Zhiyun Qian

Orcid: 0000-0003-1506-2522

Affiliations:
  • University of California Riverside, USA


According to our database1, Zhiyun Qian authored at least 122 papers between 2009 and 2024.

Collaborative distances:

Timeline

Legend:

Book 
In proceedings 
Article 
PhD thesis 
Dataset
Other 

Links

Online presence:

On csauthors.net:

Bibliography

2024
Enhancing Static Analysis for Practical Bug Detection: An LLM-Integrated Approach.
Proc. ACM Program. Lang., 2024

Comprehensive Memory Safety Validation: An Alternative Approach to Memory Safety.
IEEE Secur. Priv., 2024

Static Detection of Filesystem Vulnerabilities in Android Systems.
CoRR, 2024

Beyond Control: Exploring Novel File System Objects for Data-Only Attacks on Linux Systems.
CoRR, 2024

SyzRetrospector: A Large-Scale Retrospective Study of Syzbot.
CoRR, 2024

SymBisect: Accurate Bisection for Fuzzer-Exposed Vulnerabilities.
Proceedings of the 33rd USENIX Security Symposium, 2024

Don't Waste My Efforts: Pruning Redundant Sanitizer Checks by Developer-Implemented Type Checks.
Proceedings of the 33rd USENIX Security Symposium, 2024

OPTISAN: Using Multiple Spatial Error Defenses to Optimize Stack Memory Protection within a Budget.
Proceedings of the 33rd USENIX Security Symposium, 2024

SyzGen++: Dependency Inference for Augmenting Kernel Driver Fuzzing.
Proceedings of the IEEE Symposium on Security and Privacy, 2024

SyzBridge: Bridging the Gap in Exploitability Assessment of Linux Kernel Bugs in the Linux Ecosystem.
Proceedings of the 31st Annual Network and Distributed System Security Symposium, 2024

K-LEAK: Towards Automating the Generation of Multi-Step Infoleak Exploits against the Linux Kernel.
Proceedings of the 31st Annual Network and Distributed System Security Symposium, 2024

An Investigation of Patch Porting Practices of the Linux Kernel Ecosystem.
Proceedings of the 21st IEEE/ACM International Conference on Mining Software Repositories, 2024

DNS Exfiltration Guided by Generative Adversarial Networks.
Proceedings of the 9th IEEE European Symposium on Security and Privacy, 2024

Untangling the Knot: Breaking Access Control in Home Wireless Mesh Networks.
Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, 2024

Top of the Heap: Efficient Memory Error Protection of Safe Heap Objects.
Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, 2024

2023
Top of the Heap: Efficient Memory Error Protection for Many Heap Objects.
CoRR, 2023

The Hitchhiker's Guide to Program Analysis: A Journey with Large Language Models.
CoRR, 2023

PolyScope: Multi-Policy Access Control Analysis to Triage Android Scoped Storage.
CoRR, 2023

A Hybrid Alias Analysis and Its Application to Global Variable Protection in the Linux Kernel.
Proceedings of the 32nd USENIX Security Symposium, 2023

SyzDescribe: Principled, Automated, Static Generation of Syscall Descriptions for Kernel Drivers.
Proceedings of the 44th IEEE Symposium on Security and Privacy, 2023

Assisting Static Analysis with Large Language Models: A ChatGPT Experiment.
Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 2023

Unsafe at Any Copy: Name Collisions from Mixing Case Sensitivities.
Proceedings of the 21st USENIX Conference on File and Storage Technologies, 2023

2022
Who Moves My App Promotion Investment? A Systematic Study About App Distribution Fraud.
IEEE Trans. Dependable Secur. Comput., 2022

DNS Poisoning of Operating System Caches: Attacks and Mitigations.
IEEE Trans. Dependable Secur. Comput., 2022

SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs in Linux kernel.
Proceedings of the 31st USENIX Security Symposium, 2022

LinKRID: Vetting Imbalance Reference Counting in Linux kernel with Symbolic Execution.
Proceedings of the 31st USENIX Security Symposium, 2022

Off-Path Network Traffic Manipulation via Revitalized ICMP Redirect Attacks.
Proceedings of the 31st USENIX Security Symposium, 2022

Annotating, Tracking, and Protecting Cryptographic Secrets with CryptoMPK.
Proceedings of the 43rd IEEE Symposium on Security and Privacy, 2022

Progressive Scrutiny: Incremental Detection of UBI bugs in the Linux Kernel.
Proceedings of the 29th Annual Network and Distributed System Security Symposium, 2022

The Taming of the Stack: Isolating Stack Data from Memory Errors.
Proceedings of the 29th Annual Network and Distributed System Security Symposium, 2022

PMTUD is not Panacea: Revisiting IP Fragmentation Attacks against TCP.
Proceedings of the 29th Annual Network and Distributed System Security Symposium, 2022

Demystifying the Dependency Challenge in Kernel Fuzzing.
Proceedings of the 44th IEEE/ACM 44th International Conference on Software Engineering, 2022

Perils and Mitigation of Security Risks of Cooperation in Mobile-as-a-Gateway IoT.
Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, 2022

2021
Resilient User-Side Android Application Repackaging and Tampering Detection Using Cryptographically Obfuscated Logic Bombs.
IEEE Trans. Dependable Secur. Comput., 2021

Side Channel Attacks on GPUs.
IEEE Trans. Dependable Secur. Comput., 2021

An Empirical Analysis of Hazardous Uses of Android Shared Storage.
IEEE Trans. Dependable Secur. Comput., 2021

Beyond the CPU: Side-Channel Attacks on GPUs.
IEEE Des. Test, 2021

An Investigation of the Android Kernel Patch Ecosystem.
Proceedings of the 30th USENIX Security Symposium, 2021

SyzVegas: Beating Kernel Fuzzing Odds with Reinforcement Learning.
Proceedings of the 30th USENIX Security Symposium, 2021

Undo Workarounds for Kernel Bugs.
Proceedings of the 30th USENIX Security Symposium, 2021

PolyScope: Multi-Policy Access Control Analysis to Compute Authorized Attack Operations in Android Systems.
Proceedings of the 30th USENIX Security Symposium, 2021

A nationwide census on wifi security threats: prevalence, riskiness, and the economics.
Proceedings of the ACM MobiCom '21: The 27th Annual International Conference on Mobile Computing and Networking, 2021

Statically Discovering High-Order Taint Style Vulnerabilities in OS Kernels.
Proceedings of the CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, Republic of Korea, November 15, 2021

DNS Cache Poisoning Attack: Resurrections with Side Channels.
Proceedings of the CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, Republic of Korea, November 15, 2021

SyzGen: Automated Generation of Syscall Specification of Closed-Source macOS Drivers.
Proceedings of the CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, Republic of Korea, November 15, 2021

Themis: Ambiguity-Aware Network Intrusion Detection based on Symbolic Model Comparison.
Proceedings of the MTD@CCS 2021: Proceedings of the 8th ACM Workshop on Moving Target Defense, 2021

Eluding ML-based Adblockers With Actionable Adversarial Examples.
Proceedings of the ACSAC '21: Annual Computer Security Applications Conference, Virtual Event, USA, December 6, 2021

2020
Packet Header Obfuscation Using MIMO.
IEEE/ACM Trans. Netw., 2020

Characterizing Transnational Internet Performance and the Great Bottleneck of China.
Proc. ACM Meas. Anal. Comput. Syst., 2020

PolyScope: Multi-Policy Access Control Analysis to Triage Android Systems.
CoRR, 2020

A4 : Evading Learning-based Adblockers.
CoRR, 2020

Poison Over Troubled Forwarders: A Cache Poisoning Attack Targeting DNS Forwarding Devices.
Proceedings of the 29th USENIX Security Symposium, 2020

KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities.
Proceedings of the 29th USENIX Security Symposium, 2020

AdGraph: A Graph-Based Approach to Ad and Tracker Blocking.
Proceedings of the 2020 IEEE Symposium on Security and Privacy, 2020

UBITect: a precise and scalable method to detect use-before-initialization bugs in Linux kernel.
Proceedings of the ESEC/FSE '20: 28th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 2020

SymTCP: Eluding Stateful Deep Packet Inspection with Automated Discrepancy Discovery.
Proceedings of the 27th Annual Network and Distributed System Security Symposium, 2020

Experiences of landing machine learning onto market-scale mobile malware detection.
Proceedings of the EuroSys '20: Fifteenth EuroSys Conference 2020, 2020

You do (not) belong here: detecting DPI evasion attacks with context learning.
Proceedings of the CoNEXT '20: The 16th International Conference on emerging Networking EXperiments and Technologies, 2020

DNS Cache Poisoning Attack Reloaded: Revolutions with Side Channels.
Proceedings of the CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020

2019
Catch Me if You Can: A Closer Look at Malicious Co-Residency on the Cloud.
IEEE/ACM Trans. Netw., 2019

App in the Middle: Demystify Application Virtualization in Android and its Security Threats.
Proc. ACM Meas. Anal. Comput. Syst., 2019

ShadowBlock: A Lightweight and Stealthy Adblocking Browser.
Proceedings of the World Wide Web Conference, 2019

Application level attacks on Connected Vehicle Protocols.
Proceedings of the 22nd International Symposium on Research in Attacks, 2019

Employing attack graphs for intrusion detection.
Proceedings of the NSPW '19: New Security Paradigms Workshop, 2019

Unveiling your keystrokes: A Cache-based Side-channel Attack on Graphics Libraries.
Proceedings of the 26th Annual Network and Distributed System Security Symposium, 2019

ForeSee: A Cross-Layer Vulnerability Detection Framework for the Internet of Things.
Proceedings of the 16th IEEE International Conference on Mobile Ad Hoc and Sensor Systems, 2019

When the Attacker Knows a Lot: The GAGA Graph Anonymizer.
Proceedings of the Information Security - 22nd International Conference, 2019

Figment: Fine-grained Permission Management for Mobile Apps.
Proceedings of the 2019 IEEE Conference on Computer Communications, 2019

Collaborative Client-Side DNS Cache Poisoning Attack.
Proceedings of the 2019 IEEE Conference on Computer Communications, 2019

PAPP: Prefetcher-Aware Prime and Probe Side-channel Attack.
Proceedings of the 56th Annual Design Automation Conference 2019, 2019

Principled Unearthing of TCP Side Channel Vulnerabilities.
Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, 2019

2018
Off-Path TCP Exploits of the Challenge ACK Global Rate Limit.
IEEE/ACM Trans. Netw., 2018

AdGraph: A Machine Learning Approach to Automatic and Effective Adblocking.
CoRR, 2018

Precise and Accurate Patch Presence Test for Binaries.
Proceedings of the 27th USENIX Security Symposium, 2018

Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems.
Proceedings of the 27th USENIX Security Symposium, 2018

Off-Path TCP Exploit: How Wireless Routers Can Jeopardize Your Secrets.
Proceedings of the 27th USENIX Security Symposium, 2018

Static Evaluation of Noninterference Using Approximate Model Counting.
Proceedings of the 2018 IEEE Symposium on Security and Privacy, 2018

RARE: A Systematic Augmented Router Emulation for Malware Analysis.
Proceedings of the Passive and Active Measurement - 19th International Conference, 2018

Measuring and Disrupting Anti-Adblockers Using Differential Execution Analysis.
Proceedings of the 25th Annual Network and Distributed System Security Symposium, 2018

Accurate and Efficient Wireless Device Fingerprinting Using Channel State Information.
Proceedings of the 2018 IEEE Conference on Computer Communications, 2018

A Framework for MIMO-based Packet Header Obfuscation.
Proceedings of the 2018 IEEE Conference on Computer Communications, 2018

IotSan: fortifying the safety of IoT systems.
Proceedings of the 14th International Conference on emerging Networking EXperiments and Technologies, 2018

Resilient decentralized Android application repackaging detection using logic bombs.
Proceedings of the 2018 International Symposium on Code Generation and Optimization, 2018

Invetter: Locating Insecure Input Validations in Android Services.
Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018

Rendered Insecure: GPU Side Channel Attacks are Practical.
Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018

How You Get Shot in the Back: A Systematical Study about Cryptojacking in the Real World.
Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018

Droid M+: Developer Support for Imbibing Android's New Permission Model.
Proceedings of the 2018 on Asia Conference on Computer and Communications Security, 2018

2017
Detecting Anti Ad-blockers in the Wild.
Proc. Priv. Enhancing Technol., 2017

Investigation of the 2016 Linux TCP Stack Vulnerability at Scale.
Proc. ACM Meas. Anal. Comput. Syst., 2017

Stalling Live Migrations on the Cloud.
Proceedings of the 11th USENIX Workshop on Offensive Technologies, 2017

Detecting Android Root Exploits by Learning from Root Providers.
Proceedings of the 26th USENIX Security Symposium, 2017

Where Is the Weakest Link? A Study on Security Discrepancies Between Android Apps and Their Website Counterparts.
Proceedings of the Passive and Active Measurement - 18th International Conference, 2017

Malicious co-residency on the cloud: Attacks and defense.
Proceedings of the 2017 IEEE Conference on Computer Communications, 2017

Your state is not mine: a closer look at evading stateful internet censorship.
Proceedings of the 2017 Internet Measurement Conference, 2017

The ad wars: retrospective measurement and analysis of anti-adblock filter lists.
Proceedings of the 2017 Internet Measurement Conference, 2017

Multipath TCP traffic diversion attacks and countermeasures.
Proceedings of the 25th IEEE International Conference on Network Protocols, 2017

Selective HTTPS traffic manipulation at middleboxes for BYOD devices.
Proceedings of the 25th IEEE International Conference on Network Protocols, 2017

2016
A First Look at Ad-block Detection: A New Arms Race on the Web.
CoRR, 2016

Off-Path TCP Exploits: Global Rate Limit Considered Dangerous.
Proceedings of the 25th USENIX Security Symposium, 2016

Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework.
Proceedings of the 23rd Annual Network and Distributed System Security Symposium, 2016

Optimal Monitor Placement for Detection of Persistent Threats.
Proceedings of the 2016 IEEE Global Communications Conference, 2016

Android ION Hazard: the Curse of Customizable Memory Management System.
Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016

The Misuse of Android Unix Domain Sockets and Security Implications.
Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016

revDroid: Code Analysis of the Side Effects after Dynamic Permission Revocation of Android Apps.
Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, 2016

2015
Behavior Query Discovery in System-Generated Temporal Graphs.
Proc. VLDB Endow., 2015

Checking More and Alerting Less: Detecting Privacy Leakages via Enhanced Data-flow Analysis and Peer Voting.
Proceedings of the 22nd Annual Network and Distributed System Security Symposium, 2015

Proactive restart as cyber maneuver for Android.
Proceedings of the 34th IEEE Military Communications Conference, 2015

Android Root and its Providers: A Double-Edged Sword.
Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015

Discover and Tame Long-running Idling Processes in Enterprise Systems.
Proceedings of the 10th ACM Symposium on Information, 2015

Static Detection of Packet Injection Vulnerabilities: A Case for Identifying Attacker-controlled Implicit Information Leaks.
Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015

2014
Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks.
Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014., 2014

2013
AppProfiler: a flexible method of exposing privacy-related behavior in android applications to end users.
Proceedings of the Third ACM Conference on Data and Application Security and Privacy, 2013

2012
Discover, Analyze, and Validate Attacks with Introspective Side Channels.
PhD thesis, 2012

Off-path TCP Sequence Number Inference Attack - How Firewall Middleboxes Reduce Security.
Proceedings of the IEEE Symposium on Security and Privacy, 2012

You Can Run, but You Can't Hide: Exposing Network Location for Targeted DoS Attacks in Cellular Networks.
Proceedings of the 19th Annual Network and Distributed System Security Symposium, 2012

Collaborative TCP sequence number inference attack: how to crack sequence number under a second.
Proceedings of the ACM Conference on Computer and Communications Security, 2012

2011
An untold story of middleboxes in cellular networks.
Proceedings of the ACM SIGCOMM 2011 Conference on Applications, 2011

Designing Scalable and Effective Decision Support for Mitigating Attacks in Large Enterprise Networks.
Proceedings of the Security and Privacy in Communication Networks, 2011

2010
Investigation of Triangular Spamming: A Stealthy and Efficient Spamming Technique.
Proceedings of the 31st IEEE Symposium on Security and Privacy, 2010

On Network-level Clusters for Spam Detection.
Proceedings of the Network and Distributed System Security Symposium, 2010

Accurate online power estimation and automatic battery behavior based power model generation for smartphones.
Proceedings of the 8th International Conference on Hardware/Software Codesign and System Synthesis, 2010

2009
Ensemble: Community-Based Anomaly Detection for Popular Applications.
Proceedings of the Security and Privacy in Communication Networks, 2009


  Loading...