profile picture

Siyuan Tang

Ph.D. student

Education

Ph.D. in Computer Science

Indiana University Bloomington
2018 - Now

MS in Computer Science & Technology

Nanjing University
2014 - 2017

BS in Computer Science & Technology

Nanjing University
2010 - 2014

Interests

  • Bicycling
  • Hiking

About Me

I am a sixth-year Ph.D. student in the School of Informatics, Computing, and Engineering at Indiana University, Bloomington. I joined the System Security Lab under the supervision of Prof. Xiaofeng Wang. So far, I have led successfully two research projects and published four papers on top security conferences. My research focuses on web security, threat intelligence, and AI security.

Internship

Software Developer (Intern)

2019.06 - 2019.08
Tencent CSIG, Shenzhen

I had an internship in Tencent, CSIG to build a threat intelligence platform, which automatically collects the latest sink-holed domains from sinkhole operators. The product was integrated into their internal security system.

Research Projects

Mobile/Web SDK Security - My previous research projects investigated the security impacts of mobile/web SDKs, including third-party proxy SDKs and P2P service SDKs. Through a large-scale scanning of over 2M Android APKs, we identified 963 Android apps integrated with third-party proxy SDKs, which utilize their customers as proxy peers without proper user consent. In another project, we also discovered 134 highly popular video websites and 38 Android apps integrated with a P2P video streaming service, which are proven to have serious security and privacy problems, including content pollution and IP leakage. Our findings revealed the concerning security issues on mobile/web SDKs, which may affect millions of end users. One of our work has been published by NDSS 2021 and the other is under peer review.
Threat Intelligence - Another important issue of my research is threat intelligence. In this area, one of the kernel challenges is to collect the security intelligence timely. To resolve such challenge, we came up with a novel solution to collect threat intelligence from social networks like Twitter. In one of our research, we collected over 20K spam SMS from tweets attached with SMS screenshots. We designed a framework, SpamHunter, to automatically recognize the reported spam SMS texts and URLs. Such dataset turns out to be more diverse and timely than existing spam SMS collections and threat intelligence engines, i.e., VirusTotal. We also designed an automatic evaluation framework to test the feasibility of these spam SMS texts against the existing anti-spam systems. Our submission has been accepted by CCS 2022 in the first cycle.
AI Security - Another direction of my recent research focus on AI security, more specifically, backdoor attack & detection in neural network. Backdoor is a specific type of adversarial examples which can be injected into a well trained machine learning model by poisoning a small set of data. In our recent research, we identified some interesting and fundamental properties of backdoors in neural networks and proposed novel algorithms to defense/attack with the use of such properies.

Publications

  • Selective Amnesia: On Efficient, High-Fidelity and Blind Unlearning of Trojan Backdoors
    • Rui Zhu, Di Tang, Siyuan Tang, XiaoFeng Wang, Haixu Tang
    S & P (Oakland) 2023
  • Stealthy Peers: Understanding Security Risks of WebRTC-based Peer-Assisted Video Streaming
    • Siyuan Tang, Eihal Alowaisheq, Xianghang Mi, Yi Chen, Xi- aoFeng Wang, Yanzhi Dou
    subumitted to S & P (Oakland) 2023
  • Clues in Tweets: Twitter-Guided Discovery and Analysis of SMS Spam
    • Siyuan Tang, Xianghang Mi, Ying Li, XiaoFeng Wang, Kai Chen
    CCS 2022
  • Your Phone is My Proxy: Detecting and Understanding Mobile Proxy Networks
    • Xianghang Mi, Siyuan Tang, Zhengyi Li, Xiaojing Liao, Feng Qian, XiaoFeng Wang
    NDSS 2021
  • Zombie Awakening: Stealthy Hijacking of Active Domains Through DNS Hosting Referral
    • Eihal Alowaisheq, Siyuan Tang, Zhihao Wang, Fatemah Alharbi, Xiaojing Liao, XiaoFeng Wang
    CCS 2020
  • Cracking Wall of Confinement: Understanding and Analyzing Malicious Domain Takedowns
    • Eihal Alowaisheq, Peng Wang, Sumayah Alrwais, Xiaojing Liao, XaioFeng Wang, Tasneem Alowaisheq, XiangHang Mi, Siyuan Tang, Baojun Liu
    NDSS 2019 (Distinguished Paper Award)
  • Competitive Auctions for Cost-aware Cellular Traffic Offloading with Opti- mized Capacity Gain
    • Yuan Zhang, Siyuan Tang, Tingting Chen, Sheng Zhong
    INFOCOM 2016
  • Designing Secure and Dependable Mobile Sensing Mechanisms With Revenue Guarantees
    • Yuan Zhang, He Zhang, Siyuan Tang, Sheng Zhong
    TIFS 2016