Publications

Summary: My research has led to tens of publications in well-recognized security venues, e.g., IEEE Security & Privacy, USENIX Security, CCS, NDSS, IMC, CoNEXT, DSN, ACSAC, AsiaCCS, etc. Most publications can be grouped by the following research topics:

The security risks of residential proxies and reverse proxies: [SP'19-a] [NDSS'21] [CCS'22-a] [arXiv'24-a] [arXiv'24-b].

The security of AI agents (e.g., voice assistants): [IMC'17] [SP'19-b] [AsiaCCS'24]

The security of decentralized network infrastructures: [IWQoS'23] [DSN'24] [ACSAC'24]

Privacy-preserving prevention of harmful content (e.g., spam and malware): [CCS'22-b] [arXiv'24-e] [arXiv'24-f].

Detecting and understanding online abuse and cybercrime: [SP'17] [NDSS'18] [NDSS'19] [Security'19] [arXiv'24-c] [arXiv'24-d]

[ACSAC'24] Dissecting Open Edge Computing Platforms: Ecosystem, Usage, and Security Risks
Yu Bi, Mingshuo Yang, Yong Fang, Xianghang Mi, Shanqing Guo, Shujun Tang, Haixin Duan
In The Annual Computer Security Applications Conference (ACSAC) 2024.
Code Dataset Arxiv
[AsiaCCS'24] Command Hijacking on Voice-Controlled IoT in Amazon Alexa Platform
Wenbo Ding, Song Liao, Long Cheng, Xianghang Mi, Ziming Zhao, Hongxin Hu
In the Proceedings of the 19th ACM Asia Conference on Computer and Communications Security.
PDF
[DSN'24] Stealthy Peers: Understanding Security and Privacy Risks of Peer-Assisted Video Streaming
Siyuan Tang, Eihal Alowaisheq, Xianghang Mi, Yi Chen, XiaoFeng Wang, Yanzhi Dou
In 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).
Code Dataset Arxiv
[arXiv'24-a] Shining Light into the Tunnel: Understanding and Classifying Network Traffic of Residential Proxies
Ronghong Huang, Dongfang Zhao, Xianghang Mi, XiaoFeng Wang
In arXiv Preprint 2024.
Code Dataset Project Arxiv
[arXiv'24-b] Port Forwarding Services Are Forwarding Security Risks
Haoyuan Wang, Yue Xue, Xuan Feng, Chao Zhou, Xianghang Mi
In arXiv Preprint 2024.
Code Project Arxiv
[arXiv'24-c] Reflected Search Poisoning for Illicit Promotion
Sangyi Wu, Jialong Xue, Shaoxuan Zhou, Xianghang Mi
In arXiv Preprint 2024.
Code Dataset Project Arxiv
[arXiv'24-d] Illicit Promotion on Twitter
Hongyu Wang, Ying Li, Ronghong Huang, Xianghang Mi
In arXiv Preprint 2024.
Code Dataset Project Arxiv
[arXiv'24-e] Enabling Privacy-Preserving Cyber Threat Detection with Federated Learning
Yu Bi, Yekai Li, Xuan Feng, Xianghang Mi
In arXiv Preprint 2024.
Code Dataset Project Arxiv
[arXiv'24-f] SpamDam: Towards Privacy-Preserving and Adversary-Resistant SMS Spam Detection
Yekai Li, Rufan Zhang, Wenxin Rong, Xianghang Mi
In arXiv Preprint 2024.
Code Project Arxiv
[IWQoS'23] An Empirical Study of Storj DCS: Ecosystem, Performance, and Security
Hao Li, Xianghang Mi, Yanzhi Dou, Shanqing Guo
In IEEE/ACM IWQoS 2023.
PDF
[CCS'22-a] An Extensive Study of Residential Proxies in China
Mingshuo Yang, Yunnan Yu, Xianghang Mi, Shujun Tang, Shanqing Guo, Yilin Li, Xiaofeng Zheng, Haixin Duan
In ACM CCS 2022.
PDF Dataset
[CCS'22-b] Clues in Tweets: Twitter-Guided Discovery and Analysis of SMS Spam
Siyuan Tang, Xianghang Mi, Ying Li, XiaoFeng Wang, Kai Chen
In ACM CCS 2022.
PDF Code Dataset
[NDSS'21] Your Phone is My Proxy: Detecting and Understanding Mobile Proxy Networks
Xianghang Mi, Siyuan Tang, Zhengyi Li, Xiaojing Liao, Feng Qian, XiaoFeng Wang
In Network and Distributed System Security Symposium 2021.
PDF Dataset
[Security'19] Understanding iOS-based Crowdturfing Through Hidden UI Analysis
Yeonjoon Lee, Xueqiang Wang, Kwangwuk Lee, Xiaojing Liao, XiaoFeng Wang, Tongxin Li, Xianghang Mi
In USENIX Security Symposium 2019.
PDF Cite
[SP'19-a] Resident Evil: Understanding Residential IP Proxy as a Dark Service
Xianghang Mi, Xuan Feng, Xiaojing Liao, Baojun Liu, XiaoFeng Wang, Feng Qian, Zhou Li, Sumayah Alrwais, Limin Sun, Ying Liu
In IEEE Symposium on Security and Privacy 2019.
PDF Cite Code Dataset Slides Video 1-min Preview Blog
[SP'19-b] Dangerous skills: Understanding and mitigating security risks of voice-controlled third-party functions on virtual personal assistant systems
Nan Zhang, Xianghang Mi, Xuan Feng, XiaoFeng Wang, Yuan Tian, Feng Qian
In IEEE Symposium on Security and Privacy 2019.
PDF Cite Slides Video 1-min Preview Attack Demo Report by Forbes Blog Poster
[NDSS'19] Cracking the Wall of Confinement: Understanding and Analyzing Malicious Domain Take-downs
Eihal Alowaisheq, Peng Wang, Sumayah Alrwais, Xiaojing Liao, XiaoFeng Wang, Tasneem Alowaisheq, Xianghang Mi, Siyuan Tang, Baojun Liu
In Network and Distributed System Security Symposium 2019.
PDF Cite
[NDSS'18] Game of Missuggestions: Semantic Analysis of Search-Autocomplete Manipulations
Peng Wang, Xianghang Mi, Xiaojing Liao, XiaoFeng Wang, Kan Yuan, Feng Qian, Raheem A Beyah
In Network and Distributed System Security Symposium 2018.
PDF Cite
[IMC'17] An Empirical Characterization of IFTTT: Ecosystem, Usage, and Performance
Xianghang Mi, Feng Qian, Ying Zhang, XiaoFeng Wang
In ACM Internet Measurement Conference 2019.
PDF Cite Code Dataset Slides
[Security'17] Picking Up My Tab: Understanding and Mitigating Synchronized Token Lifting and Spending in Mobile Payment
Xiaolong Bai, Zhe Zhou, XiaoFeng Wang, Zhou Li, Xianghang Mi, Nan Zhang, Tongxin Li, Shi-Min Hu, Kehuan Zhang
In USENIX Security Symposium 2017.
PDF Cite
[SP'17] Under the shadow of sunshine: Understanding and detecting bulletproof hosting on legitimate service pr ovider networks
Sumayah Alrwais, Xiaojing Liao, Xianghang Mi, Peng Wang, XiaoFeng Wang, Feng Qian, Raheem Beyah, Damon McCoy
In IEEE Symposium on Security and Privacy 2017.
PDF Cite Video
[arXiv'17] Understanding iot security through the data crystal ball: Where we are now and where we are going to be
Nan Zhang, Soteris Demetriou, Xianghang Mi, Wenrui Diao, Kan Yuan, Peiyuan Zong, Feng Qian, XiaoFeng Wang, Kai Chen, Yuan Tian, Carl A Gunter, Kehuan Zhang, Patrick Tague, Yue-Hsun Lin
In ArXiv 2017.
PDF Cite
[CoNEXT'16] SMig: Stream Migration Extension For HTTP/2
Xianghang Mi, Feng Qian, XiaoFeng Wang
In ACM CoNEXT 2016.
PDF Cite Slides