Laboratory of Applied Security Research
Department of Information Engineering, The Chinese University of Hong Kong
Selected Publications
Rui Li, Wenrui Diao, Shishuai Yang, Xiangyu Liu, Shanqing Guo, and Kehuan Zhang. Lost in
conversion: Exploit data structure conversion with attribute loss to break android systems. In 32nd
USENIX Security Symposium (Security’23), Anaheim, CA, August 2023. USENIX
Association. Top conference.
Fan Yang, Jiacen Xu, Chunlin Xiong, Zhou Li, and Zhang Kehuan. PROGRAPHER: An
anomaly detection system based on provenance graph embedding. In 32nd USENIX Security
Symposium (Security’23), Anaheim, CA, August 2023. USENIX Association. Top
conference.
Kong Huang, YuTong Zhou, Ke Zhang, Jiacen Xu, Chen Jiongyi, Tang Di, and Zhang
Kehuan. HOMESPY: The invisible sniffer of infrared remote control of smart TVs. In 32nd
USENIX Security Symposium (Security’23), Anaheim, CA, August 2023. USENIX
Association. Top conference.
Xing Zhang, Jiongyi Chen, Chao Feng, Ruilin Li, Wenrui Diao, Kehuan Zhang, Jing Lei, and
Chaojing Tang. Default: Mutual informationbased crash triage for massive crashes. In 44th
IEEE/ACM 44th International Conference on Software Engineering, ICSE 2022, Pittsburgh, PA,
USA, May 2527, 2022, pages 635–646. ACM, 2022. Top conference.
Menghan Sun, Zirui Song, Xiaoxi Ren, Daoyuan Wu, and Kehuan Zhang. Lica: A finegrained
and pathsensitive linux capability analysis framework. In 25th International Symposium on
Research in Attacks, Intrusions and Defenses, RAID 2022, Limassol, Cyprus, October 2628, 2022,
pages 364–379. ACM, 2022.
Fenghao Xu, Siyu Shen, Wenrui Diao, Zhou Li, Yi Chen, Rui Li, and Kehuan Zhang.
Android on PC: on the security of enduser android emulators. In CCS’21: 2021 ACM SIGSAC Conference on Computer
and Communications Security, Virtual Event, Republic of Korea, November 15 19, 2021, pages
1566–1580. ACM, 2021. Top conference.
Zhaoyang Lyu, Minghao Guo, Tong Wu, Guodong Xu, Kehuan Zhang, and Dahua Lin. Towards
evaluating and training verifiably robust neural networks. In IEEE Conference on Computer Vision
and Pattern Recognition, CVPR 2021, virtual, June 1925, 2021, pages 4308–4317. Computer
Vision Foundation / IEEE, 2021. Top conference.
Di Tang, XiaoFeng Wang, Haixu Tang, and Kehuan Zhang. Demon in the variant: Statistical
analysis of dnns for robust backdoor contamination detection. In Michael Bailey and Rachel
Greenstadt, editors, 30th USENIX Security Symposium, Security 2021, August 1113, 2021, pages 1541–1558. USENIX Association, 2021. Top conference.
Shuaike Dong, Zhou Li, Di Tang, Jiongyi Chen, Menghan Sun, and Kehuan Zhang. Your
smart home can’t keep a secret: Towards automated fingerprinting of iot traffic. In ASIACCS’20: The 15th ACM Asia
Conference on Computer and Communications Security, Taipei, Taiwan, October 59, 2020, pages
47–59. ACM, 2020.
Jiongyi Chen, Chaoshun Zuo, Wenrui Diao, Shuaike Dong, Qingchuan Zhao, Menghan Sun,
Zhiqiang Lin, Yinqian Zhang, and Kehuan Zhang. Your iots are (not) mine: On the remote
binding between iot devices and users. In 49th Annual IEEE/IFIP International Conference on
Dependable Systems and Networks, DSN 2019, Portland, OR, USA, June 2427, 2019, pages
Fenghao Xu, Wenrui Diao, Zhou Li, Jiongyi Chen, Kehuan Zhang. BadBluetooth: Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals. Proceedings of Network and Distributed System Security Symposium 2019 (NDSS’19). San Diego, CA, USA. Feb 2019
Ronghai Yang, Wing Cheong Lau, Jiongyi Chen, Kehuan Zhang. Vetting Single-Sign-On SDK Implementations via Symbolic Reasoning. The 27th USENIX Security Symposium (Security’18). Baltimore, MD, USA. Aug 2018
Shuaike Dong, Menghao Li, Wenrui Diao, Xiangyu Liu, Jian Liu, Zhou Li, Fenghao Xu, Kai Chen, XiaoFeng Wang, and Kehuan Zhang. Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild. The 14th EAI International Conference on Security and Privacy in Communication Networks (SecureComm’18). Singapore. Aug 2018
Jiongyi Chen, Wenrui Diao, Qingchuan Zhao, Chaoshun Zuo, Zhiqiang Lin, XiaoFeng Wang, Wing Cheong Lau, Menghan Sun, Ronghai Yang, Kehuan Zhang. IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing. Proceedings of Network and Distributed System Security Symposium 2018 (NDSS’18). San Diego, CA, USA. Feb 2018
Di Tang, Zhe Zhou, Yinqian Zhang, Kehuan Zhang. Face Flashing: a Secure Liveness Detection Protocol based on Light Reflections. Proceedings of Network and Distributed System Security Symposium 2018 (NDSS’18). San Diego, CA, USA. Feb 2018
Xiaolong Bai, Zhe Zhou, XiaoFeng Wang, Zhou Li, Xianghang Mi, Nan Zhang, Tongxin Li, Shi-Min Hu, and Kehuan Zhang. Picking Up My Tab: Understanding and Mitigating Synchronized Token Lifting and Spending in Mobile Payment. The 26th USENIX Security Symposium (Security’17), Vancouver, BC, Canada. August, 2017.
Zhe Zhou, Wenrui Diao, Xiangyu Liu, Zhou Li, Kehuan Zhang, and Rui Liu. Vulnerable GPU Memory Management: Towards Recovering Raw Data from GPU. The 17th Privacy Enhancing Technologies Symposium (PETS’17), Minneapolis, MN, USA. July 2017.
Zhe Zhou, Zhou Li, Kehuan Zhang. All Your VMs are Disconnected: Attacking Hardware Virtualized Network. Accepted. The 7th ACM Conference on Data and Application Security and Privacy (CODASPY’17). Scottsdale, AZ, USA. March, 2017,
Yannan Liu, Lingxiao Wei, Zhe Zhou, Kehuan Zhang, Wenyuan Xu, and Qiang Xu. On Code Execution Tracking via Power Side-Channel. The 23rd ACM Conference on Computer and Communication Security (CCS’16), Vienna, Austria. October 2016.
Kun Du, Hao Yang, Zhou Li, Haixin Duan, and Kehuan Zhang. The Ever-changing Labyrinth: A Large-scale Analysis of Wildcard DNS Powered Blackhat SEO. The 25th USENIX Security Symposium (Security’16), Austin, TX, USA. August 2016.
Wenrui Diao, Xiangyu Liu, Zhou Li, and Kehuan Zhang. Evading Android Runtime Analysis Through Detecting Programmed Interactions. The 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec’16), Darmstadt, Germany. July 2016.
Wenrui Diao, Xiangyu Liu, Zhou Li, and Kehuan Zhang. No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing Analysis. The 37th IEEE Symposium on Security and Privacy (IEEE S&P’16), San Jose, CA, USA. May 2016.
Zhe Zhou, Tao Zhang, Sherman S.M. Chow, Yupeng Zhang, and Kehuan Zhang. Efficient Authenticated Multi-Pattern Matching. The 2016 ACM Asia Conference on Computer and Communications Security (ASIACCS’16), Xi'an, Shanxi, China, May 2016.
Yang Ronghai, Guanchen Li, Wing Cheong Lau, Kehuan Zhang, and Pili Hu. Model-based Security Testing: an Empirical Study on OAuth 2.0 Implementations. The 2016 ACM Asia Conference on Computer and Communications Security (ASIACCS’16), Xi'an, Shanxi, China, May 2016.
Xiangyu Liu, Zhe Zhou, Wenrui Diao, Zhou Li, and Kehuan Zhang. When Good Becomes Evil: Keystroke Inference with Smartwatch. The 22nd ACM Conference on Computer and Communications Security (CCS’15), Denver, CO, USA. October 2015.
Rui Liu, Jiannong Cao, Lei Yang, and Kehuan Zhang. PriWe: Recommendation for Privacy Settings of Mobile Apps Based on Crowdsourced Users’ Expectations. The 4th IEEE International Conference on Mobile Services (IEEE MS’15), New York, USA, June 2015.
Wenrui Diao, Xiangyu Liu, Zhe Zhou, Kehuan Zhang, and Zhou Li. Mind-Reading: Privacy Attacks Exploiting Cross-App KeyEvent Injections. The 20th European Symposium on Research in Computer Security (ESORICS’15), Vienna, Austria. September 2015.
Xiangyu Liu, Zhe Zhou, Wenrui Diao, Zhou Li, and Kehuan Zhang. An Empirical Study on Android for Saving Non-shared Data on Public Storage. The 30th IFIP International Information Security and Privacy Conference (IFIP SEC’15), Hamburg, Germany. May 2015.
Wenrui Diao, Xiangyu Liu, Zhe Zhou, and Kehuan Zhang. Your Voice Assistant is Mine: How to Abuse Speakers to Steal Information and Control Your Phone. The 4th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM’14), Scottsdale, AZ, USA. November 2014.
Zhe Zhou, Wenrui Diao, Xiangyu Liu, and Kehuan Zhang. Acoustic Fingerprinting Revisited: Generate Stable Device ID Stealthily with Inaudible Sound. The 21st ACM Conference on Computer and Communications Security (CCS’14), Scottsdale, AZ, USA. November 2014.
|