Refereed Papers

Summary: 16 Papers Published at Top-tier Conferences, S&P (19), USENIX Sec (18, 20, 21, 22, 23), CCS (17, 20, 21), NDSS (19, 20, 21, 22, 23)

C Conference Proceeding | J Journal Article | W Workshop Proceeding


2023

  • The Maginot Line: Attacking the Boundary of DNS Caching Protection
    Xiang Li, Chaoyi Lu, Baojun Liu, Qifan Zhang, Zhou Li, Haixin Duan and Qi Li
    Processdings of The 32nd USENIX Security Symposium (USENIX Security)
    C

  • Ghost Domain Reloaded: Vulnerable Links in the Domain Name Delegation and Revocation
    Xiang Li, Baojun Liu, Xuesong Bai, Mingming Zhang, Qifan Zhang, Zhou Li, Haixin Duan and Qi Li
    Processdings of The 30th Annual Network and Distributed Security Symposium (NDSS)
    C


2022

  • Exploring the Characteristics and Security Risks of Emerging Emoji Domain Names
    Mingxuan Liu, Yiming Zhang, Baojun Liu and Haixin Duan
    Processdings of The 27th European Symposium on Research in Computer Security, (ESORICS)
    Copenhagen, Denmark, September 26-30, 2022. C

  • Trampoline Over the Air: Breaking in IoT Devices Through MQTT Brokers
    Huikai Xu, Miao Yu, Yanhao Wang, Yue Liu, Qinsheng Hou, Zhenbang Ma, Haixin Duan, Jianwei Zhuge and Baojun Liu
    Processdings of The 7th IEEE European Symposium on Security and Privacy, (EuroS&P)
    Genoa, June 6-10, 2022. C

  • Measuring the Practical Effect of DNS Root Server Instances: A China-Wide Case Study
    Fenglu Zhang, Chaoyi Lu, Baojun Liu †, Haixin Duan and Ying Liu †
    Processdings of Passive and Active Measurement Conference, (PAM)
    Virtual event, March 28-30, 2022. C PDF

  • Building an Open, Robust, and Stable Voting-Based Internet Domain Top List
    Qinge Xie, Shujun Tang, Xiaofeng Zheng, Qingran Lin, Baojun Liu, Haixin Duan and Frank Li
    Processdings of The 31th USENIX Security Symposium (USENIX Security)
    Boston, MA, USA, August 10-12, 2022. C PDF

  • A Large-scale and Longitudinal Measurement Study of DKIM Deployment
    Chuhan Wang, Kaiwen Shen, Minglei Guo, Yuxuan Zhao, Mingming Zhang, Jianjun Chen, Baojun Liu, Xiaofeng Zheng, Haixin Duan, Yanzhong Lin and Qingfeng Pan
    Processdings of The 31th USENIX Security Symposium (USENIX Security)
    Boston, MA, USA, August 10-12, 2022. C PDF

  • PMTUD is not Panacea: Revisiting IP Fragmentation Attacks against TCP
    Xuewei Feng, Qi Li, Kun Sun, Ke Xu, Baojun Liu, Xiaofeng Zheng, Qiushi Yang, Haixin Duan and Zhiyun Qian
    Processdings of The 29th Annual Network and Distributed Security Symposium (NDSS)
    San Diego, California, 27 Feruary - 3 March, 2022. C PDF


2021

  • Detecting and Characterizing SMS Spearphising Attacks
    Mingxuan Liu, Yiming Zhang, Baojun Liu, Zhou Li, Haixin Duan and Donghong Sun
    Processdings of The 37th Annual Computer Security Applications Conference (ACSAC)
    Austin, Texas, USA, December 6-10, 2021. C PDF Slides

  • Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem
    Yiming Zhang, Baojun Liu †, Chaoyi Lu, Zhou Li, Haixin Duan †, Jiachen Li and Zaifeng Zhang
    Processdings of The 28th ACM Conference on Computer and Communications Security (CCS)
    Seoul, South Korea, November 15-19, 2021. C PDF Slides

  • Fast IPv6 Network Periphery Discovery and Security Implications
    Xiang Li, Baojun Liu †, Xiaofeng Zheng, Haixin Duan, Qi Li † and Youjun Huang
    Processdings of The 51th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
    Virtual, June 21-24, 2021. C PDF Slides Tool

  • From WHOIS to WHOWAS: A Large-Scale Measurement Study of Domain Registration Privacy under the GDPR
    Chaoyi Lu, Baojun Liu †, Yiming Zhang, Zhou Li, Fenglu Zhang, Haixin Duan †, Ying Liu, Joann Chen, Jinjin Liang, Zaifeng Zhang, Shuang Hao and Min Yang
    Processdings of The 28th Annual Network and Distributed Security Symposium (NDSS)
    Virtual, February 21-25, 2021. C PDF Slides Tool

  • Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks
    Kaiwen Shen, Chuhan Wang, Xiaofeng Zheng †, Minglei Guo, Chaoyi Lu, Baojun Liu †, Yuxuan Zhao, Shuang Hao, Haixin Duan, Qinfeng Pan and Min Yang
    Processdings of The 30th USENIX Security Symposium (USENIX Security)
    Vancouver, BC, Canada, August 11-13, 2021. C PDF


2020

  • An Anonymous Paper Got Accepted.
    C Best Paper Award Nominee

  • Talking with Familiar Strangers: An Empirical Study on HTTPS Context Confusion Attacks
    Mingming Zhang, Xiaofeng Zheng, Kaiwen Shen, Ziqiao Kong, Chaoyi Lu, Yu Wang, Haixin Duan, Shuang Hao, Baojun Liu and Min Yang
    Processdings of The 27th ACM Conference on Computer and Communications Security (CCS)
    Orlando, USA, November 9-13, 2020. C

  • Lies in the Air: Characterizing Fake-base-station Spam Ecosystem in China
    Yiming Zhang, Baojun Liu †, Chaoyi Lu, Zhou Li, Haixin Duan †, Shuang Hao, Mingxuan Liu, Ying Liu †, Dong Wang and Qiang Li
    Processdings of The 27th ACM Conference on Computer and Communications Security (CCS)
    Orlando, USA, November 9-13, 2020. C PDF Slides Dataset

  • Poison over Troubled Forwarders: A Cache Poisoning Attack Targeting DNS Forwarding Devices
    Xiaofeng Zheng, Chaoyi Lu, Jian Peng, Qiushi Yang, Dongjie Zhou, Baojun Liu, Keyu Man, Shuang Hao, Haixin Duan and Zhiyun Qian
    Processdings of The 29th USENIX Security Symposium (USENIX Security)
    Boston, MA, USA, August 12-14, 2020. C PDF Slides
    Selected by The 35th DNS-OARC

  • CDN Backfired: Amplification Attacks Based on HTTP Range Requests
    Weizhong Li, Kaiwen Shen, Run Guo, Baojun Liu, Jia Zhang, Haixin Duan, Shuang Hao, Xiarun Chen and Yao Wang
    Processdings of The 50th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
    Valencia, Spain, June 29 - July 02, 2020. C PDF Slides Best Paper Award

  • CDN Judo: Breaking the CDN DoS Protection with Itself
    Ruo Guo, Weizhong Li, Baojun Liu, Shuang Hao, Haixin Duan, Jia Zhang, Kaiwen Shen, Jianjun Chen and Ying Liu
    Processdings of The 27th ISOC Network and Distributed System Security Symposium (NDSS)
    Valencia, Spain, June 29 - July 02, 2020. C PDF Slides


2019

  • An End-to-End, Large-Scale Measurement of DNS-over-Encryption: How Far Have We Come?
    Chaoyi Lu, Baojun Liu, Zhou Li, Shuang Hao, Haixin Duan, Mingming Zhang, Chunying Leng, Ying Liu, Zaifeng Zhang and Jianping Wu
    Processdings of The 2019 Internet Measurement Conference (IMC)
    Amsterdam, Netherlands, October 21-23, 2019. C PDF Slides Website
    Applied Networking Research Prize Best Paper Award Nominee Community Contribution Nominee
    Selected by The 31th DNS-OARC

  • TL;DR Hazard: A Comprehensive Study of Levelsquatting Scams
    Kun Du, Hao Yang, Zhou Li, Haixin Duan, Shuang Hao, Baojun Liu, Yuxiao Ye, Mingxuan Liu, Xiaodong Su, Guang Liu, Zhifeng Geng, Zaifeng Zhang and Jinjin Liang
    Processdings of The 15th International Conference on Security and Privacy On Communication Networks (SecureComm)
    Orlando, USA, October 23-25, 2019. C PDF

  • TraffickStop: Detecting and Measuring Illicit Traffic Monetization Through Large-scale DNS Analysis
    Baojun Liu, Zhou Li, Peiyuan Zong, Chaoyi Lu, Haixin Duan, Ying Liu, Sumayah Alrwais, XaioFeng Wang, Shuang Hao, Yaoqi Jia, Yiming Zhang, Kai Chen and Zaifeng Zhang
    Processdings of The 4th IEEE European Symposium on Security and Privacy (IEEE EuroS&P)
    Stockholm, Sweden, June 17-19, 2019. C PDF Slides

  • Cracking Wall of Confinement: Understanding and Analyzing Malicious Domain Takedowns
    Eihal Alowaisheq, Peng Wang, Sumayah Alrwais, Xiaojing Liao, XaioFeng Wang, Tasneem Alowaisheq, XiangHang Mi, Siyuan Tang and Baojun Liu
    Processdings of The 26th ISOC Network and Distributed System Security Symposium (NDSS)
    San Diego, CA, USA, February 24-27, 2020. C PDF Slides Distinguished Paper Award

  • Resident Evil: Understanding Residential IP Proxy as a Dark Service
    Xianghang Mi, Xuan Feng, Xiaojing Liao, Baojun Liu, Xiaofeng Wang, Feng Qian, Zhou Li, Sumayah Alrwais, Limin Sun and Ying Liu
    Processdings of The 40th IEEE Symposium on Security and Privacy (IEEE S&P)
    San Francisco, USA, May 20-22, 2019. C PDF Slides


2018

  • Abusing CDNs for Fun and Profit: Security Issues in CDNs’ Origin Validation
    Run Guo, Jianjun Chen, Baojun Liu, Jia Zhang, Chao Zhang, Haixin Duan, Tao Wan, Jian Jiang, Shuang Hao and Yaoqi Jia
    Processdings of The 37th IEEE International Symposium on Reliable Distributed Systems (SRDS)
    Bahia, Brazil, October 2-5, 2018. C PDF

  • Measuring Privacy Threats in China-Wide Mobile Networks
    Mingming Zhang, Baojun Liu, Chaoyi Lu, Jia Zhang, Shuang Hao and Haixin Duan
    Processdings of The 8th USENIX Workshop on Free and Open Communications on the Internet (FOCI)
    Baltimore, USA, August 14, 2018. W PDF

  • Who Is Answering My Queries: Understanding and Characterizing Interception of the DNS Resolution Path
    Baojun Liu, Chaoyi Lu, Haixin Duan, Ying Liu, Zhou Li, Shuang Hao and Min Yang
    Processdings of The 27th USENIX Security Symposium (USENIX Security)
    Baltimore, USA, August 14, 2018. C PDF Slides Tool
    Selected by The 30th DNS-OARC and The ANRW 2019

  • A Reexamination of Internationalized Domain Names: the Good, the Bad and the Ugly
    Baojun Liu, Chaoyi Lu, Zhou Li, Ying Liu, Haixin Duan, Shuang Hao and Zaifeng Zhang
    Processdings of The 48th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
    Luxembourg City, Luxembourg, June 25-28, 2018. C PDF Slides


2017

  • Don’t Let One Rotten Apple Spoil the Whole Barrel: Towards Automated Detection of Shadowed Domains
    Daiping Liu, Zhou Li, Kun Du, Haining Wang, Baojun Liu and Haixin Duan
    Processdings of The 24th ACM Conference on Computer and Communications Security (CCS)
    Dallas, TX, October 30 - November 3, 2017. C PDF


Patents

  • A Method and System for Phishing Email Detection
    Fenglu Zhang, Baojun Liu, Haixin Duan, Wu Liu, Yanzhong Lin and Qingfeng Pan
    Published on 05/19/2021;

  • A Method and System for IPv6 Network Periphery Devices Discovery
    Xiang Li, Baojun Liu, Xiaofeng Zheng, Haixin Duan, Qi Li, Youjun Huang and Wu Liu
    Published on 05/08/2021;