About Me

Howdy! I am currently a Research Scientist at Meta (formerly Facebook). I recently received my Ph.D. in Computer Science from University of California, Riverside (UCR). I was co-advised by Prof Zhiyun Qian and Prof ‪Srikanth Krishnamurthy‬. Before that, I earned my BEng. in Telecom. Engineering from Chongqing Univ. of Posts and Telecom in 2016. My hometown is the cyberpunk-ly beautiful city Chongqing in China.

News

Apr/2023: Invited to serve as a Technical Program Committee member for IEEE S&P 2024 and EAI SecureComm 2023. Consider submitting your best work!
Apr/2022: Invited to serve as a Technical Program Committee member for IEEE INFOCOM 2023. Consider submitting your best work!
Nov/2021: Joined Meta as a Research Scientist. Looking forward to continue exploring the space at the intersection of security/privacy and ML!
Nov/2021: Defended my Ph.D. thesis titled “Understanding and Taming Adversarial Actions against Internet Content Blockers”. Heartiest thanks to my amazing advisors Zhiyun and Srikanth!
Oct/2021: Serving on USENIX Security 2022 Artifact Evaluation Committee. Consider submitting your best work and artifacts!
Jun/2021: Joined IBM Thomas J. Watson Research Center as a summer research intern, supervised by Supriyo Chakraborty.
Nov/2020: AdGraph won 3rd place for the applied research paper award at CSAW (US-CAN region).
Apr/2020: Received the Dissertation Year Program (DYP) Award. Thanks UCR!
Jan/2020: Joined Samsung Research America (SRA) again as a research intern.
Dec/2019: Our paper on eluding stateful DPI systems is conditionally accepted at NDSS 2020.
Dec/2019: Invited to give a talk at XJTU InForSec event in Xi’an, China.
Jun/2019: Joined Samsung Research America (SRA) as a research intern.
May/2019: Invited to present our work at Mozilla Security Research Summit 2019 [video].
Jan/2018: Our anti-adblocking research covered by [TechCrunch] [Arcs Technica]

Research Interest

I’m broadly interested in computer security and privacy.

Currently, I am exploring (i) adversarial machine learning (e.g., adversarial examples) and its applications/defenses in security and privacy research (e.g., in network security); (ii) learning-based models to facilitate program analysis tasks; and (iii) model explainability/interpretability strategies that help understand code models.

In the past, my research used to focus on privacy-enhancing technologies. Nowadays, the popularity of online advertisements has made them an attractive vector for various types of abuses. I worked on improving the effectiveness of adblocking by (i) measuring/analyzing the escalating arms race between adblockers and anti-adblockers through program analysis; (ii) making adblockers stealthy against anti-adblockers via browser modifications; and (iii) leveraging machine learning to better identify advertising- and tracking-related resources.

Pre-prints

  1. Generating Practical Adversarial Network Traffic Flows Using NIDSGAN
    Bolor-Erdene Zolbayar, Ryan Sheatsley, Patrick McDaniel, Michael J. Weisman, Sencun Zhu, Shitong Zhu, Srikanth Krishnamurthy

Publications

Note #1: * indicates equal contributions.
Note #2: As a researcher, I try to open-source code/datasets for my projects for reproducibility and enabling future work. I encourage you to do the same when possible! Check this article to see why (many arguments in it go beyond ML community).

2023

  1. SyzDescribe: Principled, Automated, Static Generation of Syscall Descriptions for Kernel Drivers [code]
    Yu Hao, Guoren Li, Xiaochen Zou, Weiteng Chen, Shitong Zhu, Zhiyun Qian, Ardalan Amiri Sani
    IEEE Symposium on Security & Privacy (S&P), San Francisco, CA, May 2023

    2021

  2. Adversarial Attacks on Black Box Video Classifiers: Leveraging the Power of Geometric Transformations [code]
    Shasha Li*, Abhishek Aich*, Shitong Zhu, Salman Asif, Chengyu Song, Amit Roy-Chowdhury, Srikanth Krishnamurthy
    Advances in Neural Information Processing Systems (NeurIPS), Virtual, Dec 2021
  3. Eluding ML-based Adblockers With Actionable Adversarial Examples [code]
    Shitong Zhu, Zhongjie Wang, Xun Chen, Shasha Li, Keyu Man, Umar Iqbal, Zhiyun Qian, Kevin S. Chan, Srikanth V. Krishnamurthy, Zubair Shafiq, Yu Hao, Guoren Li, Zheng Zhang, Xiaochen Zou
    Annual Computer Security Applications Conference (ACSAC), Virtual, Dec 2021
  4. Themis: Ambiguity-Aware Network Intrusion Detection based on Symbolic Model Comparison [code]
    Zhongjie Wang, Shitong Zhu, Keyu Man, Pengxiong Zhu, Yu Hao, Zhiyun Qian, Srikanth V. Krishnamurthy, Tom La Porta, Michael J. De Lucia
    ACM Conference on Computer and Communications Security (CCS), Seoul, South Korea, Nov 2021

    2020

  5. You Do (Not) Belong Here: Detecting DPI Evasion Attacks with Context Learning [code][talk]
    Shitong Zhu, Shasha Li, Zhongjie Wang, Xun Chen, Zhiyun Qian, Srikanth V. Krishnamurthy, Kevin S. Chan, Ananthram Swami
    Conference on emerging Networking EXperiments and Technologies (CoNEXT), Virtual, Dec 2020
  6. Connecting the Dots: Detecting Adversarial Perturbations Using Context Inconsistency [code]
    Shasha Li, Shitong Zhu, Sudipta Paul, Amit Roy-chowdhury, Chengyu Song, Srikanth Krishnamurthy, Ananthram Swami, Kevin S Chan
    European Conference on Computer Vision (ECCV), Virtual, Aug 2020
  7. AdGraph: A Graph-Based Approach to Ad and Tracker Blocking [code][talk]
    Umar Iqbal, Peter Snyder, Shitong Zhu, Benjamin Livshits, Zhiyun Qian and Zubair Shafiq
    IEEE Symposium on Security & Privacy (S&P), Virtual, May 2020
    CSAW 2020 3rd Place
  8. SymTCP: Eluding Stateful Deep Packet Inspection with Automated Discrepancy Discovery [code][talk]
    Zhongjie Wang, Shitong Zhu, Yue Cao, Zhiyun Qian, Chengyu Song, Srikanth V. Krishnamurthy, Tracy D. Braun and Kevin S. Chan
    Network & Distributed System Security Symposium (NDSS), San Diego, CA, Feb 2020

    2019

  9. ShadowBlock: A Lightweight and Stealthy Adblocking Browser [code][demo]
    Shitong Zhu, Umar Iqbal, Zhongjie Wang, Zhiyun Qian, Zubair Shafiq and Weiteng Chen
    The Web Conference (WWW), San Francisco, CA, May 2019

    2018

  10. Measuring and Disrupting Anti-Adblockers Using Differential Execution Analysis [slides][talk]
    Shitong Zhu, Xunchao Hu, Zhiyun Qian, Zubair Shafiq and Heng Yin
    The Network & Distributed System Security Symposium (NDSS), San Diego, CA, Feb 2018

    Before 2016 (undergraduate work)

  11. On Selecting Composite Network-Cloud Services: A Quality-of-Service Based Approach
    Minkailu Mohamed Jalloh, Shitong Zhu, Fang Fang and Jun Huang
    International Conference on Research in Adaptive and Convergent Systems (RACS), Prague, Czechia, Oct 2015
  12. A Source-location Privacy Protection Strategy via Pseudo Normal Distribution-based Phantom Routing in WSNs
    Jun Huang, Meisong Sun, Shitong Zhu, Yi Sun, Cong-cong Xing and Qiang Duan
    The 30th Annual ACM Symposium on Applied Computing (SAC), Salamanca, Spain, April 2015
  13. A Defense Model of Reactive Worms Based on Dynamic Time
    Haokun Tang, Shitong Zhu, Jun Huang and Hong Liu
    Journal of Software, Nov 2014
  14. Propagation of Active Worms in P2P Networks: Modeling and Analysis
    Haokun Tang, Yukui Lu, Shitong Zhu and Jun Huang
    Journal of Computers, Nov 2014

Posters

  1. ShadowBlock: A Lightweight and Stealthy Adblocking Browser
    Shitong Zhu, Umar Iqbal, Zhongjie Wang, Zhiyun Qian, Zubair Shafiq and Weiteng Chen
    Midwest Security Workshop, Chicago, IL, April 2019

Talks

  1. Eluding ML-based Adblockers With Actionable Adversarial Examples
    Cyber Security Collaborative Research Alliance (Webinar), Online, Oct 2021
  2. You Do (Not) Belong Here: Detecting DPI Evasion Attacks with Context Learning
    Cyber Security Collaborative Research Alliance (Webinar), Online, Dec 2020
  3. Adblocking: A Slient Online Arms Race
    XJTU InForSec Event, Xi’an, China, Dec 2019
  4. Arms Race between Adblockers and Anti-adblockers
    Mozilla Security Research Summit, San Francisco, CA, May 2019
  5. Detection and Circumvention of Ad-Block Detectors
    Data Transparency Lab Conference, Barcelona, Spain, Dec 2017

Work Experience

Professional Services

Miscellaneous

I used to moderate Security Reading Group at UCR CSE, with an audience body of ~20 people. Past presentations can be found here.


Powered by Jekyll