Wenrui Diao's Homepage (刁文瑞教授-山东大学-个人主页)
 |
Wenrui Diao 刁文瑞Ph.D., The Chinese University of Hong Kong, 2017 Taishan Young Scholar (山东省泰山学者青年专家) Xiaomi Young Scholar (山东大学-小米公益基金会 小米青年学者) Qilu Young Scholar (山东大学齐鲁青年学者) Professor 教授、博士生导师 School of Cyber Science and Technology, Shandong University 山东大学 网络空间安全学院 Qingdao, China Email: diaowenrui [AT] sdu.edu.cn / diaowenrui [AT] link.cuhk.edu.hk [Google Scholar] [DBLP] [Faculty Page] |
News:
>>> May 2025: One paper accepted by ASIACCS 2025.
>>> Apr 2025: I will serve as TPC Member for USENIX-SEC 2026.
>>> Apr 2025: Our Smart Contract Security Paper was awarded 《信息对抗技术》2024年度优秀论文.
>>> Mar 2025: 李爽同学获国家留学基金(CSC)和课题组资助,将前往加拿大西蒙菲莎大学开展博士生联合培养.
>>> Dec 2024: Our team ranked DataCon 2024大数据安全分析竞赛-AI安全赛道 亚军.
>>> Dec 2024: Our team ranked DataCon 2024大数据安全分析竞赛-软件供应链安全赛道 季军.
>>> Dec 2024: One paper accepted by Empirical Software Engineering.
>>> Dec 2024: 祝贺闫凯伦同学获得博士研究生国家奖学金、谢震涛同学获得硕士研究生国家奖学金!
>>> Nov 2024: I will serve as TPC Member for ACM CCS 2025.
>>> Oct 2024: I will serve as TPC Member for ACM CODASPY 2025.
>>> Oct 2024: Our Web3 Security Paper was awarded ACM CCS 2024 Distinguished Paper Award (杰出论文奖)!
>>> Jul 2024: I will serve as TPC Member for USENIX-SEC 2025.
>>> Jul 2024: Two papers accepted by ISSRE 2024.
>>> Jul 2024: One paper accepted by RAID 2024.
>>> Jun 2024: 祝贺李蕊同学获得“山东省优秀毕业生”称号!
>>> Jun 2024: I will serve as TPC Member for IEEE EuroS&P 2025.
>>> May 2024: Two papers accepted by ACM CCS 2024.
>>> Jan 2024: 闫凯伦同学获山东大学研究生境外留学基金和课题组资助,将前往美国乔治梅森大学开展博士生联合培养.
>>> Jan 2024: 杨士帅同学获国家留学基金(CSC)和课题组资助,将前往新加坡国立大学开展博士生联合培养.
>>> Jan 2024: One paper accepted by WWW 2024.
>>> Dec 2023: I will serve as TPC Member for ACM CCS 2024.
>>> Dec 2023: One paper accepted by SANER 2024.
>>> Dec 2023: I was awarded 山东大学首届“小米青年学者”(全校仅10人).
>>> Dec 2023: 祝贺李蕊同学获得博士研究生国家奖学金!
>>> Nov 2023: Our team ranked DataCon 2023大数据安全分析竞赛-互联网威胁溯源赛道 季军.
>>> Nov 2023: Our team ranked DataCon 2023大数据安全分析竞赛-软件安全赛道 季军.
>>> Sep 2023: I will serve as TPC Member for ACM CODASPY 2024.
>>> Sep 2023: I will serve as TPC Member (Tools Demo Track) for SANER 2024.
>>> Aug 2023: One paper accepted by ICSE 2024.
>>> Aug 2023: I will serve as TPC Member for IEEE EuroS&P 2024.
>>> Jun 2023: One paper accepted by USENIX-SEC 2023.
>>> May 2023: One paper accepted by IEEE Transactions on Software Engineering.
>>> Jan 2023: One paper accepted by WWW 2023.
>>> Jan 2023: 李蕊同学获山东大学研究生境外留学基金和课题组资助,将前往香港中文大学开展博士生联合培养.
>>> Oct 2022: I was awarded 山东省泰山学者青年专家.
>>> Jan 2022: I will serve as TPC Member for ESORICS 2022.
>>> Dec 2021: Three papers accepted by ICSE 2022.
>>> Nov 2021: 祝贺张进同学获得硕士研究生国家奖学金!
>>> Oct 2021: One paper accepted by IEEE Transactions on Software Engineering.
>>> Aug 2021: Our team received 第十四届全国大学生信息安全竞赛-作品赛 一等奖.
>>> Jul 2021: One paper accepted by ACM CCS 2021.
>>> Dec 2020: I will serve as TPC Member for ESORICS 2021.
>>> Nov 2020: One paper accepted by IEEE S&P 2021.
>>> Nov 2020: 祝贺李蕊同学获得硕士研究生国家奖学金!
>>> May 2020: I received ACM SIGSAC China Rising Star Award (ACM SIGSAC China新星奖).
招生意向
刁文瑞,博士,现任山东大学网络空间安全学院教授、博士生导师,网络空间安全本科专业(国家级一流本科专业)负责人,网络与系统安全方向学术带头人,入选山东省泰山学者青年专家、小米青年学者、齐鲁青年学者等人才计划,2017年博士毕业于香港中文大学。
课题组在网络空间安全专业(网络与系统安全方向)招收博士、硕士研究生,将主要开展国际水准的软件与系统安全领域研究,包括自动化漏洞挖掘、AI驱动安全分析(LLM)、移动生态安全、物联网系统安全等方向。研究项目获得国家自然科学基金、山东省泰山学者工程、山东省自然科学基金、山东大学高层次人才学科建设经费、小米公益基金会等支持。研究成果发表于IEEE S&P(山东大学首篇)、USENIX-SEC(山东大学首篇)、ACM CCS、NDSS、ICSE(山东大学首篇)、WWW等多个系统安全&软件工程领域顶级国际学术会议。欢迎对于系统安全研究具有浓厚兴趣,具备良好编程动手能力及系统软硬件知识的同学报考。
本课题组规模适宜(长期维持在10名学生左右),所有学生均由本人亲自指导,研究方向高度聚焦,值得一提的是,课题组发表的所有论文均以研究生为第一作者。课题组为科研表现优异的研究生提供多种形式的国内/海外学术交流与访问机会,为优秀硕士生提供硕转博衔接培养机会,为优秀博士生提供赴海外顶级系统安全实验室访问机会(已出访学校包括:西蒙菲莎大学、新加坡国立大学、乔治梅森大学、香港中文大学)。
近期资助课题组研究生参加的国内外学术活动(国外为发表论文参会)包括:中国密码学会2025年区块链密码学术会议-天津、InForSec2025网络空间安全学术年会-北京、IEEE TrustCom 2024-三亚、ACM CCS 2024-美国盐湖城、SANER 2024-芬兰罗瓦涅米、ISSRE 2024-日本筑波、CCF中国软件大会2024-西安、2024年江苏省研究生“边缘智能和网络安全”暑期学校-南京、InForSec2024网络空间安全学术年会-北京、USENIX-SEC 2023-美国阿纳海姆、WWW 2023-美国奥斯汀、MOSEC移动安全技术峰会2023-上海、2023年“网络安全前沿技术”全国研究生暑期学校-合肥、网络空间安全大会2023-杭州、InForSec2023网络空间安全学术年会-深圳 …
有意加入本课题组同学请通过电子邮件同我取得联系,标明推免或报考类型(学硕/专硕)。报考硕士研究生的同学需具备信息安全、计算机、软件工程等电子信息类本科专业背景,本科阶段专业课加权平均分>80分,通过英语六级,请提供【简历】+【本科成绩单(含英语六级成绩)】,CTF等信息安全类竞赛科研经历为加分项。
我院博士招生采用申请-考核制,一般在12月(来年4/5月可能有少量名额的第二批招生)开展招生工作,可随时联系,但预计在11月名额才会较为确定。申请博士研究生的同学需具备计算机安全或相关领域(如软件工程、操作系统等)研究基础及论文发表经历,请提供【简历】+【论文代表作(即第一作者论文)】。
如未提供上述有效材料,恕无法回复邮件(设置了追踪功能的邮件也不会进行回复)。再次强调一下,本组研究方向关注现实世界安全问题,为非理论性研究,学生需具备【软件安全基础、良好的编程与系统搭建能力】,以便开展科研。此外,本组的专业型硕士研究生(专硕)亦采用科研导向的培养模式,助研津贴标准、毕业标准均与学术型硕士研究生(学硕)一致。
P.S., 山东大学为中央网信办和教育部一流网络安全学院建设示范项目高校。网络空间安全学院位于山东大学青岛校区,地处青岛市“蓝色硅谷”核心区,依山傍海,空气清新,景色宜人,校园距离海边直线距离不足500米。
To 本院学生:
应已选修『软件安全』与『逆向工程』两门课程(体现一下你对软件与系统安全方向的兴趣)。
联系前请明确在本校本院继续读研的意愿和优先级(而非用学院保底)。
已保研至本组的本院学生会在大四阶段参与科研实践,以尽早获得科研产出。
 |
 |
Biography
I am a Professor in School of Cyber Science and Technology at Shandong University. Before joining SDU, I obtained my Ph.D. degree from The Chinese University of Hong Kong, under the supervision of Prof. Kehuan Zhang. Also, I previously visited / worked / interned at Jinan University, Indiana University Bloomington, City University of Hong Kong, Syniverse Technologies, and EMC Labs China. My research focuses on software and system security, especially automated vulnerability detection, mobile security, and IoT security. I was a founding member of System Security Lab of CUHK.
Education
Aug 2013 - Aug 2017: Ph.D. in Information Engineering, supervised by Prof. Kehuan Zhang, The Chinese University of Hong Kong, Hong Kong.
Sep 2016 - Jan 2017: Visiting Ph.D. Student, supervised by Prof. XiaoFeng Wang, Indiana University, Bloomington, IN, USA.
Sep 2010 - Jun 2011: M.Sc. in Information Engineering, The Chinese University of Hong Kong, Hong Kong.
Sep 2006 - Jun 2010: B.Sc. in Information Security, Shandong University, Jinan, China.
Experience
Jun 2019 - Present: Professor, Shandong University, Qingdao, China.
Sep 2017 - Jun 2019: Associate Professor, Jinan University, Guangzhou, China.
Feb 2013 - Jul 2013: Research Assistant, supervised by Prof. Cong Wang, City University of Hong Kong, Hong Kong.
Nov 2011 - Jan 2013: System Application Engineer, Syniverse Technologies AP, Hong Kong.
Jun 2011 - Sep 2011: Software Engineer Intern, EMC Labs China, Shanghai, China.
Selected Publications
Publications at Top-tier Venues (16 papers): IEEE S&P (’21, ’16), USENIX-SEC (’23), ACM CCS (’24 × 2, ’21, ’15, ’14), NDSS (’19, ’18), ICSE (’24, ’22 × 3), WWW (’24, ’23)
Publications Ranking Statistics: CCF A: 18 papers, CCF B: 13 papers, CCF C: 14 papers
Author with (✉️): Corresponding Author - 通讯作者,即相关论文由本组所主导完成
[ASIACCS’25] Kailun Yan, Bo Lu, Pranav Agrawal, Jiasun Li, Wenrui Diao (✉️), and Xiaokuan Zhang (✉️). An Empirical Study on Cross-chain Transactions: Costs, Inconsistencies, and Activities. The 20th ACM ASIA Conference on Computer and Communications Security, Hanoi, Vietnam. August 25-29, 2025. [Core A, CCF C]
[EMSE] Shishuai Yang, Qinsheng Hou, Shuang Li, Fenghao Xu, and Wenrui Diao (✉️). From Guidelines to Practice: Assessing Android App Developer Compliance with Google’s Security Recommendations. Empirical Software Engineering, 30 (11): 1-33, 2025. [Q1, CCF B] [Link] [Android-Permission-Mappings]
[ISSRE’24] Shuang Li, Rui Li, Shishuai Yang, and Wenrui Diao (✉️). Android's Cat-and-Mouse Game: Understanding Evasion Techniques against Dynamic Analysis. The 35th IEEE International Symposium on Software Reliability Engineering, Tsukuba, Japan. October 28-31, 2024. [Core A, CCF B] [PDF]
[ISSRE’24] Shishuai Yang, Guangdong Bai (✉️), Ruoyan Lin, Jialong Guo, and Wenrui Diao (✉️). Beyond the Horizon: Exploring Cross-Market Security Discrepancies in Parallel Android Apps. The 35th IEEE International Symposium on Software Reliability Engineering, Tsukuba, Japan. October 28-31, 2024. [Core A, CCF B] [PDF]
[CCS’24] Kailun Yan, Xiaokuan Zhang (✉️), and Wenrui Diao (✉️). Stealing Trust: Unraveling Blind Message Attacks in Web3 Authentication. The 31st ACM Conference on Computer and Communications Security, Salt Lake City, UT, USA. October 14-18, 2024. [Top] [Core A*, CCF A] [Distinguished Paper Award] [PDF] [Demo] [Code] [CVE-2023-50053, CVE-2023-50059] [Media Coverage: 山大视点]
[CCS’24] Zidong Zhang, Qinsheng Hou, Lingyun Ying (✉️), Wenrui Diao (✉️), Yacong Gu, Rui Li, Shanqing Guo, Haixin Duan. MiniCAT: Understanding and Detecting Cross-Page Request Forgery Vulnerabilities in Mini-Programs. The 31st ACM Conference on Computer and Communications Security, Salt Lake City, UT, USA. October 14-18, 2024. [Top] [Core A*, CCF A] [PDF] [Code] [CNVD-2024-05527, CNVD-2023-75836, CNVD-2023-75837] [Media Coverage: QI-ANXIN]
[RAID’24] Jianing Wang, Shanqing Guo, Wenrui Diao, Yue Liu, Haixin Duan, Yichen Liu, and Zhenkai Liang. CrypTody: Cryptographic Misuse Analysis of IoT Firmware via Data-flow Reasoning. The 27th International Symposium on Research in Attacks, Intrusions and Defenses, Padua, Italy. September 30-October 2, 2024. [Core A, CCF B] [PDF]
[WWW’24] Xiaoyin Liu, Wenzhi Li, Qinsheng Hou, Shishuai Yang, Lingyun Ying (✉️), Wenrui Diao (✉️), Yanan Li, Shanqing Guo, and Haixin Duan. From Promises to Practice: Evaluating the Private Browsing Modes of Android Browser Apps. The 33rd ACM Web Conference, Singapore. May 13-17, 2024. [Top] [Core A*, CCF A] [PDF] [Media Coverage: QI-ANXIN]
[ICSE’24] Pengcheng Ren, Chaoshun Zuo, Xiaofeng Liu, Wenrui Diao, Qingchuan Zhao, and Shanqing Guo. DEMISTIFY: Identifying On-device Machine Learning Models Stealing and Reuse Vulnerabilities in Mobile Apps. The 46th IEEE/ACM International Conference on Software Engineering, Lisbon, Portugal. April 14-20, 2024. [Top] [Core A*, CCF A] [PDF]
[SANER’24] Shuang Li, Rui Li, Yifan Yu, Kailun Yan, Shishuai Yang, and Wenrui Diao (✉️). Understanding Android OS Forward Compatibility Support for Legacy Apps: A Data-Driven Analysis. The 31st IEEE International Conference on Software Analysis, Evolution, and Reengineering, Rovaniemi, Finland. March 12-15, 2024. [Core A, CCF B] [PDF]
[USENIX-SEC’23] Rui Li, Wenrui Diao (✉️), Shishuai Yang, Xiangyu Liu, Shanqing Guo, and Kehuan Zhang. Lost in Conversion: Exploit Data Structure Conversion with Attribute Loss to Break Android Systems. The 32nd USENIX Security Symposium, Anaheim, CA, USA. August 9-11, 2023. [Top] [Core A*, CCF A] [PDF] [Demo] [CVE-2021-39695, CVE-2022-20392, CVE-2023-20971] [Media Coverage: 山大视点]
[IEEE TSE] Qinsheng Hou, Wenrui Diao, Yanhao Wang, Chenglin Mao, Lingyun Ying, Song Liu, Xiaofeng Liu, Yuanzhi Li, Shanqing Guo, Meining Nie, and Haixin Duan. Can We Trust the Phone Vendors? Comprehensive Security Measurements on the Android Firmware Ecosystem. IEEE Transactions on Software Engineering, 49(7): 3901-3921, 2023. [Q1, CCF A] [Link] [Code]
[WWW’23] Kailun Yan, Jilian Zhang, Xiangyu Liu, Wenrui Diao (✉️), and Shanqing Guo. Bad Apples: Understanding the Centralized Security Risks in Decentralized Ecosystems. The 32nd ACM Web Conference, Austin, Texas, USA. April 30 - May 4, 2023. [Top] [Core A*, CCF A] [PDF] [Code] [Media Coverage: 山大视点]
[ICSE’22] Xing Zhang, Jiongyi Chen, Chao Feng, Ruilin Li, Wenrui Diao, Kehuan Zhang, Jing Lei, and Chaojing Tang. DeFault: Mutual Information-based Crash Triage for Massive Crashes. The 44th IEEE/ACM International Conference on Software Engineering, Pittsburgh, PA, USA. May 21-29, 2022. [Top] [Core A*, CCF A] [PDF]
[ICSE’22] Qinsheng Hou, Wenrui Diao, Yanhao Wang, Xiaofeng Liu, Song Liu, Lingyun Ying, Shanqing Guo, Yuanzhi Li, Meining Nie, and Haixin Duan. Large-scale Security Measurements on the Android Firmware Ecosystem. The 44th IEEE/ACM International Conference on Software Engineering, Pittsburgh, PA, USA. May 21-29, 2022. [Top] [Core A*, CCF A] [PDF] [Code] [Media Coverage: QI-ANXIN]
[ICSE’22] Shishuai Yang, Rui Li, Jiongyi Chen, Wenrui Diao (✉️), and Shanqing Guo. Demystifying Android Non-SDK APIs: Measurement and Understanding. The 44th IEEE/ACM International Conference on Software Engineering, Pittsburgh, PA, USA. May 21-29, 2022. [Top] [Core A*, CCF A] [PDF]
[IEEE TSE] Rui Li, Wenrui Diao (✉️), Zhou Li, Shishuai Yang, Shuang Li, and Shanqing Guo. Android Custom Permissions Demystified: A Comprehensive Security Evaluation. IEEE Transactions on Software Engineering, 48(11): 4465-4484, 2022. [Q1, CCF A] [PDF] [Code]
[CCS’21] Fenghao Xu, Siyu Shen, Wenrui Diao, Zhou Li, Yi Chen, Rui Li, and Kehuan Zhang. Android on PC: On the Security of End-user Android Emulators. The 28th ACM Conference on Computer and Communications Security, Seoul, South Korea. November 15-19, 2021. [Top] [Core A*, CCF A] [PDF] [Demo]
[IEEE S&P’21] Rui Li, Wenrui Diao (✉️), Zhou Li, Jianqi Du, and Shanqing Guo. Android Custom Permissions Demystified: From Privilege Escalation to Design Shortcomings. The 42nd IEEE Symposium on Security and Privacy, San Francisco, CA, USA. May 23-27, 2021. [Top] [Core A*, CCF A] [PDF] [Code] [Demo] [CVE-2020-0418, CVE-2021-0306, CVE-2021-0307, CVE-2021-0317]
[RAID’19] Wenrui Diao, Yue Zhang, Li Zhang, Zhou Li, Fenghao Xu, Xiaorui Pan, Xiangyu Liu, Jian Weng, Kehuan Zhang, and XiaoFeng Wang. Kindness is a Risky Business: On the Usage of the Accessibility APIs in Android. The 22nd International Symposium on Research in Attacks, Intrusions and Defenses, Beijing, China. September 23-25, 2019. [Core A, CCF B] [PDF] [Demo]
[RAID’19] Li Zhang, Jiongyi Chen, Wenrui Diao (✉️), Shanqing Guo, Jian Weng, and Kehuan Zhang. CryptoREX: Large-scale Analysis of Cryptographic Misuse in IoT Devices. The 22nd International Symposium on Research in Attacks, Intrusions and Defenses, Beijing, China. September 23-25, 2019. [Core A, CCF B] [PDF] [Code]
[DSN’19] Jiongyi Chen, Chaoshun Zuo, Wenrui Diao, Shuaike Dong, Qingchuan Zhao, Menghan Sun, Zhiqiang Lin, Yinqian Zhang, and Kehuan Zhang. Your IoTs Are (Not) Mine: On the Remote Binding Between IoT Devices and Users. The 49th IEEE/IFIP International Conference on Dependable Systems and Networks, Portland, OR, USA. June 24-27, 2019. [Core A, CCF B] [PDF]
[NDSS’19] Fenghao Xu, Wenrui Diao, Zhou Li, Jiongyi Chen, and Kehuan Zhang. BadBluetooth: Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals. The 26th Annual Network and Distributed System Security Symposium, San Diego, CA, USA. February 24-27, 2019. [Top] [Core A*, CCF A] [PDF] [Demo] [CVE-2019-2225]
[ICSME’18] Chao Chen, Wenrui Diao (✉️), Yingpei Zeng, Shanqing Guo (✉️), and Chengyu Hu. DRLgencert: Deep Learning-based Automated Testing of Certificate Verification in SSL/TLS Implementations. The 34th IEEE International Conference on Software Maintenance and Evolution, Madrid, Spain. September 23-29, 2018. [Core A, CCF B] [PDF]
[JCS] Wenrui Diao (✉️), Rui Liu, Xiangyu Liu, Zhe Zhou, Zhou Li, and Kehuan Zhang. Accessing Mobile User’s Privacy Based on IME Personalization: Understanding and Practical Attacks. Journal of Computer Security. vol. 26, no. 3, pp. 283-309, 2018. [Q3, CCF B] [Link]
[DSN’18] Jia Chen, Ge Han, Shanqing Guo, and Wenrui Diao. FragDroid: Automated User Interface Interaction with Activity and Fragment Analysis in Android Applications. The 48th IEEE/IFIP International Conference on Dependable Systems and Networks, Luxembourg City, Luxembourg. June 23-28, 2018. [Core A, CCF B] [PDF]
[NDSS’18] Jiongyi Chen, Wenrui Diao, Qingchuan Zhao, Chaoshun Zuo, Zhiqiang Lin, XiaoFeng Wang, Wing Cheong Lau, Menghan Sun, Ronghai Yang, and Kehuan Zhang. IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing. The 25th Annual Network and Distributed System Security Symposium, San Diego, CA, USA. February 18-21, 2018. [Top] [Core A*, CCF A] [PDF]
[PETS’17] Zhe Zhou, Wenrui Diao, Xiangyu Liu, Zhou Li, Kehuan Zhang, and Rui Liu. Vulnerable GPU Memory Management: Towards Recovering Raw Data from GPU. The 17th Privacy Enhancing Technologies Symposium, Minneapolis, MN, USA. July 19-22, 2017. [Core A, CCF C]
[IEEE S&P’16] Wenrui Diao, Xiangyu Liu, Zhou Li, and Kehuan Zhang. No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing Analysis. The 37th IEEE Symposium on Security and Privacy, San Jose, CA, USA. May 23-25, 2016. [Top] [Core A*, CCF A] [PDF]
[CCS’15] Xiangyu Liu, Zhe Zhou, Wenrui Diao, Zhou Li, and Kehuan Zhang. When Good Becomes Evil: Keystroke Inference with Smartwatch. The 22nd ACM Conference on Computer and Communications Security, Denver, CO, USA. October 12-16, 2015. [Top] [Core A*, CCF A] [PDF]
[ESORICS’15] Wenrui Diao, Xiangyu Liu, Zhe Zhou, Kehuan Zhang, and Zhou Li. Mind-Reading: Privacy Attacks Exploiting Cross-App KeyEvent Injections. The 20th European Symposium on Research in Computer Security, Vienna, Austria. September 21-25, 2015. [Core A, CCF B] [PDF] [Demo]
[CCS’14] Zhe Zhou, Wenrui Diao, Xiangyu Liu, and Kehuan Zhang. Acoustic Fingerprinting Revisited: Generate Stable Device ID Stealthily with Inaudible Sound. The 21st ACM Conference on Computer and Communications Security, Scottsdale, AZ, USA. November 3-7, 2014. [Top] [Core A*, CCF A] [PDF]
Professional Activities
TPC Member:
USENIX Security Symposium (USENIX-SEC): 2026, 2025
ACM Conference on Computer and Communications Security (CCS): 2025, 2024, 2019, 2018
IEEE European Symposium on Security and Privacy (IEEE EuroS&P): 2025, 2024
ACM Conference on Data and Application Security and Privacy (CODASPY): 2025, 2024
IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER): 2024
International Conference on Information Security and Cryptology (Inscrypt): 2023, 2022
International Conference on Information and Communications Security (ICICS): 2022, 2021
European Symposium on Research in Computer Security (ESORICS): 2022, 2021
Reviewer:
ACM Transactions on Software Engineering and Methodology
ACM Transactions on Privacy and Security
IEEE Transactions on Mobile Computing
IEEE Transactions on Dependable and Secure Computing
IEEE Transactions on Information Forensics and Security
IEEE Security and Privacy Magazine
Invited Talks
移动生态安全探索:从系统漏洞到大规模测量
Jan 2025: InForSec2025网络空间安全学术年会
May 2025: 上海市计算机学会ySec空中学术论坛
揭秘Android自定义权限:The Good, The Bad, and The Ugly
Nov 2024: 华为2012实验室-系统技术安全实验室 磐石大师汇特邀报告
面向Android生态的大规模安全测量
Apr 2023: InForSec2023网络空间安全国际学术研究成果分享及青年学者论坛
Android Custom Permissions Demystified
Dec 2021: 之江实验室可信计算前沿学术研讨会
Jul 2021: SIGSAC@ACM Turing Award Celebration Conference - China
BadBluetooth: Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals
Security Threats to Android System: Exploration, Understanding, and Defense
May 2017: Shandong University, Jinan, China
Apr 2017: Shanghai Jiao Tong University, Shanghai, China
Teaching
Instructor@SDU:
04630210 - Reverse Engineering (逆向工程): 2025 Spring, 2024 Spring, 2023 Spring, 2022 Spring
04630130 - Software Security (软件安全): 2024 Fall, 2023 Fall, 2022 Fall, 2021 Fall, 2020 Fall
04630080 - Computer Networks (计算机网络): 2021 Spring, 2020 Spring
0740003 - Computing System Security (计算系统安全): 2021 Fall, 2020 Fall, 2019 Fall
Instructor@JNU:
08066002 - Secure Programming (安全编程): 2018 Fall
08066003 - Secure Programming Lab (安全编程实验): 2018 Fall
Part-time Instructor@CUHK:
IEMS 5710 - Cryptography, Information Security & Privacy: 2015 Spring
Teaching Assistant@CUHK:
IERG 4090 - Networking Protocols and Systems: 2016 Spring, 2017 Spring
IERG 4831 - Networking Laboratory I: 2016 Spring, 2017 Spring
IERG 3921 - Information Engineering Lab: 2015 Fall
IERG 4210 - Web Programming and Security: 2015 Spring
IERG 3310 - Computer Networks: 2014 Fall
Awards
2025: 《信息对抗技术》2024年度优秀论文
2023: Xiaomi Young Scholar, Shandong University-Xiaomi Foundation (山东大学-小米公益基金会 小米青年学者)
2022: Taishan Young Scholar, Shandong Province (山东省泰山学者青年专家)
2021: 第十四届全国大学生信息安全竞赛-作品赛 优秀指导教师
2020: ACM SIGSAC China Rising Star Award (ACM SIGSAC China新星奖)
2019: Qilu Young Scholar, Shandong University (山东大学齐鲁青年学者)
2017: PETS 2017 Stipends, The 17th Privacy Enhancing Technologies Symposium
2017: Reaching Out Award 2016/17, HKSAR Government Scholarship Fund
2016: IEEE S&P 2016 Student Travel Grants, The 37th IEEE Symposium on Security and Privacy
2012: Dean’s List 2010-2011, Faculty of Engineering, CUHK
指导学生获奖 (校级以上奖励):
研究生: 山东大学优秀毕业生 × 3 (2025), 《信息对抗技术》年度优秀论文 (2025), DataCon大数据安全分析竞赛-AI安全赛道 一等奖-亚军 (2024), DataCon大数据安全分析竞赛-软件供应链安全赛道 一等奖-季军 (2024), 博士研究生国家奖学金 (2024), 硕士研究生国家奖学金 (2024), ACM CCS 2024 Distinguished Paper Award (2024), ACM CCS 2024 Student Travel Grants (2024), 山东省优秀毕业生 (2024), 山东大学优秀毕业生 (2024), 网络安全学院学生创新资助计划 (2024), 第七届“强网杯”全国网络安全挑战赛“强网先锋” (2024), DataCon大数据安全分析竞赛-软件安全赛道 第3名 (2023), DataCon大数据安全分析竞赛-互联网威胁溯源赛道 第3名 (2023), 博士研究生国家奖学金 (2023), 山东大学优秀毕业生 (2023), ACM WiSec Student Travel Grants (2022), DataCon大数据安全分析竞赛-邮件安全赛道 第8名 (2021), 硕士研究生国家奖学金 (2021), 山东大学研究生优秀学术成果奖二等奖 (2021), 山东大学第十二届学生“五•四”青年科学奖优秀成果奖 (2021), IEEE S&P Student Registration Grants (2021), 硕士研究生国家奖学金 (2020)
本科生: 山东大学优秀本科毕业论文 (2024), 网络安全学院学生创新资助计划 (2024), 第十四届全国大学生信息安全竞赛-作品赛一等奖 (2021)
Current Students
Ph.D. Students
Shuang Li (BSc: Shandong University, MS-Ph.D. Student, 2021 - )
Jialong Guo (BEng: Zhengzhou University, MS-Ph.D. Student, 2022 - )
Master Students
Zhentao Xie (BEng: South China Normal University, MS Student, 2023 - )
Ming Chen (BEng: China University of Petroleum, MS Student, 2023 - )
Ruoyan Lin (BEng: Shandong University, MS Student, 2023 - )
Huixin Wang (BEng: Shandong University, MS Student, 2023 - )
Yujie Xing (BEng: Shandong University, MS Student, 2024 - )
Mingyang Chen (BEng: Qufu Normal University, MS Student, 2024 - )
Alumni
Ph.D. Graduates@SDU
Kailun Yan (Ph.D. Student, Graduated in 2025)
Publications (first author): CCS 2024 (CCF A), WWW 2023 (CCF A), ASIACCS 2025 (CCF C), The Computer Journal (CCF B), 《信息对抗技术》
Awards & Honors: 山东大学优秀毕业生, 学位论文答辩总评优秀, 博士研究生国家奖学金, 山东大学研究生海外留学基金, ACM CCS 2024 Distinguished Paper Award (杰出论文奖), 《信息对抗技术》2024年度优秀论文, 山东大学青岛校区研究生科研创新与成果应用大赛-成果应用奖, 网络安全学院学生创新资助计划 …
Overseas Visiting Experience: George Mason University (2024.02 - 2024.10)
First Job: Postdoctoral Researcher at Tsinghua University
Shishuai Yang (MS-Ph.D. Student, Graduated in 2025)
Publications (first author): ICSE 2022 (CCF A), ISSRE 2024 (CCF B), EMSE (CCF B), APSEC 2023 (CCF C)
Awards & Honors: 国家留学基金(CSC)资助公派联合培养博士生项目, 奇安信奖学金, 网络安全学院学生创新资助计划
Overseas Visiting Experience: National University of Singapore (2024.02 - 2024.7)
First Job: Lecturer at Zhengzhou University of Aeronautics
Rui Li (MS-Ph.D. Student, Graduated in 2024)
Publications (first author): USENIX-SEC 2023 (CCF A), IEEE S&P 2021 (CCF A), IEEE TSE (CCF A), IEEE TrustCom 2024 (CCF C)
Awards & Honors: 山东省优秀毕业生, 山东大学优秀毕业生, 学位论文答辩总评优秀, 博士研究生国家奖学金, 硕士研究生国家奖学金, 山东大学研究生优秀学术成果奖, 山东大学学生“五•四”青年科学奖, 网络安全学院学生创新资助计划, IEEE S&P 2021 Student Registration Grants …
Overseas Visiting Experience: The Chinese University of Hong Kong (2023.01 - 2023.07)
First Job: Research Scientist at Singapore Management University
Jianqi Du (Ph.D. Student, Graduated in 2024)
Publications (first author): SECON 2022 (CCF B), MSN 2023 (CCF C)
First Job: Researcher at China Unicom Digital Technology Co., Ltd.
Master Graduates@SDU
Wenzhi Li (MS Student, Graduated in 2025)
Awards & Honors: 山东大学优秀毕业生, 学位论文答辩总评优秀, 华为奖学金, DataCon 2023大数据安全分析竞赛-互联网威胁溯源赛道 季军 (队长)
First Job: Engineer at Baidu Finance (度小满)
Yifan Yu (MS Student, Graduated in 2025)
Awards & Honors: 山东大学优秀毕业生
Publications (first author): TrustCom 2024 (CCF C)
First Job: Security Engineer at BYD (比亚迪)
Zidong Zhang (MS Student at Shandong University, Graduated in 2024)
Publications (first author): CCS 2024 (CCF A), SaTS 2024 (Workshop@CCS 2024)
Awards & Honors: 学位论文答辩总评优秀, ACM CCS 2024 Student Travel Grants
First Job: Ph.D. Student at Simon Fraser University
Xiaoyin Liu (MS Student at Shandong University, Graduated in 2024)
Publications (first author): WWW 2024 (CCF A)
Awards & Honors: 学位论文答辩总评优秀, 网络安全学院学生创新资助计划
First Job: 某单位某部门
Guangwei Tian (MS Student at Shandong University, Graduated in 2023)
Publications (first author): IEEE QRS 2022 (CCF C)
Awards & Honors: 山东大学优秀毕业生
First Job: Engineer at 山东省东营市大数据中心
Chennan Zhang (MS Student at Shandong University, Graduated in 2023)
Publications (first author): ACM WiSec 2022 (CCF C)
Awards & Honors: ACM WiSec 2022 Student Travel Grants
First Job: Security Researcher at OPPO子午实验室
Jin Zhang (MS Student at Shandong University, Graduated in 2022)
Publications (first author): ICPADS 2021 (CCF C)
Awards & Honors: 硕士研究生国家奖学金
First Job: Engineer at TP-Link
Master Graduates@JNU
Li Zhang (Co-supervised MS Student, Graduated in 2019)
Publications (first author): RAID 2019 (CCF B)
Awards & Honors: RAID 2019 Student Travel Grants
First Job: Engineer at MingLead Gene
Undergraduate Research Assistants@SDU
Zhaoyu Qiu, Yanbo Xu, Chong Tian, Yuncheng Wang