Publications

Summary: My research has led to datasets and tools released to the public, along with tens of publications in well-recognized security venues, e.g., IEEE Security & Privacy, USENIX Security, CCS, NDSS, IMC, CoNEXT, DSN, ACSAC, AsiaCCS, etc. Most publications can be grouped by the following research topics:

The security of AI agents (e.g., voice assistants): [IMC'17] [SP'19-b] [AsiaCCS'24] [WWW'26]

Residential proxies, reverse proxies, and anonymity: [SP'19-a] [NDSS'21] [CCS'22-a] [arXiv'24-a] [EuroSP'25] [IFIPSEC'26].

The security of decentralized network infrastructures: [IWQoS'23] [DSN'24] [ACSAC'24] [ACISP'26]

Detection and measurement of online abuse and cybercrime: [SP'17] [NDSS'18] [NDSS'19] [Security'19] [CCS'22-b] [WWW'25]

Notation: * indicates co-first author; † indicates corresponding author.

[WWW'26] ICL-EVADER: Zero-Query Black-Box Evasion Attacks on In-Context Learning and Their Defenses ⭐ Highlight
Ningyuan He*, Ronghong Huang*, Qianqian Tang, Hongyu Wang, Xianghang Mi, Shanqing Guo
In the 2026 ACM Web Conference.
Code Arxiv
[ACISP'26] Okara: Detection and Attribution of TLS Man-in-the-Middle Vulnerabilities in Android Apps with Foundation Models Recent
Haoyun Yang, Ronghong Huang, Yong Fang, Beizeng Zhang, Junpu Guo, Zhanyu Wu, Xianghang Mi
In Australasian Conference on Information Security and Privacy (ACISP).
Arxiv
[IFIPSEC'26] Pepper: High-bandwidth and Scalable Anonymous Broadcast with Cryptographic Privacy Recent
Chenghao Li, Xianghang Mi
In IFIPSEC Conference 2026.
[EuroSP'25] Port Forwarding Services Are Forwarding Security Risks
Haoyuan Wang, Yue Xue, Xuan Feng, Chao Zhou, Xianghang Mi
In EuroSP 2025.
Code Project Arxiv
[WWW'25] Detecting and Understanding the Promotion of Illicit Goods and Services on Twitter
Hongyu Wang*, Ying Li*, Ronghong Huang, Xianghang Mi
In the 2025 ACM Web Conference.
Code Dataset Project Arxiv
[ACSAC'24] Dissecting Open Edge Computing Platforms: Ecosystem, Usage, and Security Risks
Yu Bi*, Mingshuo Yang*, Yong Fang, Xianghang Mi, Shanqing Guo, Shujun Tang, Haixin Duan
In The Annual Computer Security Applications Conference (ACSAC) 2024.
Code Dataset Arxiv
[AsiaCCS'24] Command Hijacking on Voice-Controlled IoT in Amazon Alexa Platform
Wenbo Ding, Song Liao, Long Cheng, Xianghang Mi†, Ziming Zhao, Hongxin Hu
In the Proceedings of the 19th ACM Asia Conference on Computer and Communications Security.
PDF
[DSN'24] Stealthy Peers: Understanding Security and Privacy Risks of Peer-Assisted Video Streaming
Siyuan Tang, Eihal Alowaisheq, Xianghang Mi, Yi Chen, XiaoFeng Wang, Yanzhi Dou
In 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).
Code Dataset Arxiv
[arXiv'24-a] Shining Light into the Tunnel: Understanding and Classifying Network Traffic of Residential Proxies
Ronghong Huang, Dongfang Zhao, Xianghang Mi†, XiaoFeng Wang
In arXiv Preprint 2024.
Code Dataset Project Arxiv
[arXiv'24-c] Reflected Search Poisoning for Illicit Promotion
Sangyi Wu, Jialong Xue, Shaoxuan Zhou, Xianghang Mi†
In arXiv Preprint 2024.
Code Dataset Project Arxiv
[arXiv'24-e] Enabling Privacy-Preserving Cyber Threat Detection with Federated Learning
Yu Bi*, Yekai Li, Xuan Feng, Xianghang Mi†
In arXiv Preprint 2024.
Code Dataset Project Arxiv
[arXiv'24-f] SpamDam: Towards Privacy-Preserving and Adversary-Resistant SMS Spam Detection
Yekai Li, Rufan Zhang, Wenxin Rong, Xianghang Mi†
In arXiv Preprint 2024.
Code Project Arxiv
[IWQoS'23] An Empirical Study of Storj DCS: Ecosystem, Performance, and Security
Hao Li, Xianghang Mi, Yanzhi Dou, Shanqing Guo
In IEEE/ACM IWQoS 2023.
PDF
[CCS'22-a] An Extensive Study of Residential Proxies in China
Mingshuo Yang*, Yunnan Yu*, Xianghang Mi, Shujun Tang, Shanqing Guo, Yilin Li, Xiaofeng Zheng, Haixin Duan
In ACM CCS 2022.
PDF Dataset
[CCS'22-b] Clues in Tweets: Twitter-Guided Discovery and Analysis of SMS Spam
Siyuan Tang, Xianghang Mi, Ying Li, XiaoFeng Wang, Kai Chen
In ACM CCS 2022.
PDF Code Dataset
[NDSS'21] Your Phone is My Proxy: Detecting and Understanding Mobile Proxy Networks
Xianghang Mi†, Siyuan Tang, Zhengyi Li, Xiaojing Liao, Feng Qian, XiaoFeng Wang
In Network and Distributed System Security Symposium 2021.
PDF Dataset
[Security'19] Understanding iOS-based Crowdturfing Through Hidden UI Analysis
Yeonjoon Lee, Xueqiang Wang, Kwangwuk Lee, Xiaojing Liao, XiaoFeng Wang, Tongxin Li, Xianghang Mi†
In USENIX Security Symposium 2019.
PDF Cite
[SP'19-a] Resident Evil: Understanding Residential IP Proxy as a Dark Service
Xianghang Mi†, Xuan Feng, Xiaojing Liao, Baojun Liu, XiaoFeng Wang, Feng Qian, Zhou Li, Sumayah Alrwais, Limin Sun, Ying Liu
In IEEE Symposium on Security and Privacy 2019.
PDF Cite Code Dataset Slides Video 1-min Preview Blog
[SP'19-b] Dangerous skills: Understanding and mitigating security risks of voice-controlled third-party functions on virtual personal assistant systems 🏆 CSAW'19 Best Paper Award
Nan Zhang, Xianghang Mi†, Xuan Feng, XiaoFeng Wang, Yuan Tian, Feng Qian
In IEEE Symposium on Security and Privacy 2019.
PDF Cite Slides Video 1-min Preview Attack Demo Report by Forbes Blog Poster
[NDSS'19] Cracking the Wall of Confinement: Understanding and Analyzing Malicious Domain Take-downs 🏆 NDSS'19 Distinguished Paper Award
Eihal Alowaisheq, Peng Wang, Sumayah Alrwais, Xiaojing Liao, XiaoFeng Wang, Tasneem Alowaisheq, Xianghang Mi†, Siyuan Tang, Baojun Liu
In Network and Distributed System Security Symposium 2019.
PDF Cite
[NDSS'18] Game of Missuggestions: Semantic Analysis of Search-Autocomplete Manipulations
Peng Wang, Xianghang Mi†, Xiaojing Liao, XiaoFeng Wang, Kan Yuan, Feng Qian, Raheem A Beyah
In Network and Distributed System Security Symposium 2018.
PDF Cite
[IMC'17] An Empirical Characterization of IFTTT: Ecosystem, Usage, and Performance
Xianghang Mi†, Feng Qian, Ying Zhang, XiaoFeng Wang
In ACM Internet Measurement Conference 2019.
PDF Cite Code Dataset Slides
[Security'17] Picking Up My Tab: Understanding and Mitigating Synchronized Token Lifting and Spending in Mobile Payment
Xiaolong Bai, Zhe Zhou, XiaoFeng Wang, Zhou Li, Xianghang Mi†, Nan Zhang, Tongxin Li, Shi-Min Hu, Kehuan Zhang
In USENIX Security Symposium 2017.
PDF Cite
[SP'17] Under the shadow of sunshine: Understanding and detecting bulletproof hosting on legitimate service pr ovider networks
Sumayah Alrwais, Xiaojing Liao, Xianghang Mi†, Peng Wang, XiaoFeng Wang, Feng Qian, Raheem Beyah, Damon McCoy
In IEEE Symposium on Security and Privacy 2017.
PDF Cite Video
[arXiv'17] Understanding iot security through the data crystal ball: Where we are now and where we are going to be
Nan Zhang, Soteris Demetriou, Xianghang Mi†, Wenrui Diao, Kan Yuan, Peiyuan Zong, Feng Qian, XiaoFeng Wang, Kai Chen, Yuan Tian, Carl A Gunter, Kehuan Zhang, Patrick Tague, Yue-Hsun Lin
In ArXiv 2017.
PDF Cite
[CoNEXT'16] SMig: Stream Migration Extension For HTTP/2
Xianghang Mi†, Feng Qian, XiaoFeng Wang
In ACM CoNEXT 2016.
PDF Cite Slides