Publications | 李想

Xiang Li, Mingming Zhang, Zuyao Xu, Fasheng Miao, Yuqi Qiu, Baojun Liu, Jia Zhang, Xiaofeng Zheng, Haixin Duan, Zheli Liu, Yunhai Zhang, Dunqiu Fan (2025). RebirthDay Attack: Reviving DNS Cache Poisoning with the Birthday Paradox. In Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security. Taipei, China, October 13–17, 2025..

PDF 引用代码项目演示文稿

Yunyi Zhang, Baojun Liu, Haixin Duan, Min Zhang, Xiang Li, Fan Shi, Chengxi Xu, Eihal Alowaisheq (2024). Rethinking the Security Threats of Stale DNS Glue Records. In Proceedings of the 33rd USENIX Security Symposium. Philadelphia, Pennsylvania, August 14–16, 2024. (Acceptance rate: 417/2,276=18.3%, Acceptance rate in summer: ??%, Acceptance rate in fall: ??%, Acceptance rate in winter: ??%).
* Presented in XCon 2024.

PDF 引用代码项目

Qifan Zhang, Xuesong Bai, Xiang Li, Haixin Duan, Qi Li, Zhou Li (2024). ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing. In Proceedings of the 33rd USENIX Security Symposium. Philadelphia, Pennsylvania, August 14–16, 2024. (Acceptance rate: 417/2,276=18.3%, Acceptance rate in summer: ??%, Acceptance rate in fall: ??%, Acceptance rate in winter: ??%).
* ✉ Both are corresponding authors.
* Presented in SHUZIHUANYU Talk.
* Presented in OARC 42.

PDF 引用代码项目

Xiang Li, Wei Xu, Baojun Liu, Mingming Zhang, Zhou Li, Jia Zhang, Deliang Chang, Xiaofeng Zheng, Chuhan Wang, Jianjun Chen, Haixin Duan, Qi Li (2024). TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets. In Oakland S&P ‘24. San Francisco, California, May 20–23, 2024. (Acceptance rate: 261/1,466=17.8%, Acceptance rate in first cycle: ??%, Acceptance rate in second cycle: ??%, Acceptance rate in third cycle: ??%).
* ✉ Corresponding authors.
* Presented in OARC 42.
* Referenced by RFC 9520: Negative Caching of DNS Resolution Failures.
* Presented in GeekCon 2024 International.
* Presented in Black Hat USA 2024.
* Got the 2024 Pwnie Award Nominations for Most Innovative Research (Hacker Oscar).

PDF 引用代码项目海报演示文稿

Xiang Li, Dashuai Wu, Haixin Duan, Qi Li (2024). DNSBomb: A New Practical-and-Powerful Pulsing DoS Attack Exploiting DNS Queries-and-Responses. In Oakland S&P ‘24. San Francisco, California, May 20–23, 2024. (Acceptance rate: 261/1,466=17.8%, Acceptance rate in first cycle: ??%, Acceptance rate in second cycle: ??%, Acceptance rate in third cycle: ??%).
* Presented in GeekCon 2023 (Second Prize).
* 40+ news coverage by media, such as The Hacker News, Cyber Security News, and dns-operation.
* Presented in DNS OARC 43.

PDF 引用代码项目海报演示文稿

Mingxuan Liu, Yiming Zhang, Xiang Li, Chaoyi Lu, Baojun Liu, Haixin Duan, Xiaofeng Zheng (2024). Understanding the Implementation and Security Implications of Protective DNS Services. In NDSS ‘24. San Diego, California, 26 February – 1 March, 2024. (Acceptance rate: 104/694=15.0%, Acceptance rate in summer: 41/211=19.4%, Acceptance rate in fall: 63/483=13.0%).

PDF 引用代码项目

Linkai Zheng, Xiang Li, Chuhan Wang, Run Guo, Haixin Duan, Jianjun Chen, Chao Zhang, Kaiwen Shen (2024). ReqsMiner: Automated Discovery of CDN Forwarding Request Inconsistencies with Differential Fuzzing. In NDSS ‘24. San Diego, California, 26 February – 1 March, 2024. (Acceptance rate: 104/694=15.0%, Acceptance rate in summer: 41/211=19.4%, Acceptance rate in fall: 63/483=13.0%).

PDF 引用

Qifan Zhang, Xuesong Bai, Xiang Li, Haixin Duan, Qi Li, Zhou Li (2024). Poster: ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing. In NDSS ‘24. San Diego, California, 26 February – 1 March, 2024. (Acceptance rate: 33/42=78.6%).
* ✉ Both are corresponding authors.
* Presented in SHUZIHUANYU Talk.
* Presented in OARC 42.

PDF 引用代码项目

Chuhan Wang, YASUHIRO KURANAGA, Yihang Wang, Mingming Zhang, Linkai Zheng, Xiang Li, Jianjun Chen, Haixin Duan, Yanzhong Lin, Qingfeng Pan (2024). BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet. In NDSS ‘24. San Diego, California, 26 February – 1 March, 2024. (Acceptance rate: 104/694=15.0%, Acceptance rate in summer: 41/211=19.4%, Acceptance rate in fall: 63/483=13.0%).

PDF 引用代码项目

Zhenrui Zhang, Geng Hong, Xiang Li, Zhuoqun Fu, Jia Zhang, Mingxuan Liu, Chuhan Wang, Jianjun Chen, Baojun Liu, Haixin Duan, Chao Zhang, Min Yang (2023). Under the Dark: A Systematical Study of Stealthy Mining Pools (Ab)use in the Wild. In CCS ‘23. Copenhagen, Denmark, November 26–30, 2023. (Acceptance rate: 158/795=19.9%, Acceptance rate in first round: ??%, Acceptance rate in second round: ??%).
* ⓘ Both authors contributed equally to the paper.

PDF 引用代码项目

Wei Xu, Xiang Li, Chaoyi Lu, Baojun Liu, Jia Zhang, Jianjun Chen, Tao Wan, Haixin Duan (2023). TsuKing: Coordinating DNS Resolvers and Queries into Potent DoS Amplifiers. In CCS ‘23. Copenhagen, Denmark, November 26–30, 2023. (Acceptance rate: 158/795=19.9%, Acceptance rate in first round: ??%, Acceptance rate in second round: ??%).
* ⓘ Both authors contributed equally to the paper.
* Presented in OARC 41.
* Presented in Black Hat Europe 2023.

PDF 引用代码项目

Fenglu Zhang, Yunyi Zhang, Baojun Liu, Eihal Alowaisheq, Lingyun Ying, Xiang Li, Zaifeng Zhang, Ying Liu, Haixin Duan, Min Zhang (2023). Wolf in Sheep's Clothing: Evaluating the Security Risks of the Undelegated Record on DNS Hosting Services. In IMC ‘23. Montréal, Canada on October 24 - 26, 2023. (Acceptance rate: 52/208=25.0%).

PDF 引用代码项目

Xiang Li, Chaoyi Lu, Baojun Liu, Qifan Zhang, Zhou Li, Haixin Duan, Qi Li (2023). The Maginot Line: Attacking the Boundary of DNS Caching Protection. In USENIX Security ‘23. Anaheim, California, August 9–11, 2023. (Acceptance rate: 422/1,444=29.2%, Acceptance rate in summer: 91/388=23.5%, Acceptance rate in fall: 155/531=29.2%, Acceptance rate in winter: 176/525=33.5%).
* Presented in Black Hat USA 2023.
* 60+ news coverage by media such as BleepingComputer and APNIC.
* An Austria government CERT daily report.
* A Sweden government CERT weekly news.
* A Bournemouth University (BU) CERT news.
* Presented in SHUZIHUANYU Talk.
* Presented in KANXUE 2023 SDC.
* Presented in Black Hat Webinar.

PDF 引用代码项目演示文稿源文档

Run Guo, Jianjun Chen, Yihang Wang, Keran Mu, Baojun Liu, Xiang Li, Chao Zhang, Haixin Duan, Jianping Wu (2023). Temporal CDN-Convex Lens: A CDN-Assisted Practical Pulsing DDoS Attack. In USENIX Security ‘23. Anaheim, California, August 9–11, 2023. (Acceptance rate: 422/1,444=29.2%, Acceptance rate in summer: 91/388=23.5%, Acceptance rate in fall: 155/531=29.2%, Acceptance rate in winter: 176/525=33.5%).

PDF 引用项目

Mingming Zhang, Xiang Li, Baojun Liu, Jianyu Lu, Jianjun Chen, Yiming Zhang, Xiaofeng Zheng, Haixin Duan, Shuang Hao (2023). DareShark: Detecting and Measuring Security Risks of Hosting-Based Dangling Domains. In SIGMETRICS ‘23. Orlando, Florida, June 19-23, 2023. (Acceptance rate: 55/342=16.1%, Acceptance rate in summer: 17/93=18.3%, Acceptance rate in fall: 26/119=21.9%, Acceptance rate in winter: 12/130=9.2%).
* Presented in OARC 40.
* Presented in APAC DNS Forum 2023 by Mr Alban KWAN.

PDF 引用演示文稿

Xiang Li, Baojun Liu, Xuesong Bai, Mingming Zhang, Qifan Zhang, Zhou Li, Haixin Duan, Qi Li (2023). Ghost Domain Reloaded: Vulnerable Links in Domain Name Delegation and Revocation. In NDSS ‘23. San Diego, California, 27 February – 3 March, 2023. (Acceptance rate: 94/581=16.2%, Acceptance rate in summer: 36/183=19.7%, Acceptance rate in fall: 58/398=14.6%).
* Presented in OARC 39.
* Presented in ICANN DNS Symposium 2022.
* Presented in Black Hat Asia 2023.
* Referenced by RFC Draft: Delegation Revalidation by DNS Resolvers.

PDF 引用代码项目演示文稿源文档 DOI

Shangru Song, Hetian Shi, Ruoyu Lun, Yunchao Guan, Xiang Li, Jihu Zheng, Jianwei Zhuge (2023). Demo: Ransom Vehicle through Charging Pile. In VehicleSec 2023. San Diego, California, Feburary 27, 2023. (Acceptance rate: 32/83=36.0% (overall), 20/49=40.8% (regular), 2/6=33.3% (short), 6/16=37.5% (wpi), and 4/12=33.3% (demos/posters)).

PDF 引用海报演示文稿

Xiang Li, Baojun Liu, Xiaofeng Zheng, Haixin Duan, Qi Li, Youjun Huang (2021). Fast IPv6 Network Periphery Discovery and Security Implications. In DSN ‘21. Taipei, Taiwan, June 21-24, 2021 (Virtually). (Acceptance rate: 48/279=17.2%).
* Presented in 2021 West Lake Cybersecurity Conference: Cyberspace Security Tools Presentation.
* Presented in Pentester Academy TV.
* Referenced by 10+ top-tier security conference papers.
* Supporting one patent CN202110502369.2.
* The 2nd Place of 2025 ACSAC Cybersecurity Artifacts Impact Award (First Chinese institution to receive this award).

PDF 引用代码项目演示文稿视频