Publications

1. IoTJ'24 Zigbee Network Communication Analysis and Security Vulnerability Evaluation
   Xian Wang and Shuang Hao
   IEEE Internet of Things Journal, 2024. To appear.
2. NDSS'24 A Duty to Forget, a Right to be Assured? Exposing Vulnerabilities in Machine Unlearning Services
   Hongsheng Hu, Shuo Wang, Jiamin Chang, Haonan Zhong, Ruoxi Sun, Shuang Hao, Haojin Zhu, and Minhui Xue
   31st Network and Distributed System Security Symposium,
   San Diego, CA, February 2024. PDF
3. SIGMETRICS'23 Detecting and Measuring Security Risks of Hosting-Based Dangling Domains
   Mingming Zhang, Xiang Li, Baojun Liu, JianYu Lu, Yiming Zhang, Jianjun Chen, Haixin Duan, Shuang Hao, and Xiaofeng Zheng
   ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems,
   Orlando, FL, June 2023. PDF
4. CCS'22 Don't Kick Over the Beehive: Attacks and Security Analysis on Zigbee
   Xian Wang and Shuang Hao
   29th ACM Conference on Computer and Communications Security,
   Los Angeles, CA, November 2022. PDF
5. CCS'21 Understanding and Detecting Mobile Ad Fraud Through the Lens of Invalid Traffic
   Suibin Sun, Le Yu, Xiaokuan Zhang, Minhui Xue, Ren Zhou, Haojin Zhu, Shuang Hao, and Xiaodong Lin
   28th ACM Conference on Computer and Communications Security,
   Seoul, South Korea, November 2021. PDF
   Top 10 Finalist of the CSAW Best Applied Security Paper Award
6. USENIX Security'21 Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks
   Kaiwen Shen, Chuhan Wang, Xiaofeng Zheng, Minglei Guo, Chaoyi Lu, Baojun Liu, Yuxuan Zhao, Shuang Hao, Haixin Duan, Qinfeng Pan, and Min Yang
   30th USENIX Security Symposium,
   Vancouver, Canada, August 2021. PDF
7. NDSS'21 From WHOIS to WHOWAS: A Large-Scale Measurement Study of Domain Registration Privacy under the GDPR
   Chaoyi Lu, Baojun Liu, Yiming Zhang, Zhou Li, Fenglu Zhang, Haixin Duan, Ying Liu, Joann Chen, Jinjin Liang, Zaifeng Zhang, Shuang Hao, and Min Yang
   28th Network and Distributed System Security Symposium,
   San Diego, CA, February 2021. PDF
8. ACSAC'20 Understanding Promotion-as-a-Service on GitHub
   Kun Du, Hao Yang, Yubao Zhang, Haixin Duan, Haining Wang, Shuang Hao, Zhou Li, and Min Yang
   36th Annual Computer Security Applications Conference,
   Austin, TX, December 2020. PDF
9. CCS'20 Talking with Familiar Strangers: An Empirical Study on HTTPS Context Confusion Attacks
   Mingming Zhang, Xiaofeng Zheng, Kaiwen Shen, Ziqiao Kong, Chaoyi Lu, Yu Wang, Haixin Duan, Shuang Hao, Baojun Liu, and Min Yang
   27th ACM Conference on Computer and Communications Security,
   Orlando, FL, November 2020. PDF
10. CCS'20 Lies in the Air: Characterizing Fake-base-station Spam Ecosystem in China
    Yiming Zhang, Baojun Liu, Chaoyi Lu, Zhou Li, Haixin Duan, Shuang Hao, Mingxuan Liu, Ying Liu, Dong Wang, and Qiang Li
    27th ACM Conference on Computer and Communications Security,
    Orlando, FL, November 2020. PDF
11. USENIX Security'20 Poison Over Troubled Forwarders: A Cache Poisoning Attack Targeting DNS Forwarding Devices
    Xiaofeng Zheng, Chaoyi Lu, Jian Peng, Qiushi Yang, Dongjie Zhou, Baojun Liu, Keyu Man, Shuang Hao, Haixin Duan, and Zhiyun Qian
    29th USENIX Security Symposium,
    Boston, MA, August 2020. PDF
12. DSN'20 CDN Backfired: Amplification Attacks Based on HTTP Range Requests
    Weizhong Li, Kaiwen Shen, Run Guo, Baojun Liu, Jia Zhang, Haixin Duan, Shuang Hao, Xiarun Chen, and Yao Wang
    50th IEEE/IFIP International Conference on Dependable Systems and Networks,
    Valencia, Spain, June 2020. PDF
    DSN Best Paper Award
13. DLS'20 Attributing and Detecting Fake Images Generated by Known GANs
    Matthew Joslin and Shuang Hao
    3rd Deep Learning and Security Workshop, co-located with the 41st IEEE Symposium on Security and Privacy,
    San Francisco, CA, May 2020. PDF Code
14. NDSS'20 CDN Judo: Breaking the CDN DoS Protection with Itself
    Run Guo, Weizhong Li, Baojun Liu, Shuang Hao, Jia Zhang, Haixin Duan, Kaiwen Shen, Jianjun Chen, and Ying Liu
    27th Network and Distributed System Security Symposium,
    San Diego, CA, February 2020. PDF
15. ACSAC'19 Casino Royale: A Deep Exploration of Illegal Online Gambling
    Hao Yang, Kun Du, Yubao Zhang, Shuang Hao, Zhou Li, Mingxuan Liu, Haining Wang, Haixin Duan, Yazhou Shi, Xiaodong Su, Guang Liu, Zhifeng Geng, and Jianping Wu
    35th Annual Computer Security Applications Conference,
    San Juan, PR, December 2019. PDF
16. IMC'19 An End-to-End, Large-Scale Measurement of DNS-over-Encryption: How Far Have We Come?
    Chaoyi Lu, Baojun Liu, Zhou Li, Shuang Hao, Haixin Duan, Mingming Zhang, Chunying Leng, Ying Liu, Zaifeng Zhang, and Jianping Wu
    ACM Internet Measurement Conference,
    Amsterdam, Netherlands, October 2019. PDF
    IETF Applied Networking Research Prize (ANRP)
    IMC Best Paper Award Runner-up
    IMC Community Contribution Award Runner-up
17. SecureComm'19 TL;DR Hazard: A Comprehensive Study of Levelsquatting Scams
    Kun Du, Hao Yang, Zhou Li, Haixin Duan, Shuang Hao, Baojun Liu, Yuxiao Ye, Mingxuan Liu, Xiaodong Su, Guang Liu, Zhifeng Geng, Zaifeng Zhang, and Jinjin Liang
    15th International Conference on Security and Privacy On Communication Networks,
    Orlando, FL, October 2019. PDF
18. EuroS&P'19 TraffickStop: Detecting and Measuring Illicit Traffic Monetization Through Large-scale DNS Analysis
    Baojun Liu, Zhou Li, Peiyuan Zong, Chaoyi Lu, Haixin Duan, Ying Liu, Sumayah Alrwais, Xiaofeng Wang, Shuang Hao, Yaoqi Jia, Yiming Zhang, Kai Chen, and Zaifeng Zhang
    4th IEEE European Symposium on Security and Privacy,
    Stockholm, Sweden, June 2019. PDF
19. S&P'19 Measuring and Analyzing Search Engine Poisoning of Linguistic Collisions
    Matthew Joslin, Neng Li, Shuang Hao, Minhui Xue, and Haojin Zhu
    40th IEEE Symposium on Security and Privacy,
    San Francisco, CA, May 2019. PDF
20. SRDS'18 Abusing CDNs for Fun and Profit: Security Issues in CDNs' Origin Validation
    Run Guo, Jianjun Chen, Baojun Liu, Jia Zhang, Chao Zhang, Haixin Duan, Tao Wan, Jian Jiang, Shuang Hao, and Yaoqi Jia
    37th IEEE International Symposium on Reliable Distributed Systems,
    Salvador, Brazil, October 2018. PDF
21. Cybersecurity'18 Cloud Repository as A Malicious Service: Challenge, Identification and Implication
    Xiaojing Liao, Sumayah Alrwais, Kan Yuan, Luyi Xing, XiaoFeng Wang, Shuang Hao, and Raheem Beyah
    Cybersecurity, 1(1):1-14, 2018. PDF
22. ESORICS'18 SEISMIC: SEcure In-lined Script Monitors for Interrupting Cryptojacks
    Wenhao Wang, Benjamin Ferrell, Xiaoyang Xu, Kevin W. Hamlen, and Shuang Hao
    23rd European Symposium on Research in Computer Security,
    Barcelona, Spain, September 2018. PDF
23. FOCI'18 Measuring Privacy Threats in China-Wide Mobile Networks
    Mingming Zhang, Baojun Liu, Chaoyi Lu, Jia Zhang, Shuang Hao and Haixin Duan
    8th USENIX Workshop on Free and Open Communications on the Internet,
    Baltimore, MD, August 2018. PDF
24. USENIX Security'18 Rampart: Protecting Web Applications from CPU-Exhaustion Denial-of-Service Attacks
    Wei Meng, Chenxiong Qian, Shuang Hao, Kevin Borgolte, Giovanni Vigna, Christopher Kruegel, and Wenke Lee
    27th USENIX Security Symposium,
    Baltimore, MD, August 2018. PDF Code
25. USENIX Security'18 Who Is Answering My Queries: Understanding and Characterizing Interception of the DNS Resolution Path
    Baojun Liu, Chaoyi Lu, Haixin Duan, Ying Liu, Zhou Li, Shuang Hao, and Min Yang
    27th USENIX Security Symposium,
    Baltimore, MD, August 2018. PDF
    Media coverage The Register, Hackread, and Rambler.
26. DSN'18 A Reexamination of Internationalized Domain Names: the Good, the Bad and the Ugly
    Baojun Liu, Chaoyi Lu, Zhou Li, Ying Liu, Haixin Duan, Shuang Hao and Zaifeng Zhang
    48th IEEE/IFIP International Conference on Dependable Systems and Networks,
    Luxembourg City, Luxembourg, June 2018. PDF
27. S&P'18 Enumerating Active IPv6 Hosts for Large-scale Security Scans via DNSSEC-signed Reverse Zones
    Kevin Borgolte, Shuang Hao, Tobias Fiebig, and Giovanni Vigna
    39th IEEE Symposium on Security and Privacy,
    San Francisco, CA, May 2018. PDF Data
28. PAM'18 In rDNS We Trust: Revisiting a Common Data-Source's Reliability
    Tobias Fiebig, Kevin Borgolte, Shuang Hao, Christopher Kruegel, Giovanni Vigna, and Anja Feldmann
    Passive and Active Measurement Conference,
    Berlin, Germany, March 2018. PDF
29. NDSS'18 Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates
    Kevin Borgolte, Tobias Fiebig, Shuang Hao, Christopher Kruegel, and Giovanni Vigna
    25th Network and Distributed System Security Symposium,
    San Diego, CA, February 2018. PDF
30. NDSS'18 Smoke Screener or Straight Shooter: Detecting Elite Sybil Attacks in User-Review Social Networks
    Haizhong Zheng, Minhui Xue, Hao Lu, Shuang Hao, Haojin Zhu, Xiaohui Liang, and Keith Ross
    25th Network and Distributed System Security Symposium,
    San Diego, CA, February 2018. PDF
31. Computers&Security'18 Automated Poisoning Attacks and Defenses in Malware Detection Systems: An Adversarial Machine Learning Approach
    Sen Chen, Minhui Xue, Lingling Fan, Shuang Hao, Lihua Xu, Haojin Zhu, and Bo Li
    Elsevier Computers & Security, 73:326-344, 2018. PDF
32. CCS'17 DIFUZE: Interface Aware Fuzzing for Kernel Drivers
    Jake Corina, Aravind Machiry, Christopher Salls, Yan Shoshitaishvili, Shuang Hao, Christopher Kruegel, and Giovanni Vigna
    24th ACM Conference on Computer and Communications Security,
    Dallas, TX, October 2017. PDF
    Top 10 Finalist of the CSAW Best Applied Security Paper Award
33. ASIACCS'17 Gossip: Automatically Identifying Malicious Domains from Mailing List Discussions
    Cheng Huang, Shuang Hao, Luca Invernizzi, Jiayong Liu, Yong Fang, Christopher Kruegel, and Giovanni Vigna
    ACM Asia Conference on Computer and Communications Security,
    Abu Dhabi, UAE, April 2017. PDF
34. PAM'17 Something From Nothing (There): Collecting Global IPv6 Datasets From DNS
    Tobias Fiebig, Kevin Borgolte, Shuang Hao, Christopher Kruegel, and Giovanni Vigna
    Passive and Active Measurement Conference,
    Sydney, Australia, March 2017. PDF
35. PETS'17 On the Privacy and Security of the Ultrasound Ecosystem
    Vasilios Mavroudis, Shuang Hao, Yanick Fratantonio, Federico Maggi, Giovanni Vigna, and Christopher Kruegel
    17th Privacy Enhancing Technologies Symposium,
    Minneapolis, MN, July 2017. PDF Code
36. Black Hat EU'16 Talking Behind Your Back: Attacks and Countermeasures of Ultrasonic Cross-device Tracking
    Vasilios Mavroudis, Shuang Hao, Yanick Fratantonio, Federico Maggi, Giovanni Vigna, and Christopher Kruegel
    Black Hat Europe,
    London, UK, November 2016.
    Media coverage WIRED, Fortune, Slashdot, New Scientist, Digital Trends, and International Business Times.
37. CCS'16 PREDATOR: Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration
    Shuang Hao, Alex Kantchelian, Brad Miller, Vern Paxson, and Nick Feamster
    23rd ACM Conference on Computer and Communications Security,
    Vienna, Austria, October 2016. PDF
    Media coverage The Wall Street Journal, Dark Reading, and Daily Mail.
38. CCS'16 Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service
    Xiaojing Liao, Sumayah Alrwais, Kan Yuan, Luyi Xing, XiaoFeng Wang, Shuang Hao, and Raheem Beyah
    23rd ACM Conference on Computer and Communications Security,
    Vienna, Austria, October 2016. PDF
    Media coverage SC Magazine and Daily Mail.
39. WWW'16 Characterizing Long-tail SEO Spam on Cloud Web Hosting Services
    Xiaojing Liao, Chang Liu, Damon McCoy, Elaine Shi, Shuang Hao, and Raheem Beyah
    25th International World Wide Web Conference,
    Montreal, Canada, April 2016. PDF
40. CCS'15 Drops for Stuff: An Analysis of Reshipping Mule Scams
    Shuang Hao, Kevin Borgolte, Nick Nikiforakis, Gianluca Stringhini, Manuel Egele, Michael Eubanks, Brian Krebs, and Giovanni Vigna
    22nd ACM Conference on Computer and Communications Security,
    Denver, CO, October 2015. PDF Slides
    Media coverage Krebs on Security, Schneier on Security, Slashdot, and CNN.
41. IMC'13 Understanding the Domain Registration Behavior of Spammers
    Shuang Hao, Matthew Thomas, Vern Paxson, Nick Feamster, Christian Kreibich, Chris Grier, and Scott Hollenbeck
    ACM Internet Measurement Conference,
    Barcelona, Spain, October 2013. PDF Slides
42. IMC'11 Monitoring the Initial DNS Behavior of Malicious Domains
    Shuang Hao, Nick Feamster, and Ramakant Pandrangi
    ACM Internet Measurement Conference,
    Berlin, Germany, November 2011. PDF Slides
43. White Paper'10 An Internet-Wide View into DNS Lookup Patterns
    Shuang Hao, Nick Feamster, and Ramakant Pandrangi
    White Paper, Verisign Labs, Georiga Tech, 2010. PDF
44. USENIX Security'09 Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine
    Shuang Hao, Nadeem Ahmed Syed, Nick Feamster, Alexander G. Gray, and Sven Krasser
    18th USENIX Security Symposium,
    Montreal, Canada, August 2009. PDF Slides
    Media coverage MIT Technology Review, Slashdot, and MetaFilter.
45. WLN'06 Sensor Networks Routing via Bayesian Exploration (poster paper)
    Shuang Hao and Ting Wang
    6th International Workshop on Wireless Local Networks,
    Tampa, FL, November 2006. PDF
46. ICCCN'06 Efficient and Density-Aware Routing for Wireless Sensor Networks
    Ting Wang, Shuang Hao, Ping Wang, and Gang Peng
    15th International Conference on Computer Communications and Networks,
    Arlington, VA, October 2006. PDF
47. CTS'05 A Queue Model to Detect DDos Attacks
    Shuang Hao, Hua Song, Wenbao Jiang, and Yiqi Dai
    International Symposium on Collaborative Technologies and Systems,
    Saint Louis, MO, May 2005. PDF
48. ISPEC'05 Using Trust for Restricted Delegation in Grid Environments
    Wenbao Jiang, Chen Li, Shuang Hao, and Yiqi Dai
    1st Information Security Practice and Experience Conference,
    Singapore, April 2005. PDF