 2024. PDF download

6. Xiaofan Li 0009, Yacong Gu, Chu Qiao, Zhenkai Zhang 0002, Daiping Liu, Lingyun Ying, Haixin Duan, Xing Gao 0001. Toward Understanding the Security of Plugins in Continuous Integration Services. ACM Conference on Computer and Communications Security (CCS) 2024. PDF download

7. Zidong Zhang, Qinsheng Hou, Lingyun Ying, Wenrui Diao, Yacong Gu, Rui Li 0102, Shanqing Guo, Haixin Duan. MiniCAT: Understanding and Detecting Cross-Page Request Forgery Vulnerabilities in Mini-Programs. ACM Conference on Computer and Communications Security (CCS) 2024. PDF download

8. Ruijie Li, Chenyang Zhang, Huajun Chai, Lingyun Ying, Haixin Duan, Jun Tao 0003. PowerPeeler: A Precise and General Dynamic Deobfuscation Method for PowerShell Scripts. ACM Conference on Computer and Communications Security (CCS) 2024. PDF download

9. Mingxuan Liu 0006, Zhenglong Jin, Jiahai Yang 0001, Baoiun Liu, Haixin Duan, Ying Liu 0024, Ximeng Liu, Shujun Tang. ChatScam: Unveiling the Rising Impact of ChatGPT on Domain Name Abuse. IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) 2024. PDF download

10. Yunpeng Xing, Chaoyi Lu, Baojun Liu 0002, Haixin Duan, Junzhe Sun, Zhou Li 0001. Yesterday Once More: Global Measurement of Internet Traffic Shadowing Behaviors. ACM Internet Measurement Conference (IMC) 2024. PDF download

11. Ruixuan Li 0008, Shaodong Xiao, Baojun Liu 0002, Yanzhong Lin, Haixin Duan, Qingfeng Pan, Jianjun Chen 0005, Jia Zhang 0004, Ximeng Liu, Xiuqi Lu, Jun Shao 0001. Bounce in the Wild: A Deep Dive into Email Delivery Failures from a Large Email Service Provider. ACM Internet Measurement Conference (IMC) 2024. PDF download

12. Mingxuan Liu 0006, Yiming Zhang 0009, Xiang Li 0108, Chaoyi Lu, Baojun Liu 0002, Haixin Duan, Xiaofeng Zheng. Understanding the Implementation and Security Implications of Protective DNS Services. Network and Distributed System Security Symposium (NDSS) 2024. PDF download

13. Chuhan Wang 0001, Yasuhiro Kuranaga, Yihang Wang, Mingming Zhang 0010, Linkai Zheng, Xiang Li 0108, Jianjun Chen 0005, Haixin Duan, Yanzhong Lin, Qingfeng Pan. BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet. Network and Distributed System Security Symposium (NDSS) 2024. PDF download

14. Linkai Zheng, Xiang Li 0108, Chuhan Wang 0001, Run Guo, Haixin Duan, Jianjun Chen 0005, Chao Zhang 0008, Kaiwen Shen. ReqsMiner: Automated Discovery of CDN Forwarding Request Inconsistencies and DoS Attacks with Grammar-based Fuzzing. Network and Distributed System Security Symposium (NDSS) 2024. PDF download

15. Jianing Wang, Shanqing Guo, Wenrui Diao, Yue Liu, Haixin Duan, Yichen Liu, Zhenkai Liang. CrypTody: Cryptographic Misuse Analysis of IoT Firmware via Data-flow Reasoning. International Symposium on Research in Attacks, Intrusions and Defenses (RAID) 2024. PDF download

16. Qi Wang 0094, Jianjun Chen 0005, Zheyu Jiang, Run Guo, Ximeng Liu, Chao Zhang 0008, Haixin Duan. Break the Wall from Bottom: Automated Discovery of Protocol-Level Evasion Vulnerabilities in Web Application Firewalls. IEEE Symposium on Security and Privacy (S&P) 2024. PDF download

17. Enze Wang, Jianjun Chen 0005, Wei Xie 0007, Chuhan Wang 0001, Yifei Gao, Zhenhua Wang, Haixin Duan, Yang Liu 0003, Baosheng Wang. Where URLs Become Weapons: Automated Discovery of SSRF Vulnerabilities in Web Applications. IEEE Symposium on Security and Privacy (S&P) 2024. PDF download

18. Yacong Gu, Lingyun Ying, Huajun Chai, Yingyuan Pu, Haixin Duan, Xing Gao 0001. More Haste, Less Speed: Cache Related Security Threats in Continuous Integration Services. IEEE Symposium on Security and Privacy (S&P) 2024. PDF download

19. Xiang Li 0108, Wei Xu, Baojun Liu 0002, Mingming Zhang 0010, Zhou Li 0001, Jia Zhang 0004, Deliang Chang, Xiaofeng Zheng, Chuhan Wang 0001, Jianjun Chen 0005, Haixin Duan, Qi Li 0002. TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets. IEEE Symposium on Security and Privacy (S&P) 2024. PDF download

20. Xiang Li 0108, Dashuai Wu, Haixin Duan, Qi Li 0002. DNSBomb: A New Practical-and-Powerful Pulsing DoS Attack Exploiting DNS Queries-and-Responses. IEEE Symposium on Security and Privacy (S&P) 2024. PDF download

21. Yijing Liu, Yiming Zhang 0009, Baojun Liu 0002, Haixin Duan, Qiang Li, Mingxuan Liu 0006, Ruixuan Li 0008, Jia Yao. Tickets or Privacy? Understand the Ecosystem of Chinese Ticket Grabbing Apps. USENIX Security Symposium 2024. PDF download

22. Qifan Zhang 0002, Xuesong Bai, Xiang Li 0108, Haixin Duan, Qi Li 0002, Zhou Li 0001. ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing. USENIX Security Symposium 2024. PDF download

23. Yunyi Zhang, Baojun Liu 0002, Haixin Duan, Min Zhang 0054, Xiang Li 0108, Fan Shi 0003, Chengxi Xu, Eihal Alowaisheq. Rethinking the Security Threats of Stale DNS Glue Records. USENIX Security Symposium 2024. PDF download

24. Yunyi Zhang, Mingxuan Liu 0006, Baojun Liu 0002, Yiming Zhang 0009, Haixin Duan, Min Zhang 0054, Hui Jiang, Yanzhe Li, Fan Shi 0003. Into the Dark: Unveiling Internal Site Search Abused for Black Hat SEO. USENIX Security Symposium 2024. PDF download

25. Yunyi Zhang, Mingming Zhang 0010, Baojun Liu 0002, Zhan Liu, Jia Zhang 0004, Haixin Duan, Min Zhang 0054, Fan Shi 0003, Chengxi Xu. Cross the Zone: Toward a Covert Domain Hijacking via Shared DNS Infrastructure. USENIX Security Symposium 2024. PDF download

26. Yaru Yang, Yiming Zhang 0009, Tao Wan 0004, Chuhan Wang 0001, Haixin Duan, Jianjun Chen 0005, Yishen Li. Uncovering Security Vulnerabilities in Real-world Implementation and Deployment of 5G Messaging Services. ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) 2024. PDF download

27. Ruixuan Li 0008, Baojun Liu 0002, Chaoyi Lu, Haixin Duan, Jun Shao 0001. A Worldwide View on the Reachability of Encrypted DNS Services. The Web Conference (WWW) 2024. PDF download

28. Xiaoyin Liu, Wenzhi Li, Qinsheng Hou, Shishuai Yang, Lingyun Ying, Wenrui Diao, Yanan Li, Shanqing Guo, Haixin Duan. From Promises to Practice: Evaluating the Private Browsing Modes of Android Browser Apps. The Web Conference (WWW) 2024. PDF download

29. Yu Bi, Mingshuo Yang, Yong Fang, Xianghang Mi, Shanqing Guo, Shujun Tang, Haixin Duan. An Empirical Study of Open Edge Computing Platforms: Ecosystem, Usage, and Security Risks. arXiv preprint (CoRR) 2024.

30. Ruijie Li, Chenyang Zhang, Huajun Chai, Lingyun Ying, Haixin Duan, Jun Tao 0003. PowerPeeler: A Precise and General Dynamic Deobfuscation Method for PowerShell Scripts. arXiv preprint (CoRR) 2024. PDF download

31. Mengying Wu, Geng Hong, Jinsong Chen, Qi Liu, Shujun Tang, Youhao Li, Baojun Liu 0002, Haixin Duan, Min Yang 0002. Revealing the Black Box of Device Search Engine: Scanning Assets, Strategies, and Ethical Consideration. arXiv preprint (CoRR) 2024.

2023

1. Mingming Zhang 0010, Xiang Li 0108, Baojun Liu 0002, Jianyu Lu, Yiming Zhang 0009, Jianjun Chen 0005, Haixin Duan, Shuang Hao 0001, Xiaofeng Zheng. Detecting and Measuring Security Risks of Hosting-Based Dangling Domains. Proceedings of the ACM on Measurement and Analysis of Computing Systems (SIGMETRICS/IMC) 2023. PDF download

2. Mingxuan Liu 0006, Zihan Zhang, Yiming Zhang 0009, Chao Zhang 0008, Zhou Li 0001, Qi Li 0002, Haixin Duan, Donghong Sun. Automatic Generation of Adversarial Readable Chinese Texts. IEEE Transactions on Dependable and Secure Computing 2023.

3. Zhongyu Pei, Xingman Chen, Songtao Yang, Haixin Duan, Chao Zhang 0008. TAICHI: Transform Your Secret Exploits Into Mine From a Victim’s Perspective. IEEE Transactions on Dependable and Secure Computing 2023.

4. Qinsheng Hou, Wenrui Diao, Yanhao Wang, Chenglin Mao, Lingyun Ying, Song Liu, Xiaofeng Liu 0013, Yuanzhi Li, Shanqing Guo, Meining Nie, Haixin Duan. Can We Trust the Phone Vendors? Comprehensive Security Measurements on the Android Firmware Ecosystem. IEEE Transactions on Software Engineering 2023. PDF download

5. Fenglu Zhang, Baojun Liu 0002, Eihal Alowaisheq, Jianjun Chen 0005, Chaoyi Lu, Linjian Song, Yong Ma, Ying Liu 0024, Haixin Duan, Min Yang 0002. Silence is not Golden: Disrupting the Load Balancing of Authoritative DNS Servers. ACM Turing Celebration Conference - China (ACM TUR-C) 2023. PDF download

6. Fenglu Zhang, Baojun Liu 0002, Eihal Alowaisheq, Jianjun Chen 0005, Chaoyi Lu, Linjian Song, Yong Ma, Ying Liu 0024, Haixin Duan, Min Yang 0002. Silence is not Golden: Disrupting the Load Balancing of Authoritative DNS Servers. ACM Conference on Computer and Communications Security (CCS) 2023. PDF download

7. Wei Xu, Xiang Li 0108, Chaoyi Lu, Baojun Liu 0002, Haixin Duan, Jia Zhang 0004, Jianjun Chen 0005, Tao Wan 0004. TsuKing: Coordinating DNS Resolvers and Queries into Potent DoS Amplifiers. ACM Conference on Computer and Communications Security (CCS) 2023. PDF download

8. Zhenrui Zhang, Geng Hong, Xiang Li 0108, Zhuoqun Fu, Jia Zhang 0004, Mingxuan Liu 0006, Chuhan Wang 0001, Jianjun Chen 0005, Baojun Liu 0002, Haixin Duan, Chao Zhang 0008, Min Yang 0002. Under the Dark: A Systematical Study of Stealthy Mining Pools (Ab)use in the Wild. ACM Conference on Computer and Communications Security (CCS) 2023. PDF download

9. Yue Qin, Zhuoqun Fu, Chuyun Deng, Xiaojing Liao, Jia Zhang 0004, Haixin Duan. Stolen Risks of Models with Security Properties. ACM Conference on Computer and Communications Security (CCS) 2023. PDF download

10. Fenglu Zhang, Yunyi Zhang, Baojun Liu 0002, Eihal Alowaisheq, Lingyun Ying, Xiang Li 0108, Zaifeng Zhang, Ying Liu 0024, Haixin Duan, Min Zhang 0054. Wolf in Sheep’s Clothing: Evaluating Security Risks of the Undelegated Record on DNS Hosting Services. ACM Internet Measurement Conference (IMC) 2023. PDF download

11. Zihao Jin, Shuo Chen 0001, Yang Chen, Haixin Duan, Jianjun Chen 0005, Jianping Wu. A Security Study about Electron Applications and a Programming Methodology to Tame DOM Functionalities. Network and Distributed System Security Symposium (NDSS) 2023. PDF download

12. Xiang Li 0108, Baojun Liu 0002, Xuesong Bai, Mingming Zhang 0010, Qifan Zhang 0002, Zhou Li 0001, Haixin Duan, Qi Li 0002. Ghost Domain Reloaded: Vulnerable Links in Domain Name Delegation and Revocation. Network and Distributed System Security Symposium (NDSS) 2023. PDF download

13. Mingming Zhang 0010, Xiang Li 0108, Baojun Liu 0002, Jianyu Lu, Yiming Zhang 0009, Jianjun Chen 0005, Haixin Duan, Shuang Hao 0001, Xiaofeng Zheng. Detecting and Measuring Security Risks of Hosting-Based Dangling Domains. ACM SIGMETRICS Conference 2023. PDF download

14. Yacong Gu, Lingyun Ying, Huajun Chai, Chu Qiao, Haixin Duan, Xing Gao 0001. Continuous Intrusion: Characterizing the Security of Continuous Integration Services. IEEE Symposium on Security and Privacy (S&P) 2023. PDF download

15. Yacong Gu, Lingyun Ying, Yingyuan Pu, Xiao Hu, Huajun Chai, Ruimin Wang, Xing Gao 0001, Haixin Duan. Investigating Package Related Security Threats in Software Registries. IEEE Symposium on Security and Privacy (S&P) 2023. PDF download

16. Xingman Chen, Yinghao Shi, Zheyu Jiang, Yuan Li 0061, Ruoyu Wang 0001, Haixin Duan, Haoyu Wang 0001, Chao Zhang 0008. MTSan: A Feasible and Practical Memory Sanitizer for Fuzzing COTS Binaries. USENIX Security Symposium 2023. PDF download

17. Xiang Li 0108, Chaoyi Lu, Baojun Liu 0002, Qifan Zhang 0002, Zhou Li 0001, Haixin Duan, Qi Li 0002. The Maginot Line: Attacking the Boundary of DNS Caching Protection. USENIX Security Symposium 2023. PDF download

18. Run Guo, Jianjun Chen 0005, Yihang Wang, Keran Mu, Baojun Liu 0002, Xiang Li 0108, Chao Zhang 0008, Haixin Duan, Jianping Wu. Temporal CDN-Convex Lens: A CDN-Assisted Practical Pulsing DDoS Attack. USENIX Security Symposium 2023. PDF download

19. Qifan Zhang 0002, Xuesong Bai, Xiang Li 0108, Haixin Duan, Qi Li 0002, Zhou Li 0001. ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing. arXiv preprint (CoRR) 2023.

2022

1. Libo Chen 0001, Quanpu Cai, Zhenbang Ma, Yanhao Wang, Hong Hu 0004, Minghang Shen, Yue Liu, Shanqing Guo, Haixin Duan, Kaida Jiang, Zhi Xue. SFuzz: Slice-based Fuzzing for Real-Time Operating Systems. ACM Conference on Computer and Communications Security (CCS) 2022. PDF download

2. Mingshuo Yang, Yunnan Yu, Xianghang Mi, Shujun Tang, Shanqing Guo, Yilin Li, Xiaofeng Zheng, Haixin Duan. An Extensive Study of Residential Proxies in China. ACM Conference on Computer and Communications Security (CCS) 2022. PDF download

3. Kaiwen Shen, Jianyu Lu, Yaru Yang, Jianjun Chen 0005, Mingming Zhang 0010, Haixin Duan, Jia Zhang 0004, Xiaofeng Zheng. HDiff: A Semi-automatic Framework for Discovering Semantic Gap Attack in HTTP Implementations. IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) 2022. PDF download

4. Huajun Chai, Lingyun Ying, Haixin Duan, Daren Zha. Invoke-Deobfuscation: AST-Based and Semantics-Preserving Deobfuscation for PowerShell Scripts. IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) 2022. PDF download

5. Mingxuan Liu 0006, Yiming Zhang 0009, Baojun Liu 0002, Haixin Duan. Exploring the Characteristics and Security Risks of Emerging Emoji Domain Names. European Symposium on Research in Computer Security (ESORICS) 2022. PDF download

6. Huikai Xu, Miao Yu, Yanhao Wang, Yue Liu, Qinsheng Hou, Zhenbang Ma, Haixin Duan, Jianwei Zhuge, Baojun Liu 0002. Trampoline Over the Air: Breaking in IoT Devices Through MQTT Brokers. IEEE European Symposium on Security and Privacy (EuroS&P) 2022. PDF download

7. Yiming Zhang 0009, Mingxuan Liu 0006, Mingming Zhang 0010, Chaoyi Lu, Haixin Duan. Ethics in Security Research: Visions, Reality, and Paths Forward. IEEE European Symposium on Security and Privacy Workshops 2022. PDF download

8. Qinsheng Hou, Wenrui Diao, Yanhao Wang, Xiaofeng Liu 0013, Song Liu, Lingyun Ying, Shanqing Guo, Yuanzhi Li, Meining Nie, Haixin Duan. Large-scale Security Measurements on the Android Firmware Ecosystem. IEEE/ACM International Conference on Software Engineering (ICSE) 2022. PDF download

9. Chuyun Deng, Mingxuan Liu 0006, Yue Qin, Jia Zhang 0004, Hai-Xin Duan, Donghong Sun. ValCAT: Variable-Length Contextualized Adversarial Transformations Using Encoder-Decoder Language Model. Annual Conference of the North American Chapter of the ACL (NAACL-HLT) 2022.

10. Xuewei Feng, Qi Li 0002, Kun Sun 0001, Ke Xu 0002, Baojun Liu 0002, Xiaofeng Zheng, Qiushi Yang, Haixin Duan, Zhiyun Qian. PMTUD is not Panacea: Revisiting IP Fragmentation Attacks against TCP. Network and Distributed System Security Symposium (NDSS) 2022. PDF download

11. Fenglu Zhang, Chaoyi Lu, Baojun Liu 0002, Haixin Duan, Ying Liu 0024. Measuring the Practical Effect of DNS Root Server Instances: A China-Wide Case Study. Passive and Active Measurement Conference (PAM) 2022. PDF download

12. Zhuoqun Fu, Mingxuan Liu 0006, Yue Qin, Jia Zhang 0004, Yuan Zou, Qilei Yin, Qi Li 0002, Haixin Duan. Encrypted Malware Traffic Detection via Graph-based Network Analysis. International Symposium on Research in Attacks, Intrusions and Defenses (RAID) 2022. PDF download

13. Zihao Jin, Ziqiao Kong, Shuo Chen 0001, Haixin Duan. Timing-Based Browsing Privacy Vulnerabilities Via Site Isolation. IEEE Symposium on Security and Privacy (S&P) 2022. PDF download

14. Geng Hong, Zhemin Yang, Sen Yang 0011, Xiaojing Liao, Xiaolin Du, Min Yang 0002, Haixin Duan. Analyzing Ground-Truth Data of Mobile Gambling Scams. IEEE Symposium on Security and Privacy (S&P) 2022. PDF download

15. Lei Zhang 0096, Keke Lian, Haoyu Xiao, Zhibo Zhang 0006, Peng Liu 0005, Yuan Zhang 0009, Min Yang 0002, Haixin Duan. Exploit the Last Straw That Breaks Android Systems. IEEE Symposium on Security and Privacy (S&P) 2022. PDF download

16. Qinge Xie, Shujun Tang, Xiaofeng Zheng, Qingran Lin, Baojun Liu 0002, Haixin Duan, Frank Li 0001. Building an Open, Robust, and Stable Voting-Based Domain Top List. USENIX Security Symposium 2022. PDF download

17. Chuhan Wang 0001, Kaiwen Shen, Minglei Guo, Yuxuan Zhao, Mingming Zhang 0010, Jianjun Chen 0005, Baojun Liu 0002, Xiaofeng Zheng, Haixin Duan, Yanzhong Lin, Qingfeng Pan. A Large-scale and Longitudinal Measurement Study of DKIM Deployment. USENIX Security Symposium 2022. PDF download

18. Shiyue Nie, Yiming Zhang 0009, Tao Wan 0004, Haixin Duan, Song Li. Measuring the Deployment of 5G Security Enhancement. ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) 2022. PDF download

19. Mingshuo Yang, Yunnan Yu, Xianghang Mi, Shujun Tang, Shanqing Guo, Yilin Li, Xiaofeng Zheng, Haixin Duan. An Extensive Study of Residential Proxies in China. arXiv preprint (CoRR) 2022. PDF download

2021

1. Mingxuan Liu 0006, Yiming Zhang 0009, Baojun Liu 0002, Zhou Li 0001, Haixin Duan, Donghong Sun. Detecting and Characterizing SMS Spearphishing Attacks. Annual Computer Security Applications Conference (ACSAC) 2021. PDF download

2. Yiming Zhang 0009, Baojun Liu 0002, Chaoyi Lu, Zhou Li 0001, Haixin Duan, Jiachen Li, Zaifeng Zhang. Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem. ACM Conference on Computer and Communications Security (CCS) 2021. PDF download

3. Xiang Li 0108, Baojun Liu 0002, Xiaofeng Zheng, Haixin Duan, Qi Li 0002, Youjun Huang. Fast IPv6 Network Periphery Discovery and Security Implications. IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) 2021. PDF download

4. Hao Yang, Kun Du, Yubao Zhang, Shuai Hao 0001, Haining Wang 0001, Jia Zhang 0004, Haixin Duan. Mingling of Clear and Muddy Water: Understanding and Detecting Semantic Confusion in Blackhat SEO. European Symposium on Research in Computer Security (ESORICS) 2021. PDF download

5. Hui Gao, Yiming Zhang 0009, Tao Wan 0004, Jia Zhang 0004, Haixin Duan. On Evaluating Delegated Digital Signing of Broadcasting Messages in 5G. IEEE Global Communications Conference (GLOBECOM) 2021. PDF download

6. Chaoyi Lu, Baojun Liu 0002, Yiming Zhang 0009, Zhou Li 0001, Fenglu Zhang, Haixin Duan, Ying Liu 0024, Joann Qiongna Chen, Jinjin Liang, Zaifeng Zhang, Shuang Hao 0001, Min Yang 0002. From WHOIS to WHOWAS: A Large-Scale Measurement Study of Domain Registration Privacy under the GDPR. Network and Distributed System Security Symposium (NDSS) 2021. PDF download

7. Libo Chen 0001, Yanhao Wang, Quanpu Cai, Yunfan Zhan, Hong Hu 0004, Jiaqi Linghu, Qinsheng Hou, Chao Zhang 0008, Haixin Duan, Zhi Xue. Sharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded Systems. USENIX Security Symposium 2021. PDF download

8. Kaiwen Shen, Chuhan Wang 0001, Minglei Guo, Xiaofeng Zheng, Chaoyi Lu, Baojun Liu 0002, Yuxuan Zhao, Shuang Hao 0001, Haixin Duan, Qingfeng Pan, Min Yang 0002. Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks. USENIX Security Symposium 2021. PDF download

2020

1. Pengxiong Zhu, Keyu Man, Zhongjie Wang 0002, Zhiyun Qian, Roya Ensafi, J. Alex Halderman, Hai-Xin Duan. Characterizing Transnational Internet Performance and the Great Bottleneck of China. Proceedings of the ACM on Measurement and Analysis of Computing Systems (SIGMETRICS/IMC) 2020.

2. Kun Du, Hao Yang, Yubao Zhang, Haixin Duan, Haining Wang 0001, Shuang Hao 0001, Zhou Li 0001, Min Yang 0002. Understanding Promotion-as-a-Service on GitHub. Annual Computer Security Applications Conference (ACSAC) 2020. PDF download

3. Yiming Zhang 0009, Baojun Liu 0002, Chaoyi Lu, Zhou Li 0001, Haixin Duan, Shuang Hao 0001, Mingxuan Liu 0006, Ying Liu 0024, Dong Wang, Qiang Li. Lies in the Air: Characterizing Fake-base-station Spam Ecosystem in China. ACM Conference on Computer and Communications Security (CCS) 2020. PDF download

4. Keyu Man, Zhiyun Qian, Zhongjie Wang 0002, Xiaofeng Zheng, Youjun Huang, Haixin Duan. DNS Cache Poisoning Attack Reloaded: Revolutions with Side Channels. ACM Conference on Computer and Communications Security (CCS) 2020. PDF download

5. Mingming Zhang 0010, Xiaofeng Zheng, Kaiwen Shen, Ziqiao Kong, Chaoyi Lu, Yu Wang 0288, Haixin Duan, Shuang Hao 0001, Baojun Liu 0002, Min Yang 0002. Talking with Familiar Strangers: An Empirical Study on HTTPS Context Confusion Attacks. ACM Conference on Computer and Communications Security (CCS) 2020. PDF download

6. Weizhong Li, Kaiwen Shen, Run Guo, Baojun Liu 0002, Jia Zhang 0004, Haixin Duan, Shuang Hao 0001, Xiarun Chen, Yao Wang. CDN Backfired: Amplification Attacks Based on HTTP Range Requests. IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) 2020. PDF download

7. Zihan Zhang, Mingxuan Liu 0006, Chao Zhang 0008, Yiming Zhang 0009, Zhou Li 0001, Qi Li 0002, Haixin Duan, Donghong Sun. Argot: Generating Adversarial Readable Chinese Texts. International Joint Conference on Artificial Intelligence (IJCAI) 2020.

8. Run Guo, Weizhong Li, Baojun Liu 0002, Shuang Hao 0001, Jia Zhang 0004, Haixin Duan, Kaiwen Shen, Jianjun Chen 0005, Ying Liu 0024. CDN Judo: Breaking the CDN DoS Protection with Itself. Network and Distributed System Security Symposium (NDSS) 2020. PDF download

9. Pengxiong Zhu, Keyu Man, Zhongjie Wang 0002, Zhiyun Qian, Roya Ensafi, J. Alex Halderman, Hai-Xin Duan. Characterizing Transnational Internet Performance and the Great Bottleneck of China. ACM SIGMETRICS Conference 2020.

10. Yuyu He, Lei Zhang 0096, Zhemin Yang, Yinzhi Cao, Keke Lian, Shuai Li 0006, Wei Yang 0013, Zhibo Zhang 0006, Min Yang 0002, Yuan Zhang 0009, Haixin Duan. TextExerciser: Feedback-driven Text Input Exercising for Android Applications. IEEE Symposium on Security and Privacy (S&P) 2020. PDF download

11. Xiaofeng Zheng, Chaoyi Lu, Jian Peng, Qiushi Yang, Dongjie Zhou, Baojun Liu 0002, Keyu Man, Shuang Hao 0001, Haixin Duan, Zhiyun Qian. Poison Over Troubled Forwarders: A Cache Poisoning Attack Targeting DNS Forwarding Devices. USENIX Security Symposium 2020. PDF download

12. Kaiwen Shen, Chuhan Wang 0001, Minglei Guo, Xiaofeng Zheng, Chaoyi Lu, Baojun Liu 0002, Yuxuan Zhao, Shuang Hao 0001, Haixin Duan, Qingfeng Pan, Min Yang 0002. Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks. arXiv preprint (CoRR) 2020. PDF download

2019

1. Jia Zhang 0004, Hai-Xin Duan, Jian Jiang 0002, Jinjin Liang, Jianping Wu. Finding the best answer: measuring the optimization of public and authoritative DNS. Science China Information Sciences 2019.

2. Hao Yang, Kun Du, Yubao Zhang, Shuang Hao 0001, Zhou Li 0001, Mingxuan Liu 0006, Haining Wang 0001, Hai-Xin Duan, Yazhou Shi, XiaoDong Su, Guang Liu, Zhifeng Geng, Jianping Wu. Casino royale: a deep exploration of illegal online gambling. Annual Computer Security Applications Conference (ACSAC) 2019. PDF download

3. Baojun Liu 0002, Chaoyi Lu, Hai-Xin Duan, Ying Liu 0024, Zhou Li 0001, Shuang Hao 0001, Min Yang 0002. Who is answering my queries: understanding and characterizing interception of the DNS resolution path. ACM/IRTF Applied Networking Research Workshop (ANRW) 2019.

4. Baojun Liu 0002, Zhou Li 0001, Peiyuan Zong, Chaoyi Lu, Hai-Xin Duan, Ying Liu 0024, Sumayah A. Alrwais, XiaoFeng Wang 0001, Shuang Hao 0001, Yaoqi Jia, Yiming Zhang 0009, Kai Chen 0012, Zaifeng Zhang. TraffickStop: Detecting and Measuring Illicit Traffic Monetization Through Large-Scale DNS Analysis. IEEE European Symposium on Security and Privacy (EuroS&P) 2019. PDF download

5. Guanyu Li, Menghao Zhang 0001, Chang Liu 0021, Xiao Kong, Ang Chen 0001, Guofei Gu, Haixin Duan. NETHCF: Enabling Line-rate and Adaptive Spoofed IP Traffic Filtering. IEEE International Conference on Network Protocols (ICNP) 2019.

6. Chaoyi Lu, Baojun Liu 0002, Zhou Li 0001, Shuang Hao 0001, Hai-Xin Duan, Mingming Zhang 0010, Chunying Leng, Ying Liu 0024, Zaifeng Zhang, Jianping Wu. An End-to-End, Large-Scale Measurement of DNS-over-Encryption: How Far Have We Come?. ACM Internet Measurement Conference (IMC) 2019. PDF download

7. Kun Du, Hao Yang, Zhou Li 0001, Hai-Xin Duan, Shuang Hao 0001, Baojun Liu 0002, Yuxiao Ye, Mingxuan Liu 0006, XiaoDong Su, Guang Liu, Zhifeng Geng, Zaifeng Zhang, Jinjin Liang. TL;DR Hazard: A Comprehensive Study of Levelsquatting Scams. International Conference on Security and Privacy in Communication Networks (SecureComm) 2019.

8. Kun Yang, Hanqing Zhao, Chao Zhang 0008, Jianwei Zhuge, Haixin Duan. Fuzzing IPC with Knowledge Inference. IEEE International Symposium on Reliable Distributed Systems (SRDS) 2019.

2018

1. Geng Hong, Zhemin Yang, Sen Yang 0011, Lei Zhang 0096, Yuhong Nan, Zhibo Zhang 0006, Min Yang 0002, Yuan Zhang 0009, Zhiyun Qian, Hai-Xin Duan. How You Get Shot in the Back: A Systematical Study about Cryptojacking in the Real World. ACM Conference on Computer and Communications Security (CCS) 2018. PDF download

2. Fuqing Chen, Hai-Xin Duan, Xiaofeng Zheng, Jian Jiang 0002, Jianjun Chen 0005. Path Leaks of HTTPS Side-Channel by Cookie Injection. Constructive Side-Channel Analysis and Secure Design (COSADE) 2018.

3. Baojun Liu 0002, Chaoyi Lu, Zhou Li 0001, Ying Liu 0024, Hai-Xin Duan, Shuang Hao 0001, Zaifeng Zhang. A Reexamination of Internationalized Domain Names: The Good, the Bad and the Ugly. IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) 2018. PDF download

4. Jian Jiang 0002, Jia Zhang 0004, Hai-Xin Duan, Kang Li 0001, Wu Liu. Analysis and Measurement of Zone Dependency in the Domain Name System. IEEE International Conference on Communications (ICC) 2018. PDF download

5. Kun Yang, Yuan Deng, Chao Zhang 0008, Jianwei Zhuge, Hai-Xin Duan. ICUFuzzer: Fuzzing ICU Library for Exploitable Bugs in Multiple Software. Information Security Conference (ISC) 2018.

6. Run Guo, Jianjun Chen 0005, Baojun Liu 0002, Jia Zhang 0004, Chao Zhang 0008, Hai-Xin Duan, Tao Wan 0004, Jian Jiang 0002, Shuang Hao 0001, Yaoqi Jia. Abusing CDNs for Fun and Profit: Security Issues in CDNs’ Origin Validation. IEEE International Symposium on Reliable Distributed Systems (SRDS) 2018.

7. Jianjun Chen 0005, Jian Jiang 0002, Hai-Xin Duan, Tao Wan 0004, Shuo Chen 0001, Vern Paxson, Min Yang 0002. We Still Don’t Have Secure Cross-Domain Requests: an Empirical Study of CORS. USENIX Security Symposium 2018. PDF download

8. Baojun Liu 0002, Chaoyi Lu, Hai-Xin Duan, Ying Liu 0024, Zhou Li 0001, Shuang Hao 0001, Min Yang 0002. Who Is Answering My Queries: Understanding and Characterizing Interception of the DNS Resolution Path. USENIX Security Symposium 2018. PDF download

9. Mingming Zhang 0010, Baojun Liu 0002, Chaoyi Lu, Jia Zhang 0004, Shuang Hao 0001, Hai-Xin Duan. Measuring Privacy Threats in China-Wide Mobile Networks. USENIX Free and Open Communications on the Internet Workshop (FOCI) 2018. PDF download

10. Xiaohan Zhang 0001, Yuan Zhang 0009, Qianqian Mo, Hao Xia, Zhemin Yang, Min Yang 0002, Xiaofeng Wang 0006, Long Lu, Hai-Xin Duan. An Empirical Study of Web Resource Manipulation in Real-world Mobile Applications. USENIX Security Symposium 2018. PDF download

2017

1. Daiping Liu, Zhou Li 0001, Kun Du, Haining Wang 0001, Baojun Liu 0002, Hai-Xin Duan. Don’t Let One Rotten Apple Spoil the Whole Barrel: Towards Automated Detection of Shadowed Domains. ACM Conference on Computer and Communications Security (CCS) 2017. PDF download

2. Jia Zhang 0004, Hai-Xin Duan, Wu Liu, Xingkun Yao. How to Notify a Vulnerability to the Right Person? Case Study: In an ISP Scope. IEEE Global Communications Conference (GLOBECOM) 2017.

3. Hao Yang, Xiulin Ma, Kun Du, Zhou Li 0001, Hai-Xin Duan, XiaoDong Su, Guang Liu, Zhifeng Geng, Jianping Wu. How to Learn Klingon without a Dictionary: Detection and Measurement of Black Keywords Used by the Underground Economy. IEEE Symposium on Security and Privacy (S&P) 2017. PDF download

2016

1. Song Li, Hai-Xin Duan, Zhiliang Wang, Jinjin Liang, Xing Li 0001. An accurate distributed scheme for detection of prefix interception. Science China Information Sciences 2016.

2. Yi Guo, Hai-Xin Duan, Jikun Chen, Fu Miao. MAF-SAM: An effective method to perceive data plane threats of inter domain routing system. Computer Networks 2016.

3. Hongyu Gao, Vinod Yegneswaran, Jian Jiang 0002, Yan Chen 0004, Phillip A. Porras, Shalini Ghosh, Hai-Xin Duan. Reexamining DNS From a Global Recursive Resolver Perspective. IEEE/ACM Transactions on Networking 2016.

4. Wei Liu, Yueqian Zhang, Zhou Li 0001, Hai-Xin Duan. What You See Isn’t Always What You Get: A Measurement Study of Usage Fraud on Android Apps. Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM@CCS) 2016.

5. Jianjun Chen 0005, Jian Jiang 0002, Hai-Xin Duan, Nicholas Weaver, Tao Wan 0004, Vern Paxson. Host of Troubles: Multiple Host Ambiguities in HTTP Implementations. ACM Conference on Computer and Communications Security (CCS) 2016. PDF download

6. Jianjun Chen 0005, Xiaofeng Zheng, Hai-Xin Duan, Jinjin Liang, Jian Jiang 0002, Kang Li 0001, Tao Wan 0004, Vern Paxson. Forwarding-Loop Attacks in Content Delivery Networks. Network and Distributed System Security Symposium (NDSS) 2016. PDF download

7. Xiaojing Liao, Kan Yuan, XiaoFeng Wang 0001, Zhongyu Pei, Hao Yang, Jianjun Chen 0005, Hai-Xin Duan, Kun Du, Eihal Alowaisheq, Sumayah A. Alrwais, Luyi Xing, Raheem A. Beyah. Seeking Nonsense, Looking for Trouble: Efficient Promotional-Infection Detection through Semantic Inconsistency Search. IEEE Symposium on Security and Privacy (S&P) 2016. PDF download

8. Kun Du, Hao Yang, Zhou Li 0001, Hai-Xin Duan, Kehuan Zhang. The Ever-Changing Labyrinth: A Large-Scale Analysis of Wildcard DNS Powered Blackhat SEO. USENIX Security Symposium 2016. PDF download

2015

1. Song Li, Hai-Xin Duan, Zhiliang Wang, Xing Li 0001. Route Leaks Identification by Detecting Routing Loops. International Conference on Security and Privacy in Communication Networks (SecureComm) 2015.

2. Xiaofeng Zheng, Jian Jiang 0002, Jinjin Liang, Hai-Xin Duan, Shuo Chen 0001, Tao Wan 0004, Nicholas Weaver. Cookies Lack Integrity: Real-World Implications. USENIX Security Symposium 2015. PDF download

2014

1. Kun Yang, Jianwei Zhuge, Yongke Wang, Lujue Zhou, Hai-Xin Duan. IntentFuzzer: detecting capability leaks of android applications. ACM Asia Conference on Computer and Communications Security (AsiaCCS) 2014. PDF download

2. Jinjin Liang, Jian Jiang 0002, Hai-Xin Duan, Kang Li 0001, Tao Wan 0004, Jianping Wu. When HTTPS Meets CDN: A Case of Authentication in Delegated Service. IEEE Symposium on Security and Privacy (S&P) 2014. PDF download

2013

1. Jinjin Liang, Jian Jiang 0002, Hai-Xin Duan, Kang Li 0001, Jianping Wu. Measuring Query Latency of Top Level DNS Servers. Passive and Active Measurement Conference (PAM) 2013. PDF download

2. Hongyu Gao, Vinod Yegneswaran, Yan Chen 0004, Phillip A. Porras, Shalini Ghosh, Jian Jiang 0002, Hai-Xin Duan. An empirical reexamination of global DNS behavior. ACM SIGCOMM Conference 2013. PDF download

3. Ming Zheng, Jianping Wu, Hai-Xin Duan. Research on the Anti-attack Design Principles of Low-Latency Anonymous Communication. IEEE International Conference on Trust, Security and Privacy in Computing (TrustCom) 2013.

2012

1. Jian Jiang 0002, Jinjin Liang, Kang Li 0001, Jun Li 0001, Hai-Xin Duan, Jianping Wu. Ghost Domain Names: Revoked Yet Still Resolvable. Network and Distributed System Security Symposium (NDSS) 2012. PDF download

2011

1. Jia Zhang 0004, Hai-Xin Duan, Wu Liu, Jianping Wu. Anonymity analysis of P2P anonymous communication systems. Computer Communications 2011.

2. Jian Jiang 0002, Hai-Xin Duan, Tao Lin, Fenglin Qin, Hong Zhang. A federated identity management system with centralized trust and unified Single Sign-On. International Conference on Communications and Networking in China (ChinaCom) 2011.

3. Wu Liu, Ping Ren, Ke Liu, Hai-Xin Duan. User cooperation trust model and its application in network security management. International Conference on Fuzzy Systems and Knowledge Discovery (FSKD) 2011.

4. Ming Zheng, Hai-Xin Duan, Jianping Wu. Anonymous Communication over Invisible Mix Rings. International Conference on Algorithms and Architectures for Parallel Processing (ICA3PP) 2011.

5. Wu Liu, Hai-Xin Duan, Ping Ren. Cooperation-Based Trust Model and Its Application in Network Security Management. International Conference on Algorithms and Architectures for Parallel Processing (ICA3PP) 2011.

2010

1. Lei Hou, Hai-Xin Duan, Jianping Wu. Distinguishing the Master to Defend DDoS Attack in Peer-to-Peer Networks. CIT 2010.

2. Jia Zhang 0004, Hai-Xin Duan, Wu Liu, Jianping Wu. Analysis of Anonymity in P2P Anonymous Communication Systems. IEEE International Conference on Advanced Information Networking and Applications Workshops 2010.

3. Wu Liu, Hai-Xin Duan, Ping Ren, Jianping Wu. IABA: An improved PNN Algorithm for anomaly detection in network security management. International Conference on Computing, Networking and Communications (ICNC) 2010.

2009

1. Jia Zhang 0004, Hai-Xin Duan, Wu Liu, Jianping Wu. WindTalker: A P2P-Based Low-Latency Anonymous Communication Network. IEICE Transactions on Communications 2009.

2. Lei Hou, Hai-Xin Duan, Jianping Wu. Selecting Trust Peers Based on Updated Credit Value in Peer-to-Peer Networks. International Conference on Security and Management 2009.

2008

1. Hong Zhang, Hai-Xin Duan, Wu Liu. RRM: An incentive reputation model for promoting good behaviors in distributed systems. Science China Information Sciences 2008.

2. Lanjia Wang, Hai-Xin Duan, Xing Li 0001. Dynamic emulation based modeling and detection of polymorphic shellcode at the network level. Science China Information Sciences 2008.

3. Lei Hou, Hai-Xin Duan, Jianping Wu. Scheduling Peers Based on Credit Construction Period in Peer-to-Peer Networks. IEEE International Conference on Parallel and Distributed Systems (ICPADS) 2008.

4. Wu Liu, Hai-Xin Duan, Tao Lin, Xing Li 0001, Jian-Ping Wu. Attacking Test and Online Forensics in IPv6 Networks. International Conference on IT Security Incident Management and IT Forensics (IMF) 2008.

5. Yuan Liang, Hai-Xin Duan. An Admission Control Policy Based on Social Networks for P2P Systems. International Conference on Web-Age Information Management (WAIM) 2008.

6. Jia Zhang 0004, Yuntao Guan, Xiaoxin Jiang, Hai-Xin Duan, Jianping Wu. AMCAS: An Automatic Malicious Code Analysis System. International Conference on Web-Age Information Management (WAIM) 2008.

2005

1. Feng Yang, Hai-Xin Duan, Xing Li 0001. Modeling and analyzing of the interaction between worms and antiworms during network worm propagation. Science China Information Sciences 2005.

2. Quang-Anh Tran, Xing Li 0001, Hai-Xin Duan. Efficient performance estimate for one-class support vector machine. Pattern Recognition Letters 2005.

3. Hong Zhang, Hai-Xin Duan, Wu Liu, Jianping Wu. An Extensible AAA Infrastructure for IPv6. International Conference on Computational Intelligence and Security (CIS) 2005.

4. Wu Liu, Hai-Xin Duan, Jianping Wu, Xing Li 0001. PDTM: A Policy-Driven Trust Management Framework in Distributed Systems. International Conference on Computational Intelligence and Security (CIS) 2005.

5. Wu Liu, Jianping Wu, Hai-Xin Duan, Xing Li 0001. New Algorithm Mining Intrusion Patterns. International Conference on Fuzzy Systems and Knowledge Discovery (FSKD) 2005.

6. Wu Liu, Jianping Wu, Hai-Xin Duan, Xing Li 0001. New Method for Intrusion Features Mining in IDS. International Conference on Intelligent Computing (ICIC) 2005.

7. Lanjia Wang, Hai-Xin Duan, Xing Li 0001. Port Scan Behavior Diagnosis by Clustering. International Conference on Information and Communications Security (ICICS) 2005.

8. Wu Liu, Jianping Wu, Hai-Xin Duan, Xing Li 0001. The Authorization Service in Dynamic Trust Domains. International Conference on Information Technology and Applications (ICITA) 2005.

9. Wu Liu, Hai-Xin Duan, Jianping Wu, Xing Li 0001. Improved Marking Model ERPPM Tracing Back to DDoS Attacker. International Conference on Information Technology and Applications (ICITA) 2005.

10. Hanghang Tong, Chongrong Li, Jingrui He, Jiajian Chen, Quang-Anh Tran, Hai-Xin Duan, Xing Li 0001. Anomaly Internet Network Traffic Detection by Kernel Principle Component Classifier. International Symposium on Neural Networks (ISNN) 2005.

2004

1. Jiahai Yang 0001, Hai-Xin Duan, Jianping Wu, Xing Li 0001. Workflow Oriented Network Management - A Web/Java Approach. Journal of Network and Systems Management 2004.

2. Wu Liu, Jianping Wu, Hai-Xin Duan, Xing Li 0001, Ping Ren. XML Based X.509 Authorization in CERNET Grid. International Conference on Grid and Cooperative Computing (GCC) 2004.

3. Wu Liu, Hai-Xin Duan, Jianping Wu, Xing Li 0001, Ping Ren. Algorithms for Congestion Detection and Control. International Conference on Grid and Cooperative Computing Workshops 2004.

4. Wu Liu, Hai-Xin Duan, Yong Feng, Yong-Bin Li, Ping Ren. Improved algorithms tracing back to attacking sources. IASTED International Conference on Parallel and Distributed Computing and Networks 2004.

2003

1. Wu Liu, Hai-Xin Duan, Jianping Wu, Ping Ren, Li-Hua Lu. Distributed IDS Tracing Back to Attacking Sources. International Conference on Grid and Cooperative Computing (GCC) 2003.

2000

1. Hai-Xin Duan, Jianping Wu, Xing Li 0001. Policy based access control framework for large networks. IEEE International Conference on Networks (ICON) 2000.