Publications

(2024). Rethinking the Security Threats of Stale DNS Glue Records. In Proceedings of the 33rd USENIX Security Symposium. Philadelphia, Pennsylvania, August 14–16, 2024. (Acceptance rate: 417/2,276=18.3%, Acceptance rate in summer: ??%, Acceptance rate in fall: ??%, Acceptance rate in winter: ??%).
* Presented in XCon 2024.

PDF Cite Code Project

(2024). ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing. In Proceedings of the 33rd USENIX Security Symposium. Philadelphia, Pennsylvania, August 14–16, 2024. (Acceptance rate: 417/2,276=18.3%, Acceptance rate in summer: ??%, Acceptance rate in fall: ??%, Acceptance rate in winter: ??%).
* ✉ Both are corresponding authors.
* Presented in SHUZIHUANYU Talk.
* Presented in OARC 42.

PDF Cite Code Project

(2024). TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets. In Oakland S&P ‘24. San Francisco, California, May 20–23, 2024. (Acceptance rate: 261/1,466=17.8%, Acceptance rate in first cycle: ??%, Acceptance rate in second cycle: ??%, Acceptance rate in third cycle: ??%).
* ✉ Corresponding authors.
* Presented in OARC 42.
* Referenced by RFC 9520: Negative Caching of DNS Resolution Failures.
* Presented in GeekCon 2024 International.
* Presented in Black Hat USA 2024.
* Got the 2024 Pwnie Award Nominations for Most Innovative Research (Hacker Oscar).

PDF Cite Code Project Poster Slides

(2024). DNSBomb: A New Practical-and-Powerful Pulsing DoS Attack Exploiting DNS Queries-and-Responses. In Oakland S&P ‘24. San Francisco, California, May 20–23, 2024. (Acceptance rate: 261/1,466=17.8%, Acceptance rate in first cycle: ??%, Acceptance rate in second cycle: ??%, Acceptance rate in third cycle: ??%).
* Presented in GeekCon 2023 (Second Prize).
* 40+ news coverage by media, such as The Hacker News, Cyber Security News, and dns-operation.
* Presented in DNS OARC 43.

PDF Cite Code Project Poster Slides

(2024). Understanding the Implementation and Security Implications of Protective DNS Services. In NDSS ‘24. San Diego, California, 26 February – 1 March, 2024. (Acceptance rate: 104/694=15.0%, Acceptance rate in summer: 41/211=19.4%, Acceptance rate in fall: 63/483=13.0%).

PDF Cite Code Project

(2024). ReqsMiner: Automated Discovery of CDN Forwarding Request Inconsistencies with Differential Fuzzing. In NDSS ‘24. San Diego, California, 26 February – 1 March, 2024. (Acceptance rate: 104/694=15.0%, Acceptance rate in summer: 41/211=19.4%, Acceptance rate in fall: 63/483=13.0%).

PDF Cite

(2024). Poster: ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing. In NDSS ‘24. San Diego, California, 26 February – 1 March, 2024. (Acceptance rate: 33/42=78.6%).
* ✉ Both are corresponding authors.
* Presented in SHUZIHUANYU Talk.
* Presented in OARC 42.

PDF Cite Code Project

(2024). BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet. In NDSS ‘24. San Diego, California, 26 February – 1 March, 2024. (Acceptance rate: 104/694=15.0%, Acceptance rate in summer: 41/211=19.4%, Acceptance rate in fall: 63/483=13.0%).

PDF Cite Code Project

(2023). Under the Dark: A Systematical Study of Stealthy Mining Pools (Ab)use in the Wild. In CCS ‘23. Copenhagen, Denmark, November 26–30, 2023. (Acceptance rate: 158/795=19.9%, Acceptance rate in first round: ??%, Acceptance rate in second round: ??%).
* ⓘ Both authors contributed equally to the paper.

PDF Cite Code Project

(2023). TsuKing: Coordinating DNS Resolvers and Queries into Potent DoS Amplifiers. In CCS ‘23. Copenhagen, Denmark, November 26–30, 2023. (Acceptance rate: 158/795=19.9%, Acceptance rate in first round: ??%, Acceptance rate in second round: ??%).
* ⓘ Both authors contributed equally to the paper.
* Presented in OARC 41.
* Presented in Black Hat Europe 2023.

PDF Cite Code Project

(2023). Wolf in Sheep's Clothing: Evaluating the Security Risks of the Undelegated Record on DNS Hosting Services. In IMC ‘23. Montréal, Canada on October 24 - 26, 2023. (Acceptance rate: 52/208=25.0%).

PDF Cite Code Project

(2023). The Maginot Line: Attacking the Boundary of DNS Caching Protection. In USENIX Security ‘23. Anaheim, California, August 9–11, 2023. (Acceptance rate: 422/1,444=29.2%, Acceptance rate in summer: 91/388=23.5%, Acceptance rate in fall: 155/531=29.2%, Acceptance rate in winter: 176/525=33.5%).
* Presented in Black Hat USA 2023.
* 60+ news coverage by media such as BleepingComputer and APNIC.
* An Austria government CERT daily report.
* A Sweden government CERT weekly news.
* A Bournemouth University (BU) CERT news.
* Presented in SHUZIHUANYU Talk.
* Presented in KANXUE 2023 SDC.
* Presented in Black Hat Webinar.

PDF Cite Code Project Slides Source Document

(2023). Temporal CDN-Convex Lens: A CDN-Assisted Practical Pulsing DDoS Attack. In USENIX Security ‘23. Anaheim, California, August 9–11, 2023. (Acceptance rate: 422/1,444=29.2%, Acceptance rate in summer: 91/388=23.5%, Acceptance rate in fall: 155/531=29.2%, Acceptance rate in winter: 176/525=33.5%).

PDF Cite Slides

(2023). DareShark: Detecting and Measuring Security Risks of Hosting-Based Dangling Domains. In SIGMETRICS ‘23. Orlando, Florida, June 19-23, 2023. (Acceptance rate: 55/342=16.1%, Acceptance rate in summer: 17/93=18.3%, Acceptance rate in fall: 26/119=21.9%, Acceptance rate in winter: 12/130=9.2%).
* Presented in OARC 40.
* Presented in APAC DNS Forum 2023 by Mr Alban KWAN.

PDF Cite Slides

(2023). Ghost Domain Reloaded: Vulnerable Links in Domain Name Delegation and Revocation. In NDSS ‘23. San Diego, California, 27 February – 3 March, 2023. (Acceptance rate: 94/581=16.2%, Acceptance rate in summer: 36/183=19.7%, Acceptance rate in fall: 58/398=14.6%).
* Presented in OARC 39.
* Presented in ICANN DNS Symposium 2022.
* Presented in Black Hat Asia 2023.
* Referenced by RFC Draft: Delegation Revalidation by DNS Resolvers.

PDF Cite Code Project Slides Source Document DOI

(2023). Demo: Ransom Vehicle through Charging Pile. In VehicleSec 2023. San Diego, California, Feburary 27, 2023. (Acceptance rate: 32/83=36.0% (overall), 20/49=40.8% (regular), 2/6=33.3% (short), 6/16=37.5% (wpi), and 4/12=33.3% (demos/posters)).

PDF Cite Poster Slides

(2021). Fast IPv6 Network Periphery Discovery and Security Implications. In DSN ‘21. Taipei, Taiwan, June 21-24, 2021 (Virtually). (Acceptance rate: 48/279=17.2%).
* Presented in 2021 West Lake Cybersecurity Conference: Cyberspace Security Tools Presentation.
* Presented in Pentester Academy TV.
* Referenced by 10+ top-tier security conference papers.
* Supporting one patent CN202110502369.2.

PDF Cite Code Project Slides Video