Projects | Xianghang (Scott) Mi

Residential Proxy Ecosystem

2019 -- 2025

The first to systematically uncover and measure the residential proxy (RESIP) ecosystem, revealing how millions of compromised residential hosts are abused as proxy exits for cybercrime — and how mobile devices are silently recruited into proxy networks through malicious SDKs in popular apps.

Publications

Datasets

RESIP — Millions of residential proxy IPs across 230+ countries
ResiFlow — 3TB of residential proxy traffic flows (available to researchers upon request)

Tools

RESIP Infiltrator — Capture residential-proxy IP addresses from RPaaS services

Security of AI Agents

2017 -- 2026

The first to uncover systemic security vulnerabilities in voice assistant ecosystems — including voice squatting, voice masquerading, and command hijacking attacks — and to expose how in-context learning in large language models can be adversarially evaded through black-box attacks.

Publications

IMC'17 An Empirical Characterization of IFTTT: Ecosystem, Usage, and Performance
SP'19-b Dangerous skills: Understanding and mitigating security risks of voice-controlled third-party functions on virtual personal assistant systems 🏆 CSAW'19 Best Paper Award
AsiaCCS'24 Command Hijacking on Voice-Controlled IoT in Amazon Alexa Platform
WWW'26 ICL-EVADER: Zero-Query Black-Box Evasion Attacks on In-Context Learning and Their Defenses ⭐ Highlight

Datasets

IFTTT — All services and applets on the IFTTT trigger-action platform
ICL-Evader Data — Benchmark task datasets for evaluating in-context learning evasion attacks and defenses

Tools

ICL-Evader — Modular Python framework for zero-query black-box evasion attacks and joint defenses against in-context learning

Awards

CSAW'19 Best Paper Award

Detection & Measurement of Online Abuse

2017 -- 2025

Building systematic, data-driven measurement pipelines to discover, measure, and understand diverse online abuse operations at Internet scale — from bulletproof hosting and search poisoning to SMS spam and social media illicit promotion.

Publications

SP'17 Under the shadow of sunshine: Understanding and detecting bulletproof hosting on legitimate service pr ovider networks
NDSS'18 Game of Missuggestions: Semantic Analysis of Search-Autocomplete Manipulations
NDSS'19 Cracking the Wall of Confinement: Understanding and Analyzing Malicious Domain Take-downs 🏆 NDSS'19 Distinguished Paper Award
Security'19 Understanding iOS-based Crowdturfing Through Hidden UI Analysis
CCS'22-b Clues in Tweets: Twitter-Guided Discovery and Analysis of SMS Spam
arXiv'24-c Reflected Search Poisoning for Illicit Promotion
WWW'25 Detecting and Understanding the Promotion of Illicit Goods and Services on Twitter
arXiv'24-f SpamDam: Towards Privacy-Preserving and Adversary-Resistant SMS Spam Detection

Datasets

SpamHunter — Largest-ever public SMS spam dataset
SearchIPT — 11M illicit promotion texts from search engines
xPIP — 12M illicit promotion posts from the X platform

Tools

SpamHunter — Continuous discovery of SMS spam from victim reports on social networks
IPT Toolchain — Capture and analyze illicit promotional texts from search engines
PIP Hunter — Capture posts of illicit promotion from social network platforms

Awards

NDSS'19 Distinguished Paper Award

Decentralized Network Infrastructure Security

2023 -- 2026

The first empirical security measurements of emerging decentralized network infrastructures — including decentralized cloud storage, peer-assisted content delivery, and open edge computing platforms — uncovering novel attack surfaces, privacy leaks, and systemic vulnerabilities.

Publications

Datasets

Okara TLS Vulnerability Data — Android TLS MitM vulnerability benchmark (restricted access via request form)

Tools

Edge Traffic Analyzer — Capture and analyze edge traffic from open edge computing platforms to detect security risks
Okara (TMV-Hunter + TMV-ORCA) — LLM-driven GUI agent for detecting and attributing TLS MitM vulnerabilities in Android apps