Xinyu Xing

Department of Computer Science
Northwestern University
Evanston, IL 60208

E-mail: xinyu.xing@northwestern.edu


To prospective students: I am looking for multiple Ph.D. students and undergraduate/graduate research interns who share my academic interests and have a solid background in OS or system/software security or statistics or PL. We provide full financial support for our PhDs and interns. (During the COVID-19 pandemic, remote internship opportunities are also available.)

About Me and Team (CV)

I am an Associate Professor at Northwestern University. My research interest includes OS/AI security. I earned my Ph.D. in Computer Science from Georgia Tech under the supervision of Dr. Wenke Lee and Dr. Nick Feamster. My team organizes and participates in CTF frequentlly. You may see many of them in DEFCON CTF. We also frequentlly present at prestigious industrial conferences such as BlackHat, DEFCON, and Pwn2Own in the past years, covering the topics of kernel security, reverse engineering, and AI security etc. In the past years, many of my students received prestigious awards. All the students in our group are super smart, hard-working, and self-motivated. This can be demonstrated by their productive research records and impactful research outcome. I am very fortnuate to work with them. They are more than just my students but colleagues and more importantly great friends.


Students

Yuhang Wu (PhD Student) (2021.8 - ) [S&P'22, NDSS'22, Blackhat USA'22, CCS'22]
Jiahao Yu (PhD Student) (2021.8 - )
Xian Wu (PhD Student) (2019.8 - ) [USENIX Security'21(1), IJCAI'21, ICML'21(1), NeurIPS'21]
Zhenpeng Lin (PhD Student) (2019.8 - ) [CCS'20(1), Blackhat Asia'21, Blackhat Euro'21, S&P'22, NDSS'22, Blackhat USA'22, CCS'22]
Qi Qin (Visiting Scholar) (2022.2 - ) [FSE'22]
Pedro Guerra (Research Intern) (2022.5 - )
Yueqi Chen (PhD Alumni) (2017.8 - 2022.8) ⇒ Asst. Prof., University of Colorado - Boulder
Wenbo Guo (PhD Alumni) (2017.8 - 2022.8) ⇒ Asst. Prof., Purdue University
Dongliang Mu (PhD Alumni) (2016.3 - 2020.7) ⇒ Assoc. Prof., HUST
Jun Xu (PhD Alumni) (2015.8 - 2018.6) ⇒ Asst. Prof., University of Utah
Wei Wu (Visiting Scholar) (2017.8 - 2018.11) [USENIX Security'18(1), Blackhat USA'18, USENIX Security'19(4)]
Ying Dong (Visiting Scholar) (2017.8 - 2019.3) [USENIX Security'19(1)]

Selected Publications

Blackhat USA 2022   Lin, Z., Wu, Y., Xing, X., "Cautious: A new exploitation method! No pipe but as nasty as Dirty Pipe", Blackhat USA, Las Vegas, August 2022.
CCS 2022   Lin, Z., Wu, Y., Xing, X., "DirtyCred: Escalating Privilege in Linux Kernel", Proceedings of the 29th ACM Conference on Computer and Communications Security (CCS), Los Angeles, November 2022. (conditional acceptance)
USENIX Security 2022   Zeng, K., Chen, Y., Cho, H., Xing, X., Doupe, A., Bao, T., Shoshitaishvili, Y.,"Playing for K(H)eaps: Understanding and Improving Linux Kernel Exploit Reliability", Proceedings of the 31st USENIX Security Symposium (USENIX Security), Boston, August 2022.
S&P 2022   Lin, Z., Chen, Y., Mu, D., Yu, C., Wu, Y., Li, K., Xing, X., "GREBE: Unveiling Exploitation Potential for Linux Kernel Bugs", Proceedings of the 43rd IEEE Symposium on Security and Privacy (IEEE S&P), San Francisco, May 2022.
NDSS 2022   Mu, D., Wu, Y., Chen, Y., Lin, Z., Yu, C., Wang, G., Xing, X., "An In-depth Analysis of Duplicated Linux Kernel Bug Reports", Proceedings of the Network and Distributed System Security Symposium (NDSS), US, February 2022.
FSE 2022   Qin, Q., JiYang, J., Song, F., Chen, T., Xing, X., "DeJITLeak: Eliminating JIT-Induced Timing Side-Channel Leaks", Proceedings of ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), Singapore, November 2022.
Blackhat Europe 2021   Lin, Z., Chen, Y., Xing, X., Li, K., "Your Trash Kernel Bug, My Precious 0-day", Blackhat Europe, Virtual Event, November 2021.
Blackhat Asia 2021   Chen, Y., Lin, Z, Xing, X., "A General Approach to Bypassing Many Kernel Protections and its Mitigation", Blackhat Asia, Virtual Event, May 2021.
Blackhat USA 2021   Luo, T., Ying, K, Xing, X., Liu, L., "Demystify AI Security Products With a Universal Pluggable XAI Translator", Blackhat USA, Virtual Event, August 2021.
NeurIPS 2021   Guo, W., Wu, X., Khan, U., Xing, X., "EDGE: Explaining Deep Reinforcement Learning Policies", Proceedings of the 35th Annual Conference on Neural Information Processing Systems (NeurIPS), Virtual Event, July 2021.
ICML 2021   Guo, W., Wu, X., Huang, S., Xing, X., "Adversarial Policy Learning in Two-party Competitive Games", Proceedings of the 38th International Conference on Machine Learning (ICML), Virtual Event, December 2021.
ICML 2021   Lu, Y., Guo, W.,, Xing, X., Noble, W., "DANCE: Enhancing saliency maps using decoys", Proceedings of the 38th International Conference on Machine Learning (ICML), Virtual Event, July 2021.
ICML 2021   Xie, X., Guo, W., Ma, L., Le, W., Wang, J., Zhou, L., Liu, Y., Xing, X., "Automatic RNN Repair via Model-based Analysis", Proceedings of the 38th International Conference on Machine Learning (ICML), Virtual Event, July 2021.
IJCAI 2021   Wang, L., Javed, Z., Wu, X., Guo, W., Xing, X., Song, D., "BACKDOORL: Backdoor Attack against Competitive Reinforcement Learning", Proceedings of the 30th International Joint Conference on Artificial Intelligence (IJCAI), Virtual Event, August 2021.
CCS 2021   Dai, J., Zhang, Y., Xu, H., Lyu, H., Wu, Z., Xing, X., Yang, M., "Facilitating Vulnerability Assessment through PoC Migration", Proceedings of the 28th ACM Conference on Computer and Communications Security (CCS), Virtual Event, November 2021.
USENIX Security 2021   Yang, L., Guo, W., Hao, Q., Ciptadi, A., Ahmadzadeh, A., Xing, X., Wang, G., "CADE: Detecting and Explaining Concept Drift Samples for Security Applications", Proceedings of the 30th USENIX Security Symposium (USENIX Security), Vancouver, Canada, August 2021.
USENIX Security 2021   Wu, X.(*), Guo, W.(*), Wei, H.(*), Xing, X. "Adversarial Policy Training against Deep Reinforcement Learning", Proceedings of the 30th USENIX Security Symposium (USENIX Security), Vancouver, Canada, August 2021. (*==equal contribution)
NDSS 2021   Liang, J.(*), Guo, W.(*), Luo, T., Honavar, V., Wang, G., Xing, X., "FARE: Enabling Fine-grained Attack Categorization under Low-quality Labeled Data", Proceedings of the Network and Distributed System Security Symposium (NDSS), US, February 2021. (*==equal contribution)
CCS 2020   Chen, Y., Lin, Z., Xing, X., "A Systematic Study of Elastic Objects in Kernel Exploitation", in Proceedings of the 27th ACM Conference on Computer and Communications Security (CCS), Orlando, US, November 2020. (Source code: ELOISE "Coming soon" )
CCS 2020   Z. Jiang, Y. Zhang, J. Xu, Q. Wen, Z. Wang, X. Zhang, X. Xing, M. Yang, Z. Yang "PDiff: Semantic-based Patch Presence Testing for Downstream Kernels", Proceedings of the 27th ACM Conference on Computer and Communications Security (CCS), Orlando, US, November 2020.
USENIX Security 2020   Dai, J., Jiang, Z., Zhang, Y., Zhou, Y., Chen, J, Zhang, X., Tan, X., Yang, M., Xing, X. "BScout: Direct Whole Patch Presence Test for Java Executables", Proceedings of the 29th USENIX Security Symposium (USENIX Security), Boston, US, August 2020.
Blackhat USA 2020   Guo, W., Wu, X., Xing, X. "Ruling StarCraft Game Spitefully -- Exploiting the Blind Spot of AI-Powered Game Bots", Blackhat Europe, Las Vegas, US, August 2020.
Blackhat USA 2020   Ying, K., Luo, T., Xing, X., Su, J., "Superman Powered by Kryptonite: Turn the Adversarial Attack into Your Defense Weapon", Blackhat Europe, Las Vegas, US, August 2020.
Blackhat Asia 2020   Ying, K., Luo, T., Xing, X., Su, J., "NextGen AI Trojan Detection", Blackhat Asia, Singapore, September 2020. (Arsenal)
ICDM 2020   Guo, W., Wang, L., Xu, Y., Xing, X., Du, M., Song, D. "TABOR: A Highly Accurate Approach to Inspecting and Restoring Trojan Backdoors in AI Systems", in Proceedings of the IEEE International Conference on Data Mining (ICDM), Sorrento, Italy, November 2020. (Oral Presentation, top ~9% among 930 submissions)
Blackhat Europe 2019   Chen, Y., Xing, X., Su, J., "Hands Off and Putting SLAB/SLUB Feng Shui in a Blackbox", Blackhat Europe, London, UK, December 2019.
CCS 2019   Chen, Y., Xing, X., "SLAKE: Facilitating Slab Manipulation for Exploiting Vulnerabilities in the Linux Kernel", in Proceedings of the 26th ACM Conference on Computer and Communications Security (CCS), London, UK, November 2019. (Source code: SLAKE)
CCS 2019   Liu, F., Wen, Y., Zhang, D., Jiang, X., Xing, X., Meng, D., "Log2vec: A Heterogeneous Graph Embedding Based Approach for Detecting Cyber Threats within Enterprise", in Proceedings of the 26th ACM Conference on Computer and Communications Security (CCS), London, UK, November 2019.
ASE 2019   Mu, D., Guo, W., Chen, Y., Cuevas, A., Song, C., Xing, X., Bing, M, "RENN: Efficient Reverse Execution with Neural-Network-assisted Alias Analysis", Proceedings of the 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), San Diego, US, Nov. 2019.
IMC 2019   Alrizah, M., Zhu, S., Xing, X., Wang, G., "Errors, Misunderstandings, and Vulnerabilities: Analyzing the Crowdsourcing Process of Ad-blocking Systems", Proceedings of the ACM Internet Measurement Conference (IMC), Amsterdam, Netherlands, Oct. 2019.
USENIX Security 2019   Wu, W., Chen, Y., Xing, X., Zou, W., "KEPLER: Facilitating Control-flow Hijacking Primitive Evaluation for Linux Kernel Vulnerabilities", Proceedings of the 28th USENIX Security Symposium (USENIX Security), Santa Clara, US, August 2019. (Source code: KEPLER )
USENIX Security 2019   Guo, W., Mu, D., Xing, X., Du, M., Song, D., "DEEPVSA: Facilitating Value-set Analysis with Deep Learning for Postmortem Program Analysis", Proceedings of the 28th USENIX Security Symposium (USENIX Security), Santa Clara, US, August 2019. (Source code: DEEPVSA )
USENIX Security 2019   Zhang, M., Meng, W., Lee, S., Lee, B., Xing, X., "All Your Clicks Belong to Me: Investigating Click Interception on the Web", Proceedings of the 28th USENIX Security Symposium (USENIX Security), Santa Clara, US, August 2019.
USENIX Security 2019   Dong, Y., Guo, W., Chen, Y., Xing, X., Zhang, Y., Wang, G., "Towards the Detection of Inconsistencies in Public Security Vulnerability Reports", Proceedings of the 28th USENIX Security Symposium (USENIX Security), Santa Clara, US, August 2019.
CCS 2018   Guo, W., Mu, D., Xu, J., Su, P., Wang, G., Xing, X., "LEMNA: Explaining Deep Learning based Security Applications", Proceedings of the 25th ACM Conference on Computer and Communications Security (CCS), Canada, October 2018. (Outstanding paper award) (Source code: LEMNA )
NeurIPS 2018   Guo, W., Huang, S., Tao, Y., Xing, X., Lin, L., "Explaining Deep Learning Models -- A Bayesian Non-parametric Approach", Proceedings of the 32nd Annual Conference on Neural Information Processing Systems (NeurIPS), Canada, December 2018.
USENIX Security 2018   Wu, W., Chen, Y., Xu, J., Xing, X., Gong, X., Zou, W., "FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities", Proceedings of the 27th USENIX Security Symposium (USENIX Security), Baltimore, US, August 2018. (Source code: FUZE)
USENIX Security 2018   Mu, D., Cuevas, A., Yang, L., Hu, H., Xing, X., Mao, B., Wang, G., "Understanding the Reproducibility of Crowd-reported Security Vulnerabilities", Proceedings of the 27th USENIX Security Symposium (USENIX Security), Baltimore, US, August 2018. (Data set: VM download)
ICDM 2018   Guo, W., Wang, Q., Zhang, K., Lin, L., Giles, L., Liu, X., Huang, S., Xing, X., "Defending against Adversarial Samples without Security through Obscurity", in Proceedings of the IEEE International Conference on Data Mining (ICDM), Singapore, November 2018. (Oral Presentation, top ~8% among 948 submissions)
Blackhat USA 2018   Wu, W., Xing, X., Su, J., "From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities", Blackhat USA, Las Vegas, US, August 2018. (Press release: Dark Reading, Security Boulevard, TOM)
TDSC 2018   Guan, L., Cao, C., Liu, P., Xing, X., Ge, X., Zhang, S., Yu, M., Jaeger, T., "Building a Trustworthy Execution Environment to Defeat Exploits from both Cyber Space and Physical Space for ARM ", IEEE Transactions on Dependable and Secure Computing (TDSC), 2018.
NECO 2018   Wang, Q., Zhang, K., Xing, X., Liu, X., Giles, L., "An Empirical Evaluation of Rule Extraction from Recurrent Neural Networks ", in Neural Computation, 2018.
SALAD 2018   Song, L., Xing, X., "Fine-Grained Library Customization", SALAD workshop@ECOOP, Netherland, July 2018.
CCS 2017   Huang, J., Xu, J., Xing, X., Liu, P., Qureshi, M., "FlashGuard: Leveraging Intrinsic Flash Properties to Defend Against Encryption Ransomware", in Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS), Dallas, USA, October 2017.
USENIX Security 2017   Xu, J., Mu, D., Xing, X., Liu, P., Chen, P., Mao, B., "POMP: Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts", in Proceedings of the 26th USENIX Security Symposium (USENIX Security), Vancouver, Canada, August 2017. (Source code: POMP)
KDD 2017   Wang, Q., Guo, W., Zhang, K., II Ororbia, A., Xing, X., Lee, G., Liu, X., "Adversary Resistant Deep Neural Networks with an Application to Malware Detection", in Proceedings of the ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD), Halifax, Canada, August 2017.
MobiSys 2017   Guan, L., Liu, P., Xing, X., Ge, X., Zhang, S., Yu, M., Jaeger, . T., "TrustShadow: Secure execution of unmodified applications with ARM TrustZone ", in Proceedings of the 15th ACM International Conference on Mobile Systems, Applications, and Services (MobiSys), Niagara Falls, US, June 2017.
MobiSys 2017   Luo, L., Zeng Q., Cao, C., Chen, K., Liu, J., Liu, L., Gao, N., Yang M., Xing, X., Liu, P., " System Service Call-oriented Symbolic Execution of Android Framework with Applications to Vulnerability Discovery and Exploit Generation ", in Proceedings of the 15th ACM International Conference on Mobile Systems, Applications, and Services (MobiSys), Niagara Falls, US, June 2017.
ACSAC 2017   Guan, L., Jia, S., Chen, B., Zhang, Z., Luo, B., Lin, J., Liu, L., Xing, X., and Xia, L., "Supporting Transparent Snapshot for Bare-metal Malware Analysis on Mobile Devices ", in Proceedings of the 33rd Annual Conference on Computer Security Applications (ACSAC), US, December 2017. (Best paper award)
DSN 2017   Chen, P., Xu, J., Hu, Z., Xing, X., Zhu, M., Mao, B., Liu, P., "What You See is Not What You Get! Thwarting Just-in-Time ROP with Chameleon ", in Proceedings of the 47th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Denver, US, June 2017.
CCS 2016   Xu, J., Mu, D., Chen, P., Xing, X., Liu, P., "CREDAL: Towards Locating a Memory Corruption Vulnerability with Your Core Dump", in Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS), Vienna, Austria, October 2016.
FSE 2016   Wang, W., Zheng, Y., Xing, X. , Kwon, Y., Zhang, X., Eugster, P., "WebRanz: Web Page Randomization For Better Advertisement Delivery and Web-Bot Prevention ", in Proceedings of the 24th ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE), Seattle, USA, November 2016.
WWW 2016   Meng, W., Lee, B., Xing, X. , Lee, W., "TrackMeOrNot: Enabling Flexible Control on Web Tracking", in Proceedings of the 25th International World Wide Web Conference (WWW), Montreal, Canada, May 2016. (Top 10 Finalists, CSAW 16)
Sensys 2016   Guan, L., Xu, J., Wang, S., Xing, X., Lin, L., Huang, H., Liu, P., Lee, W., "From Physical to Cyber: Escalating Protection for Personalized Auto Insurance ", in Proceedings of the 14th ACM Conference on Embedded Networked Sensor Systems (Sensys), Palo Alto, USA, December 2016.
CCS 2015   Xu, M., Jang, Y., Xing, X. , Kim, T., Lee, W., "UCognito: Private Browsing without Tears", in Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS), Denver, US, October 2015.
WWW 2015   Xing, X. , Meng, W., Lee, B., Weinsberg, U., Perdisci, R., Sheth, A., Lee, W., "Unraveling the Relationship Between Ad-Injecting Browser Extensions and Malvertising", in Proceedings of the 24th International World Wide Web Conference (WWW), Florence, Italy, May 2015.
CCS 2014   Meng, W., Xing, X. , Sheth, A., Weinsberg, U., Lee, W., "Your Online Interests - Pwned! A Pollution Attack Against Targeted Advertising", in Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS), Scottsdale, Arizona, November 2014.
PAM 2014   Xing, X., Meng, W., Doozan, D., Feamster, N., Lee, W., Snoeren, A.,"Exposing Inconsistent Web Search Results with Bobble", in Proceedings of the 2014 Passive and Active Measurement (PAM) Conference, Los Angeles, CA, March 2014. (Press release: Metro News, Saturday Paper)
TKDE 2014   Hanqiang Cheng, Xinyu Xing, Xue Liu, Qin Lv, "ISC: An Iterative Social based Classifier for Adult Account Detection on Twitter" IEEE Transactions on Knowledge and Data Engineering, 2014.
USENIX Security 2013   Xing, X., Meng, W., Doozan, D., Snoeren, A., Feamster, N., Lee, W., "Take This Personally: Pollution Attacks on Personalized Services", in Proceedings of the 22nd USENIX Security Symposium (USENIX Security'13), Washington, DC, US, 2013.
Blackhat Europe 2013   Xing, X., "Bobble", (Blackhat Europe'13), Amsterdam, Netherlands, 2013. (Arsenal)
TOIT 2013   Yu-Li Liang, Xinyu Xing, Hanqiang Cheng, Jianxun Dang, Sui Huang, Richard Han, Xue Liu, Qin Lv, Shivakant Mishra, "SafeVchat: A System for Obscene Content Detection in Online Video Chat Services" ACM Transactions on Internet Technology (TOIT), Volume 12, Issue 4, Jul. 2013.
Mobisys 2012   Tian, L., Ahn, J., Cheng, H., Xing, X., Liang, Y., Mishra, S., Chu, D., Liu, X., "MVChat: Flasher Detection for Mobile Video Chat" in Proceedings of the 10th International Conference on Mobile Systems, Applications and Services (Mobisys'12), Lake District, UK, 2012. (demo)
KDD 2012   Xing, X., Liang, Y., Huang, S., Cheng, H., Han, R., Lv, Q., Liu, X., Mishra, S., Zhu, Y., "Scalable Misbehavior Detection in Online Video Chat Services", in Proceedings of the 18th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD'12), Beijing, China, 2012.
WSDM 2012   Cheng, H., Liang, Y., Xing, X., Han, R., Liu, X., Lv, Q., Mishra, S., "Efficient Misbehaving User Detection in Online Video Chat Services", in Proceedings of the 5th ACM International Conference on Web Search and Date Mining (WSDM'12), Seattle, US, 2012. (~20% acceptance rate)
WWW 2011   Xing, X., Liang, Y., Cheng, H., Dang, J., Han, R., Liu, X., Lv, Q., Mishra, S., "SafeVchat: Detecting Obscene Content and Misbehaving Users in Online Video Chat Services", in Proceedings of the 20th International World Wide Web Conference (WWW'11), Hyderabad, IND, 2011. (<13% acceptance rate) (Press release: MIT Technology Review, NewScientist, CBC News, etc.)
INFOCOM 2011   Xing, X., Dang, J., Mishra, S., Liu, X., "A Highly Scalable Bandwidth Estimation of Commercial Hotspot Access Points", in Proceedings of the 30th IEEE International Conference on Computer Communications (INFOCOM'11), Shanghai, CHN, 2011. (<16% acceptance rate)
CU-Tech-Rep 2010   Xing, X., Dang, J., Han, R., Liu, X., Mishra, S., "Intrusions into Privacy in Video Chat Environments: Attacks and Countermeasures", University of Colorado at Boulder, Technical Report CU-CS-1068-10. (Press release: The New York Times, Slashdot, Yahoo News, PC World, etc.)
HOTMOBILE 2010   Beach, A., Gartrell, M., Xing, X., Han, R., Lv, Q., Mishra, S., Saeda, K., "Fusing Mobile, Sensor and Social Data to Fully Enable Context-Aware Computing", in Proceedings of the 11th ACM Workshop on Mobile Computing Systems and Applications (HOTMOBILE'10), Annapolis, US, 2010.
INFOCOM 2010   Xing, X., Mishra, S., Liu, X., "ARBOR: Hang Together rather than Hang Separately in 802.11 WiFi Networks", in Proceedings of the 29th IEEE International Conference on Computer Communications (INFOCOM'10), San Diego, US, 2010. (<18% acceptance rate)
SIGGROUP 2010   Xing, X., Gartrell, M., Beach, A., Han, R., Lv, Q., Mishra, S., Saeda, K., "Enhancing Group Recommendation by Incorporating Social Relationship Interactions", in Proceedings of the 2010 International ACM SIGGROUP conference on Supporting Group Work (SIGGROUP'10), Sanibel Island, US, 2010.