Xiang Li

Xiang Li

Associate Professor (Nankai University)

Nankai University

College of Cyber Science

Biography

Xiang Li is an Associate Professor at the College of Cyber Science, Nankai University. He received his Ph.D. from Network and Information Security Lab (NISL) at Tsinghua University (advised by Professors Qi Li and Haixin Duan) in 2024. He was a visiting scholar at UC Irvine as a project specialist, working with Professor Zhou Li. Additionally, he is the author of the fast IPv6 network device scanner XMap, open-sourced on GitHub (370+ stars). He is also a member of the DataCon Expert Committee. He is the advisor of Nankai University’s CTF teams, an ACM member, CCF member, and CIC member. He serves as PC for top-tier venues like IMC 2025 and others like AsiaCCS 2025. His research interests include network security, protocol security, IPv6 security, DNS security, Internet measurement, network & protocol fuzzing, network vulnerability discovery & attack, web security, and underground economy with 18 research papers. As the first author, he has published many research papers at all top-tier security conferences, including Oakland S&P (2), USENIX Security (1), CCS (1), NDSS (1), and other conferences like DSN. As the corresponding author and co-author, he also published multiple papers in top conferences like USENIX Security, CCS, NDSS, SIGMETRICS, and IMC. He also gets his presentations accepted by top industry security conferences like Black Hat (Asia, USA^2, and Europe). He likes to attend talks and workshops like IDS, OARC, and VehicleSec to share his research. He applied for 11 patents (1 authorized and 5 in checking as the first author). He has obtained over 200 CVE/CNVD/CNNVD vulnerability numbers for a variety of influential IPv6 and DNS vulnerabilities, which have impacted over 20 home router vendors and all DNS implementations and resolver vendors. He received acknowledgements and more than $17,100 rewards from those vendors, like Google, Microsoft, Cloudflare, and Akamai; an Austria government CERT daily report; A Sweden government CERT weekly news; A Bournemouth University (BU) CERT news; 100+ news coverage by media such as BleepingComputer. He is working for the improvement of network protocols (related work has been referenced in RFC). He got multiple prizes, such as 2024 ACM SIGSAC China Excellent Doctoral Dissertation Award (1st), 2024 Pwnie Award Nominations for Most Innovative Research (Hacker Oscar), 1st prize of IPv6 Technology Application Innovation Competition, 2nd prize of GeekCon 2023 DAF Contest, National Scholarship, Wang Dazhong Scholarship, Tsinghua Outstanding Scholarship, Outstanding Graduate, and Extraordinary Hacker of GeekCon International 2024. As the advisor or competition leader, he instructed the teamers to get the 2nd prize of 2024 Changcheng Cup and the 1st and 3rd prizes of 2024 Beijing–Tianjin–Hebei Security Cup.

About openings: I am actively seeking self-motivated Master’s and PhD students, as well as intern researchers, who have a strong interest in network security and privacy, web security, vulnerability discovery, code analysis, reverse engineering, LLMs, and related fields. If you’re interested, please email me your resume. I apologize in advance if you don’t receive a response due to the high volume of inquiries. Thank you!

Recent News

Interests
  • Network Security
  • Protocol Security
  • IPv6 Security
  • DNS Security
  • Internet Measurement
  • Network & Protocol Fuzzing
  • Network Vulnerability Discovery & Attack
  • Underground Economy
  • Web Security
Education
  • Ph.D. in Cyberspace Security

    2019 -- 2024, Tsinghua University, Advised by Professors Qi Li and Haixin Duan

  • TA for Class "Internet Architecture and Its Security Fundamentals"

    09/2023 -- 01/2024, Tsinghua University

  • TA for Class "Network Protocol Security Design and Analysis"

    09/2023 -- 01/2024, Tsinghua University

  • Visiting Scholar

    11/2022 -- 04/2023, University of California, Irvine

  • B.E. in Information Security / LL.B. (Double Major)

    2015 -- 2019, Nankai University

Publications

📑 Publications

  • Publications in total: 17

  • Publications at top-tier security venues (12): S&P (‘24a, ‘24b), NDSS (‘23, ‘24a, ‘24b, ‘24c), USENIX Security (‘23a, ‘23b, ‘24a, ‘24b), CCS (‘23a, ‘23b)

  • Publications at other computer science venues (5): DSN (‘21), VehicleSec (‘23), SIGMETRICS (‘23), IMC (‘23), NDSS Poster (‘24)

  • Publications as the 1st author (6): S&P (‘24a, ‘24b), NDSS (‘23), USENIX Security (‘23), CCS (‘23), DSN (‘21)

  • Publications as the corresponding author (1): USENIX Security (‘24)

  • Publications as the 2nd author (4): SIGMETRICS (‘23), CCS (‘23), NDSS (‘24a, ‘24b)


(2024). ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing. In Proceedings of the 33rd USENIX Security Symposium. Philadelphia, Pennsylvania, August 14–16, 2024. (Acceptance rate: 417/2,276=18.3%, Acceptance rate in summer: ??%, Acceptance rate in fall: ??%, Acceptance rate in winter: ??%).
* ✉ Both are corresponding authors.
* Presented in SHUZIHUANYU Talk.
* Presented in OARC 42.

PDF Cite Code Project

Projects

Projects and Codes

*
XMap: The Internet Scanner
XMap is a fast network scanner designed for performing Internet-wide IPv6 & IPv4 network research scanning.

Activities

🎡 Part of Activities

  • Academic Conferences: DSN (‘21), CCS (‘22), VehicleSec (‘23), NDSS (‘23), USENIX Security (‘23), AEGIS (‘23), IEEE S&P (‘24a, ‘24b)

  • Industrial Conferences: ICANN DNS Symposium (IDS ‘21, ‘22), DNS-OARC (39, 40, 41, 42a, 42b), Black Hat (Asia ‘23, USA ‘23, Europe ‘23, USA ‘24), GeekCon (‘23, ‘24.Intl.), Kanxue SDC (‘23)


Misc

🏅 Awards

  • ACM SIGSAC China Excellent Doctoral Dissertation Award (1st). 2024
  • Pwnie Award Nominations for Most Innovative Research. 2024
  • Outstanding Graduate of Beijing. 2024
  • Outstanding Ph.D. Graduate of Tsinghua University. 2024
  • Outstanding Graduate of the Institute of Network Science and Cyberspace, Tsinghua University. 2024
  • Outstanding Doctoral Dissertation of Tsinghua University. 2024
  • Tsinghua Graduate “Qihang” Third Prize. 2024
  • Extraordinary Hacker of GeekCon International 2024. 2024
  • Wang Dazhong Scholarship. 2023
  • The 2nd Prize of GeekCon 2023 DAF Contest. 2023
  • China National Scholarship for Graduate Students. 2023.
  • LongFor Excellent Scholarship. 2023.
  • The 3rd Prize in National IPv6 Technology Application Innovation Competition. 2023.
  • The 1st Prize in IPv6 Technology Application Innovation Competition. 2022.
  • The 3rd Prize in IPv6 Technology Application Innovation Competition. 2022.
  • Tsinghua Outstanding 2rd Scholarship. 2022.
  • Tsinghua Graduate “129” Star. 2020.
  • Outstanding Undergraduate (Tianjin City and Nankai University). 2019.
  • The 3rd Prize in Nankai “Dream+” Innovation and Entrepreneurship Competition, 2018.
  • Nankai Gongneng 1st Scholarship. 2018.
  • Cyber Security Scholarship of China Internet Development Foundation. 2018.
  • The 2nd Prize in National College Student Information Security Contest. 2018.
  • Recognition Award in “Qiang Wang Cup” National Network Security Challenge Online Contest. 2018.
  • The 3rd Prize in National Cryptography Contest, 2017.
  • The Leading Academic Student Researcher of School of Computer and Control Engineering, Nankai University, 2017.
  • China National Scholarship. 2017.
  • Nankai Excellent Student. 2017
  • China National Scholarship. 2016.
  • Nankai Excellent Student. 2016
  • Top scorer in science in the college entrance examination of Fang Cheng County. 2015

🏅 Awards as the Advisor or Competition Leader

🔖 Patents

  • An Efficient Algorithm for Constructing Domain Deep Analysis Dependency Topology Based on Passive Domain Name Resolution Traffic. 2024. In checking.
  • A Method and System for Tracing IPv6 Honeypot Attacks Based on Multi-Prefix Orchestrable Protocol Responses. 2023. In applying.
  • A Technology and Method for Classification Detection and Handling of Unknown Threats in IPv6 Networks Adapting to Layered Attribute Data. 2023. In checking.
  • A Method for Rapid Exploration of Large IPv6 Network Assets Combining Active and Passive Approaches. 2023. In checking.
  • An Accurate Identification Method for Conditional DNS Resolvers. 2023. In checking.
  • A Domain Cache Injection Technique and Detection Method for Conditional DNS Resolvers. 2023. In checking.
  • A Domain Authorization Consistency Detection Method for DNS Resolvers. 2023. In checking.
  • A Novel Domain Name Generation Algorithm Based on the DNS Resolution Mechanism and Its Detection Method. 2023. In checking.
  • A Fast IPv4 and IPv6 Network Space Probing System Based on Asynchronous Decoupling and Address Randomization Techniques. 2023. In checking.
  • A Combined Passive and Active Approach for Mining Behavior Detection. 2023. In checking.
  • CN202110502369.2: A Fast IPv6 Network Periphery Device Discovery Technique. 2022.

🐞 CNVD/CNNVD/CVE

🙋‍♂️ Reviewers

  • AsiaCCS ‘25
  • IMC ‘25
  • ICICS ‘23
  • TDSC ‘23
  • DTRAP ‘23 * 3
  • SCN ‘22

🙋‍♂️ External Reviewers

  • AsiaCCS ‘23
  • ESF Proposal ‘22
  • NDSS ‘22
  • ICDCS ‘21
  • ESORICS ‘20
  • ICPDAS ‘19

🙋‍♂️ Services

  • AsiaCCS ‘25 PC
  • IMC ‘25 PC
  • AEGIS ‘24 Program Co-Chair (3rd AEGIS Symposium on Cyber Security)
  • SecureComm ‘23 Session Chair (couldn’t make it there)
  • ACM member, CCF member, CIC member

Contact