Yue Zhang (张悦)

Yue Zhang (张悦)

Professor, School of Computer Science and Technology, Shandong University

中文主页

每年有少量硕士、博士生名额。硕士/博士/博士后将从事以下领域研究:大语言模型在安全上的应用、大语言模型安全、移动和手机安全、物联网安全和程序分析。让我们共同探索创新解决方案,推动网络安全领域的发展!欢迎通过电子邮件 zyueinfosec@gmail.com 与我联系.

个人简历:

张悦,博士,山东大学教授,博士/硕士生导师。曾在IEEE S&P,USENIX Security,ACM CCS,NDSS等安全领域顶级会议发表学术论文40余篇(其中安全四大顶会19篇,CCF-A类论文29篇),谷歌引用3000余次;获批美国专利5项、国家专利授权13项,实现成果转化一项。曾获ACM CCS最佳论文提名,NDSS杰出审稿人,ICII最佳论文,广东省自然科学奖一等奖、广东省CCF最佳论文一等奖等诸多奖项学术服务方面,担任EAI ICECI大会主席,IEEE MASS,IEEE MSN等会议分论坛主席,担任可信数字经济中心陕西省高校工程研究中心副主任;担任NDSS,ACM CCS,USENIX Security, RAID,ACSAC等著名安全会议程序委员会委员;担任T-IFS、HCC、PeerJ CS等期刊副主编或编委。曾多次发现 Bluetooth SIG,谷歌、Apple、德州仪器、MQTT、腾讯等组织、知名公司的高危严重漏洞,获得Apple,德州仪器,谷歌等公司公开致谢和漏洞赏金。成果被中央电视台、新浪等媒体报道。

背景经历:

我目前是山东大学计算机科学与技术学院的教授,与成秀珍教授紧密合作。在加入山东大学之前,我曾在美国学习工作7年。我曾是美国德雷塞尔大学(Drexel University)计算机科学系的终身轨助理教授(2024 - 2025年)。我在俄亥俄州立大学(Ohio State University (OSU) )从事了三年的博士后研究(2020 - 2023年),合作导师林志强教授。在来到俄亥俄州立大学之前,我毕业于暨南大学(2016 - 2020年),师从翁健教授和罗伟奇教授。读博期间,我曾在中佛罗里达大学 ( University of Central Florida) / 马萨诸塞大学洛厄尔分校 (University of Massachusetts Lowell)(2018 -2020年)访问/工作,合作导师付新文 教授。

研究方向:

大语言模型在安全上的应用: [IEEE S&P 25],[EAAI 2024],[EMNLP 2024]
大语言模型安全: [USENIX Security 25c],[IoT-J25],[CCS 23a]
移动和手机安全: [USENIX Security 25b],[NDSS 25b],[CCS 23a],[CCS 23b],[NDSS 23c],[USENIX Security 23],[ICSE 23],[CCS 22b]
物联网安全: [USENIX Security 25a],[NDSS 25a],[CCS 24a],[CCS 24c],[NDSS 23b],[CCS 24b], [USENIX Security 24],[NDSS 23a],[CCS 22a]
程序分析: [CCS 24b],[USENIX Security 23],[ICSE 23],[NDSS 23a],[USENIX Security 25b],[NDSS 25b],[CCS 23a],[CCS 23b],[NDSS 23c],[CCS 22b]

代表作 (完整论文清单):

我曾在IEEE S&P、USENIX Security、ACM CCS、NDSS等安全顶级会议和TDSC等顶级期刊上发表了40多篇论文。谷歌引用超3000次。

安全顶会 (19 papers): IEEE S&P (‘25), USENIX-Security (‘24, ‘23, ‘20, ‘25x3), CCS (‘24x3, ‘23x2, ‘22x2), NDSS (‘23x3, ‘25x2)

数据分布: CCF A: 29 papers, CCF B: 6 papers, CCF C: 5 papers

2025:

  1. [IEEE S&P 25] - Xiao Li, Yue Li, Hao Wu, Yue Zhang, Kaidi Xu, Xiuzhen Cheng, Sheng Zhong, and Fengyuan Xu. Make a Feint to the East While Attacking in the West: Blinding LLM-Based Code Auditors with Flashboom Attacks. IEEE Symposium on Security and Privacy. [Tier 1] [BIG4] [CCF-A]
  2. [USENIX Security 25c] - Yumingzhi Pan, Zhen Ling, Yue Zhang, Hongze Wang, Guangchi Liu, Junzhou Luo, Xinwen Fu. “TORCHLIGHT: Shedding LIGHT on Real-World Attacks on Cloudless IoT Devices Concealed within the TOR Network.” To appear in Proceedings of the 34th USENIX Security Symposium. [Tier 1] [BIG4] [CCF-A]
  3. [USENIX Security 25b] - Yifan Yao, Shawn McCollum, Zhibo Sun,Yue Zhang. “Easy As Child’s Play: An Empirical Study on Age Verification of Adult-Oriented Android Apps.” To appear in Proceedings of the 34th USENIX Security Symposium. [Tier 1] [BIG4] [CCF-A]
  4. [IoT-J25] - Ye Cheng, Minghui Xu, Yue Zhang, Kun Li, Ruoxi Wang, and Lian Yang. “AutoIoT: Automated IoT Platform Using Large Language Models.” IEEE Internet of Things Journal (2025).[JCR-Q1][CCF-C]
  5. [USENIX Security 25a] - Xinhui Shao, Zhen Ling, Yue Zhang, Huaiyu Yan, Yumeng Wei, Lan Luo, Zixia Liu, Junzhou Luo, Xinwen Fu. “The Cost of Performance: Breaking ThreadX with Kernel Object Masquerading Attacks”. To appear in Proceedings of the 34th USENIX Security Symposium. [Tier 1] [BIG4] [CCF-A]
  6. [NDSS 25b] - Christopher Ellis, Yue Zhang, Mohit Kumar Jangid, Shixuan Zhao, Zhiqiang Lin. “Deanonymizing Device Identities via Side-channel Attacks in Exclusive-use IoTs and Mitigation.” To appear in The Network and Distributed System Security Symposium (NDSS), 2025.[Tier 1] [BIG4] [CCF-A]
  7. [NDSS 25a] - Yuqing Yang, Yue Zhang, Zhiqiang Lin. “Understanding the Miniapp Malware: Identification, Dissection, and Characterization.” To appear in The Network and Distributed System Security Symposium (NDSS), 2025.[Tier 1] [BIG4] [CCF-A]

2024:

  1. [EAAI 2024] - Zhiyuan Wang, Jinhao Duan, Chenxi Yuan, Qingyu Chen, Tianlong Chen, Huaxiu Yao, Yue Zhang, Ren Wang, Kaidi Xu, Xiaoshuang Shi. “Word-Sequence Entropy: Towards Uncertainty Estimation in Free-Form Medical Question Answering Applications and Beyond”, Engineering Applications of Artificial Intelligence. [CCF-C]
  2. [EMNLP 2024] - Zhiyuan Wang, Jinhao Duan, Lu Cheng, Yue Zhang, Qingni Wang, Hengtao Shen, Xiaofeng Zhu, Xiaoshuang Shi, and Kaidi Xu. “ConU: Conformal Uncertainty in Large Language Models with Correctness Coverage Guarantees.” in Proceedings of The 2024 Conference on Empirical Methods in Natural Language Processing, Miami, Florida, U.S.A. [Tier 1] [CCF-B]
  3. [CCS 2024c] - Yue Zhang, Zhen Ling, Michael Cash, Qiguang Zhang, Christopher Morales-Gonzalez, Qun Zhou Sun, Xinwen Fu, “Collapse Like A House of Cards: Hacking Building Automation System Through Fuzzing”, in Proceedings of the 31th ACM Conference on Computer and Communications Security, Salt Lake City, USA, October 14-18, 2024.[Tier 1] [BIG4] [CCF-A]
  4. [CCS 2024b] - Yue Zhang, Melih Sirlanci, Ruoyu “Fish” Wang, and Zhiqiang Lin, When Compiler Optimizations Meet Symbolic Execution: An Empirical Study, in Proceedings of ACM CCS, October 14-18, 2024, Salt Lake City, U.S.A.[Tier 1] [BIG4] [CCF-A]
  5. [CCS 2024a] - Kaizhen Liu, Ming Yang, Zhen Ling, Yue Zhang, Chongqing Lei, Junzhou Luo and Xinwen Fu, RIoTFuzzer: Companion App Assisted Remote Fuzzing for Detecting Vulnerabilities in IoT Devices, in Proceedings of ACM CCS, October 14-18, 2024, Salt Lake City, U.S.A.[Tier 1] [BIG4] [CCF-A]
  6. [JSA 2024] - Shan Wang, Ming Yang, Shan Jiang, Fei Chen, Yue Zhang, Xinwen Fu, “BBS: A Secure and Autonomous Blockchain-based Big-Data Sharing System”, Elsevier Journal of Systems Architecture (JSA). [CCF-B][JCR Q1]
  7. [ICMC 24] - Biwei Yan, Kun Li, Minghui Xu*, Yueyan Dong, Yue Zhang, Zhaochun Ren, Xiuzhen Cheng, “On Protecting the Data Privacy of Large Language Models (LLMs): A Survey”, IEEE International Conference on Meta Computing (ICMC), 2024
  8. [HCC 24] - Yifan Yao, Jinhao Duan, Kaidi Xu, Yuanfang Cai, Eric Sun, Yue Zhang. A Survey on Large Language Model (LLM) Security and Privacy: The Good, the Bad, and the Ugly. High-Confidence Computing.
  9. [USENIX Security 24] - Chongqing Lei, Zhen Ling, Yue Zhang, Yan Yang, Junzhou Luo, Xinwen Fu, A Friend’s Eye is A Good Mirror: Synthesizing MCU Peripheral Models from Peripheral Driver, in Proceedings of the 33rd USENIX Security Symposium, August 14–16, 2024 Philadephia, PA, USA. [Tier 1] [BIG4] [CCF-A]
  10. [AsiaCCS 24] - Chao Wang, Yue Zhang, and Zhiqiang Lin. RootFree Attacks: Exploiting Mobile Super Apps From Desktop Platforms. The 19th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2024). [Tier 2] [CCF-C]
  11. [INFOCOM 24] - Shan Wang, Ming Yang, Wenxuan Dai, Yu Liu, Yue Zhang, and Xinwen Fu, “Deanonymizing Ethereum Users behind Third-Party RPC Services”, accepted to appear in Proceedings of the 43rd IEEE International Conference on Computer Communications (INFOCOM’24), Vancouver, Canada, May 20-23, 2024. [CCF-A][AR 19.6%]

2023 and Before:

  1. [USENIX Security 23] - Chao Wang, Yue Zhang, and Zhiqiang Lin. One Size Does Not Fit All: Uncovering And Exploiting Cross Platform Discrepant APIs in Wechat. In 31st USENIX Security Symposium (USENIX Security 23), 2023. [Tier 1] [BIG4] [CCF-A]
  2. [CCS 23b] - Chao Wang, Yue Zhang, and Zhiqiang Lin. Uncovering and Exploiting Hidden APIs in Mobile Super Apps. In Proceedings of the 30th ACM Conference on Computer and Communications Security. November 2023. [Tier 1] [BIG4] [CCF-A]
  3. [CCS 23a] - Yue Zhang, Yuqing Yang, and Zhiqiang Lin. Don’t Leak Your Keys: Understanding, Measuring, and Exploiting the AppSecret Leaks in Mini-Programs. In Proceedings of the 30th ACM Conference on Computer and Communications Security. November 2023. [Tier 1] [BIG4] [CCF-A]
  4. [ICSE 23] - Chao Wang, Ronny Ko, Yue Zhang, Yuqing Yang, Zhiqiang Lin. TAINTMINI: Detecting Flow of Sensitive Data in Mini-Programs with Static Taint Analysis. To appear in The International Conference on Software Engineering (ICSE), 2023. [Tier 1] [CCF-A]
  5. [NDSS 23c] - Chongqing Lei, Zhen Ling, Yue Zhang, Kai Dong, Kaizheng Liu, Junzhou Luo, Xinwen Fu, ‘Do Not Give a Dog Bread Every Time He Wags His Tail: Stealing Passwords through Content Queries (CONQUER) Attacks’. In Proceedings of the 30th Network and Distributed System Security, San Diego, CA, April 2023. [Tier 1] [BIG4] [CCF-A]
  6. [NDSS 23b] Caiqin Dong, Jian Weng, Jia-Nan Liu, Yue Zhang, Yao Tong, Anjia Yang, Yudan Cheng, and Shun Hu. “Fusion: Efficient and Secure Inference Resilient to Malicious Servers”. In Proceedings of the 30th ISOC Network and Distributed System Security Symposium, San Diego, CA, April 2023. [Tier 1] [BIG4] [CCF-A]
  7. [NDSS 23a] - Mohit K. Jangid, Yue Zhang, Zhiqiang Lin. “Extrapolating Formal Analysis to Uncover Attacks in Bluetooth Passkey Entry Pairing”. In Proceedings of the 30th ISOC Network and Distributed System Security Symposium, San Diego, CA, April 2023. [Tier 1] [BIG4] [CCF-A] (Co-First Author)
  8. [CCS 22b] - Allen Y. Yang, Yue Zhang, Zhiqiang Lin. “Cross Miniapp Request Forgery: Root Causes, Attacks, and Vulnerability Detection”. In Proceedings of the 29th ACM Conference on Computer and Communications Security. November 2022. [CCF-A][Tier 1] [BIG4]
  9. [ICDCS 22] - Shan Wang, Zhen Ling, Yue Zhang, Ruizhao Liu, Joshua Kraunelisk, Kang Jia, Bryan Pearson, Xinwen Fu. “Implication of Animation on Android Security”, In Proceedings of the International Conference on Distributed Computing Systems. [CCF-B]
  10. [CCS 22a] - Yue Zhang, Zhiqiang Lin. “When Good Becomes Evil: Tracking Bluetooth Low Energy Devices via Allowlist-based Side Channel and Its Countermeasure”. In Proceedings of the 29th ACM Conference on Computer and Communications Security. November 2022. [Best Paper Honorable Mention][CCF-A] [Tier] [BIG4]
  11. [INFOCOM 22] - Pearson Bryan, Yue Zhang, Cliff Zou, and Xinwen Fu. “FUME: Fuzzing Message Queuing Telemetry Transport Brokers.” In Proceedings of the IEEE International Conference on Computer Communications, 2022
  12. [SIGMETRICS 21] - Yue Zhang, Bayan Turkistani, Allen Yuqing Yang, Chaoshun Zuo, and Zhiqiang Lin. “A Measurement Study of Wechat Mini-Apps”, In Proceedings of the ACM on Measurement and Analysis of Computing Systems (POMACS). June 2021. [Tier 1][AR 12.1%] [CCF-B]
  13. [ICDCS 21] - Shan Wang, Ming Yang, Yue Zhang, Yan Luo, Tingjian Ge, Xinwen Fu, Wei Zhao. “On Private Data Collection of Hyperledger Fabric”, In Proceedings of the International Conference on Distributed Computing Systems. [CCF-B][AR 19.8 %]
  14. [TDSC 21b] -Shao, Zhijian, Jian Weng, Yue Zhang, Yongdong Wu, Ming Li, Jiasi Weng, Weiqi Luo, and Shui Yu. “Peripheral-free Device Pairing by Randomly Switching Power.” IEEE Transactions on Dependable and Secure Computing, 2021. [CCF-A]
  15. [TDSC 21a] -Hongwei Huang, Weiqi Luo, Guoqiang Zeng, Jian Weng, Yue Zhang, and Anjia Yang, DAMIA: Leveraging Domain Adaptation as a Defense against Membership Inference Attacks, IEEE Transactions on Dependable and Secure Computing, 2021.[CCF-A]
  16. [INFOCOM 21] - Zhen Ling, Ruizhao Liu, Yue Zhang, Kang Jia, Bryan Pearson, Xinwen Fu, Junzhou Luo, “Prison Break of Android Reflection Restriction and Defense”, In Proceedings of the 40th IEEE International Conference on Computer Communications, May 10-13, 2021. [CCF-A][AR 19.9%]
  17. [USENIX Security 20] - Yue Zhang, Jian Weng, Rajib Dey, Yier Jin, Zhiqiang Lin, and Xinwen Fu. “Breaking Secure Pairing of Bluetooth Low Energy Using Downgrade Attacks”, In Proceedings of the Usenix Security 2020. [CCF-A][Tier 1] [BIG4] [AR 16.1%]
  18. [BlackHat Asia 20] - Zhijian Shao, Jian Weng, Yue Zhang. “3d Red Pill: A Guest-to-Host Escape on QEMU/KVM Virtio Device” , To appear in BlackHat Asia 2020.
  19. [INFOCOM 20]- Yue Zhang, Jian Weng, Zhen Ling, Bryan Pearson, and Xinwen Fu. “BLESS: A BLE Application Security Scanning Framework.” In Proceedings of the IEEE International Conference on Computer Communications, 2020. [CCF-A][AR 19.8%]
  20. [Encyclopedia of Wireless Networks] - Yue Zhang, Jian Weng, Rajib Dey and Xinwen Fu, Bluetooth Low Energy (BLE) Security and Privacy, Encyclopedia of Wireless Networks, Springer Nature Switzerland AG, 2019
  21. [TDSC 19b] - Weng Jia-Si, Jian Weng, Ming Li, Yue Zhang, and Weiqi Luo. “DeepChain: Auditable and Privacy-Preserving Deep Learning with Blockchain-based Incentive.”, IEEE Transactions on Dependable and Secure Computing (2019). [CCF-A] [Highly Cited Paper]
  22. [TDSC 19a] - Yue Zhang, Jian Weng, Jiasi Weng, Lin Hou, Anjia Yang, Ming Li, Yang Xiang, and Robert Deng. “Looking Back! Using Early Versions of Android Apps as Attack Vectors.” IEEE Transactions on Dependable and Secure Computing (2019). [CCF-A]
  23. [RAID 19]-Wenrui Diao, Yue Zhang, Li Zhang, Zhou Li, Fenghao Xu, Xiaorui Pan, Xiangyu Liu, Jian Weng, Kehuan Zhang, XiaoFeng Wang. Kindness is a Risky Business: On the Usage of the Accessibility APIs in Android. In Proceedings of the 22nd International Symposium on Research in Attacks, Intrusions and Defenses, Beijing, China, September, 2019. [CCF-B][AR 22%]
  24. [TPDS 18] - Li, Ming, Jian Weng, Anjia Yang, Wei Lu, Yue Zhang, Lin Hou, Jia-Nan Liu, Yang Xiang, and Robert H. Deng. “CrowdBC: A blockchain-based decentralized framework for crowdsourcing.” IEEE Transactions on Parallel and Distributed Systems ,30, no. 6 (2018): 1251-1266. [CCF-A] [Highly Cited Paper]