个人简介
李想,清华大学网络科学与网络空间研究院五年级博士研究生,导师为李琦副教授和段海新教授。他是网络与信息安全实验室(NISL)的成员之一,也是奇安信公司的安全研究实习生。他曾经作为访问学者在加州大学尔湾分校李洲助理教授研究组进行学术交流。此外,他也是一款开源网络扫描器XMap的开发者与维护者(306+ GitHub stars)。研究领域涉及网络安全、协议安全、IPv6安全、DNS安全、互联网测量、网络协议fuzzing、网络漏洞挖掘与攻击以及黑灰产检测。目前已发表17篇学术论文。作为第一作者,他目前在网络安全四大顶级会议均有论文发表,涵盖Oakland S&P(2)、USENIX Security(1)、CCS(1)、NDSS(1),以及其它安全会议如DSN。作为通讯作者和合作作者,他也在网络顶级会议发表多篇论文,如USENIX Security、CCS、NDSS、SIGMETRICS、IMC。此外,他在工业界顶级安全会议也进行过演讲,如Black Hat(Asia、USA、Europe)。他经常参加相关会议讨论分享最近的研究进展,如IDS、OARC、VehicleSec。在漏洞挖掘领域,他目前已发现多个IPv6和DNS方向的新型重大漏洞并获得190+安全漏洞编号(CVE/CNVD),其中所发现的IPv6漏洞影响了数十家路由器厂商。他也发现了DNS协议设计和实现层面的漏洞,影响了所有DNS的软件和实现。目前他已经获得了多家知名互联网厂商的致谢和奖励(超过$11.6k),包括谷歌、微软、Cloudflare、Akamai等公司,奥地利政府CERT每日安全公告,瑞典政府CERT每周安全公告,伯恩茅斯大学CERT安全公告,60+科技媒体报道,并在积极推进网络协议标准的改进(相关工作已被纳入RFC文档)。他也获得了多个奖励荣誉,如IPv6创新大赛一等奖、GeekCon国际安全极客大赛亚军、王大中奖学金、博士研究生国家奖学金、清华优秀奖学金等。
最近动态
- [02/2024](论文) 论文被USENIX Security ‘24接收,恭喜允义!
- [02/2024](论文) ResolverFuzz工作被NDSS ‘24 Poster接收,恭喜起帆!
- [12/2023](奖项) 获得王大中奖学金。
- [12/2023](活动) 在段老师研究生课堂上分享做报告。
- [12/2023](演讲) TuDoor攻击被DNS OARC 42接收!
- [12/2023](演讲) ResolverFuzz工作被DNS OARC 42接收,恭喜起帆!
- [12/2023](论文) 第二篇Oakland论文被 shepherd 同意!
- [12/2023](演讲) 段老师在Black Hat Europe 2023分享了TsuKing攻击。
兴趣爱好
- 网络安全
- 协议安全
- IPv6安全
- DNS安全
- 互联网测量
- 网络协议fuzzing
- 网络漏洞挖掘与攻击
- 黑灰产安全
教育经历
-
网络空间安全 博士研究生
2019 -- 至今, 清华大学
-
课程助教:网络协议安全设计与分析
2023年9月 -- 2024年1月, 清华大学
-
课程助教:互联网体系结构及其安全基础
2023年9月 -- 2024年1月, 清华大学
-
访问学者
2022年11月 -- 2023年4月, 加州大学尔湾分校
-
信息安全与法学双学士学位
2015 -- 2019, 南开大学
论文
📑 论文发表
-
总数: 17
-
发表于安全顶会(12): S&P (‘24a, ‘24b)、NDSS (‘23、‘24a、‘24b、‘24c)、USENIX Security (‘23a、‘23b、‘24a、‘24b)、CCS (‘23a、‘23b)
-
发表于其它会议(5): DSN (‘21)、VehicleSec (‘23)、SIGMETRICS (‘23)、IMC (‘23)、NDSS Poster (‘24)
-
作为第一作者(6): S&P (‘24a, ‘24b)、NDSS (‘23)、USENIX Security (‘23)、CCS (‘23)、DSN (‘21)
-
作为通讯作者(1): USENIX Security (‘24)
-
作为第二作者(3): SIGMETRICS (‘23)、CCS (‘23)、NDSS (‘24)
(2024).
ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing.
In Proceedings of the 33rd USENIX Security Symposium. Philadelphia, Pennsylvania, August 14–16, 2024. (Acceptance rate: ??%, Acceptance rate in summer: ??%, Acceptance rate in fall: ??%, Acceptance rate in winter: ??%).
* ✉ Both are corresponding authors.
* Presented in SHUZIHUANYU Talk.
* Presented in OARC 42.
* ✉ Both are corresponding authors.
* Presented in SHUZIHUANYU Talk.
* Presented in OARC 42.
(2024).
Rethinking the Security Threats of xxx DNS xxx.
In Proceedings of the 33rd USENIX Security Symposium. Philadelphia, Pennsylvania, August 14–16, 2024. (Acceptance rate: ??%, Acceptance rate in summer: ??%, Acceptance rate in fall: ??%, Acceptance rate in winter: ??%).
(2024).
DNSBomb.
In Oakland S&P ‘24. San Francisco, California, May 20–23, 2024. (Acceptance rate: ??%, Acceptance rate in first cycle: ??%, Acceptance rate in second cycle: ??%, Acceptance rate in third cycle: ??%).
(2024).
TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets.
In Oakland S&P ‘24. San Francisco, California, May 20–23, 2024. (Acceptance rate: ??%, Acceptance rate in first cycle: ??%, Acceptance rate in second cycle: ??%, Acceptance rate in third cycle: ??%).
* Presented in OARC 42.
* Referenced by RFC 9520: Negative Caching of DNS Resolution Failures.
* Presented in OARC 42.
* Referenced by RFC 9520: Negative Caching of DNS Resolution Failures.
(2024).
BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet.
In NDSS ‘24. San Diego, California, 26 February – 1 March, 2024. (Acceptance rate: 104/694=15.0%, Acceptance rate in summer: 41/211=19.4%, Acceptance rate in fall: 63/483=13.0%).
(2024).
Poster: ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing.
In NDSS ‘24. San Diego, California, 26 February – 1 March, 2024. (Acceptance rate: 33/42=78.6%).
* ✉ Both are corresponding authors.
* Presented in SHUZIHUANYU Talk.
* Presented in OARC 42.
* ✉ Both are corresponding authors.
* Presented in SHUZIHUANYU Talk.
* Presented in OARC 42.
(2024).
ReqsMiner: Automated Discovery of CDN Forwarding Request Inconsistencies with Differential Fuzzing.
In NDSS ‘24. San Diego, California, 26 February – 1 March, 2024. (Acceptance rate: 104/694=15.0%, Acceptance rate in summer: 41/211=19.4%, Acceptance rate in fall: 63/483=13.0%).
(2024).
Understanding the Implementation and Security Implications of Protective DNS Services.
In NDSS ‘24. San Diego, California, 26 February – 1 March, 2024. (Acceptance rate: 104/694=15.0%, Acceptance rate in summer: 41/211=19.4%, Acceptance rate in fall: 63/483=13.0%).
(2023).
TsuKing: Coordinating DNS Resolvers and Queries into Potent DoS Amplifiers.
In CCS ‘23. Copenhagen, Denmark, November 26–30, 2023. (Acceptance rate: ??%, Acceptance rate in first round: ??%, Acceptance rate in second round: ??%).
* ⓘ Both authors contributed equally to the paper.
* Presented in OARC 41.
* Presented in Black Hat Europe 2023.
* ⓘ Both authors contributed equally to the paper.
* Presented in OARC 41.
* Presented in Black Hat Europe 2023.
(2023).
Under the Dark: A Systematical Study of Stealthy Mining Pools (Ab)use in the Wild.
In CCS ‘23. Copenhagen, Denmark, November 26–30, 2023. (Acceptance rate: ??%, Acceptance rate in first round: ??%, Acceptance rate in second round: ??%).
* ⓘ Both authors contributed equally to the paper.
* ⓘ Both authors contributed equally to the paper.
(2023).
Wolf in Sheep's Clothing: Evaluating the Security Risks of the Undelegated Record on DNS Hosting Services.
In IMC ‘23. Montréal, Canada on October 24 - 26, 2023. (Acceptance rate: 52/208=25.0%).
(2023).
Temporal CDN-Convex Lens: A CDN-Assisted Practical Pulsing DDoS Attack.
In USENIX Security ‘23. Anaheim, California, August 9–11, 2023. (Acceptance rate: 422/1,444=29.2%, Acceptance rate in summer: 91/388=23.5%, Acceptance rate in fall: 155/531=29.2%, Acceptance rate in winter: 176/525=33.5%).
(2023).
The Maginot Line: Attacking the Boundary of DNS Caching Protection.
In USENIX Security ‘23. Anaheim, California, August 9–11, 2023. (Acceptance rate: 422/1,444=29.2%, Acceptance rate in summer: 91/388=23.5%, Acceptance rate in fall: 155/531=29.2%, Acceptance rate in winter: 176/525=33.5%).
* Presented in Black Hat USA 2023.
* 60+ news coverage by media such as BleepingComputer and APNIC.
* An Austria government CERT daily report.
* A Sweden government CERT weekly news.
* A Bournemouth University (BU) CERT news.
* Presented in SHUZIHUANYU Talk.
* Presented in KANXUE 2023 SDC.
* Presented in Black Hat Webinar.
* Presented in Black Hat USA 2023.
* 60+ news coverage by media such as BleepingComputer and APNIC.
* An Austria government CERT daily report.
* A Sweden government CERT weekly news.
* A Bournemouth University (BU) CERT news.
* Presented in SHUZIHUANYU Talk.
* Presented in KANXUE 2023 SDC.
* Presented in Black Hat Webinar.
(2023).
DareShark: Detecting and Measuring Security Risks of Hosting-Based Dangling Domains.
In SIGMETRICS ‘23. Orlando, Florida, June 19-23, 2023. (Acceptance rate: 55/342=16.1%, Acceptance rate in summer: 17/93=18.3%, Acceptance rate in fall: 26/119=21.9%, Acceptance rate in winter: 12/130=9.2%).
* Presented in OARC 40.
* Presented in APAC DNS Forum 2023 by Mr Alban KWAN.
* Presented in OARC 40.
* Presented in APAC DNS Forum 2023 by Mr Alban KWAN.
(2023).
Demo: Ransom Vehicle through Charging Pile.
In VehicleSec 2023. San Diego, California, Feburary 27, 2023. (Acceptance rate: 32/83=36.0% (overall), 20/49=40.8% (regular), 2/6=33.3% (short), 6/16=37.5% (wpi), and 4/12=33.3% (demos/posters)).
(2023).
Ghost Domain Reloaded: Vulnerable Links in Domain Name Delegation and Revocation.
In NDSS ‘23. San Diego, California, 27 February – 3 March, 2023. (Acceptance rate: 94/581=16.2%, Acceptance rate in summer: 36/183=19.7%, Acceptance rate in fall: 58/398=14.6%).
* Presented in OARC 39.
* Presented in ICANN DNS Symposium 2022.
* Presented in Black Hat Asia 2023.
* Referenced by RFC Draft: Delegation Revalidation by DNS Resolvers.
* Presented in OARC 39.
* Presented in ICANN DNS Symposium 2022.
* Presented in Black Hat Asia 2023.
* Referenced by RFC Draft: Delegation Revalidation by DNS Resolvers.
(2021).
Fast IPv6 Network Periphery Discovery and Security Implications.
In DSN ‘21. Taipei, Taiwan, June 21-24, 2021 (Virtually). (Acceptance rate: 48/279=17.2%).
* Presented in 2021 West Lake Cybersecurity Conference: Cyberspace Security Tools Presentation.
* Presented in Pentester Academy TV.
* Referenced by 10+ top-tier security conference papers.
* Supporting one patent CN202110502369.2.
* Presented in 2021 West Lake Cybersecurity Conference: Cyberspace Security Tools Presentation.
* Presented in Pentester Academy TV.
* Referenced by 10+ top-tier security conference papers.
* Supporting one patent CN202110502369.2.
项目
代码与程序
*
动态
🎡 部分动态
-
学术界会议: DSN (‘21)、CCS (‘22)、VehicleSec (‘23)、NDSS (‘23)、USENIX Security (‘23)、AEGIS (‘23)
-
工业界会议: ICANN DNS Symposium (IDS ‘21、‘22)、DNS-OARC (39、40、41、42a、42b)、Black Hat (Asia ‘23、USA ‘23, Europe ‘23)、GeekCon (‘23)
在新极棒 2023比赛中,我演示我们在DNS安全方面的最新研究成果:利用某种未知缺陷实现对任意网站的拒绝服务攻击(大四学弟吴大帅共同参赛,组建TNB团队),最后取得了GEEKCON 2023安全极客大赛“漏洞与利用DAF挑战赛”的亚军。
其他
🏅 荣誉奖励
- 2023年,王大中奖学金
- 2023年,新极棒DAF漏洞利用挑战赛亚军
- 2023年,国家奖学金·研究生
- 2023年,龙湖奖学金·卓越奖
- 2023年,首届IPv6技术应用创新大赛全国总决赛三等奖
- 2022年,首届IPv6技术应用创新大赛科教赛道一等奖
- 2022年,首届IPv6技术应用创新大赛科教赛道三等奖
- 2022年,清华大学校设综合优秀奖学金(二等)
- 2019年,天津市与南开大学“优秀本科毕业生”称号
- 2018年,南开大学第三届 “梦想+”创新创业大赛三等奖
- 2018年,南开大学公能一等奖学金
- 2018年,中国互联网发展基金会网络安全专项基金网络安全奖学金
- 2018年,第十一届全国大学生信息安全竞赛“创新实践能力赛”二等奖
- 2018年,第十一届全国大学生信息安全竞赛“创新实践能力赛”二等奖
- 2018年,第二届"强网杯"全国网络安全挑战赛线上赛优秀奖
- 2017年,第三届全国密码技术竞赛三等奖
- 2017年,南开大学计算机与控制工程学院“学术科研榜样”
- 2017年,国家奖学金
- 2017年,南开大学三好学生
- 2016年,国家奖学金
- 2016年,南开大学三好学生
- 2015年,高考方城县理科状元
🔖 专利申请
- 一种基于多前缀可编排协议响应的IPv6蜜罐攻击溯源方法和系统,2023,申请中
- 一种适配分层属性数据的IPv6网络未知威胁分类检测与处置技术和方法,2023,申请中
- 一种主被动结合的大型IPv6网络资产快速探查方法,2023,申请中
- 一种基于被动域名解析流量的域名深层次解析依赖拓扑高效构建算法,2023,申请中
- 一种条件域名解析器精准识别方法专利,2023,审查中
- 一种针对条件域名解析器的域名缓存注入技术及其检测方法专利,2023,审查中
- 一种针对域名解析器的域名授权一致性检测方法专利,2023,审查中
- 一种基于域名解析机制的新型域名生成算法及其检测方法专利,2023,审查中
- 一个基于异步解耦和地址随机化生成技术的IPv4及IPv6网络空间快速探测系统专利,2023,审查中
- 一种主被动结合的挖矿行为检测方法,2023,审查中
- CN202110502369.2:一种IPv6网络边界设备快速发现方法及系统,2022
🐞 漏洞发现
- 109/5/85 (total)
- DNSBomb安全漏洞 (2023): n/n/10
- ResolverFuzz安全漏洞 (2023): n/n/15
- TuDoor特大安全漏洞 (2023): n/n/33
- TsuKing流量放大攻击漏洞 (2023): n/n/3
- 不死域名漏洞 (2022): n/n/9
- MaginotDNS缓存污染漏洞 (2022): n/n/3
- IPv6路由循环漏洞 (2021):109/5/22
🙋♂️ 审稿评委
- ICICS ‘23
- TDSC ‘23
- DTRAP ‘23 * 3
- SCN ‘22
🙋♂️ 外部审稿
- AsiaCCS ‘23
- ESF Proposal ‘22
- NDSS ‘22
- ICDCS ‘21
- ESORICS ‘20
- ICPDAS ‘19
🙋♂️ 社会服务
- SecureComm ‘23 Session Chair(没能达到现场参加)
联系
- x-l19 [AT] mails dot tsinghua dot edu dot cn
- FIT 4-204, Tsinghua University, Beijing, 100084
- DM Me
- Follow Me