Dr. Daniel Xiapu Luo

Assistant Professor
Department of Computing, The Hong Kong Polytechnic University
csxluo[at]comp.polyu.edu.hk, (852)2766-7264
Daniel received his B.S. in Communication Engineering and M.S. in Communications and Information Systems from Wuhan University. He obtained his Ph.D. degree in Computer Science from the Hong Kong Polytechnic University, under the supervision of Prof. Rocky K.C. Chang. After that, Daniel spent two years at the Georgia Institute of Technology as a post-doctoral research fellow advised by Prof. Wenke Lee. His current research interests include Mobile Security and Privacy, Network Security and Privacy, Software Engineering, Blockchain, Internet Measurement, and Cloud Computing.
Looking for highly motivated Postdoctoral fellow, PhD/MPhil students in Android or System Security, Software Engineering, Network Security and Privacy, Internet Measurement, and Performance Evaluation. Please contact me if you have interests.

Teaching:

1. Discrete Structures (COMP202)
2. Computer Communications Networks (COMP312)
3. Mobile Security: Principles and Practice (COMP4332)
4. Principles and Practice of Internet Security (COMP4334)
5. Capstone Project I (COMP4911)
6. Distributed Computing (COMP5325)
7. Web Service and Project Development (COMP5332)
8. Internet Security: Principles and Practice (COMP5353)

Current Research:

1. Android Security, Vulnerability, and Privacy:
(1) Dynamic Analysis:
Malton: An On-Device Non-Invasive Mobile Malware Analysis Tool for ART.(Paper)
NDroid: A Dynamic Taint Analysis Engine for Android Applications using Native Codes.(Paper,Source Code)
(2) Unpacking Hardened Apps Running in DVM or ART:
PackerGrind: An Adaptive Unpacker.(Paper);
DexHunter: An In-VM Unpacker.(Paper, Source Code, HITCON'15 slides)
(3) Privacy Policy Analysis:
PPChecker: A System for Identifying Incomplete/Incorrect/Inconsistent Privacy Policy for Android Applications.(Paper)
AutoPPG: A System for Automatically Generating Privacy Policy Template for Android Applications.(Paper)
(4) Vulnerability Discovery:
VulHunter: A Graph-based Static-Analysis System for Discovering Vulnerable Android Applications.(Paper)
(5) Malware Detection:
FalDroid: A Quick Android Malware Familial Classifier.(Paper)
ResDroid: A Scalable Resource-driven System for Detecting Repackaged Android Applications.(Paper)
(6) Protection:
RootGuard: A System for Protecting Rooted Android Smartphones.(Paper, Demo)
(7) Some old vulnerability reports.

2. Traffic Analysis (e.g., Network Covert Channel, Traffic Watermarking, ...)
(1) HTTPOS: A System for Sealing Information Leaks with Browser-side Obfuscation of Encrypted Flows.(Paper)
(2) CLOAK: A Set of Robust Network Covert Channels Based on TCP and Enumerative Combinatorics.(Paper)

3. Network Security (e.g., DDoS, Botnet, DNS Attacks, Anonymity Network, ...)
(1) LinkScope: A Tool for Detecting Target Link Flooding Attacks through End-to-End and Hop-by-Hop Network Probing.(Paper)
(2) PDoS Attack: Plusing Denial-of-Service Attack on TCP connections and Feedback-control based Internet services.

4. Internet Measurement:
(1) H2Scope: A Tool for Profiling How Websites Supprt HTTP/2.0.(PaperSource Code)
(2) AndroidPerf: A Cross-layer Profiling System for Android Applications.(Paper)
(3) kTRxer: A Portable Toolkit for Building Reliable Internet Probing Tools.(Paper)
(4) OWPScope: A Server-Side Measurement System for Gauging Multiple One-Way Path Performance Metrics.(Paper)
(5) OneProbe: A Non-Cooperative Measurement System for Assessing Multiple One-Way Path Performance Metrics from End Users.(Paper)
(6) TRIO: A Non-Cooperative Measurement Tool for Estimating Asymmetric Capacity with Three Minimum Round-Trip Times.(Paper)
(7) Some other measurement works.

Selected Awards:

(ISC)2 Asia-Pacific Information Security Leadership Achievements (ISLA) Honorees (Senior Information Security Professional) with Showcased Project, 2017.
Best Paper Award, 8th International Conference on Applications and Technologies in Information Security (ATIS), 2017.
Best Research Paper Award, 27th International Symposium on Software Reliability Engineering (ISSRE), 2016.
CCF-腾讯犀牛鸟基金优秀奖, 2014.
Best Student Paper Award, 22nd IFIP International Information Security Conference (IFIP SEC), 2007.

Selected Publications (More in DBLP):

Chenxu Wang, Tony T.N. Miu, Xiapu Luo, and Jinhe Wang, “SkyShield: A Sketch-based Defense System for Application Layer DDoS Attacks”, IEEE Transactions on Information Forensics and Security (TIFS), 2017.
Le Yu, Xiapu Luo, Chenxiong Qian, Shuai Wang, and Hareton K. N. Leung, “Enhancing the Description-to-Behavior Fidelity in Android Apps with Privacy Policy”, IEEE Transactions on Software Engineering (TSE), 2017.
Tao Zhang, Jiachi Chen, Xiapu Luo, Tao Li, “Github bug reports in desktop software and mobile apps: what is the difference?”, IEEE Software, 2017 ( Invited to the Journal First Session of the 33rd IEEE International Conference on Software Maintenance and Evolution (ICSME)).
Shengtuo Hu, Xiaobo Ma, Muhui Jiang, Xiapu Luo and Man Ho Au, “AutoFlowLeaker: Circumventing Web Censorship through Automation Services”, Proc. of 36th IEEE International Symposium on Reliable Distributed Systems (SRDS), Hong Kong, September 2017.
Lei Xue, Yajin Zhou, Ting Chen, Xiapu Luo, Guofei Gu, “Malton: Towards On-Device Non-Invasive Mobile Malware Analysis for ART”, Proc. of 26th USENIX Security Symposium (USENIX SEC), Vancouver, Canada, August 2017.
Bo Sun, Xiapu Luo, Mitsuaki Akiyama, Takuya Watanabe and Tatsuya Mori, “Characterizing Promotional Attacks in Mobile App Store”, Proc. of 8th International Conference on Applications and Technologies in Information Security (ATIS), Auckland, New Zealand, July 2017. (Best Paper Award)
Muhui Jiang, Xiapu Luo, Tungngai Miu, Shengtuo Hu and Weixiong Rao, “Are HTTP/2 Servers Ready Yet?”, Proc. of 37th IEEE International Conference on Distributed Computing Systems (ICDCS), Atlanta, USA, June 2017.
Lei Xue, Xiapu Luo, Le Yu, Shuai Wang, Dinghao Wu, Adaptive Unpacking of Android Apps, Proc. of 39th International Conference on Software Engineering (ICSE), Buenos Aires, Argentina, May 2017.
Tao Zhang, Jiachi Chen, He Jiang, Xiapu Luo, Xin Xia, Bug Report Enrichment: A Case Study of Automated Fixer Recommendation, Proc. of 25th International Conference on Program Comprehension (ICPC), Buenos Aires, Argentina, May 2017.
Lei Xue, Xiaobo Ma, Xiapu Luo, Le Yu, Shuai Wang, Ting Chen, Is What You Measure What You Expect? Factors Affecting Smartphone-Based Mobile Network Measurement, Proc. of IEEE International Conference on Computer Communications (INFOCOM), Atlanta, USA, May 2017.
Wei Chen, Xiapu Luo, Chengyu Yin, Bin Xiao, Man Ho Au, Yajuan Tang, “CloudBot: Advanced Mobile Botnets using Ubiquitous Cloud Technologies”, Pervasive and Mobile Computing (PMC), April 2017.
Le Yu, Tao Zhang, Xiapu Luo, Lei Xue, Henry Chang, Towards Automatically Generating Privacy Policy for Android Apps, IEEE Transactions on Information Forensics and Security (TIFS), Mar. 2017.
Ming Fan, Jun Liu, Xiapu Luo, Kai Chen, Tianyi Chen, Zhenzhou Tian, Xiaodong Zhang, Qinghua Zheng and Ting Liu, Frequent Subgraph based Familial Classification of Android Malware, Proceedings of 27th International Symposium on Software Reliability Engineering (ISSRE), Ottawa, Canada, Oct., 2016. (Best Research Paper Award)
Xiapu Luo, Haocheng Zhou, Le Yu, Lei Xue, and Yi Xie, Characterizing mobile *-box applications, Computer Networks (COMNET), July, 2016.
He Jiang, Liming Nie, Zeyi Sun, Zhilei Ren, Weiqiang Kong, Tao Zhang, and Xiapu Luo, ROSF: Leveraging Information Retrieval and Supervised Learning for Recommending Code Snippets, IEEE Transactions on Services Computing (TSC), July, 2016.
Le Yu, Xiapu Luo, Xule Liu, and Tao Zhang, Can We Trust the Privacy Policies of Android Apps?, Proceedings of the 46th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Toulouse, France, June, 2016.
Le Yu, Xiapu Luo, Chenxiong Qian, and Shuai Wang, Revisiting the Description-to-Behavior Fidelity in Android Applications, Proceedings of 23rd IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER), Osaka, Japan, March, 2016.
Tao Zhang, Jiachi Chen, Geunseok Yang, Byungjeong Lee, and Xiapu Luo, Towards More Accurate Severity Prediction and Fixer Recommendation of Software Bugs, Journal of Systems and Software (JSS), 2016.
Tao Zhang, He Jiang, Xiapu Luo, and Alvin T.S. Chan, A Literature Review of Research in Bug Resolution: Tasks, Challenges and Future Directions, The Computer Journal, 2016.
Yueqian Zhang, Xiapu Luo, and Haoyang Yin, DexHunter: Toward Extracting Hidden Code from Packed Android Applications, Proceedings of the 20th European Symposium on Research in Computer Security (ESORICS), Vienna, Austria, September 2015. Source Code
Lei Xue, Chenxiong Qian, and Xiapu Luo, AndroidPerf: A Cross-layer Profiling System for Android Applications, Proceedings of 23rd IEEE/ACM International Symposium of Quality of Service (IWQoS), Portland, USA, June 2015.
Chenxiong Qian, Xiapu Luo, Le Yu, and Guofei Gu, VulHunter: Towards Discovering Vulnerabilities in Android Applications, IEEE Micro, Vol. 35, No. 1, 2015.
Yuru Shao, Xiapu Luo, Chenxiong Qian, Pengfei Zhu, and Lei Zhang, Towards a Scalable Resource-driven Approach for Detecting Repackaged Android Applications, Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC), New Orleans, USA, December 2014.
Lei Xue, Xiapu Luo, Edmond W.W. Chan, and Xian Zhan, Towards Detecting Target Link Flooding Attack, Proceedings of 28th USENIX Large Installation System Administration Conference (LISA), Seattle, USA, November 2014.
Xiapu Luo, Lei Xue, Cong Shi, Yuru Shao, Chenxiong Qian, and Edmond W.W. Chan, On Measuring One-way Path Metrics From a Web Server (Concise Paper), Proceedings of the 22nd IEEE International Conference on Network Protocols (ICNP), North Carolina, USA, October 2014.
Yuru Shao, Xiapu Luo, and Chenxiong Qian, RootGuard: Protecting Rooted Android Phones, IEEE Computer 47(6): 32-40, 2014. (Among the top 10 downloaded articles from the IEEE Computer Society's Digital Library during 2014.)
Chenxiong Qian, Xiapu Luo, Yuru Shao, and Alvin T. S. Chan, On Tracking Information Flows through JNI in Android Applications, Proceedings of the 44th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Atlanta, USA, June, 2014. Source Code
Lei Xue, Xiapu Luo, and Yuru Shao, kTRxer: A Portable Toolkit for Reliable Internet Probing, Proceedings of the 22nd IEEE/ACM International Symposium on Quality and Service (IWQoS), Hong Kong, May, 2014.
Yajuan Tang, Xiapu Luo, Qing Hui, and Rocky K. C. Chang, Modeling the Vulnerability of Feedback-Control Based Internet Services to Low-Rate Dos Attacks, IEEE Transactions on Information Forensics and Security (TIFS) 9(3): 339-353, 2014.
Junjie Zhang, Roberto Perdisci, Wenke Lee, Xiapu Luo, and Unum Sarfraz, Building A Scalable System For Stealthy P2P-Botnet Detection, IEEE Transactions on Information Forensics and Security (TIFS) 9(1): 27-38, 2014.
Yujing Liu, Xiapu Luo, Rocky K. C. Chang, and Jinshu Su, Characterizing Inter-Domain Rerouting by Betweenness Centrality after Disruptive Events, IEEE Journal on Selected Areas in Communications (JSAC) 31(6): 1147-1157, 2013.
Xiapu Luo, Edmond W. W. Chan, Peng Zhou, and Rocky K. C. Chang, Robust Network Covert Communications Based on TCP and Enumerative Combinatorics, in IEEE Transactions on Dependable and Secure Computing (TDSC), Vol. 9, No. 6, Nov.-Dec., 2012.
Ricky K.P. Mok, Xiapu Luo, Edmond W.W. Chan, and Rocky K.C. Chang, QDASH: A QoE-aware DASH system, Proceedings of 3rd ACM Multimedia Systems conference (MMSys), Chapel Hill, USA, February 2012.
Xiapu Luo, Peng Zhou, Junjie Zhang, Roberto Perdisci, Wenke Lee, and Rocky K.C. Chang, Exposing Invisible Timing-based Traffic Watermarks with BACKLIT, Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC), Orlando, USA, December 2011.
Edmond W.W. Chan, Ang Chen, Xiapu Luo, Ricky K.P. Mok, Weichao Li, and Rocky K.C. Chang, TRIO: Measuring Asymmetric Capacity with Three Minimum Round-Trip Times, Proceedings of 7th ACM International Conference on emerging Networking EXperiments and Technologies (CoNEXT), Tokyo, Japan, December 2011.
Xiapu Luo, Peng Zhou, Edmond W.W. Chan, Rocky K.C. Chang, and Wenke Lee, A Combinatorial Approach to Network Covert Communications with Applications in Web Leaks, Proceedings of the 41st IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Hong Kong, June 2011.
Junjie Zhang, Roberto Perdisci, Wenke Lee, Unum Sarfraz, and Xiapu Luo, Detecting Stealthy P2P Botnets Using Statistical Traffic Fingerprints, Proceedings of the 41st IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Hong Kong, June 2011.
Junjie Zhang, Xiapu Luo, Roberto Perdisci, Guofei Gu, Wenke Lee, and Nick Feamster, Boosting the scalability of botnet detection using adaptive traffic sampling, Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS), Hong Kong, March 2011.
Xiapu Luo, Peng Zhou, Edmond W.W. Chan, Wenke Lee, Rocky K.C. Chang, and Roberto Perdisci, HTTPOS: Sealing Information Leaks with Browser-side Obfuscation of Encrypted Flows, Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS), San Diego, USA, February 2011.
Qing Hui, Xiapu Luo, and Wenke Lee, Control of low-rate Denial-of-Service attacks on Web servers and TCP fows, Proceedings of the 49th IEEE Conference on Decision and Control (CDC), Atlanta, GA, December 2010.
Xiapu Luo, Junjie Zhang, Roberto Perdisci and Wenke Lee, On the Secrecy of Spread-Spectrum Flow Watermarks, Proceedings of the 15th European Symposium Research Computer Security (ESORICS), Athens, Greece, September 2010.
Manos Antonakakis, David Dagon, Xiapu Luo, Roberto Perdisci and Wenke Lee, A Centralized Monitoring Infrastructure For Improving DNS Security, Proceedings of the 13th International Symposium on Recent Advances in Intrusion Detection (RAID), Ottawa, Canada, September 2010.
Edmond W.W. Chan, Xiapu Luo, Weichao Li, Waiting W.T. Fok, and Rocky K.C. Chang, Measurement of Loss Pairs in Network Paths, Proceedings of the 13th Internet Measurement Conference (IMC), Melbourne, Australia, November 2010.
Roberto Perdisci, Manos Antonakakis, Xiapu Luo, and Wenke Lee, WSEC DNS: Protecting Recursive DNS Resolvers from Poisoning Attacks, Proceedings of the 39th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Lisbon, Portugal, June 2009.
David Dagon, Manos Antonakakis, Kevin Day, Xiapu Luo, Christopher P. Lee, and Wenke Lee, Recursive DNS Architectures and Vulnerability Implications, Proceedings of the 16th Annual Network and Distributed System Security Symposium (NDSS), San Diego, USA, February 2009.
Edmond W.W. Chan, Xiapu Luo and Rocky K.C. Chang, A minimum-delay-difference method for mitigating cross-traffic impact on capacity measurement, Proceedings of the 5th ACM International Conference on emerging Networking EXperiments and Technologies (CoNEXT), Rome, Italy, December 2009.
Xiapu Luo, Edmond W.W. Chan and Rocky K.C. Chang, Design and implementation of TCP data probes for reliable and metric-rich network path monitoring, Proceedings of the 20th USENIX Annual Technical Conference (USENIX ATC), San Diego, USA, June 2009.
Xiapu Luo, Edmond W.W. Chan, and Rocky K.C. Chang, TCP Covert Timing Channels: Design and Detection, Proceedings of the 38th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Anchorage, USA, June 2008.
Xiapu Luo, Edmond W.W. Chan, and Rocky K.C. Chang, Cloak: A Ten-fold Way for Reliable Covert Communications, Proceedings of the 12th European Symposium Research Computer Security (ESORICS), Dresden, German, September 2007.
Xiapu Luo, Edmond W.W. Chan, and Rocky K.C. Chang, Crafting Web Counters into Covert Channels, Proceedings of the 22nd IFIP International Information Security Conference (IFIP SEC), Sandton, South Africa, May 2007. (Best student paper award)
Xiapu Luo, Edmond W.W. Chan, and Rocky K.C. Chang, Vanguard: A New Detection Scheme for a Class of TCP-targeted Denial-of-Service Attacks, Proceedings of 10th IEEE/IFIP Network Operations and Management Symposium (NOMS), Vancouver, Canada, April 2006.
Xiapu Luo and Rocky K.C. Chang, Novel Approaches to End-to-End Packet Reordering Measurement, Proceedings of the 8th ACM/USENIX Internet Measurement Conference (IMC), Berkeley, USA, October 2005.
Xiapu Luo and Rocky K.C. Chang, Optimizing the Pulsing Denial-of-Service Attacks, Proceedings of the 35th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Yokohama, Japan, June 2005.
Xiapu Luo and Rocky K.C. Chang, On a New Class of Pulsing Denial-of-Service Attacks and the Defense, Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS), San Diego, USA, February 2005.