Dr. Xiaohan Zhang

I am a Pre-tenure Associate Professor of Fudan University, where I obtained my B.Eng and Ph.D under the supervision of Prof. Min Yang. I currently work at the System Software & Secure Lab.

My research mainly focues on cybersecurity, including mobile application security, malware detection and applied AI security.

I received a Distinguished Paper Award Nomination at ACM CCS 2020 and a Distinguished Paper Award at USENIX Security 2022.

I have found dozens of high-risk vulnerabilities, and one was awarded the 2021 Most Valuable Vulnerability by Chinese National Vulnerability Database (CNVD).

I'm currently looking for students who are interested in cybersecurity. Please contact me through:
    Email: xh_zhang [AT] fudan.edu.cn
    Office: Room D6007, NO.2 Interdisciplinary Building, NO.2005 Songhu Road, Yangpu District, Shanghai

[Background] [Publications] [Services] [Students]

News

  • [May, 2023] A white paper on AI security standards, where I am one of the drafters, was published!
  • [Apr, 2023] Our paper on face verification security, named XFVSChecker, was acceptted by IEEE S&P 2023!
  • [Mar, 2023] Yang Wang received offers from CMU and GT. Congrats to her!
  • [Jan, 2023] All four master students (2020) have successfully graduated! Congratulations! See where they go.
  • [Dec, 2022] Our team won 1st prize in China Graduate Network Security Innovation Competition. Congrats to Ziqi Huang, Liang Niu, Zhichen Liu, Haoqi Ye! I received the Excellent Advising Teacher Award.

Background

  • 2023~Present, Fudan University, Pre-tenure Associate Professor
  • 2020~2022, Fudan University, School of Computer Science, PostDoc
  • 2014~2020, Fudan University, School of Computer Science, Ph.D
  • 2010~2014, Fudan University, Software School, B.Eng

Publications

  1. Understanding the (In)Security of Cross-side Face Verification Systems in Mobile Apps: A System Perspective.
    Xiaohan Zhang, Haoqi Ye, Ziqi Huang, Xiao Ye, Yinzhi Cao, Yuan Zhang, Min Yang.
    In Proceedings of the 44th IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, May 22-26, 2023. [S&P 2023], 2021 Most Valuable Vulnerability of CNVD [Paper] [Website] [A National Standard] [A White Paper on AI Security Standards] [Thanks Letters]
  2. Slowing Down the Aging of Learning-based Malware Detectors with API Knowledge.
    Xiaohan Zhang, Mi Zhang, Yuan Zhang, Ming Zhong, Xin Zhang, Yinzhi Cao, Min Yang.
    In Transactions on Dependable and Secure Computing, [TDSC 2022] [Paper]
  3. Collect Responsibly but Deliver Arbitrarily? A Study on Cross-User Privacy Leakage in Mobile Apps.
    Shuai Li, Zhemin Yang, Nan Hua, Peng Liu, Xiaohan Zhang, Guangliang Yang, Min Yang.
    In Proceedings of the 29th ACM Conference on Computer and Communications Security, [CCS 2022]
  4. Identity Confusion in WebView-based Mobile App-in-app Ecosystems.
    Lei Zhang, Zhibo Zhang, Ancong Liu, Yinzhi Cao, Xiaohan Zhang, Yanjun Chen, Yuan Zhang, Guangliang Yang, Min Yang.
    In Proceedings of the 31st USENIX Security Symposium (USENIX Security), Boston, MA, USA, August 10-12, 2022. [Security 2022], Distinguished Paper Award [Paper]
  5. Enhancing State-of-the-art Classifiers with API Semantics to Detect Evolved Android Malware.
    Xiaohan Zhang, Yuan Zhang, Ming Zhong, Daizong Ding, Yinzhi Cao, Yukun Zhang, Mi Zhang, Min Yang.
    In Proceedings of the 27th ACM Conference on Computer and Communications Security, Orlando, USA, November 9-13, 2020, [CCS 2020], Distinguished Paper Award Nomination (4/121) [Paper] [Website] [AR: 16.9%=121/715]
  6. PDiff: Semantic-based Patch Presence Testing for Downstream Kernels.
    Zheyue Jiang, Yuan Zhang, Jun Xu, Qi Wen, Zhenghe Wang, Xiaohan Zhang, Xinyu Xing, Min Yang, Zhemin Yang.
    In Proceedings of the 27th ACM Conference on Computer and Communications Security, Orlando, USA, November 9-13, 2020, [CCS 2020] [Paper]
  7. BScout: Direct Whole Patch Presence Test for Java Executables.
    Jiarun Dai, Yuan Zhang, Zheyue Jiang, Yingtian Zhou, Junyan Chen, Xinyu Xing, Xiaohan Zhang, Xin Tan, Min Yang, Zhemin Yang.
    In Proceedings of the 29th USENIX Security Symposium, Boston, MA, USA, August 12-14, 2020. [Security 2020] [Paper]
  8. How Android Developers Handle Evolution-induced API Compatibility Issues: A Large-scale Study.
    Hao Xia, Yuan Zhang, Yingtian Zhou, Xiaoting Chen, Yang Wang, Xiangyu Zhang, Shuaishuai Cui, Gen Hong, Xiaohan Zhang, Min Yang, Zhemin Yang.
    In Proceedings of the 42nd International Conference on Software Engineering, Seoul, South Korea, May 23-29, 2020. [ICSE 2020] [Paper]
  9. An Empirical Study of Web Resource Manipulation in Real-world Mobile Applications.
    Xiaohan Zhang, Yuan Zhang, Qianqian Mo, Hao Xia, Zhemin Yang, Min Yang, Xiaofeng Wang, Long Lu, Haixin Duan.
    In Proceedings of the 27th USENIX Security Symposium, Baltimore, USA, August 15-17, 2018. [Security 2018] [Paper] [Dataset] [AR: 16.2%=113/697]
  10. Detecting Third-Party Libraries in Android Applications with High Precision and Recall.
    Yuan Zhang, Jiarun Dai, Xiaohan Zhang, Sirong Huang, Zhemin Yang, Min Yang, Hao Chen.
    In Proceedings of IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER’18, Campobasso, Italy, March 20-23, 2018. [Paper] [Source Code]
Others
  1. Sub-app/Mini-program Privacy Over-collection, [arXiv]

Services

  • Conference Sub-reviewer
    • CCS 2018, 2019
    • EuroS&P 2021
    • AisaCCS 2021
    • CODASPY 2021
    • SecureComm 2020
  • Journal Sub-reviewer
    • TDSC 2020
    • TMC 2021
    • COSE 2019, 2020, 2021
    • JCRD 2021

Students

  • Current
    • 2023: Hui Ouyang (PhD Student), Xike Hu (PhD Student), Hangyun Tang (PhD Student), Shuhao Cai, Jianzhou Chen, Bo Zhao, Yuhan Gu
    • 2022: Xin Zhang (PhD Student), Zhichen Liu, Xinyu Cong, Liang Niu
    • 2021: Ziqi Huang, Xiao Ye, Qitong Chen
  • 2020 Co-advised
  • 2019 Co-advised
    • Ming Zhong [CCS'20], Ant Group
    • Ruiqi Deng, Meituan
  • 2018 Co-advised
    • Rui He, Tencent

Contact: xh_zhang [AT] fudan.edu.cn