About Me
Howdy! I am currently a Research Scientist at Meta (formerly Facebook). I recently received my Ph.D. in Computer Science from University of California, Riverside (UCR). I was co-advised by Prof Zhiyun Qian and Prof Srikanth Krishnamurthy. Before that, I earned my BEng. in Telecom. Engineering from Chongqing Univ. of Posts and Telecom in 2016. My hometown is the cyberpunk-ly beautiful city Chongqing in China.
News
Apr/2023: Invited to serve as a Technical Program Committee member for IEEE S&P 2024 and EAI SecureComm 2023. Consider submitting your best work!
Apr/2022: Invited to serve as a Technical Program Committee member for IEEE INFOCOM 2023. Consider submitting your best work!
Nov/2021: Joined Meta as a Research Scientist. Looking forward to continue exploring the space at the intersection of security/privacy and ML!
Nov/2021: Defended my Ph.D. thesis titled “Understanding and Taming Adversarial Actions against Internet Content Blockers”. Heartiest thanks to my amazing advisors Zhiyun and Srikanth!
Oct/2021: Serving on USENIX Security 2022 Artifact Evaluation Committee. Consider submitting your best work and artifacts!
Jun/2021: Joined IBM Thomas J. Watson Research Center as a summer research intern, supervised by Supriyo Chakraborty.
Nov/2020: AdGraph won 3rd place for the applied research paper award at CSAW (US-CAN region).
Apr/2020: Received the Dissertation Year Program (DYP) Award. Thanks UCR!
Jan/2020: Joined Samsung Research America (SRA) again as a research intern.
Dec/2019: Our paper on eluding stateful DPI systems is conditionally accepted at NDSS 2020.
Dec/2019: Invited to give a talk at XJTU InForSec event in Xi’an, China.
Jun/2019: Joined Samsung Research America (SRA) as a research intern.
May/2019: Invited to present our work at Mozilla Security Research Summit 2019 [video].
Jan/2018: Our anti-adblocking research covered by [TechCrunch] [Arcs Technica]
Research Interest
I’m broadly interested in computer security and privacy.
Currently, I am exploring (i) adversarial machine learning (e.g., adversarial examples) and its applications/defenses in security and privacy research (e.g., in network security); (ii) learning-based models to facilitate program analysis tasks; and (iii) model explainability/interpretability strategies that help understand code models.
In the past, my research used to focus on privacy-enhancing technologies. Nowadays, the popularity of online advertisements has made them an attractive vector for various types of abuses. I worked on improving the effectiveness of adblocking by (i) measuring/analyzing the escalating arms race between adblockers and anti-adblockers through program analysis; (ii) making adblockers stealthy against anti-adblockers via browser modifications; and (iii) leveraging machine learning to better identify advertising- and tracking-related resources.
Pre-prints
- Generating Practical Adversarial Network Traffic Flows Using NIDSGAN
Bolor-Erdene Zolbayar, Ryan Sheatsley, Patrick McDaniel, Michael J. Weisman, Sencun Zhu, Shitong Zhu, Srikanth Krishnamurthy
Publications
Note #1: * indicates equal contributions.
Note #2: As a researcher, I try to open-source code/datasets for my projects for reproducibility and enabling future work. I encourage you to do the same when possible! Check this article to see why (many arguments in it go beyond ML community).
2023
- SyzDescribe: Principled, Automated, Static Generation of Syscall Descriptions for Kernel Drivers [code]
Yu Hao, Guoren Li, Xiaochen Zou, Weiteng Chen, Shitong Zhu, Zhiyun Qian, Ardalan Amiri Sani
IEEE Symposium on Security & Privacy (S&P), San Francisco, CA, May 2023
2021
- Adversarial Attacks on Black Box Video Classifiers: Leveraging the Power of Geometric Transformations [code]
Shasha Li*, Abhishek Aich*, Shitong Zhu, Salman Asif, Chengyu Song, Amit Roy-Chowdhury, Srikanth Krishnamurthy
Advances in Neural Information Processing Systems (NeurIPS), Virtual, Dec 2021
- Eluding ML-based Adblockers With Actionable Adversarial Examples [code]
Shitong Zhu, Zhongjie Wang, Xun Chen, Shasha Li, Keyu Man, Umar Iqbal, Zhiyun Qian, Kevin S. Chan, Srikanth V. Krishnamurthy, Zubair Shafiq, Yu Hao, Guoren Li, Zheng Zhang, Xiaochen Zou
Annual Computer Security Applications Conference (ACSAC), Virtual, Dec 2021
- Themis: Ambiguity-Aware Network Intrusion Detection based on Symbolic Model Comparison [code]
Zhongjie Wang, Shitong Zhu, Keyu Man, Pengxiong Zhu, Yu Hao, Zhiyun Qian, Srikanth V. Krishnamurthy, Tom La Porta, Michael J. De Lucia
ACM Conference on Computer and Communications Security (CCS), Seoul, South Korea, Nov 2021
2020
- You Do (Not) Belong Here: Detecting DPI Evasion Attacks with Context Learning [code][talk]
Shitong Zhu, Shasha Li, Zhongjie Wang, Xun Chen, Zhiyun Qian, Srikanth V. Krishnamurthy, Kevin S. Chan, Ananthram Swami
Conference on emerging Networking EXperiments and Technologies (CoNEXT), Virtual, Dec 2020
- Connecting the Dots: Detecting Adversarial Perturbations Using Context Inconsistency [code]
Shasha Li, Shitong Zhu, Sudipta Paul, Amit Roy-chowdhury, Chengyu Song, Srikanth Krishnamurthy, Ananthram Swami, Kevin S Chan
European Conference on Computer Vision (ECCV), Virtual, Aug 2020
- AdGraph: A Graph-Based Approach to Ad and Tracker Blocking [code][talk]
Umar Iqbal, Peter Snyder, Shitong Zhu, Benjamin Livshits, Zhiyun Qian and Zubair Shafiq
IEEE Symposium on Security & Privacy (S&P), Virtual, May 2020
CSAW 2020 3rd Place
- SymTCP: Eluding Stateful Deep Packet Inspection with Automated Discrepancy Discovery [code][talk]
Zhongjie Wang, Shitong Zhu, Yue Cao, Zhiyun Qian, Chengyu Song, Srikanth V. Krishnamurthy, Tracy D. Braun and Kevin S. Chan
Network & Distributed System Security Symposium (NDSS), San Diego, CA, Feb 2020
2019
- ShadowBlock: A Lightweight and Stealthy Adblocking Browser [code][demo]
Shitong Zhu, Umar Iqbal, Zhongjie Wang, Zhiyun Qian, Zubair Shafiq and Weiteng Chen
The Web Conference (WWW), San Francisco, CA, May 2019
2018
- Measuring and Disrupting Anti-Adblockers Using Differential Execution Analysis [slides][talk]
Shitong Zhu, Xunchao Hu, Zhiyun Qian, Zubair Shafiq and Heng Yin
The Network & Distributed System Security Symposium (NDSS), San Diego, CA, Feb 2018
Before 2016 (undergraduate work)
- On Selecting Composite Network-Cloud Services: A Quality-of-Service Based Approach
Minkailu Mohamed Jalloh, Shitong Zhu, Fang Fang and Jun Huang
International Conference on Research in Adaptive and Convergent Systems (RACS), Prague, Czechia, Oct 2015
- A Source-location Privacy Protection Strategy via Pseudo Normal Distribution-based Phantom Routing in WSNs
Jun Huang, Meisong Sun, Shitong Zhu, Yi Sun, Cong-cong Xing and Qiang Duan
The 30th Annual ACM Symposium on Applied Computing (SAC), Salamanca, Spain, April 2015
- A Defense Model of Reactive Worms Based on Dynamic Time
Haokun Tang, Shitong Zhu, Jun Huang and Hong Liu
Journal of Software, Nov 2014
- Propagation of Active Worms in P2P Networks: Modeling and Analysis
Haokun Tang, Yukui Lu, Shitong Zhu and Jun Huang
Journal of Computers, Nov 2014
Posters
- ShadowBlock: A Lightweight and Stealthy Adblocking Browser
Shitong Zhu, Umar Iqbal, Zhongjie Wang, Zhiyun Qian, Zubair Shafiq and Weiteng Chen
Midwest Security Workshop, Chicago, IL, April 2019
Talks
- Eluding ML-based Adblockers With Actionable Adversarial Examples
Cyber Security Collaborative Research Alliance (Webinar), Online, Oct 2021
- You Do (Not) Belong Here: Detecting DPI Evasion Attacks with Context Learning
Cyber Security Collaborative Research Alliance (Webinar), Online, Dec 2020
- Adblocking: A Slient Online Arms Race
XJTU InForSec Event, Xi’an, China, Dec 2019
- Arms Race between Adblockers and Anti-adblockers
Mozilla Security Research Summit, San Francisco, CA, May 2019
- Detection and Circumvention of Ad-Block Detectors
Data Transparency Lab Conference, Barcelona, Spain, Dec 2017
Work Experience
- Research Scientist @ Meta
Dec/2021 - Present
- Summer Research Intern @ IBM Research
Remote - Jun/2021 to Sep/2021
- PhD ML Software Engineer Intern @ Facebook
Remote - Jul/2020 to Sep/2020
- Research Intern @ Samsung Research America
Remote - Jan/2020 to Mar/2020
Mountain View, CA - Jun/2019 to Sep/2019
- Consulting Intern @ Deloitte TTL (ERS - Technology Risk)
Shenzhen, China - Jan/2016 to Mar/2016
- Software Engineering Intern @ Douban Inc.
Beijing, China - Jul/2015 to Sep/2015
Professional Services
- Technical Program Committee: IEEE S&P ‘24, EAI SecureComm ‘23, INFOCOM ‘23
- Reviewer: CSCW ‘22, IMWUT ‘22, IEEE TDSC, PeerJ Computer Science
- Sub-reviewer: NDSS ‘19/‘20, CCS ‘19, S&P ‘19/‘20, ICML ‘21, NeurIPS ‘21, Journal of Systems and Software
- Artifact Evaluation Committee: USENIX Security ‘22
Miscellaneous
I used to moderate Security Reading Group at UCR CSE, with an audience body of ~20 people. Past presentations can be found here.
Powered by Jekyll