姓名:段海新
职称:教授
电话:62603220
邮箱:duanhx@tsinghua.edu.cn
教育背景
工学学士(计算机软件), 哈尔滨工业大学,中国, 1994;
工学硕士 (122cc太阳集成游戏统结构),哈尔滨工业大学, 中国, 1996;
工学博士 (122cc太阳集成游戏统结构), 122cc太阳集成游戏, 中国, 2000.
社会兼职
ACM/CCS 2018、2019: 程序委员
ESORICS 2018-2020:程序委员
AsiaCCS 2016 :程序委员
网络安全国际学术论坛(InForSec)联合发起人
网络空间安全协会理事
中国密码学会协议安全专业委员会委员、
中国互联网协会网络与信息安全工作委员会
研究领域
网络安全(Network Security)
网络测量(Network Measurement)
互联网治理(Internet Governance)
研究概况
在网络安全领域有20多年的经历,主要从事网络基础设施和协议安全、入侵检测等领域的研究。曾带领团队发现了DNS、HTTPS、CDN、PKI等一系列基础协议的重要安全漏洞,促使Google、CloudFlare公司多次升级安全产品,促使IETF等国际标准化组织多次修改协议,提高了互联网的安全性。多项研究成果发表在网络安全国际竞争最为激烈四大安全顶级学术会议上,并在工业界有广泛的应用,在国内外学术和工业界具有较高的影响力。
奖励与荣誉
2020年IETF互联网研究任务组(IRTF)网络研究应用奖
2018年日本大川基金奖
2016年国际顶级安全学术会议NDSS杰出论文奖
2016年中央网信办“网络安全优秀人才”
学术成果
论文:
1、Kun Du, Hao Yang, Zhou Li, Haixin Duan, Shuang Hao and etc. TL; DR Hazard: A Comprehensive Study of Levelsquatting Scams, International Conference on Security and Privacy in Communication Systems, 2019
2、Chaoyi Lu, Baojun Liu, Zhou Li, Shuang Hao, Haixin Duan, Mingming Zhang, Chunying Leng, Ying Liu, Zaifeng Zhang, Jianping Wu, An End-to-End, Large-Scale Measurement of DNS-over-Encryption: How Far Have We Come? ACM Internet Measurement Conference, 2019
3、Baojun Liu, Zhou Li, Peiyuan Zong, Chaoyi Lu, Haixin Duan, Ying Liu, Sumayah Alrwais, Xiaofeng Wang, Shuang Hao, Yaoqi Jia, Yiming Zhang, Kai Chen, Zaifeng Zhang. 4th IEEE European Symposium on Security and Privacy (EuroS&P’19). 4th IEEE European Symposium on Security and Privacy, 2019
4、Jia Zhang, Haixin Duan, Jian Jiang, Jinjin Liang, Jianping Wu. Finding the best answer: measuring the optimization of public and authoritative DNS. 2019
5、Run Guo, Jianjun Chen, Baojun Liu, Jia Zhang, Chao Zhang, Haixin Duan, Tao Wan, Jian Jiang, Shuang Hao, Yaoqi Jia. Abusing CDNs for Fun and Profit: Security Issues in CDNs’ Origin Validation. IEEE 37th Symposium on Reliable Distributed Systems (SRDS), 2018
6、Kun Yang, Yuan Deng, Chao Zhang, Jianwei Zhuge, Haixin Duan, ICUFuzzer: Fuzzing ICU Library for Exploitable Bugs in Multiple Software, International Conference on Information Security, 2018
7、Baojun Liu, Chaoyi Lu, Zhou Li, Ying Liu, Hai-Xin Duan, Shuang Hao, Zaifeng Zhang. A Reexamination of Internationalized Domain Names: The Good, the Bad and the Ugly. Dependable Systems and Networks, 2018
8、Jian Jiang, Jia Zhang, Haixin Duan, Kang Li, Wu Liu. Analysis and Measurement of Zone Dependency in the Domain Name System, IEEE International Conference on Communications (ICC), 2018
9、Fuqing Chen, Haixin Duan, Xiaofeng Zheng, Jian Jiang, Jianjun Chen, Path Leaks of HTTPS Side-Channel by Cookie Injection. International Workshop on Constructive Side-Channel Analysis and Secure Design , 2018
10、Jianjun Chen, Jian Jiang, Haixin Duan, Tao Wan, Shuo Chen, Vern Paxson, Min Yang. We Still Don’t Have Secure Cross-Domain Requests: an Empirical Study of CORS, 27th USENIX Security Symposium, 2018
11、Baojun Liu, Chaoyi Lu, Haixin Duan, Ying Liu, Zhou Li, Shuang Hao, Min Yang, Who is answering my queries: Understanding and characterizing interception of the {DNS} resolution path. 27th USENIX Security Symposium, 2018
12、Mingming Zhang, Baojun Liu, Chaoyi Lu, Jia Zhang, Shuang Hao, Haixin Duan, Measuring Privacy Threats in China-Wide Mobile Networks. 8th USENIX Workshop on Free and Open Communications on the Internet (FOCI), 2018
13、Hao Yang, Xiulin Ma, Kun Du, Zhou Li, Haixin Duan*, Xiaodong Su, Guang Liu, Zhifeng Geng, and Jianping Wu. How to Learn Klingon Without a Dictionary: Detection and Measurement of Black Keywords Used by the Underground Economy , IEEE Symposium on Security & Privacy, 2017
14、Jianjun Chen, Jian Jiang, Haixin Duan, Nick Weaver, Tao Wan, Vern Paxson. Host of Troubles: Multiple Host Ambiguities in HTTP Implementations, CCS 2016
15、Kun Du, Hao Yang, Zhou Li, Haixin Duan(*), Kehuan Zhang. The Ever-changing Labyrinth: A Large-scale Analysis of Wildcard DNS Powered Blackhat SEO, USENIX Security 2016
16、Xiaojing Liao,Kan Yuan, Xiaofeng Wang(), Zhongyu Pei,Hao Yang, Jianjun Chen, Haixin Duan(), Kun Du, Eihal Alowaisheq, Sumayah Alrwais, Luyi Xing, Raheem Beyah, Seeking Nonsense, Looking for Trouble: Efficient Promotional Infection Detection through Semantic Inconsistency Search, IEEE Symposium on Security & Privacy, San Jose, California. May 23-26, 2016
17、Jianjun Chen, Jian Jiang, Xiaofeng Zheng, Haixin Duan(*), Jinjin Liang, Tao Wan, Kang Li, Vern Paxson, Forwarding-Loop Attacks in Content Delivery Networks, NDSS 2016
18、Song Li, Haixin Duan(*), Zhiliang Wang, and Xing Li, Route Leaks Identification by Detecting Routing Loops, SecureComm 2015(11th EAI International Conference on Security and Privacy in Communication Networks)
19、Xiaofeng Zheng, Jian Jiang, Jinjin Liang, Haixin Duan, Shuo Chen, Tao Wan, Nicholas Weaver, Cookies lack integrity: real world implications, USENIX Security, 2015.
20、Hongyu Gao, Vinod Yegneswaran, Jian Jiang, Yan Chen, Member, IEEE, Phillip Porras, Shalini Ghosh, Haixin Duan, Reexamining DNS from a Global Recursive Resolver Perspective, to appear in IEEE/ACM TRANSACTIONS ON NETWORKING
21、Jinjin Liang, Jian Jiang, Haixin Duan, Kang Li, Tao Wan, Jianping Wu. “When HTTPS Meets CDN: A Case of Authentication in Delegated Service” Accepted by IEEE Symposium on Security & Privacy, 2014.
22、Kun Yang, Lujue Zhou, Yongke Wang, Jianwei Zhuge and Haixin Duan. “IntentFuzzer: Detecting Capability Leaks of Android Applications”, Accepted by ASIACCS 2014
23、H. Gao, V. Yegneswaran, Y. Chen, P. Porras, S. Ghosh, J. Jiang, and H. Duan, “An empirical reexamination of global DNS behavior,” SIGCOMM, 2013. PDF
24、Man Hou, Haixin Duan,Jian Jiang, Jinjin Liang,Yan Ma, 中美银行网站HTTPS部署的测量与对比分析(Measurement and comparison of HTTPS deployment of Banking Websites in China and America), VARA 2013
25、 Jinjin Liang, Jian Jiang, Haixin Duan, Kang Li and Jianping Wu, Measuring Query Latency of Top Level DNS Servers, 14th Passive and Active Measurement conference, Mar. 2013, Hongkong
26、J. Zhuge*, L. Gu, H. Duan, Investigating China’s Online Underground Economy. Conference on the Political Economy of Information Security in China, San Diego, US, Apr, 2012.
27、Haixin Duan, Nicholas Weaver, Zongxu Zhao, Meng Hu, Jinjin Liang, Jian Jiang, Kang Li and Vern Paxson, Hold-On: Protecting Against On-Path DNS Poisoning, Securing and Trusting Internet Names, SATIN 2012.
28、J. Jian, L. Jinjin, L. Kang, L. Jun, D. Haixin, W. Jianping, Ghost Domain Names: Revoked Yet Still Resolvable, 19th Annual Network & Distributed System Security Symposium (NDSS), 5-8 February 2012.
29、Z. Jia, D. Haixin, L. Wu, W. Jianping WindTalker: A P2P-Based Low-Latency Anonymous Communication Network, IEICE Transactions on Communications, VOL. E92-B, NO.10, pp. 3183–3194, 2009.
30、L. Wu, D. Haixin, L. Tao, L. Xing, W. Jianping. H6Proxy: ICMPv6 Weakness Analysis and Implementation of IPv6 Attacking Test Proxy, Cybercrime and Trustworthy Computing (CTC), Brisbane, Australia, 2009.
31、L. Wu, D. Haixin, R. Ping, W. Jianping, Intrusion Detection Using SVM, Proc. IEEE 7th International Confer- ence on Wireless Communications (WiCOM), Wuhan, China, 2011.
32、W. Lanjia, D. Haixin, L. Xing, Port scan behavior diagnosis by clustering, Proc. Information and communica- tion security, vol. 3783, pp. 243–255, 2005.
33、Z. Jia, G. Yuntao, J. Xiaoxin, D. Haixin, W. Jianping, AMCAS: An Automatic Malicious Code Analysis System, Proc. 9th International Conference on Web-Age Information Management (WAIM) IEEE Computer Society Washington, DC, USA, 2008.
34、Z.Jia,D.Haixin,W.Lanjia,AFastMethodofSignatureGenerationforPolymorphicWorms,Proc.International Conference on Computer and Electrical Engineering (ICCEE), Phuket, Thailand, 2009.
35、L. Xing, D. Haixin, L. Xing, Identification of P2P traffic based on the content redistribution characteristic, Proc. International Symposium on Communications and Information Technologies (ISCIT), 2007.
36、Y. Feng, D. Haixin, L. Xing. Modeling and analyzing of the interaction between worms and antiworms during network worm propagation, Science in China, Series F (Information Sciences), vol. 48, pp. 91–106, 2005.
37、L. Xuefeng, D. Haixin, L., Wu, W. Jianping. Understanding the Construction Mechanism of Botnets, Proc. IEEE Symposia and Workshops on Ubiquitous, Autonomic and Trusted Computing (UIC/ATC), 2009.
著作:
1、[美] Milton L. Mueller著,段海新 胡泳等译,从根上治理互联网:互联网治理与网络空间的驯化,电子工业出版社,2019
2、[美]Peter Szor 著,段海新 杨波 王德强 译,计算机病毒防范艺术,机械工业出版社