Publications

  • Publications at top-tier system-security venues (19 papers): S&P (’13, ’14, ’15, ’16’, ’17, ’19), Security (’14, ’16, ’17, ’18), CCS (’09, ’10, ’12, ’15, ’16, ’17, ’20), NDSS (’19, ’21).
  • Students advised at UCI “+“. Visitors advised at UCI “#“.

Conferences

2021

[NDSS’21] Baojun Liu*, Chaoyi Lu*, Yiming Zhang, Zhou Li, Fenglu Zhang, Haixin Duan, Ying Liu, Joann Chen+, Jinjin Liang, Zaifeng Zhang, Shuang Hao, Min Yang.
From WHOIS to WHOWAS: A Large-Scale Measurement Study of Domain Registration Privacy under the GDPR
Accepted by the 28th Annual Network and Distributed System Security Symposium, virtual, Feb., 2021.
(Acceptance rate: ??%)
* Both are first author

2020

[ACSAC’20] Kun Du, Hao Yang, Yubao Zhang, Haixin Duan, Haining Wang, Shuang Hao, Zhou Li and Min Yang.
Understanding Promotion-as-a-Service on GitHub
Accepted by 36th Annual Computer Security Applications Conference, online, December, 2020.
(Acceptance rate: 23.3%)

[IJCAI’20] Zihan Zhang, Mingxuan Liu, Chao Zhang, Yiming Zhang, Zhou Li, Qi Li, Haixin Duan and Donghong Sun.
Argot: Generating Adversarial Readable Chinese Texts
In Proceedings of the 29th International Joint Conference on Artificial Intelligence and the 17th Pacific Rim International Conference on Artificial Intelligence, Yokohama, Japan, July, 2020.
(Acceptance rate: 12.6%)

[CCS ’20] Yiming Zhang, Baojun Liu, Chaoyi Lu, Zhou Li, Haixin Duan, Shuang Hao, Mingxuan Liu, Ying Liu, Dong Wang and Qiang Li.
Lies in the Air: Characterizing Fake-base-station Spam Ecosystem in China
Accepted by the 27th ACM Conference on Computer and Communications Security, Orlando, Florida, November, 2020.

​[DSN’20] Junyi Wei*, Yicheng Zhang+*, Zhe Zhou, Zhou Li and Mohammad Abdullah Al Faruque.
Leaky DNN: Stealing Deep-learning Model Secret with GPU Context-switching Side-channel
In Proceedings of the 50th IEEE/IFIP International Conference on Dependable Systems and Networks, Valencia, Spain, June, 2020.
(Acceptance rate: 16.5%)
* Both are first author

​[AsiaCCS’20] Shuaike Dong#, Zhou Li, Di Tang, Jiongyi Chen, Menghan Sun and Kehuan Zhang.
Your Smart Home Can’t Keep a Secret: Towards Automated Fingerprinting of IoT Traffic with Neural Networks
In Proceedings of the 15th ACM ASIA Conference on Computer and Communications Security, Taipei, Taiwan, October, 2020.
(Acceptance rate: 21.8%)

2019

​[CoNext’19] Rebekah Houser, Zhou Li, Chase Cotton and Haining Wang.
An Investigation on Information Leakage of DNS over TLS
In Proceedings of the 15th International Conference on emerging Networking EXperiments and Technologies, Orlando, Florida, December, 2019.
(Acceptance rate: 16.8%)
* APNIC Blog

​[ACSAC’19] Hao Yang, Kun Du, Yubao Zhang, Shuang Hao, Zhou Li, Mingxuan Liu, Haining Wang, Haixin Duan, Yazhou Shi, Xiaodong Su, Guang Liu and Zhifeng Geng.
Casino Royale: A Deep Exploration of Illegal Online Gambling
In Proceedings of the 35th Annual Computer Security Applications Conference, San Juan, Puerto Rico, December, 2019.
(Acceptance rate: 22.6%)

​[IMC’19] Chaoyi Lu, Baojun Liu, Zhou Li, Shuang Hao, Haixin Duan, Mingming Zhang, Chunying Leng, Ying Liu, Zaifeng Zhang and Jianping Wu.
An End-to-End, Large-Scale Measurement of DNS-over-Encryption: How Far Have We Come?
In Proceedings of the Internet Measurement Conference, Amsterdam, Netherlands, October, 2019.
(Acceptance rate: 19.8%)
* Nominee of the Best Paper Award (3 out of 39) and Community Contribution (2 out of 39)
* One of Winners (6 out of 60) of Applied Networking Research Prize (ANRP 2020)

​[SecureComm’19] Kun Du, Hao Yang, Zhou Li, Haixin Duan, Shuang Hao, Baojun Liu, Yuxiao Ye, Mingxuan Liu, Xiaodong Su, Guang Liu, Zhifeng Geng, Zaifeng Zhang and Jinjin Liang.
TL;DR Hazard: A Comprehensive Study of Levelsquatting Scams
In Proceedings of the 15th EAI International Conference on Security and Privacy in Communication Networks, Orlando, FL, October, 2019.
(Acceptance rate: 37.6%)

​[RAID’19] Wenrui Diao, Yue Zhang, Li Zhang, Zhou Li, Fenghao Xu, Xiaorui Pan, Xiangyu Liu, Jian Weng, Kehuan Zhang and XiaoFeng Wang.
Kindness is a Risky Business: On the Usage of the Accessibility APIs in Android
In Proceedings of the 22nd International Symposium on Research in Attacks, Intrusions and Defenses, Beijing, China, September, 2019.
(Acceptance rate: 22.3%)

​[EuroS&P’19] Baojun Liu, Zhou Li, Peiyuan Zong, Chaoyi Lu, Haixin Duan, Ying Liu, Sumayah Alrwais, Xiaofeng Wang, Shuang Hao, Yaoqi Jia, Yiming Zhang, Kai Chen and Zaifeng Zhang.
TraffickStop: Detecting and Measuring Illicit Traffic Monetization Through Large-scale DNS Analysis
In Proceedings of 4th IEEE European Symposium on Security and Privacy,  Stockholm, Sweden, June, 2019.
(Acceptance rate: 20%)

​[S&P’19] Xianghang Mi, Xuan Feng, Xiaojing Liao, Baojun Liu, Xiaofeng Wang, Feng Qian, Zhou Li, Sumayah Alrwais, Limin Sun and Ying Liu.
Resident Evil: Understanding Residential IP Proxy as a Dark Service.
In Proceedings of the 40th IEEE Symposium on Security and Privacy, San Francisco, CA, May 2019.
(Acceptance rate: 12%)

​[NDSS’19] Fenghao Xu, Wenrui Diao, Zhou Li, Jiongyi Chen and Kehuan Zhang.
BadBluetooth: Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals
In Proceedings of the 26th Annual Network and Distributed System Security Symposium, San Diego, CA, Feb 2019.
(Acceptance rate: 17.1%)
* Vulnerability acknowledged by Google: CVE-2019-2225

2018
[ACSAC’18a]
​ Alina Oprea, Zhou Li, Kevin Bowers and Robin Norris.
MADE: Security Analytics for Enterprise Threat Detection
In Proceedings of the 34th Annual Computer Security Applications Conference, San Juan, Puerto Rico, Dec. 2018.
(Acceptance rate: 20.1%)

[ACSAC’18b]​ Zhe Zhou, Di Tang, Wenhao Wang, XiaoFeng Wang, Zhou Li and Kehuan Zhang.
Beware of Your Screen: Anonymous Fingerprinting of Device Screens for Off-line Payment Protection.
In Proceedings of the 34th Annual Computer Security Applications Conference, San Juan, Puerto Rico, Dec. 2018.
(Acceptance rate: 20.1%)

​[Security’18] Baojun Liu, Chaoyi Lu, Haixin Duan, Ying Liu, Zhou Li, Shuang Hao and Min Yang.
Who Is Answering My Queries: Understanding and Characterizing Interception of the DNS Resolution Path.
In Proceedings of  the 27th USENIX Security Symposium, Baltimore, MD, Aug 2018.

[SecureComm’18a]​ Ke Tian, Zhou Li, Kevin Bowers and Danfeng Yao.
FrameHanger: Evaluating and Classifying Iframe Injection at Large Scale.
In Proceedings of  the 14th EAI International Conference on Security and Privacy in Communication Networks, Singapore, Singapore, August, 2018

[SecureComm’18b]​ Shuaike Dong, Menghao Li, Wenrui Diao, Xiangyu Liu, Jian Liu, Zhou Li, Fenghao Xu, Kai Chen, Xiaofeng Wang and Kehuan Zhang.
Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild.
In Proceedings of  the 14th EAI International Conference on Security and Privacy in Communication Networks, Singapore, Singapore​, August, 2018

[DSN’18]​ Baojun Liu, Chaoyi Lu, Zhou Li, Ying Liu, Haixin Duan, Shuang Hao and Zaifeng Zhang.
A Reexamination of Internationalized Domain Names: the Good, the Bad and the Ugly.
In Proceedings of  the 48th IEEE/IFIP International Conference on Dependable Systems and Networks, Luxembourg City, Luxembourg, June 2018.

2017
[CCS’17]​ Daiping Liu, Zhou Li, Kun Du, Haining Wang, Baojun Liu, and Haixin Duan.
Don’t Let One Rotten Apple Spoil the Whole Barrel: Towards Automated Detection of Shadowed Domains. 
In Proceedings of  the 24th ACM Conference on Computer and Communications Security, Dallas, TX, Oct. 2017.

​[RAID’17] Ahmet Salih Buyukkayhan, Alina Oprea, Zhou Li and William Robertson.
Lens on the endpoint: Hunting for malicious software through endpoint data analysis.
In Proceedings of  the 20th International Symposium on Research in Attacks, Intrusions and Defenses, Atlanta, GA, Sept 2017.

​[Security’17] Xiaolong Bai, Zhe Zhou, XiaoFeng Wang, Zhou Li, Xianghang Mi, Nan Zhang, Tongxin Li, Shi-Min Hu and Kehuan Zhang.
Picking Up My Tab: Understanding and Mitigating Synchronized Token Lifting and Spending in Mobile Payment.
In Proceedings of  the 26th USENIX Security Symposium, Vancouver, BC, Canada, Aug 2017.

​​[PETS’17] ​Zhe Zhou, Wenrui Diao, Xiangyu Liu, Zhou Li, Kehuan Zhang and Rui Liu.
Vulnerable GPU Memory Management: Towards Recovering Raw Data from GPU.
In Proceedings of the 17th Privacy Enhancing Technologies Symposium, Minneapolis, MN, July 2017.

[S&P’17] Hao Yang, Xiulin Ma, Kun Du, Zhou Li, Haixin Duan, Xiaodong Su, Guang Liu and Zhifeng Geng.
How to Learn Klingon Without a Dictionary: Detection and Measurement of Black Keywords Used by the Underground Economy.
In Proceedings of the 38th IEEE Symposium on Security and Privacy, San Jose, CA, May 2017.

​​​[CODASPY’17] Zhe Zhou, Zhou Li and Kehuan Zhang.
All Your VMs are Disconnected: Attacking Hardware Virtualized Network.
In Proceedings of the 7th ACM Conference on Data and Application Security and Privacy, Scottsdale, AZ, March 2017.
* Vulnerability reported to Huawei and confirmed (CVE-2017-2712).

2016
​​​[ACSAC’16Sumayah Alrwais, Kan Yuan, Eihal Alowaisheq, Xiaojing Liao, Alina Oprea, XiaoFeng Wang and Zhou Li.
Catching Predators at Watering Holes: Finding and Understanding Strategically Compromised Websites.
In Proceedings of the 32nd Annual Computer Security Applications Conference, Los Angeles, CA, Dec. 2016.

[SecDev’16] Zhou Li and Alina Oprea.
Operational Security Log Analytics for Enterprise Breach Detection.
In Proceedings of IEEE Cybersecurity Development Conference 2016, Boston, MA, Nov. 2016.

[CCS’16] Xiaojing Liao, Kan Yuan, XiaoFeng Wang, Zhou Li, Luyi Xing and Raheem Beyah.
Acing the IOC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence.
In Proceedings of the 23rd ACM Conference on Computer and Communications Security, Vienna, Austria, Oct. 2016.

[Security’16] Kun Du, Hao Yang, Zhou Li, Haixin Duan and Kehuan Zhang.
The Ever-changing Labyrinth: A Large-scale Analysis of Wildcard DNS Powered Blackhat SEO.
In Proceedings of the 25th USENIX Security Symposium, Austin, TX, Aug. 2016.

[WiSec’16] Wenrui Diao, Xiangyu Liu, Zhou Li and Kehuan Zhang.
Evading Android Runtime Analysis Through Detecting Programmed Interactions (Short Paper).
In Proceedings of the 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Darmstadt,Germany, July 2016.

[S&P’16] Wenrui Diao, Xiangyu Liu, Zhou Li and Kehuan Zhang.
No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing Analysis.
In Proceedings of the 37th IEEE Symposium on Security and Privacy, San Jose, CA, May 2016.

2015
[CCS’15] Xiangyu Liu, Zhe Zhou, Wenrui Diao, Zhou Li and Kehuan Zhang.
When Good Becomes Evil: Keystroke Inference with Smartwatch.
In Proceedings of the 22nd ACM Conference on Computer and Communications Security, Denver, CO, Oct. 2015.

[ESORICS’15] Wenrui Diao, Xiangyu Liu, Zhe Zhou, Kehuan Zhang and Zhou Li.
Mind-Reading: Privacy Attacks Exploiting Cross-App KeyEvent Injections.
In Proceedings of the 20th European Symposium on Research in Computer Security, Vienna, Austria, Sept. 2015.

[DSN’15] Alina Oprea, Zhou Li, Ting-Fang Yen, Sang Chin and Sumayah Alrwais.
Detection of Early-Stage Enterprise Infection by Mining Large-Scale Log Data.
In Proceedings of 45th IEEE/IFIP International Conference on Dependable Systems and Networks, Rio de Janeiro, Brazil, June 2015.

[IFIP SEC’15] Xiangyu Liu, Zhe Zhou, Wenrui Diao, Zhou Li and Kehuan Zhang.
An Empirical Study on Android for Saving Non-shared Data on Public Storage.
In Proceedings of the 30th International Information Security and Privacy Conference, Hamburg, Germany, May 2015.

[S&P’15] Mohammad Taha Khan, Xiang Huo, Zhou Li and Chris Kanich.
Every Second Counts: Quantifying the Negative Externalities of Cybercrime via Typosquatting.
In Proceedings of the 36th IEEE Symposium on Security and Privacy, San Jose, CA, May 2015.

2014
[Security’14] 
Sumayah Alrwais, Kan Yuan, Eihal Alowaisheq, Zhou Li, and XiaoFeng Wang.
Understanding the Dark Side of Domain Parking.
In Proceedings of the 23rd Usenix Security Symposium, San Diego, CA, Aug. 2014.

[S&P’14] Zhou Li, Sumayah Alrwais, XiaoFeng Wang and Eihal Alowaisheq.
Hunting the Red Fox Online: Understanding and Detection of Mass Redirect-Script Injections.
In Proceedings of the 35th IEEE Symposium on Security and Privacy, San Jose, CA, May 2014.

Before 2014
[S&P’13] Zhou Li, Sumayah Alrwais, Yinglian Xie, Fang Yu and XiaoFeng Wang.
Finding the Linchpins of the Dark Web: a Study on Topologically Dedicated Hosts on Malicious Web Infrastructures.
In Proceedings of the 34th IEEE Symposium on Security and Privacy, San Francisco, CA, May 2013.

[CCS’12] Zhou Li, Kehuan Zhang, Yinglian Xie, Fang Yu and XiaoFeng Wang.
Knowing Your Enemy: Understanding and Detecting Malicious Web Advertising.
In Proceedings of the 19th ACM Conference on Computer and Communications Security, Raleigh, NC, Oct. 2012.

[ACSAC’10] Zhou Li and XiaoFeng Wang.
FIRM: Capability-based Inline Mediation of Flash Behaviors.
In Proceedings of the 26th Annual Computer Security Applications Conference, Austin, TX, Dec. 2010.

[CCS’10] Kehuan Zhang, Zhou Li, Rui Wang, XiaoFeng Wang and Shuo Chen.
Sidebuster: Automated Detection and Quantification of Side-Channel Leaks in Web Application Development.
In Proceedings of the 17th ACM Conference on Computer and Communications Security, Chicago, IL, Oct. 2010.

[DSN’10] Zhou Li, Kehuan Zhang and XiaoFeng Wang.
Mash-IF: Practical Information-Flow Control within Client-side Mashups.
In Proceedings of the 40th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, Chicago, IL, June 2010.

​[CCS’09] Rui Wang, XiaoFeng Wang, Zhou Li, Haixu Tang, Michael Reiter and Zheng Dong.
Privacy-Preserving Genomic Computation Through Program Specialization.
In Proceedings of the 16th ACM Conference on Computer and Communications Security, Chicago, IL, Nov. 2009.

[AICCSA’08] Jianming Fu, Huijun Xiong, Zhou Li and Huanguo Zhang.
PerformTrust: Trust model integrated past and current performance in P2P file sharing systems.
In Proceedings of the 6th IEEE/ACS International Conference on Computer Systems and Applications , Doha, Qatar, Mar. 2008.

[Bionetics’07] Zhou Li, Yiwen Liang, Zejun Wu and Chengyu Tan.
Immunity based Virus Detection with Process Call Arguments and User Feedback.
In Proceedings of the 2nd International Conference on Bio-Inspired Models of Network, Information, and Computing Systems, Budapest, Hungary, Dec. 2007.


​Workshops

[FOCI’20] Qing Huang+, Deliang Chang# and Zhou Li.
A Comprehensive Study of DNS-over-HTTPS Downgrade Attack.
Accepted by the 10th USENIX Workshop on Free and Open Communications on the Internet, Boston, MA, Aug. 2020.​

[SPSM’16] Wei Liu, Yueqian Zhang, Zhou Li and Haixin Duan.
What You See Isn’t Always What You Get: A Measurement Study of Usage Fraud on Android Apps.
In Proceedings of the 6th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, Vienna, Austria, Oct. 2016.​


Journals

[JCS] Wenrui Diao, Rui Liu, Xiangyu Liu, Zhe Zhou, Zhou Li and Kehuan Zhang.
Accessing mobile user’s privacy based on IME personalization: Understanding and practical attacks.
In Journal of Computer Security, vol. 26, no. 3, pp. 283-309, 2018.

[TWC] Fan Zhang, Wenbo He, Yangyi Chen, Zhou Li, XiaoFeng Wang, Shuo Chen and Xue Liu.
Thwarting Wi-Fi Side-Channel Analysis through Traffic Demultiplexing.
In IEEE Transactions on Wireless Communications, vol.13, no.1, 2014.


​Industrial and Community Conferences/Workshops

[OARC31] Presenter: Shuang Hao
An End-to-End, Large-Scale Measurement of DNS-over-Encryption: How Far Have We Come?
DNS-OARC 31 Workshop, Austin, TX, Oct., 2019.

[ANRW’19] Presenter: Zhou Li
Who Is Answering My Queries: Understanding and Characterizing Interception of the DNS Resolution Path.

Applied Networking Research Workshop, Montreal, Quebec, Canada, July, 2019

[OARC30] Presenter: Chaoyi Lu
Who Is Answering My Queries: Understanding and Characterizing Interception of the DNS Resolution Path.
DNS-OARC 30 Workshop, Bangkok, Thailand, May, 2019.

[BHA’18] Presenter: Zhe Zhou
All Your Payment Tokens Are Mine: Vulnerabilities of Mobile Payment Systems.
Blackhat Asia 2018, Singapore, Mar. 2018.


Patents

[US-20200106781] Zhou Li, Alex Zaslavsky and Kevin Bowers. Data-driven attribute selection for user application entitlement analysis. Granted in 2020.

[US-20200104488] Zhou Li, Kevin Bowers, Martin Rosa, Raymond Carney and Ke Tian. Detecting frame injection through web page analysis. Granted in 2020.

[US-10437996] Zhou Li, Martin Rosa, and Zohar Duchin. Classifying software modules utilizing similarity-based queries. Granted in 2019.

[US-10382476] Zhou Li. Network security system incorporating assessment of alternative mobile application market sites. Granted in 2019.

[US-10250621] Zhou Li. Automatic extraction of indicators of compromise from multiple data sources accessible over a network. Granted in 2019.

[US-10122742] Alina Oprea, Zhou Li, and Ahmet Buyukkayhan. Classifying software modules based on comparisons using a neighborhood distance metric. Granted in 2018.

[US-9998484] Ahmet Buyukkayhan, Zhou Li, Alina Oprea and Martin Rosa. Classifying potentially malicious and benign software modules through similarity analysis. Granted in 2018.

[US-9838407] Alina Oprea, Zhou Li, Robin Norris, and Kevin D Bowers, Detection of malicious web activity in enterprise computer networks. Granted in 2017.

[US-9635049] Alina Oprea, Zhou Li, Sang H Chin and Ting-Fang Yen. ​Detection of suspicious domains through graph inference algorithm processing of host-domain contacts. Granted in 2017.

[US-9621576] Alina Oprea, Sumayah Alrwais, Kevin D Bowers, Todd S Leetham, Zhou Li and Ronald L Rivest. Detecting malicious websites. Granted in 2017.

[US-20130339158] Yinglian Xie, Fang Yu, Zhou Li and Xiaofeng Wang. Determining legitimate and malicious advertisements using advertising delivery sequences. Granted in 2013.