Haixin Duan — Tsinghua University

👤About

Haixin Duan is a Professor and Doctoral Supervisor at the Institute for Network Sciences and Cyberspace (INSC), Tsinghua University. He received his Ph.D. in Computer Science from Tsinghua University in 2001, and was a Visiting Scholar at UC Berkeley (2011–2012) and Senior Scientist at ICSI (2012–2013).

His research focuses on Internet infrastructure security, including DNS security and vulnerability analysis, Web security and Web PKI, HTTP/HTTPS and CDN security, network measurement, intrusion detection, and AI system security. He has published over 100 papers at top-tier security venues including IEEE S&P, USENIX Security, ACM CCS, and NDSS.

He received the ACM CCS Best Paper Award (2020), IEEE/IFIP DSN Best Paper Award (2020), NDSS Distinguished Paper Award (2016), and was named an Outstanding Talent in China's Cyberspace Security by the Cyberspace Administration of China. He serves as a member of the Academic Degrees Committee of the State Council (since 2020), and is co-founder of InForSec, XCTF, and DataCon.

Research Interests

DNS Security & Vulnerability Analysis Web Security & Web PKI HTTP/HTTPS & CDN Security Network Measurement Intrusion Detection & Underground Economy Email Security IoT Security Protocol Security Analysis AI System Security

💼Experience

Professional Experience

2009 — Present Professor & Doctoral Supervisor

Institute for Network Sciences and Cyberspace (INSC), Tsinghua University

Leading the NISL research group; teaching undergraduate and graduate courses; directing multiple national research projects.

2012 — 2013 Senior Scientist

International Computer Science Institute (ICSI), Berkeley, USA

2011 — 2012 Visiting Scholar

University of California, Berkeley, USA

2003 — 2009 Associate Professor

Department of Computer Science and Technology, Tsinghua University

2001 — 2003 Assistant Professor

Department of Computer Science and Technology, Tsinghua University

Education

1996 — 2001 Ph.D. in Computer Science

Tsinghua University, Beijing, China

1993 — 1996 M.Eng. in Computer Science

Harbin Institute of Technology, Harbin, China

1989 — 1993 B.Eng. in Computer Science

Harbin Institute of Technology, Harbin, China

Awards & Honors

2020 ACM CCS Best Paper Award

"DNS cache poisoning attack reloaded: Revolutions with side channels"

2020 IEEE/IFIP DSN Best Paper Award

"CDN Backfired: Amplification Attacks Based on HTTP Range Requests"

2020 Applied Networking Research Award (IRTF)

2016 NDSS Distinguished Paper Award

"Forwarding-Loop Attacks in Content Delivery Networks" — first Chinese researcher to receive this award

2016 Outstanding Talent in China's Cyberspace Security

Awarded by the Cyberspace Administration of China (inaugural cohort)

📚Teaching

Undergraduate

Network Security Engineering and Practice

Core undergraduate course covering cryptography fundamentals, network protocol security, Web security, and intrusion detection, with hands-on lab sessions. Taught continuously since 2003.

📅 Every semester 🕐 2003 — Present

Graduate

Network Protocol Security Analysis

Advanced graduate course covering security design and real-world vulnerabilities in Internet protocols including DNS, HTTP, TLS, and BGP, integrating latest research findings from the lab.

📅 Every semester 🕐 2019 — Present

Graduate

Network and System Security

Graduate course covering OS security, offensive and defensive techniques, vulnerability analysis, and security measurement methodology.

📅 Concluded 🕐 2005 — 2019

📄Selected Publications

Selected recent publications (100+ total). Full list: Google Scholar · DBLP · NISL Homepage

Identifying Logical Vulnerabilities in QUIC Implementations

Kaihua Wang, Jianjun Chen, Pinji Chen, Jianwei Zhuge, Jiaju Bai, Haixin Duan

NDSS 2026

SIPConfusion: Exploiting SIP Semantic Ambiguities for Caller ID and SMS Spoofing

Qi Wang, Jianjun Chen, Jingcheng Yang, Jiahe Zhang, Yaru Yang, Haixin Duan

NDSS 2026

Token Time Bomb: Evaluating JWT Implementations for Vulnerability Discovery

Jingcheng Yang, Enze Wang, Jianjun Chen, Qi Wang, Yuheng Zhang, Haixin Duan, Wei Xie, Baosheng Wang

NDSS 2026

Small Cell, Big Risk: A Security Assessment of 4G LTE Femtocells in the Wild

Yaru Yang, Yiming Zhang, Tao Wan, Haixin Duan, Deliang Chang, Yishen Li, Shujun Tang

NDSS 2026

Understanding the Status and Strategies of the Code Signing Abuse Ecosystem

Hanqing Zhao, Yiming Zhang, Lingyun Ying, Mingming Zhang, Baojun Liu, Haixin Duan, et al.

NDSS 2026

RebirthDay Attack: Reviving DNS Cache Poisoning with the Birthday Paradox

Xiang Li, Mingming Zhang, Zuyao Xu, …, Baojun Liu, Jia Zhang, Xiaofeng Zheng, Haixin Duan, et al.

ACM CCS 2025

Exploring and Analyzing Cross Layer DoS Attack Against UDP-based Services on Linux

Dashuai Wu, Yunyi Zhang, Baojun Liu, Xiang Li, Eihal Alowaisheq, Haixin Duan

ACM CCS 2025

Decoding DNS Centralization: Measuring and Identifying NS Domains Across Hosting Providers

Qihang Peng, Mingming Zhang, Deliang Chang, Jia Zhang, Baojun Liu, Haixin Duan

IEEE/IFIP DSN 2025

The Danger of Packet Length Leakage: Off-path TCP/IP Hijacking Attacks Against Wireless and Mobile Networks

Guancheng Li, Minghao Zhang, Jianjun Chen, …, Haixin Duan, Zhiyun Qian

IEEE EuroS&P 2025

DNSBomb: A New Practical-and-Powerful Pulsing DoS Attack Exploiting DNS Queries-and-Responses

Xiang Li, Dashuai Wu, Haixin Duan, Qi Li

IEEE Symposium on Security and Privacy (S&P) 2024

TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets

Xiang Li, Wei Xu, Baojun Liu, Mingming Zhang, …, Jianjun Chen, Haixin Duan, Qi Li

IEEE Symposium on Security and Privacy (S&P) 2024

ReqsMiner: Automated Discovery of CDN Forwarding Request Inconsistencies and DoS Attacks with Grammar-based Fuzzing

Linkai Zheng, Xiang Li, Chuhan Wang, Run Guo, Haixin Duan, Jianjun Chen, Chao Zhang, Kaiwen Shen

NDSS 2024

BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet

Chuhan Wang, …, Xiang Li, Jianjun Chen, Haixin Duan, et al.

NDSS 2024

ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing

Qifan Zhang, Xuesong Bai, Xiang Li, Haixin Duan, Qi Li, Zhou Li

USENIX Security 2024

Rethinking the Security Threats of Stale DNS Glue Records

Yunyi Zhang, Baojun Liu, Haixin Duan, Min Zhang, Xiang Li, et al.

USENIX Security 2024

Cross the Zone: Toward a Covert Domain Hijacking via Shared DNS Infrastructure

Yunyi Zhang, Mingming Zhang, Baojun Liu, …, Haixin Duan, et al.

USENIX Security 2024

Where URLs Become Weapons: Automated Discovery of SSRF Vulnerabilities in Web Applications

Enze Wang, Jianjun Chen, …, Haixin Duan, Yang Liu, Baosheng Wang

IEEE Symposium on Security and Privacy (S&P) 2024

Ghost Domain Reloaded: Vulnerable Links in Domain Name Delegation and Revocation

Xiang Li, Baojun Liu, Xuesong Bai, Mingming Zhang, …, Haixin Duan, Qi Li

NDSS 2023

The Maginot Line: Attacking the Boundary of DNS Caching Protection

Xiang Li, Chaoyi Lu, Baojun Liu, Qifan Zhang, Zhou Li, Haixin Duan, Qi Li

USENIX Security 2023

TsuKing: Coordinating DNS Resolvers and Queries into Potent DoS Amplifiers

Wei Xu, Xiang Li, Chaoyi Lu, Baojun Liu, Haixin Duan, Jia Zhang, Jianjun Chen, Tao Wan

ACM CCS 2023

Silence is not Golden: Disrupting the Load Balancing of Authoritative DNS Servers

Fenglu Zhang, Baojun Liu, …, Chaoyi Lu, Ying Liu, Haixin Duan, Min Yang

ACM CCS 2023

Continuous Intrusion: Characterizing the Security of Continuous Integration Services

Yacong Gu, Lingyun Ying, Huajun Chai, Chu Qiao, Haixin Duan, Xing Gao

IEEE Symposium on Security and Privacy (S&P) 2023

Temporal CDN-Convex Lens: A CDN-Assisted Practical Pulsing DDoS Attack

Run Guo, Jianjun Chen, …, Baojun Liu, Xiang Li, Chao Zhang, Haixin Duan, Jianping Wu

USENIX Security 2023

Site Isolation Enables Timing-Based Cross-Site Browsing Surveillance

Zihao Jin, Ziqiao Kong, Shuo Chen, Haixin Duan

IEEE Symposium on Security and Privacy (S&P) 2022

Building an Open, Robust, and Stable Voting-Based Domain Top List

Qinge Xie, Shujun Tang, Xiaofeng Zheng, …, Baojun Liu, Haixin Duan, Frank Li

USENIX Security 2022

Large-scale Security Measurements on the Android Firmware Ecosystem

Qinsheng Hou, Wenrui Diao, …, Lingyun Ying, Shanqing Guo, …, Haixin Duan

ICSE 2022

DNS Cache Poisoning Attack Reloaded: Revolutions with Side Channels 🏆 Best Paper

Keyu Man, Zhiyun Qian, Zhongjie Wang, Xiaofeng Zheng, Youjun Huang, Haixin Duan

ACM CCS 2020 Best Paper Award

CDN Backfired: Amplification Attacks Based on HTTP Range Requests 🏆 Best Paper

Weizhong Li, Kaiwen Shen, Run Guo, Baojun Liu, Jia Zhang, Haixin Duan, et al.

IEEE/IFIP DSN 2020 Best Paper Award

Weak Links in Authentication Chains: A Large-Scale Analysis of Email Sender Spoofing Attacks

Kaiwen Shen, Chuhan Wang, …, Haixin Duan, Qingfeng Pan, Min Yang

USENIX Security 2021

Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem

Yiming Zhang, Baojun Liu, Chaoyi Lu, Zhou Li, Haixin Duan, et al.

ACM CCS 2021

Poison Over Troubled Forwarders: A Cache Poisoning Attack Targeting DNS Forwarding Devices

Xiaofeng Zheng, Chaoyi Lu, …, Baojun Liu, Keyu Man, Shuang Hao, Haixin Duan, Zhiyun Qian

USENIX Security 2020

Forwarding-Loop Attacks in Content Delivery Networks 🏆 Distinguished Paper

Jianjun Chen, Jian Jiang, Xiaofeng Zheng, Haixin Duan, Jinjin Liang, Tao Wan, Kang Li, Vern Paxson

NDSS 2016 Distinguished Paper Award

We Still Don't Have Secure Cross-Domain Requests: An Empirical Study of CORS

Jianjun Chen, Jian Jiang, Haixin Duan, Tao Wan, Shuo Chen, Vern Paxson, Min Yang

USENIX Security 2018

Ghost Domain Names: Revoked Yet Still Resolvable

Jian Jiang, Jinjin Liang, Kang Li, Jun Li, Haixin Duan, Jianping Wu

NDSS 2012

🏛Professional Service

Professional Bodies

Member, Academic Degrees Committee of the State Council (2020—)
Secretary-General, CCF Technical Committee on Network and System Security
Executive Director, China Cyberspace Security Association
Member, China Network Security Industry Alliance (2016—)
Guest Professor, Harbin Institute of Technology (Weihai)

Editorial Board

Associate Editor, ACM Transactions on Privacy and Security (2020—)

Journal Reviewer

IEEE Transactions on Networking
IEEE/ACM Transactions on Networking
Journal of Network and Computer Applications

Conference Program Committees

SecureComm 2023 — PC Chair
NDSS — PC Member (multiple years)
ACM CCS — PC Member (multiple years)
USENIX Security — PC Member (multiple years)
IEEE S&P — PC Member (multiple years)

Community Initiatives (Co-founder)

InForSec — Chair (2015—)
International Security Research Forum
XCTF — (2016—)
China's premier CTF competition series
DataCon — (2019—)
Data Security Competition & Conference