Yuankai Zhang - Statsig | LinkedIn (original) (raw)

About

I'm passionate about network innovations and system securities.

Highlights

Activity

Experience & Education

View Yuankai’s full experience

See their title, tenure and more.

Publications

Proceedings of the 34th Annual Computer Security Applications Conference (ACSAC) December 3, 2018

This paper presents DeDoS, a novel platform for mitigating asymmetric DoS attacks. These attacks are particularly challenging since even attackers with limited resources can exhaust the resources of well-provisioned servers. DeDoS offers a framework to deploy code in a highly modular fashion. If part of the application stack is experiencing a DoS attack, DeDoS can massively replicate only the affected component, potentially across many machines. This allows scaling of the impacted resource…
This paper presents DeDoS, a novel platform for mitigating asymmetric DoS attacks. These attacks are particularly challenging since even attackers with limited resources can exhaust the resources of well-provisioned servers. DeDoS offers a framework to deploy code in a highly modular fashion. If part of the application stack is experiencing a DoS attack, DeDoS can massively replicate only the affected component, potentially across many machines. This allows scaling of the impacted resource separately from the rest of the application stack, so that resources can be precisely added where needed to combat the attack. Our evaluation results show that DeDoS incurs reasonable overheads in normal operations, and that it significantly outperforms standard replication techniques when defending against a range of asymmetric attacks.
Other authors

Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM) 2017

We propose a demonstration of DeDoS, a platform for mitigating
asymmetric DDoS attacks. These attacks are particularly challenging
since attackers using limited resources can exhaust the
resources of even well-provisioned servers. DeDoS resolves this
by splitting monolithic software stacks into separable components
called minimum splittable units (MSUs). If part of the application
stack is experiencing a DDoS attack, DeDoS can massively replicate
only the a!ected MSUs…
We propose a demonstration of DeDoS, a platform for mitigating
asymmetric DDoS attacks. These attacks are particularly challenging
since attackers using limited resources can exhaust the
resources of even well-provisioned servers. DeDoS resolves this
by splitting monolithic software stacks into separable components
called minimum splittable units (MSUs). If part of the application
stack is experiencing a DDoS attack, DeDoS can massively replicate
only the a!ected MSUs, potentially across many machines. This
allows scaling of the impacted resource separately from the rest
of the application stack so that resources can be precisely added
where needed to combat the attack. Our demonstration will show
that DeDoS incurs reasonable overheads in normal operations and
that it signi"cantly outperforms naïve replication when defending
against a range of asymmetric attacks.
Other authors

Proceedings of the VLDB Endowment (PVLDB) 2017

Network accountability, forensic analysis, and failure diagnosis are
becoming increasingly important for network management and se-
curity. Network provenance significantly aids network administra-
tors in these tasks by explaining system behavior and revealing the
dependencies between system states. Although resourceful, net-
work provenance can sometimes be too rich, revealing potentially
sensitive information that was involved in system execution. In this
paper, we…
Network accountability, forensic analysis, and failure diagnosis are
becoming increasingly important for network management and se-
curity. Network provenance significantly aids network administra-
tors in these tasks by explaining system behavior and revealing the
dependencies between system states. Although resourceful, net-
work provenance can sometimes be too rich, revealing potentially
sensitive information that was involved in system execution. In this
paper, we propose a cryptographic approach to preserve the confi-
dentiality of provenance (sub)graphs while allowing users to query
and access the parts of the graph for which they are authorized.
Our proposed solution is a novel application of searchable sym-
metric encryption (SSE) and more generally structured encryption
(SE). Our SE-enabled provenance system allows a node to enforce
access control policies over its provenance data even after the data
has been shipped to remote nodes (e.g., for optimization purposes).
We present a prototype of our design and demonstrate its practical-
ity, scalability, and efficiency for both provenance maintenance and
querying.
Other authors

25th USENIX Security Symposium (Security '16) 2016

Voice interfaces are becoming more ubiquitous and are
now the primary input method for many devices. We explore
in this paper how they can be attacked with hidden
voice commands that are unintelligible to human listeners
but which are interpreted as commands by devices.
We evaluate these attacks under two different threat
models. In the black-box model, an attacker uses the
speech recognition system as an opaque oracle. We show
that the adversary can produce difficult to…
Voice interfaces are becoming more ubiquitous and are
now the primary input method for many devices. We explore
in this paper how they can be attacked with hidden
voice commands that are unintelligible to human listeners
but which are interpreted as commands by devices.
We evaluate these attacks under two different threat
models. In the black-box model, an attacker uses the
speech recognition system as an opaque oracle. We show
that the adversary can produce difficult to understand
commands that are effective against existing systems in
the black-box model. Under the white-box model, the
attacker has full knowledge of the internals of the speech
recognition system and uses it to create attack commands
that we demonstrate through user testing are not understandable
by humans.
We then evaluate several defenses, including notifying
the user when a voice command is accepted; a verbal
challenge-response protocol; and a machine learning approach
that can detect our attacks with 99.8% accuracy.
Other authors

9th USENIX Workshop on Offensive Technologies (WOOT '15) August 11, 2015

Hands-free, voice-driven user input is becoming increasingly popular, in part due to the increasing functionalities provided by intelligent digital assistances such as Siri, Cortana, and Google Now, and in part due to the proliferation of small devices that do not support more traditional, keyboard-based input.
In this paper, we examine the gap in the mechanisms of speech recognition between human and machine. In particular, we ask the question, do the differences in how humans and machines…
Hands-free, voice-driven user input is becoming increasingly popular, in part due to the increasing functionalities provided by intelligent digital assistances such as Siri, Cortana, and Google Now, and in part due to the proliferation of small devices that do not support more traditional, keyboard-based input.
In this paper, we examine the gap in the mechanisms of speech recognition between human and machine. In particular, we ask the question, do the differences in how humans and machines understand spoken speech lead to exploitable vulnerabilities? We find, perhaps surprisingly, that these differences can be easily exploited by an adversary to produce sound which is intelligible as a command to a computer speech recognition system but is not easily understandable by humans. We discuss how a wide range of devices are vulnerable to such manipulation and describe how an attacker might use them to defraud victims or install malware, among other attacks.
Other authors

15th ACM Workshop on Hot Topics in Networks (HotNets '16)

This paper presents SplitStack, an architecture targeted at
mitigating asymmetric DDoS attacks. These attacks are particularly
challenging, since attackers can use a limited amount
of resources to trigger exhaustion of a particular type of system
resource on the server side. SplitStack resolves this by
splitting the monolithic stack into many separable components
called minimum splittable units (MSUs). If part of
the application stack is experiencing a DDoS attack…
This paper presents SplitStack, an architecture targeted at
mitigating asymmetric DDoS attacks. These attacks are particularly
challenging, since attackers can use a limited amount
of resources to trigger exhaustion of a particular type of system
resource on the server side. SplitStack resolves this by
splitting the monolithic stack into many separable components
called minimum splittable units (MSUs). If part of
the application stack is experiencing a DDoS attack, SplitStack
massively replicates just the affected MSUs, potentially
across many machines. This allows scaling of the impacted
resource separately from the rest of the application
stack, so that resources can be precisely added where needed
to combat the attack. We validate SplitStack via a preliminary
case study, and show that it outperforms naïve replication
in defending against asymmetric attacks.
Other authors

Projects

Dec 2014

Hand-held devices like smartphones and tablets are becom- ing smarter day-by-day with new features being constantly added to them. One such feature is the voice command in- put that allows users to interact and carry out tasks like calling, sending email etc. from their handheld devices by simply speaking to them. While enhancing user experience, functionalities offered by voice commands can be exploited by an attacker to hamper device security and user privacy. We describe a proof-of-concept…
Hand-held devices like smartphones and tablets are becom- ing smarter day-by-day with new features being constantly added to them. One such feature is the voice command in- put that allows users to interact and carry out tasks like calling, sending email etc. from their handheld devices by simply speaking to them. While enhancing user experience, functionalities offered by voice commands can be exploited by an attacker to hamper device security and user privacy. We describe a proof-of-concept attack that activates voice command functionality in Android operating system using forged input commands. The attack stems from the lack of authentication mechanisms for voice input and tolerance of the underlying command recognition system to noise.
Other creators

Feb 2013

Developed a voting system using XDR and RPCGEN, supporting functions Voter Registration, Vote, Vote Count, etc.

Jan 2013 - May 2013

Implemented a distributed IM software with leader selection in C++
Utilized distributed leader selection algorithm
Skill Set: Linux, C++, Network Programming, distributed algorithm
Other creators

Jan 2012 - May 2012

Implemented Distance Vector and Link State routing protocols for Network Layer.
Utilized Bellman-Ford for DV and Dijkstra's for LS over NS-3 platform.
Skill Set: Linux, NS-3, C++, All Pair Shortest Path algorithm
Other creators

Jan 2012 - May 2012

Created a DHT(Distributed Hash Table)-based search engine that can search documents by keywords over Penn Chord layer and Penn Chord layer worked following DV routing protocol. It was simulated on ns-3 platform and programmed in C++.
Other creators

Languages

Native or bilingual proficiency

Full professional proficiency

Recommendations received

More activity by Yuankai

Other similar profiles

Explore collaborative articles

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Explore More

Others named Yuankai Zhang in United States

4 others named Yuankai Zhang in United States are on LinkedIn

See others named Yuankai Zhang

Add new skills with these courses