About Me

Howdy! I am currently a Research Scientist at Meta (formerly Facebook). I recently received my Ph.D. in Computer Science from University of California, Riverside (UCR). I was co-advised by Prof Zhiyun Qian and Prof ‪Srikanth Krishnamurthy‬. Before that, I earned my BEng. in Telecom. Engineering from Chongqing Univ. of Posts and Telecom in 2016. My hometown is the cyberpunk-ly beautiful city Chongqing in China.

News

Apr/2023: Invited to serve as a Technical Program Committee member for IEEE S&P 2024 and EAI SecureComm 2023. Consider submitting your best work!
Apr/2022: Invited to serve as a Technical Program Committee member for IEEE INFOCOM 2023. Consider submitting your best work!
Nov/2021: Joined Meta as a Research Scientist. Looking forward to continue exploring the space at the intersection of security/privacy and ML!
Nov/2021: Defended my Ph.D. thesis titled “Understanding and Taming Adversarial Actions against Internet Content Blockers”. Heartiest thanks to my amazing advisors Zhiyun and Srikanth!
Oct/2021: Serving on USENIX Security 2022 Artifact Evaluation Committee. Consider submitting your best work and artifacts!
Jun/2021: Joined IBM Thomas J. Watson Research Center as a summer research intern, supervised by Supriyo Chakraborty.
Nov/2020: AdGraph won 3rd place for the applied research paper award at CSAW (US-CAN region).
Apr/2020: Received the Dissertation Year Program (DYP) Award. Thanks UCR!
Jan/2020: Joined Samsung Research America (SRA) again as a research intern.
Dec/2019: Our paper on eluding stateful DPI systems is conditionally accepted at NDSS 2020.
Dec/2019: Invited to give a talk at XJTU InForSec event in Xi’an, China.
Jun/2019: Joined Samsung Research America (SRA) as a research intern.
May/2019: Invited to present our work at Mozilla Security Research Summit 2019 [video].
Jan/2018: Our anti-adblocking research covered by [TechCrunch] [Arcs Technica]

Research Interest

I’m broadly interested in computer security and privacy.

Currently, I am exploring (i) adversarial machine learning (e.g., adversarial examples) and its applications/defenses in security and privacy research (e.g., in network security); (ii) learning-based models to facilitate program analysis tasks; and (iii) model explainability/interpretability strategies that help understand code models.

In the past, my research used to focus on privacy-enhancing technologies. Nowadays, the popularity of online advertisements has made them an attractive vector for various types of abuses. I worked on improving the effectiveness of adblocking by (i) measuring/analyzing the escalating arms race between adblockers and anti-adblockers through program analysis; (ii) making adblockers stealthy against anti-adblockers via browser modifications; and (iii) leveraging machine learning to better identify advertising- and tracking-related resources.

Pre-prints

1. Generating Practical Adversarial Network Traffic Flows Using NIDSGAN
   Bolor-Erdene Zolbayar, Ryan Sheatsley, Patrick McDaniel, Michael J. Weisman, Sencun Zhu, Shitong Zhu, Srikanth Krishnamurthy

Publications

Note #1: * indicates equal contributions.
Note #2: As a researcher, I try to open-source code/datasets for my projects for reproducibility and enabling future work. I encourage you to do the same when possible! Check this article to see why (many arguments in it go beyond ML community).

2023

1. SyzDescribe: Principled, Automated, Static Generation of Syscall Descriptions for Kernel Drivers [code]
   Yu Hao, Guoren Li, Xiaochen Zou, Weiteng Chen, Shitong Zhu, Zhiyun Qian, Ardalan Amiri Sani
   IEEE Symposium on Security & Privacy (S&P), San Francisco, CA, May 2023

   2021

2. Adversarial Attacks on Black Box Video Classifiers: Leveraging the Power of Geometric Transformations [code]
   Shasha Li^*, Abhishek Aich^*, Shitong Zhu, Salman Asif, Chengyu Song, Amit Roy-Chowdhury, Srikanth Krishnamurthy
   Advances in Neural Information Processing Systems (NeurIPS), Virtual, Dec 2021
3. Eluding ML-based Adblockers With Actionable Adversarial Examples [code]
   Shitong Zhu, Zhongjie Wang, Xun Chen, Shasha Li, Keyu Man, Umar Iqbal, Zhiyun Qian, Kevin S. Chan, Srikanth V. Krishnamurthy, Zubair Shafiq, Yu Hao, Guoren Li, Zheng Zhang, Xiaochen Zou
   Annual Computer Security Applications Conference (ACSAC), Virtual, Dec 2021
4. Themis: Ambiguity-Aware Network Intrusion Detection based on Symbolic Model Comparison [code]
   Zhongjie Wang, Shitong Zhu, Keyu Man, Pengxiong Zhu, Yu Hao, Zhiyun Qian, Srikanth V. Krishnamurthy, Tom La Porta, Michael J. De Lucia
   ACM Conference on Computer and Communications Security (CCS), Seoul, South Korea, Nov 2021

   2020

5. You Do (Not) Belong Here: Detecting DPI Evasion Attacks with Context Learning [code][talk]
   Shitong Zhu, Shasha Li, Zhongjie Wang, Xun Chen, Zhiyun Qian, Srikanth V. Krishnamurthy, Kevin S. Chan, Ananthram Swami
   Conference on emerging Networking EXperiments and Technologies (CoNEXT), Virtual, Dec 2020
6. Connecting the Dots: Detecting Adversarial Perturbations Using Context Inconsistency [code]
   Shasha Li, Shitong Zhu, Sudipta Paul, Amit Roy-chowdhury, Chengyu Song, Srikanth Krishnamurthy, Ananthram Swami, Kevin S Chan
   European Conference on Computer Vision (ECCV), Virtual, Aug 2020
7. AdGraph: A Graph-Based Approach to Ad and Tracker Blocking [code][talk]
   Umar Iqbal, Peter Snyder, Shitong Zhu, Benjamin Livshits, Zhiyun Qian and Zubair Shafiq
   IEEE Symposium on Security & Privacy (S&P), Virtual, May 2020
   CSAW 2020 3rd Place
8. SymTCP: Eluding Stateful Deep Packet Inspection with Automated Discrepancy Discovery [code][talk]
   Zhongjie Wang, Shitong Zhu, Yue Cao, Zhiyun Qian, Chengyu Song, Srikanth V. Krishnamurthy, Tracy D. Braun and Kevin S. Chan
   Network & Distributed System Security Symposium (NDSS), San Diego, CA, Feb 2020

   2019

9. ShadowBlock: A Lightweight and Stealthy Adblocking Browser [code][demo]
   Shitong Zhu, Umar Iqbal, Zhongjie Wang, Zhiyun Qian, Zubair Shafiq and Weiteng Chen
   The Web Conference (WWW), San Francisco, CA, May 2019

   2018

10. Measuring and Disrupting Anti-Adblockers Using Differential Execution Analysis [slides][talk]
    Shitong Zhu, Xunchao Hu, Zhiyun Qian, Zubair Shafiq and Heng Yin
    The Network & Distributed System Security Symposium (NDSS), San Diego, CA, Feb 2018

    Before 2016 (undergraduate work)

11. On Selecting Composite Network-Cloud Services: A Quality-of-Service Based Approach
    Minkailu Mohamed Jalloh, Shitong Zhu, Fang Fang and Jun Huang
    International Conference on Research in Adaptive and Convergent Systems (RACS), Prague, Czechia, Oct 2015
12. A Source-location Privacy Protection Strategy via Pseudo Normal Distribution-based Phantom Routing in WSNs
    Jun Huang, Meisong Sun, Shitong Zhu, Yi Sun, Cong-cong Xing and Qiang Duan
    The 30th Annual ACM Symposium on Applied Computing (SAC), Salamanca, Spain, April 2015
13. A Defense Model of Reactive Worms Based on Dynamic Time
    Haokun Tang, Shitong Zhu, Jun Huang and Hong Liu
    Journal of Software, Nov 2014
14. Propagation of Active Worms in P2P Networks: Modeling and Analysis
    Haokun Tang, Yukui Lu, Shitong Zhu and Jun Huang
    Journal of Computers, Nov 2014

Posters

1. ShadowBlock: A Lightweight and Stealthy Adblocking Browser
   Shitong Zhu, Umar Iqbal, Zhongjie Wang, Zhiyun Qian, Zubair Shafiq and Weiteng Chen
   Midwest Security Workshop, Chicago, IL, April 2019

Talks

1. Eluding ML-based Adblockers With Actionable Adversarial Examples
   Cyber Security Collaborative Research Alliance (Webinar), Online, Oct 2021
2. You Do (Not) Belong Here: Detecting DPI Evasion Attacks with Context Learning
   Cyber Security Collaborative Research Alliance (Webinar), Online, Dec 2020
3. Adblocking: A Slient Online Arms Race
   XJTU InForSec Event, Xi’an, China, Dec 2019
4. Arms Race between Adblockers and Anti-adblockers
   Mozilla Security Research Summit, San Francisco, CA, May 2019
5. Detection and Circumvention of Ad-Block Detectors
   Data Transparency Lab Conference, Barcelona, Spain, Dec 2017

Work Experience

• Research Scientist @ Meta
  Dec/2021 - Present
• Summer Research Intern @ IBM Research
  Remote - Jun/2021 to Sep/2021
• PhD ML Software Engineer Intern @ Facebook
  Remote - Jul/2020 to Sep/2020
• Research Intern @ Samsung Research America
  Remote - Jan/2020 to Mar/2020
  Mountain View, CA - Jun/2019 to Sep/2019
• Consulting Intern @ Deloitte TTL (ERS - Technology Risk)
  Shenzhen, China - Jan/2016 to Mar/2016
• Software Engineering Intern @ Douban Inc.
  Beijing, China - Jul/2015 to Sep/2015

Professional Services

• Technical Program Committee: IEEE S&P ‘24, EAI SecureComm ‘23, INFOCOM ‘23
• Reviewer: CSCW ‘22, IMWUT ‘22, IEEE TDSC, PeerJ Computer Science
• Sub-reviewer: NDSS ‘19/‘20, CCS ‘19, S&P ‘19/‘20, ICML ‘21, NeurIPS ‘21, Journal of Systems and Software
• Artifact Evaluation Committee: USENIX Security ‘22

Miscellaneous

I used to moderate Security Reading Group at UCR CSE, with an audience body of ~20 people. Past presentations can be found here.

Tweets from Shitong

---

Powered by Jekyll