Xiang Li
Ph.D. Candidate in Cyberspace Security (Tsinghua University)
Tsinghua University
Institute of Network Science and Cyberspace
Network and Information Security Lab (NISL)
Biography
Xiang Li is a 5th-year Ph.D. candidate at the Institute of Network Science and Cyberspace, Tsinghua University, advised by Professors Qi Li and Haixin Duan. He belongs to the Network and Information Security Lab (NISL). He was a visiting scholar at UC Irvine as a project specialist, working with Professor Zhou Li. He is also working as a security research intern at Qi-An-Xin Technology Company. Additionally, he is the author of the fast IPv6 network device scanner XMap, open-sourced on GitHub (265+ stars). His research interests include network security, protocol security, IPv6 security, DNS security, Internet measurement, network & protocol fuzzing, network vulnerability discovery & attack, and underground economy with 12 research papers. As the first author, he has published many research papers at all top-tier security conferences, including Oakland S&P, USENIX Security, CCS, NDSS, and other conferences like DSN. As the corresponding author and co-author, he also published multiple papers in top conferences like USENIX Security, CCS, NDSS, SIGMETRICS, and IMC. He also gets his presentations accepted by top industry security conferences like Black Hat (Asia and USA). He likes to attend talks and workshops like IDS, OARC, and VehicleSec to share his research. He has obtained over 180 CVE/CNVD vulnerability numbers for a variety of influential IPv6 and DNS vulnerabilities, which have impacted over 20 home router vendors and all DNS implementations and resolver vendors. He received acknowledgements and more than $11,600 rewards from those vendors, like Google, Microsoft, Cloudflare, and Akamai; an Austria government CERT daily report; A Sweden government CERT weekly news; A Bournemouth University (BU) CERT news; 60+ news coverage by media such as BleepingComputer. He is working for the improvement of network protocols (related work has been referenced in RFC). He got multiple prizes, such as 1st prize of IPv6 Technology Application Innovation Competition, Tsinghua Outstanding Scholarship, and LongFor Excellent Scholarship.
Recent News
- [09/2023](Activity) Done 2023 the opening ceremony for Institute of Network Science and Cyberspace as a senior student speaker.
- [09/2023](Paper) Two minor revision to accepted by NDSS ‘24 Fall. Congrats, Gengen and Linkai!
- [09/2023](Prize) Got LongFor Excellent Scholarship.
- [09/2023](Activity) Done TA training as a TA for two classes.
- [09/2023](Presentation) Done SHUZIHUANYU live talk.
- [09/2023](Activity) Done 2023 NISL Teacher’s Day celebration with MSF.
- [09/2023](Presentation) TsuKing Attack presented by Fenglu at DNS OARC 41, cause I couldn’t make it there.
- [08/2023](Activity) Done 2nd AEGIS workshop talk.
- [08/2023](Paper) One paper got accepted by USENIX Security ‘24. Congrats, Qifan!
- [08/2023](Paper) One paper got conditionally accepted by IMC ‘23. Congrats, Fenglu!
- [08/2023](Activity) Invited to attend 21th BlueHat 2023.
- [08/2023](Paper) My first Oakland paper got approved by the shepherd.
- [07/2023](Paper) Minor revision to accepted by NDSS ‘24 Summer. Congrats, Chuhan!
- [07/2023](Presentation) TsuKing Attack accepted by DNS OARC 41.
- [07/2023](Activity) Done USENIX Security ‘23 and Black Hat USA 2023 slides. I’ll attend USENIX Security ‘23 in person and couldn’t make it to Black Hat USA 2023 in person. Let’s talk!
- [07/2023](Paper) My paper got accepted with shepherding by Oakland ‘24 Spring.
- [07/2023](Paper) One paper got minor revision by NDSS ‘24 Summer. Congrats, Chuhan!
- [07/2023](Activity) Invited to attend Microsoft’s Security Researcher Celebration Event at Black Hat USA 2023.
- [07/2023](Activity) 4-5 July, invited to attend APAC DNS Forum 2023 with Mingming, but not make it there.
- [06/2023](Activity) Got CVE-2023-32020 from Microsoft.
- [06/2023](Presentation) MaginotDNS Attack accepted by Black Hat USA 2023.
- [05/2023](Paper) Two papers accepted by CCS ‘23. Congrats, Wei and Zhenrui!
- [05/2023](Activity) I’ll attend Black Hat Asia 2023 in person. Let’s talk!
- [04/2023](Activity) Back to THU.
- Network Security
- Protocol Security
- IPv6 Security
- DNS Security
- Internet Measurement
- Network & Protocol Fuzzing
- Network Vulnerability Discovery & Attack
- Underground Economy
-
Ph.D. in Cyberspace Security
2019 -- Present, Tsinghua University
-
TA for Class "Internet Architecture and Its Security Fundamentals"
09/2023 -- 01/2024, Tsinghua University
-
TA for Class "Network Protocol Security Design and Analysis"
09/2023 -- 01/2024, Tsinghua University
-
Visiting Scholar
11/2022 -- 04/2023, University of California, Irvine
-
B.E. in Information Security / LL.B. (Double Major)
2015 -- 2019, Nankai University
Publications
📑 Publications
-
Publications in total: 12
-
Publications at top-tier security venues (8): S&P (‘24), NDSS (‘23, ‘24), USENIX Security (‘23a, ‘23b, ‘24), CCS (‘23a, ‘23b)
-
Publications at other computer science venues (4): DSN (‘21), VehicleSec (‘23), SIGMETRICS (‘23), IMC (‘23)
-
Publications as the 1st author (5): S&P (‘24), NDSS (‘23), USENIX Security (‘23), CCS (‘23), DSN (‘21)
-
Publications as the corresponding author (1): USENIX Security (‘24)
* ✉ Both are corresponding authors.
* ⓘ Both are first authors.
* Presented in OARC 41.
* Presented in Black Hat USA 2023.
* 60+ news coverage by media such as BleepingComputer.
* An Austria government CERT daily report.
* A Sweden government CERT weekly news.
* A Bournemouth University (BU) CERT news.
* Presented in OARC 40.
* Presented in APAC DNS Forum 2023 by Mr Alban KWAN.
* Presented in OARC 39.
* Presented in ICANN DNS Symposium 2022.
* Presented in Black Hat Asia 2023.
* Referenced by RFC Draft: Delegation Revalidation by DNS Resolvers.
Projects
Projects and Codes
Activities
🎡 Part of Activities
-
Academic Conferences: DSN (‘21), CCS (‘22), VehicleSec (‘23), NDSS (‘23), USENIX Security (‘23), AEGIS (2nd)
-
Industrial Conferences: ICANN DNS Symposium (IDS ‘21, ‘22), DNS-OARC (39, 40, 41), Black Hat (Asia ‘23, USA ‘23)
In OARC 41 & ICANN DNS Symposium 2023 (hybrid in-person and online workshop), Fenglu presented our novel TsuKing attack on behalf of me cause I couldn’t make it there.
In the 2nd AEGIS Workshop (online workshop), I presented a novel Ghost Domain attack named Phoenix Domain to the audiences.
In OARC 40 & NANOG 87 Workshop (hybrid in-person and online workshop), I presented a novel hosting-based domain takeover detection framework DareShark to the audiences.
In the 5th ICANN DNS Symposium (IDS 2022), I presented my NDSS ‘23 paper Phoenix Domain to the audiences. Discussed with so many enthusiastic question askers.
In OARC 39 & 47th CENTR Technical Workshop (hybrid in-person and online workshop), I presented a novel Ghost Domain attack named Phoenix Domain to the audiences.
In @Pentester Academy TV, I presented the IPv6 network scanner XMap with @DamianGoh13. Watch the video at here. New features are coming.
In the 4th ICANN DNS Symposium (IDS 2021, virtually), I presented a novel DNS cache poisoning attack (introduced by Xiaofeng Zheng from our lab) to the audiences.
Misc
🏅 Awards
- LongFor Excellent Scholarship. 2023.
- The 3rd Prize in National IPv6 Technology Application Innovation Competition. 2023.
- The 1st Prize in IPv6 Technology Application Innovation Competition. 2022.
- The 3rd Prize in IPv6 Technology Application Innovation Competition. 2022.
- Tsinghua Outstanding 2rd Scholarship. 2022.
- Outstanding Undergraduate. 2019.
- The 3rd Prize in Nankai “Dream+” Innovation and Entrepreneurship Competition, 2018.
- Nankai Gongneng 1st Scholarship. 2018.
- Cyber Security Scholarship of China Internet Development Foundation. 2018.
- The 2nd Prize in National College Student Information Security Contest. 2018.
- Recognition Award in “Qiang Wang Cup” National Network Security Challenge Online Contest. 2018.
- The 3rd Prize in National Cryptography Contest, 2017.
- The Leading Academic Student Researcher of School of Computer and Control Engineering, Nankai University, 2017.
- China National Scholarship. 2017.
- Nankai Excellent Student. 2017
- China National Scholarship. 2016.
- Nankai Excellent Student. 2016
- Top scorer in science in the college entrance examination of Fang Cheng County. 2015
🔖 Patents
- An Efficient Algorithm for Constructing Domain Deep Analysis Dependency Topology Based on Passive Domain Name Resolution Traffic. 2023. In applying.
- An Accurate Identification Method for Conditional DNS Resolvers. 2023. In checking.
- A Domain Cache Injection Technique and Detection Method for Conditional DNS Resolvers. 2023. In checking.
- A Domain Authorization Consistency Detection Method for DNS Resolvers. 2023. In checking.
- A Novel Domain Name Generation Algorithm Based on the DNS Resolution Mechanism and Its Detection Method. 2023. In checking.
- A Fast IPv4 and IPv6 Network Space Probing System Based on Asynchronous Decoupling and Address Randomization Techniques. 2023. In checking.
- A Combined Passive and Active Approach for Mining Behavior Detection. 2023. In checking.
- CN202110502369.2: A Fast IPv6 Network Periphery Device Discovery Technique. 2023.
🐞 CNVD/CNNVD/CVE
- 109/5/75 (total)
- ResolverFuzz Vulnerability (2023): n/n/15
- TuDoor Vulnerability (2023): n/n/33
- TsuKing Vulnerability (2023): n/n/3
- Phoenix Domain Vulnerability (2022): n/n/9
- MaginotDNS Cache Poisoning Vulnerability (2022): n/n/3
- IPv6 Routing Loop Vulnerability (2021): 109/5/22
🙋♂️ Reviewers
- ICICS ‘23
- TDSC ‘23
- DTRAP ‘23 * 2
- SCN ‘22
🙋♂️ External Reviewers
- AsiaCCS ‘23
- ESF Proposal ‘22
- NDSS ‘22
- ICDCS ‘21
- ESORICS ‘20
- ICPDAS ‘19
Contact
- x-l19 [AT] mails dot tsinghua dot edu dot cn
- FIT 4-204, Tsinghua University, Beijing, 100084
- DM Me
- Follow Me
Links
For you