-
Notifications
You must be signed in to change notification settings - Fork 74
XMap in Academic Research
XMap has emerged as a powerful tool in the field of network measurement and security research, widely recognized and cited in numerous high-impact academic papers. Its ability to efficiently discover and analyze IPv6 network peripheries has made it an essential resource for researchers exploring the security implications of large-scale network scanning. Below is a curated list of notable publications that have utilized or referenced XMap, demonstrating its significant impact on advancing the state of the art in network security and measurement:
-
[DSN '21] Xiang Li, Baojun Liu, Xiaofeng Zheng, Haixin Duan, Qi Li, Youjun Huang. Fast IPv6 Network Periphery Discovery and Security Implications. In Proceedings of the 2021 IEEE/IFIP International Conference on Dependable Systems and Networks (DSN '21). Taipei, Taiwan, June 21-24, 2021 (Virtually). [PDF] [Slides] [Video].
(Acceptance rate: 48/279=17.2%)
-
[NDSS '23] Xiang Li, Baojun Liu, Xuesong Bai, Mingming Zhang, Qifan Zhang, Zhou Li, Haixin Duan, and Qi Li. Ghost Domain Reloaded: Vulnerable Links in Domain Name Delegation and Revocation. In Proceedings of the 30th Annual Network and Distributed System Security Symposium (NDSS '23). San Diego, California, 27 February – 3 March, 2023. [PDF] [Slides] [Video]
(Acceptance rate: 94/581=16.2%, Acceptance rate in summer: 36/183=19.7%), Acceptance rate in fall: 58/398=14.6%)
- Presented in OARC 39
- Presented in ICANN DNS Symposium 2022
- Presented in Black Hat Asia 2023
- Referenced by RFC Draft: Delegation Revalidation by DNS Resolvers
-
[USENIX Security '23] Xiang Li, Chaoyi Lu, Baojun Liu, Qifan Zhang, Zhou Li, Haixin Duan, and Qi Li. The Maginot Line: Attacking the Boundary of DNS Caching Protection. In Proceedings of the 32nd USENIX Security Symposium (USENIX Security '23). Anaheim, California, August 9–11, 2023. [PDF] [Slides] [Video]
(Acceptance rate: 422/1,444=29.2%, Acceptance rate in summer: 91/388=23.5%, Acceptance rate in fall: 155/531=29.2%), Acceptance rate in winter: 176/525=33.5%)
- Presented in Black Hat USA 2023
- 60+ news coverage by media such as BleepingComputer and APNIC
- An Austria government CERT daily report
- A Sweden government CERT weekly news
- A Bournemouth University (BU) CERT news
- Presented in SHUZIHUANYU Talk
- Presented in KANXUE 2023 SDC
- Presented in Black Hat Webinar
-
[CCS '23] Wei Xuⓘ, Xiang Liⓘ, Chaoyi Lu, Baojun Liu, Jia Zhang, Jianjun Chen, Tao Wan, and Haixin Duan. TsuKing: Coordinating DNS Resolvers and Queries into Potent DoS Amplifiers. In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security (CCS '23). Copenhagen, Denmark, November 26–30, 2023. [PDF] [Slides] [Video]
(Acceptance rate: 158/795=19.9%, Acceptance rate in first round: ??%, Acceptance rate in second round: ??%. ⓘ: Both authors contributed equally to the paper)
- Presented in OARC 41
- Presented in Black Hat Europe 2023
-
[CCS '23] Zhenrui Zhangⓘ, Geng Hongⓘ, Xiang Li, Zhuoqun Fu, Jia Zhang, Mingxuan Liu, Chuhan Wang, Jianjun Chen, Baojun Liu, Haixin Duan, Chao Zhang, and Min Yang. Under the Dark: A Systematical Study of Stealthy Mining Pools (Ab)use in the Wild. In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security (CCS '23). Copenhagen, Denmark, November 26–30, 2023. [PDF] [Slides] [Video]
(Acceptance rate: 158/795=19.9%, Acceptance rate in first round: ??%, Acceptance rate in second round: ??%. ⓘ: Both authors contributed equally to the paper)
-
[IMC '23] Fenglu Zhang, Yunyi Zhang, Baojun Liu, Eihal Alowaisheq, Lingyun Ying, Xiang Li, Zaifeng Zhang, Ying Liu, Haixin Duan, Min Zhang. Wolf in Sheep's Clothing: Evaluating the Security Risks of the Undelegated Record on DNS Hosting Services. In Proceedings of ACM Internet Measurement Conference 2023 (IMC '23). Montréal, Canada on October 24 - 26, 2023. [PDF] [Slides] [Video]
(Acceptance rate: 52/208=25.0%)
-
[NDSS '24] Chuhan Wang, YASUHIRO KURANAGA, Yihang Wang, Mingming Zhang, Linkai Zheng, Xiang Li, Jianjun Chen, Haixin Duan, Yanzhong Lin, Qingfeng Pan. BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet. In Proceedings of the 31st Annual Network and Distributed System Security Symposium (NDSS '24). San Diego, California, 26 February – 1 March, 2024. [PDF] [Slides] [Video]
(Acceptance rate: 104/694=15.0%, Acceptance rate in summer: 41/211=19.4%, Acceptance rate in fall: 63/483=13.0%)
-
[Oakland S&P '24] Xiang Li, Wei Xu, Baojun Liu, Mingming Zhang, Zhou Li✉, Jia Zhang, Deliang Chang, Xiaofeng Zheng, Chuhan Wang, Jianjun Chen, Haixin Duan✉, and Qi Li✉. TuDoor Attack: Systematically Exploring and Exploiting Logic Vulnerabilities in DNS Response Pre-processing with Malformed Packets. In Proceedings of 2024 IEEE Symposium on Security and Privacy (Oakland S&P '24). San Francisco, California, May 20–23, 2024. [PDF] [Slides] [Poster] [Video]
(Acceptance rate: 261/1,466=17.8%, Acceptance rate in first circle: ??%, Acceptance rate in second circle: ??%, Acceptance rate in third circle: ??%. ✉: Corresponding authors.)
- Presented in OARC 42
- Referenced by RFC 9520: Negative Caching of DNS Resolution Failures
- Presented in GeekCon 2024 International
- Presented in Black Hat USA 2024
- Got the 2024 Pwnie Award Nominations for Most Innovative Research (Hacker Oscar)
-
[USENIX Security '24] Qifan Zhang, Xuesong Bai, Xiang Li✉, Haixin Duan, Qi Li, and Zhou Li✉. ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing. In Proceedings of the 33rd USENIX Security Symposium (USENIX Security '24). Philadelphia, Pennsylvania, August 14–16, 2024. [PDF] [Slides] [Video]
(Acceptance rate: 417/2,276=18.3%, Acceptance rate in summer: ??%, Acceptance rate in fall: ??%), Acceptance rate in winter: ??%. ✉: Both are corresponding authors.)
- Presented in SHUZIHUANYU Talk
- Presented in OARC 42
-
[NDSS '24] Mingxuan Liu, Yiming Zhang, Xiang Li, Chaoyi Lu, Baojun Liu, Haixin Duan, Xiaofeng Zheng (2024). Understanding the Implementation and Security Implications of Protective DNS Services. In Proceedings of the 31st Annual Network and Distributed System Security Symposium (NDSS '24). San Diego, California, 26 February – 1 March, 2024. [PDF] [Slides] [Video]
(Acceptance rate: 104/694=15.0%, Acceptance rate in summer: 41/211=19.4%, Acceptance rate in fall: 63/483=13.0%)
-
[Oakland S&P '24] Xiang Li, Dashuai Wu, Haixin Duan, and Qi Li. DNSBomb: A New Practical-and-Powerful Pulsing DoS Attack Exploiting DNS Queries-and-Responses. In Proceedings of 2024 IEEE Symposium on Security and Privacy (Oakland S&P '24). San Francisco, California, May 20–23, 2024. [PDF] [Slides] [Poster] [Video]
(Acceptance rate: 261/1,466=17.8%, Acceptance rate in first circle: ??%, Acceptance rate in second circle: ??%, Acceptance rate in third circle: ??%)
- Presented in GeekCon 2023 (Second Prize)
- 40+ news coverage by media, such as The Hacker News, Cyber Security News, and dns-operation
- Presented in DNS OARC 43
-
[NDSS '24] Qifan Zhang, Xuesong Bai, Xiang Li✉, Haixin Duan, Qi Li, and Zhou Li✉. Poster: ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing. In Proceedings of the 31st Annual Network and Distributed System Security Symposium (NDSS '24). San Diego, California, 26 February – 1 March, 2024. [PDF] [Slides] [Video]
(Acceptance rate: 33/42=78.6%)
-
[USENIX Security '24] Yunyi Zhang, Baojun Liu, Haixin Duan, Min Zhang, Xiang Li, Fan Shi, Chengxi Xu, and Eihal Alowaisheq Rethinking the Security Threats of xxx DNS xxx. In Proceedings of the 33rd USENIX Security Symposium (USENIX Security '24). Philadelphia, Pennsylvania, August 14–16, 2024. [PDF] [Slides] [Video]
(Acceptance rate: 417/2,276=18.3%, Acceptance rate in summer: ??%, Acceptance rate in fall: ??%), Acceptance rate in winter: ??%)
- Presented in XCon 2024
-
Other papers cite this tool or paper
- Home
- Getting Started Guide
- Virtual Machine Configuration
- Scanning Best Practices
- Installing XMap
- Global Options
- Probe Modules
- Writing Modules
- XMap in Academic Research