Publications

  • Publications at top-tier system-security venues: S&P (’13, ’14, ’15, ’16’, ’17, ’19, ’21a, ’21b, ’22, ’24a, ’24b), Security (’14, ’16, ’17, ’18, ’21, ’23a, ’23b, ’24), CCS (’09, ’10, ’12, ’15, ’16, ’17, ’20, ’21a, ’21b, ’21c), NDSS (’19, ’21, ’23).
  • Publications at other top-tier computer science conferences: OSDI (’23), IMC (’19), SigMetrics (’21), IJCAI (’20)
  • Students advised at UCI “+“. Visitors and project specialists advised at UCI “#“. Co-first-authors “*“.

Conferences

2024

[Security’24] Qifan Zhang+, Xuesong Bai+, Xiang Li#, Haixin Duan, Qi Li and Zhou Li.
ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing.
The 33rd USENIX Security Symposium, August, 2024.
(Acceptance rate: ??%)
[extended version]

[S&P’24b] Xiang Li#, Wei Xu, Baojun Liu, Mingming Zhang, Zhou Li, Jia Zhang, Deliang Chang, Xiaofeng Zheng, Chuhan Wang, Jianjun Chen, Haixin Duan and Qi Li.
TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets.
The 45th IEEE Symposium on Security and Privacy, May, 2024.
(Acceptance rate: 17.8%)

[S&P’24a] Jiacen Xu+, Xiaokui Shu and Zhou Li.
Understanding and Bridging the Gap Between Unsupervised Network Representation Learning and Security Analytics.
The 45th IEEE Symposium on Security and Privacy, May, 2024.
(Acceptance rate: 17.8%)

2023

[ACSAC’23] Joann Qiongna Chen+, Tianhao Wang, Zhikun Zhang, Yang Zhang, Somesh Jha and Zhou Li.
Differentially Private Resource Allocation.
The
39th Annual Computer Security Applications Conference, December, 2023.
(Acceptance rate: 23.3%)
[Artifact Functional]   [Artifact Reusable]   [Results Reproduced]

[OSDI’23] Zhe Zhou, Yanxiang Bi, Junpeng Wan, Yangfan Zhou and Zhou Li.
Userspace Bypass: Accelerating Syscall-intensive Applications.
The 17th USENIX Symposium on Operating Systems Design and Implementation, July, 2023.
[Source Code] [Artifact Available, Functional, Reproduced]
(Acceptance rate: 19.6%)

[DSN’23] Jiacen Xu+, Zhe Zhou, Boyuan Feng, Yufei Ding and Zhou Li.
On Adversarial Robustness of Point Cloud Semantic Segmentation.
The 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Network, June, 2023.
(Acceptance rate: 20%)

[Security’23b] Fan Yang, Jiacen Xu+, Chunlin Xiong, Zhou Li and Kehuan Zhang.
PROGRAPHER: An Anomaly Detection System based on Provenance Graph Embedding.
The 32nd USENIX Security Symposium, August, 2023.
(Acceptance rate: 29%)

[Security’23a] Xiang Li#, Chaoyi Lu, Baojun Liu, Qifan Zhang+, Zhou Li, Haixin Duan and Qi Li.
The Maginot Line: Attacking the Boundary of DNS Caching Protection.
The 32nd USENIX Security Symposium, August, 2023.
(Acceptance rate: 29%)

[NDSS’23] Xiang Li#, Baojun Liu, Xuesong Bai+, Mingming Zhang, Qifan Zhang+, Zhou Li, Haixin Duan and Qi Li.
Ghost Domain Reloaded: Vulnerable Links in Domain Name Delegation and Revocation.
The 30th Annual Network and Distributed System Security Symposium,  February, 2023.
(Acceptance rate: 16.2%)

[EAAI’23] Margarita Geleta, Jiacen Xu+, Manikanta Loya, Junlin Wang, Sameer Singh, Zhou Li and Sergio Gago Masague.
Maestro: A Gamified Platform for Teaching AI Robustness.
The 13th AAAI Symposium on Educational Advances in Artificial Intelligence, February, 2023.
(Acceptance rate: ??%)

2022

[ACSAC’22] Qifan Zhang+, Junjie Shen, Mingtian Tan, Zhe Zhou, Zhou Li, Qi Alfred Chen and Haipeng Zhang.
Play the Imitation Game: Model Extraction Attack against Autonomous Driving Localization.
The 38th Annual Computer Security Applications Conference, December, 2022.
(Acceptance rate: 24.1%)

[EuroS&P’22] Deliang Chang#*, Joann Qiongna Chen+*, Zhou Li and Xing Li.
Hide and Seek: Revisiting DNS-based User Tracking.
The 7th IEEE European Symposium on Security and Privacy, June, 2022.
(Acceptance rate: 29.8%)

[S&P’22] Junpeng Wan, Yanxiang Bi, Zhe Zhou and Zhou Li.
MeshUp: Stateless Cache Side-channel Attack on CPU Mesh.
The 43rd IEEE Symposium on Security and Privacy, May, 2022.
(Acceptance rate: 14.5%)

2021

[ACSAC’21b] Mingxuan Liu, Yiming Zhang, Baojun Liu, Zhou Li, Haixin Duan and Donghong Sun.
Detecting and Characterizing SMS Spearphising Attacks.
The 37th Annual Computer Security Applications Conference, online, December, 2021.
(Acceptance rate: 24.5%)

[ACSAC’21a] Mingtian Tan, Zhe Zhou and Zhou Li.
The Many-faced God: Attacking Face Verification System with Embedding and Image Recovery.
The 37th Annual Computer Security Applications Conference, online, December, 2021.
(Acceptance rate: 24.5%)

[CCS’21c] Yiming Zhang, Baojun Liu, Chaoyi Lu, Zhou Li, Haixin Duan, Jiachen Li and Zaifeng Zhang.
Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem.
The 28th ACM Conference on Computer and Communications Security, virtual, November, 2021.
(Acceptance rate: 22.3%)

[CCS’21b] Fenghao Xu#, Siyu Shen, Wenrui Diao, Zhou Li, Rui Li, and Kehuan Zhang.
Android on PC: On the Security of End-user Android Emulators.
The 28th ACM Conference on Computer and Communications Security, virtual, November, 2021.
(Acceptance rate: 22.3%)

[CCS’21a] Tianhao Wang, Joann Qiongna Chen+, Zhikun Zhang, Dong Su, Yueqiang Cheng, Zhou Li, Ninghui Li, and Somesh Jha.
Continuous Release of Data Streams under both Centralized and Local Differential Privacy.
The 28th ACM Conference on Computer and Communications Security, virtual, November, 2021.
(Acceptance rate: 22.3%)

[SRDS’21] Rebekah Houser, Shuai Hao, Zhou Li, Daiping Liu, Chase Cotton, and Haining Wang.
A Comprehensive Measurement-based Investigation of DNS Hijacking.
The 40th International Symposium on Reliable Distributed Systems, virtual, September, 2021.
(Acceptance rate: 25.5%)

[Security’21] Peng Fei, Zhou Li, Zhiying Wang, Xiao Yu, Ding Li, and Kangkook Jee.
SEAL: Storage-efficient Causality Analysis on Enterprise Logs with Query-friendly Compression
The 30th USENIX Security Symposium, virtual, August, 2021.
(Acceptance rate: 18.8%)

[SIGMETRICS’21] Behnam Pourghassemi, Jordan Bonecutter, Zhou Li, and Aparna Chandramowlishwaran.
AdPerf: Characterizing the Performance of Third-party Ads.
ACM SIGMETRICS, Beijing, China, June, 2021.
(Acceptance rate: 12.1%)

[S&P’21b] Mingtian Tan, Junpeng Wan, Zhe Zhou, and Zhou Li.
Invisible Probe: Timing Attacks with PCIe Congestion Side-channel
The 42nd IEEE Symposium on Security and Privacy, virtual, May 23-27, 2021.
(Acceptance rate: 12.08%)
* Source code

[S&P’21a] Rui Li, Wenrui Diao, Zhou Li, Jianqi Du, and Shanqing Guo.
Android Custom Permissions Demystified: From Privilege Escalation to Design Shortcomings.
The 42nd IEEE Symposium on Security and Privacy, virtual, May 23-27, 2021.
(Acceptance rate: 12.08%)
* Vulnerability acknowledged by Google: CVE-2020-0418, CVE-2021-0306, CVE-2021-0307, CVE-2021-0317.

[NDSS’21] Chaoyi Lu, Baojun Liu, Yiming Zhang, Zhou Li, Fenglu Zhang, Haixin Duan, Ying Liu, Joann Qiongna Chen+, Jinjin Liang, Zaifeng Zhang, Shuang Hao, and Min Yang.
From WHOIS to WHOWAS: A Large-Scale Measurement Study of Domain Registration Privacy under the GDPR
The 28th Annual Network and Distributed System Security Symposium, virtual, Feb., 2021.
(Acceptance rate: 15.2%)

2020

[ACSAC’20] Kun Du, Hao Yang, Yubao Zhang, Haixin Duan, Haining Wang, Shuang Hao, Zhou Li and Min Yang.
Understanding Promotion-as-a-Service on GitHub
The 36th Annual Computer Security Applications Conference, online, December, 2020.
(Acceptance rate: 23.3%)

[IJCAI’20] Zihan Zhang, Mingxuan Liu, Chao Zhang, Yiming Zhang, Zhou Li, Qi Li, Haixin Duan and Donghong Sun.
Argot: Generating Adversarial Readable Chinese Texts
The 29th International Joint Conference on Artificial Intelligence and the 17th Pacific Rim International Conference on Artificial Intelligence, Yokohama, Japan, July, 2020.
(Acceptance rate: 12.6%)

[CCS ’20] Yiming Zhang, Baojun Liu, Chaoyi Lu, Zhou Li, Haixin Duan, Shuang Hao, Mingxuan Liu, Ying Liu, Dong Wang and Qiang Li.
Lies in the Air: Characterizing Fake-base-station Spam Ecosystem in China
The 27th ACM Conference on Computer and Communications Security, Orlando, Florida, November, 2020.
(Acceptance rate: 16.9%)

​[DSN’20] Junyi Wei*, Yicheng Zhang+*, Zhe Zhou, Zhou Li and Mohammad Abdullah Al Faruque.
Leaky DNN: Stealing Deep-learning Model Secret with GPU Context-switching Side-channel
The 50th IEEE/IFIP International Conference on Dependable Systems and Networks, Valencia, Spain, June, 2020.
(Acceptance rate: 16.5%)

​[AsiaCCS’20] Shuaike Dong#, Zhou Li, Di Tang, Jiongyi Chen, Menghan Sun and Kehuan Zhang.
Your Smart Home Can’t Keep a Secret: Towards Automated Fingerprinting of IoT Traffic
The 15th ACM ASIA Conference on Computer and Communications Security, Taipei, Taiwan, October, 2020.
(Acceptance rate: 21.8%)

2019

​[CoNext’19] Rebekah Houser, Zhou Li, Chase Cotton and Haining Wang.
An Investigation on Information Leakage of DNS over TLS
The 15th International Conference on emerging Networking EXperiments and Technologies, Orlando, Florida, December, 2019.
(Acceptance rate: 16.8%)
* APNIC Blog

​[ACSAC’19] Hao Yang, Kun Du, Yubao Zhang, Shuang Hao, Zhou Li, Mingxuan Liu, Haining Wang, Haixin Duan, Yazhou Shi, Xiaodong Su, Guang Liu and Zhifeng Geng.
Casino Royale: A Deep Exploration of Illegal Online Gambling
The 35th Annual Computer Security Applications Conference, San Juan, Puerto Rico, December, 2019.
(Acceptance rate: 22.6%)

​[IMC’19] Chaoyi Lu, Baojun Liu, Zhou Li, Shuang Hao, Haixin Duan, Mingming Zhang, Chunying Leng, Ying Liu, Zaifeng Zhang and Jianping Wu.
An End-to-End, Large-Scale Measurement of DNS-over-Encryption: How Far Have We Come?
The Internet Measurement Conference, Amsterdam, Netherlands, October, 2019.
(Acceptance rate: 19.8%)
* Nominee of the Best Paper Award (3 out of 39) and Community Contribution (2 out of 39)
* One of Winners (6 out of 60) of Applied Networking Research Prize (ANRP 2020)

​[SecureComm’19] Kun Du, Hao Yang, Zhou Li, Haixin Duan, Shuang Hao, Baojun Liu, Yuxiao Ye, Mingxuan Liu, Xiaodong Su, Guang Liu, Zhifeng Geng, Zaifeng Zhang and Jinjin Liang.
TL;DR Hazard: A Comprehensive Study of Levelsquatting Scams
The 15th EAI International Conference on Security and Privacy in Communication Networks, Orlando, FL, October, 2019.
(Acceptance rate: 37.6%)

​[RAID’19] Wenrui Diao, Yue Zhang, Li Zhang, Zhou Li, Fenghao Xu, Xiaorui Pan, Xiangyu Liu, Jian Weng, Kehuan Zhang and XiaoFeng Wang.
Kindness is a Risky Business: On the Usage of the Accessibility APIs in Android
The 22nd International Symposium on Research in Attacks, Intrusions and Defenses, Beijing, China, September, 2019.
(Acceptance rate: 22.3%)

​[EuroS&P’19] Baojun Liu, Zhou Li, Peiyuan Zong, Chaoyi Lu, Haixin Duan, Ying Liu, Sumayah Alrwais, Xiaofeng Wang, Shuang Hao, Yaoqi Jia, Yiming Zhang, Kai Chen and Zaifeng Zhang.
TraffickStop: Detecting and Measuring Illicit Traffic Monetization Through Large-scale DNS Analysis
The 4th IEEE European Symposium on Security and Privacy,  Stockholm, Sweden, June, 2019.
(Acceptance rate: 20%)

​[S&P’19] Xianghang Mi, Xuan Feng, Xiaojing Liao, Baojun Liu, Xiaofeng Wang, Feng Qian, Zhou Li, Sumayah Alrwais, Limin Sun and Ying Liu.
Resident Evil: Understanding Residential IP Proxy as a Dark Service.
The 40th IEEE Symposium on Security and Privacy, San Francisco, CA, May 2019.
(Acceptance rate: 12%)

​[NDSS’19] Fenghao Xu, Wenrui Diao, Zhou Li, Jiongyi Chen and Kehuan Zhang.
BadBluetooth: Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals
The 26th Annual Network and Distributed System Security Symposium, San Diego, CA, Feb 2019.
(Acceptance rate: 17.1%)
* Vulnerability acknowledged by Google: CVE-2019-2225

2018
[ACSAC’18a]
​ Alina Oprea, Zhou Li, Kevin Bowers and Robin Norris.
MADE: Security Analytics for Enterprise Threat Detection
The 34th Annual Computer Security Applications Conference, San Juan, Puerto Rico, Dec. 2018.
(Acceptance rate: 20.1%)

[ACSAC’18b]​ Zhe Zhou, Di Tang, Wenhao Wang, XiaoFeng Wang, Zhou Li and Kehuan Zhang.
Beware of Your Screen: Anonymous Fingerprinting of Device Screens for Off-line Payment Protection.
The 34th Annual Computer Security Applications Conference, San Juan, Puerto Rico, Dec. 2018.
(Acceptance rate: 20.1%)

​[Security’18] Baojun Liu, Chaoyi Lu, Haixin Duan, Ying Liu, Zhou Li, Shuang Hao and Min Yang.
Who Is Answering My Queries: Understanding and Characterizing Interception of the DNS Resolution Path.
The 27th USENIX Security Symposium, Baltimore, MD, Aug 2018.

[SecureComm’18a]​ Ke Tian, Zhou Li, Kevin Bowers and Danfeng Yao.
FrameHanger: Evaluating and Classifying Iframe Injection at Large Scale.
The 14th EAI International Conference on Security and Privacy in Communication Networks, Singapore, Singapore, August, 2018

[SecureComm’18b]​ Shuaike Dong, Menghao Li, Wenrui Diao, Xiangyu Liu, Jian Liu, Zhou Li, Fenghao Xu, Kai Chen, Xiaofeng Wang and Kehuan Zhang.
Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild.
The 14th EAI International Conference on Security and Privacy in Communication Networks, Singapore, Singapore​, August, 2018

[DSN’18]​ Baojun Liu, Chaoyi Lu, Zhou Li, Ying Liu, Haixin Duan, Shuang Hao and Zaifeng Zhang.
A Reexamination of Internationalized Domain Names: the Good, the Bad and the Ugly.
The 48th IEEE/IFIP International Conference on Dependable Systems and Networks, Luxembourg City, Luxembourg, June 2018.

2017
[CCS’17]​ Daiping Liu, Zhou Li, Kun Du, Haining Wang, Baojun Liu, and Haixin Duan.
Don’t Let One Rotten Apple Spoil the Whole Barrel: Towards Automated Detection of Shadowed Domains. 
The 24th ACM Conference on Computer and Communications Security, Dallas, TX, Oct. 2017.

​[RAID’17] Ahmet Salih Buyukkayhan, Alina Oprea, Zhou Li and William Robertson.
Lens on the endpoint: Hunting for malicious software through endpoint data analysis.
The 20th International Symposium on Research in Attacks, Intrusions and Defenses, Atlanta, GA, Sept 2017.

​[Security’17] Xiaolong Bai, Zhe Zhou, XiaoFeng Wang, Zhou Li, Xianghang Mi, Nan Zhang, Tongxin Li, Shi-Min Hu and Kehuan Zhang.
Picking Up My Tab: Understanding and Mitigating Synchronized Token Lifting and Spending in Mobile Payment.
The 26th USENIX Security Symposium, Vancouver, BC, Canada, Aug 2017.

​​[PETS’17] ​Zhe Zhou, Wenrui Diao, Xiangyu Liu, Zhou Li, Kehuan Zhang and Rui Liu.
Vulnerable GPU Memory Management: Towards Recovering Raw Data from GPU.
The 17th Privacy Enhancing Technologies Symposium, Minneapolis, MN, July 2017.

[S&P’17] Hao Yang, Xiulin Ma, Kun Du, Zhou Li, Haixin Duan, Xiaodong Su, Guang Liu and Zhifeng Geng.
How to Learn Klingon Without a Dictionary: Detection and Measurement of Black Keywords Used by the Underground Economy.
The 38th IEEE Symposium on Security and Privacy, San Jose, CA, May 2017.

​​​[CODASPY’17] Zhe Zhou, Zhou Li and Kehuan Zhang.
All Your VMs are Disconnected: Attacking Hardware Virtualized Network.
The 7th ACM Conference on Data and Application Security and Privacy, Scottsdale, AZ, March 2017.
* Vulnerability reported to Huawei and confirmed (CVE-2017-2712).

2016
​​​[ACSAC’16Sumayah Alrwais, Kan Yuan, Eihal Alowaisheq, Xiaojing Liao, Alina Oprea, XiaoFeng Wang and Zhou Li.
Catching Predators at Watering Holes: Finding and Understanding Strategically Compromised Websites.
The 32nd Annual Computer Security Applications Conference, Los Angeles, CA, Dec. 2016.

[SecDev’16] Zhou Li and Alina Oprea.
Operational Security Log Analytics for Enterprise Breach Detection.
IEEE Cybersecurity Development Conference 2016, Boston, MA, Nov. 2016.

[CCS’16] Xiaojing Liao, Kan Yuan, XiaoFeng Wang, Zhou Li, Luyi Xing and Raheem Beyah.
Acing the IOC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence.
The 23rd ACM Conference on Computer and Communications Security, Vienna, Austria, Oct. 2016.

[Security’16] Kun Du, Hao Yang, Zhou Li, Haixin Duan and Kehuan Zhang.
The Ever-changing Labyrinth: A Large-scale Analysis of Wildcard DNS Powered Blackhat SEO.
The 25th USENIX Security Symposium, Austin, TX, Aug. 2016.

[WiSec’16] Wenrui Diao, Xiangyu Liu, Zhou Li and Kehuan Zhang.
Evading Android Runtime Analysis Through Detecting Programmed Interactions (Short Paper).
The 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Darmstadt,Germany, July 2016.

[S&P’16] Wenrui Diao, Xiangyu Liu, Zhou Li and Kehuan Zhang.
No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing Analysis.
The 37th IEEE Symposium on Security and Privacy, San Jose, CA, May 2016.

2015
[CCS’15] Xiangyu Liu, Zhe Zhou, Wenrui Diao, Zhou Li and Kehuan Zhang.
When Good Becomes Evil: Keystroke Inference with Smartwatch.
The 22nd ACM Conference on Computer and Communications Security, Denver, CO, Oct. 2015.

[ESORICS’15] Wenrui Diao, Xiangyu Liu, Zhe Zhou, Kehuan Zhang and Zhou Li.
Mind-Reading: Privacy Attacks Exploiting Cross-App KeyEvent Injections.
The 20th European Symposium on Research in Computer Security, Vienna, Austria, Sept. 2015.

[DSN’15] Alina Oprea, Zhou Li, Ting-Fang Yen, Sang Chin and Sumayah Alrwais.
Detection of Early-Stage Enterprise Infection by Mining Large-Scale Log Data.
The 45th IEEE/IFIP International Conference on Dependable Systems and Networks, Rio de Janeiro, Brazil, June 2015.

[IFIP SEC’15] Xiangyu Liu, Zhe Zhou, Wenrui Diao, Zhou Li and Kehuan Zhang.
An Empirical Study on Android for Saving Non-shared Data on Public Storage.
The 30th International Information Security and Privacy Conference, Hamburg, Germany, May 2015.

[S&P’15] Mohammad Taha Khan, Xiang Huo, Zhou Li and Chris Kanich.
Every Second Counts: Quantifying the Negative Externalities of Cybercrime via Typosquatting.
The 36th IEEE Symposium on Security and Privacy, San Jose, CA, May 2015.

2014
[Security’14] 
Sumayah Alrwais, Kan Yuan, Eihal Alowaisheq, Zhou Li, and XiaoFeng Wang.
Understanding the Dark Side of Domain Parking.
The 23rd Usenix Security Symposium, San Diego, CA, Aug. 2014.

[S&P’14] Zhou Li, Sumayah Alrwais, XiaoFeng Wang and Eihal Alowaisheq.
Hunting the Red Fox Online: Understanding and Detection of Mass Redirect-Script Injections.
The 35th IEEE Symposium on Security and Privacy, San Jose, CA, May 2014.

Before 2014
[S&P’13] Zhou Li, Sumayah Alrwais, Yinglian Xie, Fang Yu and XiaoFeng Wang.
Finding the Linchpins of the Dark Web: a Study on Topologically Dedicated Hosts on Malicious Web Infrastructures.
The 34th IEEE Symposium on Security and Privacy, San Francisco, CA, May 2013.

[CCS’12] Zhou Li, Kehuan Zhang, Yinglian Xie, Fang Yu and XiaoFeng Wang.
Knowing Your Enemy: Understanding and Detecting Malicious Web Advertising.
The 19th ACM Conference on Computer and Communications Security, Raleigh, NC, Oct. 2012.

[ACSAC’10] Zhou Li and XiaoFeng Wang.
FIRM: Capability-based Inline Mediation of Flash Behaviors.
The 26th Annual Computer Security Applications Conference, Austin, TX, Dec. 2010.

[CCS’10] Kehuan Zhang, Zhou Li, Rui Wang, XiaoFeng Wang and Shuo Chen.
Sidebuster: Automated Detection and Quantification of Side-Channel Leaks in Web Application Development.
The 17th ACM Conference on Computer and Communications Security, Chicago, IL, Oct. 2010.

[DSN’10] Zhou Li, Kehuan Zhang and XiaoFeng Wang.
Mash-IF: Practical Information-Flow Control within Client-side Mashups.
The 40th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, Chicago, IL, June 2010.

​[CCS’09] Rui Wang, XiaoFeng Wang, Zhou Li, Haixu Tang, Michael Reiter and Zheng Dong.
Privacy-Preserving Genomic Computation Through Program Specialization.
The 16th ACM Conference on Computer and Communications Security, Chicago, IL, Nov. 2009.

[AICCSA’08] Jianming Fu, Huijun Xiong, Zhou Li and Huanguo Zhang.
PerformTrust: Trust model integrated past and current performance in P2P file sharing systems.
The 6th IEEE/ACS International Conference on Computer Systems and Applications , Doha, Qatar, Mar. 2008.

[Bionetics’07] Zhou Li, Yiwen Liang, Zejun Wu and Chengyu Tan.
Immunity based Virus Detection with Process Call Arguments and User Feedback.
The 2nd International Conference on Bio-Inspired Models of Network, Information, and Computing Systems, Budapest, Hungary, Dec. 2007.


​Workshops

[TPDP’23] Joann Qiongna Chen+, Tianhao Wang, Zhikun Zhang, Yang Zhang, Somesh Jha and Zhou Li.
Differentially Private Resource Allocation.
Theory and Practice of Differential Privacy, Boston, MA, September. 2023.​

[FOCI’20] Qing Huang+, Deliang Chang# and Zhou Li.
A Comprehensive Study of DNS-over-HTTPS Downgrade Attack.
The 10th USENIX Workshop on Free and Open Communications on the Internet, Boston, MA, Aug. 2020.​

[SPSM’16] Wei Liu, Yueqian Zhang, Zhou Li and Haixin Duan.
What You See Isn’t Always What You Get: A Measurement Study of Usage Fraud on Android Apps.
The 6th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, Vienna, Austria, Oct. 2016.​


Posters

[NDSS’24] Qifan Zhang+, Xuesong Bai+, Xiang Li#, Haixin Duan, Qi Li and Zhou Li.
ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing.
The 31st Annual Network and Distributed System Security Symposium,  February, 2024.

[SIGCSE’23] Margarita Geleta, Jiacen Xu+, Manikanta Loya, Junlin Wang, Sameer Singh, Zhou Li and Sergio Gago Masague.
Design Factors of Maestro: A Serious Game for Robust AI Education.
The Technical Symposium on Computer Science Education, Toronto, Canada, March, 2023. (poster).
(Acceptance rate: ??%)

[FPGA’21] Yicheng Zhang+, Rozhin Yasaei, Hao Chen+, Zhou Li, and Mohammad Abdullah Al Faruque.
Stealing Neural Network Structure through Remote FPGA Side-channel Analysis.
The 29th ACM/SIGDA International Symposium on Field-Programmable Gate Arrays, virtual, February 28 – March 2, 2021. (poster).
(Acceptance rate: ??%)


Journals

[ACCESS] Xianran Liao+, Jiacen Xu+, Qifan Zhang+ and Zhou Li.
A Comprehensive Study of DNS Operational Issues by Mining DNS Forums.
In IEEE Access, 2022.

[TDSC] Mingxuan Liu, Zihan Zhang, Yiming Zhang, Chao Zhang, Zhou Li, Qi Li, Haixin Duan and Donghong Sun.
Automatic Generation of Adversarial Readable Chinese Texts.
In IEEE Transactions on Dependable and Secure Computing, 2022.

[TSE] Rui Li, Wenrui Diao, Zhou Li, Shishuai Yang, Shuang Li and Shanqing Guo.
Android Custom Permissions Demystified: A Comprehensive Security Evaluation.
In IEEE Transactions on Software Engineering, 2021.

[ACCESS] Deliang Chang#, Shanshan Hao, Zhou Li, Baojun Liu and Xing Li.
DNSWeight: Quantifying Country-wise Importance of Domain Name System.
In IEEE Access, 2021.

[TIFS] Yicheng Zhang+, Rozhin Yasaei, Hao Chen+, Zhou Li, and Mohammad Abdullah Al Faruque.
Stealing Neural Network Structure through Remote FPGA Side-channel Analysis.
In IEEE Transactions on Information Forensics and Security, 2021.

[JCS] Wenrui Diao, Rui Liu, Xiangyu Liu, Zhe Zhou, Zhou Li and Kehuan Zhang.
Accessing mobile user’s privacy based on IME personalization: Understanding and practical attacks.
In Journal of Computer Security, vol. 26, no. 3, pp. 283-309, 2018.

[TWC] Fan Zhang, Wenbo He, Yangyi Chen, Zhou Li, XiaoFeng Wang, Shuo Chen and Xue Liu.
Thwarting Wi-Fi Side-Channel Analysis through Traffic Demultiplexing.
In IEEE Transactions on Wireless Communications, vol.13, no.1, 2014.


​Industrial and Community Conferences/Workshops

[OARC42b] Presenter: Qifan Zhang
ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing
DNS-OARC
42 Workshop, Feb. 2024.

[OARC42a] Presenter: Qifan Zhang
TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets.
DNS-OARC 42 Workshop, Feb. 2024.

[BHU’23] Presenter: Zhou Li
MaginotDNS: Attacking the Boundary of DNS Caching Protection
Blackhat USA 2023, Las Vegas, August 2023.

[BHA’23] Presenter: Xiang Li
Phoenix Domain Attack: Vulnerable Links in Domain Name Delegation and Revocation
Blackhat Asia 2023, Singapore, May 2023.

[DINR’23] Presenter: Zhou Li
DNS-based User Tracking (Attacks and Defenses)
DNS and Internet Naming Research Directions 2023, virtual, Feb. 2023.

[IDS’22] Presenter: Xiang Li
The Phoenix Domain attack.
ICANN DNS Symposium, Nov. 2022.

[OARC39] Presenter: Xiang Li
Ghost Domain Reloaded: Vulnerable Links in Domain Name Delegation and Revocation.
OARC 39 & 47th CENTR Technical Workshop, Serbia, Oct. 2022.

[DINR’21] Presenter: Zhou Li
A Measurement-based Investigation of DNS Hijacking.
DNS and Internet Naming Research Directions 2021, virtual, Nov. 2021.

[OARC36] Presenter: Shuai Hao
A Measurement-based Investigation of DNS Hijacking.
DNS-OARC 36 Workshop, virtual, Nov. 2021.

[OARC31] Presenter: Shuang Hao
An End-to-End, Large-Scale Measurement of DNS-over-Encryption: How Far Have We Come?
DNS-OARC 31 Workshop, Austin, TX, Oct., 2019.

[ANRW’19] Presenter: Zhou Li
Who Is Answering My Queries: Understanding and Characterizing Interception of the DNS Resolution Path.

Applied Networking Research Workshop, Montreal, Quebec, Canada, July, 2019

[OARC30] Presenter: Chaoyi Lu
Who Is Answering My Queries: Understanding and Characterizing Interception of the DNS Resolution Path.
DNS-OARC 30 Workshop, Bangkok, Thailand, May, 2019.

[BHA’18] Presenter: Zhe Zhou
All Your Payment Tokens Are Mine: Vulnerabilities of Mobile Payment Systems.
Blackhat Asia 2018, Singapore, Mar. 2018.


Patents

[US-11233796] Zhou Li, Alex Zaslavsky and Kevin Bowers. Data-driven attribute selection for user application entitlement analysis. Granted in 2022.

[US-11036855] Zhou Li, Kevin Bowers, Martin Rosa, Raymond Carney and Ke Tian. Detecting frame injection through web page analysis. Granted in 2021.

[US-10437996] Zhou Li, Martin Rosa, and Zohar Duchin. Classifying software modules utilizing similarity-based queries. Granted in 2019.

[US-10382476] Zhou Li. Network security system incorporating assessment of alternative mobile application market sites. Granted in 2019.

[US-10250621] Zhou Li. Automatic extraction of indicators of compromise from multiple data sources accessible over a network. Granted in 2019.

[US-10122742] Alina Oprea, Zhou Li, and Ahmet Buyukkayhan. Classifying software modules based on comparisons using a neighborhood distance metric. Granted in 2018.

[US-9998484] Ahmet Buyukkayhan, Zhou Li, Alina Oprea and Martin Rosa. Classifying potentially malicious and benign software modules through similarity analysis. Granted in 2018.

[US-9838407] Alina Oprea, Zhou Li, Robin Norris, and Kevin D Bowers, Detection of malicious web activity in enterprise computer networks. Granted in 2017.

[US-9635049] Alina Oprea, Zhou Li, Sang H Chin and Ting-Fang Yen. ​Detection of suspicious domains through graph inference algorithm processing of host-domain contacts. Granted in 2017.

[US-9621576] Alina Oprea, Sumayah Alrwais, Kevin D Bowers, Todd S Leetham, Zhou Li and Ronald L Rivest. Detecting malicious websites. Granted in 2017.

[US-20130339158] Yinglian Xie, Fang Yu, Zhou Li and Xiaofeng Wang. Determining legitimate and malicious advertisements using advertising delivery sequences.