WSU Cyber Security Lab

Junjie Zhang

Assistant Professor

Department of Computer Science and Engineering

Wright State University

Office: Russ 433

3640 Colonel Glenn Hwy, Dayton, OH 45435

E-mail: first_name[dot]last_name[at]wright.edu

Phone: 937-775-5015

Biography

I am a tenured Associate Professor in the Department of Computer Science and Engineering at Wright State University. I received my Ph.D. degree in Computer Science from Georgia Institute of Technology in 2012, and my M.S. in Systems Engineering and B.S. in Computer Science from Xi'an Jiaotong University, China, in 2006 and 2003, respectively. My research focuses primarily on computer and network security. In particular, I am interested in building automated, effective, and scalable systems for security purposes. My current research focuses on Internet malware analysis, detection, and mitigation, Cyber-Physical System Security, and Software Security.

News (Last updated: 09/12/2018)

  • Soham Kelkar and Jin Huang successfully defended their master theses. Soham joined a security company and Jin continued his Ph.D. at Wright State. Congratulations!
  • Dae Wook Kim successfully defended his dissertation. He will join Dept. of Computer Science at Eastern Kentucky University as a tenure-track assistant professor. Congratulations!
  • Ademola Ikusan receives 2017 Top graduate student award for the M.S. Cyber Security program at Wright State University. Congratulations!
  • Dae Wook Kim successfully defended his dissertation proposal. Congratulations!
  • We presented our C3ET project at the Roundtable for Rapids Grant held by Chancellor Carey (news, poster).
  • Our C3ET grant is awarded (in news).

Education

  • Ph.D., Computer Science, Georgia Institute of Technology, 2012.
  • M.S., Systems Engineering, Xi’an Jiaotong University (China), 2006.
  • B.S., Computer Science, Xi’an Jiaotong University (China), 2003.

Academic Experience

  • Associate Professor, Wright State University, 2018 – Present
  • Assistant Professor, Wright State University, 2012 – 2018

Professional Experience

  • Graduate Research Assistant, Georgia Institute of Technology, 2006 – 2012
  • Research Intern, Microsoft Research, Silicon Valley, May – Aug, 2011
  • Research Intern, Microsoft Research, Redmond, May – Aug, 2010
  • Research Intern, Damballa Inc., May – Aug, 2007, 2008, and 2009

Publications (J: Journal, C: Conference)

  1. [C19] Yu Li, Ivan Frasure, Ademola Ayodeji Ikusan, Junjie Zhang, and Rui Dai, “Vulnerability Assessment for Unmanned Systems Autonomy Services Architecture”, in Proceedings of 12th International Conference on Network and System Security (NSS-2018), Hong Kong, China, August, 2018.
  2. [C18] Soham Kelkar, Timothy Kraus, Daria Morgan, Junjie Zhang, and Rui Dai, “Analyzing HTTP-Based Information Exfiltration of Malicious Android Applications”, in Proceedings of IEEE TrustCom 2018.
  3. [C16] Jianfeng Li, Xiaobo Ma, Guodong Li, Xiapu Luo, Junjie Zhang, Wei Li, and Xiaohong Guan, “Can We Learn What People Are Doing from RAW DNS Queries?”, in Proceedings of INFOCOM 2018.
  4. [J10] Yuang Yang, Zhongmin Cai, Chunyan Wang, and Junjie Zhang, “Probabilistically Inferring Attack Ramifications Using Temporal Dependency Network”, IEEE Transactions on Information Forensics and Security, Volume 13, Issue 11, pp. 2913-1929, Nov. 2018.
  5. [J9] Yu Li, Xiaotian Wang, Dae Wook Kim, Junjie Zhang, Rui Dai, “Designing self-destructing wireless sensors with security and performance assurance”, Computer Networks, Volume 141, 2018, Pages 44-56, ISSN 1389-1286.
  6. [J8] Yadong Zhou, Ximi Wang, Junjie Zhang, Peng Zhang, Lili Liu, Huan Jin, and Hongbo Jin, “Analyzing and Detecting Money-Laundering Accounts in Online Social Networks”, IEEE Network Magazine, Volume 32, Issue 3, 2017.
  7. [J7] Dae Wook Kim and Junjie Zhang, "Deriving and Measuring DNS-Based Fingerprints", In Journal of Information Security and Applications, Volume 36, 2017, Pages 32-42.
  8. [C15] Guangyue Xu, Mingxuan, Sun, Junjie Zhang, Dae Wook Kim, "Tracking You Through DNS Traffic: Linking User Sessions By Clustering With Dirichlet Mixture Model", to appear in the ACM International Conference on Modeling, Analysis and Simulation of Wireless and Mobile Systems, Nov. 2017.
  9. [J6] Jianfeng Li, Xiaobo Ma, Junjie Zhang, Jing Tao, Pinghui Wang, Xiaohong Guan, "Mining Repeating Pattern in Packet Arrivals: Metrics, Models, and Applications", to appear in Information Sciences, Volume 408, October 2017, Pages 1–22.
  10. [C14] Kevon Scott, Rui Dai, and Junjie Zhang, "Online-Relaying-Based Image Communication in Unmanned Aerial Vehicle Networks", to appear in IEEE International Conference on Communications (ICC), May 2017.
  11. [J5] Yadong Zhou, Dae Wook Kim, Junjie Zhang, Lili Liu, Huan Jin, Hongbo Jin, and Ting Liu, "ProGuard: Detecting Malicious Accounts in Social-Network-Based Online Promotions", IEEE Access, Special Issue on Trust Management in Pervasive Social Networking (TruPSN), to appear.
  12. [C13] Dae Wook Kim and Junjie Zhang, “You Are How You Query: Deriving Behavioral Fingerprints From DNS Traffic”, in the Proceedings of 11th International Conference on Security and Privacy in Communication Networks, (SecureComm), Dallas, USA, 2015 (Acceptance rate: 29/108 = 26.8%).
  13. [C12] Xiaotian Wang, Matthew Davis, Junjie Zhang, and Vance Saunders. "Mission-Aware Vulnerability Assessment for Cyber-Physical Systems." in Proceedings of the 1st IEEE International Workshop on Trustworthy Software Systems (TrustSoft’15), Helsinki, Finland, 2015.
  14. [C11] Jianfeng Li, Jing Tao, Xiaobo Ma, Junjie Zhang, and Xiaohong Guan, “Modeling Repeating Behaviors in Packet Arrivals: Detection and Measurement”, in Proceedings of the 2015 IEEE Conference on Computer Communications (INFOCOM'15), HONG KONG, China, 2015 (Acceptance ratio 19%).
  15. [J4] Dae Wook Kim, Peiying Yan, and Junjie Zhang, “Detecting Fake Anti-Virus Software Distribution Webpages”, in Journal of Computers and Security (JCS), VOL. 49, MARCH. 2015, Elsevier.
  16. [J3] Xiaobo Ma, Junjie Zhang, Zhenhua Li, Jianfeng Li, Jing Tao, Xiaohong Guan, John C.S. Lui, and Don Towsley, “Accurate DNS Query Characteristics Estimation via Active Probing”, Journal of Network and Computer Applications (JNCA), VOL. 47, JAN. 2015, Elsevier.
  17. [J2] Xiaobo Ma, Junjie Zhang, Jing Tao, Jianfeng Li, Jue Tian, and Xiaohong Guan, “DNSRadar: Outsourcing Malicious Domain Detection Based on Distributed Cache-Footprints”, IEEE Transactions On Information Forensics and Security, VOL. 9, NO. 11, NOV. 2014.
  18. [C10] Yu Li, Rui Dai, and Junjie Zhang, "Morphing Communications of Cyber-Physical Systems Towards Moving Target Defense", In Proceedings of the 2014 IEEE International Conference on Communications (ICC’14), Jun. 2014 (Acceptance ratio 38%).
  19. [J1] Junjie Zhang, Roberto Perdisci, Wenke Lee, Xiapu Luo, and Unum Sarfraz, “Building a Scalable System for Stealthy P2P-Botnet Detection”, IEEE Transactions On Information Forensics and Security, VOL. 9, NO. 1, JANUARY 2014.
  20. [C9] Junjie Zhang, Yinglian Xie, Fang Yu, David Soukal, and Wenke Lee, “Intention and Origination: An Inside Look at Large-Scale Bot Queries”, In Proceedings of the 20th Annual Network & Distributed System Security Symposium (NDSS’13), San Diego, USA, 2013 (Acceptance ratio 18.8%).
  21. [C8] Liting Hu, Karsten Schwan, Ajay Gulati, Junjie Zhang, and Chengwei Wang, “Net-Cohort: Detecting and Managing VM Ensembles in Virtualized Data Centers”, In Proceedings of the 9th International Conference on Autonomic Computing (ICAC'12), San Jose, USA, 2012 (Acceptance ratio 24%).
  22. [C7] Xiapu Luo, Peng Zhou, Junjie Zhang, Roberto Perdisci, Wenke Lee, and Rocky KC Chang. “Exposing invisible timing-based traffic watermarks with BACKLIT”, In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC'11), Orlando, USA, 2011 (Acceptance ratio 18.5%).
  23. [C6] Junjie Zhang, Roberto Perdisci, Wenke Lee, Unum Sarfraz and Xiapu Luo, “Detecting Stealthy P2P Botnets Using Statistical Traffic Fingerprints”, In Proceedings of the 41th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'11), Hong Kong, China, 2011 (Acceptance ratio 17.6%).
  24. [C5] Junjie Zhang, Christian Seifert, Jack W. Stokes, and Wenke Lee, “ARROW: Generating Signatures to Detect Drive-By Downloads”, In Proceedings of 20th International world wide web conference (WWW'11), Hyderabad, India, 2011 (Acceptance ratio 12.4%).
  25. [C4] Junjie Zhang, Xiapu Luo, Roberto Perdisci, Guofei Gu, Wenke Lee and Nick Feamster, “Boosting the Scalability of Botnet Detection using Adaptive Traffic Sampling”, In Proceedings of 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS'11), Hong Kong, China, 2011 (Acceptance ratio 16%).
  26. [C3] Xiapu Luo, Junjie Zhang, and Wenke Lee, “On the Secrecy of Spread Spectrum Flow Watermarks”, In Proceedings of the 15th European conference on Research in computer security (ESORICS'10), Athens, Greece, 2010 (Acceptance ratio 20.9%).
  27. [C2] Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee, “BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection”, In Proceedings of the 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008 (Acceptance ratio 15.9%).
  28. [C1] Guofei Gu, Junjie Zhang, and Wenke Lee, “BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic”, In Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08), San Diego, CA, February 2008 (Acceptance ratio 17.8%).


Invited Talks

  • “Internet Malware Detection In Network Traffic”, Northern Kentucky University Cybersecurity Symposium, Covington, KY, Oct. 21, 2016.
  • “Center for Continuous Cybersecurity Education & Training (C3ET) in West Ohio”, Round Table for Rapids Grant by Chancellor John Carey of the Ohio Department of Higher Education, Sep. 20, 2016.
  • “You are How You Query: Deriving Behavioral Fingerprints from DNS Traffic”, 13th Ohio Information Security Conference, Dayton, OH, USA, Mar 9, 2016.
  • “Privacy Leakage from DNS Traffic”, Department of Computer Science, Beijing Jiaotong University, Beijing, China, Mar 1, 2016.
  • “Cyber Program at WSU and Workforce Needs”, Ohio Cyber Dialog with Industry, OH, USA. May 7, 2015.
  • “Malware Detection in Network Traffic”, Department of Electrical Engineering and Computing Systems, University of Cincinnati, Cincinnati, OH, USA. Dec. 1, 2014.
  • “Malware Detection in Network Traffic”, School of Electronic and Information Engineering, Xi’an Jiaotong University, Xi’an, China. Nov. 28, 2014.
  • “Introduction to Cyber Security”, Dayton Regional STEM School, Dayton, OH, USA. Dec. 3, 2013.


Grants

  • "Mission-Oriented Intelligent Firmware Modeling"; (PI: J. Zhang); NHTSA; 2018 – 2019; $100,000.
  • "Developing Training Capabilities to Increase Operational System Resiliency"; (PI: J. Zhang); KBSI (Air Force STTR Phase II); 2018 – 2019; $224,658.
  • "T-RADAR: Fingerprinting Embedded Systems Using Passive and Active Network Traffic Analysis"; (PI: J. Zhang); I/UCRC: Center for Surveillance Research; 2017 – 2018; $50,000.
  • "Center for Continuous Cybersecurity Education & Training in West Ohio (Cont.)"; (PI: J. Zhang, Co-PIs: V. Saunders, A. Bryant, J. Xie); Ohio Department of Higher Education; 2017 – 2019; $486,834.
  • "Detecting and Analyzing Security Vulnerabilities for the Unmanned Systems Autonomy Services Architecture"; (PI: J. Zhang); AFRL; Summer 2017; $90,620.
  • "Vulnerability Detection for Cyber-Physical Systems"; (PI: J. Zhang); I/UCRC: Center for Surveillance Research; 2016 – 2017; $50,000.
  • "Center for Continuous Cybersecurity Education & Training in West Ohio"; (PI: J. Zhang, Co-PIs: V. Saunders, M. Emmert, A. Bryant, J. Xie); Ohio Department of Higher Education; 2016 – 2018; $541,294.
  • "REU Site: Cyber Security Research at Wright State University"; (PI: J. Zhang, Co-PI: Bin Wang); NSF; 2016 – 2019; $359,772.
  • "Scalable Vulnerability Assessment for Large Cyber-Physical Systems"; (PI: J. Zhang, 100%); Ball Aerospace & Technologies Corp; 2015; $30,000.
  • "Automatically Detecting and Analyzing Cyber-Physical System Vulnerabilities and Attack Paths"; (PI: J.Zhang, 100%); Ball Aerospace & Technologies Corp; 2013 – 2014; $50,000.
  • "Software and Hardware Infrastructure for Energy-Efficient Large-Scale Complex Language Modeling"; (PI: Shaojun Wang, Co-PIs: Amit Sheth, Keke Chen, Junjie Zhang); DoD/AFOSR (DURIP); 2013 – 2014; $492,500 (Co-PI. J.Z. for $82,248).


Students

  • Ph.D. students
    • Yu Li
    • Jin Huang
  • M.S. students
    • Gregory Buthker
  • Alumni
    • Jin Huang, M.S., 2018, "Building An AST-Oriented Symbolic Execution Engine for PHP Programs", continuing Ph.D. at Wright State University.
    • Ademola Ikusan, M.S. 2017, "Collaboratively Detecting HTTP-based Distributed Denial of Service Attack using Software Defined Network", First Employer - University of Cincinnati, Ph.D. student, GRA.
    • Soham Kelkar, M.S. 2017, "Detecting Information Leakage in Android Malware Using Static Taint Analysis", First Employer - Northwestern Mutual
    • Dae Wook Kim, Ph.D. 2017, "Data-Driven Network-Centric Threat Assessment", will join Dept. of Computer Science at Eastern Kentucky University as Tenure-Track Assistant Professor.
    • Steven Kelbley, M.S. 2016, “Detecting PHP-based Cross-Site Scripting Vulnerabilities Using Static Program Analysis” (Master Thesis), First Employer - NSA.
    • Xiaotian Wang, M.S. 2015, “Mission-Aware Vulnerability Assessment for Cyber-Physical Systems” (Master Thesis), First Employer - U.S. Army.


Teaching

  • Spring 2017
    • CS 7600 Algorithm Design and Analysis
    • CS 2160 Visual Basic Programming
  • Fall 2016
    • CEG 4430/6430 Cyber Network Security
    • CS 7200 Trust Networks
  • Spring 2016
    • CS 7200 Trust Networks
    • CEG 7380 Cloud Computing
  • Fall 2015
    • CEG 4430/6430 Cyber Network Security
    • CS 7600 Trust Networks
  • Spring 2015
    • CEG4400/6400 Computer Networks and Security
  • Fall 2014
    • CEG 4424/6424 Security Attacks and Defenses
    • CEG 6400 Network Security (Online)
  • Fall 2013
    • CEG 4110/6110 Introduction to Software Engineering
  • Spring 2013
    • CEG 4424/6424 Security Attacks and Defenses
  • Fall 2012
    • CEG 7900 Special Topics: Computer and Network Security

Services

  • Internal Committee Service
    • College Committee
      • Academic Computing Committee (Member – appointed), 2014 – Present
    • Undergraduate Committee
      • Graduate Committee (Member – appointed), 2015 – Present
      • Undergraduate Committee (Member – appointed), 2012 – 2018
      • Undergraduate Committee (Chair - elected), 2017 - Present
  • External Committee Service
    • Proposal Review Panel
      • NSF Panel, 2016
      • NSF Panel, 2017
    • Advisory Panel
      • Advisory Panel, NFS proposal titled, “Cyber Pro: Developing Rigorous and Enhanced Academic Modules (DREAMs)”, Clark State Community College
    • Conference Organization
      • Conference Publication Chair for The 9th Symposium on Electronic Crime Research (eCrime) 2014, Birmingham, Alabama, Sep. 2014
    • Conference Technical Program Committee
      • The 12th EAI International Conference on Security and Privacy in Communication Networks, Oct. 2016, Guangzhou, China
      • The 19th Information Security Conference- ISC 2016, Sep. 2016, Honolulu, Hawaii, USA
      • The 29th AAAI Conference (AAAI-15), Austin, Texas, Jan. 2015
      • The 9th Symposium on Electronic Crime Research (eCrime) 2014, Birmingham, Alabama, Sep. 2014
    • Publication Review
      • IEEE Transactions on Information Forensics and Security
      • IEEE Transactions on Dependable and Secure Computing
      • IEEE Transactions on Parallel and Distributed Systems
      • IEEE Transaction on Reliability
      • IEEE Journal on Selected Areas in Communications
      • ACM SIGCOMM Computer Communications Review (CCR)
      • Journal of Security and Communication Networks
      • International Journal of Agent Technologies and Systems
      • International Journal of Ad Hoc and Ubiquitous Computing
      • Journal of Internet Services and Applications
      • Elsevier Computer Networks
      • Semantic Web Journal
      • Journal of Information Science and Engineering
      • International Journal of Security and Networks (IJSN)
      • Computer Communications
      • IET Information Security
      • Elsevier Knowledge-Based Systems