Academic and Professional Publications
I have published 40+ papers (18 CCF-A). My publications appears in top tier conferences (e.g., ACM CCS, Usenix Security, NDSS, Blackhat, INFOCOM), and top tier journals (e.g., TDSC, TPDS).
BOOK CHAPTERS
Yue Zhang, Jian Weng, Rajib Dey and Xinwen Fu, Bluetooth Low Energy (BLE) Security and Privacy, Encyclopedia of Wireless Networks, Springier Nature Switzerland AG, 2019
Conference Publications:
[CCS 23b] Chao Wang, Yue Zhang, and Zhiqiang Lin. Uncovering and Exploiting Hidden APIs in Mobile Super Apps. In Proceedings of the 30th ACM Conference on Computer and Communications Security. November 2023.[Tier 1] [BIG4] [CCF-A]
[CCS 23a] Yue Zhang, Yuqing Yang, and Zhiqiang Lin. Don’t Leak Your Keys: Understanding, Measuring, and Exploiting the AppSecret Leaks in Mini-Programs. In Proceedings of the 30th ACM Conference on Computer and Communications Security. November 2023.[Tier 1] [BIG4] [CCF-A]
[ICSE 23] Chao Wang, Ronny Ko, Yue Zhang, Yuqing Yang, Zhiqiang Lin. TAINTMINI: Detecting Flow of Sensitive Data in Mini-Programs with Static Taint Analysis. To appear in The International Conference on Software Engineering (ICSE), 2023.[Tier 1] [CCF-A]
[NDSS 23c] Chongqing Lei, Zhen Ling, Yue Zhang, Kai Dong, Kaizheng Liu, Junzhou Luo, Xinwen Fu, 'Do Not Give a Dog Bread Every Time He Wags His Tail: Stealing Passwords through Content Queries (CONQUER) Attacks'. In Proceedings of the 30th Network and Distributed System Security, San Diego, CA, April 2023. [Tier 1] [BIG4] [CCF-A]
[NDSS 23b] Caiqin Dong, Jian Weng, Jia-Nan Liu, Yue Zhang, Yao Tong, Anjia Yang, Yudan Cheng, and Shun Hu. “Fusion: Efficient and Secure Inference Resilient to Malicious Servers”. In Proceedings of the 30th ISOC Network and Distributed System Security Symposium, San Diego, CA, April 2023. [Tier 1] [CCF-A] [BIG4]
[NDSS 23a] Mohit K. Jangid*, Yue Zhang*, Zhiqiang Lin. “Extrapolating Formal Analysis to Uncover Attacks in Bluetooth Passkey Entry Pairing”. In Proceedings of the 30th ISOC Network and Distributed System Security Symposium, San Diego, CA, April 2023. [Tier 1] [CCF-A] [BIG4] (Co-First Author)
[CCS 22b]- Allen Y. Yang, Yue Zhang, Zhiqiang Lin. "Cross Miniapp Request Forgery: Root Causes, Attacks, and Vulnerability Detection". In Proceedings of the 29th ACM Conference on Computer and Communications Security. November 2022. [CCF-A][Tier 1] [BIG4]
[ICDCS 21] - Shan Wang, Zhen Ling, Yue Zhang, Ruizhao Liu, Joshua Kraunelisk, Kang Jia, Bryan Pearson, Xinwen Fu. "Implication of Animation on Android Security", to appear in International Conference on Distributed Computing Systems. [CCF-B]
[CCS 22a] - Yue Zhang, Zhiqiang Lin. "When Good Becomes Evil: Tracking Bluetooth Low Energy Devices via Allowlist-based Side Channel and Its Countermeasure". In Proceedings of the 29th ACM Conference on Computer and Communications Security. November 2022. [CCF-A][Tier 1] [BIG4]
[INFOCOM 22] - Pearson Bryan, Yue Zhang, Cliff Zou, and Xinwen Fu. “FUME: Fuzzing Message Queuing Telemetry Transport Brokers.” accepted by IEEE International Conference on Computer Communications, 2022 [CCF-A][AR 19.9%]
[SIGMETRICS 2021] . Yue Zhang, Bayan Turkistani, Allen Yuqing Yang, Chaoshun Zuo, and Zhiqiang Lin. "A Measurement Study of Wechat Mini-Apps", In Proceedings of the ACM on Measurement and Analysis of Computing Systems (POMACS). June 2021. [CCF-B][Tier 1][AR 12.1%]
[ICDCS 2021] - Shan Wang, Ming Yang, Yue Zhang, Yan Luo, Tingjian Ge, Xinwen Fu, Wei Zhao. "On Private Data Collection of Hyperledger Fabric", to appear in International Conference on Distributed Computing Systems. [CCF-B][AR 19.8 %]
[INFOCOM21] - Zhen Ling, Ruizhao Liu, Yue Zhang, Kang Jia, Bryan Pearson, Xinwen Fu, Junzhou Luo, 'Prison Break of Android Reflection Restriction and Defense', accepted to appear in Proceedings of the 40th IEEE International Conference on Computer Communications, May 10-13, 2021. [CCF-A][AR 19.9%]
[USENIX Security20] -Yue Zhang, Jian Weng, Rajib Dey, Yier Jin, Zhiqiang Lin, and Xinwen Fu. "Breaking Secure Pairing of Bluetooth Low Energy Using Downgrade Attacks", To appear in Usenix Security 2020 [BIG4][CCF-A]
[BlackHat Asia20] - Zhijian Shao, Jian Weng, Yue Zhang. "A Guest-to-Host Escape on QEMU/KVM Virtio Devices" BlackHat Asia 2020.
[INFOCOM20]- Yue Zhang, Jian Weng, Zhen Ling, Bryan Pearson, and Xinwen Fu. "BLESS: A BLE Application Security Scanning Framework" accepted by IEEE International Conference on Computer Communications ,2020. [CCF-A][AR 19.8%]
[ICPADS20] Pearson Bryan, Cliff Zou, Yue Zhang, Zhen Ling, and Xinwen Fu. "SIC 2: Securing Microcontroller Based IoT Devices with Low-cost Crypto Coprocessors." IEEE International Conference on Parallel and Distributed Systems , 2020. [CCF-C]
[GlobalCom20] Luo, Lan, Yue Zhang, Cliff C. Zou, Xinhui Shao, Zhen Ling, and Xinwen Fu. "On Runtime Software Security of TrustZone-M based IoT Devices", To appear in the IEEE Global Communications Conference. 2020 [CCF-C]
[RAID19]-Wenrui Diao, Yue Zhang, Li Zhang, Zhou Li, Fenghao Xu, Xiaorui Pan, Xiangyu Liu, Jian Weng, Kehuan Zhang, XiaoFeng Wang. Kindness is a Risky Business: On the Usage of the Accessibility APIs in Android,Accepted by the 22nd International Symposium on Research in Attacks, Intrusions and Defenses, Beijing, China, September, 2019. [CCF-B][AR 22%]
[ICC19]-Pearson, Bryan, Lan Luo, Yue Zhang, Rajib Dey, Zhen Ling, Mostafa Bassiouni, and Xinwen Fu. "On Misconception of Hardware and Cost in IoT Security and Privacy."[CCF-C]
[ICII19]-Gao Chao, Luo Lan,Yue Zhang, Pearson Bryan, Fu Xinwen,"Microcontroller Based IoT System Firmware Security: Case Studies ",IEEE International Conference on Industrial Internet. [Invited paper][Best Paper Award][AR 16.4%]
JOURNALS
[IoT-J22] - Luo, Lan, Yue Zhang, Clayton White, Brandon Keating, Bryan Pearson, Xinhui Shao, Zhen Ling, Haofei Yu, Cliff Zou, and Xinwen Fu. "On Security of TrustZone-M Based IoT Systems." IEEE Internet of Things Journal (2022).[JCR-Q1]
[TDSC 21] -Shao, Zhijian, Jian Weng, Yue Zhang, Yongdong Wu, Ming Li, Jiasi Weng, Weiqi Luo, and Shui Yu. "Peripheral-free Device Pairing by RandomlySwitching Power." IEEE Transactions on Dependable and Secure Computing, to appear, 2021.[CCF-A]
[TDSC21] -Hongwei Huang, Weiqi Luo, Guoqiang Zeng, Jian Weng, Yue Zhang, and Anjia Yang, DAMIA: Leveraging Domain Adaptation as a Defense against Membership Inference Attacks, IEEE Transactions on Dependable and Secure Computing, to appear, 2021. [CCF-A]
[IoT-J21] - Liu, Kaizheng, Ming Yang, Zhen Ling, Huaiyu Yan, Yue Zhang, Xinwen Fu, and Wei Zhao. "On Manually Reverse Engineering Communication Protocols of Linux Based IoT Systems." IEEE Internet of Things Journal .[JCR-Q1]
[TVT20] - Kang-Di Lu, Guo-Qiang Zeng, Jian Weng, Yue Zhang, Ming Li. ”An Adaptive Resilient Load Frequency Controller for Smart Grids with DoS Attacks” IEEE Transactions on Vehicular Technology. [JCR-Q2]
[CMC20]-Shangjun Luo, Junwei Luo, Wei Lu, Yanmei Fang, Jinhua Zeng, Shaopei Shi, Yue Zhang. Resampling factor estimation via dual-stream convolutional neural network," Computers, Materials & Continua, vol. 66, no.1, pp. 647–657, 2021. [JCR-Q3]
[TDSC19] - Weng Jia-Si, Jian Weng, Ming Li, Yue Zhang, and Weiqi Luo. ”DeepChain: Auditable and Privacy-Preserving Deep Learning with Blockchain-based Incentive.”, IEEE Transactions on Dependable and Secure Computing (2019). [CCF-A]
[TDSC19] - Yue Zhang, Jian Weng, Jiasi Weng, Lin Hou, Anjia Yang, Ming Li, Yang Xiang, and Robert Deng. ”Looking Back! Using Early Versions of Android Apps as Attack Vectors.” IEEE Transactions on Dependable and Secure Computing (2019). [CCF-A]
[TPDS18] - Li, Ming, Jian Weng, Anjia Yang, Wei Lu, Yue Zhang, Lin Hou, Jia-Nan Liu, Yang Xiang, and Robert H. Deng. ”CrowdBC: A blockchain-based decentralized framework for crowdsourcing.” IEEE Transactions on Parallel and Distributed Systems ,30, no. 6 (2018): 1251-1266. [CCF-A] [Highly Cited Paper]
[TVT18] - Weng Jia-Si, Jian Weng, Yue Zhang, Weiqi Luo, and Weiming Lan. ”Benbi: Scalable and dynamic access control on the northbound interface of sdn-based vanet.” IEEE Transactions on Vehicular Technology 68, no. 1 (2018): 822-831. [JCR-Q2]
[Sensors18] - Luo, Lan, Yue Zhang, Bryan Pearson, Zhen Ling, Haofei Yu, and Xinwen Fu. ”On the Security and Data Integrity of Low-Cost Sensor Networks for Air Quality Monitoring.” Sensors 18, no. 12 (2018): 4451.
[IASC16] - Mao Jun, Yue Zhang, Min-Rong Chen, Yongbiao Li, and Yiju Zhan. ”Efficient attribute-based encryption schemes for secure communications in cyber defense.” Intelligent Automation & Soft Computing 22, no. 3 (2016): 397-403. [JCR-Q4]
Journal Publications (Chinese):
Zheng Ling, Yang Yan, Rui Zhao Liu, Yue Zhang, Kang Jia, Ming Yang, "Repeating Toast Drawing Based Password Inference Attack Technique." Journal of Software, 2022,33(6):114. (凌振, 杨彦, 刘睿钊, 张悦, 贾康, 杨明. 基于Toast重复绘制机制的口令攻击技术. 软件学报, 2022, 33(6): 1–14.) [CCF-A]
Jian Weng, Linfeng Wei, Yue Zhang. ”Discussion on the cultivation of cyber security talents.” Chinese Journal of Network and Information Security.2016 Mar 4;5(3):44-53.(翁健, 魏林锋, 张悦. 网络空间安全人才培养探讨.网络与信息安全学报. 2016 Mar 4;5(3):44-53) [CCF-C]
Xing Wang, Jian Weng, Yue Zhang, Ming Li, ”Blockchain System for Creating Digital Assets Based on Reputation Value”,Netinfo Security, 18(5), pp.59-65. (王醒, 翁健, 张悦, 李明, 2018. 基于信誉值创建数字资产的区块链系统. 信息网络安全, 18(5), pp.59-65.)
Xin-yu Liu, Jian Weng, Yue Zhang. Android malware detection based on APK signature information feedback [J]. Journal on Communications, 2017, 38(5): 190-198. (刘新宇, 翁健, 张悦等. 基于APK 签名信息反馈的Android 恶意应用检测[J]. 通信学报, 2017, 38(5): 190-198.).[ CCF-B]
Yue Zhang, Dong Zheng, Yinghui Zhang. Access control mechanism with dynamic authorization and file evaluation [J]. Journal of Computer Applications, 2015, 35(4): 964-967.(张悦, 郑东, 张应辉. 支持动态授权和文件评价的访问控制机制[J]. 计算机应用, 2015, 35(4): 964-967.) [ CCF-C]
Yue Zhang, Dong Zheng, Yinghui Zhang. A Secret Sharing Algorithm Based on Diffie-Hellman Protocol [J]. Computer technology and development, 2015, 25(12):123-127. (张悦, 郑东, 张应辉. 一种基于Diffie—Hellman 协议的秘密共享算法[J]. 计算机技术与发展, 2015, 25(12):123-127.)[ CCF-C]
Yue Zhang, Dong Zheng, Yinghui Zhang. Implementation of model for detection method of Android malware based on entrapment defense[J].Computer Engineering and Design, 2016, 37(3): 609-612. (张悦, 郑东, 张应辉. Android 平台下诱捕防御检测模型的设计与实现[J]. 计算机工程与设计, 2016, 37(3): 609-612.) [ T3 (Chinese Periodicals)]
Yue Zhang, Dong Zheng, Yinghui Zhang. Design for analytic method of Android malware based on cascade defense network [J]. Computer Engineering and Design, 2016, 37(6): 1445-1450. (张悦, 郑东, 张应辉. Android 平台下级联防御网模型的设计[J]. 计算机工程与设计, 2016, 37(6): 1445-1450.) [ CCF-C]
Yue Zhang, Dong Zheng, Pengchao Tan et.al. Model against unauthorized attack based on Fuzzy-IBE[J]. Computer Engineering and Design, 2016, 37(12): 3161-3164. (张悦, 郑东, 谭彭超, 等. 基于Fuzzy-IBE 的提权攻击防御模型[J]. 计算机工程与设计, 2016, 37(12): 3161-3164.) [ CCF-C]
Yue Zhang, Dong Zheng, Yinghui Zhang. An Android anti-malware injection scheme based on Fuzzy-IBE[J]. Journal of Guilin University of Electronic Technology, 2016, 36(1): 39-43. (张悦, 郑东, 张应辉. 基于Fuzzy-IBE 的Android 防恶意代码注入方案[J]. 桂林电子科技大学学报, 2016, 36(1): 39-43.)