Home page

		Zhichun Li, PhD Department Head Computer Security Department NEC Research Labs, USA Phone: 609-951-2650 Email: Mail:   4 Independence Way, Suite 200, Princeton, NJ 08540

Ph.D. in Computer Science, Northwestern University (2009)
M.S. in Computer Science and Technology, Tsinghua University (2003)
B.S. in Applied Physics, Tsinghua University (2000)

Research

I have broad research interests in security, system, networking, big-data, and AI related areas. As the department head, I lead the security research in NEC Labs, and focus on both IT and IoT security with a big-data and AI driven approach. For example, one of our flagship research project, Automated Security Intelligence (ASI) aims to employ ubiquitous endpoint monitoring, big-data and AI technologies to bring full visibility to the enterprise, to ease the security and system management, and to track down the sophisticated Advanced Persistent Threats (APT). I also extended my research for IoT security, such as connected car security. Previously, I also worked on smartphone security, network security, web security, cloud security, social network security, network measurement and distributed system diagnosis.

What’s new

• NEW: we have multiple research intern positions for Summer 2019!
• Won NEC Labs Commercialization Award for the ASI project in 2018
• Our ASI project has won CEATEC 2016 award and 2017 MMRI best award
• Won NEC Excellent Invention Award 2016
• Our SUPOR paper in USENIX Security 2015 has been selected as top 10 finalists for CSAW Best Paper Award!
• Won NEC Labs Spot Recognition Award 2012 for the contribution on design and implementation of Dalysis (security vulnerability analysis for mobile apps) as an internal development tool for NEC and subsidiary companies.
• My research with other colleagues on social network spam analysis has been featured in Wall Street Journal, MIT Technology Review, and ACM Tech News.
• I spent the summer of 2008 studying performance bottleneck diagnosis of web services with Ming Zhang, Albert Greenberg and Yi-min Wang at Microsoft Research.
• I spent the summer of 2006 studying network situational awareness with Vern Paxson at ICSI/UC Berkeley.

Selected Publications – (Click here for full publications)

• Shen Wang, Zhengzhang Chen, Phillip S. Yu, Lu-An Tang, Zhichun Li, Junghwan Rhee and Haifeng Chen, “Deep Program Reidentification: A Graph Neural Network Solution,” SIAM International Conference on Data Mining (SDM) 2019, to appear
• Yuseok Jeon, Junghwan Rhee, Chung Hwan Kim, Zhichun Li, Mathis Payer, Byungyoung Lee, Zhenyu Wu and Kangkook Jee, “PoLPer: Process-Aware Restriction of Over-Privileged Setuid Calls in Legacy Applications,” ACM Conference on Data and Application Security and Privacy (CODASPY) 2019, to appear
• Suphannee Sivakorn, Kangkook Jee, Yixin Sun, Lauri Kort-Parn, Zhichun Li, Cristian Lumezanu, Lu-An Tang and Ding Li, “Countering Malicious Processes with Process-DNS Association,” NDSS 2019, to appear
• Wajih Ul Hassan, Shengjian Guo, Ding Li, Zhichun Li, Zhengzhang Chen, Kangkook Jee, Zhichun Li and Adam Bates, “NoDoze: Combatting Threat Alert Fatigue with Automated Provenance Triage,” NDSS 2019, to appear
• Ying Lin, Zhengzhang Chen, Cheng Cao, Lu-An Tang, Kai Zhang, Wei Cheng and Zhichun Li, “Collaborative Alert Ranking for Anomaly Detection,” ACM CIKM 2018
• Cheng Cao, Zhengzhang Chen, James Caverlee, Lu-An Tang, Chen Luo and Zhichun Li, “Behavior-based Community Detection: Application to Host Assessment In Enterprise Information Networks,” ACM CIKM 2018
• Yutao Tang, Ding Li, Zhichun Li, Mu Zhang, Kangkook Jee, Xusheng Xiao, Zhenyu Wu, Junghwan Rhee, Fengyuan Xu and Qun Li “NodeMerge: Template Based Efficient Data Reduction For Big-Data Causality Analysis,” ACM CCS 2018
• Peng Gao, Xusheng Xiao, Ding Li, Zhichun Li, Kangkook Jee, Zhenyu Wu, Chung Hwan Kim, Sanjeev R. Kulkarni and Prateek Mittal, “SAQL: A Stream-based Query System for Real-Time Abnormal System Behavior Detection”, USENIX Security 2018
• Chen Luo, Zhengzhang Chen, Lu-An tang, Anshumali Shrivastava, Zhichun Li, Haifeng Chen, Jieping Ye, “TINET: Learning Invariant Networks via Knowledge Transfer”, KDD 2018
• Peng Gao, Xusheng Xiao, Zhichun Li, Kangkook Jee, Fengyuan Xu, Sanjeev R. Kulkarni and Prateek Mittal, “AIQL: Enabling Efficient Attack Investigation from System Monitoring Data,” USENIX Annual Technical Conference (ATC) 2018
• Yushan Liu, Mu Zhang, Ding Li, Kangkook Jee, Zhichun Li, Zhenyu Wu, Junghwan Rhee and Prateek Mittal, “Towards a Timely Causality Analysis for Enterprise Security,” NDSS 2018
• Boxiang Dong, Zhenzhang Chen, Hui (Wendy) Wang, Lu-An Tang, Kai Zhang, Yin Lin, Zhichun Li and Haifeng Chen, “Efficient Discovery of Abnormal Event Sequences in Enterprise Security Systems,” ACM CIKM 2017
• Zhang Xu, Zhenyu Wu, Zhichun Li, Kangkook Jee, Junghwan Rhee, Xusheng Xiao, Fengyuan Xu, Haining Wang and  Guofei Jiang, “High Fidelity Data Reduction for Big Data Security Dependency Analyses,” ACM CCS 2016
• Bo Zong, Xusheng Xiao, Zhichun Li, Zhenyu Wu, Zhiyun Qian, Xifeng Yan, Ambuj K. Singh and Guofei Jiang, “Behavior Query Discovery in System-Generated Temporal Graphs,” VLDB 2016
• Jianjun Huang, Zhichun Li, Xusheng Xiao, Zhenyu Wu, Kangjie Lu, Xiangyu Zhang and Guofei Jiang, “SUPOR: Precise and Scalable Sensitive User Input Detection for Android Apps,” Usenix Security 2015
• Kangjie Lu, Zhichun Li, Vasileios Kemerlis, Zhenyu Wu, Long Lu, Cong Zheng, Zhiyun Qian, Wenke Lee and Guofei Jiang, “Checking More and Alerting Less: Detecting Privacy Leakages via Enhanced Data-flow Analysis and Peer Voting,” NDSS 2015
• Long Lu, Zhichun Li, Zhenyu Wu, Wenke Lee and Guofei Jiang, “CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities,” ACM CCS 2012
• Zhichun Li, Yi Tang, Yinzhi Cao, Vaibhav Rastogi, Yan Chen and Bin Liu, “WebShield: Enabling Various Web Defense Techniques without Client Side Modifications,” NDSS 2011
• Hongyu Gao, Jun Hu, Christo Wilson, Zhichun Li, Yan Chen and Ben Y. Zhao, “Detecting and Characterizing Social Spam Campaigns”, ACM IMC 2010
• Zhichun Li, Gao Xia, Hongyu Gao, Yi Tang, Yan Chen, Bin Liu, Junchen Jiang and Yuezhou Lv,”NetShield: Matching with a Large Vulnerability Signature Ruleset for High Performance Network Defense,” ACM SIGCOMM 2010
• Zhichun Li, Ming Zhang, Zhaosheng Zhu, Yan Chen, Albert Greenberg and Yi-Min Wang, “WebProphet: Automating Performance Prediction for Web Services,” USENIX NSDI 2010
• Zhichun Li, Manan Sanghi, Yan Chen, Ming-Yang Kao and Brian Chavez, “Hamsa: Fast Signature Generation for Zero-day Polymorphic Worms with Provable Attack Resilience,” IEEE Symposium on Security and Privacy 2006 (Oakland 2006)
• Yan Gao, Zhichun Li and Yan Chen, “Reverse Hashing for High-speed Network Monitoring: Algorithms, Evaluation, and Applications,” IEEE INFOCOM2006
• More……

Software (prior joining NEC Labs)

• NetShield: a vulnerability-signature based Network-based Intrusion Detection System (moved from University site to Github)
• Hamsa polymorphic worm signature generator
• Reversible Sketch Code
• Linuxflow (include LPF and LFD)

Interns/Students

• For recent interns (after 2015) I have worked with, please see our department page
• Markus Kusano, Virginia Tech, Summer/2015, Summer/2014, Now Software Engineer at Google
• Bo Zong, UCSB, Summer/2014, Now a colleague in Data Science group at our lab
• Zhang Xu, William & Mary, Summer/2014,  Now Software Engineer at Aella Data Inc
• Terry Ching-Hsiang Hsu, Purdue, Summer/2014, Now Software R&D Engineer at Apple
• Jaewoo Lee, Purdue, Fall 2013, Now Assistant Professor at University of Georgia
• Hayawardh Vijayakumar, PSU, Summer/2013, Now Security Research Engineer in the Samsung KNOX security team
• Kangjie Lu, Gatech, Summer/2013, Now Assistant Professor at University of Minnesota Twin Cities
• Masoud Akhoondi, UCR, Summer/2013
• Jun Wang, the Pennsylvania State University, Fall/2012 , Now Manager at Palo Alto Networks
• Vasileios Kermerlis, Columbia University, Summer/2012, Now Assistant Professor at Brown University
• Qiang Nguyen, University of Illinois at Urbana-Champaign, Summer/2012
• Long Lu, Georgia Tech. Intern, Summer/Fall 2011. Now Assistant Professor at Northeastern University
  
• Zhenyu Wu, William & Mary.Intern, Fall 2011 and Spring 2012. Now in my group as a colleague:)
• Hongyu Gao, Northwestern University. Collaborated 2009-2012. Now Software Engineer at Google
• Yinzhi Cao, Northwestern University. Collaborated 2009-2012.  Now Assistant Professor at John Hopkins University.
• Vaibhav Rastogi, Northwestern University. Collaborated 2010-2012. Now Assistant Scientist at the University of Wisconsin-Madison

Teaching

• Guest lectures in EECS 340 – Introduction to Networking, Spring 2010
• Co-Instructor for EECS 450 – Internet Security, Spring 2010
• Teaching Assistant for EECS 328 – Numerical Methods for Engineers, Spring 2007
• Teaching Assistant for CS 395/495 – Introduction to Computer Security, Winter 2005

Professional Activities

• Program Committee, 2017 ACM Conference on Computer and Communication Security (CCS)
• Program Committee, 2015 Network & Distributed System Security Symposium (NDSS)
• Program Committee, 2015 IEEE INFOCOM
• Program Committee, 2014 ACM Conference on Computer and Communication Security (CCS)
• Program Committee, 2014 IEEE CNS (IEEE Conference on Communications and Network Security)
• Program Committee, 2014 IEEE INFOCOM
• Program Committee, 2014 ACM Symposium on Information, Computer Communications Security (ASIACCS)
• Program Committee, 2014 MoST (Mobile Security Technologies Workshop)
• Program Committee, 2013 International ICST Conference on Security and Privacy in Communication Networks (SecureComm 2013)
• Program Committee, 2013 IEEE/ACM International Symposium on Quality of Service (IWQoS)
• Program Committee, 2013 ACM Symposium on Information, Computer Communications Security (ASIACCS)
• Program Committee, 2013 Network & Distributed System Security Symposium (NDSS)
• Program Committee, 2013 IEEE INFOCOM
• Program Committee, 2012 International Conference on Availability, Reliability and Security (AReS)
• Program Committee, 2012 ACM Symposium on Information, Computer Communications Security (ASIACCS)
• Program Committee, 2012 WWW (World Wide Web Conference), the “Security, Privacy, Trust, and Abuse” track
• Program Committee, 2012 IEEE INFOCOM
• Program Committee, 2012 IEEE International Conference on Computing, Networking and Communications, Cloud Computing and Networking Symposium (ICNC-CLD)
• Poster Program Committee, 2011 ACM Conference on Computer and Communication Security (CCS)
• Web Chair, 2011 ACM Conference on Computer and Communication Security (CCS)
• Program Committee, 2011 IEEE GLOBECOM Next-Generation Networking (NGN) Symposium
• Program Committee, 2011 IEEE International Workshop on Security in Computers, Networking and Communications (SCNC)
• Program Committee, 2011 IEEE ICC Next-Generation Networking and Internet Symposium (ICC NGNI 2011)
• Program Committee, 2010 IEEE International Workshop on Quality of Service (IWQoS 2010)
• Program Committee, 2010 IEEE GLOBECOM Next-Generation Networking (NGN) Symposium
• Program Committee, 2010 IEEE Vehicular Technology Conference: VTC2010-Fall
• Program Committee, 2009 International ICST Conference on Security and Privacy in Communication Networks (SecureComm 2009)

---

Last Update: Jan 7, 2019