Xiang Li

Xiang Li

Associate Professor (Nankai University)

Nankai University

College of Cryptology and Cyber Science

Biography

Xiang Li is an Associate Professor at the College of Cyber Science, Nankai University. He received his Ph.D. from Network and Information Security Lab (NISL) at Tsinghua University (advised by Professors Qi Li and Haixin Duan) in 2024. He was a visiting scholar at UC Irvine as a project specialist, working with Professor Zhou Li. Additionally, he is the author of the fast IPv6 network device scanner XMap, open-sourced on GitHub (430+ stars). He is also a member of the DataCon Expert Committee. He is the advisor of Nankai University’s CTF teams, an ACM member, CCF member, and CIC member. He serves as PC for top-tier venues like IMC, RAID, ACSAC and others like AsiaCCS. His research interests include network security, protocol security, IPv6 security, DNS security, Internet measurement, network & protocol fuzzing, network vulnerability discovery & attack, web security, and underground economy with 22 research papers. As the first author, he has published many research papers at all top-tier security conferences, including Oakland S&P (2), USENIX Security (1), CCS (2), NDSS (1), and other conferences like DSN. As the corresponding author and co-author, he also published multiple papers in top conferences like USENIX Security, CCS, NDSS, SIGMETRICS, and IMC. He also gets his presentations accepted by top industry security conferences like Black Hat (Asia, USA^2, and Europe). He likes to attend talks and workshops like IDS, OARC, and VehicleSec to share his research. He applied for 12 patents (2 authorized and 5 in checking as the first author). He has obtained over 200 CVE/CNVD/CNNVD vulnerability numbers for a variety of influential IPv6 and DNS vulnerabilities, which have impacted over 20 home router vendors and all DNS implementations and resolver vendors. He received acknowledgements and more than $17,100 rewards from those vendors, like Google, Microsoft, Cloudflare, and Akamai; an Austria government CERT daily report; A Sweden government CERT weekly news; A Bournemouth University (BU) CERT news; 100+ news coverage by media such as BleepingComputer. He is working for the improvement of network protocols (related work has been referenced in RFC). He got multiple prizes, such as 2024 ACM SIGSAC China Excellent Doctoral Dissertation Award (1st), 2024 Pwnie Award Nominations for Most Innovative Research (Hacker Oscar), 1st prize of IPv6 Technology Application Innovation Competition, 2nd prize of GeekCon 2023 DAF Contest, National Scholarship, Wang Dazhong Scholarship, Tsinghua Outstanding Scholarship, Outstanding Graduate, and Extraordinary Hacker of GeekCon International 2024. As the advisor or competition leader, he instructed the teamers to get the 2nd prize of 2024 Changcheng Cup and the 1st and 3rd prizes of 2024 Beijing–Tianjin–Hebei Security Cup.

About openings: I am actively seeking self-motivated Master’s and PhD students, as well as intern researchers, who have a strong interest in network security and privacy, web security, vulnerability discovery, code analysis, reverse engineering, LLM security, and related fields. If you’re interested, please email me your resume. I apologize in advance if you don’t receive a response due to the high volume of inquiries. Thank you!

2025 OPENING, PLEASE FEEL FREE TO CONATCT ME!

Recent News

  • [03/2025](Activity) Invited to serve as GLOBECOM ‘25 PC.
  • [03/2025](Paper) One paper got minor revision by CCS ‘25. Congrats, Dashuai!
  • [03/2025](Paper) One paper got accept by CCS ‘25. Congrats to myself!
  • [03/2025](Activity) Invited to serve as ACSAC ‘25 PC.
  • [03/2025](Activity) Invited to serve as RAID ‘25 PC.
  • [03/2025](Competition) Congrats to the NKU CTF team to get the 3rd Prize (CTF) of National College Student information Security Contest.
  • [02/2025](Teaching) Teaching Software Security for sophomore.
  • [02/2025](Activity) Invited to serve as WOOT ‘25 PC.
  • [01/2025](Activity) Invited to serve as SecureComm ‘25 publications chair.
  • [12/2024](Paper) One paper got accepted by ACNS ‘25. Congrats, Yan!
  • [12/2024](Teaching) Teaching Cutting-edge Technology of Information Security for sophomore.
  • [11/2024](Competition) Congrats to Zuyao to get the 3rd Prize (Internet Infrastructure) of DataCon Competition.
  • [11/2024](Competition) Congrats to the NKU CTF team to get the Qiangwang Pioneer Prize of Qiangwang Bei.
  • [11/2024](Competition) Congrats to Fasheng to get the 1st prize (College) of IPv6 Technology Application Innovation Competition.
Interests
  • Network Security
  • Protocol Security
  • IPv6 Security
  • DNS Security
  • Internet Measurement
  • Network & Protocol Fuzzing
  • Network Vulnerability Discovery & Attack
  • Underground Economy
  • Web Security
Education

  • Ph.D. in Cyberspace Security

    2019 -- 2024, Tsinghua University, Advised by Professors Qi Li and Haixin Duan

  • Visiting Scholar

    11/2022 -- 04/2023, University of California, Irvine

  • B.E. in Information Security / LL.B. (Double Major)

    2015 -- 2019, Nankai University

Classes

Teaching

  • 🏫 Software Security (Sophomore). 2025-Spring
  • 🏫 Cutting-edge Technology of Information Security (Sophomore). 2024-Fall
  • 🏫 Freshman Seminar (Freshman). 2024-Fall
  • 🏫 Internet Architecture and Its Security Fundamentals (Graduate). 2023-Fall (TA)
  • 🏫 Network Protocol Security Design and Analysis (Graduate). 2023-Fall (TA)

Publications

📑 Publications

  • Publications in total: 22

  • Publications at top-tier security venues (15): S&P (‘24a, ‘24b, ‘25), NDSS (‘23, ‘24a, ‘24b, ‘24c), USENIX Security (‘23a, ‘23b, ‘24a, ‘24b), CCS (‘23a, ‘23b, ‘25a, ‘25b)

  • Publications at other computer science venues (6): DSN (‘21), VehicleSec (‘23), SIGMETRICS (‘23), IMC (‘23), NDSS Poster (‘24), ACNS (‘25)

  • Publications as the 1st author (7): S&P (‘24a, ‘24b), NDSS (‘23), USENIX Security (‘23), CCS (‘23, ‘25), DSN (‘21)

  • Publications as the corresponding author (3): USENIX Security (‘24), NDSS Poster (‘24), ACNS (‘25)

  • Publications as the 2nd author (4): SIGMETRICS (‘23), CCS (‘23), NDSS (‘24a, ‘24b)

Qifan Zhang, Xuesong Bai, Xiang Li, Haixin Duan, Qi Li, Zhou Li (2024). ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing. In Proceedings of the 33rd USENIX Security Symposium. Philadelphia, Pennsylvania, August 14–16, 2024. (Acceptance rate: 417/2,276=18.3%, Acceptance rate in summer: ??%, Acceptance rate in fall: ??%, Acceptance rate in winter: ??%).
* ✉ Both are corresponding authors.
* Presented in SHUZIHUANYU Talk.
* Presented in OARC 42.

PDF Cite Code Project

See all publications

Projects

Projects and Codes

*
All IPv6 Other
XMap: The Internet Scanner
XMap is a fast network scanner designed for performing Internet-wide IPv6 & IPv4 network research scanning.
Code Follow Twitter
XMap: The Internet Scanner

Activities

🎡 Part of Activities

  • Academic Conferences: DSN (‘21), CCS (‘22), VehicleSec (‘23), NDSS (‘23), USENIX Security (‘23), AEGIS (‘23), IEEE S&P (‘24a, ‘24b)

  • Industrial Conferences: ICANN DNS Symposium (IDS ‘21, ‘22), DNS-OARC (39, 40, 41, 42a, 42b), Black Hat (Asia ‘23, USA ‘23, Europe ‘23, USA ‘24), GeekCon (‘23, ‘24.Intl.), Kanxue SDC (‘23)

Xiang Li
Aug 7, 2024 12:00 AM — Aug 7, 2023 11:59 PM MANDALAY BAY CONVENTION CENTER
Black Hat USA 2024
Black Hat USA 2024

In Black Hat USA 2024, Qi Wang presented my work: “TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets”.
PDF Code Project Slides Follow Twitter
See all events

Misc

🏅 Awards

  • ACM SIGSAC China Excellent Doctoral Dissertation Award (1st). 2024
  • Pwnie Award Nominations for Most Innovative Research. 2024
  • Outstanding Graduate of Beijing. 2024
  • Outstanding Ph.D. Graduate of Tsinghua University. 2024
  • Outstanding Graduate of the Institute of Network Science and Cyberspace, Tsinghua University. 2024
  • Outstanding Doctoral Dissertation of Tsinghua University. 2024
  • Tsinghua Graduate “Qihang” Third Prize. 2024
  • Extraordinary Hacker of GeekCon International 2024. 2024
  • Wang Dazhong Scholarship. 2023
  • The 2nd Prize of GeekCon 2023 DAF Contest. 2023
  • China National Scholarship for Graduate Students. 2023.
  • LongFor Excellent Scholarship. 2023.
  • The 3rd Prize in National IPv6 Technology Application Innovation Competition. 2023.
  • The 1st Prize in IPv6 Technology Application Innovation Competition. 2022.
  • The 3rd Prize in IPv6 Technology Application Innovation Competition. 2022.
  • Tsinghua Outstanding 2rd Scholarship. 2022.
  • Tsinghua Graduate “129” Star. 2020.
  • Outstanding Undergraduate (Tianjin City and Nankai University). 2019.
  • The 3rd Prize in Nankai “Dream+” Innovation and Entrepreneurship Competition, 2018.
  • Nankai Gongneng 1st Scholarship. 2018.
  • Cyber Security Scholarship of China Internet Development Foundation. 2018.
  • The 2nd Prize in National College Student Information Security Contest. 2018.
  • Recognition Award in “Qiang Wang Cup” National Network Security Challenge Online Contest. 2018.
  • The 3rd Prize in National Cryptography Contest, 2017.
  • The Leading Academic Student Researcher of School of Computer and Control Engineering, Nankai University, 2017.
  • China National Scholarship. 2017.
  • Nankai Excellent Student. 2017
  • China National Scholarship. 2016.
  • Nankai Excellent Student. 2016
  • Top scorer in science in the college entrance examination of Fang Cheng County. 2015

🏅 Awards as the Advisor or Competition Leader

🔖 Patents

  • An Efficient Algorithm for Constructing Domain Deep Analysis Dependency Topology Based on Passive Domain Name Resolution Traffic. 2024. In checking.
  • A Method and System for Tracing IPv6 Honeypot Attacks Based on Multi-Prefix Orchestrable Protocol Responses. 2023. In checking.
  • A Technology and Method for Classification Detection and Handling of Unknown Threats in IPv6 Networks Adapting to Layered Attribute Data. 2023. In checking.
  • A Method for Rapid Exploration of Large IPv6 Network Assets Combining Active and Passive Approaches. 2023. In checking.
  • An Accurate Identification Method for Conditional DNS Resolvers. 2023. In checking.
  • A Domain Cache Injection Technique and Detection Method for Conditional DNS Resolvers. 2023. In checking.
  • A Domain Authorization Consistency Detection Method for DNS Resolvers. 2023. In checking.
  • A Novel Domain Name Generation Algorithm Based on the DNS Resolution Mechanism and Its Detection Method. 2023. In checking.
  • A Fast IPv4 and IPv6 Network Space Probing System Based on Asynchronous Decoupling and Address Randomization Techniques. 2023. In checking.
  • A Combined Passive and Active Approach for Mining Behavior Detection. 2023. In checking.
  • CN202010547692.7: API Security Detection Methods. 2023.
  • CN202110502369.2: A Fast IPv6 Network Periphery Device Discovery Technique. 2022.

🐞 CNVD/CNNVD/CVE

🙋‍♂️ Reviewers

  • GLOBECOM ‘25
  • ACSAC ‘25
  • RAID ‘25
  • WOOT ‘25
  • AsiaCCS ‘25
  • IMC ‘25
  • ICICS ‘23
  • TDSC ‘23
  • DTRAP ‘23 * 3
  • SCN ‘22

🙋‍♂️ External Reviewers

  • AsiaCCS ‘23
  • ESF Proposal ‘22
  • NDSS ‘22
  • ICDCS ‘21
  • ESORICS ‘20
  • ICPDAS ‘19

🙋‍♂️ Services

  • SecureComm ‘25 Publication Chair
  • AEGIS ‘24 Program Co-Chair (3rd AEGIS Symposium on Cyber Security)
  • SecureComm ‘23 Session Chair (couldn’t make it there)
  • ACM member, CCF member, CIC member

Contact

Links

For you

💁‍♂️ Chuhan Wang

💁‍♂️ Yuxuan Wang

💁‍♂️ Zili Meng

💁‍♂️ Phoenix Domain

💁‍♂️ MaginotDNS

💁‍ Mingming Zhang

💁‍♂️ Linkai Zheng

💁‍ Qinge Xie

💁‍ Yue Qin

💁‍♂️ TsuKing

💁‍♂️ TuDoor

💁‍♂️ DNSBomb